def test_cert(self):
# With cert
client = mazerunner.connect(
ip_address=self.mazerunner_ip_address,
api_key=self.api_key,
api_secret=self.api_secret,
certificate=self.mazerunner_certificate_path)
assert len(client.deployment_groups) == 1
# Without cert
client = mazerunner.connect(ip_address=self.mazerunner_ip_address,
api_key=self.api_key,
api_secret=self.api_secret,
certificate=None)
assert len(client.deployment_groups) == 1
def assign_group_to_cidr(deployment_group, cidr, connection_params):
network = IPNetwork(cidr)
client = mazerunner.connect(**connection_params)
group = find_deployment_group(client, deployment_group)
for address in network.iter_hosts():
name = get_hostname_for_ip(str(address))
if not name:
print "Could not resolve hostname for {}".format(address)
continue
# Find the endpoint object
endpoints = client.endpoints.filter(name)
e = find_endpoint(endpoints, name)
if not e:
print "Could not find endpoint object for {}".format(name)
continue
try:
client.endpoints.reassign_to_group(group, [e])
except mazerunner.exceptions.ValidationError:
# Workaround...
pass
print "Endpoint at {} ({}) assigned to group {}".format(
address, name, deployment_group)
def setup_method(self, method):
logger.debug("setup_method called")
with open(pytest.config.option.json_credentials, 'rb') as file_reader:
json_dict = json.load(file_reader)
self.lab_endpoint_ip = json_dict.get(ENDPOINT_IP_PARAM)
self.lab_endpoint_user = json_dict.get(ENDPOINT_USERNAME_PARAM)
self.lab_endpoint_password = json_dict.get(ENDPOINT_PASSWORD_PARAM)
self.mazerunner_ip_address = json_dict[MAZERUNNER_IP_ADDRESS_PARAM]
self.api_key = json_dict[API_ID_PARAM]
self.api_secret = json_dict[API_SECRET_PARAM]
self.mazerunner_certificate_path = json_dict[
MAZERUNNER_CERTIFICATE_PATH_PARAM]
self.client = mazerunner.connect(
ip_address=self.mazerunner_ip_address,
api_key=self.api_key,
api_secret=self.api_secret,
certificate=self.mazerunner_certificate_path)
self._configure_entities_groups()
self._assert_clean_system()
self._register_existing_elements()
self.file_paths_for_cleanup = []
_clear_deployment_path()
def emit_events(config, events):
client = mazerunner.connect(ip_address=config.mazerunner_server,
api_key=config.mazerunner_api_id,
api_secret=config.mazerunner_api_secret,
certificate=config.mazerunner_cert_path)
client.active_soc_events.create_multiple_events(
soc_name=config.mazerunner_soc_api_interface_name, events_dicts=events)
def main():
"""
Here's the procedure:
* Parse the command args.
* Configure connection to MazeRunner; store in the 'client' variable.
* Create a deployment group (which is a logical group of breadcrumbs).
* Create the breadcrumbs and their required services and decoy (see create_breadcrumb, \
create_service_if_needed, create_decoy_if_needed).
* Load the deployment group info from the server; wait for all the info to arrive.
* Deploy the deployment groups.
"""
args = get_args()
client = mazerunner.connect(args.ip_address, args.api_key, args.api_secret,
args.certificate)
password = _get_password(args.passwords)
deployment_group = client.deployment_groups.create(
name=args.deployment_group_name)
breadcrumb = create_breadcrumb(client, args.breadcrumb_type,
BREADCRUMB_DATA[args.breadcrumb_type],
args.username, password,
args.deployment_group_name)
breadcrumb.add_to_group(deployment_group.id)
print "Waiting for deployment group to become available - this may take a few minutes"
deployment_group.load()
while not deployment_group.is_active:
time.sleep(5)
deployment_group.load()
save_to = '%s' % args.deployment_group_name
for operating_system in ['Windows', 'Linux']:
try:
deployment_group.deploy(location_with_name='%s_%s' %
(save_to, operating_system),
os=operating_system,
download_type="install",
download_format=args.format)
except ValidationError:
print 'This breadcrumb is not supported on %s, skipping' % operating_system
print "%s deployment package saved to %s.%s" % (
operating_system, save_to, args.format.lower())
def main():
"""
Here is what we do:
* Parse command arguments.
