p59342861
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
monkey/docs/content/reference/scanners/_index.md

3.9 KiB
Raw Blame History

title date draft weight pre tags
Scanners 2020-07-14T08:43:12+03:00 false 20 <i class="fas fa-network-wired"></i>
reference

The Infection Monkey agent takes two steps before attempting to exploit a victim, scanning and fingerprinting. It's possible to customize both steps in the configuration files.

Scanning

Currently there are two scanners, PingScanner and TcpScanner, both inheriting from HostScanner.

The sole interface required is the is_host_alive interface, which needs to return True/False.

TcpScanner is the default scanner. It checks for open ports based on the tcp_target_ports configuration setting.

PingScanner sends a ping message using the host OS utility ping.

Fingerprinting

Fingerprinters are modules that collect server information from a specific victim. They inherit from the HostFinger class and are listed under the finger_classes configuration option.

The currently implemented Fingerprint modules are:

  1. SMBFinger - Fingerprints will target machines over SMB and extract the computer name and OS version.
  2. SSHFinger - Fingerprints will target machines over SSH (port 22) and extract the computer version and SSH banner.
  3. PingScanner - Fingerprints will use the machine's TTL to differentiate between Linux and Windows hosts.
  4. HTTPFinger - Fingerprints over HTTP/HTTPS, using the ports listed in HTTP_PORTS in the configuration, will return the server type and if it supports SSL.
  5. MySQLFinger - Fingerprints over MySQL (port 3306) will extract MySQL banner info - version, major/minor/build and capabilities.
  6. ElasticFinger - Fingerprints over ElasticSearch (port 9200) will extract the cluster name, node name and node version.

Adding a scanner/fingerprinter

To add a new scanner/fingerprinter, create a new class that inherits from HostScanner or HostFinger (depending on the interface). The class should be under the network module and imported under network/__init__.py.

To use the new scanner/fingerprinter by default, two files need to be changed - infection_monkey/config.py and infection_monkey/example.conf to add references to the new class.

At this point, the Infection Monkey knows how to use the new scanner/fingerprinter but to make it easy to use, the UI needs to be updated. The relevant UI file is monkey_island/cc/services/config.py.