diff --git a/.travis.yml b/.travis.yml index 84b8a5f7a..5228275d4 100644 --- a/.travis.yml +++ b/.travis.yml @@ -20,7 +20,7 @@ install: # Python - pip freeze - pip install -r monkey/monkey_island/requirements.txt # for unit tests -- pip install flake8 pytest dlint # for next stages +- pip install flake8 pytest dlint isort # for next stages - pip install coverage # for code coverage - pip install -r monkey/infection_monkey/requirements.txt # for unit tests - pip install pipdeptree @@ -69,6 +69,9 @@ script: - PYTHON_WARNINGS_AMOUNT_UPPER_LIMIT=120 - if [ $(tail -n 1 flake8_warnings.txt) -gt $PYTHON_WARNINGS_AMOUNT_UPPER_LIMIT ]; then echo "Too many python linter warnings! Failing this build. Lower the amount of linter errors in this and try again. " && exit 1; fi +## Check import order +- python -m isort . -c -p common -p infection_monkey -p monkey_island + ## Run unit tests - cd monkey # This is our source dir - python -m pytest # Have to use `python -m pytest` instead of `pytest` to add "{$builddir}/monkey/monkey" to sys.path. diff --git a/envs/monkey_zoo/blackbox/analyzers/performance_analyzer.py b/envs/monkey_zoo/blackbox/analyzers/performance_analyzer.py index 4a43ab6a5..e0354530e 100644 --- a/envs/monkey_zoo/blackbox/analyzers/performance_analyzer.py +++ b/envs/monkey_zoo/blackbox/analyzers/performance_analyzer.py @@ -3,7 +3,8 @@ from datetime import timedelta from typing import Dict from envs.monkey_zoo.blackbox.analyzers.analyzer import Analyzer -from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import PerformanceTestConfig +from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import \ + PerformanceTestConfig LOGGER = logging.getLogger(__name__) diff --git a/envs/monkey_zoo/blackbox/island_client/monkey_island_client.py b/envs/monkey_zoo/blackbox/island_client/monkey_island_client.py index b2370a345..5932022fb 100644 --- a/envs/monkey_zoo/blackbox/island_client/monkey_island_client.py +++ b/envs/monkey_zoo/blackbox/island_client/monkey_island_client.py @@ -1,11 +1,11 @@ import json - import logging from time import sleep from bson import json_util -from envs.monkey_zoo.blackbox.island_client.monkey_island_requests import MonkeyIslandRequests +from envs.monkey_zoo.blackbox.island_client.monkey_island_requests import \ + MonkeyIslandRequests SLEEP_BETWEEN_REQUESTS_SECONDS = 0.5 MONKEY_TEST_ENDPOINT = 'api/test/monkey' diff --git a/envs/monkey_zoo/blackbox/island_client/monkey_island_requests.py b/envs/monkey_zoo/blackbox/island_client/monkey_island_requests.py index 98acb5f7f..743cb4146 100644 --- a/envs/monkey_zoo/blackbox/island_client/monkey_island_requests.py +++ b/envs/monkey_zoo/blackbox/island_client/monkey_island_requests.py @@ -1,13 +1,12 @@ -from typing import Dict +import functools +import logging from datetime import timedelta - +from typing import Dict import requests -import functools -from envs.monkey_zoo.blackbox.island_client.supported_request_method import SupportedRequestMethod - -import logging +from envs.monkey_zoo.blackbox.island_client.supported_request_method import \ + SupportedRequestMethod # SHA3-512 of '1234567890!@#$%^&*()_nothing_up_my_sleeve_1234567890!@#$%^&*()' NO_AUTH_CREDS = '55e97c9dcfd22b8079189ddaeea9bce8125887e3237b800c6176c9afa80d2062' \ diff --git a/envs/monkey_zoo/blackbox/log_handlers/test_logs_handler.py b/envs/monkey_zoo/blackbox/log_handlers/test_logs_handler.py index bae6a9adc..3f5cfc191 100644 --- a/envs/monkey_zoo/blackbox/log_handlers/test_logs_handler.py +++ b/envs/monkey_zoo/blackbox/log_handlers/test_logs_handler.py @@ -2,8 +2,10 @@ import logging import os import shutil -from envs.monkey_zoo.blackbox.log_handlers.monkey_log_parser import MonkeyLogParser -from envs.monkey_zoo.blackbox.log_handlers.monkey_logs_downloader import MonkeyLogsDownloader +from envs.monkey_zoo.blackbox.log_handlers.monkey_log_parser import \ + MonkeyLogParser +from envs.monkey_zoo.blackbox.log_handlers.monkey_logs_downloader import \ + MonkeyLogsDownloader LOG_DIR_NAME = 'logs' LOGGER = logging.getLogger(__name__) diff --git a/envs/monkey_zoo/blackbox/test_blackbox.py b/envs/monkey_zoo/blackbox/test_blackbox.py index d4e21fb6d..45751452e 100644 --- a/envs/monkey_zoo/blackbox/test_blackbox.py +++ b/envs/monkey_zoo/blackbox/test_blackbox.py @@ -1,20 +1,28 @@ -import os import logging - -import pytest +import os from time import sleep -from envs.monkey_zoo.blackbox.analyzers.communication_analyzer import CommunicationAnalyzer -from envs.monkey_zoo.blackbox.island_client.island_config_parser import IslandConfigParser -from envs.monkey_zoo.blackbox.island_client.monkey_island_client import MonkeyIslandClient -from envs.monkey_zoo.blackbox.log_handlers.test_logs_handler import TestLogsHandler +import pytest + +from envs.monkey_zoo.blackbox.analyzers.communication_analyzer import \ + CommunicationAnalyzer +from envs.monkey_zoo.blackbox.island_client.island_config_parser import \ + IslandConfigParser +from envs.monkey_zoo.blackbox.island_client.monkey_island_client import \ + MonkeyIslandClient +from envs.monkey_zoo.blackbox.log_handlers.test_logs_handler import \ + TestLogsHandler from envs.monkey_zoo.blackbox.tests.exploitation import ExploitationTest -from envs.monkey_zoo.blackbox.tests.performance.map_generation import MapGenerationTest -from envs.monkey_zoo.blackbox.tests.performance.map_generation_from_telemetries import MapGenerationFromTelemetryTest -from envs.monkey_zoo.blackbox.tests.performance.report_generation import ReportGenerationTest +from envs.monkey_zoo.blackbox.tests.performance.map_generation import \ + MapGenerationTest +from envs.monkey_zoo.blackbox.tests.performance.map_generation_from_telemetries import \ + MapGenerationFromTelemetryTest +from envs.monkey_zoo.blackbox.tests.performance.report_generation import \ + ReportGenerationTest from envs.monkey_zoo.blackbox.tests.performance.report_generation_from_telemetries import \ ReportGenerationFromTelemetryTest -from envs.monkey_zoo.blackbox.tests.performance.telemetry_performance_test import TelemetryPerformanceTest +from envs.monkey_zoo.blackbox.tests.performance.telemetry_performance_test import \ + TelemetryPerformanceTest from envs.monkey_zoo.blackbox.utils import gcp_machine_handlers DEFAULT_TIMEOUT_SECONDS = 5*60 diff --git a/envs/monkey_zoo/blackbox/tests/performance/endpoint_performance_test.py b/envs/monkey_zoo/blackbox/tests/performance/endpoint_performance_test.py index b8793452d..e08ac2824 100644 --- a/envs/monkey_zoo/blackbox/tests/performance/endpoint_performance_test.py +++ b/envs/monkey_zoo/blackbox/tests/performance/endpoint_performance_test.py @@ -1,10 +1,14 @@ import logging -from envs.monkey_zoo.blackbox.analyzers.performance_analyzer import PerformanceAnalyzer -from envs.monkey_zoo.blackbox.island_client.monkey_island_client import MonkeyIslandClient -from envs.monkey_zoo.blackbox.island_client.supported_request_method import SupportedRequestMethod +from envs.monkey_zoo.blackbox.analyzers.performance_analyzer import \ + PerformanceAnalyzer +from envs.monkey_zoo.blackbox.island_client.monkey_island_client import \ + MonkeyIslandClient +from envs.monkey_zoo.blackbox.island_client.supported_request_method import \ + SupportedRequestMethod from envs.monkey_zoo.blackbox.tests.basic_test import BasicTest -from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import PerformanceTestConfig +from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import \ + PerformanceTestConfig LOGGER = logging.getLogger(__name__) diff --git a/envs/monkey_zoo/blackbox/tests/performance/map_generation.py b/envs/monkey_zoo/blackbox/tests/performance/map_generation.py index eb95fdc6a..926e5331e 100644 --- a/envs/monkey_zoo/blackbox/tests/performance/map_generation.py +++ b/envs/monkey_zoo/blackbox/tests/performance/map_generation.py @@ -1,9 +1,12 @@ from datetime import timedelta from envs.monkey_zoo.blackbox.tests.exploitation import ExploitationTest -from envs.monkey_zoo.blackbox.tests.performance.performance_test import PerformanceTest -from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import PerformanceTestConfig -from envs.monkey_zoo.blackbox.tests.performance.performance_test_workflow import PerformanceTestWorkflow +from envs.monkey_zoo.blackbox.tests.performance.performance_test import \ + PerformanceTest +from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import \ + PerformanceTestConfig +from envs.monkey_zoo.blackbox.tests.performance.performance_test_workflow import \ + PerformanceTestWorkflow MAX_ALLOWED_SINGLE_PAGE_TIME = timedelta(seconds=2) MAX_ALLOWED_TOTAL_TIME = timedelta(seconds=5) diff --git a/envs/monkey_zoo/blackbox/tests/performance/map_generation_from_telemetries.py b/envs/monkey_zoo/blackbox/tests/performance/map_generation_from_telemetries.py index 1b31a8962..1ee1b60da 100644 --- a/envs/monkey_zoo/blackbox/tests/performance/map_generation_from_telemetries.py +++ b/envs/monkey_zoo/blackbox/tests/performance/map_generation_from_telemetries.py @@ -1,7 +1,9 @@ from datetime import timedelta -from envs.monkey_zoo.blackbox.tests.performance.performance_test import PerformanceTest -from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import PerformanceTestConfig +from envs.monkey_zoo.blackbox.tests.performance.performance_test import \ + PerformanceTest +from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import \ + PerformanceTestConfig from envs.monkey_zoo.blackbox.tests.performance.telemetry_performance_test_workflow import \ TelemetryPerformanceTestWorkflow diff --git a/envs/monkey_zoo/blackbox/tests/performance/performance_test_workflow.py b/envs/monkey_zoo/blackbox/tests/performance/performance_test_workflow.py index 4e708ed9d..5f08c976c 100644 --- a/envs/monkey_zoo/blackbox/tests/performance/performance_test_workflow.py +++ b/envs/monkey_zoo/blackbox/tests/performance/performance_test_workflow.py @@ -1,7 +1,9 @@ from envs.monkey_zoo.blackbox.tests.basic_test import BasicTest from envs.monkey_zoo.blackbox.tests.exploitation import ExploitationTest -from envs.monkey_zoo.blackbox.tests.performance.endpoint_performance_test import EndpointPerformanceTest -from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import PerformanceTestConfig +from envs.monkey_zoo.blackbox.tests.performance.endpoint_performance_test import \ + EndpointPerformanceTest +from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import \ + PerformanceTestConfig class PerformanceTestWorkflow(BasicTest): diff --git a/envs/monkey_zoo/blackbox/tests/performance/report_generation.py b/envs/monkey_zoo/blackbox/tests/performance/report_generation.py index e204cc29f..eec8f067d 100644 --- a/envs/monkey_zoo/blackbox/tests/performance/report_generation.py +++ b/envs/monkey_zoo/blackbox/tests/performance/report_generation.py @@ -1,9 +1,12 @@ from datetime import timedelta from envs.monkey_zoo.blackbox.tests.exploitation import ExploitationTest -from envs.monkey_zoo.blackbox.tests.performance.performance_test import PerformanceTest -from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import PerformanceTestConfig -from envs.monkey_zoo.blackbox.tests.performance.performance_test_workflow import PerformanceTestWorkflow +from envs.monkey_zoo.blackbox.tests.performance.performance_test import \ + PerformanceTest +from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import \ + PerformanceTestConfig +from envs.monkey_zoo.blackbox.tests.performance.performance_test_workflow import \ + PerformanceTestWorkflow MAX_ALLOWED_SINGLE_PAGE_TIME = timedelta(seconds=2) MAX_ALLOWED_TOTAL_TIME = timedelta(seconds=5) diff --git a/envs/monkey_zoo/blackbox/tests/performance/report_generation_from_telemetries.py b/envs/monkey_zoo/blackbox/tests/performance/report_generation_from_telemetries.py index abc2b35c2..1cba745bf 100644 --- a/envs/monkey_zoo/blackbox/tests/performance/report_generation_from_telemetries.py +++ b/envs/monkey_zoo/blackbox/tests/performance/report_generation_from_telemetries.py @@ -1,7 +1,9 @@ from datetime import timedelta -from envs.monkey_zoo.blackbox.tests.performance.performance_test import PerformanceTest -from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import PerformanceTestConfig +from envs.monkey_zoo.blackbox.tests.performance.performance_test import \ + PerformanceTest +from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import \ + PerformanceTestConfig from envs.monkey_zoo.blackbox.tests.performance.telemetry_performance_test_workflow import \ TelemetryPerformanceTestWorkflow diff --git a/envs/monkey_zoo/blackbox/tests/performance/telem_sample_parsing/sample_file_parser.py b/envs/monkey_zoo/blackbox/tests/performance/telem_sample_parsing/sample_file_parser.py index 70e25d8e7..0f0c3311f 100644 --- a/envs/monkey_zoo/blackbox/tests/performance/telem_sample_parsing/sample_file_parser.py +++ b/envs/monkey_zoo/blackbox/tests/performance/telem_sample_parsing/sample_file_parser.py @@ -1,7 +1,7 @@ import json import logging from os import listdir, path -from typing import List, Dict +from typing import Dict, List from tqdm import tqdm diff --git a/envs/monkey_zoo/blackbox/tests/performance/telem_sample_parsing/sample_multiplier/fake_monkey.py b/envs/monkey_zoo/blackbox/tests/performance/telem_sample_parsing/sample_multiplier/fake_monkey.py index 1d140e396..efee81227 100644 --- a/envs/monkey_zoo/blackbox/tests/performance/telem_sample_parsing/sample_multiplier/fake_monkey.py +++ b/envs/monkey_zoo/blackbox/tests/performance/telem_sample_parsing/sample_multiplier/fake_monkey.py @@ -1,7 +1,7 @@ import random -from envs.monkey_zoo.blackbox.tests.performance.\ - telem_sample_parsing.sample_multiplier.fake_ip_generator import FakeIpGenerator +from envs.monkey_zoo.blackbox.tests.performance.telem_sample_parsing.sample_multiplier.fake_ip_generator import \ + FakeIpGenerator class FakeMonkey: diff --git a/envs/monkey_zoo/blackbox/tests/performance/telem_sample_parsing/sample_multiplier/sample_multiplier.py b/envs/monkey_zoo/blackbox/tests/performance/telem_sample_parsing/sample_multiplier/sample_multiplier.py index da3c22b05..e5b0a52cd 100644 --- a/envs/monkey_zoo/blackbox/tests/performance/telem_sample_parsing/sample_multiplier/sample_multiplier.py +++ b/envs/monkey_zoo/blackbox/tests/performance/telem_sample_parsing/sample_multiplier/sample_multiplier.py @@ -2,14 +2,16 @@ import copy import json import logging import sys -from typing import List, Dict +from typing import Dict, List from tqdm import tqdm -from envs.monkey_zoo.blackbox.tests.performance.telem_sample_parsing.sample_file_parser import SampleFileParser -from envs.monkey_zoo.blackbox.tests.performance.\ - telem_sample_parsing.sample_multiplier.fake_ip_generator import FakeIpGenerator -from envs.monkey_zoo.blackbox.tests.performance.telem_sample_parsing.sample_multiplier.fake_monkey import FakeMonkey +from envs.monkey_zoo.blackbox.tests.performance.telem_sample_parsing.sample_file_parser import \ + SampleFileParser +from envs.monkey_zoo.blackbox.tests.performance.telem_sample_parsing.sample_multiplier.fake_ip_generator import \ + FakeIpGenerator +from envs.monkey_zoo.blackbox.tests.performance.telem_sample_parsing.sample_multiplier.fake_monkey import \ + FakeMonkey TELEM_DIR_PATH = './tests/performance/telemetry_sample' LOGGER = logging.getLogger(__name__) diff --git a/envs/monkey_zoo/blackbox/tests/performance/telem_sample_parsing/sample_multiplier/test_fake_ip_generator.py b/envs/monkey_zoo/blackbox/tests/performance/telem_sample_parsing/sample_multiplier/test_fake_ip_generator.py index d8adef827..02cf3a8eb 100644 --- a/envs/monkey_zoo/blackbox/tests/performance/telem_sample_parsing/sample_multiplier/test_fake_ip_generator.py +++ b/envs/monkey_zoo/blackbox/tests/performance/telem_sample_parsing/sample_multiplier/test_fake_ip_generator.py @@ -1,7 +1,7 @@ from unittest import TestCase -from envs.monkey_zoo.blackbox.tests.performance.\ - telem_sample_parsing.sample_multiplier.fake_ip_generator import FakeIpGenerator +from envs.monkey_zoo.blackbox.tests.performance.telem_sample_parsing.sample_multiplier.fake_ip_generator import \ + FakeIpGenerator class TestFakeIpGenerator(TestCase): diff --git a/envs/monkey_zoo/blackbox/tests/performance/telemetry_performance_test.py b/envs/monkey_zoo/blackbox/tests/performance/telemetry_performance_test.py index 699876cce..75802449e 100644 --- a/envs/monkey_zoo/blackbox/tests/performance/telemetry_performance_test.py +++ b/envs/monkey_zoo/blackbox/tests/performance/telemetry_performance_test.py @@ -4,11 +4,16 @@ from datetime import timedelta from tqdm import tqdm -from envs.monkey_zoo.blackbox.analyzers.performance_analyzer import PerformanceAnalyzer -from envs.monkey_zoo.blackbox.island_client.monkey_island_client import MonkeyIslandClient -from envs.monkey_zoo.blackbox.island_client.supported_request_method import SupportedRequestMethod -from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import PerformanceTestConfig -from envs.monkey_zoo.blackbox.tests.performance.telem_sample_parsing.sample_file_parser import SampleFileParser +from envs.monkey_zoo.blackbox.analyzers.performance_analyzer import \ + PerformanceAnalyzer +from envs.monkey_zoo.blackbox.island_client.monkey_island_client import \ + MonkeyIslandClient +from envs.monkey_zoo.blackbox.island_client.supported_request_method import \ + SupportedRequestMethod +from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import \ + PerformanceTestConfig +from envs.monkey_zoo.blackbox.tests.performance.telem_sample_parsing.sample_file_parser import \ + SampleFileParser LOGGER = logging.getLogger(__name__) diff --git a/envs/monkey_zoo/blackbox/tests/performance/telemetry_performance_test_workflow.py b/envs/monkey_zoo/blackbox/tests/performance/telemetry_performance_test_workflow.py index 6d09752ca..b63d904e1 100644 --- a/envs/monkey_zoo/blackbox/tests/performance/telemetry_performance_test_workflow.py +++ b/envs/monkey_zoo/blackbox/tests/performance/telemetry_performance_test_workflow.py @@ -1,7 +1,10 @@ from envs.monkey_zoo.blackbox.tests.basic_test import BasicTest -from envs.monkey_zoo.blackbox.tests.performance.endpoint_performance_test import EndpointPerformanceTest -from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import PerformanceTestConfig -from envs.monkey_zoo.blackbox.tests.performance.telemetry_performance_test import TelemetryPerformanceTest +from envs.monkey_zoo.blackbox.tests.performance.endpoint_performance_test import \ + EndpointPerformanceTest +from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import \ + PerformanceTestConfig +from envs.monkey_zoo.blackbox.tests.performance.telemetry_performance_test import \ + TelemetryPerformanceTest class TelemetryPerformanceTestWorkflow(BasicTest): diff --git a/envs/os_compatibility/test_compatibility.py b/envs/os_compatibility/test_compatibility.py index 5e5a38597..17d2d3735 100644 --- a/envs/os_compatibility/test_compatibility.py +++ b/envs/os_compatibility/test_compatibility.py @@ -1,7 +1,7 @@ import pytest -from envs.monkey_zoo.blackbox.island_client.monkey_island_client import MonkeyIslandClient - +from envs.monkey_zoo.blackbox.island_client.monkey_island_client import \ + MonkeyIslandClient machine_list = { "10.0.0.36": "centos_6", diff --git a/monkey/common/cloud/aws/aws_instance.py b/monkey/common/cloud/aws/aws_instance.py index 03c5482ba..d09169407 100644 --- a/monkey/common/cloud/aws/aws_instance.py +++ b/monkey/common/cloud/aws/aws_instance.py @@ -1,14 +1,15 @@ import json -import re -import urllib.request -import urllib.error import logging - -__author__ = 'itay.mizeretz' +import re +import urllib.error +import urllib.request from common.cloud.environment_names import Environment from common.cloud.instance import CloudInstance +__author__ = 'itay.mizeretz' + + AWS_INSTANCE_METADATA_LOCAL_IP_ADDRESS = "169.254.169.254" AWS_LATEST_METADATA_URI_PREFIX = 'http://{0}/latest/'.format(AWS_INSTANCE_METADATA_LOCAL_IP_ADDRESS) ACCOUNT_ID_KEY = "accountId" diff --git a/monkey/common/cloud/aws/aws_service_test.py b/monkey/common/cloud/aws/aws_service_test.py index cbcbfebcd..9e3f342b2 100644 --- a/monkey/common/cloud/aws/aws_service_test.py +++ b/monkey/common/cloud/aws/aws_service_test.py @@ -1,7 +1,7 @@ -from unittest import TestCase -from .aws_service import filter_instance_data_from_aws_response - import json +from unittest import TestCase + +from .aws_service import filter_instance_data_from_aws_response __author__ = 'shay.nehmad' diff --git a/monkey/common/cloud/azure/azure_instance.py b/monkey/common/cloud/azure/azure_instance.py index ec910fb98..eb702a03d 100644 --- a/monkey/common/cloud/azure/azure_instance.py +++ b/monkey/common/cloud/azure/azure_instance.py @@ -1,4 +1,5 @@ import logging + import requests from common.cloud.environment_names import Environment diff --git a/monkey/common/cloud/gcp/gcp_instance.py b/monkey/common/cloud/gcp/gcp_instance.py index 184465bf5..54f7e6d24 100644 --- a/monkey/common/cloud/gcp/gcp_instance.py +++ b/monkey/common/cloud/gcp/gcp_instance.py @@ -1,4 +1,5 @@ import logging + import requests from common.cloud.environment_names import Environment diff --git a/monkey/common/cmd/cmd_runner.py b/monkey/common/cmd/cmd_runner.py index 0450321b0..5cc40ca24 100644 --- a/monkey/common/cmd/cmd_runner.py +++ b/monkey/common/cmd/cmd_runner.py @@ -1,5 +1,5 @@ -import time import logging +import time from abc import abstractmethod from common.cmd.cmd import Cmd diff --git a/monkey/common/data/post_breach_consts.py b/monkey/common/data/post_breach_consts.py index dc7bb7310..c3bba9950 100644 --- a/monkey/common/data/post_breach_consts.py +++ b/monkey/common/data/post_breach_consts.py @@ -5,3 +5,4 @@ POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION = "Modify shell startup file" POST_BREACH_HIDDEN_FILES = "Hide files and directories" POST_BREACH_TRAP_COMMAND = "Execute command when a particular signal is received" POST_BREACH_SETUID_SETGID = "Setuid and Setgid" +POST_BREACH_JOB_SCHEDULING = "Schedule jobs" diff --git a/monkey/common/data/zero_trust_consts.py b/monkey/common/data/zero_trust_consts.py index 7135485da..8d55bc320 100644 --- a/monkey/common/data/zero_trust_consts.py +++ b/monkey/common/data/zero_trust_consts.py @@ -57,7 +57,7 @@ PRINCIPLES = { PRINCIPLE_ENDPOINT_SECURITY: "Use anti-virus and other traditional endpoint security solutions.", PRINCIPLE_DATA_TRANSIT: "Secure data at transit by encrypting it.", PRINCIPLE_RESTRICTIVE_NETWORK_POLICIES: "Configure network policies to be as restrictive as possible.", - PRINCIPLE_USERS_MAC_POLICIES: "Users' permissions to the network and to resources should be MAC (Mandetory " + PRINCIPLE_USERS_MAC_POLICIES: "Users' permissions to the network and to resources should be MAC (Mandatory " "Access Control) only.", } diff --git a/monkey/common/network/network_range.py b/monkey/common/network/network_range.py index 15e04f893..b778bb5f9 100644 --- a/monkey/common/network/network_range.py +++ b/monkey/common/network/network_range.py @@ -1,11 +1,10 @@ +import ipaddress +import logging import random import socket import struct from abc import ABCMeta, abstractmethod -import ipaddress -import logging - __author__ = 'itamar' LOG = logging.getLogger(__name__) diff --git a/monkey/common/utils/mongo_utils.py b/monkey/common/utils/mongo_utils.py index 4c5a7f669..66f606473 100644 --- a/monkey/common/utils/mongo_utils.py +++ b/monkey/common/utils/mongo_utils.py @@ -1,4 +1,5 @@ import sys + if sys.platform == 'win32': import win32com import wmi @@ -24,7 +25,7 @@ class MongoUtils: return o elif isinstance(o, str): - # mongo dosn't like unprintable chars, so we use repr :/ + # mongo doesn't like unprintable chars, so we use repr :/ return repr(o) elif hasattr(o, "__class__") and o.__class__ == wmi._wmi_object: @@ -32,7 +33,7 @@ class MongoUtils: elif hasattr(o, "__class__") and o.