* Create MazeRunner connection.
* Get a collection of all breadcrumbs.
* Delete all elements in the collection.
* Same for deployment groups, decoys, services, endpoints, cidr mappings, background tasks
"""
args = get_args()
client = mazerunner.connect(args.ip_address, args.api_key, args.api_secret,
args.certificate)
# Delete breadcrumbs:
breadcrumbs = client.breadcrumbs
print 'Deleting %d breadcrumbs' % len(breadcrumbs)
_delete_items_in_collection(breadcrumbs)
# Delete deployment groups:
deployment_groups = client.deployment_groups
print 'Deleting %d deployment groups' % len(deployment_groups)
_delete_items_in_collection(deployment_groups, exclude_persist=True)
# Delete services:
services = client.services
print 'Deleting %d services' % len(services)
_delete_items_in_collection(services)
# Delete decoys:
decoys = client.decoys
print 'Deleting %d decoys' % len(decoys)
_delete_items_in_collection(decoys)
# Delete CIDR mappings:
cidr_mappings = client.cidr_mappings
print 'Deleting %d cidr mappings' % len(cidr_mappings)
_delete_items_in_collection(cidr_mappings)
# Delete endpoints:
endpoints = client.endpoints
print 'Deleting %d endpoints' % len(endpoints)
_delete_items_in_collection(endpoints)
# Acknowledge all complete background tasks:
print 'Acknowledging all complete background tasks'
client.background_tasks.acknowledge_all_complete()
def main():
args = get_args()
if not args.certificate:
_suppress_ssl_errors()
# Init the MazeRunner client
client = mazerunner.connect(args.ip_address,
args.api_key,
args.api_secret,
args.certificate)
try:
server = SocketServer.UDPServer((HOST, PORT), get_syslog_handler(client))
server.serve_forever(poll_interval=0.5)
except KeyboardInterrupt:
print ("Ctrl+C Pressed. Shutting down.")
def transfer_files_to_cuckoo(cuckoo_api, verify_ssl, connection_params):
# Create a temporary directory to store our bin files in
dirpath = tempfile.mkdtemp()
try:
# Instantiate our MazeRunner connection
client = mazerunner.connect(**connection_params)
# Download files from MazeRunner, Upload files to Cuckoo
alert_files = retrieve_files_from_mazerunner(client, dirpath)
send_files_to_cuckoo(cuckoo_api, verify_ssl, alert_files)
finally:
# Clean up after our work
shutil.rmtree(dirpath)
print "Process complete"
def main():
args = get_args()
linux_endpoints_to_deploy = []
# Parse CSV file if we got one
if args.csv:
linux_endpoints_to_deploy = parse_csv_file(args.csv)
elif args.ip and args.port and args.user and args.passwd:
# save endpoint's specific data if we got it from the command line
linux_endpoints_to_deploy.append({
HOST_KEY: args.ip,
PORT_KEY: args.port,
USER_KEY: args.user,
PASS_KEY: args.passwd
})
if not linux_endpoints_to_deploy:
raise Exception("No endpoints found to work on.")
# Init the MazeRunner client
client = mazerunner.connect(args.ip_address, args.api_key, args.api_secret,
args.certificate, False)
# Get a new tempfile name
dep_file = tempfile.mkdtemp()
dep_file_full = "{}.zip".format(dep_file)
# Get the deployment group we want to deploy
deployment_groups = [
deployment_group for deployment_group in client.deployment_groups
if deployment_group.name == args.deployment_group
]
if not deployment_groups:
raise Exception("Deployment group names '{}' not found.".format(
args.deployment_group))
deployment_group = deployment_groups[0]
# Create the deployment file
deployment_group.deploy(dep_file, 'Linux', args.deployment_type, 'ZIP')
# Deploy the file on all endpoints we have
deploy_zip_on_endpoints(dep_file_full, linux_endpoints_to_deploy,
args.deployment_type, args.deployment_group)
def main():
"""
Here's the procedure:
* Parse the command args.
