p59342861
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #848 from guardicore/519/scoutsuite-integration 

519/scoutsuite integration
This commit is contained in:
VakarisZ 2021-02-19 08:08:40 +02:00 committed by GitHub
parent 978927c329 522000d169
commit c698e0ab66
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
348 changed files with 4940 additions and 2317 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.gitmodules vendored
View File

@ -1,7 +1,9 @@
[submodule "monkey/monkey_island/cc/services/attack/attack_data"]
path = monkey/monkey_island/cc/services/attack/attack_data
url = https://github.com/guardicore/cti
[submodule "docs/themes/learn"]
path = docs/themes/learn
url = https://github.com/guardicode/hugo-theme-learn.git
[submodule "monkey/infection_monkey/system_info/collectors/scoutsuite"]
path = monkey/common/cloud/scoutsuite
url = https://github.com/guardicode/ScoutSuite.git

422
.swm/OwcKMnALpn7tuBaJY1US.swm
View File

@ -1,232 +1,200 @@
{
"id": "OwcKMnALpn7tuBaJY1US",
"name": "Add a new System Info Collector",
"dod": "Add a system info collector that collects the machine hostname.",
"description": "# What are system info collectors?\n\nWell, the name pretty much explains it. They are Monkey classes which collect various information regarding the victim system, such as Environment, SSH Info, Process List, Netstat and more. \n\n## What should I add? \n\nA system info collector which collects the hostname of the system.\n\n## Test manually\n\nOnce you're done, make sure that your collector:\n* Appears in the Island configuration, and is enabled by default\n* The collector actually runs when executing a Monkey.\n* Results show up in the relevant places:\n * The infection map.\n * The security report.\n * The relevant MITRE techniques.\n\n**There are a lot of hints for this unit - don't be afraid to use them!**",
"summary": "System info collectors are useful to get more data for various things, such as ZT tests or MITRE techniques. Take a look at some other techniques!",
"hunksOrder": [
"monkey/common/data/system_info_collectors_names.py_0",
"monkey/infection_monkey/system_info/collectors/hostname_collector.py_0",
"monkey/monkey_island/cc/services/config_schema/definitions/system_info_collector_classes.py_0",
"monkey/monkey_island/cc/services/config_schema/definitions/system_info_collector_classes.py_1",
"monkey/monkey_island/cc/services/config_schema/monkey.py_0",
"monkey/monkey_island/cc/services/config_schema/monkey.py_1",
"monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/hostname.py_0",
"monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py_0",
"monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py_1"
],
"tests": [],
"hints": [
"First thing you should do is take a look at a different collector (like EnvironmentCollector) and 100% understand how it runs, how results are relayed back to the server, and how the server processes the data.",
"Try to run \"socket.getfqdn()\".",
"Take a look at SystemInfoCollector - that's the base class you'll need to implement.",
"Make sure you add the new collector to the configuration in all relevant places, including making it ON by default!"
],
"play_mode": "all",
"swimmPatch": {
"monkey/common/data/system_info_collectors_names.py": {
"diffType": "MODIFIED",
"fileDiffHeader": "diff --git a/monkey/common/data/system_info_collectors_names.py b/monkey/common/data/system_info_collectors_names.py\nindex 175a054e..3b478dc9 100644\n--- a/monkey/common/data/system_info_collectors_names.py\n+++ b/monkey/common/data/system_info_collectors_names.py",
"hunks": [
{
"swimmHunkMetadata": {
"hunkComments": []
},
"hunkDiffLines": [
"@@ -1,5 +1,5 @@",
" AWS_COLLECTOR = \"AwsCollector\"",
"-HOSTNAME_COLLECTOR = \"HostnameCollector\"",
"+# SWIMMER: Collector name goes here.",
" ENVIRONMENT_COLLECTOR = \"EnvironmentCollector\"",
" PROCESS_LIST_COLLECTOR = \"ProcessListCollector\"",
" MIMIKATZ_COLLECTOR = \"MimikatzCollector\""
]
}
]
},
"monkey/infection_monkey/system_info/collectors/hostname_collector.py": {
"diffType": "MODIFIED",
"fileDiffHeader": "diff --git a/monkey/infection_monkey/system_info/collectors/hostname_collector.py b/monkey/infection_monkey/system_info/collectors/hostname_collector.py\nindex ae956081..bdeb5033 100644\n--- a/monkey/infection_monkey/system_info/collectors/hostname_collector.py\n+++ b/monkey/infection_monkey/system_info/collectors/hostname_collector.py",
"hunks": [
{
"swimmHunkMetadata": {
"hunkComments": []
},
"hunkDiffLines": [
"@@ -1,16 +1,5 @@",
" import logging",
"-import socket",
"-",
"-from common.data.system_info_collectors_names import HOSTNAME_COLLECTOR",
"-from infection_monkey.system_info.system_info_collector import \\",
"- SystemInfoCollector",
" ",
" logger = logging.getLogger(__name__)",
" ",
"-",
"+# SWIMMER: The collector class goes here.",
"-class HostnameCollector(SystemInfoCollector):",
"- def __init__(self):",
"- super().__init__(name=HOSTNAME_COLLECTOR)",
"-",
"- def collect(self) -> dict:",
"- return {\"hostname\": socket.getfqdn()}"
]
}
]
},
"monkey/monkey_island/cc/services/config_schema/definitions/system_info_collector_classes.py": {
"diffType": "MODIFIED",
"fileDiffHeader": "diff --git a/monkey/monkey_island/cc/services/config_schema/definitions/system_info_collector_classes.py b/monkey/monkey_island/cc/services/config_schema/definitions/system_info_collector_classes.py\nindex 174133f4..de961fbd 100644\n--- a/monkey/monkey_island/cc/services/config_schema/definitions/system_info_collector_classes.py\n+++ b/monkey/monkey_island/cc/services/config_schema/definitions/system_info_collector_classes.py",
"hunks": [
{
"swimmHunkMetadata": {
"hunkComments": []
},
"hunkDiffLines": [
"@@ -1,7 +1,6 @@",
" from common.data.system_info_collectors_names import (AWS_COLLECTOR,",
" AZURE_CRED_COLLECTOR,",
" ENVIRONMENT_COLLECTOR,",
"- HOSTNAME_COLLECTOR,",
" MIMIKATZ_COLLECTOR,",
" PROCESS_LIST_COLLECTOR)",
" "
]
},
{
"swimmHunkMetadata": {
"hunkComments": []
},
"hunkDiffLines": [
"@@ -40,16 +39,7 @@",
" \"info\": \"If on AWS, collects more information about the AWS instance currently running on.\",",
" \"attack_techniques\": [\"T1082\"]",
" },",
"- {",
"+ # SWIMMER: Collector config goes here. Tip: Hostname collection relates to the T1082 and T1016 techniques.",
"- \"type\": \"string\",",
"- \"enum\": [",
"- HOSTNAME_COLLECTOR",
"- ],",
"- \"title\": \"Hostname collector\",",
"- \"safe\": True,",
"- \"info\": \"Collects machine's hostname.\",",
"- \"attack_techniques\": [\"T1082\", \"T1016\"]",
"- },",
" {",
" \"type\": \"string\",",
" \"enum\": ["
]
}
]
},
"monkey/monkey_island/cc/services/config_schema/monkey.py": {
"diffType": "MODIFIED",
"fileDiffHeader": "diff --git a/monkey/monkey_island/cc/services/config_schema/monkey.py b/monkey/monkey_island/cc/services/config_schema/monkey.py\nindex b47d6a15..1b1962a4 100644\n--- a/monkey/monkey_island/cc/services/config_schema/monkey.py\n+++ b/monkey/monkey_island/cc/services/config_schema/monkey.py",
"hunks": [
{
"swimmHunkMetadata": {
"hunkComments": []
},
"hunkDiffLines": [
"@@ -1,7 +1,6 @@",
" from common.data.system_info_collectors_names import (AWS_COLLECTOR,",
" AZURE_CRED_COLLECTOR,",
" ENVIRONMENT_COLLECTOR,",
"- HOSTNAME_COLLECTOR,",
" MIMIKATZ_COLLECTOR,",
" PROCESS_LIST_COLLECTOR)",
" "
]
},
{
"swimmHunkMetadata": {
"hunkComments": []
},
"hunkDiffLines": [
"@@ -88,7 +87,6 @@",
" \"default\": [",
" ENVIRONMENT_COLLECTOR,",
" AWS_COLLECTOR,",
"- HOSTNAME_COLLECTOR,",
" PROCESS_LIST_COLLECTOR,",
" MIMIKATZ_COLLECTOR,",
" AZURE_CRED_COLLECTOR"
]
}
]
},
"monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/hostname.py": {
"diffType": "MODIFIED",
"fileDiffHeader": "diff --git a/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/hostname.py b/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/hostname.py\nindex e2de4519..04bc3556 100644\n--- a/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/hostname.py\n+++ b/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/hostname.py",
"hunks": [
{
"swimmHunkMetadata": {
"hunkComments": []
},
"hunkDiffLines": [
"@@ -1,9 +1,9 @@",
" import logging",
" ",
"-from monkey_island.cc.models.monkey import Monkey",
"+# SWIMMER: This will be useful :) monkey_island.cc.models.monkey.Monkey has the useful",
"+# \"get_single_monkey_by_guid\" and \"set_hostname\" methods.",
" ",
" logger = logging.getLogger(__name__)",
" ",
" ",
"-def process_hostname_telemetry(collector_results, monkey_guid):",
"+# SWIMMER: Processing function goes here.",
"- Monkey.get_single_monkey_by_guid(monkey_guid).set_hostname(collector_results[\"hostname\"])"
]
}
]
},
"monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py": {
"diffType": "MODIFIED",
"fileDiffHeader": "diff --git a/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py b/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py\nindex 639a392c..7aa6d3a6 100644\n--- a/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py\n+++ b/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py",
"hunks": [
{
"swimmHunkMetadata": {
"hunkComments": []
},
"hunkDiffLines": [
"@@ -3,14 +3,11 @@",
" ",
" from common.data.system_info_collectors_names import (AWS_COLLECTOR,",
" ENVIRONMENT_COLLECTOR,",
"- HOSTNAME_COLLECTOR,",
" PROCESS_LIST_COLLECTOR)",
" from monkey_island.cc.services.telemetry.processing.system_info_collectors.aws import \\",
" process_aws_telemetry",
" from monkey_island.cc.services.telemetry.processing.system_info_collectors.environment import \\",
" process_environment_telemetry",
"-from monkey_island.cc.services.telemetry.processing.system_info_collectors.hostname import \\",
"- process_hostname_telemetry",
" from monkey_island.cc.services.telemetry.zero_trust_tests.antivirus_existence import \\",
" test_antivirus_existence",
" "
]
},
{
"swimmHunkMetadata": {
"hunkComments": []
},
"hunkDiffLines": [
"@@ -19,7 +16,6 @@",
" SYSTEM_INFO_COLLECTOR_TO_TELEMETRY_PROCESSORS = {",
" AWS_COLLECTOR: [process_aws_telemetry],",
" ENVIRONMENT_COLLECTOR: [process_environment_telemetry],",
"- HOSTNAME_COLLECTOR: [process_hostname_telemetry],",
" PROCESS_LIST_COLLECTOR: [test_antivirus_existence]",
" }",
" "
]
}
]
}
"task": {
"dod": "Add a system info collector that collects the machine hostname.",
"tests": [],
"hints": [
"First thing you should do is take a look at a different collector (like EnvironmentCollector) and 100% understand how it runs, how results are relayed back to the server, and how the server processes the data.",
"Try to run \"socket.getfqdn()\".",
"Take a look at SystemInfoCollector - that's the base class you'll need to implement.",
"Make sure you add the new collector to the configuration in all relevant places, including making it ON by default!"
]
},
"app_version": "0.3.5-1",
"file_version": "1.0.4"
"content": [
{
"type": "text",
"text": "# What are system info collectors?\n\nWell, the name pretty much explains it. They are Monkey classes which collect various information regarding the victim system, such as Environment, SSH Info, Process List, Netstat and more. \n\n## What should I add? \n\nA system info collector which collects the hostname of the system.\n\n## Test manually\n\nOnce you're done, make sure that your collector:\n* Appears in the Island configuration, and is enabled by default\n* The collector actually runs when executing a Monkey.\n* Results show up in the relevant places:\n * The infection map.\n * The security report.\n * The relevant MITRE techniques.\n\n**There are a lot of hints for this unit - don't be afraid to use them!**"
},
{
"type": "snippet",
"path": "monkey/common/common_consts/system_info_collectors_names.py",
"comments": [],
"firstLineNumber": 1,
"lines": [
" AWS_COLLECTOR = \"AwsCollector\"",
"*HOSTNAME_COLLECTOR = \"HostnameCollector\"",
"+# SWIMMER: Collector name goes here.",
" ENVIRONMENT_COLLECTOR = \"EnvironmentCollector\"",
" PROCESS_LIST_COLLECTOR = \"ProcessListCollector\"",
" MIMIKATZ_COLLECTOR = \"MimikatzCollector\""
]
},
{
"type": "snippet",
"path": "monkey/infection_monkey/system_info/collectors/hostname_collector.py",
"comments": [],
"firstLineNumber": 1,
"lines": [
" import logging",
"*import socket",
"*",
"*from common.common_consts.system_info_collectors_names import HOSTNAME_COLLECTOR",
"*from infection_monkey.system_info.system_info_collector import SystemInfoCollector",
" ",
" logger = logging.getLogger(__name__)",
" ",
"*",
"+# SWIMMER: The collector class goes here.",
"*class HostnameCollector(SystemInfoCollector):",
"* def __init__(self):",
"* super().__init__(name=HOSTNAME_COLLECTOR)",
"*",
"* def collect(self) -> dict:",
"* return {\"hostname\": socket.getfqdn()}"
]
},
{
"type": "snippet",
"path": "monkey/monkey_island/cc/services/config_schema/definitions/system_info_collector_classes.py",
"comments": [],
"firstLineNumber": 1,
"lines": [
" from common.common_consts.system_info_collectors_names import (AWS_COLLECTOR, AZURE_CRED_COLLECTOR,\r",
"* ENVIRONMENT_COLLECTOR, HOSTNAME_COLLECTOR,\r",
" MIMIKATZ_COLLECTOR, PROCESS_LIST_COLLECTOR)\r",
" \r",
" SYSTEM_INFO_COLLECTOR_CLASSES = {\r"
]
},
{
"type": "snippet",
"path": "monkey/monkey_island/cc/services/config_schema/definitions/system_info_collector_classes.py",
"comments": [],
"firstLineNumber": 37,
"lines": [
" \"info\": \"If on AWS, collects more information about the AWS instance currently running on.\",",
" \"attack_techniques\": [\"T1082\"]",
" },",
"* {",
"+ # SWIMMER: Collector config goes here. Tip: Hostname collection relates to the T1082 and T1016 techniques.",
"* \"type\": \"string\",",
"* \"enum\": [",
"* HOSTNAME_COLLECTOR",
"* ],",
"* \"title\": \"Hostname collector\",",
"* \"safe\": True,",
"* \"info\": \"Collects machine's hostname.\",",
"* \"attack_techniques\": [\"T1082\", \"T1016\"]",
"* },",
" {",
" \"type\": \"string\",",
" \"enum\": ["
]
},
{
"type": "snippet",
"path": "monkey/monkey_island/cc/services/config_schema/monkey.py",
"comments": [],
"firstLineNumber": 1,
"lines": [
" from common.common_consts.system_info_collectors_names import (AWS_COLLECTOR, AZURE_CRED_COLLECTOR,",
" ENVIRONMENT_COLLECTOR, HOSTNAME_COLLECTOR,",
" MIMIKATZ_COLLECTOR, PROCESS_LIST_COLLECTOR)",
"* HOSTNAME_COLLECTOR,",
" MONKEY = {",
" \"title\": \"Monkey\",",
" \"type\": \"object\","
]
},
{
"type": "snippet",
"path": "monkey/monkey_island/cc/services/config_schema/monkey.py",
"comments": [],
"firstLineNumber": 85,
"lines": [
" \"default\": [",
" ENVIRONMENT_COLLECTOR,",
" AWS_COLLECTOR,",
"* HOSTNAME_COLLECTOR,",
" PROCESS_LIST_COLLECTOR,",
" MIMIKATZ_COLLECTOR,",
" AZURE_CRED_COLLECTOR"
]
},
{
"type": "snippet",
"path": "monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/hostname.py",
"comments": [],
"firstLineNumber": 1,
"lines": [
" import logging",
" ",
"*from monkey_island.cc.models.monkey import Monkey",
"+# SWIMMER: This will be useful :) monkey_island.cc.models.monkey.Monkey has the useful",
"+# \"get_single_monkey_by_guid\" and \"set_hostname\" methods.",
" ",
" logger = logging.getLogger(__name__)",
" ",
" ",
"*def process_hostname_telemetry(collector_results, monkey_guid):",
"+# SWIMMER: Processing function goes here.",
"* Monkey.get_single_monkey_by_guid(monkey_guid).set_hostname(collector_results[\"hostname\"])"
]
},
{
"type": "snippet",
"path": "monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py",
"comments": [],
"firstLineNumber": 1,
"lines": [
" import logging\r",
" import typing\r",
" \r",
"*from common.common_consts.system_info_collectors_names import (AWS_COLLECTOR, ENVIRONMENT_COLLECTOR, HOSTNAME_COLLECTOR,\r",
" PROCESS_LIST_COLLECTOR)\r",
" from monkey_island.cc.services.telemetry.processing.system_info_collectors.aws import process_aws_telemetry\r",
" from monkey_island.cc.services.telemetry.processing.system_info_collectors.environment import \\\r"
]
},
{
"type": "snippet",
"path": "monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py",
"comments": [],
"firstLineNumber": 14,
"lines": [
" SYSTEM_INFO_COLLECTOR_TO_TELEMETRY_PROCESSORS = {",
" AWS_COLLECTOR: [process_aws_telemetry],",
" ENVIRONMENT_COLLECTOR: [process_environment_telemetry],",
"* HOSTNAME_COLLECTOR: [process_hostname_telemetry],",
" PROCESS_LIST_COLLECTOR: [check_antivirus_existence]",
" }",
" "
]
},
{
"type": "snippet",
"lines": [
" from monkey_island.cc.services.telemetry.processing.system_info_collectors.aws import process_aws_telemetry\r",
" from monkey_island.cc.services.telemetry.processing.system_info_collectors.environment import \\\r",
" process_environment_telemetry\r",
"*from monkey_island.cc.services.telemetry.processing.system_info_collectors.hostname import process_hostname_telemetry\r",
" from monkey_island.cc.services.telemetry.zero_trust_checks.antivirus_existence import check_antivirus_existence\r",
" \r",
" logger = logging.getLogger(__name__)\r"
],
"firstLineNumber": 6,
"path": "monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py",
"comments": []
},
{
"type": "text",
"text": "System info collectors are useful to get more data for various things, such as ZT tests or MITRE techniques. Take a look at some other techniques!"
}
],
"file_version": "2.0.0",
"meta": {
"app_version": "0.3.7-0",
"file_blobs": {}
}
}