__class__ == win32com.client.CDispatch: try: - # objectSid property of ds_user is problematic and need thie special treatment. + # objectSid property of ds_user is problematic and need this special treatment. # ISWbemObjectEx interface. Class Uint8Array ? if str(o._oleobj_.GetTypeInfo().GetTypeAttr().iid) == "{269AD56A-8A67-4129-BC8C-0506DCFE9880}": return o.Value diff --git a/monkey/infection_monkey/control.py b/monkey/infection_monkey/control.py index 4eacc728b..77f3779b2 100644 --- a/monkey/infection_monkey/control.py +++ b/monkey/infection_monkey/control.py @@ -8,14 +8,15 @@ from requests.exceptions import ConnectionError import infection_monkey.monkeyfs as monkeyfs import infection_monkey.tunnel as tunnel -from infection_monkey.config import WormConfiguration, GUID -from infection_monkey.network.info import local_ips, check_internet_access +from infection_monkey.config import GUID, WormConfiguration +from infection_monkey.network.info import check_internet_access, local_ips from infection_monkey.transport.http import HTTPConnectProxy from infection_monkey.transport.tcp import TcpProxy +from infection_monkey.utils.exceptions.planned_shutdown_exception import \ + PlannedShutdownException __author__ = 'hoffer' -from infection_monkey.utils.exceptions.planned_shutdown_exception import PlannedShutdownException requests.packages.urllib3.disable_warnings() diff --git a/monkey/infection_monkey/dropper.py b/monkey/infection_monkey/dropper.py index fe6709003..53aaf6c99 100644 --- a/monkey/infection_monkey/dropper.py +++ b/monkey/infection_monkey/dropper.py @@ -1,5 +1,6 @@ import argparse import ctypes +import filecmp import logging import os import pprint @@ -9,13 +10,15 @@ import sys import time from ctypes import c_char_p -import filecmp -from infection_monkey.config import WormConfiguration -from infection_monkey.exploit.tools.helpers import build_monkey_commandline_explicitly -from infection_monkey.model import MONKEY_CMDLINE_WINDOWS, MONKEY_CMDLINE_LINUX, GENERAL_CMDLINE_LINUX -from infection_monkey.system_info import SystemInfoCollector, OperatingSystem -from infection_monkey.telemetry.attack.t1106_telem import T1106Telem from common.utils.attack_utils import ScanStatus, UsageEnum +from infection_monkey.config import WormConfiguration +from infection_monkey.exploit.tools.helpers import \ + build_monkey_commandline_explicitly +from infection_monkey.model import (GENERAL_CMDLINE_LINUX, + MONKEY_CMDLINE_LINUX, + MONKEY_CMDLINE_WINDOWS) +from infection_monkey.system_info import OperatingSystem, SystemInfoCollector +from infection_monkey.telemetry.attack.t1106_telem import T1106Telem if "win32" == sys.platform: from win32process import DETACHED_PROCESS diff --git a/monkey/infection_monkey/exploit/HostExploiter.py b/monkey/infection_monkey/exploit/HostExploiter.py index 50f4167d8..e0d35c5c4 100644 --- a/monkey/infection_monkey/exploit/HostExploiter.py +++ b/monkey/infection_monkey/exploit/HostExploiter.py @@ -1,11 +1,10 @@ from abc import abstractmethod - -from infection_monkey.config import WormConfiguration -from common.utils.exploit_enum import ExploitType from datetime import datetime -from infection_monkey.utils.plugins.plugin import Plugin import infection_monkey.exploit +from common.utils.exploit_enum import ExploitType +from infection_monkey.config import WormConfiguration +from infection_monkey.utils.plugins.plugin import Plugin __author__ = 'itamar' diff --git a/monkey/infection_monkey/exploit/elasticgroovy.py b/monkey/infection_monkey/exploit/elasticgroovy.py index f66a58ab0..fff71024d 100644 --- a/monkey/infection_monkey/exploit/elasticgroovy.py +++ b/monkey/infection_monkey/exploit/elasticgroovy.py @@ -6,17 +6,19 @@ import json import logging -import requests -from infection_monkey.exploit.web_rce import WebRCE -from infection_monkey.model import WGET_HTTP_UPLOAD, BITSADMIN_CMDLINE_HTTP, CHECK_COMMAND, ID_STRING, CMD_PREFIX, \ - DOWNLOAD_TIMEOUT -from infection_monkey.network.elasticfinger import ES_PORT -from common.data.network_consts import ES_SERVICE -from infection_monkey.telemetry.attack.t1197_telem import T1197Telem -from common.utils.attack_utils import ScanStatus, BITS_UPLOAD_STRING - import re +import requests + +from common.data.network_consts import ES_SERVICE +from common.utils.attack_utils import BITS_UPLOAD_STRING, ScanStatus +from infection_monkey.exploit.web_rce import WebRCE +from infection_monkey.model import (BITSADMIN_CMDLINE_HTTP, CHECK_COMMAND, + CMD_PREFIX, DOWNLOAD_TIMEOUT, ID_STRING, + WGET_HTTP_UPLOAD) +from infection_monkey.network.elasticfinger import ES_PORT +from infection_monkey.telemetry.attack.t1197_telem import T1197Telem + __author__ = 'danielg, VakarisZ' LOG = logging.getLogger(__name__) diff --git a/monkey/infection_monkey/exploit/hadoop.py b/monkey/infection_monkey/exploit/hadoop.py index 7b3fcabd3..632d968d4 100644 --- a/monkey/infection_monkey/exploit/hadoop.py +++ b/monkey/infection_monkey/exploit/hadoop.py @@ -3,17 +3,21 @@ Implementation is based on code from https://github.com/vulhub/vulhub/tree/master/hadoop/unauthorized-yarn """ -import requests import json -import random -import string import logging import posixpath +import random +import string -from infection_monkey.exploit.web_rce import WebRCE +import requests + +from infection_monkey.exploit.tools.helpers import (build_monkey_commandline, + get_monkey_depth) from infection_monkey.exploit.tools.http_tools import HTTPTools -from infection_monkey.exploit.tools.helpers import build_monkey_commandline, get_monkey_depth -from infection_monkey.model import MONKEY_ARG, ID_STRING, HADOOP_WINDOWS_COMMAND, HADOOP_LINUX_COMMAND +from infection_monkey.exploit.web_rce import WebRCE +from infection_monkey.model import (HADOOP_LINUX_COMMAND, + HADOOP_WINDOWS_COMMAND, ID_STRING, + MONKEY_ARG) __author__ = 'VakarisZ' diff --git a/monkey/infection_monkey/exploit/mssqlexec.py b/monkey/infection_monkey/exploit/mssqlexec.py index 2efc25825..6bff6aced 100644 --- a/monkey/infection_monkey/exploit/mssqlexec.py +++ b/monkey/infection_monkey/exploit/mssqlexec.py @@ -5,13 +5,16 @@ from time import sleep import pymssql +from common.utils.exceptions import (ExploitingVulnerableMachineError, + FailedExploitationError) from common.utils.exploit_enum import ExploitType from infection_monkey.exploit.HostExploiter import HostExploiter +from infection_monkey.exploit.tools.helpers import (build_monkey_commandline, + get_monkey_depth, + get_monkey_dest_path) from infection_monkey.exploit.tools.http_tools import MonkeyHTTPServer -from infection_monkey.exploit.tools.helpers import get_monkey_dest_path, build_monkey_commandline, get_monkey_depth -from infection_monkey.model import DROPPER_ARG from infection_monkey.exploit.tools.payload_parsing import LimitedSizePayload -from common.utils.exceptions import ExploitingVulnerableMachineError, FailedExploitationError +from infection_monkey.model import DROPPER_ARG LOG = logging.getLogger(__name__) diff --git a/monkey/infection_monkey/exploit/sambacry.py b/monkey/infection_monkey/exploit/sambacry.py index 0d08d8a5a..b61f32ef1 100644 --- a/monkey/infection_monkey/exploit/sambacry.py +++ b/monkey/infection_monkey/exploit/sambacry.py @@ -8,21 +8,27 @@ from io import BytesIO import impacket.smbconnection from impacket.nmb import NetBIOSError from impacket.nt_errors import STATUS_SUCCESS -from impacket.smb import FILE_OPEN, SMB_DIALECT, SMB, SMBCommand, SMBNtCreateAndX_Parameters, SMBNtCreateAndX_Data, \ - FILE_READ_DATA, FILE_SHARE_READ, FILE_NON_DIRECTORY_FILE, FILE_WRITE_DATA, FILE_DIRECTORY_FILE -from impacket.smb import SessionError -from impacket.smb3structs import SMB2_IL_IMPERSONATION, SMB2_CREATE, SMB2_FLAGS_DFS_OPERATIONS, SMB2Create, \ - SMB2Packet, SMB2Create_Response, SMB2_OPLOCK_LEVEL_NONE +from impacket.smb import (FILE_DIRECTORY_FILE, FILE_NON_DIRECTORY_FILE, + FILE_OPEN, FILE_READ_DATA, FILE_SHARE_READ, + FILE_WRITE_DATA, SMB, SMB_DIALECT, SessionError, + SMBCommand, SMBNtCreateAndX_Data, + SMBNtCreateAndX_Parameters) +from impacket.smb3structs import (SMB2_CREATE, SMB2_FLAGS_DFS_OPERATIONS, + SMB2_IL_IMPERSONATION, + SMB2_OPLOCK_LEVEL_NONE, SMB2Create, + SMB2Create_Response, SMB2Packet) from impacket.smbconnection import SMBConnection import infection_monkey.monkeyfs as monkeyfs +from common.utils.attack_utils import ScanStatus from infection_monkey.exploit.HostExploiter import HostExploiter +from infection_monkey.exploit.tools.helpers import (build_monkey_commandline, + get_monkey_depth, + get_target_monkey_by_os) from infection_monkey.model import DROPPER_ARG from infection_monkey.network.smbfinger import SMB_SERVICE -from infection_monkey.exploit.tools.helpers import build_monkey_commandline, get_target_monkey_by_os, get_monkey_depth from infection_monkey.network.tools import get_interface_to_target from infection_monkey.pyinstaller_utils import get_binary_file_path -from common.utils.attack_utils import ScanStatus from infection_monkey.telemetry.attack.t1105_telem import T1105Telem __author__ = 'itay.mizeretz' diff --git a/monkey/infection_monkey/exploit/shellshock.py b/monkey/infection_monkey/exploit/shellshock.py index 4c4c9eff0..f9548b6bf 100644 --- a/monkey/infection_monkey/exploit/shellshock.py +++ b/monkey/infection_monkey/exploit/shellshock.py @@ -8,10 +8,12 @@ import requests from common.utils.attack_utils import ScanStatus from infection_monkey.exploit.HostExploiter import HostExploiter -from infection_monkey.exploit.tools.helpers import get_target_monkey, get_monkey_depth, build_monkey_commandline -from infection_monkey.model import DROPPER_ARG from infection_monkey.exploit.shellshock_resources import CGI_FILES +from infection_monkey.exploit.tools.helpers import (build_monkey_commandline, + get_monkey_depth, + get_target_monkey) from infection_monkey.exploit.tools.http_tools import HTTPTools +from infection_monkey.model import DROPPER_ARG from infection_monkey.telemetry.attack.t1222_telem import T1222Telem __author__ = 'danielg' @@ -86,7 +88,7 @@ class ShellShockExploiter(HostExploiter): LOG.info("SSH Skipping unknown os: %s", uname_os) return False except Exception as exc: - LOG.debug("Error running uname os commad on victim %r: (%s)", self.host, exc) + LOG.debug("Error running uname os command on victim %r: (%s)", self.host, exc) return False if not self.host.os.get('machine'): try: @@ -95,7 +97,7 @@ class ShellShockExploiter(HostExploiter): if '' != uname_machine: self.host.os['machine'] = uname_machine.lower().strip() except Exception as exc: - LOG.debug("Error running uname machine commad on victim %r: (%s)", self.host, exc) + LOG.debug("Error running uname machine command on victim %r: (%s)", self.host, exc) return False # copy the monkey diff --git a/monkey/infection_monkey/exploit/smbexec.py b/monkey/infection_monkey/exploit/smbexec.py index 777483330..153f64ac7 100644 --- a/monkey/infection_monkey/exploit/smbexec.py +++ b/monkey/infection_monkey/exploit/smbexec.py @@ -1,17 +1,21 @@ from logging import getLogger -from impacket.dcerpc.v5 import transport, scmr +from impacket.dcerpc.v5 import scmr, transport from impacket.smbconnection import SMB_DIALECT +from common.utils.attack_utils import ScanStatus, UsageEnum +from common.utils.exploit_enum import ExploitType from infection_monkey.exploit.HostExploiter import HostExploiter -from infection_monkey.exploit.tools.helpers import get_target_monkey, get_monkey_depth, build_monkey_commandline +from infection_monkey.exploit.tools.helpers import (build_monkey_commandline, + get_monkey_depth, + get_target_monkey) from infection_monkey.exploit.tools.smb_tools import SmbTools -from infection_monkey.model import MONKEY_CMDLINE_DETACHED_WINDOWS, DROPPER_CMDLINE_DETACHED_WINDOWS, VictimHost +from infection_monkey.model import (DROPPER_CMDLINE_DETACHED_WINDOWS, + MONKEY_CMDLINE_DETACHED_WINDOWS, + VictimHost) from infection_monkey.network.smbfinger import SMBFinger from infection_monkey.network.tools import check_tcp_port -from common.utils.exploit_enum import ExploitType from infection_monkey.telemetry.attack.t1035_telem import T1035Telem -from common.utils.attack_utils import ScanStatus, UsageEnum LOG = getLogger(__name__) diff --git a/monkey/infection_monkey/exploit/sshexec.py b/monkey/infection_monkey/exploit/sshexec.py index 3966a7330..cff86dbfb 100644 --- a/monkey/infection_monkey/exploit/sshexec.py +++ b/monkey/infection_monkey/exploit/sshexec.py @@ -5,13 +5,16 @@ import time import paramiko import infection_monkey.monkeyfs as monkeyfs -from infection_monkey.exploit.HostExploiter import HostExploiter -from infection_monkey.exploit.tools.helpers import get_target_monkey, get_monkey_depth, build_monkey_commandline -from infection_monkey.model import MONKEY_ARG -from infection_monkey.network.tools import check_tcp_port, get_interface_to_target +from common.utils.attack_utils import ScanStatus from common.utils.exceptions import FailedExploitationError from common.utils.exploit_enum import ExploitType -from common.utils.attack_utils import ScanStatus +from infection_monkey.exploit.HostExploiter import HostExploiter +from infection_monkey.exploit.tools.helpers import (build_monkey_commandline, + get_monkey_depth, + get_target_monkey) +from infection_monkey.model import MONKEY_ARG +from infection_monkey.network.tools import (check_tcp_port, + get_interface_to_target) from infection_monkey.telemetry.attack.t1105_telem import T1105Telem from infection_monkey.telemetry.attack.t1222_telem import T1222Telem @@ -129,7 +132,7 @@ class SSHExploiter(HostExploiter): LOG.info("SSH Skipping unknown os: %s", uname_os) return False except Exception as exc: - LOG.debug("Error running uname os commad on victim %r: (%s)", self.host, exc) + LOG.debug("Error running uname os command on victim %r: (%s)", self.host, exc) return False if not self.host.os.get('machine'): @@ -139,7 +142,7 @@ class SSHExploiter(HostExploiter): if '' != uname_machine: self.host.os['machine'] = uname_machine except Exception as exc: - LOG.debug("Error running uname machine commad on victim %r: (%s)", self.host, exc) + LOG.debug("Error running uname machine command on victim %r: (%s)", self.host, exc) if self.skip_exist: _, stdout, stderr = ssh.exec_command("head -c 1 %s" % self._config.dropper_target_path_linux) diff --git a/monkey/infection_monkey/exploit/tools/helpers.py b/monkey/infection_monkey/exploit/tools/helpers.py index e26f6ff01..901202d2d 100644 --- a/monkey/infection_monkey/exploit/tools/helpers.py +++ b/monkey/infection_monkey/exploit/tools/helpers.py @@ -11,10 +11,11 @@ def try_get_target_monkey(host): def get_target_monkey(host): - from infection_monkey.control import ControlClient import platform import sys + from infection_monkey.control import ControlClient + if host.monkey_exe: return host.monkey_exe diff --git a/monkey/infection_monkey/exploit/tools/http_tools.py b/monkey/infection_monkey/exploit/tools/http_tools.py index af53e0450..3857c2cc9 100644 --- a/monkey/infection_monkey/exploit/tools/http_tools.py +++ b/monkey/infection_monkey/exploit/tools/http_tools.py @@ -6,12 +6,12 @@ import urllib.parse import urllib.request from threading import Lock +from infection_monkey.exploit.tools.helpers import try_get_target_monkey from infection_monkey.model import DOWNLOAD_TIMEOUT from infection_monkey.network.firewall import app as firewall from infection_monkey.network.info import get_free_tcp_port -from infection_monkey.transport import HTTPServer, LockedHTTPServer -from infection_monkey.exploit.tools.helpers import try_get_target_monkey from infection_monkey.network.tools import get_interface_to_target +from infection_monkey.transport import HTTPServer, LockedHTTPServer __author__ = 'itamar' diff --git a/monkey/infection_monkey/exploit/tools/payload_parsing_test.py b/monkey/infection_monkey/exploit/tools/payload_parsing_test.py index 315216d5f..2aaa6dc12 100644 --- a/monkey/infection_monkey/exploit/tools/payload_parsing_test.py +++ b/monkey/infection_monkey/exploit/tools/payload_parsing_test.py @@ -1,5 +1,6 @@ from unittest import TestCase -from .payload_parsing import Payload, LimitedSizePayload + +from .payload_parsing import LimitedSizePayload, Payload class TestPayload(TestCase): diff --git a/monkey/infection_monkey/exploit/tools/smb_tools.py b/monkey/infection_monkey/exploit/tools/smb_tools.py index 80d9c73f7..e5185b266 100644 --- a/monkey/infection_monkey/exploit/tools/smb_tools.py +++ b/monkey/infection_monkey/exploit/tools/smb_tools.py @@ -2,16 +2,16 @@ import logging import ntpath import pprint -from impacket.dcerpc.v5 import transport, srvs +from impacket.dcerpc.v5 import srvs, transport from impacket.smb3structs import SMB2_DIALECT_002, SMB2_DIALECT_21 -from impacket.smbconnection import SMBConnection, SMB_DIALECT +from impacket.smbconnection import SMB_DIALECT, SMBConnection import infection_monkey.config import infection_monkey.monkeyfs as monkeyfs from common.utils.attack_utils import ScanStatus -from infection_monkey.telemetry.attack.t1105_telem import T1105Telem -from infection_monkey.network.tools import get_interface_to_target from infection_monkey.config import Configuration +from infection_monkey.network.tools import get_interface_to_target +from infection_monkey.telemetry.attack.t1105_telem import T1105Telem __author__ = 'itamar' diff --git a/monkey/infection_monkey/exploit/tools/test_helpers.py b/monkey/infection_monkey/exploit/tools/test_helpers.py index 5d7dd422d..deb16643b 100644 --- a/monkey/infection_monkey/exploit/tools/test_helpers.py +++ b/monkey/infection_monkey/exploit/tools/test_helpers.py @@ -1,6 +1,7 @@ import unittest -from infection_monkey.exploit.tools.helpers import build_monkey_commandline_explicitly +from infection_monkey.exploit.tools.helpers import \ + build_monkey_commandline_explicitly class TestHelpers(unittest.TestCase): diff --git a/monkey/infection_monkey/exploit/vsftpd.py b/monkey/infection_monkey/exploit/vsftpd.py index 6e06c8bcf..8ecac35f1 100644 --- a/monkey/infection_monkey/exploit/vsftpd.py +++ b/monkey/infection_monkey/exploit/vsftpd.py @@ -6,14 +6,16 @@ import socket import time +from logging import getLogger from common.utils.attack_utils import ScanStatus from infection_monkey.exploit.HostExploiter import HostExploiter -from infection_monkey.exploit.tools.helpers import get_target_monkey, build_monkey_commandline, get_monkey_depth +from infection_monkey.exploit.tools.helpers import (build_monkey_commandline, + get_monkey_depth, + get_target_monkey) from infection_monkey.exploit.tools.http_tools import HTTPTools -from infection_monkey.model import MONKEY_ARG, CHMOD_MONKEY, RUN_MONKEY, WGET_HTTP_UPLOAD, DOWNLOAD_TIMEOUT -from logging import getLogger - +from infection_monkey.model import (CHMOD_MONKEY, DOWNLOAD_TIMEOUT, MONKEY_ARG, + RUN_MONKEY, WGET_HTTP_UPLOAD) from infection_monkey.telemetry.attack.t1222_telem import T1222Telem LOG = getLogger(__name__) diff --git a/monkey/infection_monkey/exploit/web_rce.py b/monkey/infection_monkey/exploit/web_rce.py index 3863d47e1..564f899f5 100644 --- a/monkey/infection_monkey/exploit/web_rce.py +++ b/monkey/infection_monkey/exploit/web_rce.py @@ -1,16 +1,22 @@ import logging import re -from posixpath import join from abc import abstractmethod +from posixpath import join +from common.utils.attack_utils import BITS_UPLOAD_STRING, ScanStatus from infection_monkey.exploit.HostExploiter import HostExploiter -from infection_monkey.exploit.tools.helpers import get_target_monkey, get_monkey_depth, build_monkey_commandline +from infection_monkey.exploit.tools.helpers import (build_monkey_commandline, + get_monkey_depth, + get_target_monkey) from infection_monkey.exploit.tools.http_tools import HTTPTools -from infection_monkey.model import CHECK_COMMAND, ID_STRING, GET_ARCH_LINUX, GET_ARCH_WINDOWS, BITSADMIN_CMDLINE_HTTP, \ - POWERSHELL_HTTP_UPLOAD, WGET_HTTP_UPLOAD, DOWNLOAD_TIMEOUT, CHMOD_MONKEY, RUN_MONKEY, MONKEY_ARG, DROPPER_ARG +from infection_monkey.model import (BITSADMIN_CMDLINE_HTTP, CHECK_COMMAND, + CHMOD_MONKEY, DOWNLOAD_TIMEOUT, + DROPPER_ARG, GET_ARCH_LINUX, + GET_ARCH_WINDOWS, ID_STRING, MONKEY_ARG, + POWERSHELL_HTTP_UPLOAD, RUN_MONKEY, + WGET_HTTP_UPLOAD) from infection_monkey.network.tools import check_tcp_port, tcp_port_to_service from infection_monkey.telemetry.attack.t1197_telem import T1197Telem -from common.utils.attack_utils import ScanStatus, BITS_UPLOAD_STRING from infection_monkey.telemetry.attack.t1222_telem import T1222Telem __author__ = 'VakarisZ' diff --git a/monkey/infection_monkey/exploit/weblogic.py b/monkey/infection_monkey/exploit/weblogic.py index a77259448..00b62d3d6 100644 --- a/monkey/infection_monkey/exploit/weblogic.py +++ b/monkey/infection_monkey/exploit/weblogic.py @@ -1,16 +1,16 @@ -import threading -import logging -import time import copy - -from requests import post, exceptions - -from infection_monkey.exploit.web_rce import WebRCE -from infection_monkey.exploit.HostExploiter import HostExploiter -from infection_monkey.network.tools import get_interface_to_target -from infection_monkey.network.info import get_free_tcp_port +import logging +import threading +import time from http.server import BaseHTTPRequestHandler, HTTPServer +from requests import exceptions, post + +from infection_monkey.exploit.HostExploiter import HostExploiter +from infection_monkey.exploit.web_rce import WebRCE +from infection_monkey.network.info import get_free_tcp_port +from infection_monkey.network.tools import get_interface_to_target + __author__ = "VakarisZ" LOG = logging.getLogger(__name__) diff --git a/monkey/infection_monkey/exploit/win_ms08_067.py b/monkey/infection_monkey/exploit/win_ms08_067.py index 08c588278..023caa41a 100644 --- a/monkey/infection_monkey/exploit/win_ms08_067.py +++ b/monkey/infection_monkey/exploit/win_ms08_067.py @@ -8,18 +8,21 @@ import socket import time +from enum import IntEnum from logging import getLogger -from enum import IntEnum from impacket import uuid from impacket.dcerpc.v5 import transport -from infection_monkey.exploit.tools.helpers import get_target_monkey, get_monkey_depth, build_monkey_commandline +from infection_monkey.exploit.HostExploiter import HostExploiter +from infection_monkey.exploit.tools.helpers import (build_monkey_commandline, + get_monkey_depth, + get_target_monkey) from infection_monkey.exploit.tools.smb_tools import SmbTools -from infection_monkey.model import DROPPER_CMDLINE_WINDOWS, MONKEY_CMDLINE_WINDOWS +from infection_monkey.model import (DROPPER_CMDLINE_WINDOWS, + MONKEY_CMDLINE_WINDOWS) from infection_monkey.network.smbfinger import SMBFinger from infection_monkey.network.tools import check_tcp_port -from infection_monkey.exploit.HostExploiter import HostExploiter LOG = getLogger(__name__) diff --git a/monkey/infection_monkey/exploit/wmiexec.py b/monkey/infection_monkey/exploit/wmiexec.py index ea2541381..4aabe366d 100644 --- a/monkey/infection_monkey/exploit/wmiexec.py +++ b/monkey/infection_monkey/exploit/wmiexec.py @@ -5,14 +5,16 @@ import traceback from impacket.dcerpc.v5.rpcrt import DCERPCException -from infection_monkey.exploit.HostExploiter import HostExploiter -from infection_monkey.exploit.tools.helpers import get_target_monkey, \ - get_monkey_depth, build_monkey_commandline -from infection_monkey.exploit.tools.wmi_tools import AccessDeniedException -from infection_monkey.exploit.tools.smb_tools import SmbTools -from infection_monkey.exploit.tools.wmi_tools import WmiTools -from infection_monkey.model import DROPPER_CMDLINE_WINDOWS, MONKEY_CMDLINE_WINDOWS from common.utils.exploit_enum import ExploitType +from infection_monkey.exploit.HostExploiter import HostExploiter +from infection_monkey.exploit.tools.helpers import (build_monkey_commandline, + get_monkey_depth, + get_target_monkey) +from infection_monkey.exploit.tools.smb_tools import SmbTools +from infection_monkey.exploit.tools.wmi_tools import (AccessDeniedException, + WmiTools) +from infection_monkey.model import (DROPPER_CMDLINE_WINDOWS, + MONKEY_CMDLINE_WINDOWS) LOG = logging.getLogger(__name__) diff --git a/monkey/infection_monkey/main.py b/monkey/infection_monkey/main.py index 21871d857..cad4a00c0 100644 --- a/monkey/infection_monkey/main.py +++ b/monkey/infection_monkey/main.py @@ -7,14 +7,15 @@ import sys import traceback from multiprocessing import freeze_support -from infection_monkey.utils.monkey_log_path import get_dropper_log_path, get_monkey_log_path -from infection_monkey.config import WormConfiguration, EXTERNAL_CONFIG_FILE -from infection_monkey.dropper import MonkeyDrops -from infection_monkey.model import MONKEY_ARG, DROPPER_ARG -from infection_monkey.monkey import InfectionMonkey -from common.version import get_version # noinspection PyUnresolvedReferences import infection_monkey.post_breach # dummy import for pyinstaller +from common.version import get_version +from infection_monkey.config import EXTERNAL_CONFIG_FILE, WormConfiguration +from infection_monkey.dropper import MonkeyDrops +from infection_monkey.model import DROPPER_ARG, MONKEY_ARG +from infection_monkey.monkey import InfectionMonkey +from infection_monkey.utils.monkey_log_path import (get_dropper_log_path, + get_monkey_log_path) __author__ = 'itamar' diff --git a/monkey/infection_monkey/model/victim_host_generator_test.py b/monkey/infection_monkey/model/victim_host_generator_test.py index 3a159f245..5511680d7 100644 --- a/monkey/infection_monkey/model/victim_host_generator_test.py +++ b/monkey/infection_monkey/model/victim_host_generator_test.py @@ -1,6 +1,7 @@ from unittest import TestCase -from infection_monkey.model.victim_host_generator import VictimHostGenerator + from common.network.network_range import CidrRange, SingleIpRange +from infection_monkey.model.victim_host_generator import VictimHostGenerator class VictimHostGeneratorTester(TestCase): diff --git a/monkey/infection_monkey/monkey.py b/monkey/infection_monkey/monkey.py index c45e5c511..ec63fd6a8 100644 --- a/monkey/infection_monkey/monkey.py +++ b/monkey/infection_monkey/monkey.py @@ -6,34 +6,39 @@ import sys import time import infection_monkey.tunnel as tunnel -from infection_monkey.network.HostFinger import HostFinger -from infection_monkey.utils.monkey_dir import create_monkey_dir, get_monkey_dir_path, remove_monkey_dir -from infection_monkey.utils.monkey_log_path import get_monkey_log_path -from infection_monkey.utils.environment import is_windows_os -from infection_monkey.utils.exceptions.planned_shutdown_exception import PlannedShutdownException +from common.network.network_utils