Struts2 ignores certificate errors, updated schema (#318)

Struts2 ignores certificate errors, updated schema
2019-05-10 17:11:45 +03:00 · 2019-05-10 17:11:45 +03:00 · ab890e7baa
parent fb07f2b6ea 861750be5b
commit ab890e7baa
2 changed files with 5 additions and 3 deletions
--- a/monkey/infection_monkey/exploit/struts2.py
+++ b/monkey/infection_monkey/exploit/struts2.py
@ -7,6 +7,7 @@ import urllib2
 import httplib
 import unicodedata
 import re
+import ssl

 import logging
 from infection_monkey.exploit.web_rce import WebRCE
@ -47,7 +48,7 @@ class Struts2Exploiter(WebRCE):
        headers = {'User-Agent': 'Mozilla/5.0'}
        request = urllib2.Request(url, headers=headers)
        try:
-            return urllib2.urlopen(request).geturl()
+            return urllib2.urlopen(request, context=ssl._create_unverified_context()).geturl()
        except urllib2.URLError:
            LOG.error("Can't reach struts2 server")
            return False
--- a/monkey/monkey_island/cc/services/config_schema.py
+++ b/monkey/monkey_island/cc/services/config_schema.py
@ -250,8 +250,9 @@ SCHEMA = {
                            "default": [
                            ],
                            "description":
-                                "List of IPs/subnets the monkey should scan."
-                                " Examples: \"192.168.0.1\", \"192.168.0.5-192.168.0.20\", \"192.168.0.5/24\""
+                                "List of IPs/subnets/hosts the monkey should scan."
+                                " Examples: \"192.168.0.1\", \"192.168.0.5-192.168.0.20\", \"192.168.0.5/24\","
+                                " \"printer.example\""
                        }
                    }
                },