256
.swm/tbxb2cGgUiJQ8Btma0fp.swm
View File

@ -1,147 +1,121 @@
{
"id": "tbxb2cGgUiJQ8Btma0fp",
"name": "Add a simple Post Breach action",
"dod": "You should add a new PBA to the Monkey which creates a new user on the machine.",
"description": "Read [our documentation about adding a new PBA](https://www.guardicore.com/infectionmonkey/docs/development/adding-post-breach-actions/).\n\nAfter that we want you to add the BackdoorUser PBA. The commands that add users for Win and Linux can be retrieved from `get_commands_to_add_user` - make sure you see how to use this function correctly. \n\nNote that the PBA should impact the T1136 MITRE technique as well! \n\n# Manual test to confirm\n\n1. Run the Monkey Island\n2. Make sure your new PBA is enabled by default in the config - for this test, disable network scanning, exploiting, and all other PBAs\n3. Run Monkey\n4. See the PBA in the security report\n5, See the PBA in the MITRE report in the relevant technique\n",
"summary": "Take a look at the configuration of the island again - see the \"command to run after breach\" option we offer the user? It's implemented exactly like you did right now but each user can do it for themselves. \n\nHowever, what if the PBA needs to do stuff which is more complex than just running a few commands? In that case... ",
"hunksOrder": [
"monkey/common/data/post_breach_consts.py_0",
"monkey/infection_monkey/post_breach/actions/add_user.py_0",
"monkey/monkey_island/cc/services/attack/technique_reports/T1136.py_0",
"monkey/monkey_island/cc/services/attack/technique_reports/T1136.py_1",
"monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py_0"
],
"tests": [],
"hints": [
"See `ScheduleJobs` PBA for an example of a PBA which only uses shell commands.",
"Make sure to add the PBA to the configuration as well.",
"MITRE ATT&CK technique T1136 articulates that adversaries may create an account to maintain access to victim systems, therefore, the BackdoorUser PBA is relevant to it. Make sure to map this PBA to the MITRE ATT&CK configuration and report."
],
"play_mode": "all",
"swimmPatch": {
"monkey/common/data/post_breach_consts.py": {
"diffType": "MODIFIED",
"fileDiffHeader": "diff --git a/monkey/common/data/post_breach_consts.py b/monkey/common/data/post_breach_consts.py\nindex 25e6679c..05980288 100644\n--- a/monkey/common/data/post_breach_consts.py\n+++ b/monkey/common/data/post_breach_consts.py",
"hunks": [
{
"swimmHunkMetadata": {
"hunkComments": []
},
"hunkDiffLines": [
"@@ -1,5 +1,5 @@",
" POST_BREACH_COMMUNICATE_AS_NEW_USER = \"Communicate as new user\"",
"-POST_BREACH_BACKDOOR_USER = \"Backdoor user\"",
"+# Swimmer: PUT THE NEW CONST HERE!",
" POST_BREACH_FILE_EXECUTION = \"File execution\"",
" POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION = \"Modify shell startup file\"",
" POST_BREACH_HIDDEN_FILES = \"Hide files and directories\""
]
}
]
},
"monkey/infection_monkey/post_breach/actions/add_user.py": {
"diffType": "MODIFIED",
"fileDiffHeader": "diff --git a/monkey/infection_monkey/post_breach/actions/add_user.py b/monkey/infection_monkey/post_breach/actions/add_user.py\nindex 58be89a1..d8476a97 100644\n--- a/monkey/infection_monkey/post_breach/actions/add_user.py\n+++ b/monkey/infection_monkey/post_breach/actions/add_user.py",
"hunks": [
{
"swimmHunkMetadata": {
"hunkComments": []
},
"hunkDiffLines": [
"@@ -1,15 +1,7 @@",
"-from common.data.post_breach_consts import POST_BREACH_BACKDOOR_USER",
"-from infection_monkey.config import WormConfiguration",
" from infection_monkey.post_breach.pba import PBA",
" from infection_monkey.utils.users import get_commands_to_add_user",
" ",
" ",
" class BackdoorUser(PBA):",
" def __init__(self):",
"- linux_cmds, windows_cmds = get_commands_to_add_user(",
"+ pass # Swimmer: Impl here!",
"- WormConfiguration.user_to_add,",
"- WormConfiguration.remote_user_pass)",
"- super(BackdoorUser, self).__init__(",
"- POST_BREACH_BACKDOOR_USER,",
"- linux_cmd=' '.join(linux_cmds),",
"- windows_cmd=windows_cmds)"
]
}
]
},
"monkey/monkey_island/cc/services/attack/technique_reports/T1136.py": {
"diffType": "MODIFIED",
"fileDiffHeader": "diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1136.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1136.py\nindex 086a1c13..9f23bb8d 100644\n--- a/monkey/monkey_island/cc/services/attack/technique_reports/T1136.py\n+++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1136.py",
"hunks": [
{
"swimmHunkMetadata": {
"hunkComments": []
},
"hunkDiffLines": [
"@@ -1,5 +1,5 @@",
" from common.data.post_breach_consts import (",
"- POST_BREACH_BACKDOOR_USER, POST_BREACH_COMMUNICATE_AS_NEW_USER)",
"+ POST_BREACH_COMMUNICATE_AS_NEW_USER)",
" from monkey_island.cc.services.attack.technique_reports.pba_technique import \\",
" PostBreachTechnique",
" "
]
},
{
"swimmHunkMetadata": {
"hunkComments": []
},
"hunkDiffLines": [
"@@ -11,4 +11,4 @@",
" unscanned_msg = \"Monkey didn't try creating a new user on the network's systems.\"",
" scanned_msg = \"Monkey tried creating a new user on the network's systems, but failed.\"",
" used_msg = \"Monkey created a new user on the network's systems.\"",
"- pba_names = [POST_BREACH_BACKDOOR_USER, POST_BREACH_COMMUNICATE_AS_NEW_USER]",
"+ pba_names = [POST_BREACH_COMMUNICATE_AS_NEW_USER]"
]
}
]
},
"monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py": {
"diffType": "MODIFIED",
"fileDiffHeader": "diff --git a/monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py b/monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py\nindex f1fe0f6f..39ebd33a 100644\n--- a/monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py\n+++ b/monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py",
"hunks": [
{
"swimmHunkMetadata": {
"hunkComments": []
},
"hunkDiffLines": [
"@@ -4,16 +4,7 @@",
" \"might do after breaching a new machine. Used in ATT&CK and Zero trust reports.\",",
" \"type\": \"string\",",
" \"anyOf\": [",
"- {",
"+ # Swimmer: Add new PBA here to config!",
"- \"type\": \"string\",",
"- \"enum\": [",
"- \"BackdoorUser\"",
"- ],",
"- \"title\": \"Back door user\",",
"- \"safe\": True,",
"- \"info\": \"Attempts to create a new user on the system and delete it afterwards.\",",
"- \"attack_techniques\": [\"T1136\"]",
"- },",
" {",
" \"type\": \"string\",",
" \"enum\": ["
]
}
]
}
"task": {
"dod": "You should add a new PBA to the Monkey which creates a new user on the machine.",
"tests": [],
"hints": [
"See `ScheduleJobs` PBA for an example of a PBA which only uses shell commands.",
"Make sure to add the PBA to the configuration as well.",
"MITRE ATT&CK technique T1136 articulates that adversaries may create an account to maintain access to victim systems, therefore, the BackdoorUser PBA is relevant to it. Make sure to map this PBA to the MITRE ATT&CK configuration and report."
]
},
"app_version": "0.3.5-1",
"file_version": "1.0.4",
"hunksOrder": [
"monkey/common/data/post_breach_consts.py_0",
"monkey/infection_monkey/post_breach/actions/add_user.py_0",
"monkey/monkey_island/cc/services/attack/technique_reports/T1136.py_0",
"monkey/monkey_island/cc/services/attack/technique_reports/T1136.py_1",
"monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py_0"
"content": [
{
"type": "text",
"text": "Read [our documentation about adding a new PBA](https://www.guardicore.com/infectionmonkey/docs/development/adding-post-breach-actions/).\n\nAfter that we want you to add the BackdoorUser PBA. The commands that add users for Win and Linux can be retrieved from `get_commands_to_add_user` - make sure you see how to use this function correctly. \n\nNote that the PBA should impact the T1136 MITRE technique as well! \n\n# Manual test to confirm\n\n1. Run the Monkey Island\n2. Make sure your new PBA is enabled by default in the config - for this test, disable network scanning, exploiting, and all other PBAs\n3. Run Monkey\n4. See the PBA in the security report\n5, See the PBA in the MITRE report in the relevant technique\n"
},
{
"type": "snippet",
"path": "monkey/common/common_consts/post_breach_consts.py",
"comments": [],
"firstLineNumber": 1,
"lines": [
" POST_BREACH_COMMUNICATE_AS_NEW_USER = \"Communicate as new user\"",
"*POST_BREACH_BACKDOOR_USER = \"Backdoor user\"",
"+# Swimmer: PUT THE NEW CONST HERE!",
" POST_BREACH_FILE_EXECUTION = \"File execution\"",
" POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION = \"Modify shell startup file\"",
" POST_BREACH_HIDDEN_FILES = \"Hide files and directories\""
]
},
{
"type": "snippet",
"path": "monkey/infection_monkey/post_breach/actions/add_user.py",
"comments": [],
"firstLineNumber": 1,
"lines": [
"*from common.common_consts.post_breach_consts import POST_BREACH_BACKDOOR_USER",
"*from infection_monkey.config import WormConfiguration",
" from infection_monkey.post_breach.pba import PBA",
" from infection_monkey.utils.users import get_commands_to_add_user",
" ",
" ",
" class BackdoorUser(PBA):",
" def __init__(self):",
"* linux_cmds, windows_cmds = get_commands_to_add_user(",
"+ pass # Swimmer: Impl here!",
"* WormConfiguration.user_to_add,",
"* WormConfiguration.remote_user_pass)",
"* super(BackdoorUser, self).__init__(",
"* POST_BREACH_BACKDOOR_USER,",
"* linux_cmd=' '.join(linux_cmds),",
"* windows_cmd=windows_cmds)"
]
},
{
"type": "snippet",
"path": "monkey/monkey_island/cc/services/attack/technique_reports/T1136.py",
"comments": [],
"firstLineNumber": 1,
"lines": [
"*from common.common_consts.post_breach_consts import POST_BREACH_BACKDOOR_USER, POST_BREACH_COMMUNICATE_AS_NEW_USER\r",
" from monkey_island.cc.services.attack.technique_reports.pba_technique import PostBreachTechnique\r",
" \r",
" __author__ = \"shreyamalviya\"\r"
]
},
{
"type": "snippet",
"path": "monkey/monkey_island/cc/services/attack/technique_reports/T1136.py",
"comments": [],
"firstLineNumber": 9,
"lines": [
" unscanned_msg = \"Monkey didn't try creating a new user on the network's systems.\"",
" scanned_msg = \"Monkey tried creating a new user on the network's systems, but failed.\"",
" used_msg = \"Monkey created a new user on the network's systems.\"",
"* pba_names = [POST_BREACH_BACKDOOR_USER, POST_BREACH_COMMUNICATE_AS_NEW_USER]",
"+ pba_names = [POST_BREACH_COMMUNICATE_AS_NEW_USER]"
]
},
{
"type": "snippet",
"path": "monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py",
"comments": [],
"firstLineNumber": 4,
"lines": [
" \"might do after breaching a new machine. Used in ATT&CK and Zero trust reports.\",",
" \"type\": \"string\",",
" \"anyOf\": [",
"* {",
"+ # Swimmer: Add new PBA here to config!",
"* \"type\": \"string\",",
"* \"enum\": [",
"* \"BackdoorUser\"",
"* ],",
"* \"title\": \"Back door user\",",
"* \"safe\": True,",
"* \"info\": \"Attempts to create a new user on the system and delete it afterwards.\",",
"* \"attack_techniques\": [\"T1136\"]",
"* },",
" {",
" \"type\": \"string\",",
" \"enum\": ["
]
},
{
"type": "text",
"text": "Take a look at the configuration of the island again - see the \"command to run after breach\" option we offer the user? It's implemented exactly like you did right now but each user can do it for themselves. \n\nHowever, what if the PBA needs to do stuff which is more complex than just running a few commands? In that case... "
}
],
"last_commit_sha_for_swimm_patch": "9d9e8168fb2c23367b9947273aa1a041687b3e2e"
"file_version": "2.0.0",
"meta": {
"app_version": "0.3.7-0",
"file_blobs": {
"monkey/common/common_consts/post_breach_consts.py": "25e6679cb1623aae1a732deb05cc011a452743e3",
"monkey/infection_monkey/post_breach/actions/add_user.py": "a85845840d9cb37529ad367e159cd9001929e759",
"monkey/monkey_island/cc/services/attack/technique_reports/T1136.py": "d9d86e08ea4aeb0a6bee3f483e4fea50ee6cd200",
"monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py": "857e80da477ab31dbc00ed0a3f1cd49b69b505fa"
}
}
}