import get_host_from_network_location +from common.utils.attack_utils import ScanStatus, UsageEnum +from common.utils.exceptions import (ExploitingVulnerableMachineError, + FailedExploitationError) +from common.version import get_version from infection_monkey.config import WormConfiguration from infection_monkey.control import ControlClient +from infection_monkey.exploit.HostExploiter import HostExploiter from infection_monkey.model import DELAY_DELETE_CMD from infection_monkey.network.firewall import app as firewall +from infection_monkey.network.HostFinger import HostFinger from infection_monkey.network.network_scanner import NetworkScanner +from infection_monkey.network.tools import (get_interface_to_target, + is_running_on_server) +from infection_monkey.post_breach.post_breach_handler import PostBreach from infection_monkey.system_info import SystemInfoCollector from infection_monkey.system_singleton import SystemSingleton -from infection_monkey.telemetry.attack.victim_host_telem import VictimHostTelem +from infection_monkey.telemetry.attack.t1106_telem import T1106Telem from infection_monkey.telemetry.attack.t1107_telem import T1107Telem +from infection_monkey.telemetry.attack.victim_host_telem import VictimHostTelem from infection_monkey.telemetry.scan_telem import ScanTelem from infection_monkey.telemetry.state_telem import StateTelem from infection_monkey.telemetry.system_info_telem import SystemInfoTelem from infection_monkey.telemetry.trace_telem import TraceTelem from infection_monkey.telemetry.tunnel_telem import TunnelTelem +from infection_monkey.utils.environment import is_windows_os +from infection_monkey.utils.exceptions.planned_shutdown_exception import \ + PlannedShutdownException +from infection_monkey.utils.monkey_dir import (create_monkey_dir, + get_monkey_dir_path, + remove_monkey_dir) +from infection_monkey.utils.monkey_log_path import get_monkey_log_path from infection_monkey.windows_upgrader import WindowsUpgrader -from infection_monkey.post_breach.post_breach_handler import PostBreach -from infection_monkey.network.tools import get_interface_to_target, is_running_on_server -from common.utils.exceptions import ExploitingVulnerableMachineError, FailedExploitationError -from infection_monkey.telemetry.attack.t1106_telem import T1106Telem -from common.utils.attack_utils import ScanStatus, UsageEnum -from common.version import get_version -from infection_monkey.exploit.HostExploiter import HostExploiter -from common.network.network_utils import get_host_from_network_location MAX_DEPTH_REACHED_MESSAGE = "Reached max depth, shutting down" @@ -290,7 +295,8 @@ class InfectionMonkey(object): try: status = None if "win32" == sys.platform: - from subprocess import SW_HIDE, STARTF_USESHOWWINDOW, CREATE_NEW_CONSOLE + from subprocess import (CREATE_NEW_CONSOLE, + STARTF_USESHOWWINDOW, SW_HIDE) startupinfo = subprocess.STARTUPINFO() startupinfo.dwFlags = CREATE_NEW_CONSOLE | STARTF_USESHOWWINDOW startupinfo.wShowWindow = SW_HIDE diff --git a/monkey/infection_monkey/monkeyfs.py b/monkey/infection_monkey/monkeyfs.py index e64682501..2d14156b3 100644 --- a/monkey/infection_monkey/monkeyfs.py +++ b/monkey/infection_monkey/monkeyfs.py @@ -1,5 +1,5 @@ -from io import BytesIO import os +from io import BytesIO __author__ = 'hoffer' diff --git a/monkey/infection_monkey/network/HostFinger.py b/monkey/infection_monkey/network/HostFinger.py index dbc3b40cd..b48c01111 100644 --- a/monkey/infection_monkey/network/HostFinger.py +++ b/monkey/infection_monkey/network/HostFinger.py @@ -1,8 +1,8 @@ from abc import abstractmethod +import infection_monkey.network from infection_monkey.config import WormConfiguration from infection_monkey.utils.plugins.plugin import Plugin -import infection_monkey.network class HostFinger(Plugin): diff --git a/monkey/infection_monkey/network/elasticfinger.py b/monkey/infection_monkey/network/elasticfinger.py index 790afa47d..5ba95ab93 100644 --- a/monkey/infection_monkey/network/elasticfinger.py +++ b/monkey/infection_monkey/network/elasticfinger.py @@ -3,11 +3,11 @@ import logging from contextlib import closing import requests -from requests.exceptions import Timeout, ConnectionError +from requests.exceptions import ConnectionError, Timeout import infection_monkey.config -from infection_monkey.network.HostFinger import HostFinger from common.data.network_consts import ES_SERVICE +from infection_monkey.network.HostFinger import HostFinger ES_PORT = 9200 ES_HTTP_TIMEOUT = 5 diff --git a/monkey/infection_monkey/network/firewall.py b/monkey/infection_monkey/network/firewall.py index 3b0161bbb..a88427650 100644 --- a/monkey/infection_monkey/network/firewall.py +++ b/monkey/infection_monkey/network/firewall.py @@ -1,6 +1,6 @@ +import platform import subprocess import sys -import platform def _run_netsh_cmd(command, args): diff --git a/monkey/infection_monkey/network/httpfinger.py b/monkey/infection_monkey/network/httpfinger.py index ec9f619da..26e362a5f 100644 --- a/monkey/infection_monkey/network/httpfinger.py +++ b/monkey/infection_monkey/network/httpfinger.py @@ -1,6 +1,7 @@ +import logging + import infection_monkey.config from infection_monkey.network.HostFinger import HostFinger -import logging LOG = logging.getLogger(__name__) @@ -20,10 +21,11 @@ class HTTPFinger(HostFinger): pass def get_host_fingerprint(self, host): - from requests import head - from requests.exceptions import Timeout, ConnectionError from contextlib import closing + from requests import head + from requests.exceptions import ConnectionError, Timeout + for port in self.HTTP: # check both http and https http = "http://" + host.ip_addr + ":" + port[1] diff --git a/monkey/infection_monkey/network/info.py b/monkey/infection_monkey/network/info.py index 68c295fe3..0aafe0540 100644 --- a/monkey/infection_monkey/network/info.py +++ b/monkey/infection_monkey/network/info.py @@ -1,12 +1,12 @@ -import socket -import struct -import psutil import ipaddress import itertools -import netifaces -from subprocess import check_output +import socket +import struct from random import randint +from subprocess import check_output +import netifaces +import psutil import requests from requests import ConnectionError diff --git a/monkey/infection_monkey/network/mssql_fingerprint.py b/monkey/infection_monkey/network/mssql_fingerprint.py index bd20f0d22..8d934677e 100644 --- a/monkey/infection_monkey/network/mssql_fingerprint.py +++ b/monkey/infection_monkey/network/mssql_fingerprint.py @@ -2,8 +2,8 @@ import errno import logging import socket -from infection_monkey.network.HostFinger import HostFinger import infection_monkey.config +from infection_monkey.network.HostFinger import HostFinger __author__ = 'Maor Rayzin' diff --git a/monkey/infection_monkey/network/mysqlfinger.py b/monkey/infection_monkey/network/mysqlfinger.py index 968e5361f..c303692ad 100644 --- a/monkey/infection_monkey/network/mysqlfinger.py +++ b/monkey/infection_monkey/network/mysqlfinger.py @@ -3,7 +3,8 @@ import socket import infection_monkey.config from infection_monkey.network.HostFinger import HostFinger -from infection_monkey.network.tools import struct_unpack_tracker, struct_unpack_tracker_string +from infection_monkey.network.tools import (struct_unpack_tracker, + struct_unpack_tracker_string) MYSQL_PORT = 3306 SQL_SERVICE = 'mysqld-3306' diff --git a/monkey/infection_monkey/network/network_scanner.py b/monkey/infection_monkey/network/network_scanner.py index faa5e9a5f..6abf409ad 100644 --- a/monkey/infection_monkey/network/network_scanner.py +++ b/monkey/infection_monkey/network/network_scanner.py @@ -1,13 +1,13 @@ -import time import logging +import time from multiprocessing.dummy import Pool from common.network.network_range import NetworkRange from infection_monkey.config import WormConfiguration from infection_monkey.model.victim_host_generator import VictimHostGenerator -from infection_monkey.network.info import local_ips, get_interfaces_ranges -from infection_monkey.network.tcp_scanner import TcpScanner +from infection_monkey.network.info import get_interfaces_ranges, local_ips from infection_monkey.network.ping_scanner import PingScanner +from infection_monkey.network.tcp_scanner import TcpScanner LOG = logging.getLogger(__name__) diff --git a/monkey/infection_monkey/network/smbfinger.py b/monkey/infection_monkey/network/smbfinger.py index f3e1d60dd..f822822da 100644 --- a/monkey/infection_monkey/network/smbfinger.py +++ b/monkey/infection_monkey/network/smbfinger.py @@ -1,6 +1,7 @@ +import logging import socket import struct -import logging + from odict import odict from infection_monkey.network.HostFinger import HostFinger diff --git a/monkey/infection_monkey/network/tools.py b/monkey/infection_monkey/network/tools.py index ef37fe827..049b30838 100644 --- a/monkey/infection_monkey/network/tools.py +++ b/monkey/infection_monkey/network/tools.py @@ -1,11 +1,11 @@ import logging -import sys -import subprocess +import re import select import socket import struct +import subprocess +import sys import time -import re from infection_monkey.network.info import get_routes, local_ips from infection_monkey.pyinstaller_utils import get_binary_file_path diff --git a/monkey/infection_monkey/post_breach/actions/add_user.py b/monkey/infection_monkey/post_breach/actions/add_user.py index 074e31460..58be89a1f 100644 --- a/monkey/infection_monkey/post_breach/actions/add_user.py +++ b/monkey/infection_monkey/post_breach/actions/add_user.py @@ -1,6 +1,6 @@ from common.data.post_breach_consts import POST_BREACH_BACKDOOR_USER -from infection_monkey.post_breach.pba import PBA from infection_monkey.config import WormConfiguration +from infection_monkey.post_breach.pba import PBA from infection_monkey.utils.users import get_commands_to_add_user diff --git a/monkey/infection_monkey/post_breach/actions/change_file_privileges.py b/monkey/infection_monkey/post_breach/actions/change_file_privileges.py index 325098202..444804f81 100644 --- a/monkey/infection_monkey/post_breach/actions/change_file_privileges.py +++ b/monkey/infection_monkey/post_breach/actions/change_file_privileges.py @@ -1,6 +1,6 @@ from common.data.post_breach_consts import POST_BREACH_SETUID_SETGID from infection_monkey.post_breach.pba import PBA -from infection_monkey.post_breach.setuid_setgid.setuid_setgid import\ +from infection_monkey.post_breach.setuid_setgid.setuid_setgid import \ get_commands_to_change_setuid_setgid from infection_monkey.utils.environment import is_windows_os diff --git a/monkey/infection_monkey/post_breach/actions/communicate_as_new_user.py b/monkey/infection_monkey/post_breach/actions/communicate_as_new_user.py index 5519eb3d2..83065d20d 100644 --- a/monkey/infection_monkey/post_breach/actions/communicate_as_new_user.py +++ b/monkey/infection_monkey/post_breach/actions/communicate_as_new_user.py @@ -3,12 +3,12 @@ import random import string import subprocess -from infection_monkey.utils.new_user_error import NewUserError -from infection_monkey.utils.auto_new_user_factory import create_auto_new_user from common.data.post_breach_consts import POST_BREACH_COMMUNICATE_AS_NEW_USER from infection_monkey.post_breach.pba import PBA from infection_monkey.telemetry.post_breach_telem import PostBreachTelem +from infection_monkey.utils.auto_new_user_factory import create_auto_new_user from infection_monkey.utils.environment import is_windows_os +from infection_monkey.utils.new_user_error import NewUserError INFECTION_MONKEY_WEBSITE_URL = "https://infectionmonkey.com/" diff --git a/monkey/infection_monkey/post_breach/actions/hide_files.py b/monkey/infection_monkey/post_breach/actions/hide_files.py index da9caca6c..081a18598 100644 --- a/monkey/infection_monkey/post_breach/actions/hide_files.py +++ b/monkey/infection_monkey/post_breach/actions/hide_files.py @@ -1,13 +1,11 @@ from common.data.post_breach_consts import POST_BREACH_HIDDEN_FILES from infection_monkey.post_breach.pba import PBA from infection_monkey.telemetry.post_breach_telem import PostBreachTelem -from infection_monkey.utils.hidden_files import\ - get_commands_to_hide_files,\ - get_commands_to_hide_folders,\ - cleanup_hidden_files,\ - get_winAPI_to_hide_files from infection_monkey.utils.environment import is_windows_os - +from infection_monkey.utils.hidden_files import (cleanup_hidden_files, + get_commands_to_hide_files, + get_commands_to_hide_folders, + get_winAPI_to_hide_files) HIDDEN_FSO_CREATION_COMMANDS = [get_commands_to_hide_files, get_commands_to_hide_folders] diff --git a/monkey/infection_monkey/post_breach/actions/modify_shell_startup_files.py b/monkey/infection_monkey/post_breach/actions/modify_shell_startup_files.py index 383a7ae4c..1ab524e64 100644 --- a/monkey/infection_monkey/post_breach/actions/modify_shell_startup_files.py +++ b/monkey/infection_monkey/post_breach/actions/modify_shell_startup_files.py @@ -1,6 +1,7 @@ -from common.data.post_breach_consts import POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION +from common.data.post_breach_consts import \ + POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION from infection_monkey.post_breach.pba import PBA -from infection_monkey.post_breach.shell_startup_files.shell_startup_files_modification import\ +from infection_monkey.post_breach.shell_startup_files.shell_startup_files_modification import \ get_commands_to_modify_shell_startup_files diff --git a/monkey/infection_monkey/post_breach/actions/schedule_jobs.py b/monkey/infection_monkey/post_breach/actions/schedule_jobs.py new file mode 100644 index 000000000..d6cdd2765 --- /dev/null +++ b/monkey/infection_monkey/post_breach/actions/schedule_jobs.py @@ -0,0 +1,19 @@ +from common.data.post_breach_consts import POST_BREACH_JOB_SCHEDULING +from infection_monkey.post_breach.job_scheduling.job_scheduling import ( + get_commands_to_schedule_jobs, remove_scheduled_jobs) +from infection_monkey.post_breach.pba import PBA + + +class ScheduleJobs(PBA): + """ + This PBA attempts to schedule jobs on the system. + """ + + def __init__(self): + linux_cmds, windows_cmds = get_commands_to_schedule_jobs() + + super(ScheduleJobs, self).__init__(name=POST_BREACH_JOB_SCHEDULING, + linux_cmd=' '.join(linux_cmds), + windows_cmd=windows_cmds) + + remove_scheduled_jobs() diff --git a/monkey/infection_monkey/post_breach/actions/use_trap_command.py b/monkey/infection_monkey/post_breach/actions/use_trap_command.py index 74ffdcb28..306e92fa3 100644 --- a/monkey/infection_monkey/post_breach/actions/use_trap_command.py +++ b/monkey/infection_monkey/post_breach/actions/use_trap_command.py @@ -1,6 +1,6 @@ from common.data.post_breach_consts import POST_BREACH_TRAP_COMMAND from infection_monkey.post_breach.pba import PBA -from infection_monkey.post_breach.trap_command.trap_command import\ +from infection_monkey.post_breach.trap_command.trap_command import \ get_trap_commands from infection_monkey.utils.environment import is_windows_os diff --git a/monkey/infection_monkey/post_breach/actions/users_custom_pba.py b/monkey/infection_monkey/post_breach/actions/users_custom_pba.py index 7a024da3f..46f09a688 100644 --- a/monkey/infection_monkey/post_breach/actions/users_custom_pba.py +++ b/monkey/infection_monkey/post_breach/actions/users_custom_pba.py @@ -1,15 +1,15 @@ -import os import logging +import os from common.data.post_breach_consts import POST_BREACH_FILE_EXECUTION -from infection_monkey.utils.environment import is_windows_os -from infection_monkey.post_breach.pba import PBA -from infection_monkey.control import ControlClient -from infection_monkey.config import WormConfiguration -from infection_monkey.utils.monkey_dir import get_monkey_dir_path -from infection_monkey.telemetry.attack.t1105_telem import T1105Telem from common.utils.attack_utils import ScanStatus +from infection_monkey.config import WormConfiguration +from infection_monkey.control import ControlClient from infection_monkey.network.tools import get_interface_to_target +from infection_monkey.post_breach.pba import PBA +from infection_monkey.telemetry.attack.t1105_telem import T1105Telem +from infection_monkey.utils.environment import is_windows_os +from infection_monkey.utils.monkey_dir import get_monkey_dir_path LOG = logging.getLogger(__name__) diff --git a/monkey/infection_monkey/post_breach/job_scheduling/job_scheduling.py b/monkey/infection_monkey/post_breach/job_scheduling/job_scheduling.py new file mode 100644 index 000000000..886070dbb --- /dev/null +++ b/monkey/infection_monkey/post_breach/job_scheduling/job_scheduling.py @@ -0,0 +1,19 @@ +import subprocess + +from infection_monkey.post_breach.job_scheduling.linux_job_scheduling import \ + get_linux_commands_to_schedule_jobs +from infection_monkey.post_breach.job_scheduling.windows_job_scheduling import ( + get_windows_commands_to_remove_scheduled_jobs, + get_windows_commands_to_schedule_jobs) +from infection_monkey.utils.environment import is_windows_os + + +def get_commands_to_schedule_jobs(): + linux_cmds = get_linux_commands_to_schedule_jobs() + windows_cmds = get_windows_commands_to_schedule_jobs() + return linux_cmds, windows_cmds + + +def remove_scheduled_jobs(): + if is_windows_os(): + subprocess.run(get_windows_commands_to_remove_scheduled_jobs(), shell=True) # noqa: DUO116 diff --git a/monkey/infection_monkey/post_breach/job_scheduling/linux_job_scheduling.py b/monkey/infection_monkey/post_breach/job_scheduling/linux_job_scheduling.py new file mode 100644 index 000000000..4ed5ff970 --- /dev/null +++ b/monkey/infection_monkey/post_breach/job_scheduling/linux_job_scheduling.py @@ -0,0 +1,12 @@ +TEMP_CRON = "$HOME/monkey-schedule-jobs" + + +def get_linux_commands_to_schedule_jobs(): + return [ + f'touch {TEMP_CRON} &&', + f'crontab -l > {TEMP_CRON} &&', + 'echo \"# Successfully scheduled a job using crontab\" |', + f'tee -a {TEMP_CRON} &&', + f'crontab {TEMP_CRON} ;', + f'rm {TEMP_CRON}' + ] diff --git a/monkey/infection_monkey/post_breach/job_scheduling/windows_job_scheduling.py b/monkey/infection_monkey/post_breach/job_scheduling/windows_job_scheduling.py new file mode 100644 index 000000000..fe3dad525 --- /dev/null +++ b/monkey/infection_monkey/post_breach/job_scheduling/windows_job_scheduling.py @@ -0,0 +1,12 @@ +SCHEDULED_TASK_NAME = 'monkey-spawn-cmd' +SCHEDULED_TASK_COMMAND = 'C:\windows\system32\cmd.exe' + +# Commands from: https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.005/T1053.005.md + + +def get_windows_commands_to_schedule_jobs(): + return f'schtasks /Create /SC monthly /TN {SCHEDULED_TASK_NAME} /TR {SCHEDULED_TASK_COMMAND}' + + +def get_windows_commands_to_remove_scheduled_jobs(): + return f'schtasks /Delete /TN {SCHEDULED_TASK_NAME} /F > nul 2>&1' diff --git a/monkey/infection_monkey/post_breach/pba.py b/monkey/infection_monkey/post_breach/pba.py index e5a91b733..9d6a5eeae 100644 --- a/monkey/infection_monkey/post_breach/pba.py +++ b/monkey/infection_monkey/post_breach/pba.py @@ -1,13 +1,14 @@ import logging import subprocess +import infection_monkey.post_breach.actions from common.utils.attack_utils import ScanStatus -from infection_monkey.telemetry.post_breach_telem import PostBreachTelem -from infection_monkey.utils.environment import is_windows_os from infection_monkey.config import WormConfiguration from infection_monkey.telemetry.attack.t1064_telem import T1064Telem +from infection_monkey.telemetry.post_breach_telem import PostBreachTelem +from infection_monkey.utils.environment import is_windows_os from infection_monkey.utils.plugins.plugin import Plugin -import infection_monkey.post_breach.actions + LOG = logging.getLogger(__name__) __author__ = 'VakarisZ' diff --git a/monkey/infection_monkey/post_breach/post_breach_handler.py b/monkey/infection_monkey/post_breach/post_breach_handler.py index d700bac62..33eb55fc6 100644 --- a/monkey/infection_monkey/post_breach/post_breach_handler.py +++ b/monkey/infection_monkey/post_breach/post_breach_handler.py @@ -1,8 +1,8 @@ import logging from typing import Sequence -from infection_monkey.utils.environment import is_windows_os from infection_monkey.post_breach.pba import PBA +from infection_monkey.utils.environment import is_windows_os LOG = logging.getLogger(__name__) diff --git a/monkey/infection_monkey/post_breach/setuid_setgid/setuid_setgid.py b/monkey/infection_monkey/post_breach/setuid_setgid/setuid_setgid.py index ab4d8a7ed..47c8cc476 100644 --- a/monkey/infection_monkey/post_breach/setuid_setgid/setuid_setgid.py +++ b/monkey/infection_monkey/post_breach/setuid_setgid/setuid_setgid.py @@ -1,4 +1,4 @@ -from infection_monkey.post_breach.setuid_setgid.linux_setuid_setgid import\ +from infection_monkey.post_breach.setuid_setgid.linux_setuid_setgid import \ get_linux_commands_to_setuid_setgid diff --git a/monkey/infection_monkey/post_breach/shell_startup_files/linux/shell_startup_files_modification.py b/monkey/infection_monkey/post_breach/shell_startup_files/linux/shell_startup_files_modification.py index b18dff768..60e47d50c 100644 --- a/monkey/infection_monkey/post_breach/shell_startup_files/linux/shell_startup_files_modification.py +++ b/monkey/infection_monkey/post_breach/shell_startup_files/linux/shell_startup_files_modification.py @@ -1,4 +1,5 @@ import subprocess + from infection_monkey.utils.environment import is_windows_os diff --git a/monkey/infection_monkey/post_breach/shell_startup_files/shell_startup_files_modification.py b/monkey/infection_monkey/post_breach/shell_startup_files/shell_startup_files_modification.py index bc83ec499..65774c2ad 100644 --- a/monkey/infection_monkey/post_breach/shell_startup_files/shell_startup_files_modification.py +++ b/monkey/infection_monkey/post_breach/shell_startup_files/shell_startup_files_modification.py @@ -1,6 +1,6 @@ -from infection_monkey.post_breach.shell_startup_files.linux.shell_startup_files_modification import\ +from infection_monkey.post_breach.shell_startup_files.linux.shell_startup_files_modification import \ get_linux_commands_to_modify_shell_startup_files -from infection_monkey.post_breach.shell_startup_files.windows.shell_startup_files_modification import\ +from infection_monkey.post_breach.shell_startup_files.windows.shell_startup_files_modification import \ get_windows_commands_to_modify_shell_startup_files diff --git a/monkey/infection_monkey/post_breach/shell_startup_files/windows/shell_startup_files_modification.py b/monkey/infection_monkey/post_breach/shell_startup_files/windows/shell_startup_files_modification.py index 68889f28c..32f0718a7 100644 --- a/monkey/infection_monkey/post_breach/shell_startup_files/windows/shell_startup_files_modification.py +++ b/monkey/infection_monkey/post_breach/shell_startup_files/windows/shell_startup_files_modification.py @@ -1,4 +1,5 @@ import subprocess + from infection_monkey.utils.environment import is_windows_os diff --git a/monkey/infection_monkey/post_breach/trap_command/trap_command.py b/monkey/infection_monkey/post_breach/trap_command/trap_command.py index 208b21eda..bd25e3d11 100644 --- a/monkey/infection_monkey/post_breach/trap_command/trap_command.py +++ b/monkey/infection_monkey/post_breach/trap_command/trap_command.py @@ -1,4 +1,4 @@ -from infection_monkey.post_breach.trap_command.linux_trap_command import\ +from infection_monkey.post_breach.trap_command.linux_trap_command import \ get_linux_trap_commands diff --git a/monkey/infection_monkey/pyinstaller_hooks/hook-infection_monkey.exploit.py b/monkey/infection_monkey/pyinstaller_hooks/hook-infection_monkey.exploit.py index e759a4116..2bfb21972 100644 --- a/monkey/infection_monkey/pyinstaller_hooks/hook-infection_monkey.exploit.py +++ b/monkey/infection_monkey/pyinstaller_hooks/hook-infection_monkey.exploit.py @@ -1,4 +1,4 @@ -from PyInstaller.utils.hooks import collect_submodules, collect_data_files +from PyInstaller.utils.hooks import collect_data_files, collect_submodules hiddenimports = collect_submodules('infection_monkey.exploit') datas = (collect_data_files('infection_monkey.exploit', include_py_files=True)) diff --git a/monkey/infection_monkey/pyinstaller_hooks/hook-infection_monkey.network.py b/monkey/infection_monkey/pyinstaller_hooks/hook-infection_monkey.network.py index dbc345780..e80038ebd 100644 --- a/monkey/infection_monkey/pyinstaller_hooks/hook-infection_monkey.network.py +++ b/monkey/infection_monkey/pyinstaller_hooks/hook-infection_monkey.network.py @@ -1,4 +1,4 @@ -from PyInstaller.utils.hooks import collect_submodules, collect_data_files +from PyInstaller.utils.hooks import collect_data_files, collect_submodules hiddenimports = collect_submodules('infection_monkey.network') datas = (collect_data_files('infection_monkey.network', include_py_files=True)) diff --git a/monkey/infection_monkey/pyinstaller_hooks/hook-infection_monkey.post_breach.actions.py b/monkey/infection_monkey/pyinstaller_hooks/hook-infection_monkey.post_breach.actions.py index 51a0fca4a..55dc7c8c9 100644 --- a/monkey/infection_monkey/pyinstaller_hooks/hook-infection_monkey.post_breach.actions.py +++ b/monkey/infection_monkey/pyinstaller_hooks/hook-infection_monkey.post_breach.actions.py @@ -1,4 +1,4 @@ -from PyInstaller.utils.hooks import collect_submodules, collect_data_files +from