p59342861
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

PEP8 changes

This commit is contained in:
acepace 2016-08-20 17:58:59 +03:00
parent 14052bb444
commit 8c4288d100
12 changed files with 106 additions and 93 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
chaos_monkey/main.py
View File

@ -19,19 +19,20 @@ LOG = None
LOG_CONFIG = {'version': 1,
'disable_existing_loggers': False,
'formatters': {'standard': {'format': '%(asctime)s [%(process)d:%(levelname)s] %(module)s.%(funcName)s.%(lineno)d: %(message)s'},
},
'formatters': {'standard': {
'format': '%(asctime)s [%(process)d:%(levelname)s] %(module)s.%(funcName)s.%(lineno)d: %(message)s'},
},
'handlers': {'console': {'class': 'logging.StreamHandler',
'level': 'DEBUG',
'formatter': 'standard'},
'file': {'class': 'logging.FileHandler',
'level': 'DEBUG',
'formatter': 'standard',
'filename': None}
},
'file': {'class': 'logging.FileHandler',
'level': 'DEBUG',
'formatter': 'standard',
'filename': None}
},
'root': {'level': 'DEBUG',
'handlers': ['console']},
}
}
def main():
@ -42,7 +43,7 @@ def main():
monkey_mode = sys.argv[1]
if not monkey_mode in [MONKEY_ARG, DROPPER_ARG]:
if not (monkey_mode in [MONKEY_ARG, DROPPER_ARG]):
return True
config_file = EXTERNAL_CONFIG_FILE
@ -66,7 +67,7 @@ def main():
print "Loaded Configuration: %r" % WormConfiguration.as_dict()
#Make sure we're not in a machine that has the kill file
# Make sure we're not in a machine that has the kill file
kill_path = WormConfiguration.kill_file_path_windows if sys.platform == "win32" else WormConfiguration.kill_file_path_linux
if os.path.exists(kill_path):
print "Kill path found, finished run"
@ -74,10 +75,12 @@ def main():
try:
if MONKEY_ARG == monkey_mode:
log_path = os.path.expandvars(WormConfiguration.monkey_log_path_windows) if sys.platform == "win32" else WormConfiguration.monkey_log_path_linux
log_path = os.path.expandvars(
WormConfiguration.monkey_log_path_windows) if sys.platform == "win32" else WormConfiguration.monkey_log_path_linux
monkey_cls = ChaosMonkey
elif DROPPER_ARG == monkey_mode:
log_path = os.path.expandvars(WormConfiguration.dropper_log_path_windows) if sys.platform == "win32" else WormConfiguration.dropper_log_path_linux
log_path = os.path.expandvars(
WormConfiguration.dropper_log_path_windows) if sys.platform == "win32" else WormConfiguration.dropper_log_path_linux
monkey_cls = MonkeyDrops
else:
return True
@ -109,14 +112,15 @@ def main():
monkey.start()
if WormConfiguration.serialize_config:
with open(config_file, 'w') as config_fo:
json_dict = WormConfiguration.as_dict()
json.dump(json_dict, config_fo, skipkeys=True, sort_keys=True, indent=4, separators=(',', ': '))
with open(config_file, 'w') as config_fo:
json_dict = WormConfiguration.as_dict()
json.dump(json_dict, config_fo, skipkeys=True, sort_keys=True, indent=4, separators=(',', ': '))
return True
finally:
monkey.cleanup()
if "__main__" == __name__:
if not main():
sys.exit(1)

4
chaos_monkey/monkey.py
View File

@ -143,7 +143,6 @@ class ChaosMonkey(object):
LOG.debug("Skipping %r - exploitation failed before", machine)
continue
successful_exploiter = None
if monkey_tunnel:
monkey_tunnel.set_tunnel_for_host(machine)
@ -151,6 +150,7 @@ class ChaosMonkey(object):
LOG.debug("Default server: %s set to machine: %r" % (self._default_server, machine))
machine.set_default_server(self._default_server)
successful_exploiter = None
for exploiter in self._exploiters:
if not exploiter.is_os_supported(machine):
LOG.info("Skipping exploiter %s host:%r, os is not supported",
@ -240,4 +240,4 @@ class ChaosMonkey(object):
except Exception, exc:
LOG.error("Exception in self delete: %s", exc)
LOG.info("Monkey is shutting down")
LOG.info("Monkey is shutting down")