64
.swm/xYkxB76pK0peJj2tSxBJ.swm
View File

@ -1,30 +1,44 @@
{
"id": "xYkxB76pK0peJj2tSxBJ",
"name": "Define what your new PBA does",
"dod": "WW91JTIwc2hvdWxkJTIwYWRkJTIwYSUyMG5ldyUyMFBCQSUyMGNvbnN0JTIwdGhhdCUyMGRlZmluZXMlMjB3aGF0JTIwdGhlJTIwUEJBJTIwZG9lcy4=",
"description": "VGhlJTIwbmFtZSUyMG9mJTIweW91ciUyMG5ldyUyMFBCQSUyMCh3aGljaCUyMGNyZWF0ZXMlMjBzY2hlZHVsZWQlMjBqb2JzJTIwb24lMjB0aGUlMjBtYWNoaW5lKSUyMHdpbGwlMjBiZSUyMHVzZWQlMjBpbiUyMGElMjBmZXclMjBwbGFjZXMlMkMlMjBpbmNsdWRpbmclMjB0aGUlMjByZXBvcnQuJTIwJTNDYnIlM0UlM0NiciUzRSUwQVlvdSUyMHNob3VsZCUyMGJyaWVmbHklMjBkZWZpbmUlMjB3aGF0JTIweW91ciUyMFBCQSUyMGRvZXMlMjBpbiUyMGElMjBjb25zdGFudCUyMHZhcmlhYmxlJTJDJTIwc3VjaCUyMHRoYXQlMjBpdCUyMGNhbiUyMGJlJTIwdXNlZCUyMGJ5JTIwYm90aCUyMHRoZSUyME1vbmtleSUyMGFuZCUyMHRoZSUyME1vbmtleSUyMElzbGFuZC4lMEElMEElMjMlMjMlMjBNYW51YWwlMjB0ZXN0JTIwJTIwJTBBT25jZSUyMHlvdSUyMHRoaW5rJTIweW91J3JlJTIwZG9uZS4uLiUwQS0lMjBSdW4lMjB0aGUlMjBNb25rZXklMjBJc2xhbmQlMEEtJTIwTWFrZSUyMHN1cmUlMjB0aGUlMjAlMjJKb2IlMjBzY2hlZHVsaW5nJTIyJTIwUEJBJTIwaXMlMjBlbmFibGVkJTIwaW4lMjB0aGUlMjAlMjJNb25rZXklMjIlMjB0YWIlMjBpbiUyMHRoZSUyMGNvbmZpZ3VyYXRpb24lMjAlRTIlODAlOTQlMjBmb3IlMjB0aGlzJTIwdGVzdCUyQyUyMGRpc2FibGUlMjBuZXR3b3JrJTIwc2Nhbm5pbmclMkMlMjBleHBsb2l0aW5nJTJDJTIwYW5kJTIwYWxsJTIwb3RoZXIlMjBQQkFzJTBBLSUyMFJ1biUyMHRoZSUyME1vbmtleSUwQS0lMjBDaGVjayUyMHRoZSUyMFBCQSUyMHNlY3Rpb24lMjBpbiUyMHRoZSUyMFNlY3VyaXR5JTIwcmVwb3J0JTIwZm9yJTIwdGhlJTIwbmFtZSUyMHlvdSUyMGdhdmUlMjB0byUyMHRoZSUyMG5ldyUyMFBCQSUyMCUyMCUwQSUwQSUzQ2ltZyUyMHNyYyUzRCUyMmh0dHBzJTNBJTJGJTJGZmlyZWJhc2VzdG9yYWdlLmdvb2dsZWFwaXMuY29tJTJGdjAlMkZiJTJGc3dpbW1pby1jb250ZW50JTJGbyUyRnJlcG9zaXRvcmllcyUyNTJGNk5sYjk5TnRZNUZjM2JTZDhzdUglMjUyRmltZyUyNTJGZjBlNTNlNmMtOWRiZS00MWQ4LTk0NTQtMmI1NzYxYzNmNTNhLnBuZyUzRmFsdCUzRG1lZGlhJTI2dG9rZW4lM0QyMWFhNGJiOC03ZWJlLTRkYWItYTczOS1jNzdlMDU5MTQ0ZGQlMjIlMjBoZWlnaHQlM0Q0MDAlM0U=",
"summary": "LSUyMFRoZSUyMG5hbWUlMjBkZWZpbmVkJTIwaGVyZSUyMGZvciUyMHlvdXIlMjBQQkElMjBjYW4lMjBiZSUyMHNlZW4lMjBvbiUyMHRoZSUyME1vbmtleSUyMElzbGFuZCUyMGluJTIwdGhlJTIwUEJBJTIwc2VjdGlvbiUyMGluJTIwdGhlJTIwU2VjdXJpdHklMjByZXBvcnQuJTBBLSUyMFRoZSUyMHJlc3VsdHMlMjBvZiUyMGVhY2glMjBQQkElMjBzdG9yZWQlMjBpbiUyMHRoZSUyMHRlbGVtZXRyeSUyMGFyZSUyMGFsc28lMjBpZGVudGlmaWVkJTIwYnklMjB0aGUlMjBzdHJpbmclMjBkZWZpbmVkJTIwaGVyZSUyMGZvciUyMHRoYXQlMjBQQkEu",
"diff": "ZGlmZiUyMC0tZ2l0JTIwYSUyRm1vbmtleSUyRmNvbW1vbiUyRmRhdGElMkZwb3N0X2JyZWFjaF9jb25zdHMucHklMjBiJTJGbW9ua2V5JTJGY29tbW9uJTJGZGF0YSUyRnBvc3RfYnJlYWNoX2NvbnN0cy5weSUwQWluZGV4JTIwMjVlNjY3OWMuLjQ2ZDgwMmRlJTIwMTAwNjQ0JTBBLS0tJTIwYSUyRm1vbmtleSUyRmNvbW1vbiUyRmRhdGElMkZwb3N0X2JyZWFjaF9jb25zdHMucHklMEElMkIlMkIlMkIlMjBiJTJGbW9ua2V5JTJGY29tbW9uJTJGZGF0YSUyRnBvc3RfYnJlYWNoX2NvbnN0cy5weSUwQSU0MCU0MCUyMC01JTJDNyUyMCUyQjUlMkM3JTIwJTQwJTQwJTIwUE9TVF9CUkVBQ0hfU0hFTExfU1RBUlRVUF9GSUxFX01PRElGSUNBVElPTiUyMCUzRCUyMCUyMk1vZGlmeSUyMHNoZWxsJTIwc3RhcnR1cCUyMGZpbGUlMjIlMEElMjBQT1NUX0JSRUFDSF9ISURERU5fRklMRVMlMjAlM0QlMjAlMjJIaWRlJTIwZmlsZXMlMjBhbmQlMjBkaXJlY3RvcmllcyUyMiUwQSUyMFBPU1RfQlJFQUNIX1RSQVBfQ09NTUFORCUyMCUzRCUyMCUyMkV4ZWN1dGUlMjBjb21tYW5kJTIwd2hlbiUyMGElMjBwYXJ0aWN1bGFyJTIwc2lnbmFsJTIwaXMlMjByZWNlaXZlZCUyMiUwQSUyMFBPU1RfQlJFQUNIX1NFVFVJRF9TRVRHSUQlMjAlM0QlMjAlMjJTZXR1aWQlMjBhbmQlMjBTZXRnaWQlMjIlMEEtUE9TVF9CUkVBQ0hfSk9CX1NDSEVEVUxJTkclMjAlM0QlMjAlMjJTY2hlZHVsZSUyMGpvYnMlMjIlMEElMkIlMjMlMjBTd2ltbWVyJTNBJTIwUFVUJTIwVEhFJTIwTkVXJTIwQ09OU1QlMjBIRVJFISUwQSUyMFBPU1RfQlJFQUNIX1RJTUVTVE9NUElORyUyMCUzRCUyMCUyMk1vZGlmeSUyMGZpbGVzJyUyMHRpbWVzdGFtcHMlMjIlMEElMjBQT1NUX0JSRUFDSF9TSUdORURfU0NSSVBUX1BST1hZX0VYRUMlMjAlM0QlMjAlMjJTaWduZWQlMjBzY3JpcHQlMjBwcm94eSUyMGV4ZWN1dGlvbiUyMiUwQSUyMFBPU1RfQlJFQUNIX0FDQ09VTlRfRElTQ09WRVJZJTIwJTNEJTIwJTIyQWNjb3VudCUyMGRpc2NvdmVyeSUyMiUwQQ==",
"tests": [],
"hints": [
"See the `Timestomping` PBA. How is the name of the PBA set?"
],
"files": {
"monkey/common/data/post_breach_consts.py": {
"index": [
"25e6679c..46d802de",
"100644"
],
"fileA": "monkey/common/data/post_breach_consts.py",
"fileB": "monkey/common/data/post_breach_consts.py",
"status": "MODIFIED",
"numLineDeletions": 1,
"numLineAdditions": 1,
"hunkContainers": [
"JTdCJTIyaHVuayUyMiUzQSU3QiUyMmhlYWRlciUyMiUzQSUyMiU0MCU0MCUyMC01JTJDNyUyMCUyQjUlMkM3JTIwJTQwJTQwJTIwUE9TVF9CUkVBQ0hfU0hFTExfU1RBUlRVUF9GSUxFX01PRElGSUNBVElPTiUyMCUzRCUyMCU1QyUyMk1vZGlmeSUyMHNoZWxsJTIwc3RhcnR1cCUyMGZpbGUlNUMlMjIlMjIlMkMlMjJjaGFuZ2VzJTIyJTNBJTVCJTdCJTIydHlwZSUyMiUzQSUyMmNvbnRleHQlMjIlMkMlMjJkYXRhJTIyJTNBJTIyJTIwUE9TVF9CUkVBQ0hfSElEREVOX0ZJTEVTJTIwJTNEJTIwJTVDJTIySGlkZSUyMGZpbGVzJTIwYW5kJTIwZGlyZWN0b3JpZXMlNUMlMjIlMjIlMkMlMjJsaW5lTnVtYmVycyUyMiUzQSU3QiUyMmElMjIlM0E1JTJDJTIyYiUyMiUzQTUlN0QlN0QlMkMlN0IlMjJ0eXBlJTIyJTNBJTIyY29udGV4dCUyMiUyQyUyMmRhdGElMjIlM0ElMjIlMjBQT1NUX0JSRUFDSF9UUkFQX0NPTU1BTkQlMjAlM0QlMjAlNUMlMjJFeGVjdXRlJTIwY29tbWFuZCUyMHdoZW4lMjBhJTIwcGFydGljdWxhciUyMHNpZ25hbCUyMGlzJTIwcmVjZWl2ZWQlNUMlMjIlMjIlMkMlMjJsaW5lTnVtYmVycyUyMiUzQSU3QiUyMmElMjIlM0E2JTJDJTIyYiUyMiUzQTYlN0QlN0QlMkMlN0IlMjJ0eXBlJTIyJTNBJTIyY29udGV4dCUyMiUyQyUyMmRhdGElMjIlM0ElMjIlMjBQT1NUX0JSRUFDSF9TRVRVSURfU0VUR0lEJTIwJTNEJTIwJTVDJTIyU2V0dWlkJTIwYW5kJTIwU2V0Z2lkJTVDJTIyJTIyJTJDJTIybGluZU51bWJlcnMlMjIlM0ElN0IlMjJhJTIyJTNBNyUyQyUyMmIlMjIlM0E3JTdEJTdEJTJDJTdCJTIydHlwZSUyMiUzQSUyMmRlbCUyMiUyQyUyMm1hcmslMjIlM0ElMjItJTIyJTJDJTIyZGF0YSUyMiUzQSUyMlBPU1RfQlJFQUNIX0pPQl9TQ0hFRFVMSU5HJTIwJTNEJTIwJTVDJTIyU2NoZWR1bGUlMjBqb2JzJTVDJTIyJTIyJTJDJTIybGluZU51bWJlcnMlMjIlM0ElN0IlMjJhJTIyJTNBOCU3RCU3RCUyQyU3QiUyMnR5cGUlMjIlM0ElMjJhZGQlMjIlMkMlMjJtYXJrJTIyJTNBJTIyJTJCJTIyJTJDJTIyZGF0YSUyMiUzQSUyMiUyMyUyMFN3aW1tZXIlM0ElMjBQVVQlMjBUSEUlMjBORVclMjBDT05TVCUyMEhFUkUhJTIyJTJDJTIybGluZU51bWJlcnMlMjIlM0ElN0IlMjJiJTIyJTNBOCU3RCU3RCUyQyU3QiUyMnR5cGUlMjIlM0ElMjJjb250ZXh0JTIyJTJDJTIyZGF0YSUyMiUzQSUyMiUyMFBPU1RfQlJFQUNIX1RJTUVTVE9NUElORyUyMCUzRCUyMCU1QyUyMk1vZGlmeSUyMGZpbGVzJyUyMHRpbWVzdGFtcHMlNUMlMjIlMjIlMkMlMjJsaW5lTnVtYmVycyUyMiUzQSU3QiUyMmElMjIlM0E5JTJDJTIyYiUyMiUzQTklN0QlN0QlMkMlN0IlMjJ0eXBlJTIyJTNBJTIyY29udGV4dCUyMiUyQyUyMmRhdGElMjIlM0ElMjIlMjBQT1NUX0JSRUFDSF9TSUdORURfU0NSSVBUX1BST1hZX0VYRUMlMjAlM0QlMjAlNUMlMjJTaWduZWQlMjBzY3JpcHQlMjBwcm94eSUyMGV4ZWN1dGlvbiU1QyUyMiUyMiUyQyUyMmxpbmVOdW1iZXJzJTIyJTNBJTdCJTIyYSUyMiUzQTEwJTJDJTIyYiUyMiUzQTEwJTdEJTdEJTJDJTdCJTIydHlwZSUyMiUzQSUyMmNvbnRleHQlMjIlMkMlMjJkYXRhJTIyJTNBJTIyJTIwUE9TVF9CUkVBQ0hfQUNDT1VOVF9ESVNDT1ZFUlklMjAlM0QlMjAlNUMlMjJBY2NvdW50JTIwZGlzY292ZXJ5JTVDJTIyJTIyJTJDJTIybGluZU51bWJlcnMlMjIlM0ElN0IlMjJhJTIyJTNBMTElMkMlMjJiJTIyJTNBMTElN0QlN0QlNUQlMkMlMjJsaW5lTnVtYmVycyUyMiUzQSU3QiUyMmElMjIlM0ElN0IlMjJzdGFydExpbmUlMjIlM0E1JTJDJTIybGluZXNDb3VudCUyMiUzQTclN0QlMkMlMjJiJTIyJTNBJTdCJTIyc3RhcnRMaW5lJTIyJTNBNSUyQyUyMmxpbmVzQ291bnQlMjIlM0E3JTdEJTdEJTdEJTdE"
]
}
"task": {
"dod": "You should add a new PBA const that defines what the PBA does.",
"tests": [],
"hints": [
"See the `Timestomping` PBA. How is the name of the PBA set?"
]
},
"app_version": "0.1.90",
"file_version": "1.0.2"
"content": [
{
"type": "text",
"text": "The name of your new PBA (which creates scheduled jobs on the machine) will be used in a few places, including the report. <br><br>\nYou should briefly define what your PBA does in a constant variable, such that it can be used by both the Monkey and the Monkey Island.\n\n## Manual test \nOnce you think you're done...\n- Run the Monkey Island\n- Make sure the \"Job scheduling\" PBA is enabled in the \"Monkey\" tab in the configuration — for this test, disable network scanning, exploiting, and all other PBAs\n- Run the Monkey\n- Check the PBA section in the Security report for the name you gave to the new PBA \n\n<img src=\"https://firebasestorage.googleapis.com/v0/b/swimmio-content/o/repositories%2F6Nlb99NtY5Fc3bSd8suH%2Fimg%2Ff0e53e6c-9dbe-41d8-9454-2b5761c3f53a.png?alt=media&token=21aa4bb8-7ebe-4dab-a739-c77e059144dd\" height=400>"
},
{
"firstLineNumber": 5,
"path": "monkey/common/common_consts/post_breach_consts.py",
"type": "snippet",
"lines": [
" POST_BREACH_HIDDEN_FILES = \"Hide files and directories\"",
" POST_BREACH_TRAP_COMMAND = \"Execute command when a particular signal is received\"",
" POST_BREACH_SETUID_SETGID = \"Setuid and Setgid\"",
"*POST_BREACH_JOB_SCHEDULING = \"Schedule jobs\"",
"+# Swimmer: PUT THE NEW CONST HERE!",
" POST_BREACH_TIMESTOMPING = \"Modify files' timestamps\"",
" POST_BREACH_SIGNED_SCRIPT_PROXY_EXEC = \"Signed script proxy execution\"",
" POST_BREACH_ACCOUNT_DISCOVERY = \"Account discovery\""
],
"comments": []
},
{
"type": "text",
"text": "- The name defined here for your PBA can be seen on the Monkey Island in the PBA section in the Security report.\n- The results of each PBA stored in the telemetry are also identified by the string defined here for that PBA."
}
],
"file_version": "2.0.0",
"meta": {
"app_version": "0.3.7-0",
"file_blobs": {
"monkey/common/common_consts/post_breach_consts.py": "25e6679cb1623aae1a732deb05cc011a452743e3"
}
}
}

10
.travis.yml
View File

@ -27,6 +27,7 @@ install:
- pip install flake8 pytest pytest-cov dlint isort # for next stages
- pip install coverage # for code coverage
- pip install -r monkey/infection_monkey/requirements.txt # for unit tests
- pip install -r monkey/common/cloud/scoutsuite/requirements.txt
- pip install pipdeptree
# Fail builds on possible conflicting dependencies.
- pipdeptree --warn fail
@ -52,15 +53,10 @@ install:
# print hugo version (useful for debugging documentation build errors)
- hugo version
before_script:
# Set the server config to `testing`. This is required for for the UTs to pass.
- pushd /home/travis/build/guardicore/monkey/monkey
- python monkey_island/cc/environment/set_server_config.py testing
- popd
script:
# Check Python code
- flake8 ./monkey --config=./ci_scripts/flake8_syntax_check.ini
## Check syntax errors and fail the build if any are found.
- flake8 ./monkey --exclude=monkey/common/cloud/scoutsuite --config=./ci_scripts/flake8_syntax_check.ini
## Warn about linter issues.
### --exit-zero forces Flake8 to use the exit status code 0 even if there are errors, which means this will NOT fail the build.

