From eddc4ca36ad6bee30cdaa150d911dce07571fc14 Mon Sep 17 00:00:00 2001
From: Itay Mizeretz <itay.mizeretz@guardicore.com>
Date: Sun, 25 Nov 2018 16:29:44 +0200
Subject: [PATCH] Add AWS instance id collector

---
 monkey/common/cloud/__init__.py               |  1 +
 monkey/common/cloud/aws.py                    | 17 ++++++++++
 .../infection_monkey/system_info/__init__.py  | 12 +++++++
 .../system_info/aws_collector.py              | 29 ++++++++++++++++
 .../system_info/linux_info_collector.py       |  5 +--
 .../system_info/windows_info_collector.py     | 34 +++++++++----------
 monkey/monkey_island/cc/environment/aws.py    |  5 ++-
 7 files changed, 78 insertions(+), 25 deletions(-)
 create mode 100644 monkey/common/cloud/__init__.py
 create mode 100644 monkey/common/cloud/aws.py
 create mode 100644 monkey/infection_monkey/system_info/aws_collector.py

diff --git a/monkey/common/cloud/__init__.py b/monkey/common/cloud/__init__.py
new file mode 100644
index 000000000..ee5b79ad0
--- /dev/null
+++ b/monkey/common/cloud/__init__.py
@@ -0,0 +1 @@
+__author__ = 'itay.mizeretz'
diff --git a/monkey/common/cloud/aws.py b/monkey/common/cloud/aws.py
new file mode 100644
index 000000000..dc5d7b617
--- /dev/null
+++ b/monkey/common/cloud/aws.py
@@ -0,0 +1,17 @@
+import urllib2
+
+__author__ = 'itay.mizeretz'
+
+
+class Aws:
+    def __init__(self):
+        try:
+            self.instance_id = urllib2.urlopen('http://169.254.169.254/latest/meta-data/instance-id').read()
+        except urllib2.URLError:
+            self.instance_id = None
+
+    def get_instance_id(self):
+        return self.instance_id
+
+    def is_aws_instance(self):
+        return self.instance_id is not None
diff --git a/monkey/infection_monkey/system_info/__init__.py b/monkey/infection_monkey/system_info/__init__.py
index fbfbcbd7a..66a8a77b3 100644
--- a/monkey/infection_monkey/system_info/__init__.py
+++ b/monkey/infection_monkey/system_info/__init__.py
@@ -5,7 +5,9 @@ import sys
 import psutil
 from enum import IntEnum
 
+from common.cloud.aws import Aws
 from infection_monkey.network.info import get_host_subnets
+from infection_monkey.system_info.aws_collector import AwsCollector
 from infection_monkey.system_info.azure_cred_collector import AzureCollector
 
 LOG = logging.getLogger(__name__)
@@ -57,6 +59,13 @@ class InfoCollector(object):
     def __init__(self):
         self.info = {}
 
+    def get_info(self):
+        self.get_hostname()
+        self.get_process_list()
+        self.get_network_info()
+        self.get_azure_info()
+        self.get_aws_info()
+
     def get_hostname(self):
         """
         Adds the fully qualified computer hostname to the system information.
@@ -131,3 +140,6 @@ class InfoCollector(object):
         if len(azure_creds) != 0:
             self.info["Azure"] = {}
             self.info["Azure"]['usernames'] = [cred[0] for cred in azure_creds]
+
+    def get_aws_info(self):
+        self.info['aws'] = AwsCollector().get_aws_info()
diff --git a/monkey/infection_monkey/system_info/aws_collector.py b/monkey/infection_monkey/system_info/aws_collector.py
new file mode 100644
index 000000000..8853aabff
--- /dev/null
+++ b/monkey/infection_monkey/system_info/aws_collector.py
@@ -0,0 +1,29 @@
+import logging
+
+from common.cloud.aws import Aws
+
+__author__ = 'itay.mizeretz'
+
+LOG = logging.getLogger(__name__)
+
+
+class AwsCollector(object):
+    """
+    Extract info from AWS machines
+    """
+
+    @staticmethod
+    def get_aws_info():
+        LOG.info("Collecting AWS info")
+        aws = Aws()
+        info = {}
+        if aws.is_aws_instance():
+            LOG.info("Machine is an AWS instance")
+            info = \
+                {
+                    'instance_id': aws.get_instance_id()
+                }
+        else:
+            LOG.info("Machine is NOT an AWS instance")
+
+        return info
diff --git a/monkey/infection_monkey/system_info/linux_info_collector.py b/monkey/infection_monkey/system_info/linux_info_collector.py
index 466177b49..831b10ba1 100644
--- a/monkey/infection_monkey/system_info/linux_info_collector.py
+++ b/monkey/infection_monkey/system_info/linux_info_collector.py
@@ -23,10 +23,7 @@ class LinuxInfoCollector(InfoCollector):
         :return: Dict of system information
         """
         LOG.debug("Running Linux collector")
-        self.get_hostname()
-        self.get_process_list()
-        self.get_network_info()
-        self.get_azure_info()
+        super(LinuxInfoCollector, self).get_info()
         self.info['ssh_info'] = SSHCollector.get_info()
         return self.info
 