29
chaos_monkey/network/firewall.py
View File

@ -51,9 +51,9 @@ class WinAdvFirewall(FirewallApp):
def add_firewall_rule(self, name="Firewall", dir="in", action="allow", program=sys.executable, **kwargs):
netsh_args = {'name': name,
'dir' : dir,
'dir': dir,
'action': action,
'program' : program}
'program': program}
netsh_args.update(kwargs)
try:
if _run_netsh_cmd('advfirewall firewall add rule', netsh_args):
@ -70,7 +70,7 @@ class WinAdvFirewall(FirewallApp):
try:
if _run_netsh_cmd('advfirewall firewall delete rule', netsh_args):
if self._rules.has_key(name):
if name in self._rules:
del self._rules[name]
return True
else:
@ -93,7 +93,7 @@ class WinAdvFirewall(FirewallApp):
def close(self):
try:
for rule in self._rules.keys():
_run_netsh_cmd('advfirewall firewall delete rule', {'name' : rule})
_run_netsh_cmd('advfirewall firewall delete rule', {'name': rule})
except:
pass
@ -117,10 +117,11 @@ class WinFirewall(FirewallApp):
except:
return None
def add_firewall_rule(self, rule='allowedprogram', name="Firewall", mode="ENABLE", program=sys.executable, **kwargs):
def add_firewall_rule(self, rule='allowedprogram', name="Firewall", mode="ENABLE", program=sys.executable,
**kwargs):
netsh_args = {'name': name,
'mode' : mode,
'program' : program}
'mode': mode,
'program': program}
netsh_args.update(kwargs)
try:
@ -129,20 +130,21 @@ class WinFirewall(FirewallApp):
self._rules[name] = netsh_args
return True
else:
return False
return False
except:
return None
def remove_firewall_rule(self, rule='allowedprogram', name="Firewall", mode="ENABLE", program=sys.executable, **kwargs):
netsh_args = {'program' : program}
def remove_firewall_rule(self, rule='allowedprogram', name="Firewall", mode="ENABLE", program=sys.executable,
**kwargs):
netsh_args = {'program': program}
netsh_args.update(kwargs)
try:
if _run_netsh_cmd('firewall delete %s' % rule, netsh_args):
if self._rules.has_key(name):
if name in self._rules:
del self._rules[name]
return True
else:
return False
return False
except:
return None
@ -153,7 +155,7 @@ class WinFirewall(FirewallApp):
for rule in self._rules.values():
if rule.get('program') == sys.executable and 'ENABLE' == rule.get('mode'):
return True
return False
return False
def close(self):
try:
@ -162,6 +164,7 @@ class WinFirewall(FirewallApp):
except:
pass
if sys.platform == "win32":
try:
win_ver = int(platform.version().split('.')[0])

12
chaos_monkey/network/info.py
View File

@ -10,10 +10,12 @@ from random import randint
if sys.platform == "win32":
import netifaces
def local_ips():
local_hostname = socket.gethostname()
return socket.gethostbyname_ex(local_hostname)[2]
def get_host_subnets(only_ips=False):
network_adapters = []
valid_ips = local_ips()
@ -28,11 +30,11 @@ if sys.platform == "win32":
return network_adapters
else:
import fcntl
import fcntl
def get_host_subnets(only_ips=False):
"""Get the list of Linux network adapters."""
import fcntl
max_bytes = 8096
is_64bits = sys.maxsize > 2 ** 32
if is_64bits:
@ -77,12 +79,12 @@ else:
def get_free_tcp_port(min_range=1000, max_range=65535):
start_range = min(1, min_range)
max_range = min(65535, max_range)
in_use = [conn.laddr[1] for conn in psutil.net_connections()]
for i in range(min_range, max_range):
port = randint(start_range, max_range)
if port not in in_use:
return port
@ -104,7 +106,7 @@ def get_ips_from_interfaces():
ipint = ipaddress.ip_interface(u"%s/%s" % interface)
# limit subnet scans to class C only
if ipint.network.num_addresses > 255:
ipint = ipaddress.ip_interface(u"%s/24" % interface[0])
ipint = ipaddress.ip_interface(u"%s/24" % interface[0])
for addr in ipint.network.hosts():
if str(addr) == interface[0]:
continue

