guardicore / monkey Goto Github PK
View Code? Open in Web Editor NEWInfection Monkey - An open-source adversary emulation platform
Home Page: https://www.guardicore.com/infectionmonkey/
License: GNU General Public License v3.0
Infection Monkey - An open-source adversary emulation platform
Home Page: https://www.guardicore.com/infectionmonkey/
License: GNU General Public License v3.0
Add the ability to find network boxes such as switches and routers and other non endpoints and see if they're vulnerable using our current exploits without actually running the monkey.
Can maybe propagate using a scratch payload that just says "I'm here".
for example when the host is no longer relevant (dead old monkey)
We'd like to implement an exploit for the Oracle WebLogic vulnerability (CVE-2017-10271).
List of URLs we should cover
Exploit logic should be similar to the Shellshock module.
Should have the option to support multiple users.
The Monkey Island's DB has a lot of data useful for debugging and for general analysis. Exporting the data should be easy, and accessible through the island's interface
At first monkey-island.service wouldn't start but fixed it by removing bson
sudo pip uninstall bson
sudo pip uninstall pymongo
sudo pip install pymongo
But isn't starting also and I have no idea how to fix it
● monkey-island.service - Monkey Island Service
Loaded: loaded (/lib/systemd/system/monkey-island.service; disabled; vendor preset: disabled)
Active: active (running) since Wed 2017-05-17 21:47:00 CEST; 5min ago
Main PID: 5428 (start_server.sh)
Tasks: 4 (limit: 4915)
Memory: 19.8M
CPU: 403ms
CGroup: /system.slice/monkey-island.service
├─5428 /bin/bash /var/monkey_island/ubuntu/systemd/start_server.sh
└─5429 python main.py
May 17 21:47:00 Broadband systemd[1]: Started Monkey Island Service.
● monkey-mongo.service - Monkey Island Mongo Service
Loaded: loaded (/lib/systemd/system/monkey-mongo.service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Wed 2017-05-17 21:47:02 CEST; 5min ago
Process: 5501 ExecStop=/var/monkey_island/bin/mongodb/bin/mongod --shutdown (code=exited, status=127)
Process: 5500 ExecStart=/var/monkey_island/bin/mongodb/bin/mongod --quiet --dbpath /var/monkey_island/db (code=exited, status=127)
Main PID: 5500 (code=exited, status=127)
CPU: 3ms
May 17 21:47:02 Broadband systemd[1]: monkey-mongo.service: Control process exited, code=exited status=127
May 17 21:47:02 Broadband systemd[1]: monkey-mongo.service: Unit entered failed state.
May 17 21:47:02 Broadband systemd[1]: monkey-mongo.service: Failed with result 'exit-code'.
May 17 21:47:02 Broadband systemd[1]: monkey-mongo.service: Service hold-off time over, scheduling restart.
May 17 21:47:02 Broadband systemd[1]: Stopped Monkey Island Mongo Service.
May 17 21:47:02 Broadband systemd[1]: monkey-mongo.service: Start request repeated too quickly.
May 17 21:47:02 Broadband systemd[1]: Failed to start Monkey Island Mongo Service.
May 17 21:47:02 Broadband systemd[1]: monkey-mongo.service: Unit entered failed state.
May 17 21:47:02 Broadband systemd[1]: monkey-mongo.service: Failed with result 'exit-code'.
The user should be able to easily specify subnet pairs which shouldn't be accessible from one another.
The monkey should be able to detect whether or not they are accessible (given it's on one of the networks).
The monkey island should display all irregularities on the report.
Hey guys,
I'm trying to wrap my head around the installation process:
Currently, your git readme file refers to the Setup page in the Wiki.
The setup page refers to the blog, where there is completely no installation steps.
The only installation steps i've found are in the monkey\monkey_island\readme.txt, and they are messy.
Thank you very much, can't wait to try it.
Dviros.
Reuse logged in users credentials when attempting to infect Windows machines by stealing tokens.
On windows targets, when using relevent expolits
update the procedure to install / run / stop an island. Might be nice to write an installation script.
Ability to control the Monkey Island from the Business. Set configuration, start and stop tests.
Add multiple kill triggers to allow stopping the Monkey's operation.
Windows 64 builds fail when using Shellshock, with the following error
2016-09-05 13:52:31,088 [11988:ERROR] monkey.start.173: Exception while attacking <VictimHost 10.0.1.160> using ShellShockExploiter: Gevent is required for grequests.
This doesn't happen in other builds.
add lines to show which monkey tunneled through which, for helping diagnose the exploitation route
Monkey Island currently outputs to console. We want to write to a log as well, and be able to access it from the island's interface
It's one giant file, should be split.
Currently, the monkey can't tell if the target windows machine is 32bit or 64bit, so the 32bit version is used for both.
There are several problems with this. In order to solve the issue, the monkey should upgrade to 64bit after it's started
When hpvm session expires (i.e. max timeout), ot when a real machine brutally disappears in the middle of the attack, monkey should skip this victim after a while and not stuck in a loop.