1
deployment_scripts/config.ps1
View File

@ -30,6 +30,7 @@ $TRACEROUTE_32_BINARY_URL = $MONKEY_DOWNLOAD_URL + "traceroute32"
# Other directories and paths ( most likely you dont need to configure)
$MONKEY_ISLAND_DIR = Join-Path "\monkey" -ChildPath "monkey_island"
$MONKEY_DIR = Join-Path "\monkey" -ChildPath "infection_monkey"
$SCOUTSUITE_DIR = Join-Path "\monkey" "common" "cloud" "scoutsuite"
$SAMBA_BINARIES_DIR = Join-Path -Path $MONKEY_DIR -ChildPath "\bin"
$TEMP_PYTHON_INSTALLER = ".\python.exe"
$TEMP_MONGODB_ZIP = ".\mongodb.zip"

4
deployment_scripts/deploy_linux.sh
View File

@ -66,6 +66,7 @@ MONGO_PATH="$ISLAND_PATH/bin/mongodb"
ISLAND_BINARIES_PATH="$ISLAND_PATH/cc/binaries"
INFECTION_MONKEY_DIR="$monkey_home/monkey/infection_monkey"
MONKEY_BIN_DIR="$INFECTION_MONKEY_DIR/bin"
SCOUTSUITE_DIR="$monkey_home/monkey/common/cloud/scoutsuite"
if ! has_sudo; then
log_message "You need root permissions for some of this script operations. \
@ -141,6 +142,9 @@ sudo apt-get install -y libffi-dev upx libssl-dev libc++1
requirements_monkey="$INFECTION_MONKEY_DIR/requirements.txt"
${python_cmd} -m pip install -r "${requirements_monkey}" --user --upgrade || handle_error
log_message "Installing ScoutSuite requirements"
requirements_scoutsuite="$SCOUTSUITE_DIR/requirements.txt"
${python_cmd} -m pip install -r "${requirements_scoutsuite}" --user --upgrade || handle_error
agents=${3:-true}
# Download binaries

3
deployment_scripts/deploy_windows.ps1
View File

@ -115,6 +115,9 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName,
"Installing python packages for monkey"
$monkeyRequirements = Join-Path -Path $monkey_home -ChildPath $MONKEY_DIR | Join-Path -ChildPath "\requirements.txt"
& python -m pip install --user -r $monkeyRequirements
"Installing python packages for ScoutSuite"
$scoutsuiteRequirements = Join-Path -Path $monkey_home -ChildPath $SCOUTSUITE_DIR | Join-Path -ChildPath "\requirements.txt"
& python -m pip install --user -r $scoutsuiteRequirements
$user_python_dir = cmd.exe /c 'py -m site --user-site'
$user_python_dir = Join-Path (Split-Path $user_python_dir) -ChildPath "\Scripts"

3
envs/monkey_zoo/blackbox/analyzers/performance_analyzer.py
View File

@ -3,8 +3,7 @@ from datetime import timedelta
from typing import Dict
from envs.monkey_zoo.blackbox.analyzers.analyzer import Analyzer
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import \
PerformanceTestConfig
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import PerformanceTestConfig
LOGGER = logging.getLogger(__name__)

3
envs/monkey_zoo/blackbox/island_client/monkey_island_client.py
View File

@ -4,8 +4,7 @@ from time import sleep
from bson import json_util
from envs.monkey_zoo.blackbox.island_client.monkey_island_requests import \
MonkeyIslandRequests
from envs.monkey_zoo.blackbox.island_client.monkey_island_requests import MonkeyIslandRequests
SLEEP_BETWEEN_REQUESTS_SECONDS = 0.5
MONKEY_TEST_ENDPOINT = 'api/test/monkey'

3
envs/monkey_zoo/blackbox/island_client/monkey_island_requests.py
View File

@ -5,8 +5,7 @@ from typing import Dict
import requests
from envs.monkey_zoo.blackbox.island_client.supported_request_method import \
SupportedRequestMethod
from envs.monkey_zoo.blackbox.island_client.supported_request_method import SupportedRequestMethod
# SHA3-512 of '1234567890!@#$%^&*()_nothing_up_my_sleeve_1234567890!@#$%^&*()'
NO_AUTH_CREDS = '55e97c9dcfd22b8079189ddaeea9bce8125887e3237b800c6176c9afa80d2062' \

6
envs/monkey_zoo/blackbox/log_handlers/test_logs_handler.py
View File

@ -2,10 +2,8 @@ import logging
import os
import shutil
from envs.monkey_zoo.blackbox.log_handlers.monkey_log_parser import \
MonkeyLogParser
from envs.monkey_zoo.blackbox.log_handlers.monkey_logs_downloader import \
MonkeyLogsDownloader
from envs.monkey_zoo.blackbox.log_handlers.monkey_log_parser import MonkeyLogParser
from envs.monkey_zoo.blackbox.log_handlers.monkey_logs_downloader import MonkeyLogsDownloader
LOG_DIR_NAME = 'logs'
LOGGER = logging.getLogger(__name__)

24
envs/monkey_zoo/blackbox/test_blackbox.py
View File

@ -4,25 +4,17 @@ from time import sleep
import pytest
from envs.monkey_zoo.blackbox.analyzers.communication_analyzer import \
CommunicationAnalyzer
from envs.monkey_zoo.blackbox.island_client.island_config_parser import \
IslandConfigParser
from envs.monkey_zoo.blackbox.island_client.monkey_island_client import \
MonkeyIslandClient
from envs.monkey_zoo.blackbox.log_handlers.test_logs_handler import \
TestLogsHandler
from envs.monkey_zoo.blackbox.analyzers.communication_analyzer import CommunicationAnalyzer
from envs.monkey_zoo.blackbox.island_client.island_config_parser import IslandConfigParser
from envs.monkey_zoo.blackbox.island_client.monkey_island_client import MonkeyIslandClient
from envs.monkey_zoo.blackbox.log_handlers.test_logs_handler import TestLogsHandler
from envs.monkey_zoo.blackbox.tests.exploitation import ExploitationTest
from envs.monkey_zoo.blackbox.tests.performance.map_generation import \
MapGenerationTest
from envs.monkey_zoo.blackbox.tests.performance.map_generation_from_telemetries import \
MapGenerationFromTelemetryTest
from envs.monkey_zoo.blackbox.tests.performance.report_generation import \
ReportGenerationTest
from envs.monkey_zoo.blackbox.tests.performance.map_generation import MapGenerationTest
from envs.monkey_zoo.blackbox.tests.performance.map_generation_from_telemetries import MapGenerationFromTelemetryTest
from envs.monkey_zoo.blackbox.tests.performance.report_generation import ReportGenerationTest
from envs.monkey_zoo.blackbox.tests.performance.report_generation_from_telemetries import \
ReportGenerationFromTelemetryTest
from envs.monkey_zoo.blackbox.tests.performance.telemetry_performance_test import \
TelemetryPerformanceTest
from envs.monkey_zoo.blackbox.tests.performance.telemetry_performance_test import TelemetryPerformanceTest
from envs.monkey_zoo.blackbox.utils import gcp_machine_handlers
DEFAULT_TIMEOUT_SECONDS = 5*60

12
envs/monkey_zoo/blackbox/tests/performance/endpoint_performance_test.py
View File

@ -1,14 +1,10 @@
import logging
from envs.monkey_zoo.blackbox.analyzers.performance_analyzer import \
PerformanceAnalyzer
from envs.monkey_zoo.blackbox.island_client.monkey_island_client import \
MonkeyIslandClient
from envs.monkey_zoo.blackbox.island_client.supported_request_method import \
SupportedRequestMethod
from envs.monkey_zoo.blackbox.analyzers.performance_analyzer import PerformanceAnalyzer
from envs.monkey_zoo.blackbox.island_client.monkey_island_client import MonkeyIslandClient
from envs.monkey_zoo.blackbox.island_client.supported_request_method import SupportedRequestMethod
from envs.monkey_zoo.blackbox.tests.basic_test import BasicTest
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import \
PerformanceTestConfig
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import PerformanceTestConfig
LOGGER = logging.getLogger(__name__)

9
envs/monkey_zoo/blackbox/tests/performance/map_generation.py
View File

@ -1,12 +1,9 @@
from datetime import timedelta
from envs.monkey_zoo.blackbox.tests.exploitation import ExploitationTest
from envs.monkey_zoo.blackbox.tests.performance.performance_test import \
PerformanceTest
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import \
PerformanceTestConfig
from envs.monkey_zoo.blackbox.tests.performance.performance_test_workflow import \
PerformanceTestWorkflow
from envs.monkey_zoo.blackbox.tests.performance.performance_test import PerformanceTest
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import PerformanceTestConfig
from envs.monkey_zoo.blackbox.tests.performance.performance_test_workflow import PerformanceTestWorkflow
MAX_ALLOWED_SINGLE_PAGE_TIME = timedelta(seconds=2)
MAX_ALLOWED_TOTAL_TIME = timedelta(seconds=5)

6
envs/monkey_zoo/blackbox/tests/performance/map_generation_from_telemetries.py
View File

@ -1,9 +1,7 @@
from datetime import timedelta
from envs.monkey_zoo.blackbox.tests.performance.performance_test import \
PerformanceTest
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import \
PerformanceTestConfig
from envs.monkey_zoo.blackbox.tests.performance.performance_test import PerformanceTest
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import PerformanceTestConfig
from envs.monkey_zoo.blackbox.tests.performance.telemetry_performance_test_workflow import \
TelemetryPerformanceTestWorkflow

6
envs/monkey_zoo/blackbox/tests/performance/performance_test_workflow.py
View File

@ -1,9 +1,7 @@
from envs.monkey_zoo.blackbox.tests.basic_test import BasicTest
from envs.monkey_zoo.blackbox.tests.exploitation import ExploitationTest
from envs.monkey_zoo.blackbox.tests.performance.endpoint_performance_test import \
EndpointPerformanceTest
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import \
PerformanceTestConfig
from envs.monkey_zoo.blackbox.tests.performance.endpoint_performance_test import EndpointPerformanceTest
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import PerformanceTestConfig
class PerformanceTestWorkflow(BasicTest):

9
envs/monkey_zoo/blackbox/tests/performance/report_generation.py
View File

@ -1,12 +1,9 @@
from datetime import timedelta
from envs.monkey_zoo.blackbox.tests.exploitation import ExploitationTest
from envs.monkey_zoo.blackbox.tests.performance.performance_test import \
PerformanceTest
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import \
PerformanceTestConfig
from envs.monkey_zoo.blackbox.tests.performance.performance_test_workflow import \
PerformanceTestWorkflow
from envs.monkey_zoo.blackbox.tests.performance.performance_test import PerformanceTest
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import PerformanceTestConfig
from envs.monkey_zoo.blackbox.tests.performance.performance_test_workflow import PerformanceTestWorkflow
MAX_ALLOWED_SINGLE_PAGE_TIME = timedelta(seconds=2)
MAX_ALLOWED_TOTAL_TIME = timedelta(seconds=5)

6
envs/monkey_zoo/blackbox/tests/performance/report_generation_from_telemetries.py
View File

@ -1,9 +1,7 @@
from datetime import timedelta
from envs.monkey_zoo.blackbox.tests.performance.performance_test import \
PerformanceTest
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import \
PerformanceTestConfig
from envs.monkey_zoo.blackbox.tests.performance.performance_test import PerformanceTest
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import PerformanceTestConfig
from envs.monkey_zoo.blackbox.tests.performance.telemetry_performance_test_workflow import \
TelemetryPerformanceTestWorkflow

6
envs/monkey_zoo/blackbox/tests/performance/telem_sample_parsing/sample_multiplier/sample_multiplier.py
View File

@ -6,12 +6,10 @@ from typing import Dict, List
from tqdm import tqdm
from envs.monkey_zoo.blackbox.tests.performance.telem_sample_parsing.sample_file_parser import \
SampleFileParser
from envs.monkey_zoo.blackbox.tests.performance.telem_sample_parsing.sample_file_parser import SampleFileParser
from envs.monkey_zoo.blackbox.tests.performance.telem_sample_parsing.sample_multiplier.fake_ip_generator import \
FakeIpGenerator
from envs.monkey_zoo.blackbox.tests.performance.telem_sample_parsing.sample_multiplier.fake_monkey import \
FakeMonkey
from envs.monkey_zoo.blackbox.tests.performance.telem_sample_parsing.sample_multiplier.fake_monkey import FakeMonkey
TELEM_DIR_PATH = './tests/performance/telemetry_sample'
LOGGER = logging.getLogger(__name__)

15
envs/monkey_zoo/blackbox/tests/performance/telemetry_performance_test.py
View File

@ -4,16 +4,11 @@ from datetime import timedelta
from tqdm import tqdm
from envs.monkey_zoo.blackbox.analyzers.performance_analyzer import \
PerformanceAnalyzer
from envs.monkey_zoo.blackbox.island_client.monkey_island_client import \
MonkeyIslandClient
from envs.monkey_zoo.blackbox.island_client.supported_request_method import \
SupportedRequestMethod
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import \
PerformanceTestConfig
from envs.monkey_zoo.blackbox.tests.performance.telem_sample_parsing.sample_file_parser import \
SampleFileParser
from envs.monkey_zoo.blackbox.analyzers.performance_analyzer import PerformanceAnalyzer
from envs.monkey_zoo.blackbox.island_client.monkey_island_client import MonkeyIslandClient
from envs.monkey_zoo.blackbox.island_client.supported_request_method import SupportedRequestMethod
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import PerformanceTestConfig
from envs.monkey_zoo.blackbox.tests.performance.telem_sample_parsing.sample_file_parser import SampleFileParser
LOGGER = logging.getLogger(__name__)

9
envs/monkey_zoo/blackbox/tests/performance/telemetry_performance_test_workflow.py
View File

@ -1,10 +1,7 @@
from envs.monkey_zoo.blackbox.tests.basic_test import BasicTest
from envs.monkey_zoo.blackbox.tests.performance.endpoint_performance_test import \
EndpointPerformanceTest
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import \
PerformanceTestConfig
from envs.monkey_zoo.blackbox.tests.performance.telemetry_performance_test import \
TelemetryPerformanceTest
from envs.monkey_zoo.blackbox.tests.performance.endpoint_performance_test import EndpointPerformanceTest
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import PerformanceTestConfig
from envs.monkey_zoo.blackbox.tests.performance.telemetry_performance_test import TelemetryPerformanceTest
class TelemetryPerformanceTestWorkflow(BasicTest):