6
chaos_monkey/network/network_scanner.py
View File

@ -41,9 +41,9 @@ class NetworkScanner(object):
scanner = scan_type()
victims_count = 0
for range in self._ranges:
LOG.debug("Scanning for potential victims in the network %r", range)
for victim in range:
for net_range in self._ranges:
LOG.debug("Scanning for potential victims in the network %r", net_range)
for victim in net_range:
if stop_callback and stop_callback():
LOG.debug("Got stop signal")
break

2
chaos_monkey/network/range.py
View File

@ -49,7 +49,7 @@ class RelativeRange(NetworkRange):
def __repr__(self):
return "<RelativeRange %s-%s>" % (socket.inet_ntoa(struct.pack(">L", self._base_address - self._size)),
socket.inet_ntoa(struct.pack(">L", self._base_address + self._size)))
socket.inet_ntoa(struct.pack(">L", self._base_address + self._size)))
def _get_range(self):
lower_end = -(self._size / 2)

67
chaos_monkey/network/smbfinger.py
View File

@ -18,7 +18,7 @@ class Packet(object):
def __init__(self, **kw):
self.fields = odict(self.__class__.fields)
for k,v in kw.items():
for k, v in kw.items():
if callable(v):
self.fields[k] = v(self.fields[k])
else:
@ -52,43 +52,45 @@ class SMBNego(Packet):
("bcc", "\x62\x00"),
("data", "")
])
def calculate(self):
self.fields["bcc"] = struct.pack("<h",len(str(self.fields["data"])))
self.fields["bcc"] = struct.pack("<h", len(str(self.fields["data"])))
class SMBNegoFingerData(Packet):
fields = odict([
("separator1","\x02" ),
("separator1", "\x02"),
("dialect1", "\x50\x43\x20\x4e\x45\x54\x57\x4f\x52\x4b\x20\x50\x52\x4f\x47\x52\x41\x4d\x20\x31\x2e\x30\x00"),
("separator2","\x02"),
("separator2", "\x02"),
("dialect2", "\x4c\x41\x4e\x4d\x41\x4e\x31\x2e\x30\x00"),
("separator3","\x02"),
("dialect3", "\x57\x69\x6e\x64\x6f\x77\x73\x20\x66\x6f\x72\x20\x57\x6f\x72\x6b\x67\x72\x6f\x75\x70\x73\x20\x33\x2e\x31\x61\x00"),
("separator4","\x02"),
("separator3", "\x02"),
("dialect3",
"\x57\x69\x6e\x64\x6f\x77\x73\x20\x66\x6f\x72\x20\x57\x6f\x72\x6b\x67\x72\x6f\x75\x70\x73\x20\x33\x2e\x31\x61\x00"),
("separator4", "\x02"),
("dialect4", "\x4c\x4d\x31\x2e\x32\x58\x30\x30\x32\x00"),
("separator5","\x02"),
("separator5", "\x02"),
("dialect5", "\x4c\x41\x4e\x4d\x41\x4e\x32\x2e\x31\x00"),
("separator6","\x02"),
("separator6", "\x02"),
("dialect6", "\x4e\x54\x20\x4c\x4d\x20\x30\x2e\x31\x32\x00"),
])
])
class SMBSessionFingerData(Packet):
fields = odict([
("wordcount", "\x0c"),
("AndXCommand", "\xff"),
("reserved","\x00" ),
("reserved", "\x00"),
("andxoffset", "\x00\x00"),
("maxbuff","\x04\x11"),
("maxbuff", "\x04\x11"),
("maxmpx", "\x32\x00"),
("vcnum","\x00\x00"),
("vcnum", "\x00\x00"),
("sessionkey", "\x00\x00\x00\x00"),
("securitybloblength","\x4a\x00"),
("reserved2","\x00\x00\x00\x00"),
("securitybloblength", "\x4a\x00"),
("reserved2", "\x00\x00\x00\x00"),
("capabilities", "\xd4\x00\x00\xa0"),
("bcc1",""),