PyInstaller.utils.hooks import collect_data_files, collect_submodules # Import all actions as modules hiddenimports = collect_submodules('infection_monkey.post_breach.actions') diff --git a/monkey/infection_monkey/pyinstaller_hooks/hook-infection_monkey.system_info.collectors.py b/monkey/infection_monkey/pyinstaller_hooks/hook-infection_monkey.system_info.collectors.py index 97cf81bfb..10fe02a17 100644 --- a/monkey/infection_monkey/pyinstaller_hooks/hook-infection_monkey.system_info.collectors.py +++ b/monkey/infection_monkey/pyinstaller_hooks/hook-infection_monkey.system_info.collectors.py @@ -1,4 +1,4 @@ -from PyInstaller.utils.hooks import collect_submodules, collect_data_files +from PyInstaller.utils.hooks import collect_data_files, collect_submodules # Import all actions as modules hiddenimports = collect_submodules('infection_monkey.system_info.collectors') diff --git a/monkey/infection_monkey/system_info/SSH_info_collector.py b/monkey/infection_monkey/system_info/SSH_info_collector.py index 31afdb8ed..3977d2444 100644 --- a/monkey/infection_monkey/system_info/SSH_info_collector.py +++ b/monkey/infection_monkey/system_info/SSH_info_collector.py @@ -1,7 +1,7 @@ -import logging -import pwd -import os import glob +import logging +import os +import pwd from common.utils.attack_utils import ScanStatus from infection_monkey.telemetry.attack.t1005_telem import T1005Telem diff --git a/monkey/infection_monkey/system_info/__init__.py b/monkey/infection_monkey/system_info/__init__.py index c619094b5..7761a412b 100644 --- a/monkey/infection_monkey/system_info/__init__.py +++ b/monkey/infection_monkey/system_info/__init__.py @@ -1,13 +1,14 @@ import logging import sys +from enum import IntEnum import psutil -from enum import IntEnum from infection_monkey.network.info import get_host_subnets from infection_monkey.system_info.azure_cred_collector import AzureCollector from infection_monkey.system_info.netstat_collector import NetstatCollector -from infection_monkey.system_info.system_info_collectors_handler import SystemInfoCollectorsHandler +from infection_monkey.system_info.system_info_collectors_handler import \ + SystemInfoCollectorsHandler LOG = logging.getLogger(__name__) diff --git a/monkey/infection_monkey/system_info/azure_cred_collector.py b/monkey/infection_monkey/system_info/azure_cred_collector.py index 90626922d..bb0240198 100644 --- a/monkey/infection_monkey/system_info/azure_cred_collector.py +++ b/monkey/infection_monkey/system_info/azure_cred_collector.py @@ -1,9 +1,9 @@ -import sys +import glob +import json import logging import os.path -import json -import glob import subprocess +import sys from common.utils.attack_utils import ScanStatus from infection_monkey.telemetry.attack.t1005_telem import T1005Telem diff --git a/monkey/infection_monkey/system_info/collectors/aws_collector.py b/monkey/infection_monkey/system_info/collectors/aws_collector.py index 68d125279..bdf470735 100644 --- a/monkey/infection_monkey/system_info/collectors/aws_collector.py +++ b/monkey/infection_monkey/system_info/collectors/aws_collector.py @@ -2,8 +2,8 @@ import logging from common.cloud.aws.aws_instance import AwsInstance from common.data.system_info_collectors_names import AWS_COLLECTOR -from infection_monkey.system_info.system_info_collector import SystemInfoCollector - +from infection_monkey.system_info.system_info_collector import \ + SystemInfoCollector logger = logging.getLogger(__name__) diff --git a/monkey/infection_monkey/system_info/collectors/environment_collector.py b/monkey/infection_monkey/system_info/collectors/environment_collector.py index 100d23175..9bcd917ee 100644 --- a/monkey/infection_monkey/system_info/collectors/environment_collector.py +++ b/monkey/infection_monkey/system_info/collectors/environment_collector.py @@ -1,7 +1,8 @@ from common.cloud.all_instances import get_all_cloud_instances from common.cloud.environment_names import Environment from common.data.system_info_collectors_names import ENVIRONMENT_COLLECTOR -from infection_monkey.system_info.system_info_collector import SystemInfoCollector +from infection_monkey.system_info.system_info_collector import \ + SystemInfoCollector def get_monkey_environment() -> str: diff --git a/monkey/infection_monkey/system_info/collectors/hostname_collector.py b/monkey/infection_monkey/system_info/collectors/hostname_collector.py index 21d03aac7..ae9560815 100644 --- a/monkey/infection_monkey/system_info/collectors/hostname_collector.py +++ b/monkey/infection_monkey/system_info/collectors/hostname_collector.py @@ -2,8 +2,8 @@ import logging import socket from common.data.system_info_collectors_names import HOSTNAME_COLLECTOR -from infection_monkey.system_info.system_info_collector import SystemInfoCollector - +from infection_monkey.system_info.system_info_collector import \ + SystemInfoCollector logger = logging.getLogger(__name__) diff --git a/monkey/infection_monkey/system_info/collectors/process_list_collector.py b/monkey/infection_monkey/system_info/collectors/process_list_collector.py index c0610cc74..b732a4090 100644 --- a/monkey/infection_monkey/system_info/collectors/process_list_collector.py +++ b/monkey/infection_monkey/system_info/collectors/process_list_collector.py @@ -1,8 +1,10 @@ import logging + import psutil from common.data.system_info_collectors_names import PROCESS_LIST_COLLECTOR -from infection_monkey.system_info.system_info_collector import SystemInfoCollector +from infection_monkey.system_info.system_info_collector import \ + SystemInfoCollector logger = logging.getLogger(__name__) diff --git a/monkey/infection_monkey/system_info/netstat_collector.py b/monkey/infection_monkey/system_info/netstat_collector.py index 361bf0d81..bd35f3126 100644 --- a/monkey/infection_monkey/system_info/netstat_collector.py +++ b/monkey/infection_monkey/system_info/netstat_collector.py @@ -1,10 +1,10 @@ # Inspired by Giampaolo Rodola's psutil example from https://github.com/giampaolo/psutil/blob/master/scripts/netstat.py import logging -import psutil import socket +from socket import AF_INET, SOCK_DGRAM, SOCK_STREAM -from socket import AF_INET, SOCK_STREAM, SOCK_DGRAM +import psutil __author__ = 'itay.mizeretz' diff --git a/monkey/infection_monkey/system_info/system_info_collector.py b/monkey/infection_monkey/system_info/system_info_collector.py index 8c0b6aa65..a16560930 100644 --- a/monkey/infection_monkey/system_info/system_info_collector.py +++ b/monkey/infection_monkey/system_info/system_info_collector.py @@ -1,8 +1,8 @@ -from infection_monkey.config import WormConfiguration -from infection_monkey.utils.plugins.plugin import Plugin from abc import ABCMeta, abstractmethod import infection_monkey.system_info.collectors +from infection_monkey.config import WormConfiguration +from infection_monkey.utils.plugins.plugin import Plugin class SystemInfoCollector(Plugin, metaclass=ABCMeta): diff --git a/monkey/infection_monkey/system_info/system_info_collectors_handler.py b/monkey/infection_monkey/system_info/system_info_collectors_handler.py index cc007ff86..4e8281e7a 100644 --- a/monkey/infection_monkey/system_info/system_info_collectors_handler.py +++ b/monkey/infection_monkey/system_info/system_info_collectors_handler.py @@ -1,7 +1,8 @@ import logging from typing import Sequence -from infection_monkey.system_info.system_info_collector import SystemInfoCollector +from infection_monkey.system_info.system_info_collector import \ + SystemInfoCollector from infection_monkey.telemetry.system_info_telem import SystemInfoTelem LOG = logging.getLogger(__name__) diff --git a/monkey/infection_monkey/system_info/windows_cred_collector/mimikatz_cred_collector.py b/monkey/infection_monkey/system_info/windows_cred_collector/mimikatz_cred_collector.py index 96d3912e3..506c92412 100644 --- a/monkey/infection_monkey/system_info/windows_cred_collector/mimikatz_cred_collector.py +++ b/monkey/infection_monkey/system_info/windows_cred_collector/mimikatz_cred_collector.py @@ -1,8 +1,10 @@ import logging from typing import List -from infection_monkey.system_info.windows_cred_collector import pypykatz_handler -from infection_monkey.system_info.windows_cred_collector.windows_credentials import WindowsCredentials +from infection_monkey.system_info.windows_cred_collector import \ + pypykatz_handler +from infection_monkey.system_info.windows_cred_collector.windows_credentials import \ + WindowsCredentials LOG = logging.getLogger(__name__) diff --git a/monkey/infection_monkey/system_info/windows_cred_collector/pypykatz_handler.py b/monkey/infection_monkey/system_info/windows_cred_collector/pypykatz_handler.py index 4ed4e0f48..cba4c330a 100644 --- a/monkey/infection_monkey/system_info/windows_cred_collector/pypykatz_handler.py +++ b/monkey/infection_monkey/system_info/windows_cred_collector/pypykatz_handler.py @@ -1,9 +1,10 @@ import binascii -from typing import Dict, List, NewType, Any +from typing import Any, Dict, List, NewType from pypykatz.pypykatz import pypykatz -from infection_monkey.system_info.windows_cred_collector.windows_credentials import WindowsCredentials +from infection_monkey.system_info.windows_cred_collector.windows_credentials import \ + WindowsCredentials CREDENTIAL_TYPES = ['msv_creds', 'wdigest_creds', 'ssp_creds', 'livessp_creds', 'dpapi_creds', 'kerberos_creds', 'credman_creds', 'tspkg_creds'] diff --git a/monkey/infection_monkey/system_info/windows_cred_collector/test_pypykatz_handler.py b/monkey/infection_monkey/system_info/windows_cred_collector/test_pypykatz_handler.py index 165b00cf2..2ad76a4e5 100644 --- a/monkey/infection_monkey/system_info/windows_cred_collector/test_pypykatz_handler.py +++ b/monkey/infection_monkey/system_info/windows_cred_collector/test_pypykatz_handler.py @@ -1,6 +1,7 @@ from unittest import TestCase -from infection_monkey.system_info.windows_cred_collector.pypykatz_handler import _get_creds_from_pypykatz_session +from infection_monkey.system_info.windows_cred_collector.pypykatz_handler import \ + _get_creds_from_pypykatz_session class TestPypykatzHandler(TestCase): diff --git a/monkey/infection_monkey/system_info/windows_info_collector.py b/monkey/infection_monkey/system_info/windows_info_collector.py index 13f0a5593..7eb80377d 100644 --- a/monkey/infection_monkey/system_info/windows_info_collector.py +++ b/monkey/infection_monkey/system_info/windows_info_collector.py @@ -1,18 +1,19 @@ -import os import logging +import os import sys -from infection_monkey.system_info.windows_cred_collector.mimikatz_cred_collector import MimikatzCredentialCollector +from infection_monkey.system_info.windows_cred_collector.mimikatz_cred_collector import \ + MimikatzCredentialCollector sys.coinit_flags = 0 # needed for proper destruction of the wmi python module # noinspection PyPep8 import infection_monkey.config # noinspection PyPep8 +from common.utils.wmi_utils import WMIUtils +# noinspection PyPep8 from infection_monkey.system_info import InfoCollector # noinspection PyPep8 from infection_monkey.system_info.wmi_consts import WMI_CLASSES -# noinspection PyPep8 -from common.utils.wmi_utils import WMIUtils LOG = logging.getLogger(__name__) LOG.info('started windows info collector') diff --git a/monkey/infection_monkey/transport/http.py b/monkey/infection_monkey/transport/http.py index 20b481f31..5f26f4f68 100644 --- a/monkey/infection_monkey/transport/http.py +++ b/monkey/infection_monkey/transport/http.py @@ -9,10 +9,11 @@ from urllib.parse import urlsplit import requests -import infection_monkey.monkeyfs as monkeyfs -from infection_monkey.transport.base import TransportProxyBase, update_last_serve_time -from infection_monkey.network.tools import get_interface_to_target import infection_monkey.control +import infection_monkey.monkeyfs as monkeyfs +from infection_monkey.network.tools import get_interface_to_target +from infection_monkey.transport.base import (TransportProxyBase, + update_last_serve_time) __author__ = 'hoffer' @@ -190,7 +191,8 @@ class HTTPServer(threading.Thread): def run(self): class TempHandler(FileServHTTPRequestHandler): from common.utils.attack_utils import ScanStatus - from infection_monkey.telemetry.attack.t1105_telem import T1105Telem + from infection_monkey.telemetry.attack.t1105_telem import \ + T1105Telem filename = self._filename @@ -244,7 +246,8 @@ class LockedHTTPServer(threading.Thread): def run(self): class TempHandler(FileServHTTPRequestHandler): from common.utils.attack_utils import ScanStatus - from infection_monkey.telemetry.attack.t1105_telem import T1105Telem + from infection_monkey.telemetry.attack.t1105_telem import \ + T1105Telem filename = self._filename @staticmethod diff --git a/monkey/infection_monkey/transport/tcp.py b/monkey/infection_monkey/transport/tcp.py index 9b017aa41..aa7ce253e 100644 --- a/monkey/infection_monkey/transport/tcp.py +++ b/monkey/infection_monkey/transport/tcp.py @@ -1,9 +1,10 @@ -import socket import select -from threading import Thread +import socket from logging import getLogger +from threading import Thread -from infection_monkey.transport.base import TransportProxyBase, update_last_serve_time +from infection_monkey.transport.base import (TransportProxyBase, + update_last_serve_time) READ_BUFFER_SIZE = 8192 DEFAULT_TIMEOUT = 30 diff --git a/monkey/infection_monkey/tunnel.py b/monkey/infection_monkey/tunnel.py index 3544f46f3..49224f155 100644 --- a/monkey/infection_monkey/tunnel.py +++ b/monkey/infection_monkey/tunnel.py @@ -6,8 +6,9 @@ from threading import Thread from infection_monkey.model import VictimHost from infection_monkey.network.firewall import app as firewall -from infection_monkey.network.info import local_ips, get_free_tcp_port -from infection_monkey.network.tools import check_tcp_port, get_interface_to_target +from infection_monkey.network.info import get_free_tcp_port, local_ips +from infection_monkey.network.tools import (check_tcp_port, + get_interface_to_target) from infection_monkey.transport.base import get_last_serve_time __author__ = 'hoffer' diff --git a/monkey/infection_monkey/utils/auto_new_user.py b/monkey/infection_monkey/utils/auto_new_user.py index 0a34d93c0..bc2c9452b 100644 --- a/monkey/infection_monkey/utils/auto_new_user.py +++ b/monkey/infection_monkey/utils/auto_new_user.py @@ -1,5 +1,5 @@ -import logging import abc +import logging logger = logging.getLogger(__name__) diff --git a/monkey/infection_monkey/utils/hidden_files.py b/monkey/infection_monkey/utils/hidden_files.py index 4fe520177..46d8e136b 100644 --- a/monkey/infection_monkey/utils/hidden_files.py +++ b/monkey/infection_monkey/utils/hidden_files.py @@ -1,14 +1,12 @@ import subprocess -from infection_monkey.utils.linux.hidden_files import\ - get_linux_commands_to_hide_files,\ - get_linux_commands_to_hide_folders,\ - get_linux_commands_to_delete -from infection_monkey.utils.windows.hidden_files import\ - get_windows_commands_to_hide_files,\ - get_windows_commands_to_hide_folders,\ - get_winAPI_to_hide_files,\ - get_windows_commands_to_delete + from infection_monkey.utils.environment import is_windows_os +from infection_monkey.utils.linux.hidden_files import ( + get_linux_commands_to_delete, get_linux_commands_to_hide_files, + get_linux_commands_to_hide_folders) +from infection_monkey.utils.windows.hidden_files import ( + get_winAPI_to_hide_files, get_windows_commands_to_delete, + get_windows_commands_to_hide_files, get_windows_commands_to_hide_folders) def get_commands_to_hide_files(): diff --git a/monkey/infection_monkey/utils/plugins/plugin.py b/monkey/infection_monkey/utils/plugins/plugin.py index d80ebccc1..662c0e35a 100644 --- a/monkey/infection_monkey/utils/plugins/plugin.py +++ b/monkey/infection_monkey/utils/plugins/plugin.py @@ -1,10 +1,10 @@ +import glob import importlib import inspect import logging from abc import ABCMeta, abstractmethod -from os.path import dirname, basename, isfile, join -import glob -from typing import Sequence, TypeVar, Type, Callable +from os.path import basename, dirname, isfile, join +from typing import Callable, Sequence, Type, TypeVar LOG = logging.getLogger(__name__) diff --git a/monkey/infection_monkey/utils/plugins/pluginTests/BadImport.py b/monkey/infection_monkey/utils/plugins/pluginTests/BadImport.py index ffd3ebb2d..d28a91a89 100644 --- a/monkey/infection_monkey/utils/plugins/pluginTests/BadImport.py +++ b/monkey/infection_monkey/utils/plugins/pluginTests/BadImport.py @@ -1,4 +1,5 @@ -from infection_monkey.utils.plugins.pluginTests.PluginTestClass import TestPlugin # noqa: F401 +from infection_monkey.utils.plugins.pluginTests.PluginTestClass import \ + TestPlugin # noqa: F401 class SomeDummyPlugin: diff --git a/monkey/infection_monkey/utils/plugins/pluginTests/BadInit.py b/monkey/infection_monkey/utils/plugins/pluginTests/BadInit.py index 18e83c052..658992469 100644 --- a/monkey/infection_monkey/utils/plugins/pluginTests/BadInit.py +++ b/monkey/infection_monkey/utils/plugins/pluginTests/BadInit.py @@ -1,4 +1,5 @@ -from infection_monkey.utils.plugins.pluginTests.PluginTestClass import TestPlugin +from infection_monkey.utils.plugins.pluginTests.PluginTestClass import \ + TestPlugin class BadPluginInit(TestPlugin): diff --git a/monkey/infection_monkey/utils/plugins/pluginTests/ComboFile.py b/monkey/infection_monkey/utils/plugins/pluginTests/ComboFile.py index 2d73cd65b..47418df31 100644 --- a/monkey/infection_monkey/utils/plugins/pluginTests/ComboFile.py +++ b/monkey/infection_monkey/utils/plugins/pluginTests/ComboFile.py @@ -1,4 +1,5 @@ -from infection_monkey.utils.plugins.pluginTests.PluginTestClass import TestPlugin +from infection_monkey.utils.plugins.pluginTests.PluginTestClass import \ + TestPlugin class NoInheritance: diff --git a/monkey/infection_monkey/utils/plugins/pluginTests/PluginTestClass.py b/monkey/infection_monkey/utils/plugins/pluginTests/PluginTestClass.py index a3785e875..310cf7f2c 100644 --- a/monkey/infection_monkey/utils/plugins/pluginTests/PluginTestClass.py +++ b/monkey/infection_monkey/utils/plugins/pluginTests/PluginTestClass.py @@ -1,5 +1,5 @@ -from infection_monkey.utils.plugins.plugin import Plugin import infection_monkey.utils.plugins.pluginTests +from infection_monkey.utils.plugins.plugin import Plugin class TestPlugin(Plugin): diff --git a/monkey/infection_monkey/utils/plugins/pluginTests/PluginWorking.py b/monkey/infection_monkey/utils/plugins/pluginTests/PluginWorking.py index a3fe237b6..b200bd835 100644 --- a/monkey/infection_monkey/utils/plugins/pluginTests/PluginWorking.py +++ b/monkey/infection_monkey/utils/plugins/pluginTests/PluginWorking.py @@ -1,4 +1,5 @@ -from infection_monkey.utils.plugins.pluginTests.PluginTestClass import TestPlugin +from infection_monkey.utils.plugins.pluginTests.PluginTestClass import \ + TestPlugin class PluginWorking(TestPlugin): diff --git a/monkey/infection_monkey/utils/plugins/plugin_test.py b/monkey/infection_monkey/utils/plugins/plugin_test.py index 7841c6c6a..3bbf59b90 100644 --- a/monkey/infection_monkey/utils/plugins/plugin_test.py +++ b/monkey/infection_monkey/utils/plugins/plugin_test.py @@ -1,10 +1,14 @@ from unittest import TestCase -from infection_monkey.utils.plugins.pluginTests.ComboFile import BadInit, ProperClass -from infection_monkey.utils.plugins.pluginTests.PluginWorking import PluginWorking -from infection_monkey.utils.plugins.pluginTests.BadImport import SomeDummyPlugin +from infection_monkey.utils.plugins.pluginTests.BadImport import \ + SomeDummyPlugin from infection_monkey.utils.plugins.pluginTests.BadInit import BadPluginInit -from infection_monkey.utils.plugins.pluginTests.PluginTestClass import TestPlugin +from infection_monkey.utils.plugins.pluginTests.ComboFile import (BadInit, + ProperClass) +from infection_monkey.utils.plugins.pluginTests.PluginTestClass import \ + TestPlugin +from infection_monkey.utils.plugins.pluginTests.PluginWorking import \ + PluginWorking class PluginTester(TestCase): diff --git a/monkey/infection_monkey/utils/users.py b/monkey/infection_monkey/utils/users.py index b2f29db85..37dd93e4f 100644 --- a/monkey/infection_monkey/utils/users.py +++ b/monkey/infection_monkey/utils/users.py @@ -1,5 +1,6 @@ from infection_monkey.utils.linux.users import get_linux_commands_to_add_user -from infection_monkey.utils.windows.users import get_windows_commands_to_add_user +from infection_monkey.utils.windows.users import \ + get_windows_commands_to_add_user def get_commands_to_add_user(username, password): diff --git a/monkey/infection_monkey/utils/windows/hidden_files.py b/monkey/infection_monkey/utils/windows/hidden_files.py index 3ffad48f5..a8f813f1b 100644 --- a/monkey/infection_monkey/utils/windows/hidden_files.py +++ b/monkey/infection_monkey/utils/windows/hidden_files.py @@ -1,6 +1,5 @@ import os - HOME_PATH = os.path.expanduser("~") HIDDEN_FILE = HOME_PATH + "\\monkey-hidden-file" diff --git a/monkey/infection_monkey/utils/windows/users.py b/monkey/infection_monkey/utils/windows/users.py index 9353509b9..c16b1c190 100644 --- a/monkey/infection_monkey/utils/windows/users.py +++ b/monkey/infection_monkey/utils/windows/users.py @@ -56,8 +56,8 @@ class AutoNewWindowsUser(AutoNewUser): def __enter__(self): # Importing these only on windows, as they won't exist on linux. - import win32security import win32con + import win32security try: # Logon as new user: https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-logonusera @@ -73,9 +73,9 @@ class AutoNewWindowsUser(AutoNewUser): def run_as(self, command): # Importing these only on windows, as they won't exist on linux. - import win32process import win32api import win32event + import win32process from winsys import _advapi32 exit_code = -1 diff --git a/monkey/infection_monkey/windows_upgrader.py b/monkey/infection_monkey/windows_upgrader.py index af904b143..f28a30d41 100644 --- a/monkey/infection_monkey/windows_upgrader.py +++ b/monkey/infection_monkey/windows_upgrader.py @@ -1,16 +1,18 @@ import logging +import shutil import subprocess import sys -import shutil - import time import infection_monkey.monkeyfs as monkeyfs from infection_monkey.config import WormConfiguration from infection_monkey.control import ControlClient -from infection_monkey.exploit.tools.helpers import build_monkey_commandline_explicitly +from infection_monkey.exploit.tools.helpers import \ + build_monkey_commandline_explicitly from infection_monkey.model import MONKEY_CMDLINE_WINDOWS -from infection_monkey.utils.environment import is_windows_os, is_64bit_windows_os, is_64bit_python +from infection_monkey.utils.environment import (is_64bit_python, + is_64bit_windows_os, + is_windows_os) __author__ = 'itay.mizeretz' diff --git a/monkey/monkey_island/cc/app.py b/monkey/monkey_island/cc/app.py index 3ba07af8f..79edccffa 100644 --- a/monkey/monkey_island/cc/app.py +++ b/monkey/monkey_island/cc/app.py @@ -2,48 +2,50 @@ import os import uuid import flask_restful -from flask import Flask, send_from_directory, Response +from flask import Flask, Response, send_from_directory from werkzeug.exceptions import NotFound -from monkey_island.cc.resources.auth.auth import init_jwt -from monkey_island.cc.database import mongo, database import monkey_island.cc.environment.environment_singleton as env_singleton +from monkey_island.cc.consts import MONKEY_ISLAND_ABS_PATH +from monkey_island.cc.database import database, mongo +from monkey_island.cc.resources.attack.attack_config import AttackConfiguration +from monkey_island.cc.resources.attack.attack_report import AttackReport +from monkey_island.cc.resources.auth.auth import init_jwt +from monkey_island.cc.resources.bootloader import Bootloader from monkey_island.cc.resources.client_run import ClientRun from monkey_island.cc.resources.edge import Edge from monkey_island.cc.resources.environment import Environment +from monkey_island.cc.resources.island_configuration import IslandConfiguration +from monkey_island.cc.resources.island_logs import IslandLog from monkey_island.cc.resources.local_run import LocalRun from monkey_island.cc.resources.log import Log -from monkey_island.cc.resources.island_logs import IslandLog from monkey_island.cc.resources.monkey import Monkey from monkey_island.cc.resources.monkey_configuration import MonkeyConfiguration -from monkey_island.cc.resources.island_configuration import IslandConfiguration -from monkey_island.cc.resources.monkey_control.started_on_island import StartedOnIsland +from monkey_island.cc.resources.monkey_control.remote_port_check import \ + RemotePortCheck +from monkey_island.cc.resources.monkey_control.started_on_island import \ + StartedOnIsland from monkey_island.cc.resources.monkey_download import MonkeyDownload from monkey_island.cc.resources.netmap import NetMap from monkey_island.cc.resources.node import Node from monkey_island.cc.resources.node_states import NodeStates -from monkey_island.cc.resources.monkey_control.remote_port_check import RemotePortCheck +from monkey_island.cc.resources.pba_file_download import PBAFileDownload +from monkey_island.cc.resources.pba_file_upload import FileUpload from monkey_island.cc.resources.registration import Registration from monkey_island.cc.resources.remote_run import RemoteRun from