3
envs/os_compatibility/test_compatibility.py
View File

@ -1,7 +1,6 @@
import pytest
from envs.monkey_zoo.blackbox.island_client.monkey_island_client import \
MonkeyIslandClient
from envs.monkey_zoo.blackbox.island_client.monkey_island_client import MonkeyIslandClient
machine_list = {
"10.0.0.36": "centos_6",

1
monkey/common/cloud/scoutsuite Submodule

@ -0,0 +1 @@
Subproject commit e5dd01dab08ed8d887736cfcee068c1b8895d4a1

9
monkey/common/cloud/scoutsuite_consts.py Normal file
View File

@ -0,0 +1,9 @@
from enum import Enum
class CloudProviders(Enum):
AWS = 'aws'
AZURE = 'azure'
GCP = 'gcp'
ALIBABA = 'aliyun'
ORACLE = 'oci'

0
monkey/common/data/__init__.py → monkey/common/common_consts/__init__.py
View File

0
monkey/common/data/api_url_consts.py → monkey/common/common_consts/api_url_consts.py
View File

0
monkey/common/data/network_consts.py → monkey/common/common_consts/network_consts.py
View File

0
monkey/common/data/post_breach_consts.py → monkey/common/common_consts/post_breach_consts.py
View File

1
monkey/common/data/system_info_collectors_names.py → monkey/common/common_consts/system_info_collectors_names.py
View File

@ -4,3 +4,4 @@ ENVIRONMENT_COLLECTOR = "EnvironmentCollector"
PROCESS_LIST_COLLECTOR = "ProcessListCollector"
MIMIKATZ_COLLECTOR = "MimikatzCollector"
AZURE_CRED_COLLECTOR = "AzureCollector"
SCOUTSUITE_COLLECTOR = "ScoutSuiteCollector"

10
monkey/common/common_consts/telem_categories.py Normal file
View File

@ -0,0 +1,10 @@
class TelemCategoryEnum:
EXPLOIT = 'exploit'
POST_BREACH = 'post_breach'
SCAN = 'scan'
SCOUTSUITE = 'scoutsuite'
STATE = 'state'
SYSTEM_INFO = 'system_info'
TRACE = 'trace'
TUNNEL = 'tunnel'
ATTACK = 'attack'

0
monkey/common/data/validation_formats.py → monkey/common/common_consts/validation_formats.py
View File

101
monkey/common/data/zero_trust_consts.py → monkey/common/common_consts/zero_trust_consts.py
View File

@ -31,6 +31,14 @@ TEST_MALICIOUS_ACTIVITY_TIMELINE = "malicious_activity_timeline"
TEST_SEGMENTATION = "segmentation"
TEST_TUNNELING = "tunneling"
TEST_COMMUNICATE_AS_NEW_USER = "communicate_as_new_user"
TEST_SCOUTSUITE_PERMISSIVE_FIREWALL_RULES = "scoutsuite_permissive_firewall_rules"
TEST_SCOUTSUITE_UNENCRYPTED_DATA = "scoutsuite_unencrypted_data"
TEST_SCOUTSUITE_DATA_LOSS_PREVENTION = "scoutsuite_data_loss_prevention"
TEST_SCOUTSUITE_SECURE_AUTHENTICATION = "scoutsuite_secure_authentication"
TEST_SCOUTSUITE_RESTRICTIVE_POLICIES = "scoutsuite_unrestrictive_policies"
TEST_SCOUTSUITE_LOGGING = "scoutsuite_logging"
TEST_SCOUTSUITE_SERVICE_SECURITY = "scoutsuite_service_security"
TESTS = (
TEST_SEGMENTATION,
TEST_MALICIOUS_ACTIVITY_TIMELINE,
@ -40,25 +48,38 @@ TESTS = (
TEST_DATA_ENDPOINT_HTTP,
TEST_DATA_ENDPOINT_ELASTIC,
TEST_TUNNELING,
TEST_COMMUNICATE_AS_NEW_USER
TEST_COMMUNICATE_AS_NEW_USER,
TEST_SCOUTSUITE_PERMISSIVE_FIREWALL_RULES,
TEST_SCOUTSUITE_UNENCRYPTED_DATA,
TEST_SCOUTSUITE_DATA_LOSS_PREVENTION,
TEST_SCOUTSUITE_SECURE_AUTHENTICATION,
TEST_SCOUTSUITE_RESTRICTIVE_POLICIES,
TEST_SCOUTSUITE_LOGGING,
TEST_SCOUTSUITE_SERVICE_SECURITY
)
PRINCIPLE_DATA_TRANSIT = "data_transit"
PRINCIPLE_DATA_CONFIDENTIALITY = "data_transit"
PRINCIPLE_ENDPOINT_SECURITY = "endpoint_security"
PRINCIPLE_USER_BEHAVIOUR = "user_behaviour"
PRINCIPLE_ANALYZE_NETWORK_TRAFFIC = "analyze_network_traffic"
PRINCIPLE_SEGMENTATION = "segmentation"
PRINCIPLE_RESTRICTIVE_NETWORK_POLICIES = "network_policies"
PRINCIPLE_USERS_MAC_POLICIES = "users_mac_policies"
PRINCIPLE_DISASTER_RECOVERY = "data_backup"
PRINCIPLE_SECURE_AUTHENTICATION = "secure_authentication"
PRINCIPLE_MONITORING_AND_LOGGING = "monitoring_and_logging"
PRINCIPLES = {
PRINCIPLE_SEGMENTATION: "Apply segmentation and micro-segmentation inside your network.",
PRINCIPLE_ANALYZE_NETWORK_TRAFFIC: "Analyze network traffic for malicious activity.",
PRINCIPLE_USER_BEHAVIOUR: "Adopt security user behavior analytics.",
PRINCIPLE_ENDPOINT_SECURITY: "Use anti-virus and other traditional endpoint security solutions.",
PRINCIPLE_DATA_TRANSIT: "Secure data at transit by encrypting it.",
PRINCIPLE_DATA_CONFIDENTIALITY: "Ensure data's confidentiality by encrypting it.",
PRINCIPLE_RESTRICTIVE_NETWORK_POLICIES: "Configure network policies to be as restrictive as possible.",
PRINCIPLE_USERS_MAC_POLICIES: "Users' permissions to the network and to resources should be MAC (Mandatory "
"Access Control) only.",
PRINCIPLE_DISASTER_RECOVERY: "Ensure data and infrastructure backups for disaster recovery scenarios.",
PRINCIPLE_SECURE_AUTHENTICATION: "Ensure secure authentication process's.",
PRINCIPLE_MONITORING_AND_LOGGING: "Ensure monitoring and logging in network resources."
}
POSSIBLE_STATUSES_KEY = "possible_statuses"
@ -129,7 +150,7 @@ TESTS_MAP = {
STATUS_PASSED: "Monkey didn't find open ElasticSearch instances. If you have such instances, look for alerts "
"that indicate attempts to access them. "
},
PRINCIPLE_KEY: PRINCIPLE_DATA_TRANSIT,
PRINCIPLE_KEY: PRINCIPLE_DATA_CONFIDENTIALITY,
PILLARS_KEY: [DATA],
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED, STATUS_PASSED]
},
@ -140,7 +161,7 @@ TESTS_MAP = {
STATUS_PASSED: "Monkey didn't find open HTTP servers. If you have such servers, look for alerts that indicate "
"attempts to access them. "
},
PRINCIPLE_KEY: PRINCIPLE_DATA_TRANSIT,
PRINCIPLE_KEY: PRINCIPLE_DATA_CONFIDENTIALITY,
PILLARS_KEY: [DATA],
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED, STATUS_PASSED]
},
@ -165,6 +186,76 @@ TESTS_MAP = {
PILLARS_KEY: [PEOPLE, NETWORKS, VISIBILITY_ANALYTICS],
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED, STATUS_PASSED]
},
TEST_SCOUTSUITE_PERMISSIVE_FIREWALL_RULES: {
TEST_EXPLANATION_KEY: "ScoutSuite assessed cloud firewall rules and settings.",
FINDING_EXPLANATION_BY_STATUS_KEY: {
STATUS_FAILED: "ScoutSuite found overly permissive firewall rules.",
STATUS_PASSED: "ScoutSuite found no problems with cloud firewall rules."
},
PRINCIPLE_KEY: PRINCIPLE_RESTRICTIVE_NETWORK_POLICIES,
PILLARS_KEY: [NETWORKS],
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED, STATUS_PASSED]
},
TEST_SCOUTSUITE_UNENCRYPTED_DATA: {
TEST_EXPLANATION_KEY: "ScoutSuite searched for resources containing unencrypted data.",
FINDING_EXPLANATION_BY_STATUS_KEY: {
STATUS_FAILED: "ScoutSuite found resources with unencrypted data.",
STATUS_PASSED: "ScoutSuite found no resources with unencrypted data."
},
PRINCIPLE_KEY: PRINCIPLE_DATA_CONFIDENTIALITY,
PILLARS_KEY: [DATA],
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED, STATUS_PASSED]
},
TEST_SCOUTSUITE_DATA_LOSS_PREVENTION: {
TEST_EXPLANATION_KEY: "ScoutSuite searched for resources which are not protected against data loss.",
FINDING_EXPLANATION_BY_STATUS_KEY: {
STATUS_FAILED: "ScoutSuite found resources not protected against data loss.",
STATUS_PASSED: "ScoutSuite found that all resources are secured against data loss."
},
PRINCIPLE_KEY: PRINCIPLE_DISASTER_RECOVERY,
PILLARS_KEY: [DATA],
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED, STATUS_PASSED]
},
TEST_SCOUTSUITE_SECURE_AUTHENTICATION: {
TEST_EXPLANATION_KEY: "ScoutSuite searched for issues related to users' authentication.",
FINDING_EXPLANATION_BY_STATUS_KEY: {
STATUS_FAILED: "ScoutSuite found issues related to users' authentication.",
STATUS_PASSED: "ScoutSuite found no issues related to users' authentication."
},
PRINCIPLE_KEY: PRINCIPLE_SECURE_AUTHENTICATION,
PILLARS_KEY: [PEOPLE, WORKLOADS],
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED, STATUS_PASSED]
},
TEST_SCOUTSUITE_RESTRICTIVE_POLICIES: {
TEST_EXPLANATION_KEY: "ScoutSuite searched for permissive user access policies.",
FINDING_EXPLANATION_BY_STATUS_KEY: {
STATUS_FAILED: "ScoutSuite found permissive user access policies.",
STATUS_PASSED: "ScoutSuite found no issues related to user access policies."
},
PRINCIPLE_KEY: PRINCIPLE_USERS_MAC_POLICIES,
PILLARS_KEY: [PEOPLE, WORKLOADS],
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED, STATUS_PASSED]
},
TEST_SCOUTSUITE_LOGGING: {
TEST_EXPLANATION_KEY: "ScoutSuite searched for issues, related to logging.",
FINDING_EXPLANATION_BY_STATUS_KEY: {
STATUS_FAILED: "ScoutSuite found logging issues.",
STATUS_PASSED: "ScoutSuite found no logging issues."
},
PRINCIPLE_KEY: PRINCIPLE_MONITORING_AND_LOGGING,
PILLARS_KEY: [AUTOMATION_ORCHESTRATION, VISIBILITY_ANALYTICS],
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED, STATUS_PASSED]
},
TEST_SCOUTSUITE_SERVICE_SECURITY: {
TEST_EXPLANATION_KEY: "ScoutSuite searched for service security issues.",
FINDING_EXPLANATION_BY_STATUS_KEY: {
STATUS_FAILED: "ScoutSuite found service security issues.",
STATUS_PASSED: "ScoutSuite found no service security issues."
},
PRINCIPLE_KEY: PRINCIPLE_MONITORING_AND_LOGGING,
PILLARS_KEY: [DEVICES, NETWORKS],
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED, STATUS_PASSED]
}
}
EVENT_TYPE_MONKEY_NETWORK = "monkey_network"

5
monkey/common/network/test_network_utils.py
View File

@ -1,7 +1,6 @@
from unittest import TestCase
from common.network.network_utils import (get_host_from_network_location,
remove_port)
from common.network.network_utils import get_host_from_network_location, remove_port
class TestNetworkUtils(TestCase):
@ -11,7 +10,7 @@ class TestNetworkUtils(TestCase):
assert get_host_from_network_location("127.0.0.1") == "127.0.0.1"
assert get_host_from_network_location("www.google.com:8080") == "www.google.com"
assert get_host_from_network_location("user:password@host:8080") == "host"
def test_remove_port_from_url(self):
assert remove_port('https://google.com:80') == 'https://google.com'
assert remove_port('https://8.8.8.8:65336') == 'https://8.8.8.8'

18
monkey/common/network/test_segmentation_utils.py
View File

@ -1,30 +1,28 @@
from common.network.network_range import CidrRange
from common.network.segmentation_utils import get_ip_in_src_and_not_in_dst
from monkey_island.cc.testing.IslandTestCase import IslandTestCase
class TestSegmentationUtils(IslandTestCase):
class TestSegmentationUtils:
def test_get_ip_in_src_and_not_in_dst(self):
self.fail_if_not_testing_env()
source = CidrRange("1.1.1.0/24")
target = CidrRange("2.2.2.0/24")
# IP not in both
self.assertIsNone(get_ip_in_src_and_not_in_dst(
assert get_ip_in_src_and_not_in_dst(
["3.3.3.3", "4.4.4.4"], source, target
))
) is None
# IP not in source, in target
self.assertIsNone(get_ip_in_src_and_not_in_dst(
assert (get_ip_in_src_and_not_in_dst(
["2.2.2.2"], source, target
))
)) is None
# IP in source, not in target
self.assertIsNotNone(get_ip_in_src_and_not_in_dst(
assert (get_ip_in_src_and_not_in_dst(
["8.8.8.8", "1.1.1.1"], source, target
))
# IP in both subnets
self.assertIsNone(get_ip_in_src_and_not_in_dst(
assert (get_ip_in_src_and_not_in_dst(
["8.8.8.8", "1.1.1.1"], source, source
))
)) is None

24
monkey/common/utils/exceptions.py
View File

@ -22,5 +22,29 @@ class AlreadyRegisteredError(RegistrationNotNeededError):
""" Raise to indicate the reason why registration is not required """
class RulePathCreatorNotFound(Exception):
""" Raise to indicate that ScoutSuite rule doesn't have a path creator"""
class InvalidAWSKeys(Exception):
""" Raise to indicate that AWS API keys are invalid"""
class NoInternetError(Exception):
""" Raise to indicate problems caused when no internet connection is present"""
class ScoutSuiteScanError(Exception):
""" Raise to indicate problems ScoutSuite encountered during scanning"""
class UnknownFindingError(Exception):
""" Raise when provided finding is of unknown type"""
class VersionServerConnectionError(Exception):
""" Raise to indicate that connection to version update server failed """
class FindingWithoutDetailsError(Exception):
""" Raise when pulling events for a finding, but get none """

18
monkey/infection_monkey/config.py
View File

@ -1,5 +1,4 @@
import hashlib
import json
import os
import sys
import uuid
@ -12,7 +11,8 @@ GUID = str(uuid.getnode())
EXTERNAL_CONFIG_FILE = os.path.join(os.path.abspath(os.path.dirname(sys.argv[0])), 'monkey.bin')
SENSITIVE_FIELDS = ["exploit_password_list", "exploit_user_list", "exploit_ssh_keys"]
SENSITIVE_FIELDS = ["exploit_password_list", "exploit_user_list", "exploit_ssh_keys", "aws_secret_access_key",
"aws_session_token"]
LOCAL_CONFIG_VARS = ["name", "id", "current_server", "max_depth"]
HIDDEN_FIELD_REPLACEMENT_CONTENT = "hidden"
@ -36,16 +36,6 @@ class Configuration(object):
self.max_depth = self.depth
return unknown_items
def from_json(self, json_data):
"""
Gets a json data object, parses it and applies it to the configuration
:param json_data:
:return:
"""
formatted_data = json.loads(json_data)
result = self.from_kv(formatted_data)
return result
@staticmethod
def hide_sensitive_info(config_dict):
for field in SENSITIVE_FIELDS:
@ -256,6 +246,10 @@ class Configuration(object):
exploit_ntlm_hash_list = []
exploit_ssh_keys = []
aws_access_key_id = ''
aws_secret_access_key = ''
aws_session_token = ''
# smb/wmi exploiter
smb_download_timeout = 300 # timeout in seconds
smb_service_name = "InfectionMonkey"