("Data","\x60\x48\x06\x06\x2b\x06\x01\x05\x05\x02\xa0\x3e\x30\x3c\xa0\x0e\x30\x0c\x06\x0a\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a\xa2\x2a\x04\x28\x4e\x54\x4c\x4d\x53\x53\x50\x00\x01\x00\x00\x00\x07\x82\x08\xa2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x01\x28\x0a\x00\x00\x00\x0f\x00\x57\x00\x69\x00\x6e\x00\x64\x00\x6f\x00\x77\x00\x73\x00\x20\x00\x32\x00\x30\x00\x30\x00\x32\x00\x20\x00\x53\x00\x65\x00\x72\x00\x76\x00\x69\x00\x63\x00\x65\x00\x20\x00\x50\x00\x61\x00\x63\x00\x6b\x00\x20\x00\x33\x00\x20\x00\x32\x00\x36\x00\x30\x00\x30\x00\x00\x00\x57\x00\x69\x00\x6e\x00\x64\x00\x6f\x00\x77\x00\x73\x00\x20\x00\x32\x00\x30\x00\x30\x00\x32\x00\x20\x00\x35\x00\x2e\x00\x31\x00\x00\x00\x00\x00"),
("bcc1", ""),
("Data",
"\x60\x48\x06\x06\x2b\x06\x01\x05\x05\x02\xa0\x3e\x30\x3c\xa0\x0e\x30\x0c\x06\x0a\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a\xa2\x2a\x04\x28\x4e\x54\x4c\x4d\x53\x53\x50\x00\x01\x00\x00\x00\x07\x82\x08\xa2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x01\x28\x0a\x00\x00\x00\x0f\x00\x57\x00\x69\x00\x6e\x00\x64\x00\x6f\x00\x77\x00\x73\x00\x20\x00\x32\x00\x30\x00\x30\x00\x32\x00\x20\x00\x53\x00\x65\x00\x72\x00\x76\x00\x69\x00\x63\x00\x65\x00\x20\x00\x50\x00\x61\x00\x63\x00\x6b\x00\x20\x00\x33\x00\x20\x00\x32\x00\x36\x00\x30\x00\x30\x00\x00\x00\x57\x00\x69\x00\x6e\x00\x64\x00\x6f\x00\x77\x00\x73\x00\x20\x00\x32\x00\x30\x00\x30\x00\x32\x00\x20\x00\x35\x00\x2e\x00\x31\x00\x00\x00\x00\x00"),
])
@ -110,36 +112,37 @@ class SMBFinger(HostFinger):
host.services[SMB_SERVICE] = {}
h = SMBHeader(cmd="\x72",flag1="\x18",flag2="\x53\xc8")
n = SMBNego(data = SMBNegoFingerData())
h = SMBHeader(cmd="\x72", flag1="\x18", flag2="\x53\xc8")
n = SMBNego(data=SMBNegoFingerData())
n.calculate()
Packet = str(h)+str(n)
Buffer = struct.pack(">i", len(''.join(Packet)))+Packet
Packet = str(h) + str(n)
Buffer = struct.pack(">i", len(''.join(Packet))) + Packet
s.send(Buffer)
data = s.recv(2048)
if data[8:10] == "\x72\x00":
Header = SMBHeader(cmd="\x73",flag1="\x18",flag2="\x17\xc8",uid="\x00\x00")
Header = SMBHeader(cmd="\x73", flag1="\x18", flag2="\x17\xc8", uid="\x00\x00")
Body = SMBSessionFingerData()
Body.calculate()
Packet = str(Header)+str(Body)
Buffer = struct.pack(">i", len(''.join(Packet)))+Packet
Packet = str(Header) + str(Body)
Buffer = struct.pack(">i", len(''.join(Packet))) + Packet
s.send(Buffer)
s.send(Buffer)
data = s.recv(2048)
if data[8:10] == "\x73\x16":
length = struct.unpack('<H',data[43:45])[0]
pack = tuple(data[47+length:].split('\x00\x00\x00'))[:2]
os_version, service_client = tuple([e.replace('\x00','') for e in data[47+length:].split('\x00\x00\x00')[:2]])
length = struct.unpack('<H', data[43:45])[0]
pack = tuple(data[47 + length:].split('\x00\x00\x00'))[:2]
os_version, service_client = tuple(
[e.replace('\x00', '') for e in data[47 + length:].split('\x00\x00\x00')[:2]])
if os_version.lower() != 'unix':
host.os['type'] = 'windows'
else:
host.os['type'] = 'linux'
host.services[SMB_SERVICE]['name'] = service_client
if not host.os.has_key('version'):
host.os['version'] = os_version