monkey_island.cc.resources.reporting.report import Report from monkey_island.cc.resources.root import Root from monkey_island.cc.resources.telemetry import Telemetry from monkey_island.cc.resources.telemetry_feed import TelemetryFeed -from monkey_island.cc.resources.pba_file_download import PBAFileDownload from monkey_island.cc.resources.test.clear_caches import ClearCaches +from monkey_island.cc.resources.test.log_test import LogTest +from monkey_island.cc.resources.test.monkey_test import MonkeyTest from monkey_island.cc.resources.version_update import VersionUpdate -from monkey_island.cc.resources.pba_file_upload import FileUpload -from monkey_island.cc.resources.attack.attack_config import AttackConfiguration -from monkey_island.cc.resources.attack.attack_report import AttackReport -from monkey_island.cc.resources.bootloader import Bootloader -from monkey_island.cc.resources.zero_trust.finding_event import ZeroTrustFindingEvent +from monkey_island.cc.resources.zero_trust.finding_event import \ + ZeroTrustFindingEvent from monkey_island.cc.services.database import Database from monkey_island.cc.services.remote_run_aws import RemoteRunAwsService from monkey_island.cc.services.representations import output_json -from monkey_island.cc.consts import MONKEY_ISLAND_ABS_PATH - -from monkey_island.cc.resources.test.monkey_test import MonkeyTest -from monkey_island.cc.resources.test.log_test import LogTest __author__ = 'Barak' diff --git a/monkey/monkey_island/cc/bootloader_server.py b/monkey/monkey_island/cc/bootloader_server.py index 30196ff34..6301d7c18 100644 --- a/monkey/monkey_island/cc/bootloader_server.py +++ b/monkey/monkey_island/cc/bootloader_server.py @@ -1,11 +1,11 @@ -from http.server import HTTPServer, BaseHTTPRequestHandler +import logging +from http.server import BaseHTTPRequestHandler, HTTPServer from socketserver import ThreadingMixIn from urllib import parse -import urllib3 -import logging -import requests import pymongo +import requests +import urllib3 from monkey_island.cc.environment import Environment diff --git a/monkey/monkey_island/cc/environment/__init__.py b/monkey/monkey_island/cc/environment/__init__.py index 896608891..e35233c69 100644 --- a/monkey/monkey_island/cc/environment/__init__.py +++ b/monkey/monkey_island/cc/environment/__init__.py @@ -6,8 +6,9 @@ from datetime import timedelta __author__ = 'itay.mizeretz' -from common.utils.exceptions import InvalidRegistrationCredentialsError, \ - CredentialsNotRequiredError, AlreadyRegisteredError +from common.utils.exceptions import (AlreadyRegisteredError, + CredentialsNotRequiredError, + InvalidRegistrationCredentialsError) from monkey_island.cc.environment.environment_config import EnvironmentConfig from monkey_island.cc.environment.user_creds import UserCreds diff --git a/monkey/monkey_island/cc/environment/aws.py b/monkey/monkey_island/cc/environment/aws.py index 27c0cd86e..587989825 100644 --- a/monkey/monkey_island/cc/environment/aws.py +++ b/monkey/monkey_island/cc/environment/aws.py @@ -1,6 +1,6 @@ -from monkey_island.cc.resources.auth.auth_user import User -from monkey_island.cc.environment import Environment from common.cloud.aws.aws_instance import AwsInstance +from monkey_island.cc.environment import Environment +from monkey_island.cc.resources.auth.auth_user import User __author__ = 'itay.mizeretz' diff --git a/monkey/monkey_island/cc/environment/environment_config.py b/monkey/monkey_island/cc/environment/environment_config.py index 9559cdd37..0c66b2fc4 100644 --- a/monkey/monkey_island/cc/environment/environment_config.py +++ b/monkey/monkey_island/cc/environment/environment_config.py @@ -2,11 +2,11 @@ from __future__ import annotations import json import os -from typing import List, Dict +from typing import Dict, List -from monkey_island.cc.resources.auth.auth_user import User from monkey_island.cc.consts import MONKEY_ISLAND_ABS_PATH from monkey_island.cc.environment.user_creds import UserCreds +from monkey_island.cc.resources.auth.auth_user import User from monkey_island.cc.resources.auth.user_store import UserStore diff --git a/monkey/monkey_island/cc/environment/environment_singleton.py b/monkey/monkey_island/cc/environment/environment_singleton.py index 0fcfa8eb0..6e800650f 100644 --- a/monkey/monkey_island/cc/environment/environment_singleton.py +++ b/monkey/monkey_island/cc/environment/environment_singleton.py @@ -3,10 +3,8 @@ import logging env = None import monkey_island.cc.resources.auth.user_store as user_store -from monkey_island.cc.environment import standard, EnvironmentConfig -from monkey_island.cc.environment import testing -from monkey_island.cc.environment import aws -from monkey_island.cc.environment import password +from monkey_island.cc.environment import (EnvironmentConfig, aws, password, + standard, testing) __author__ = 'itay.mizeretz' diff --git a/monkey/monkey_island/cc/environment/standard.py b/monkey/monkey_island/cc/environment/standard.py index 08851c94a..e34fb71cc 100644 --- a/monkey/monkey_island/cc/environment/standard.py +++ b/monkey/monkey_island/cc/environment/standard.py @@ -1,5 +1,5 @@ -from monkey_island.cc.resources.auth.auth_user import User from monkey_island.cc.environment import Environment +from monkey_island.cc.resources.auth.auth_user import User __author__ = 'itay.mizeretz' diff --git a/monkey/monkey_island/cc/environment/test__init__.py b/monkey/monkey_island/cc/environment/test__init__.py index 6e571ad2c..881195309 100644 --- a/monkey/monkey_island/cc/environment/test__init__.py +++ b/monkey/monkey_island/cc/environment/test__init__.py @@ -2,12 +2,15 @@ import json import os from typing import Dict from unittest import TestCase -from unittest.mock import patch, MagicMock +from unittest.mock import MagicMock, patch -from common.utils.exceptions import InvalidRegistrationCredentialsError, AlreadyRegisteredError, \ - CredentialsNotRequiredError, RegistrationNotNeededError -from monkey_island.cc.environment import Environment, EnvironmentConfig, UserCreds import monkey_island.cc.testing.environment.server_config_mocks as config_mocks +from common.utils.exceptions import (AlreadyRegisteredError, + CredentialsNotRequiredError, + InvalidRegistrationCredentialsError, + RegistrationNotNeededError) +from monkey_island.cc.environment import (Environment, EnvironmentConfig, + UserCreds) def get_server_config_file_path_test_version(): diff --git a/monkey/monkey_island/cc/environment/test_environment_config.py b/monkey/monkey_island/cc/environment/test_environment_config.py index 95882e63e..6a6da6be7 100644 --- a/monkey/monkey_island/cc/environment/test_environment_config.py +++ b/monkey/monkey_island/cc/environment/test_environment_config.py @@ -3,12 +3,12 @@ import os import platform from typing import Dict from unittest import TestCase -from unittest.mock import patch, MagicMock +from unittest.mock import MagicMock, patch +import monkey_island.cc.testing.environment.server_config_mocks as config_mocks from monkey_island.cc.consts import MONKEY_ISLAND_ABS_PATH from monkey_island.cc.environment.environment_config import EnvironmentConfig from monkey_island.cc.environment.user_creds import UserCreds -import monkey_island.cc.testing.environment.server_config_mocks as config_mocks def get_server_config_file_path_test_version(): diff --git a/monkey/monkey_island/cc/island_logger.py b/monkey/monkey_island/cc/island_logger.py index f55fcf896..2b4843876 100644 --- a/monkey/monkey_island/cc/island_logger.py +++ b/monkey/monkey_island/cc/island_logger.py @@ -1,6 +1,6 @@ -import os import json import logging.config +import os __author__ = 'Maor.Rayzin' diff --git a/monkey/monkey_island/cc/main.py b/monkey/monkey_island/cc/main.py index 3fb166a7b..5867b8825 100644 --- a/monkey/monkey_island/cc/main.py +++ b/monkey/monkey_island/cc/main.py @@ -1,8 +1,8 @@ +import logging import os import os.path import sys import time -import logging from threading import Thread MINIMUM_MONGO_DB_VERSION_REQUIRED = "4.2.0" @@ -12,22 +12,23 @@ BASE_PATH = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) if BASE_PATH not in sys.path: sys.path.insert(0, BASE_PATH) -from monkey_island.cc.island_logger import json_setup_logging from monkey_island.cc.consts import MONKEY_ISLAND_ABS_PATH +from monkey_island.cc.island_logger import json_setup_logging # This is here in order to catch EVERYTHING, some functions are being called on imports the log init needs to be on top. json_setup_logging(default_path=os.path.join(MONKEY_ISLAND_ABS_PATH, 'cc', 'island_logger_default_config.json'), default_level=logging.DEBUG) logger = logging.getLogger(__name__) -from monkey_island.cc.app import init_app -from monkey_island.cc.services.reporting.exporter_init import populate_exporter_list -from monkey_island.cc.network_utils import local_ip_addresses import monkey_island.cc.environment.environment_singleton as env_singleton -from monkey_island.cc.database import is_db_server_up, get_db_version -from monkey_island.cc.resources.monkey_download import MonkeyDownload from common.version import get_version +from monkey_island.cc.app import init_app from monkey_island.cc.bootloader_server import BootloaderHttpServer +from monkey_island.cc.database import get_db_version, is_db_server_up +from monkey_island.cc.network_utils import local_ip_addresses +from monkey_island.cc.resources.monkey_download import MonkeyDownload +from monkey_island.cc.services.reporting.exporter_init import \ + populate_exporter_list from monkey_island.cc.setup import setup @@ -42,9 +43,9 @@ def main(should_setup_only=False): def start_island_server(should_setup_only): - from tornado.wsgi import WSGIContainer from tornado.httpserver import HTTPServer from tornado.ioloop import IOLoop + from tornado.wsgi import WSGIContainer mongo_url = os.environ.get('MONGO_URL', env_singleton.env.get_mongo_url()) wait_for_mongo_db_server(mongo_url) diff --git a/monkey/monkey_island/cc/models/__init__.py b/monkey/monkey_island/cc/models/__init__.py index d58b64c00..9d0114b78 100644 --- a/monkey/monkey_island/cc/models/__init__.py +++ b/monkey/monkey_island/cc/models/__init__.py @@ -2,6 +2,14 @@ from mongoengine import connect import monkey_island.cc.environment.environment_singleton as env_singleton +from .command_control_channel import CommandControlChannel # noqa: F401 +# Order of importing matters here, for registering the embedded and referenced documents before using them. +from .config import Config # noqa: F401 +from .creds import Creds # noqa: F401 +from .monkey import Monkey # noqa: F401 +from .monkey_ttl import MonkeyTtl # noqa: F401 +from .pba_results import PbaResults # noqa: F401 + # This section sets up the DB connection according to the environment. # If testing, use mongomock which only emulates mongo. for more information, see # http://docs.mongoengine.org/guide/mongomock.html . @@ -10,11 +18,3 @@ if env_singleton.env.testing: # See monkey_island.cc.environment.testing connect('mongoenginetest', host='mongomock://localhost') else: connect(db=env_singleton.env.mongo_db_name, host=env_singleton.env.mongo_db_host, port=env_singleton.env.mongo_db_port) - -# Order of importing matters here, for registering the embedded and referenced documents before using them. -from .config import Config # noqa: F401 -from .creds import Creds # noqa: F401 -from .monkey_ttl import MonkeyTtl # noqa: F401 -from .pba_results import PbaResults # noqa: F401 -from .command_control_channel import CommandControlChannel # noqa: F401 -from .monkey import Monkey # noqa: F401 diff --git a/monkey/monkey_island/cc/models/attack/attack_mitigations.py b/monkey/monkey_island/cc/models/attack/attack_mitigations.py index a51778c48..d2641561d 100644 --- a/monkey/monkey_island/cc/models/attack/attack_mitigations.py +++ b/monkey/monkey_island/cc/models/attack/attack_mitigations.py @@ -1,10 +1,12 @@ from typing import Dict -from mongoengine import Document, StringField, DoesNotExist, EmbeddedDocumentField, ListField -from monkey_island.cc.models.attack.mitigation import Mitigation +from mongoengine import (Document, DoesNotExist, EmbeddedDocumentField, + ListField, StringField) from stix2 import AttackPattern, CourseOfAction -from monkey_island.cc.services.attack.test_mitre_api_interface import MitreApiInterface +from monkey_island.cc.models.attack.mitigation import Mitigation +from monkey_island.cc.services.attack.test_mitre_api_interface import \ + MitreApiInterface class AttackMitigations(Document): diff --git a/monkey/monkey_island/cc/models/attack/mitigation.py b/monkey/monkey_island/cc/models/attack/mitigation.py index f87c7593b..a67945ca9 100644 --- a/monkey/monkey_island/cc/models/attack/mitigation.py +++ b/monkey/monkey_island/cc/models/attack/mitigation.py @@ -1,7 +1,8 @@ -from mongoengine import StringField, EmbeddedDocument +from mongoengine import EmbeddedDocument, StringField from stix2 import CourseOfAction -from monkey_island.cc.services.attack.test_mitre_api_interface import MitreApiInterface +from monkey_island.cc.services.attack.test_mitre_api_interface import \ + MitreApiInterface class Mitigation(EmbeddedDocument): diff --git a/monkey/monkey_island/cc/models/edge.py b/monkey/monkey_island/cc/models/edge.py index 09af04680..24a520265 100644 --- a/monkey/monkey_island/cc/models/edge.py +++ b/monkey/monkey_island/cc/models/edge.py @@ -1,4 +1,5 @@ -from mongoengine import Document, ObjectIdField, ListField, DynamicField, BooleanField, StringField +from mongoengine import (BooleanField, Document, DynamicField, ListField, + ObjectIdField, StringField) class Edge(Document): diff --git a/monkey/monkey_island/cc/models/monkey.py b/monkey/monkey_island/cc/models/monkey.py index ad10084d9..2d970c640 100644 --- a/monkey/monkey_island/cc/models/monkey.py +++ b/monkey/monkey_island/cc/models/monkey.py @@ -1,15 +1,19 @@ """ Define a Document Schema for the Monkey document. """ -from mongoengine import Document, StringField, ListField, BooleanField, EmbeddedDocumentField, ReferenceField, \ - DateTimeField, DynamicField, DoesNotExist import ring +from mongoengine import (BooleanField, DateTimeField, Document, DoesNotExist, + DynamicField, EmbeddedDocumentField, ListField, + ReferenceField, StringField) -from monkey_island.cc.models.monkey_ttl import MonkeyTtl, create_monkey_ttl_document -from monkey_island.cc.consts import DEFAULT_MONKEY_TTL_EXPIRY_DURATION_IN_SECONDS -from monkey_island.cc.models.command_control_channel import CommandControlChannel -from monkey_island.cc.network_utils import local_ip_addresses from common.cloud import environment_names +from monkey_island.cc.consts import \ + DEFAULT_MONKEY_TTL_EXPIRY_DURATION_IN_SECONDS +from monkey_island.cc.models.command_control_channel import \ + CommandControlChannel +from monkey_island.cc.models.monkey_ttl import (MonkeyTtl, + create_monkey_ttl_document) +from monkey_island.cc.network_utils import local_ip_addresses MAX_MONKEYS_AMOUNT_TO_CACHE = 100 @@ -32,7 +36,7 @@ class Monkey(Document): ip_addresses = ListField(StringField()) keepalive = DateTimeField() modifytime = DateTimeField() - # TODO make "parent" an embedded document, so this can be removed and the schema explained (and validated) verbosly. + # TODO make "parent" an embedded document, so this can be removed and the schema explained (and validated) verbosely. # This is a temporary fix, since mongoengine doesn't allow for lists of strings to be null # (even with required=False of null=True). # See relevant issue: https://github.com/MongoEngine/mongoengine/issues/1904 diff --git a/monkey/monkey_island/cc/models/monkey_ttl.py b/monkey/monkey_island/cc/models/monkey_ttl.py index b3e59d5ed..3e456f244 100644 --- a/monkey/monkey_island/cc/models/monkey_ttl.py +++ b/monkey/monkey_island/cc/models/monkey_ttl.py @@ -1,6 +1,6 @@ from datetime import datetime, timedelta -from mongoengine import Document, DateTimeField +from mongoengine import DateTimeField, Document class MonkeyTtl(Document): diff --git a/monkey/monkey_island/cc/models/pba_results.py b/monkey/monkey_island/cc/models/pba_results.py index d2cc48080..eefe51ffe 100644 --- a/monkey/monkey_island/cc/models/pba_results.py +++ b/monkey/monkey_island/cc/models/pba_results.py @@ -1,4 +1,4 @@ -from mongoengine import EmbeddedDocument, StringField, ListField +from mongoengine import EmbeddedDocument, ListField, StringField class PbaResults(EmbeddedDocument): diff --git a/monkey/monkey_island/cc/models/test_monkey.py b/monkey/monkey_island/cc/models/test_monkey.py index b25208345..18bdb1177 100644 --- a/monkey/monkey_island/cc/models/test_monkey.py +++ b/monkey/monkey_island/cc/models/test_monkey.py @@ -1,11 +1,12 @@ -import uuid import logging +import uuid from time import sleep import pytest from monkey_island.cc.models.monkey import Monkey, MonkeyNotFoundError from monkey_island.cc.testing.IslandTestCase import IslandTestCase + from .monkey_ttl import MonkeyTtl logger = logging.getLogger(__name__) diff --git a/monkey/monkey_island/cc/models/test_telem.py b/monkey/monkey_island/cc/models/test_telem.py index 97855d4ed..8dd1cb658 100644 --- a/monkey/monkey_island/cc/models/test_telem.py +++ b/monkey/monkey_island/cc/models/test_telem.py @@ -1,7 +1,7 @@ """ Define a Document Schema for the TestTelem document. """ -from mongoengine import Document, StringField, DateTimeField +from mongoengine import DateTimeField, Document, StringField class TestTelem(Document): diff --git a/monkey/monkey_island/cc/models/zero_trust/event.py b/monkey/monkey_island/cc/models/zero_trust/event.py index 5ba909f28..7ff08305b 100644 --- a/monkey/monkey_island/cc/models/zero_trust/event.py +++ b/monkey/monkey_island/cc/models/zero_trust/event.py @@ -1,6 +1,6 @@ from datetime import datetime -from mongoengine import EmbeddedDocument, DateTimeField, StringField +from mongoengine import DateTimeField, EmbeddedDocument, StringField import common.data.zero_trust_consts as zero_trust_consts diff --git a/monkey/monkey_island/cc/models/zero_trust/finding.py b/monkey/monkey_island/cc/models/zero_trust/finding.py index 2f3261ec4..d6d5c6c3f 100644 --- a/monkey/monkey_island/cc/models/zero_trust/finding.py +++ b/monkey/monkey_island/cc/models/zero_trust/finding.py @@ -4,7 +4,7 @@ Define a Document Schema for Zero Trust findings. """ from typing import List -from mongoengine import Document, StringField, EmbeddedDocumentListField +from mongoengine import Document, EmbeddedDocumentListField, StringField import common.data.zero_trust_consts as zero_trust_consts # Dummy import for mongoengine. diff --git a/monkey/monkey_island/cc/models/zero_trust/test_aggregate_finding.py b/monkey/monkey_island/cc/models/zero_trust/test_aggregate_finding.py index b817f6e92..91452dc0e 100644 --- a/monkey/monkey_island/cc/models/zero_trust/test_aggregate_finding.py +++ b/monkey/monkey_island/cc/models/zero_trust/test_aggregate_finding.py @@ -1,10 +1,11 @@ import unittest -from packaging import version import mongomock +from packaging import version import common.data.zero_trust_consts as zero_trust_consts -from monkey_island.cc.models.zero_trust.aggregate_finding import AggregateFinding +from monkey_island.cc.models.zero_trust.aggregate_finding import \ + AggregateFinding from monkey_island.cc.models.zero_trust.event import Event from monkey_island.cc.models.zero_trust.finding import Finding from monkey_island.cc.testing.IslandTestCase import IslandTestCase diff --git a/monkey/monkey_island/cc/models/zero_trust/test_finding.py b/monkey/monkey_island/cc/models/zero_trust/test_finding.py index f54884f0a..e221dacb1 100644 --- a/monkey/monkey_island/cc/models/zero_trust/test_finding.py +++ b/monkey/monkey_island/cc/models/zero_trust/test_finding.py @@ -1,8 +1,8 @@ from mongoengine import ValidationError import common.data.zero_trust_consts as zero_trust_consts -from monkey_island.cc.models.zero_trust.finding import Finding from monkey_island.cc.models.zero_trust.event import Event +from monkey_island.cc.models.zero_trust.finding import Finding from monkey_island.cc.testing.IslandTestCase import IslandTestCase diff --git a/monkey/monkey_island/cc/models/zero_trust/test_segmentation_finding.py b/monkey/monkey_island/cc/models/zero_trust/test_segmentation_finding.py index 4afff9fe4..b375d97a9 100644 --- a/monkey/monkey_island/cc/models/zero_trust/test_segmentation_finding.py +++ b/monkey/monkey_island/cc/models/zero_trust/test_segmentation_finding.py @@ -1,7 +1,8 @@ import common.data.zero_trust_consts as zero_trust_consts from monkey_island.cc.models.zero_trust.event import Event +from monkey_island.cc.models.zero_trust.segmentation_finding import \ + SegmentationFinding from monkey_island.cc.testing.IslandTestCase import IslandTestCase -from monkey_island.cc.models.zero_trust.segmentation_finding import SegmentationFinding class TestSegmentationFinding(IslandTestCase): diff --git a/monkey/monkey_island/cc/network_utils.py b/monkey/monkey_island/cc/network_utils.py index d399d4255..cd4f6c4a1 100644 --- a/monkey/monkey_island/cc/network_utils.py +++ b/monkey/monkey_island/cc/network_utils.py @@ -6,7 +6,7 @@ import struct import sys from typing import List -from netifaces import interfaces, ifaddresses, AF_INET +from netifaces import AF_INET, ifaddresses, interfaces from ring import lru __author__ = 'Barak' diff --git a/monkey/monkey_island/cc/resources/attack/attack_config.py b/monkey/monkey_island/cc/resources/attack/attack_config.py index 129297b19..e8889a487 100644 --- a/monkey/monkey_island/cc/resources/attack/attack_config.py +++ b/monkey/monkey_island/cc/resources/attack/attack_config.py @@ -1,5 +1,5 @@ import flask_restful -from flask import jsonify, request, json, current_app +from flask import current_app, json, jsonify, request from monkey_island.cc.resources.auth.auth import jwt_required from monkey_island.cc.services.attack.attack_config import AttackConfig diff --git a/monkey/monkey_island/cc/resources/attack/attack_report.py b/monkey/monkey_island/cc/resources/attack/attack_report.py index aa7a28a09..e113dfa76 100644 --- a/monkey/monkey_island/cc/resources/attack/attack_report.py +++ b/monkey/monkey_island/cc/resources/attack/attack_report.py @@ -1,8 +1,9 @@ import flask_restful +from flask import current_app, json + from monkey_island.cc.resources.auth.auth import jwt_required from monkey_island.cc.services.attack.attack_report import AttackReportService from monkey_island.cc.services.attack.attack_schema import SCHEMA -from flask import json, current_app __author__ = "VakarisZ" diff --git a/monkey/monkey_island/cc/resources/auth/auth.py b/monkey/monkey_island/cc/resources/auth/auth.py index 9d2e7e7e8..24176cdf6 100644 --- a/monkey/monkey_island/cc/resources/auth/auth.py +++ b/monkey/monkey_island/cc/resources/auth/auth.py @@ -1,7 +1,7 @@ from functools import wraps -from flask import current_app, abort -from flask_jwt import JWT, _jwt_required, JWTError +from flask import abort, current_app +from flask_jwt import JWT, JWTError, _jwt_required from werkzeug.security import safe_str_cmp import monkey_island.cc.environment.environment_singleton as env_singleton diff --git a/monkey/monkey_island/cc/resources/bootloader.py b/monkey/monkey_island/cc/resources/bootloader.py index 733b35651..e722035ae 100644 --- a/monkey/monkey_island/cc/resources/bootloader.py +++ b/monkey/monkey_island/cc/resources/bootloader.py @@ -2,7 +2,7 @@ import json from typing import Dict import flask_restful -from flask import request, make_response +from flask import make_response, request from monkey_island.cc.services.bootloader import BootloaderService diff --git a/monkey/monkey_island/cc/resources/client_run.py b/monkey/monkey_island/cc/resources/client_run.py index 4b2c03105..2396ba9b0 100644 --- a/monkey/monkey_island/cc/resources/client_run.py +++ b/monkey/monkey_island/cc/resources/client_run.py @@ -1,6 +1,7 @@ import logging -from flask import request, jsonify + import flask_restful +from flask import jsonify, request from monkey_island.cc.services.node import NodeService diff --git a/monkey/monkey_island/cc/resources/environment.py b/monkey/monkey_island/cc/resources/environment.py index f03b40b2c..9f9a89105 100644 --- a/monkey/monkey_island/cc/resources/environment.py +++ b/monkey/monkey_island/cc/resources/environment.py @@ -1,8 +1,8 @@ import json import logging -from flask import request import flask_restful +from flask import request import monkey_island.cc.environment.environment_singleton as env_singleton diff --git a/monkey/monkey_island/cc/resources/island_configuration.py b/monkey/monkey_island/cc/resources/island_configuration.py index 81f922263..deda3e251 100644 --- a/monkey/monkey_island/cc/resources/island_configuration.py +++ b/monkey/monkey_island/cc/resources/island_configuration.py @@ -1,7 +1,7 @@ import json import flask_restful -from flask import request, jsonify, abort +from flask import abort, jsonify, request from monkey_island.cc.resources.auth.auth import jwt_required from monkey_island.cc.services.config import ConfigService diff --git a/monkey/monkey_island/cc/resources/local_run.py b/monkey/monkey_island/cc/resources/local_run.py index d4e83cc25..d743fc835 100644 --- a/monkey/monkey_island/cc/resources/local_run.py +++ b/monkey/monkey_island/cc/resources/local_run.py @@ -1,29 +1,29 @@ import json +import logging import os +import sys from shutil import copyfile -import sys -from flask import request, jsonify, make_response import flask_restful +from flask import jsonify, make_response, request import monkey_island.cc.environment.environment_singleton as env_singleton +from monkey_island.cc.consts import MONKEY_ISLAND_ABS_PATH from monkey_island.cc.models import Monkey +from monkey_island.cc.network_utils import local_ip_addresses from monkey_island.cc.resources.monkey_download import get_monkey_executable from monkey_island.cc.services.node import NodeService -from monkey_island.cc.network_utils import local_ip_addresses -from monkey_island.cc.consts import MONKEY_ISLAND_ABS_PATH __author__ = 'Barak' -import logging logger = logging.getLogger(__name__) def run_local_monkey(): import platform - import subprocess import stat + import subprocess # get the monkey executable suitable to run on the server result = get_monkey_executable(platform.system().lower(), platform.machine().lower()) diff --git a/monkey/monkey_island/cc/resources/log.py b/monkey/monkey_island/cc/resources/log.py index b7b405ddf..67f4e5e47 100644 --- a/monkey/monkey_island/cc/resources/log.py +++ b/monkey/monkey_island/cc/resources/log.py @@ -4,8 +4,8 @@ import flask_restful from bson import ObjectId from flask import request -from monkey_island.cc.resources.auth.auth import jwt_required from monkey_island.cc.database import mongo +from monkey_island.cc.resources.auth.auth import jwt_required from monkey_island.cc.resources.test.utils.telem_store import TestTelemStore from monkey_island.cc.services.log import LogService from monkey_island.cc.services.node import NodeService diff --git a/monkey/monkey_island/cc/resources/monkey.py b/monkey/monkey_island/cc/resources/monkey.py index a39aaf199..0962e6dd5 100644 --- a/monkey/monkey_island/cc/resources/monkey.py +++ b/monkey/monkey_island/cc/resources/monkey.py @@ -3,13 +3,13 @@ from datetime import datetime import dateutil.parser import flask_restful - -from monkey_island.cc.resources.test.utils.telem_store import TestTelemStore from flask import request -from monkey_island.cc.consts import DEFAULT_MONKEY_TTL_EXPIRY_DURATION_IN_SECONDS +from monkey_island.cc.consts import \ + DEFAULT_MONKEY_TTL_EXPIRY_DURATION_IN_SECONDS from monkey_island.cc.database import mongo from monkey_island.cc.models.monkey_ttl import create_monkey_ttl_document +from monkey_island.cc.resources.test.utils.telem_store import TestTelemStore from monkey_island.cc.services.config import ConfigService from monkey_island.cc.services.edge.edge import EdgeService from monkey_island.cc.services.node import NodeService diff --git a/monkey/monkey_island/cc/resources/monkey_configuration.py b/monkey/monkey_island/cc/resources/monkey_configuration.py index 3877ec9ee..d692b8690 100644 --- a/monkey/monkey_island/cc/resources/monkey_configuration.py +++ b/monkey/monkey_island/cc/resources/monkey_configuration.py @@ -1,7 +1,7 @@ import json import flask_restful -from flask import request, jsonify, abort +from flask import abort, jsonify, request from monkey_island.cc.resources.auth.auth import jwt_required from monkey_island.cc.services.config import ConfigService diff --git a/monkey/monkey_island/cc/resources/monkey_control/started_on_island.py b/monkey/monkey_island/cc/resources/monkey_control/started_on_island.py index 542860f48..552dce51e 100644 --- a/monkey/monkey_island/cc/resources/monkey_control/started_on_island.py +++ b/monkey/monkey_island/cc/resources/monkey_control/started_on_island.py @@ -1,7 +1,7 @@ import json import flask_restful -from flask import request, make_response +from flask import make_response, request from monkey_island.cc.services.config import ConfigService diff --git a/monkey/monkey_island/cc/resources/node.py b/monkey/monkey_island/cc/resources/node.py index a38af4b48..6816e7142 100644 --- a/monkey/monkey_island/cc/resources/node.py +++ b/monkey/monkey_island/cc/resources/node.py @@ -1,5 +1,5 @@ -from flask import request import flask_restful +from flask import request from monkey_island.cc.resources.auth.auth import jwt_required from monkey_island.cc.services.node import NodeService diff --git a/monkey/monkey_island/cc/resources/node_states.py b/monkey/monkey_island/cc/resources/node_states.py index 3a4e674cc..a75eb3ec7 100644 --- a/monkey/monkey_island/cc/resources/node_states.py +++ b/monkey/monkey_island/cc/resources/node_states.py @@ -1,7 +1,8 @@ import flask_restful from monkey_island.cc.resources.auth.auth import jwt_required -from monkey_island.cc.services.utils.node_states import NodeStates as NodeStateList +from monkey_island.cc.services.utils.node_states import \ + NodeStates as NodeStateList class NodeStates(flask_restful.Resource): diff --git a/monkey/monkey_island/cc/resources/pba_file_download.py b/monkey/monkey_island/cc/resources/pba_file_download.py index de85fc291..8a951bfbc 100644 --- a/monkey/monkey_island/cc/resources/pba_file_download.py +++ b/monkey/monkey_island/cc/resources/pba_file_download.py @@ -1,5 +1,6 @@ import flask_restful from flask import send_from_directory + from monkey_island.cc.resources.pba_file_upload import GET_FILE_DIR __author__ = 'VakarisZ' diff --git a/monkey/monkey_island/cc/resources/pba_file_upload.py b/monkey/monkey_island/cc/resources/pba_file_upload.py index 2d1954c31..363a20ff3 100644 --- a/monkey/monkey_island/cc/resources/pba_file_upload.py +++ b/monkey/monkey_island/cc/resources/pba_file_upload.py @@ -1,12 +1,15 @@ -import flask_restful -from flask import request, send_from_directory, Response -from monkey_island.cc.services.config import ConfigService -from monkey_island.cc.services.post_breach_files import PBA_WINDOWS_FILENAME_PATH, PBA_LINUX_FILENAME_PATH, UPLOADS_DIR -from monkey_island.cc.resources.auth.auth import jwt_required -import os -from werkzeug.utils import secure_filename -import logging import copy +import logging +import os + +import flask_restful +from flask import Response, request, send_from_directory +from werkzeug.utils import secure_filename + +from monkey_island.cc.resources.auth.auth import jwt_required +from monkey_island.cc.services.config import ConfigService +from monkey_island.cc.services.post_breach_files import ( + PBA_LINUX_FILENAME_PATH, PBA_WINDOWS_FILENAME_PATH, UPLOADS_DIR) __author__ = 'VakarisZ' diff --git a/monkey/monkey_island/cc/resources/registration.py b/monkey/monkey_island/cc/resources/registration.py index 712286959..4e80d5bf9 100644 --- a/monkey/monkey_island/cc/resources/registration.py +++ b/monkey/monkey_island/cc/resources/registration.py @@ -1,8 +1,9 @@ import flask_restful -from flask import request, make_response +from flask import make_response, request -from common.utils.exceptions import InvalidRegistrationCredentialsError, RegistrationNotNeededError import monkey_island.cc.environment.environment_singleton as env_singleton +from common.utils.exceptions import (InvalidRegistrationCredentialsError, + RegistrationNotNeededError) from monkey_island.cc.environment.user_creds import UserCreds diff --git a/monkey/monkey_island/cc/resources/remote_run.py b/monkey/monkey_island/cc/resources/remote_run.py index 1d9cdf4d6..fce91098a 100644 --- a/monkey/monkey_island/cc/resources/remote_run.py +++ b/monkey/monkey_island/cc/resources/remote_run.py @@ -1,12 +1,12 @@ import json -from botocore.exceptions import NoCredentialsError, ClientError -from flask import request, jsonify, make_response import flask_restful +from botocore.exceptions import ClientError, NoCredentialsError +from flask import jsonify, make_response, request +from common.cloud.aws.aws_service import AwsService from monkey_island.cc.resources.auth.auth import jwt_required from monkey_island.cc.services.remote_run_aws import RemoteRunAwsService -from common.cloud.aws.aws_service import AwsService CLIENT_ERROR_FORMAT = "ClientError, error message: '{}'. Probably, the IAM role that has been associated with the " \ "instance doesn't permit SSM calls. " diff --git a/monkey/monkey_island/cc/resources/reporting/report.py b/monkey/monkey_island/cc/resources/reporting/report.py index 6197b1e0c..ca1ce395f 100644 --- a/monkey/monkey_island/cc/resources/reporting/report.py +++ b/monkey/monkey_island/cc/resources/reporting/report.py @@ -5,7 +5,8 @@ from flask import jsonify from monkey_island.cc.resources.auth.auth import jwt_required from monkey_island.cc.services.reporting.report import ReportService -from monkey_island.cc.services.reporting.zero_trust_service import ZeroTrustService +from monkey_island.cc.services.reporting.zero_trust_service import \ + ZeroTrustService ZERO_TRUST_REPORT_TYPE = "zero_trust" SECURITY_REPORT_TYPE = "security" diff --git a/monkey/monkey_island/cc/resources/root.py b/monkey/monkey_island/cc/resources/root.py index 4e5e17b09..d3a374454 100644 --- a/monkey/monkey_island/cc/resources/root.py +++ b/monkey/monkey_island/cc/resources/root.py @@ -2,13 +2,13 @@ import logging import threading import flask_restful -from flask import request, make_response, jsonify +from flask import jsonify, make_response, request -from monkey_island.cc.resources.auth.auth import jwt_required from monkey_island.cc.database import mongo +from monkey_island.cc.network_utils import local_ip_addresses +from monkey_island.cc.resources.auth.auth import jwt_required from monkey_island.cc.services.database import Database from monkey_island.cc.services.infection_lifecycle import InfectionLifecycle -from monkey_island.cc.network_utils import local_ip_addresses __author__ = 'Barak' diff --git a/monkey/monkey_island/cc/resources/telemetry.py b/monkey/monkey_island/cc/resources/telemetry.py index a8d7c2fbd..f6c58af40 100644 --- a/monkey/monkey_island/cc/resources/telemetry.py +++ b/monkey/monkey_island/cc/resources/telemetry.py @@ -6,12 +6,13 @@ import dateutil import flask_restful from flask import request -from monkey_island.cc.resources.auth.auth import jwt_required from monkey_island.cc.database import mongo +from monkey_island.cc.models.monkey import Monkey +from monkey_island.cc.resources.auth.auth import jwt_required from monkey_island.cc.resources.test.utils.telem_store import TestTelemStore from monkey_island.cc.services.node import NodeService -from monkey_island.cc.services.telemetry.processing.processing import process_telemetry -from monkey_island.cc.models.monkey import Monkey +from monkey_island.cc.services.telemetry.processing.processing import \ + process_telemetry __author__ = 'Barak' diff --git a/monkey/monkey_island/cc/resources/telemetry_feed.py b/monkey/monkey_island/cc/resources/telemetry_feed.py index cb35fcf82..3814c841a 100644 --- a/monkey/monkey_island/cc/resources/telemetry_feed.py +++ b/monkey/monkey_island/cc/resources/telemetry_feed.py @@ -2,12 +2,12 @@ import logging from datetime import datetime import dateutil +import flask_pymongo import flask_restful from flask import request -import flask_pymongo -from monkey_island.cc.resources.auth.auth import jwt_required from monkey_island.cc.database import mongo +from monkey_island.cc.resources.auth.auth import jwt_required from monkey_island.cc.services.node import NodeService logger = logging.getLogger(__name__) diff --git a/monkey/monkey_island/cc/resources/test/log_test.py b/monkey/monkey_island/cc/resources/test/log_test.py index 60222deac..79f82f5c9 100644 --- a/monkey/monkey_island/cc/resources/test/log_test.py +++ b/monkey/monkey_island/cc/resources/test/log_test.py @@ -1,9 +1,9 @@ -from bson import json_util import flask_restful +from bson import json_util from flask import request +from monkey_island.cc.database import database, mongo from monkey_island.cc.resources.auth.auth import jwt_required -from monkey_island.cc.database import mongo, database class LogTest(flask_restful.Resource): diff --git a/monkey/monkey_island/cc/resources/test/monkey_test.py b/monkey/monkey_island/cc/resources/test/monkey_test.py index 900fde6ae..b97589d24 100644 --- a/monkey/monkey_island/cc/resources/test/monkey_test.py +++ b/monkey/monkey_island/cc/resources/test/monkey_test.py @@ -1,9 +1,9 @@ -from bson import json_util import flask_restful +from bson import json_util from flask import request -from monkey_island.cc.resources.auth.auth import jwt_required from monkey_island.cc.database import mongo +from monkey_island.cc.resources.auth.auth import jwt_required class MonkeyTest(flask_restful.Resource): diff --git a/monkey/monkey_island/cc/resources/test/utils/telem_store.py b/monkey/monkey_island/cc/resources/test/utils/telem_store.py index ed15ae22e..707140c9e 100644 --- a/monkey/monkey_island/cc/resources/test/utils/telem_store.py +++ b/monkey/monkey_island/cc/resources/test/utils/telem_store.py @@ -1,8 +1,8 @@ import logging -from functools import wraps -from os import mkdir, path import shutil from datetime import datetime +from functools import wraps +from os import mkdir, path from flask import request diff --git a/monkey/monkey_island/cc/resources/version_update.py b/monkey/monkey_island/cc/resources/version_update.py index a88f8830c..4c2eca1e3 100644 --- a/monkey/monkey_island/cc/resources/version_update.py +++ b/monkey/monkey_island/cc/resources/version_update.py @@ -1,6 +1,7 @@ -import flask_restful import logging +import flask_restful + from common.version import get_version from monkey_island.cc.services.version_update import VersionUpdateService diff --git a/monkey/monkey_island/cc/resources/zero_trust/finding_event.py b/monkey/monkey_island/cc/resources/zero_trust/finding_event.py index 44f686235..0725723d5 100644 --- a/monkey/monkey_island/cc/resources/zero_trust/finding_event.py +++ b/monkey/monkey_island/cc/resources/zero_trust/finding_event.py @@ -1,8 +1,10 @@ -import flask_restful import json +import flask_restful + from monkey_island.cc.resources.auth.auth import jwt_required -from monkey_island.cc.services.reporting.zero_trust_service import ZeroTrustService +from monkey_island.cc.services.reporting.zero_trust_service import \ + ZeroTrustService class ZeroTrustFindingEvent(flask_restful.Resource): diff --git a/monkey/monkey_island/cc/services/attack/attack_config.py b/monkey/monkey_island/cc/services/attack/attack_config.py index fe1b3263d..2b9128edc 100644 --- a/monkey/monkey_island/cc/services/attack/attack_config.py +++ b/monkey/monkey_island/cc/services/attack/attack_config.py @@ -1,5 +1,7 @@ import logging + from dpath import util + from monkey_island.cc.database import mongo from monkey_island.cc.services.attack.attack_schema import SCHEMA from monkey_island.cc.services.config import ConfigService diff --git a/monkey/monkey_island/cc/services/attack/attack_report.py b/monkey/monkey_island/cc/services/attack/attack_report.py index c96db0651..6d4bac9ed 100644 --- a/monkey/monkey_island/cc/services/attack/attack_report.py +++ b/monkey/monkey_island/cc/services/attack/attack_report.py @@ -1,13 +1,26 @@ import logging -from monkey_island.cc.models import Monkey -from monkey_island.cc.services.attack.technique_reports import T1210, T1197, T1110, T1075, T1003, T1059, T1086, T1082 -from monkey_island.cc.services.attack.technique_reports import T1145, T1105, T1065, T1035, T1129, T1106, T1107, T1188 -from monkey_island.cc.services.attack.technique_reports import T1090, T1041, T1222, T1005, T1018, T1016, T1021, T1064 -from monkey_island.cc.services.attack.technique_reports import T1136, T1156, T1504, T1158, T1154, T1166 -from monkey_island.cc.services.attack.attack_config import AttackConfig from monkey_island.cc.database import mongo -from monkey_island.cc.services.reporting.report_generation_synchronisation import safe_generate_attack_report +from monkey_island.cc.models import Monkey +from monkey_island.cc.services.attack.attack_config import AttackConfig +from monkey_island.cc.services.attack.technique_reports import (T1003, T1005, + T1016, T1018, + T1021, T1035, + T1041, T1053, + T1059, T1064, + T1065, T1075, + T1082, T1086, + T1090, T1105, + T1106, T1107, + T1110, T1129, + T1136, T1145, + T1154, T1156, + T1158, T1166, + T1168, T1188, + T1197, T1210, + T1222, T1504) +from monkey_island.cc.services.reporting.report_generation_synchronisation import \ + safe_generate_attack_report __author__ = "VakarisZ" @@ -42,7 +55,9 @@ TECHNIQUES = {'T1210': T1210.T1210, 'T1504': T1504.T1504, 'T1158': T1158.T1158, 'T1154': T1154.T1154, - 'T1166': T1166.T1166 + 'T1166': T1166.T1166, + 'T1168': T1168.T1168, + 'T1053': T1053.T1053 } REPORT_NAME = 'new_report' diff --git a/monkey/monkey_island/cc/services/attack/attack_schema.py b/monkey/monkey_island/cc/services/attack/attack_schema.py index abb26b71a..4c9889df3 100644 --- a/monkey/monkey_island/cc/services/attack/attack_schema.py +++ b/monkey/monkey_island/cc/services/attack/attack_schema.py @@ -109,6 +109,16 @@ SCHEMA = { "and evade a typical user or system analysis that does not " "incorporate investigation of hidden files." }, + "T1168": { + "title": "Local job scheduling", + "type": "bool", + "value": True, + "necessary": False, + "link": "https://attack.mitre.org/techniques/T1168/", + "description": "Linux supports multiple methods for creating pre-scheduled and " + "periodic background jobs. Job scheduling can be used by adversaries to " + "schedule running malicious code at some specified date and time." + }, "T1504": { "title": "PowerShell profile", "type": "bool", @@ -119,6 +129,16 @@ SCHEMA = { "in certain situations by abusing PowerShell profiles which " "are scripts that run when PowerShell starts." }, + "T1053": { + "title": "Scheduled task", + "type": "bool", + "value": True, + "necessary": False, + "link": "https://attack.mitre.org/techniques/T1053", + "description": "Windows utilities can be used to schedule programs or scripts to " + "be executed at a date and time. An adversary may use task scheduling to " + "execute programs at system startup or on a scheduled basis for persistence." + }, "T1166": { "title": "Setuid and Setgid", "type": "bool", diff --git a/monkey/monkey_island/cc/services/attack/mitre_api_interface.py b/monkey/monkey_island/cc/services/attack/mitre_api_interface.py index 6390c600b..25970ad66 100644 --- a/monkey/monkey_island/cc/services/attack/mitre_api_interface.py +++ b/monkey/monkey_island/cc/services/attack/mitre_api_interface.py @@ -1,6 +1,6 @@ -from typing import List, Dict +from typing import Dict, List -from stix2 import FileSystemSource, Filter, CourseOfAction, AttackPattern +from stix2 import AttackPattern, CourseOfAction, FileSystemSource, Filter class MitreApiInterface: diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1003.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1003.py index cbd3bf8bf..f5844e2c0 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1003.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1003.py @@ -1,7 +1,7 @@ -from monkey_island.cc.services.attack.technique_reports import AttackTechnique -from monkey_island.cc.services.reporting.report import ReportService from common.utils.attack_utils import ScanStatus from monkey_island.cc.database import mongo +from monkey_island.cc.services.attack.technique_reports import AttackTechnique +from monkey_island.cc.services.reporting.report import ReportService __author__ = "VakarisZ" diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1005.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1005.py index 2a39fad02..78571562a 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1005.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1005.py @@ -1,5 +1,5 @@ -from monkey_island.cc.services.attack.technique_reports import AttackTechnique from monkey_island.cc.database import mongo +from monkey_island.cc.services.attack.technique_reports import AttackTechnique __author__ = "VakarisZ" diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1016.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1016.py index 885b738cb..cfda065f1 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1016.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1016.py @@ -1,6 +1,6 @@ from common.utils.attack_utils import ScanStatus -from monkey_island.cc.services.attack.technique_reports import AttackTechnique from monkey_island.cc.database import mongo +from monkey_island.cc.services.attack.technique_reports import AttackTechnique __author__ = "VakarisZ" diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1018.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1018.py index 3498029c9..65972265d 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1018.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1018.py @@ -1,6 +1,6 @@ from common.utils.attack_utils import ScanStatus -from monkey_island.cc.services.attack.technique_reports import AttackTechnique from monkey_island.cc.database import mongo +from monkey_island.cc.services.attack.technique_reports import AttackTechnique __author__ = "VakarisZ" diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1021.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1021.py index 3fc29259b..f197724dd 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1021.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1021.py @@ -1,7 +1,8 @@ +from common.utils.attack_utils import ScanStatus from monkey_island.cc.database import mongo from monkey_island.cc.services.attack.technique_reports import AttackTechnique -from common.utils.attack_utils import ScanStatus -from monkey_island.cc.services.attack.technique_reports.technique_report_tools import parse_creds +from monkey_island.cc.services.attack.technique_reports.technique_report_tools import \ + parse_creds __author__ = "VakarisZ" diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1035.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1035.py index 2750c953c..df4ae4ca5 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1035.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1035.py @@ -1,4 +1,5 @@ -from monkey_island.cc.services.attack.technique_reports.usage_technique import UsageTechnique +from monkey_island.cc.services.attack.technique_reports.usage_technique import \ + UsageTechnique __author__ = "VakarisZ" diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1041.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1041.py index ae3342355..737004111 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1041.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1041.py @@ -1,6 +1,6 @@ -from monkey_island.cc.services.attack.technique_reports import AttackTechnique -from monkey_island.cc.models.monkey import Monkey from common.utils.attack_utils import ScanStatus +from monkey_island.cc.models.monkey import Monkey +from monkey_island.cc.services.attack.technique_reports import AttackTechnique __author__ = "VakarisZ" diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1053.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1053.py new file mode 100644 index 000000000..7af3978d5 --- /dev/null +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1053.py @@ -0,0 +1,34 @@ +from common.data.post_breach_consts import POST_BREACH_JOB_SCHEDULING +from common.utils.attack_utils import ScanStatus +from monkey_island.cc.database import mongo +from monkey_island.cc.services.attack.technique_reports import AttackTechnique + +__author__ = "shreyamalviya" + + +class T1053(AttackTechnique): + tech_id = "T1053" + unscanned_msg = "Monkey did not try scheduling a job on Windows." + scanned_msg = "Monkey tried scheduling a job on the Windows system but failed." + used_msg = "Monkey scheduled a job on the Windows system." + + query = [{'$match': {'telem_category': 'post_breach', + 'data.name': POST_BREACH_JOB_SCHEDULING, + 'data.command': {'$regex': 'schtasks'}}}, + {'$project': {'_id': 0, + 'machine': {'hostname': '$data.hostname', + 'ips': ['$data.ip']}, + 'result': '$data.result'}}] + + @staticmethod + def get_report_data(): + data = {'title': T1053.technique_title()} + + job_scheduling_info = list(mongo.db.telemetry.aggregate(T1053.query)) + + status = (ScanStatus.USED.value if job_scheduling_info[0]['result'][1] + else ScanStatus.SCANNED.value) if job_scheduling_info else ScanStatus.UNSCANNED.value + + data.update(T1053.get_base_data_by_status(status)) + data.update({'info': job_scheduling_info}) + return data diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1059.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1059.py index c0e4dc3f6..987c24d09 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1059.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1059.py @@ -1,6 +1,6 @@ -from monkey_island.cc.services.attack.technique_reports import AttackTechnique from common.utils.attack_utils import ScanStatus from monkey_island.cc.database import mongo +from monkey_island.cc.services.attack.technique_reports import AttackTechnique __author__ = "VakarisZ" diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1064.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1064.py index 0b1b05489..9bd492829 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1064.