9
monkey/infection_monkey/control.py
View File

@ -12,13 +12,12 @@ import infection_monkey.tunnel as tunnel
from common.common_consts.timeouts import (LONG_REQUEST_TIMEOUT,
MEDIUM_REQUEST_TIMEOUT,
SHORT_REQUEST_TIMEOUT)
from common.data.api_url_consts import T1216_PBA_FILE_DOWNLOAD_PATH
from common.common_consts.api_url_consts import T1216_PBA_FILE_DOWNLOAD_PATH
from infection_monkey.config import GUID, WormConfiguration
from infection_monkey.network.info import check_internet_access, local_ips
from infection_monkey.transport.http import HTTPConnectProxy
from infection_monkey.transport.tcp import TcpProxy
from infection_monkey.utils.exceptions.planned_shutdown_exception import \
PlannedShutdownException
from infection_monkey.utils.exceptions.planned_shutdown_exception import PlannedShutdownException
__author__ = 'hoffer'
@ -132,12 +131,12 @@ class ControlClient(object):
return {}
@staticmethod
def send_telemetry(telem_category, data):
def send_telemetry(telem_category, json_data: str):
if not WormConfiguration.current_server:
LOG.error("Trying to send %s telemetry before current server is established, aborting." % telem_category)
return
try:
telemetry = {'monkey_guid': GUID, 'telem_category': telem_category, 'data': data}
telemetry = {'monkey_guid': GUID, 'telem_category': telem_category, 'data': json_data}
requests.post("https://%s/api/telemetry" % (WormConfiguration.current_server,), # noqa: DUO123
data=json.dumps(telemetry),
headers={'content-type': 'application/json'},

7
monkey/infection_monkey/dropper.py
View File

@ -12,11 +12,8 @@ from ctypes import c_char_p
from common.utils.attack_utils import ScanStatus, UsageEnum
from infection_monkey.config import WormConfiguration
from infection_monkey.exploit.tools.helpers import \
build_monkey_commandline_explicitly
from infection_monkey.model import (GENERAL_CMDLINE_LINUX,
MONKEY_CMDLINE_LINUX,
MONKEY_CMDLINE_WINDOWS)
from infection_monkey.exploit.tools.helpers import build_monkey_commandline_explicitly
from infection_monkey.model import GENERAL_CMDLINE_LINUX, MONKEY_CMDLINE_LINUX, MONKEY_CMDLINE_WINDOWS
from infection_monkey.system_info import OperatingSystem, SystemInfoCollector
from infection_monkey.telemetry.attack.t1106_telem import T1106Telem

7
monkey/infection_monkey/exploit/HostExploiter.py
View File

@ -3,6 +3,7 @@ from abc import abstractmethod
from datetime import datetime
import infection_monkey.exploit
from common.utils.exceptions import FailedExploitationError
from common.utils.exploit_enum import ExploitType
from infection_monkey.config import WormConfiguration
from infection_monkey.utils.plugins.plugin import Plugin
@ -73,8 +74,10 @@ class HostExploiter(Plugin):
result = None
try:
result = self._exploit_host()
except Exception as _:
logger.error(f'Exception in exploit_host', exc_info=True)
except FailedExploitationError:
logger.debug('Exploiter failed.', exc_info=True)
except Exception:
logger.error('Exception in exploit_host', exc_info=True)
finally:
self.post_exploit()
return result

5
monkey/infection_monkey/exploit/elasticgroovy.py
View File

@ -10,11 +10,10 @@ import re
import requests
from common.data.network_consts import ES_SERVICE
from common.common_consts.network_consts import ES_SERVICE
from common.utils.attack_utils import BITS_UPLOAD_STRING, ScanStatus
from infection_monkey.exploit.web_rce import WebRCE
from infection_monkey.model import (BITSADMIN_CMDLINE_HTTP, CHECK_COMMAND,
CMD_PREFIX, DOWNLOAD_TIMEOUT, ID_STRING,
from infection_monkey.model import (BITSADMIN_CMDLINE_HTTP, CHECK_COMMAND, CMD_PREFIX, DOWNLOAD_TIMEOUT, ID_STRING,
WGET_HTTP_UPLOAD)
from infection_monkey.network.elasticfinger import ES_PORT
from infection_monkey.telemetry.attack.t1197_telem import T1197Telem

7
monkey/infection_monkey/exploit/hadoop.py
View File

@ -11,14 +11,11 @@ import string
import requests
from infection_monkey.exploit.tools.helpers import build_monkey_commandline, get_monkey_depth
from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT
from infection_monkey.exploit.tools.helpers import (build_monkey_commandline,
get_monkey_depth)
from infection_monkey.exploit.tools.http_tools import HTTPTools
from infection_monkey.exploit.web_rce import WebRCE
from infection_monkey.model import (HADOOP_LINUX_COMMAND,
HADOOP_WINDOWS_COMMAND, ID_STRING,
MONKEY_ARG)
from infection_monkey.model import HADOOP_LINUX_COMMAND, HADOOP_WINDOWS_COMMAND, ID_STRING, MONKEY_ARG
__author__ = 'VakarisZ'

7
monkey/infection_monkey/exploit/mssqlexec.py
View File

@ -5,13 +5,10 @@ from time import sleep
import pymssql
from common.utils.exceptions import (ExploitingVulnerableMachineError,
FailedExploitationError)
from common.utils.exceptions import ExploitingVulnerableMachineError, FailedExploitationError
from common.utils.exploit_enum import ExploitType
from infection_monkey.exploit.HostExploiter import HostExploiter
from infection_monkey.exploit.tools.helpers import (build_monkey_commandline,
get_monkey_depth,
get_monkey_dest_path)
from infection_monkey.exploit.tools.helpers import build_monkey_commandline, get_monkey_depth, get_monkey_dest_path
from infection_monkey.exploit.tools.http_tools import MonkeyHTTPServer
from infection_monkey.exploit.tools.payload_parsing import LimitedSizePayload
from infection_monkey.model import DROPPER_ARG

16
monkey/infection_monkey/exploit/sambacry.py
View File

@ -8,23 +8,17 @@ from io import BytesIO
import impacket.smbconnection
from impacket.nmb import NetBIOSError
from impacket.nt_errors import STATUS_SUCCESS
from impacket.smb import (FILE_DIRECTORY_FILE, FILE_NON_DIRECTORY_FILE,
FILE_OPEN, FILE_READ_DATA, FILE_SHARE_READ,
FILE_WRITE_DATA, SMB, SMB_DIALECT, SessionError,
SMBCommand, SMBNtCreateAndX_Data,
from impacket.smb import (FILE_DIRECTORY_FILE, FILE_NON_DIRECTORY_FILE, FILE_OPEN, FILE_READ_DATA, FILE_SHARE_READ,
FILE_WRITE_DATA, SMB, SMB_DIALECT, SessionError, SMBCommand, SMBNtCreateAndX_Data,
SMBNtCreateAndX_Parameters)
from impacket.smb3structs import (SMB2_CREATE, SMB2_FLAGS_DFS_OPERATIONS,
SMB2_IL_IMPERSONATION,
SMB2_OPLOCK_LEVEL_NONE, SMB2Create,
SMB2Create_Response, SMB2Packet)
from impacket.smb3structs import (SMB2_CREATE, SMB2_FLAGS_DFS_OPERATIONS, SMB2_IL_IMPERSONATION, SMB2_OPLOCK_LEVEL_NONE,
SMB2Create, SMB2Create_Response, SMB2Packet)
from impacket.smbconnection import SMBConnection
import infection_monkey.monkeyfs as monkeyfs
from common.utils.attack_utils import ScanStatus
from infection_monkey.exploit.HostExploiter import HostExploiter
from infection_monkey.exploit.tools.helpers import (build_monkey_commandline,
get_monkey_depth,
get_target_monkey_by_os)
from infection_monkey.exploit.tools.helpers import build_monkey_commandline, get_monkey_depth, get_target_monkey_by_os
from infection_monkey.model import DROPPER_ARG
from infection_monkey.network.smbfinger import SMB_SERVICE
from infection_monkey.network.tools import get_interface_to_target

4
monkey/infection_monkey/exploit/shellshock.py
View File

@ -9,9 +9,7 @@ import requests
from common.utils.attack_utils import ScanStatus
from infection_monkey.exploit.HostExploiter import HostExploiter
from infection_monkey.exploit.shellshock_resources import CGI_FILES
from infection_monkey.exploit.tools.helpers import (build_monkey_commandline,
get_monkey_depth,
get_target_monkey)
from infection_monkey.exploit.tools.helpers import build_monkey_commandline, get_monkey_depth, get_target_monkey
from infection_monkey.exploit.tools.http_tools import HTTPTools
from infection_monkey.model import DROPPER_ARG
from infection_monkey.telemetry.attack.t1222_telem import T1222Telem

8
monkey/infection_monkey/exploit/smbexec.py
View File

@ -5,13 +5,9 @@ from impacket.dcerpc.v5 import scmr, transport
from common.utils.attack_utils import ScanStatus, UsageEnum
from common.utils.exploit_enum import ExploitType
from infection_monkey.exploit.HostExploiter import HostExploiter
from infection_monkey.exploit.tools.helpers import (build_monkey_commandline,
get_monkey_depth,
get_target_monkey)
from infection_monkey.exploit.tools.helpers import build_monkey_commandline, get_monkey_depth, get_target_monkey
from infection_monkey.exploit.tools.smb_tools import SmbTools
from infection_monkey.model import (DROPPER_CMDLINE_DETACHED_WINDOWS,
MONKEY_CMDLINE_DETACHED_WINDOWS,
VictimHost)
from infection_monkey.model import DROPPER_CMDLINE_DETACHED_WINDOWS, MONKEY_CMDLINE_DETACHED_WINDOWS, VictimHost
from infection_monkey.network.smbfinger import SMBFinger
from infection_monkey.network.tools import check_tcp_port
from infection_monkey.telemetry.attack.t1035_telem import T1035Telem

7
monkey/infection_monkey/exploit/sshexec.py
View File

@ -9,12 +9,9 @@ from common.utils.attack_utils import ScanStatus
from common.utils.exceptions import FailedExploitationError
from common.utils.exploit_enum import ExploitType
from infection_monkey.exploit.HostExploiter import HostExploiter
from infection_monkey.exploit.tools.helpers import (build_monkey_commandline,
get_monkey_depth,
get_target_monkey)
from infection_monkey.exploit.tools.helpers import build_monkey_commandline, get_monkey_depth, get_target_monkey
from infection_monkey.model import MONKEY_ARG
from infection_monkey.network.tools import (check_tcp_port,
get_interface_to_target)
from infection_monkey.network.tools import check_tcp_port, get_interface_to_target
from infection_monkey.telemetry.attack.t1105_telem import T1105Telem
from infection_monkey.telemetry.attack.t1222_telem import T1222Telem

3
monkey/infection_monkey/exploit/tools/test_helpers.py
View File

@ -1,7 +1,6 @@
import unittest
from infection_monkey.exploit.tools.helpers import \
build_monkey_commandline_explicitly
from infection_monkey.exploit.tools.helpers import build_monkey_commandline_explicitly
class TestHelpers(unittest.TestCase):

7
monkey/infection_monkey/exploit/vsftpd.py
View File

@ -10,12 +10,9 @@ from logging import getLogger
from common.utils.attack_utils import ScanStatus
from infection_monkey.exploit.HostExploiter import HostExploiter
from infection_monkey.exploit.tools.helpers import (build_monkey_commandline,
get_monkey_depth,
get_target_monkey)
from infection_monkey.exploit.tools.helpers import build_monkey_commandline, get_monkey_depth, get_target_monkey
from infection_monkey.exploit.tools.http_tools import HTTPTools
from infection_monkey.model import (CHMOD_MONKEY, DOWNLOAD_TIMEOUT, MONKEY_ARG,
RUN_MONKEY, WGET_HTTP_UPLOAD)
from infection_monkey.model import CHMOD_MONKEY, DOWNLOAD_TIMEOUT, MONKEY_ARG, RUN_MONKEY, WGET_HTTP_UPLOAD
from infection_monkey.telemetry.attack.t1222_telem import T1222Telem
LOG = getLogger(__name__)

13
monkey/infection_monkey/exploit/web_rce.py
View File

@ -5,16 +5,11 @@ from posixpath import join
from common.utils.attack_utils import BITS_UPLOAD_STRING, ScanStatus
from infection_monkey.exploit.HostExploiter import HostExploiter
from infection_monkey.exploit.tools.helpers import (build_monkey_commandline,
get_monkey_depth,
get_target_monkey)
from infection_monkey.exploit.tools.helpers import build_monkey_commandline, get_monkey_depth, get_target_monkey
from infection_monkey.exploit.tools.http_tools import HTTPTools
from infection_monkey.model import (BITSADMIN_CMDLINE_HTTP, CHECK_COMMAND,
CHMOD_MONKEY, DOWNLOAD_TIMEOUT,
DROPPER_ARG, GET_ARCH_LINUX,
GET_ARCH_WINDOWS, ID_STRING, MONKEY_ARG,
POWERSHELL_HTTP_UPLOAD, RUN_MONKEY,
WGET_HTTP_UPLOAD)
from infection_monkey.model import (BITSADMIN_CMDLINE_HTTP, CHECK_COMMAND, CHMOD_MONKEY, DOWNLOAD_TIMEOUT, DROPPER_ARG,
GET_ARCH_LINUX, GET_ARCH_WINDOWS, ID_STRING, MONKEY_ARG, POWERSHELL_HTTP_UPLOAD,
RUN_MONKEY, WGET_HTTP_UPLOAD)
from infection_monkey.network.tools import check_tcp_port, tcp_port_to_service
from infection_monkey.telemetry.attack.t1197_telem import T1197Telem
from infection_monkey.telemetry.attack.t1222_telem import T1222Telem

7
monkey/infection_monkey/exploit/win_ms08_067.py
View File

@ -16,12 +16,9 @@ from impacket.dcerpc.v5 import transport
from common.utils.shellcode_obfuscator import clarify
from infection_monkey.exploit.HostExploiter import HostExploiter
from infection_monkey.exploit.tools.helpers import (build_monkey_commandline,
get_monkey_depth,
get_target_monkey)
from infection_monkey.exploit.tools.helpers import build_monkey_commandline, get_monkey_depth, get_target_monkey
from infection_monkey.exploit.tools.smb_tools import SmbTools
from infection_monkey.model import (DROPPER_CMDLINE_WINDOWS,
MONKEY_CMDLINE_WINDOWS)
from infection_monkey.model import DROPPER_CMDLINE_WINDOWS, MONKEY_CMDLINE_WINDOWS
from infection_monkey.network.smbfinger import SMBFinger
from infection_monkey.network.tools import check_tcp_port

10
monkey/infection_monkey/exploit/wmiexec.py
View File

@ -7,14 +7,10 @@ from impacket.dcerpc.v5.rpcrt import DCERPCException
from common.utils.exploit_enum import ExploitType
from infection_monkey.exploit.HostExploiter import HostExploiter
from infection_monkey.exploit.tools.helpers import (build_monkey_commandline,
get_monkey_depth,
get_target_monkey)
from infection_monkey.exploit.tools.helpers import build_monkey_commandline, get_monkey_depth, get_target_monkey
from infection_monkey.exploit.tools.smb_tools import SmbTools
from infection_monkey.exploit.tools.wmi_tools import (AccessDeniedException,
WmiTools)
from infection_monkey.model import (DROPPER_CMDLINE_WINDOWS,
MONKEY_CMDLINE_WINDOWS)
from infection_monkey.exploit.tools.wmi_tools import AccessDeniedException, WmiTools
from infection_monkey.model import DROPPER_CMDLINE_WINDOWS, MONKEY_CMDLINE_WINDOWS
LOG = logging.getLogger(__name__)

3
monkey/infection_monkey/main.py
View File

@ -15,8 +15,7 @@ from infection_monkey.config import EXTERNAL_CONFIG_FILE, WormConfiguration
from infection_monkey.dropper import MonkeyDrops
from infection_monkey.model import DROPPER_ARG, MONKEY_ARG
from infection_monkey.monkey import InfectionMonkey
from infection_monkey.utils.monkey_log_path import (get_dropper_log_path,
get_monkey_log_path)
from infection_monkey.utils.monkey_log_path import get_dropper_log_path, get_monkey_log_path
__author__ = 'itamar'