diff --git a/monkey/infection_monkey/system_info/windows_info_collector.py b/monkey/infection_monkey/system_info/windows_info_collector.py
index abf0771fa..fb2261572 100644
--- a/monkey/infection_monkey/system_info/windows_info_collector.py
+++ b/monkey/infection_monkey/system_info/windows_info_collector.py
@@ -35,16 +35,26 @@ class WindowsInfoCollector(InfoCollector):
         :return: Dict of system information
         """
         LOG.debug("Running Windows collector")
-        self.get_hostname()
-        self.get_process_list()
-        self.get_network_info()
-        self.get_azure_info()
-
+        super(WindowsInfoCollector, self).get_info()
         self.get_wmi_info()
-        LOG.debug('finished get_wmi_info')
         self.get_installed_packages()
+        self.get_mimikatz_info()
+
+        return self.info
+
+    def get_installed_packages(self):
+        LOG.info('getting installed packages')
+        self.info["installed_packages"] = os.popen("dism /online /get-packages").read()
+        self.info["installed_features"] = os.popen("dism /online /get-features").read()
         LOG.debug('Got installed packages')
 
+    def get_wmi_info(self):
+        LOG.info('getting wmi info')
+        for wmi_class_name in WMI_CLASSES:
+            self.info['wmi'][wmi_class_name] = WMIUtils.get_wmi_class(wmi_class_name)
+        LOG.debug('finished get_wmi_info')
+
+    def get_mimikatz_info(self):
         mimikatz_collector = MimikatzCollector()
         mimikatz_info = mimikatz_collector.get_logon_info()
         if mimikatz_info:
@@ -53,15 +63,3 @@ class WindowsInfoCollector(InfoCollector):
             self.info["mimikatz"] = mimikatz_collector.get_mimikatz_text()
         else:
             LOG.info('No mimikatz info was gathered')
-
-        return self.info
-
-    def get_installed_packages(self):
-        LOG.info('getting installed packages')
-        self.info["installed_packages"] = os.popen("dism /online /get-packages").read()
-        self.info["installed_features"] = os.popen("dism /online /get-features").read()
-
-    def get_wmi_info(self):
-        LOG.info('getting wmi info')
-        for wmi_class_name in WMI_CLASSES:
-            self.info['wmi'][wmi_class_name] = WMIUtils.get_wmi_class(wmi_class_name)
diff --git a/monkey/monkey_island/cc/environment/aws.py b/monkey/monkey_island/cc/environment/aws.py
index b85a7d2e4..a65a6b940 100644
--- a/monkey/monkey_island/cc/environment/aws.py
+++ b/monkey/monkey_island/cc/environment/aws.py
@@ -1,7 +1,6 @@
-import urllib2
-
 import cc.auth
 from cc.environment import Environment
+from common.cloud.aws import Aws
 
 __author__ = 'itay.mizeretz'
 
@@ -13,7 +12,7 @@ class AwsEnvironment(Environment):
 
     @staticmethod
     def _get_instance_id():
-        return urllib2.urlopen('http://169.254.169.254/latest/meta-data/instance-id').read()
+        return Aws.get_instance_id()
 
     def is_auth_enabled(self):
         return True