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1064.py @@ -1,5 +1,6 @@ -from monkey_island.cc.services.attack.technique_reports.usage_technique import UsageTechnique from monkey_island.cc.database import mongo +from monkey_island.cc.services.attack.technique_reports.usage_technique import \ + UsageTechnique __author__ = "VakarisZ" diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1065.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1065.py index f8eb9aa3e..8df625284 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1065.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1065.py @@ -1,5 +1,5 @@ -from monkey_island.cc.services.attack.technique_reports import AttackTechnique from common.utils.attack_utils import ScanStatus +from monkey_island.cc.services.attack.technique_reports import AttackTechnique from monkey_island.cc.services.config import ConfigService __author__ = "VakarisZ" diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1075.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1075.py index 370db3ca2..29bbc366c 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1075.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1075.py @@ -1,6 +1,6 @@ -from monkey_island.cc.services.attack.technique_reports import AttackTechnique from common.utils.attack_utils import ScanStatus from monkey_island.cc.database import mongo +from monkey_island.cc.services.attack.technique_reports import AttackTechnique __author__ = "VakarisZ" diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1082.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1082.py index c80a3d476..7e8801000 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1082.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1082.py @@ -1,6 +1,6 @@ -from monkey_island.cc.services.attack.technique_reports import AttackTechnique from common.utils.attack_utils import ScanStatus from monkey_island.cc.database import mongo +from monkey_island.cc.services.attack.technique_reports import AttackTechnique __author__ = "VakarisZ" diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1086.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1086.py index 897ccdaaf..ad5ddc974 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1086.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1086.py @@ -1,6 +1,6 @@ -from monkey_island.cc.services.attack.technique_reports import AttackTechnique from common.utils.attack_utils import ScanStatus from monkey_island.cc.database import mongo +from monkey_island.cc.services.attack.technique_reports import AttackTechnique __author__ = "VakarisZ" diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1090.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1090.py index f5702ede8..f0980637f 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1090.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1090.py @@ -1,6 +1,6 @@ -from monkey_island.cc.services.attack.technique_reports import AttackTechnique from common.utils.attack_utils import ScanStatus from monkey_island.cc.models import Monkey +from monkey_island.cc.services.attack.technique_reports import AttackTechnique __author__ = "VakarisZ" diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1105.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1105.py index 6ae8037bc..832976617 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1105.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1105.py @@ -1,5 +1,5 @@ -from monkey_island.cc.services.attack.technique_reports import AttackTechnique from monkey_island.cc.database import mongo +from monkey_island.cc.services.attack.technique_reports import AttackTechnique __author__ = "VakarisZ" diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1106.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1106.py index d07a66038..d98449464 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1106.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1106.py @@ -1,4 +1,5 @@ -from monkey_island.cc.services.attack.technique_reports.usage_technique import UsageTechnique +from monkey_island.cc.services.attack.technique_reports.usage_technique import \ + UsageTechnique __author__ = "VakarisZ" diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1110.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1110.py index a28dc5aeb..63ba68d6f 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1110.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1110.py @@ -1,7 +1,8 @@ +from common.utils.attack_utils import ScanStatus from monkey_island.cc.database import mongo from monkey_island.cc.services.attack.technique_reports import AttackTechnique -from common.utils.attack_utils import ScanStatus -from monkey_island.cc.services.attack.technique_reports.technique_report_tools import parse_creds +from monkey_island.cc.services.attack.technique_reports.technique_report_tools import \ + parse_creds __author__ = "VakarisZ" diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1129.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1129.py index 5f87faabb..fac76fb47 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1129.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1129.py @@ -1,4 +1,5 @@ -from monkey_island.cc.services.attack.technique_reports.usage_technique import UsageTechnique +from monkey_island.cc.services.attack.technique_reports.usage_technique import \ + UsageTechnique __author__ = "VakarisZ" diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1136.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1136.py index 0e4e2fffb..cb68d3a4f 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1136.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1136.py @@ -1,7 +1,8 @@ -from monkey_island.cc.services.attack.technique_reports import AttackTechnique -from monkey_island.cc.database import mongo +from common.data.post_breach_consts import ( + POST_BREACH_BACKDOOR_USER, POST_BREACH_COMMUNICATE_AS_NEW_USER) from common.utils.attack_utils import ScanStatus -from common.data.post_breach_consts import POST_BREACH_BACKDOOR_USER, POST_BREACH_COMMUNICATE_AS_NEW_USER +from monkey_island.cc.database import mongo +from monkey_island.cc.services.attack.technique_reports import AttackTechnique __author__ = "shreyamalviya" diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1145.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1145.py index c4e5691ff..736192b1f 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1145.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1145.py @@ -1,6 +1,6 @@ +from common.utils.attack_utils import ScanStatus from monkey_island.cc.database import mongo from monkey_island.cc.services.attack.technique_reports import AttackTechnique -from common.utils.attack_utils import ScanStatus __author__ = "VakarisZ" diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1154.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1154.py index 9d95bb087..c7bace482 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1154.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1154.py @@ -1,8 +1,7 @@ -from monkey_island.cc.services.attack.technique_reports import AttackTechnique -from monkey_island.cc.database import mongo -from common.utils.attack_utils import ScanStatus from common.data.post_breach_consts import POST_BREACH_TRAP_COMMAND - +from common.utils.attack_utils import ScanStatus +from monkey_island.cc.database import mongo +from monkey_island.cc.services.attack.technique_reports import AttackTechnique __author__ = "shreyamalviya" diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1156.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1156.py index a1719c909..4c8f0d11f 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1156.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1156.py @@ -1,8 +1,8 @@ -from monkey_island.cc.services.attack.technique_reports import AttackTechnique -from monkey_island.cc.database import mongo +from common.data.post_breach_consts import \ + POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION from common.utils.attack_utils import ScanStatus -from common.data.post_breach_consts import POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION - +from monkey_island.cc.database import mongo +from monkey_island.cc.services.attack.technique_reports import AttackTechnique __author__ = "shreyamalviya" diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1158.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1158.py index a90ee6e1f..2db37bbbe 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1158.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1158.py @@ -1,8 +1,7 @@ -from monkey_island.cc.services.attack.technique_reports import AttackTechnique -from monkey_island.cc.database import mongo -from common.utils.attack_utils import ScanStatus from common.data.post_breach_consts import POST_BREACH_HIDDEN_FILES - +from common.utils.attack_utils import ScanStatus +from monkey_island.cc.database import mongo +from monkey_island.cc.services.attack.technique_reports import AttackTechnique __author__ = "shreyamalviya" diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1166.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1166.py index f4a2bafa2..3c5b9b0bf 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1166.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1166.py @@ -1,8 +1,7 @@ -from monkey_island.cc.services.attack.technique_reports import AttackTechnique -from monkey_island.cc.database import mongo -from common.utils.attack_utils import ScanStatus from common.data.post_breach_consts import POST_BREACH_SETUID_SETGID - +from common.utils.attack_utils import ScanStatus +from monkey_island.cc.database import mongo +from monkey_island.cc.services.attack.technique_reports import AttackTechnique __author__ = "shreyamalviya" diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1168.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1168.py new file mode 100644 index 000000000..48298a7fe --- /dev/null +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1168.py @@ -0,0 +1,34 @@ +from common.data.post_breach_consts import POST_BREACH_JOB_SCHEDULING +from common.utils.attack_utils import ScanStatus +from monkey_island.cc.database import mongo +from monkey_island.cc.services.attack.technique_reports import AttackTechnique + +__author__ = "shreyamalviya" + + +class T1168(AttackTechnique): + tech_id = "T1168" + unscanned_msg = "Monkey did not try scheduling a job on Linux." + scanned_msg = "Monkey tried scheduling a job on the Linux system but failed." + used_msg = "Monkey scheduled a job on the Linux system." + + query = [{'$match': {'telem_category': 'post_breach', + 'data.name': POST_BREACH_JOB_SCHEDULING, + 'data.command': {'$regex': 'crontab'}}}, + {'$project': {'_id': 0, + 'machine': {'hostname': '$data.hostname', + 'ips': ['$data.ip']}, + 'result': '$data.result'}}] + + @staticmethod + def get_report_data(): + data = {'title': T1168.technique_title()} + + job_scheduling_info = list(mongo.db.telemetry.aggregate(T1168.query)) + + status = (ScanStatus.USED.value if job_scheduling_info[0]['result'][1] + else ScanStatus.SCANNED.value) if job_scheduling_info else ScanStatus.UNSCANNED.value + + data.update(T1168.get_base_data_by_status(status)) + data.update({'info': job_scheduling_info}) + return data diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1188.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1188.py index 3959302fa..09e0edcdf 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1188.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1188.py @@ -1,6 +1,6 @@ -from monkey_island.cc.services.attack.technique_reports import AttackTechnique -from monkey_island.cc.models.monkey import Monkey from common.utils.attack_utils import ScanStatus +from monkey_island.cc.models.monkey import Monkey +from monkey_island.cc.services.attack.technique_reports import AttackTechnique __author__ = "VakarisZ" diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1210.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1210.py index babe5c788..8fe86ed61 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1210.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1210.py @@ -1,6 +1,6 @@ from common.utils.attack_utils import ScanStatus -from monkey_island.cc.services.attack.technique_reports import AttackTechnique from monkey_island.cc.database import mongo +from monkey_island.cc.services.attack.technique_reports import AttackTechnique __author__ = "VakarisZ" diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1504.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1504.py index 396067f17..a9aeb38b7 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1504.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1504.py @@ -1,8 +1,8 @@ -from monkey_island.cc.services.attack.technique_reports import AttackTechnique -from monkey_island.cc.database import mongo +from common.data.post_breach_consts import \ + POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION from common.utils.attack_utils import ScanStatus -from common.data.post_breach_consts import POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION - +from monkey_island.cc.database import mongo +from monkey_island.cc.services.attack.technique_reports import AttackTechnique __author__ = "shreyamalviya" diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/__init__.py b/monkey/monkey_island/cc/services/attack/technique_reports/__init__.py index 18818d571..9b39f30ef 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/__init__.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/__init__.py @@ -1,11 +1,11 @@ import abc import logging -from monkey_island.cc.database import mongo from common.utils.attack_utils import ScanStatus -from monkey_island.cc.services.attack.attack_config import AttackConfig from common.utils.code_utils import abstractstatic +from monkey_island.cc.database import mongo from monkey_island.cc.models.attack.attack_mitigations import AttackMitigations +from monkey_island.cc.services.attack.attack_config import AttackConfig logger = logging.getLogger(__name__) diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/usage_technique.py b/monkey/monkey_island/cc/services/attack/technique_reports/usage_technique.py index 76e005689..cd061a050 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/usage_technique.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/usage_technique.py @@ -1,8 +1,9 @@ import abc -from monkey_island.cc.database import mongo -from monkey_island.cc.services.attack.technique_reports import AttackTechnique, logger from common.utils.attack_utils import UsageEnum +from monkey_island.cc.database import mongo +from monkey_island.cc.services.attack.technique_reports import ( + AttackTechnique, logger) class UsageTechnique(AttackTechnique, metaclass=abc.ABCMeta): diff --git a/monkey/monkey_island/cc/services/attack/test_mitre_api_interface.py b/monkey/monkey_island/cc/services/attack/test_mitre_api_interface.py index 4866a6729..297c68cce 100644 --- a/monkey/monkey_island/cc/services/attack/test_mitre_api_interface.py +++ b/monkey/monkey_island/cc/services/attack/test_mitre_api_interface.py @@ -1,6 +1,7 @@ from unittest import TestCase -from monkey_island.cc.services.attack.mitre_api_interface import MitreApiInterface +from monkey_island.cc.services.attack.mitre_api_interface import \ + MitreApiInterface class TestMitreApiInterface(TestCase): diff --git a/monkey/monkey_island/cc/services/bootloader.py b/monkey/monkey_island/cc/services/bootloader.py index 9f05ac45f..8790f7c1e 100644 --- a/monkey/monkey_island/cc/services/bootloader.py +++ b/monkey/monkey_island/cc/services/bootloader.py @@ -3,9 +3,10 @@ from typing import Dict, List from bson import ObjectId from monkey_island.cc.database import mongo -from monkey_island.cc.services.node import NodeService, NodeCreationException +from monkey_island.cc.services.node import NodeCreationException, NodeService +from monkey_island.cc.services.utils.bootloader_config import ( + MIN_GLIBC_VERSION, SUPPORTED_WINDOWS_VERSIONS) from monkey_island.cc.services.utils.node_states import NodeStates -from monkey_island.cc.services.utils.bootloader_config import SUPPORTED_WINDOWS_VERSIONS, MIN_GLIBC_VERSION class BootloaderService: diff --git a/monkey/monkey_island/cc/services/config.py b/monkey/monkey_island/cc/services/config.py index b35793113..e8453a052 100644 --- a/monkey/monkey_island/cc/services/config.py +++ b/monkey/monkey_island/cc/services/config.py @@ -1,15 +1,17 @@ -import copy import collections +import copy import functools import logging -from jsonschema import Draft4Validator, validators -import monkey_island.cc.services.post_breach_files -from monkey_island.cc.database import mongo +from jsonschema import Draft4Validator, validators + import monkey_island.cc.environment.environment_singleton as env_singleton -from monkey_island.cc.network_utils import local_ip_addresses -from .config_schema import SCHEMA +import monkey_island.cc.services.post_breach_files +from monkey_island.cc.database import mongo from monkey_island.cc.encryptor import encryptor +from monkey_island.cc.network_utils import local_ip_addresses + +from .config_schema import SCHEMA __author__ = "itay.mizeretz" diff --git a/monkey/monkey_island/cc/services/config_schema.py b/monkey/monkey_island/cc/services/config_schema.py index 4f7027cbc..1e6740fe5 100644 --- a/monkey/monkey_island/cc/services/config_schema.py +++ b/monkey/monkey_island/cc/services/config_schema.py @@ -1,5 +1,7 @@ -from common.data.system_info_collectors_names \ - import AWS_COLLECTOR, ENVIRONMENT_COLLECTOR, HOSTNAME_COLLECTOR, PROCESS_LIST_COLLECTOR +from common.data.system_info_collectors_names import (AWS_COLLECTOR, + ENVIRONMENT_COLLECTOR, + HOSTNAME_COLLECTOR, + PROCESS_LIST_COLLECTOR) WARNING_SIGN = " \u26A0" @@ -191,6 +193,14 @@ SCHEMA = { ], "title": "Setuid and Setgid", "attack_techniques": ["T1166"] + }, + { + "type": "string", + "enum": [ + "ScheduleJobs" + ], + "title": "Job scheduling", + "attack_techniques": ["T1168", "T1053"] } ], }, @@ -415,7 +425,8 @@ SCHEMA = { "ModifyShellStartupFiles", "HiddenFiles", "TrapCommand", - "ChangeSetuidSetgid" + "ChangeSetuidSetgid", + "ScheduleJobs" ], "description": "List of actions the Monkey will run post breach" }, @@ -567,7 +578,7 @@ SCHEMA = { "default": True, "description": "Determines whether the monkey should retry exploiting machines" - " it didn't successfuly exploit on previous iterations" + " it didn't successfully exploit on previous iterations" } } } @@ -704,7 +715,7 @@ SCHEMA = { "type": "boolean", "default": True, "description": - "Determines whether the dropper should try to move itsel instead of copying itself" + "Determines whether the dropper should try to move itself instead of copying itself" " to target path" } } diff --git a/monkey/monkey_island/cc/services/database.py b/monkey/monkey_island/cc/services/database.py index 85812dd6e..6144b6ef3 100644 --- a/monkey/monkey_island/cc/services/database.py +++ b/monkey/monkey_island/cc/services/database.py @@ -1,11 +1,12 @@ import logging -from monkey_island.cc.services.config import ConfigService -from monkey_island.cc.services.attack.attack_config import AttackConfig -from monkey_island.cc.services.post_breach_files import remove_PBA_files -from monkey_island.cc.models.attack.attack_mitigations import AttackMitigations from flask import jsonify + from monkey_island.cc.database import mongo +from monkey_island.cc.models.attack.attack_mitigations import AttackMitigations +from monkey_island.cc.services.attack.attack_config import AttackConfig +from monkey_island.cc.services.config import ConfigService +from monkey_island.cc.services.post_breach_files import remove_PBA_files logger = logging.getLogger(__name__) diff --git a/monkey/monkey_island/cc/services/edge/test_displayed_edge.py b/monkey/monkey_island/cc/services/edge/test_displayed_edge.py index c134bce33..dd214c9ed 100644 --- a/monkey/monkey_island/cc/services/edge/test_displayed_edge.py +++ b/monkey/monkey_island/cc/services/edge/test_displayed_edge.py @@ -2,7 +2,7 @@ from bson import ObjectId from monkey_island.cc.models.edge import Edge from monkey_island.cc.services.edge.displayed_edge import DisplayedEdgeService -from monkey_island.cc.services.edge.edge import EdgeService, RIGHT_ARROW +from monkey_island.cc.services.edge.edge import RIGHT_ARROW, EdgeService from monkey_island.cc.testing.IslandTestCase import IslandTestCase SCAN_DATA_MOCK = [{ diff --git a/monkey/monkey_island/cc/services/infection_lifecycle.py b/monkey/monkey_island/cc/services/infection_lifecycle.py index 425937c7b..f29b9ba71 100644 --- a/monkey/monkey_island/cc/services/infection_lifecycle.py +++ b/monkey/monkey_island/cc/services/infection_lifecycle.py @@ -8,8 +8,8 @@ from monkey_island.cc.resources.test.utils.telem_store import TestTelemStore from monkey_island.cc.services.config import ConfigService from monkey_island.cc.services.node import NodeService from monkey_island.cc.services.reporting.report import ReportService -from monkey_island.cc.services.reporting.report_generation_synchronisation import is_report_being_generated, \ - safe_generate_reports +from monkey_island.cc.services.reporting.report_generation_synchronisation import ( + is_report_being_generated, safe_generate_reports) logger = logging.getLogger(__name__) diff --git a/monkey/monkey_island/cc/services/log.py b/monkey/monkey_island/cc/services/log.py index ff3bf7304..a10e51f86 100644 --- a/monkey/monkey_island/cc/services/log.py +++ b/monkey/monkey_island/cc/services/log.py @@ -1,7 +1,7 @@ from datetime import datetime import monkey_island.cc.services.node -from monkey_island.cc.database import mongo, database +from monkey_island.cc.database import database, mongo __author__ = "itay.mizeretz" diff --git a/monkey/monkey_island/cc/services/node.py b/monkey/monkey_island/cc/services/node.py index f6f5362c3..fc18e0ef2 100644 --- a/monkey/monkey_island/cc/services/node.py +++ b/monkey/monkey_island/cc/services/node.py @@ -1,17 +1,17 @@ +import socket from datetime import datetime, timedelta from typing import Dict -import socket from bson import ObjectId from mongoengine import DoesNotExist import monkey_island.cc.services.log +from monkey_island.cc import models from monkey_island.cc.database import mongo from monkey_island.cc.models import Monkey from monkey_island.cc.models.edge import Edge +from monkey_island.cc.network_utils import is_local_ips, local_ip_addresses from monkey_island.cc.services.edge.displayed_edge import DisplayedEdgeService -from monkey_island.cc.network_utils import local_ip_addresses, is_local_ips -from monkey_island.cc import models from monkey_island.cc.services.edge.edge import EdgeService from monkey_island.cc.services.utils.node_states import NodeStates diff --git a/monkey/monkey_island/cc/services/post_breach_files.py b/monkey/monkey_island/cc/services/post_breach_files.py index 7d88d9d85..6153c3792 100644 --- a/monkey/monkey_island/cc/services/post_breach_files.py +++ b/monkey/monkey_island/cc/services/post_breach_files.py @@ -1,7 +1,8 @@ -import monkey_island.cc.services.config import logging import os +import monkey_island.cc.services.config + __author__ = "VakarisZ" logger = logging.getLogger(__name__) diff --git a/monkey/monkey_island/cc/services/remote_port_check.py b/monkey/monkey_island/cc/services/remote_port_check.py index d7d114bf8..302b22a7f 100644 --- a/monkey/monkey_island/cc/services/remote_port_check.py +++ b/monkey/monkey_island/cc/services/remote_port_check.py @@ -1,6 +1,5 @@ import socket - DEFAULT_TIMEOUT = 5 # Seconds diff --git a/monkey/monkey_island/cc/services/reporting/exporter_init.py b/monkey/monkey_island/cc/services/reporting/exporter_init.py index 2846bccb5..f7f78714c 100644 --- a/monkey/monkey_island/cc/services/reporting/exporter_init.py +++ b/monkey/monkey_island/cc/services/reporting/exporter_init.py @@ -1,9 +1,10 @@ import logging -from monkey_island.cc.services.reporting.report_exporter_manager import ReportExporterManager -from monkey_island.cc.services.reporting.aws_exporter import AWSExporter -from monkey_island.cc.services.remote_run_aws import RemoteRunAwsService import monkey_island.cc.environment.environment_singleton as env_singleton +from monkey_island.cc.services.remote_run_aws import RemoteRunAwsService +from monkey_island.cc.services.reporting.aws_exporter import AWSExporter +from monkey_island.cc.services.reporting.report_exporter_manager import \ + ReportExporterManager logger = logging.getLogger(__name__) diff --git a/monkey/monkey_island/cc/services/reporting/pth_report.py b/monkey/monkey_island/cc/services/reporting/pth_report.py index f6d7b615a..2389b12da 100644 --- a/monkey/monkey_island/cc/services/reporting/pth_report.py +++ b/monkey/monkey_island/cc/services/reporting/pth_report.py @@ -1,9 +1,9 @@ from itertools import product +from bson import ObjectId + from monkey_island.cc.database import mongo from monkey_island.cc.models import Monkey -from bson import ObjectId - from monkey_island.cc.services.groups_and_users_consts import USERTYPE from monkey_island.cc.services.node import NodeService diff --git a/monkey/monkey_island/cc/services/reporting/report.py