31
monkey/infection_monkey/monkey.py
View File

@ -7,10 +7,9 @@ import time
from threading import Thread
import infection_monkey.tunnel as tunnel
from common.network.network_utils import get_host_from_network_location
from infection_monkey.network.tools import is_running_on_island
from common.utils.attack_utils import ScanStatus, UsageEnum
from common.utils.exceptions import (ExploitingVulnerableMachineError,
FailedExploitationError)
from common.utils.exceptions import ExploitingVulnerableMachineError, FailedExploitationError
from common.version import get_version
from infection_monkey.config import WormConfiguration
from infection_monkey.control import ControlClient
@ -19,8 +18,7 @@ from infection_monkey.model import DELAY_DELETE_CMD
from infection_monkey.network.firewall import app as firewall
from infection_monkey.network.HostFinger import HostFinger
from infection_monkey.network.network_scanner import NetworkScanner
from infection_monkey.network.tools import (get_interface_to_target,
is_running_on_server)
from infection_monkey.network.tools import get_interface_to_target
from infection_monkey.post_breach.post_breach_handler import PostBreach
from infection_monkey.system_info import SystemInfoCollector
from infection_monkey.system_singleton import SystemSingleton
@ -33,11 +31,8 @@ from infection_monkey.telemetry.system_info_telem import SystemInfoTelem
from infection_monkey.telemetry.trace_telem import TraceTelem
from infection_monkey.telemetry.tunnel_telem import TunnelTelem
from infection_monkey.utils.environment import is_windows_os
from infection_monkey.utils.exceptions.planned_shutdown_exception import \
PlannedShutdownException
from infection_monkey.utils.monkey_dir import (create_monkey_dir,
get_monkey_dir_path,
remove_monkey_dir)
from infection_monkey.utils.exceptions.planned_shutdown_exception import PlannedShutdownException
from infection_monkey.utils.monkey_dir import create_monkey_dir, get_monkey_dir_path, remove_monkey_dir
from infection_monkey.utils.monkey_log_path import get_monkey_log_path
from infection_monkey.windows_upgrader import WindowsUpgrader
@ -125,7 +120,8 @@ class InfectionMonkey(object):
self.shutdown_by_not_alive_config()
if self.is_started_on_island():
if is_running_on_island():
WormConfiguration.started_on_island = True
ControlClient.report_start_on_island()
ControlClient.should_monkey_run(self._opts.vulnerable_port)
@ -195,8 +191,8 @@ class InfectionMonkey(object):
if self._default_server:
if self._network.on_island(self._default_server):
machine.set_default_server(get_interface_to_target(machine.ip_addr) +
(
':' + self._default_server_port if self._default_server_port else ''))
(':' + self._default_server_port
if self._default_server_port else ''))
else:
machine.set_default_server(self._default_server)
LOG.debug("Default server for machine: %r set to %s" % (machine, machine.default_server))
@ -254,7 +250,7 @@ class InfectionMonkey(object):
LOG.debug("Running with depth: %d" % WormConfiguration.depth)
def collect_system_info_if_configured(self):
LOG.debug("Calling system info collection")
LOG.debug("Calling for system info collection")
system_info_collector = SystemInfoCollector()
system_info = system_info_collector.get_info()
SystemInfoTelem(system_info).send()
@ -306,8 +302,7 @@ class InfectionMonkey(object):
try:
status = None
if "win32" == sys.platform:
from subprocess import (CREATE_NEW_CONSOLE,
STARTF_USESHOWWINDOW, SW_HIDE)
from subprocess import CREATE_NEW_CONSOLE, STARTF_USESHOWWINDOW, SW_HIDE
startupinfo = subprocess.STARTUPINFO()
startupinfo.dwFlags = CREATE_NEW_CONSOLE | STARTF_USESHOWWINDOW
startupinfo.wShowWindow = SW_HIDE
@ -403,10 +398,6 @@ class InfectionMonkey(object):
self._default_server = WormConfiguration.current_server
LOG.debug("default server set to: %s" % self._default_server)
def is_started_on_island(self):
island_ip = get_host_from_network_location(self._default_server)
return is_running_on_server(island_ip) and WormConfiguration.depth == WormConfiguration.max_depth
def log_arguments(self):
arg_string = " ".join([f"{key}: {value}" for key, value in vars(self._opts).items()])
LOG.info(f"Monkey started with arguments: {arg_string}")

2
monkey/infection_monkey/network/elasticfinger.py
View File

@ -6,7 +6,7 @@ import requests
from requests.exceptions import ConnectionError, Timeout
import infection_monkey.config
from common.data.network_consts import ES_SERVICE
from common.common_consts.network_consts import ES_SERVICE
from infection_monkey.network.HostFinger import HostFinger
ES_PORT = 9200

3
monkey/infection_monkey/network/mysqlfinger.py
View File

@ -3,8 +3,7 @@ import socket
import infection_monkey.config
from infection_monkey.network.HostFinger import HostFinger
from infection_monkey.network.tools import (struct_unpack_tracker,
struct_unpack_tracker_string)
from infection_monkey.network.tools import struct_unpack_tracker, struct_unpack_tracker_string
MYSQL_PORT = 3306
SQL_SERVICE = 'mysqld-3306'

8
monkey/infection_monkey/network/tools.py
View File

@ -7,6 +7,8 @@ import subprocess
import sys
import time
from common.network.network_utils import get_host_from_network_location
from infection_monkey.config import WormConfiguration
from infection_monkey.network.info import get_routes, local_ips
from infection_monkey.pyinstaller_utils import get_binary_file_path
from infection_monkey.utils.environment import is_64bit_python
@ -311,5 +313,11 @@ def get_interface_to_target(dst):
return ret[1]
def is_running_on_island():
current_server_without_port = get_host_from_network_location(WormConfiguration.current_server)
running_on_island = is_running_on_server(current_server_without_port)
return running_on_island and WormConfiguration.depth == WormConfiguration.max_depth
def is_running_on_server(ip: str) -> bool:
return ip in local_ips()

2
monkey/infection_monkey/post_breach/actions/add_user.py
View File

@ -1,4 +1,4 @@
from common.data.post_breach_consts import POST_BREACH_BACKDOOR_USER
from common.common_consts.post_breach_consts import POST_BREACH_BACKDOOR_USER
from infection_monkey.config import WormConfiguration
from infection_monkey.post_breach.pba import PBA
from infection_monkey.utils.users import get_commands_to_add_user

5
monkey/infection_monkey/post_breach/actions/change_file_privileges.py
View File

@ -1,7 +1,6 @@
from common.data.post_breach_consts import POST_BREACH_SETUID_SETGID
from common.common_consts.post_breach_consts import POST_BREACH_SETUID_SETGID
from infection_monkey.post_breach.pba import PBA
from infection_monkey.post_breach.setuid_setgid.setuid_setgid import \
get_commands_to_change_setuid_setgid
from infection_monkey.post_breach.setuid_setgid.setuid_setgid import get_commands_to_change_setuid_setgid
class ChangeSetuidSetgid(PBA):

2
monkey/infection_monkey/post_breach/actions/clear_command_history.py
View File

@ -1,6 +1,6 @@
import subprocess
from common.data.post_breach_consts import POST_BREACH_CLEAR_CMD_HISTORY
from common.common_consts.post_breach_consts import POST_BREACH_CLEAR_CMD_HISTORY
from infection_monkey.post_breach.clear_command_history.clear_command_history import \
get_commands_to_clear_command_history
from infection_monkey.post_breach.pba import PBA

2
monkey/infection_monkey/post_breach/actions/communicate_as_new_user.py
View File

@ -3,7 +3,7 @@ import random
import string
import subprocess
from common.data.post_breach_consts import POST_BREACH_COMMUNICATE_AS_NEW_USER
from common.common_consts.post_breach_consts import POST_BREACH_COMMUNICATE_AS_NEW_USER
from infection_monkey.post_breach.pba import PBA
from infection_monkey.telemetry.post_breach_telem import PostBreachTelem
from infection_monkey.utils.auto_new_user_factory import create_auto_new_user

5
monkey/infection_monkey/post_breach/actions/discover_accounts.py
View File

@ -1,6 +1,5 @@
from common.data.post_breach_consts import POST_BREACH_ACCOUNT_DISCOVERY
from infection_monkey.post_breach.account_discovery.account_discovery import \
get_commands_to_discover_accounts
from common.common_consts.post_breach_consts import POST_BREACH_ACCOUNT_DISCOVERY
from infection_monkey.post_breach.account_discovery.account_discovery import get_commands_to_discover_accounts
from infection_monkey.post_breach.pba import PBA

8
monkey/infection_monkey/post_breach/actions/hide_files.py
View File

@ -1,12 +1,10 @@
from common.data.post_breach_consts import POST_BREACH_HIDDEN_FILES
from common.common_consts.post_breach_consts import POST_BREACH_HIDDEN_FILES
from infection_monkey.post_breach.pba import PBA
from infection_monkey.telemetry.post_breach_telem import PostBreachTelem
from infection_monkey.utils.environment import is_windows_os
from infection_monkey.utils.hidden_files import (cleanup_hidden_files,
get_commands_to_hide_files,
from infection_monkey.utils.hidden_files import (cleanup_hidden_files, get_commands_to_hide_files,
get_commands_to_hide_folders)
from infection_monkey.utils.windows.hidden_files import \
get_winAPI_to_hide_files
from infection_monkey.utils.windows.hidden_files import get_winAPI_to_hide_files
HIDDEN_FSO_CREATION_COMMANDS = [get_commands_to_hide_files,
get_commands_to_hide_folders]

3
monkey/infection_monkey/post_breach/actions/modify_shell_startup_files.py
View File

@ -1,7 +1,6 @@
import subprocess
from common.data.post_breach_consts import \
POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION
from common.common_consts.post_breach_consts import POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION
from infection_monkey.post_breach.pba import PBA
from infection_monkey.post_breach.shell_startup_files.shell_startup_files_modification import \
get_commands_to_modify_shell_startup_files

6
monkey/infection_monkey/post_breach/actions/schedule_jobs.py
View File

@ -1,6 +1,6 @@
from common.data.post_breach_consts import POST_BREACH_JOB_SCHEDULING
from infection_monkey.post_breach.job_scheduling.job_scheduling import (
get_commands_to_schedule_jobs, remove_scheduled_jobs)
from common.common_consts.post_breach_consts import POST_BREACH_JOB_SCHEDULING
from infection_monkey.post_breach.job_scheduling.job_scheduling import (get_commands_to_schedule_jobs,
remove_scheduled_jobs)
from infection_monkey.post_breach.pba import PBA

5
monkey/infection_monkey/post_breach/actions/timestomping.py
View File

@ -1,7 +1,6 @@
from common.data.post_breach_consts import POST_BREACH_TIMESTOMPING
from common.common_consts.post_breach_consts import POST_BREACH_TIMESTOMPING
from infection_monkey.post_breach.pba import PBA
from infection_monkey.post_breach.timestomping.timestomping import \
get_timestomping_commands
from infection_monkey.post_breach.timestomping.timestomping import get_timestomping_commands
class Timestomping(PBA):

2
monkey/infection_monkey/post_breach/actions/use_signed_scripts.py
View File

@ -1,7 +1,7 @@
import logging
import subprocess
from common.data.post_breach_consts import POST_BREACH_SIGNED_SCRIPT_PROXY_EXEC
from common.common_consts.post_breach_consts import POST_BREACH_SIGNED_SCRIPT_PROXY_EXEC
from infection_monkey.post_breach.pba import PBA
from infection_monkey.post_breach.signed_script_proxy.signed_script_proxy import (
cleanup_changes, get_commands_to_proxy_execution_using_signed_script)

5
monkey/infection_monkey/post_breach/actions/use_trap_command.py
View File

@ -1,7 +1,6 @@
from common.data.post_breach_consts import POST_BREACH_TRAP_COMMAND
from common.common_consts.post_breach_consts import POST_BREACH_TRAP_COMMAND
from infection_monkey.post_breach.pba import PBA
from infection_monkey.post_breach.trap_command.trap_command import \
get_trap_commands
from infection_monkey.post_breach.trap_command.trap_command import get_trap_commands
class TrapCommand(PBA):

2
monkey/infection_monkey/post_breach/actions/users_custom_pba.py
View File

@ -1,7 +1,7 @@
import logging
import os
from common.data.post_breach_consts import POST_BREACH_FILE_EXECUTION
from common.common_consts.post_breach_consts import POST_BREACH_FILE_EXECUTION
from common.utils.attack_utils import ScanStatus
from infection_monkey.config import WormConfiguration
from infection_monkey.control import ControlClient

3
monkey/infection_monkey/post_breach/clear_command_history/clear_command_history.py
View File

@ -1,6 +1,5 @@
from infection_monkey.post_breach.clear_command_history.linux_clear_command_history import (
get_linux_command_history_files,
get_linux_commands_to_clear_command_history, get_linux_usernames)
get_linux_command_history_files, get_linux_commands_to_clear_command_history, get_linux_usernames)
def get_commands_to_clear_command_history():

6
monkey/infection_monkey/post_breach/job_scheduling/job_scheduling.py
View File

@ -1,10 +1,8 @@
import subprocess
from infection_monkey.post_breach.job_scheduling.linux_job_scheduling import \
get_linux_commands_to_schedule_jobs
from infection_monkey.post_breach.job_scheduling.linux_job_scheduling import get_linux_commands_to_schedule_jobs
from infection_monkey.post_breach.job_scheduling.windows_job_scheduling import (
get_windows_commands_to_remove_scheduled_jobs,
get_windows_commands_to_schedule_jobs)
get_windows_commands_to_remove_scheduled_jobs, get_windows_commands_to_schedule_jobs)
from infection_monkey.utils.environment import is_windows_os

3
monkey/infection_monkey/post_breach/setuid_setgid/setuid_setgid.py
View File

@ -1,5 +1,4 @@
from infection_monkey.post_breach.setuid_setgid.linux_setuid_setgid import \
get_linux_commands_to_setuid_setgid
from infection_monkey.post_breach.setuid_setgid.linux_setuid_setgid import get_linux_commands_to_setuid_setgid
def get_commands_to_change_setuid_setgid():

3
monkey/infection_monkey/post_breach/signed_script_proxy/signed_script_proxy.py
View File

@ -1,8 +1,7 @@
import subprocess
from infection_monkey.post_breach.signed_script_proxy.windows.signed_script_proxy import (
get_windows_commands_to_delete_temp_comspec,
get_windows_commands_to_proxy_execution_using_signed_script,
get_windows_commands_to_delete_temp_comspec, get_windows_commands_to_proxy_execution_using_signed_script,
get_windows_commands_to_reset_comspec)
from infection_monkey.utils.environment import is_windows_os

6
monkey/infection_monkey/post_breach/timestomping/timestomping.py
View File

@ -1,7 +1,5 @@
from infection_monkey.post_breach.timestomping.linux.timestomping import \
get_linux_timestomping_commands
from infection_monkey.post_breach.timestomping.windows.timestomping import \
get_windows_timestomping_commands
from infection_monkey.post_breach.timestomping.linux.timestomping import get_linux_timestomping_commands
from infection_monkey.post_breach.timestomping.windows.timestomping import get_windows_timestomping_commands
def get_timestomping_commands():

3
monkey/infection_monkey/post_breach/trap_command/trap_command.py
View File

@ -1,5 +1,4 @@
from infection_monkey.post_breach.trap_command.linux_trap_command import \
get_linux_trap_commands
from infection_monkey.post_breach.trap_command.linux_trap_command import get_linux_trap_commands
def get_trap_commands():

5
monkey/infection_monkey/system_info/__init__.py
View File

@ -4,12 +4,11 @@ from enum import IntEnum
import psutil
from common.data.system_info_collectors_names import AZURE_CRED_COLLECTOR
from common.common_consts.system_info_collectors_names import AZURE_CRED_COLLECTOR
from infection_monkey.network.info import get_host_subnets
from infection_monkey.system_info.azure_cred_collector import AzureCollector
from infection_monkey.system_info.netstat_collector import NetstatCollector
from infection_monkey.system_info.system_info_collectors_handler import \
SystemInfoCollectorsHandler
from infection_monkey.system_info.system_info_collectors_handler import SystemInfoCollectorsHandler
LOG = logging.getLogger(__name__)