Example of the loop:
2015-08-31 00:15:23,292 [3788:DEBUG] exploit.new_smb_connection.385: SMB connect
ion to <VictimHost 200.200.200.8> on port 445 failed, trying port 139 ([Errno 10
060] A connection attempt failed because the connected party did not properly re
spond after a period of time, or established connection failed because connected
host has failed to respond (200.200.200.8:445))
2015-08-31 00:15:48,875 [3788:DEBUG] exploit.new_smb_connection.391: SMB connect
ion to <VictimHost 200.200.200.8> on port 139 failed as well ([Errno 10060] A co
nnection attempt failed because the connected party did not properly respond aft
er a period of time, or established connection failed because connected host has
failed to respond (200.200.200.8:139))
2015-08-31 00:16:10,450 [3788:DEBUG] exploit.new_smb_connection.385: SMB connect
ion to <VictimHost 200.200.200.8> on port 445 failed, trying port 139 ([Errno 10
060] A connection attempt failed because the connected party did not properly re
spond after a period of time, or established connection failed because connected
host has failed to respond (200.200.200.8:445))
Not raise a TypeError
Raises a TypeError
_cast_by_example
with a value
which isn't None
and example
as a tuple with a minimum length of 1
.>>> _cast_by_example('value', ('example',))
Traceback (most recent call last):
File "<input>", line 1, in <module>
File "<input>", line 14, in _cast_by_example
TypeError: 'NoneType' object is not iterable
The problem is in this line:
monkey/infection_monkey/config.py
Line 28 in 8f0251e
The issue is calling tuple(None)
:
>>> tuple(None)
Traceback (most recent call last):
File "<input>", line 1, in <module>
TypeError: 'NoneType' object is not iterable
The problem line is almost exactly the same as this line (four lines below the problem line):
monkey/infection_monkey/config.py
Line 32 in 8f0251e
After looking at that, it seems like a potential fix would be either:
if value is None or value == (None,):
# or
if value is None or value == tuple([None]):
Both of these produce a tuple with one element which is None
.
>>> (None,)
(None,)
>>> tuple([None])
(None,)
I didn't send a PR since I wasn't exactly sure if this would be correct and if so, which one of these would be preferred.
for example running the metasploit on the island and create TCP tunnels from it to target hosts
the file range is named as a python keyword. we should rename it
SSH and Shellshock exploiters do not respect this file and overwrite existing monkeys
each time host is successfully exploited, the exploited host will locally save info about the attacker using an incremental trace log, so it will be possible from one log to trace back to "patient zero".
In slow/problematic environments, like we experienced with NSX11 setup, host (many times its the hpvm) might repeatedly abort the smb copy of the monkey (which is 5MB+ file). In that case monkey stays in an endless loop of copy retries.
Add the ability to pull the current state from a Monkey Island instance created by Business and display it without requiring user to open console to the machine.
Similar to the vSphere feature, add the ability to create a Monkey Island server in an AWS network
Browsing to / should lead to admin page.
https://github.com/guardicore/monkey/tree/master/monkey_island says => run run.sh (located under /linux)
There is no "run.sh"
:~/monkey/monkey_island/linux# ls -alh
total 28K
drwxr-xr-x 3 root root 4.0K Feb 8 18:57 .
drwxr-xr-x 6 root root 4.0K Feb 9 20:11 ..
-rw-r--r-- 1 root root 102 Feb 8 18:57 clear_db.sh
-rw-r--r-- 1 root root 303 Feb 8 18:57 create_certificate.sh
-rw-r--r-- 1 root root 265 Feb 8 18:57 install.sh
-rw-r--r-- 1 root root 265 Feb 8 18:57 monkey.sh
drwxr-xr-x 3 root root 4.0K Feb 8 18:57 ubuntu
ImportError: No module named Queue
Failed to execute script pyi_rth_twisted
Most of the functionality doesn't require root permissions, but a verification is needed.
Sample issue to check: when listening on a port, don't choose a low number.
Add the ability to create future tests, such as "in two hours spin up a Monkey test in a random VLAN, run for 30 minutes and collect results."
If report has been generated, and after it a new monkey started running, the map V disappears but the report's V stays. We want to fix that
The monkey should steal ssh keys and use them to propagate.
See:
https://mthbernardes.github.io/persistence/2018/01/10/stealing-ssh-credentials.html
https://mthbernardes.github.io/persistence/2018/02/10/stealing-ssh-credentials-another-approach.html
In case there is no link to the island, there might be an option that after successfully exploiting some hosts on the network one of them can be used as a new valid tunnel
We should color code the telemetry as it's very noisy. Status reports (state, tunnel, system_info_collection), scan attempts, exploit attempts.
Maybe green/yellow/red.
Monkey should report to Monkey Island hosts that it found in the subnet (along with all available information) and report hosts that it unsuccessfully attacked.
in case there is a configuration file we prefer it over the hard-coded configuration
When viewing the admin page, mark in some way new monkeys that were just added so it will be easier to notice
Instead of crashing if the monkey deserializes an unknown configuration variable, send an error message to the current monkey server and keep on working.
The monkey should be able to scan a specific subnet (or several subnets) by listing the subnet in the config, and not by specific IPs
reduce from 1MB in linux after cleaning unnecessary imports
No reason to force the user to click "update" after they click save on the JSON.
We'd like to implement an exploit for the Struts RCE vulnerability (S2-045) as specified in https://cwiki.apache.org/confluence/display/WW/S2-045. We can assume the victim is running Linux.
Before trying to attack, we should map the victim HTTP server for common Struts2 pages and not assume a single fixed hardcoded URL.
Add ability to scan for Apache HTTP servers and scan them for vulnerable CGI pages and attempt to attack.
even if the current host couldn't connect to the island we still want the user to know this host is vulnerable, so display some UI indication to the user could be usefull
Add an option to configure IPs that should never be probed.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.