b/monkey/monkey_island/cc/services/reporting/report.py index 1685046c5..9880b0ed0 100644 --- a/monkey/monkey_island/cc/services/reporting/report.py +++ b/monkey/monkey_island/cc/services/reporting/report.py @@ -1,22 +1,25 @@ import functools +import ipaddress import itertools import logging - -import ipaddress -from bson import json_util from enum import Enum +from bson import json_util + from common.network.network_range import NetworkRange from common.network.segmentation_utils import get_ip_in_src_and_not_in_dst from monkey_island.cc.database import mongo from monkey_island.cc.models import Monkey +from monkey_island.cc.network_utils import get_subnets, local_ip_addresses from monkey_island.cc.services.config import ConfigService -from monkey_island.cc.services.configuration.utils import get_config_network_segments_as_subnet_groups +from monkey_island.cc.services.configuration.utils import \ + get_config_network_segments_as_subnet_groups from monkey_island.cc.services.node import NodeService from monkey_island.cc.services.reporting.pth_report import PTHReportService -from monkey_island.cc.services.reporting.report_exporter_manager import ReportExporterManager -from monkey_island.cc.services.reporting.report_generation_synchronisation import safe_generate_regular_report -from monkey_island.cc.network_utils import local_ip_addresses, get_subnets +from monkey_island.cc.services.reporting.report_exporter_manager import \ + ReportExporterManager +from monkey_island.cc.services.reporting.report_generation_synchronisation import \ + safe_generate_regular_report __author__ = "itay.mizeretz" diff --git a/monkey/monkey_island/cc/services/reporting/report_generation_synchronisation.py b/monkey/monkey_island/cc/services/reporting/report_generation_synchronisation.py index 1a041bb3b..f2fa11c89 100644 --- a/monkey/monkey_island/cc/services/reporting/report_generation_synchronisation.py +++ b/monkey/monkey_island/cc/services/reporting/report_generation_synchronisation.py @@ -37,7 +37,8 @@ def safe_generate_regular_report(): def safe_generate_attack_report(): # Local import to avoid circular imports - from monkey_island.cc.services.attack.attack_report import AttackReportService + from monkey_island.cc.services.attack.attack_report import \ + AttackReportService try: __attack_report_generating_lock.acquire() attack_report = AttackReportService.generate_new_report() diff --git a/monkey/monkey_island/cc/services/reporting/test_zero_trust_service.py b/monkey/monkey_island/cc/services/reporting/test_zero_trust_service.py index e40af29f4..dbadffb55 100644 --- a/monkey/monkey_island/cc/services/reporting/test_zero_trust_service.py +++ b/monkey/monkey_island/cc/services/reporting/test_zero_trust_service.py @@ -1,7 +1,8 @@ import common.data.zero_trust_consts as zero_trust_consts -from monkey_island.cc.models.zero_trust.finding import Finding -from monkey_island.cc.services.reporting.zero_trust_service import ZeroTrustService import monkey_island.cc.services.reporting.zero_trust_service +from monkey_island.cc.models.zero_trust.finding import Finding +from monkey_island.cc.services.reporting.zero_trust_service import \ + ZeroTrustService from monkey_island.cc.testing.IslandTestCase import IslandTestCase EXPECTED_DICT = { diff --git a/monkey/monkey_island/cc/services/reporting/zero_trust_service.py b/monkey/monkey_island/cc/services/reporting/zero_trust_service.py index ee8fdd8bb..7c31fc59a 100644 --- a/monkey/monkey_island/cc/services/reporting/zero_trust_service.py +++ b/monkey/monkey_island/cc/services/reporting/zero_trust_service.py @@ -1,8 +1,8 @@ from typing import List -import common.data.zero_trust_consts as zero_trust_consts from bson.objectid import ObjectId +import common.data.zero_trust_consts as zero_trust_consts from monkey_island.cc.models.zero_trust.finding import Finding # How many events of a single finding to return to UI. diff --git a/monkey/monkey_island/cc/services/representations_test.py b/monkey/monkey_island/cc/services/representations_test.py index d6c7f99d7..079cb995f 100644 --- a/monkey/monkey_island/cc/services/representations_test.py +++ b/monkey/monkey_island/cc/services/representations_test.py @@ -1,9 +1,10 @@ -from unittest import TestCase from datetime import datetime -from monkey_island.cc.services.representations import normalize_obj +from unittest import TestCase import bson +from monkey_island.cc.services.representations import normalize_obj + class TestJsonRepresentations(TestCase): def test_normalize_obj(self): diff --git a/monkey/monkey_island/cc/services/telemetry/processing/exploit.py b/monkey/monkey_island/cc/services/telemetry/processing/exploit.py index f8ea52b6e..69c1e20f6 100644 --- a/monkey/monkey_island/cc/services/telemetry/processing/exploit.py +++ b/monkey/monkey_island/cc/services/telemetry/processing/exploit.py @@ -7,8 +7,10 @@ from monkey_island.cc.models import Monkey from monkey_island.cc.models.edge import Edge from monkey_island.cc.services.edge.displayed_edge import EdgeService from monkey_island.cc.services.node import NodeService -from monkey_island.cc.services.telemetry.processing.utils import get_edge_by_scan_or_exploit_telemetry -from monkey_island.cc.services.telemetry.zero_trust_tests.machine_exploited import test_machine_exploited +from monkey_island.cc.services.telemetry.processing.utils import \ + get_edge_by_scan_or_exploit_telemetry +from monkey_island.cc.services.telemetry.zero_trust_tests.machine_exploited import \ + test_machine_exploited def process_exploit_telemetry(telemetry_json): diff --git a/monkey/monkey_island/cc/services/telemetry/processing/post_breach.py b/monkey/monkey_island/cc/services/telemetry/processing/post_breach.py index e6ac8734b..974a696d5 100644 --- a/monkey/monkey_island/cc/services/telemetry/processing/post_breach.py +++ b/monkey/monkey_island/cc/services/telemetry/processing/post_breach.py @@ -1,7 +1,8 @@ from common.data.post_breach_consts import POST_BREACH_COMMUNICATE_AS_NEW_USER from monkey_island.cc.database import mongo from monkey_island.cc.models import Monkey -from monkey_island.cc.services.telemetry.zero_trust_tests.communicate_as_new_user import test_new_user_communication +from monkey_island.cc.services.telemetry.zero_trust_tests.communicate_as_new_user import \ + test_new_user_communication def process_communicate_as_new_user_telemetry(telemetry_json): diff --git a/monkey/monkey_island/cc/services/telemetry/processing/processing.py b/monkey/monkey_island/cc/services/telemetry/processing/processing.py index 0cc461249..566c11dcc 100644 --- a/monkey/monkey_island/cc/services/telemetry/processing/processing.py +++ b/monkey/monkey_island/cc/services/telemetry/processing/processing.py @@ -1,11 +1,17 @@ import logging -from monkey_island.cc.services.telemetry.processing.exploit import process_exploit_telemetry -from monkey_island.cc.services.telemetry.processing.post_breach import process_post_breach_telemetry -from monkey_island.cc.services.telemetry.processing.scan import process_scan_telemetry -from monkey_island.cc.services.telemetry.processing.state import process_state_telemetry -from monkey_island.cc.services.telemetry.processing.system_info import process_system_info_telemetry -from monkey_island.cc.services.telemetry.processing.tunnel import process_tunnel_telemetry +from monkey_island.cc.services.telemetry.processing.exploit import \ + process_exploit_telemetry +from monkey_island.cc.services.telemetry.processing.post_breach import \ + process_post_breach_telemetry +from monkey_island.cc.services.telemetry.processing.scan import \ + process_scan_telemetry +from monkey_island.cc.services.telemetry.processing.state import \ + process_state_telemetry +from monkey_island.cc.services.telemetry.processing.system_info import \ + process_system_info_telemetry +from monkey_island.cc.services.telemetry.processing.tunnel import \ + process_tunnel_telemetry logger = logging.getLogger(__name__) diff --git a/monkey/monkey_island/cc/services/telemetry/processing/scan.py b/monkey/monkey_island/cc/services/telemetry/processing/scan.py index 7a7f0b19c..43446126c 100644 --- a/monkey/monkey_island/cc/services/telemetry/processing/scan.py +++ b/monkey/monkey_island/cc/services/telemetry/processing/scan.py @@ -2,9 +2,12 @@ from monkey_island.cc.database import mongo from monkey_island.cc.models import Monkey from monkey_island.cc.services.edge.edge import EdgeService from monkey_island.cc.services.node import NodeService -from monkey_island.cc.services.telemetry.processing.utils import get_edge_by_scan_or_exploit_telemetry -from monkey_island.cc.services.telemetry.zero_trust_tests.data_endpoints import test_open_data_endpoints -from monkey_island.cc.services.telemetry.zero_trust_tests.segmentation import test_segmentation_violation +from monkey_island.cc.services.telemetry.processing.utils import \ + get_edge_by_scan_or_exploit_telemetry +from monkey_island.cc.services.telemetry.zero_trust_tests.data_endpoints import \ + test_open_data_endpoints +from monkey_island.cc.services.telemetry.zero_trust_tests.segmentation import \ + test_segmentation_violation def process_scan_telemetry(telemetry_json): diff --git a/monkey/monkey_island/cc/services/telemetry/processing/state.py b/monkey/monkey_island/cc/services/telemetry/processing/state.py index b7e341483..3ac555f3e 100644 --- a/monkey/monkey_island/cc/services/telemetry/processing/state.py +++ b/monkey/monkey_island/cc/services/telemetry/processing/state.py @@ -5,7 +5,6 @@ from monkey_island.cc.services.node import NodeService from monkey_island.cc.services.telemetry.zero_trust_tests.segmentation import \ test_passed_findings_for_unreached_segments - logger = logging.getLogger(__name__) diff --git a/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py b/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py index af477ebb4..639a392ce 100644 --- a/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py +++ b/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py @@ -1,12 +1,18 @@ import logging import typing -from common.data.system_info_collectors_names \ - import AWS_COLLECTOR, ENVIRONMENT_COLLECTOR, HOSTNAME_COLLECTOR, PROCESS_LIST_COLLECTOR -from monkey_island.cc.services.telemetry.processing.system_info_collectors.aws import process_aws_telemetry -from monkey_island.cc.services.telemetry.processing.system_info_collectors.environment import process_environment_telemetry -from monkey_island.cc.services.telemetry.processing.system_info_collectors.hostname import process_hostname_telemetry -from monkey_island.cc.services.telemetry.zero_trust_tests.antivirus_existence import test_antivirus_existence +from common.data.system_info_collectors_names import (AWS_COLLECTOR, + ENVIRONMENT_COLLECTOR, + HOSTNAME_COLLECTOR, + PROCESS_LIST_COLLECTOR) +from monkey_island.cc.services.telemetry.processing.system_info_collectors.aws import \ + process_aws_telemetry +from monkey_island.cc.services.telemetry.processing.system_info_collectors.environment import \ + process_environment_telemetry +from monkey_island.cc.services.telemetry.processing.system_info_collectors.hostname import \ + process_hostname_telemetry +from monkey_island.cc.services.telemetry.zero_trust_tests.antivirus_existence import \ + test_antivirus_existence logger = logging.getLogger(__name__) diff --git a/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/test_system_info_telemetry_dispatcher.py b/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/test_system_info_telemetry_dispatcher.py index f5a72405d..2af2d5970 100644 --- a/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/test_system_info_telemetry_dispatcher.py +++ b/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/test_system_info_telemetry_dispatcher.py @@ -1,10 +1,8 @@ import uuid from monkey_island.cc.models import Monkey -from monkey_island.cc.services.telemetry.processing.system_info_collectors.system_info_telemetry_dispatcher import \ - SystemInfoTelemetryDispatcher -from monkey_island.cc.services.telemetry.processing.system_info_collectors.system_info_telemetry_dispatcher import \ - process_aws_telemetry +from monkey_island.cc.services.telemetry.processing.system_info_collectors.system_info_telemetry_dispatcher import ( + SystemInfoTelemetryDispatcher, process_aws_telemetry) from monkey_island.cc.testing.IslandTestCase import IslandTestCase TEST_SYS_INFO_TO_PROCESSING = { diff --git a/monkey/monkey_island/cc/services/telemetry/processing/tunnel.py b/monkey/monkey_island/cc/services/telemetry/processing/tunnel.py index 1598b144a..ef5ea0ff9 100644 --- a/monkey/monkey_island/cc/services/telemetry/processing/tunnel.py +++ b/monkey/monkey_island/cc/services/telemetry/processing/tunnel.py @@ -1,6 +1,8 @@ from monkey_island.cc.services.node import NodeService -from monkey_island.cc.services.telemetry.processing.utils import get_tunnel_host_ip_from_proxy_field -from monkey_island.cc.services.telemetry.zero_trust_tests.tunneling import test_tunneling_violation +from monkey_island.cc.services.telemetry.processing.utils import \ + get_tunnel_host_ip_from_proxy_field +from monkey_island.cc.services.telemetry.zero_trust_tests.tunneling import \ + test_tunneling_violation def process_tunnel_telemetry(telemetry_json): diff --git a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/antivirus_existence.py b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/antivirus_existence.py index 1916291e2..336567c7c 100644 --- a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/antivirus_existence.py +++ b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/antivirus_existence.py @@ -2,9 +2,11 @@ import json import common.data.zero_trust_consts as zero_trust_consts from monkey_island.cc.models import Monkey -from monkey_island.cc.models.zero_trust.aggregate_finding import AggregateFinding +from monkey_island.cc.models.zero_trust.aggregate_finding import \ + AggregateFinding from monkey_island.cc.models.zero_trust.event import Event -from monkey_island.cc.services.telemetry.zero_trust_tests.known_anti_viruses import ANTI_VIRUS_KNOWN_PROCESS_NAMES +from monkey_island.cc.services.telemetry.zero_trust_tests.known_anti_viruses import \ + ANTI_VIRUS_KNOWN_PROCESS_NAMES def test_antivirus_existence(process_list_json, monkey_guid): diff --git a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/communicate_as_new_user.py b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/communicate_as_new_user.py index f6af5e4bf..d822206af 100644 --- a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/communicate_as_new_user.py +++ b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/communicate_as_new_user.py @@ -1,5 +1,6 @@ import common.data.zero_trust_consts as zero_trust_consts -from monkey_island.cc.models.zero_trust.aggregate_finding import AggregateFinding +from monkey_island.cc.models.zero_trust.aggregate_finding import \ + AggregateFinding from monkey_island.cc.models.zero_trust.event import Event COMM_AS_NEW_USER_FAILED_FORMAT = "Monkey on {} couldn't communicate as new user. Details: {}" diff --git a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/data_endpoints.py b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/data_endpoints.py index d7b447e4a..447b2dee8 100644 --- a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/data_endpoints.py +++ b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/data_endpoints.py @@ -1,9 +1,10 @@ import json -from common.data.network_consts import ES_SERVICE import common.data.zero_trust_consts as zero_trust_consts +from common.data.network_consts import ES_SERVICE from monkey_island.cc.models import Monkey -from monkey_island.cc.models.zero_trust.aggregate_finding import AggregateFinding, add_malicious_activity_to_timeline +from monkey_island.cc.models.zero_trust.aggregate_finding import ( + AggregateFinding, add_malicious_activity_to_timeline) from monkey_island.cc.models.zero_trust.event import Event HTTP_SERVERS_SERVICES_NAMES = ['tcp-80'] diff --git a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/machine_exploited.py b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/machine_exploited.py index 8c128e7f9..06d97d66d 100644 --- a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/machine_exploited.py +++ b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/machine_exploited.py @@ -1,5 +1,6 @@ import common.data.zero_trust_consts as zero_trust_consts -from monkey_island.cc.models.zero_trust.aggregate_finding import AggregateFinding, add_malicious_activity_to_timeline +from monkey_island.cc.models.zero_trust.aggregate_finding import ( + AggregateFinding, add_malicious_activity_to_timeline) from monkey_island.cc.models.zero_trust.event import Event diff --git a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/segmentation.py b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/segmentation.py index f2c3f61b6..a46dbc4a3 100644 --- a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/segmentation.py +++ b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/segmentation.py @@ -2,11 +2,14 @@ import itertools import common.data.zero_trust_consts as zero_trust_consts from common.network.network_range import NetworkRange -from common.network.segmentation_utils import get_ip_in_src_and_not_in_dst, get_ip_if_in_subnet +from common.network.segmentation_utils import (get_ip_if_in_subnet, + get_ip_in_src_and_not_in_dst) from monkey_island.cc.models import Monkey from monkey_island.cc.models.zero_trust.event import Event -from monkey_island.cc.models.zero_trust.segmentation_finding import SegmentationFinding -from monkey_island.cc.services.configuration.utils import get_config_network_segments_as_subnet_groups +from monkey_island.cc.models.zero_trust.segmentation_finding import \ + SegmentationFinding +from monkey_island.cc.services.configuration.utils import \ + get_config_network_segments_as_subnet_groups SEGMENTATION_DONE_EVENT_TEXT = "Monkey on {hostname} is done attempting cross-segment communications " \ "from `{src_seg}` segments to `{dst_seg}` segments." diff --git a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/test_segmentation_zt_tests.py b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/test_segmentation_zt_tests.py index 50d5f1c0b..b2aeaf524 100644 --- a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/test_segmentation_zt_tests.py +++ b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/test_segmentation_zt_tests.py @@ -4,8 +4,10 @@ import common.data.zero_trust_consts as zero_trust_consts from monkey_island.cc.models import Monkey from monkey_island.cc.models.zero_trust.event import Event from monkey_island.cc.models.zero_trust.finding import Finding -from monkey_island.cc.models.zero_trust.segmentation_finding import SegmentationFinding -from monkey_island.cc.services.telemetry.zero_trust_tests.segmentation import create_or_add_findings_for_all_pairs +from monkey_island.cc.models.zero_trust.segmentation_finding import \ + SegmentationFinding +from monkey_island.cc.services.telemetry.zero_trust_tests.segmentation import \ + create_or_add_findings_for_all_pairs from monkey_island.cc.testing.IslandTestCase import IslandTestCase FIRST_SUBNET = "1.1.1.1" diff --git a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/tunneling.py b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/tunneling.py index e402525c8..f4d508156 100644 --- a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/tunneling.py +++ b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/tunneling.py @@ -1,8 +1,10 @@ import common.data.zero_trust_consts as zero_trust_consts from monkey_island.cc.models import Monkey -from monkey_island.cc.models.zero_trust.aggregate_finding import AggregateFinding, add_malicious_activity_to_timeline +from monkey_island.cc.models.zero_trust.aggregate_finding import ( + AggregateFinding, add_malicious_activity_to_timeline) from monkey_island.cc.models.zero_trust.event import Event -from monkey_island.cc.services.telemetry.processing.utils import get_tunnel_host_ip_from_proxy_field +from monkey_island.cc.services.telemetry.processing.utils import \ + get_tunnel_host_ip_from_proxy_field def test_tunneling_violation(tunnel_telemetry_json): diff --git a/monkey/monkey_island/cc/services/utils/node_states.py b/monkey/monkey_island/cc/services/utils/node_states.py index db8dd6429..3b7e48c65 100644 --- a/monkey/monkey_island/cc/services/utils/node_states.py +++ b/monkey/monkey_island/cc/services/utils/node_states.py @@ -1,8 +1,8 @@ from __future__ import annotations +import collections from enum import Enum from typing import List -import collections class NodeStates(Enum): diff --git a/monkey/monkey_island/cc/services/utils/node_states_test.py b/monkey/monkey_island/cc/services/utils/node_states_test.py index 1204cb881..203ccb551 100644 --- a/monkey/monkey_island/cc/services/utils/node_states_test.py +++ b/monkey/monkey_island/cc/services/utils/node_states_test.py @@ -1,6 +1,7 @@ from unittest import TestCase -from monkey_island.cc.services.utils.node_states import NodeStates, NoGroupsFoundException +from monkey_island.cc.services.utils.node_states import ( + NodeStates, NoGroupsFoundException) class TestNodeGroups(TestCase): diff --git a/monkey/monkey_island/cc/services/version_update.py b/monkey/monkey_island/cc/services/version_update.py index 7c2855f21..ad1f81513 100644 --- a/monkey/monkey_island/cc/services/version_update.py +++ b/monkey/monkey_island/cc/services/version_update.py @@ -2,8 +2,8 @@ import logging import requests -from common.version import get_version import monkey_island.cc.environment.environment_singleton as env_singleton +from common.version import get_version __author__ = "itay.mizeretz" diff --git a/monkey/monkey_island/cc/services/wmi_handler.py b/monkey/monkey_island/cc/services/wmi_handler.py index 413a5f307..cf67d6c7f 100644 --- a/monkey/monkey_island/cc/services/wmi_handler.py +++ b/monkey/monkey_island/cc/services/wmi_handler.py @@ -1,5 +1,6 @@ from monkey_island.cc.database import mongo -from monkey_island.cc.services.groups_and_users_consts import USERTYPE, GROUPTYPE +from monkey_island.cc.services.groups_and_users_consts import (GROUPTYPE, + USERTYPE) __author__ = 'maor.rayzin' diff --git a/monkey/monkey_island/cc/setup.py b/monkey/monkey_island/cc/setup.py index 007fca6ef..5518532fd 100644 --- a/monkey/monkey_island/cc/setup.py +++ b/monkey/monkey_island/cc/setup.py @@ -1,10 +1,11 @@ import logging -from monkey_island.cc.services.attack.mitre_api_interface import MitreApiInterface -from monkey_island.cc.models.attack.attack_mitigations import AttackMitigations -from monkey_island.cc.database import mongo from pymongo import errors +from monkey_island.cc.database import mongo +from monkey_island.cc.models.attack.attack_mitigations import AttackMitigations +from monkey_island.cc.services.attack.mitre_api_interface import \ + MitreApiInterface logger = logging.getLogger(__name__) diff --git a/monkey/monkey_island/cc/testing/IslandTestCase.py b/monkey/monkey_island/cc/testing/IslandTestCase.py index 79c6000ab..b260f62c9 100644 --- a/monkey/monkey_island/cc/testing/IslandTestCase.py +++ b/monkey/monkey_island/cc/testing/IslandTestCase.py @@ -1,4 +1,5 @@ import unittest + import monkey_island.cc.environment.environment_singleton as env_singleton from monkey_island.cc.models import Monkey from monkey_island.cc.models.edge import Edge diff --git a/monkey/monkey_island/cc/testing/profiler_decorator.py b/monkey/monkey_island/cc/testing/profiler_decorator.py index 997ef91ae..64642895e 100644 --- a/monkey/monkey_island/cc/testing/profiler_decorator.py +++ b/monkey/monkey_island/cc/testing/profiler_decorator.py @@ -1,6 +1,6 @@ -from cProfile import Profile import os import pstats +from cProfile import Profile PROFILER_LOG_DIR = "./profiler_logs/" diff --git a/monkey/monkey_island/cc/ui/package.json b/monkey/monkey_island/cc/ui/package.json index 89bd9b176..2b3e7c49f 100644 --- a/monkey/monkey_island/cc/ui/package.json +++ b/monkey/monkey_island/cc/ui/package.json @@ -99,7 +99,7 @@ "react-particles-js": "^3.2.1", "react-redux": "^5.1.2", "react-router-dom": "^4.3.1", - "react-spinners": "^0.5.13", + "react-spinners": "^0.9.0", "react-table": "^6.10.3", "react-toggle": "^4.1.1", "react-tooltip-lite": "^1.10.0", diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1053.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1053.js new file mode 100644 index 000000000..11a27e156 --- /dev/null +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1053.js @@ -0,0 +1,45 @@ +import React from 'react'; +import ReactTable from 'react-table'; +import {renderMachineFromSystemData, ScanStatus} from './Helpers'; +import MitigationsComponent from './MitigationsComponent'; + +class T1053 extends React.Component { + + constructor(props) { + super(props); + } + + static getColumns() { + return ([{ + columns: [ + { Header: 'Machine', + id: 'machine', + accessor: x => renderMachineFromSystemData(x.machine), + style: {'whiteSpace': 'unset'}}, + { Header: 'Result', + id: 'result', + accessor: x => x.result, + style: {'whiteSpace': 'unset'}} + ] + }]) + } + + render() { + return ( +