13
monkey/infection_monkey/system_info/collectors/aws_collector.py
View File

@ -1,9 +1,11 @@
import logging
from common.cloud.aws.aws_instance import AwsInstance
from common.data.system_info_collectors_names import AWS_COLLECTOR
from infection_monkey.system_info.system_info_collector import \
SystemInfoCollector
from common.cloud.scoutsuite_consts import CloudProviders
from common.common_consts.system_info_collectors_names import AWS_COLLECTOR
from infection_monkey.network.tools import is_running_on_island
from infection_monkey.system_info.collectors.scoutsuite_collector.scoutsuite_collector import scan_cloud_security
from infection_monkey.system_info.system_info_collector import SystemInfoCollector
logger = logging.getLogger(__name__)
@ -17,6 +19,11 @@ class AwsCollector(SystemInfoCollector):
def collect(self) -> dict:
logger.info("Collecting AWS info")
if is_running_on_island():
logger.info("Attempting to scan AWS security with ScoutSuite.")
scan_cloud_security(cloud_type=CloudProviders.AWS)
else:
logger.info("Didn't scan AWS security with ScoutSuite, because not on island.")
aws = AwsInstance()
info = {}
if aws.is_instance():

5
monkey/infection_monkey/system_info/collectors/environment_collector.py
View File

@ -1,8 +1,7 @@
from common.cloud.all_instances import get_all_cloud_instances
from common.cloud.environment_names import Environment
from common.data.system_info_collectors_names import ENVIRONMENT_COLLECTOR
from infection_monkey.system_info.system_info_collector import \
SystemInfoCollector
from common.common_consts.system_info_collectors_names import ENVIRONMENT_COLLECTOR
from infection_monkey.system_info.system_info_collector import SystemInfoCollector
def get_monkey_environment() -> str:

5
monkey/infection_monkey/system_info/collectors/hostname_collector.py
View File

@ -1,9 +1,8 @@
import logging
import socket
from common.data.system_info_collectors_names import HOSTNAME_COLLECTOR
from infection_monkey.system_info.system_info_collector import \
SystemInfoCollector
from common.common_consts.system_info_collectors_names import HOSTNAME_COLLECTOR
from infection_monkey.system_info.system_info_collector import SystemInfoCollector
logger = logging.getLogger(__name__)

5
monkey/infection_monkey/system_info/collectors/process_list_collector.py
View File

@ -2,9 +2,8 @@ import logging
import psutil
from common.data.system_info_collectors_names import PROCESS_LIST_COLLECTOR
from infection_monkey.system_info.system_info_collector import \
SystemInfoCollector
from common.common_consts.system_info_collectors_names import PROCESS_LIST_COLLECTOR
from infection_monkey.system_info.system_info_collector import SystemInfoCollector
logger = logging.getLogger(__name__)

15
monkey/infection_monkey/system_info/collectors/scoutsuite_collector/__init__.py Normal file
View File

@ -0,0 +1,15 @@
import pkgutil
import sys
from pathlib import PurePath
_scoutsuite_api_package = pkgutil.get_loader('common.cloud.scoutsuite.ScoutSuite.__main__')
def _add_scoutsuite_to_python_path():
scoutsuite_path = PurePath(_scoutsuite_api_package.path).parent.parent.__str__()
sys.path.append(scoutsuite_path)
# Add ScoutSuite to python path because this way
# we don't need to change any imports in ScoutSuite code
_add_scoutsuite_to_python_path()

5
monkey/infection_monkey/system_info/collectors/scoutsuite_collector/scoutsuite_api.py Normal file
View File

@ -0,0 +1,5 @@
import common.cloud.scoutsuite.ScoutSuite.api_run as scoutsuite_api
def run(*args, **kwargs):
return scoutsuite_api.run(*args, **kwargs)

32
monkey/infection_monkey/system_info/collectors/scoutsuite_collector/scoutsuite_collector.py Normal file
View File

@ -0,0 +1,32 @@
import logging
from typing import Union
import infection_monkey.system_info.collectors.scoutsuite_collector.scoutsuite_api as scoutsuite_api
from common.cloud.scoutsuite.ScoutSuite.providers.base.provider import BaseProvider
from common.cloud.scoutsuite_consts import CloudProviders
from common.utils.exceptions import ScoutSuiteScanError
from infection_monkey.config import WormConfiguration
from infection_monkey.telemetry.scoutsuite_telem import ScoutSuiteTelem
logger = logging.getLogger(__name__)
def scan_cloud_security(cloud_type: CloudProviders):
try:
results = run_scoutsuite(cloud_type.value)
if isinstance(results, dict) and 'error' in results and results['error']:
raise ScoutSuiteScanError(results['error'])
send_scoutsuite_run_results(results)
except (Exception, ScoutSuiteScanError) as e:
logger.error(f"ScoutSuite didn't scan {cloud_type.value} security because: {e}")
def run_scoutsuite(cloud_type: str) -> Union[BaseProvider, dict]:
return scoutsuite_api.run(provider=cloud_type,
aws_access_key_id=WormConfiguration.aws_access_key_id,
aws_secret_access_key=WormConfiguration.aws_secret_access_key,
aws_session_token=WormConfiguration.aws_session_token)
def send_scoutsuite_run_results(run_results: BaseProvider):
ScoutSuiteTelem(run_results).send()

3
monkey/infection_monkey/system_info/system_info_collectors_handler.py
View File

@ -1,8 +1,7 @@
import logging
from typing import Sequence
from infection_monkey.system_info.system_info_collector import \
SystemInfoCollector
from infection_monkey.system_info.system_info_collector import SystemInfoCollector
from infection_monkey.telemetry.system_info_telem import SystemInfoTelem
LOG = logging.getLogger(__name__)

6
monkey/infection_monkey/system_info/windows_cred_collector/mimikatz_cred_collector.py
View File

@ -1,10 +1,8 @@
import logging
from typing import List
from infection_monkey.system_info.windows_cred_collector import \
pypykatz_handler
from infection_monkey.system_info.windows_cred_collector.windows_credentials import \
WindowsCredentials
from infection_monkey.system_info.windows_cred_collector import pypykatz_handler
from infection_monkey.system_info.windows_cred_collector.windows_credentials import WindowsCredentials
LOG = logging.getLogger(__name__)

3
monkey/infection_monkey/system_info/windows_cred_collector/pypykatz_handler.py
View File

@ -3,8 +3,7 @@ from typing import Any, Dict, List, NewType
from pypykatz.pypykatz import pypykatz
from infection_monkey.system_info.windows_cred_collector.windows_credentials import \
WindowsCredentials
from infection_monkey.system_info.windows_cred_collector.windows_credentials import WindowsCredentials
CREDENTIAL_TYPES = ['msv_creds', 'wdigest_creds', 'ssp_creds', 'livessp_creds', 'dpapi_creds',
'kerberos_creds', 'credman_creds', 'tspkg_creds']

3
monkey/infection_monkey/system_info/windows_cred_collector/test_pypykatz_handler.py
View File

@ -1,7 +1,6 @@
from unittest import TestCase
from infection_monkey.system_info.windows_cred_collector.pypykatz_handler import \
_get_creds_from_pypykatz_session
from infection_monkey.system_info.windows_cred_collector.pypykatz_handler import _get_creds_from_pypykatz_session
class TestPypykatzHandler(TestCase):

5
monkey/infection_monkey/system_info/windows_info_collector.py
View File

@ -2,9 +2,8 @@ import logging
import os
import sys
from common.data.system_info_collectors_names import MIMIKATZ_COLLECTOR
from infection_monkey.system_info.windows_cred_collector.mimikatz_cred_collector import \
MimikatzCredentialCollector
from common.common_consts.system_info_collectors_names import MIMIKATZ_COLLECTOR
from infection_monkey.system_info.windows_cred_collector.mimikatz_cred_collector import MimikatzCredentialCollector
sys.coinit_flags = 0 # needed for proper destruction of the wmi python module
import infection_monkey.config # noqa: E402

3
monkey/infection_monkey/telemetry/attack/attack_telem.py
View File

@ -1,3 +1,4 @@
from common.common_consts.telem_categories import TelemCategoryEnum
from infection_monkey.telemetry.base_telem import BaseTelem
__author__ = "VakarisZ"
@ -15,7 +16,7 @@ class AttackTelem(BaseTelem):
self.technique = technique
self.status = status
telem_category = 'attack'
telem_category = TelemCategoryEnum.ATTACK
def get_data(self):
return {

36
monkey/infection_monkey/telemetry/base_telem.py
View File

@ -5,6 +5,7 @@ import logging
from infection_monkey.control import ControlClient
logger = logging.getLogger(__name__)
LOGGED_DATA_LENGTH = 300 # How many characters of telemetry data will be logged
__author__ = 'itay.mizeretz'
@ -22,12 +23,25 @@ class BaseTelem(object, metaclass=abc.ABCMeta):
Sends telemetry to island
"""
data = self.get_data()
serialized_data = json.dumps(data, cls=self.json_encoder)
self._log_telem_sending(serialized_data, log_data)
ControlClient.send_telemetry(self.telem_category, serialized_data)
@abc.abstractmethod
def get_data(self) -> dict:
"""
:return: Data of telemetry (should be dict)
"""
pass
@property
def json_encoder(self):
return json.JSONEncoder
def _log_telem_sending(self, serialized_data: str, log_data=True):
logger.debug(f"Sending {self.telem_category} telemetry.")
if log_data:
data_to_log = json.dumps(data)
else:
data_to_log = 'redacted'
logger.debug("Sending {} telemetry. Data: {}".format(self.telem_category, data_to_log))
ControlClient.send_telemetry(self.telem_category, data)
logger.debug(f"Telemetry contents: {BaseTelem._truncate_data(serialized_data)}")
@property
@abc.abstractmethod
@ -37,9 +51,9 @@ class BaseTelem(object, metaclass=abc.ABCMeta):
"""
pass
@abc.abstractmethod
def get_data(self) -> dict:
"""
:return: Data of telemetry (should be dict)
"""
pass
@staticmethod
def _truncate_data(data: str):
if len(data) <= LOGGED_DATA_LENGTH:
return data
else:
return f"{data[:LOGGED_DATA_LENGTH]}..."

3
monkey/infection_monkey/telemetry/exploit_telem.py
View File

@ -1,3 +1,4 @@
from common.common_consts.telem_categories import TelemCategoryEnum
from infection_monkey.telemetry.base_telem import BaseTelem
__author__ = "itay.mizeretz"
@ -15,7 +16,7 @@ class ExploitTelem(BaseTelem):
self.exploiter = exploiter
self.result = result
telem_category = 'exploit'
telem_category = TelemCategoryEnum.EXPLOIT
def get_data(self):
return {

3
monkey/infection_monkey/telemetry/post_breach_telem.py
View File

@ -1,5 +1,6 @@
import socket
from common.common_consts.telem_categories import TelemCategoryEnum
from infection_monkey.telemetry.base_telem import BaseTelem
__author__ = "itay.mizeretz"
@ -18,7 +19,7 @@ class PostBreachTelem(BaseTelem):
self.result = result
self.hostname, self.ip = PostBreachTelem._get_hostname_and_ip()
telem_category = 'post_breach'
telem_category = TelemCategoryEnum.POST_BREACH
def get_data(self):
return {

3
monkey/infection_monkey/telemetry/scan_telem.py
View File

@ -1,3 +1,4 @@
from common.common_consts.telem_categories import TelemCategoryEnum
from infection_monkey.telemetry.base_telem import BaseTelem
__author__ = "itay.mizeretz"
@ -13,7 +14,7 @@ class ScanTelem(BaseTelem):
super(ScanTelem, self).__init__()
self.machine = machine
telem_category = 'scan'
telem_category = TelemCategoryEnum.SCAN
def get_data(self):
return {

19
monkey/infection_monkey/telemetry/scoutsuite_telem.py Normal file
View File

@ -0,0 +1,19 @@
from common.cloud.scoutsuite.ScoutSuite.output.result_encoder import ScoutJsonEncoder
from common.cloud.scoutsuite.ScoutSuite.providers.base.provider import BaseProvider
from common.common_consts.telem_categories import TelemCategoryEnum
from infection_monkey.telemetry.base_telem import BaseTelem
class ScoutSuiteTelem(BaseTelem):
def __init__(self, provider: BaseProvider):
super().__init__()
self.provider_data = provider
json_encoder = ScoutJsonEncoder
telem_category = TelemCategoryEnum.SCOUTSUITE
def get_data(self):
return {
'data': self.provider_data
}

3
monkey/infection_monkey/telemetry/state_telem.py
View File

@ -1,3 +1,4 @@
from common.common_consts.telem_categories import TelemCategoryEnum
from infection_monkey.telemetry.base_telem import BaseTelem
__author__ = "itay.mizeretz"
@ -14,7 +15,7 @@ class StateTelem(BaseTelem):
self.is_done = is_done
self.version = version
telem_category = 'state'
telem_category = TelemCategoryEnum.STATE
def get_data(self):
return {

3
monkey/infection_monkey/telemetry/system_info_telem.py
View File

@ -1,3 +1,4 @@
from common.common_consts.telem_categories import TelemCategoryEnum
from infection_monkey.telemetry.base_telem import BaseTelem
__author__ = "itay.mizeretz"
@ -13,7 +14,7 @@ class SystemInfoTelem(BaseTelem):
super(SystemInfoTelem, self).__init__()
self.system_info = system_info
telem_category = 'system_info'
telem_category = TelemCategoryEnum.SYSTEM_INFO
def get_data(self):
return self.system_info

3
monkey/infection_monkey/telemetry/trace_telem.py
View File

@ -1,5 +1,6 @@
import logging
from common.common_consts.telem_categories import TelemCategoryEnum
from infection_monkey.telemetry.base_telem import BaseTelem
__author__ = "itay.mizeretz"
@ -18,7 +19,7 @@ class TraceTelem(BaseTelem):
self.msg = msg
LOG.debug("Trace: %s" % msg)
telem_category = 'trace'
telem_category = TelemCategoryEnum.TRACE
def get_data(self):
return {

3
monkey/infection_monkey/telemetry/tunnel_telem.py
View File

@ -1,3 +1,4 @@
from common.common_consts.telem_categories import TelemCategoryEnum
from infection_monkey.control import ControlClient
from infection_monkey.telemetry.base_telem import BaseTelem
@ -13,7 +14,7 @@ class TunnelTelem(BaseTelem):
super(TunnelTelem, self).__init__()
self.proxy = ControlClient.proxies.get('https')
telem_category = 'tunnel'
telem_category = TelemCategoryEnum.TUNNEL
def get_data(self):
return {'proxy': self.proxy}

9
monkey/infection_monkey/transport/http.py
View File

@ -13,8 +13,7 @@ import infection_monkey.control
import infection_monkey.monkeyfs as monkeyfs
from common.common_consts.timeouts import SHORT_REQUEST_TIMEOUT
from infection_monkey.network.tools import get_interface_to_target
from infection_monkey.transport.base import (TransportProxyBase,
update_last_serve_time)
from infection_monkey.transport.base import TransportProxyBase, update_last_serve_time
__author__ = 'hoffer'
@ -193,8 +192,7 @@ class HTTPServer(threading.Thread):
def run(self):
class TempHandler(FileServHTTPRequestHandler):
from common.utils.attack_utils import ScanStatus
from infection_monkey.telemetry.attack.t1105_telem import \
T1105Telem
from infection_monkey.telemetry.attack.t1105_telem import T1105Telem
filename = self._filename
@ -248,8 +246,7 @@ class LockedHTTPServer(threading.Thread):
def run(self):
class TempHandler(FileServHTTPRequestHandler):
from common.utils.attack_utils import ScanStatus
from infection_monkey.telemetry.attack.t1105_telem import \
T1105Telem
from infection_monkey.telemetry.attack.t1105_telem import T1105Telem
filename = self._filename
@staticmethod

3
monkey/infection_monkey/transport/tcp.py
View File

@ -3,8 +3,7 @@ import socket
from logging import getLogger
from threading import Thread
from infection_monkey.transport.base import (TransportProxyBase,
update_last_serve_time)
from infection_monkey.transport.base import TransportProxyBase, update_last_serve_time
READ_BUFFER_SIZE = 8192
DEFAULT_TIMEOUT = 30

Some files were not shown because too many files have changed in this diff Show More