3
chaos_monkey/network/sshfinger.py
View File

@ -16,7 +16,8 @@ class SSHFinger(HostFinger):
self._config = __import__('config').WormConfiguration
self._banner_regex = re.compile(SSH_REGEX, re.IGNORECASE)
def _banner_match(self, service, host, banner):
@staticmethod
def _banner_match(service, host, banner):
host.services[service]['name'] = 'ssh'
for dist in LINUX_DIST_SSH:
if banner.lower().find(dist) != -1:

10
chaos_monkey/network/tcp_scanner.py
View File

@ -21,11 +21,11 @@ class TcpScanner(HostScanner, HostFinger):
count = 0
for target_port in self._config.tcp_target_ports:
is_open, banner = check_port_tcp(host.ip_addr,
target_port,
self._config.tcp_scan_timeout / 1000.0,
self._config.tcp_scan_get_banner)
is_open, banner = check_port_tcp(host.ip_addr,
target_port,
self._config.tcp_scan_timeout / 1000.0,
self._config.tcp_scan_get_banner)
if is_open:
count += 1

2
chaos_monkey/network/tools.py
View File

@ -43,7 +43,7 @@ def check_port_udp(ip, port, timeout=DEFAULT_TIMEOUT):
try:
sock.sendto("-", (ip, port))
data, _ = sock.recvfrom(BANNER_READ)
data, _ = sock.recvfrom(BANNER_READ)
is_open = True
except:
pass

27
chaos_monkey/system_info/__init__.py
View File

@ -40,6 +40,7 @@ class InfoCollector(object):
"""
Generic Info Collection module
"""
def __init__(self):
self.info = {}
@ -51,20 +52,20 @@ class InfoCollector(object):
for process in psutil.process_iter():
try:
processes[process.pid] = {"name": process.name(),
"pid": process.pid,
"ppid": process.ppid(),
"cmdline": " ".join(process.cmdline()),
"full_image_path": process.exe(),
}
"pid": process.pid,
"ppid": process.ppid(),
"cmdline": " ".join(process.cmdline()),
"full_image_path": process.exe(),
}
except psutil.AccessDenied:
#we may be running as non root
#and some processes are impossible to acquire in Windows/Linux
#in this case we'll just add what we can
# we may be running as non root
# and some processes are impossible to acquire in Windows/Linux
# in this case we'll just add what we can
processes[process.pid] = {"name": "null",
"pid": process.pid,
"ppid": process.ppid(),
"cmdline": "ACCESS DENIED",
"full_image_path": "null",
}
"pid": process.pid,
"ppid": process.ppid(),
"cmdline": "ACCESS DENIED",
"full_image_path": "null",
}
pass
self.info['process_list'] = processes

1
chaos_monkey/system_info/linux_info_collector.py
View File

@ -15,4 +15,3 @@ class LinuxInfoCollector(InfoCollector):
self.get_hostname()
self.get_process_list()
return self.info