* Configure connection to MazeRunner; store in the 'client' variable.
* Create a deployment group (which is a logical group of breadcrumbs).
* Create the breadcrumbs and their required services and decoy (see create_breadcrumb, \
create_service_if_needed, create_decoy_if_needed).
* Load the deployment group info from the server; wait for all the info to arrive.
* Deploy the deployment groups.
"""
args = get_args()
client = mazerunner.connect(args.ip_address, args.api_key, args.api_secret,
args.certificate, False)
password = _get_password(args.passwords)
deployment_group = client.deployment_groups.create(
name=args.deployment_group_name)
for breadcrumb_type in BREADCRUMB_DATA:
breadcrumb = create_breadcrumb(client, breadcrumb_type,
BREADCRUMB_DATA[breadcrumb_type],
args.username, password,
args.deployment_group_name)
breadcrumb.add_to_group(deployment_group.id)
print "Waiting for deployment group to be available - this takes a few minutes"
deployment_group.load()
while not deployment_group.is_active:
time.sleep(5)
deployment_group.load()
save_to = '%s' % args.deployment_group_name
deployment_group.deploy(location_with_name=save_to,
os=args.os,
download_type="install",
download_format=args.format)
print "Deployment package saved to %s.%s" % (save_to, args.format.lower())
def main():
"""
Here is what we do:
* Parse command arguments.
* Fetch all possible types of alerts.
* Get an AlertCollection: show/hide muted alerts according to option specified in \
the command, and show all types of alerts.
* Check the current amount of alerts.
* Periodically check for alerts and print the new ones.
"""
args = get_args()
client = mazerunner.connect(args.ip_address, args.api_key, args.api_secret,
args.certificate)
# Get alerts
alert_types = client.alerts.params()['alert_type']
last_seen_id = 0
print("Showing all alerts live. Press Ctrl+C to exit.")
try:
while True:
time.sleep(WAIT_TIME)
alert_filter = client.alerts.filter(
filter_enabled=True,
only_alerts=not args.show_muted,
alert_types=alert_types,
id_greater_than=last_seen_id)
for alert in alert_filter:
print(
DISPLAY_FORMAT.format(decoy_name=alert.decoy['name'],
alert_type=alert.alert_type))
if alert.id > last_seen_id:
last_seen_id = alert.id
except KeyboardInterrupt:
sys.exit()
def main():
"""
Here is what we do:
* Parse command arguments.
* Fetch all possible types of alerts.
* Get an AlertCollection: show/hide muted alerts according to option specified in \
the command, and show all types of alerts.
* Check the current amount of alerts.
* Periodically check for alerts and print the new ones.
"""
args = get_args()
client = mazerunner.connect(args.ip_address, args.api_key, args.api_secret,
args.certificate)
# Get alerts
alerts = client.alerts
alert_types = alerts.params()['alert_type']
filtered_alerts = alerts.filter(filter_enabled=True,
only_alerts=not args.show_muted,
alert_types=alert_types)
print "Showing all alerts live. Press Ctrl+C to exit."
last_length = len(list(filtered_alerts))
try:
while True:
time.sleep(WAIT_TIME)
current_length = len(list(filtered_alerts))
if current_length > last_length:
alert_list = list(filtered_alerts)
for i in range(last_length, current_length):
print DISPLAY_FORMAT.format(
decoy_name=alert_list[i].decoy['name'],
alert_type=alert_list[i].alert_type)
last_length = current_length
except KeyboardInterrupt:
sys.exit()
def main():
"""
Here is what we do:
* Parse command arguments.
* Create MazeRunner connection.
* Get a collection of all breadcrumbs.
* Delete all elements in the collection.
* Same for services.
* Same for decoys.
"""
args = get_args()
client = mazerunner.connect(args.ip_address, args.api_key, args.api_secret,
args.certificate, False)
# delete breadcrumbs:
breadcrumbs = client.breadcrumbs
print 'deleting %d breadcrumbs' % len(breadcrumbs)
_delete_items_in_collection(breadcrumbs)
# delete deployment groups:
deployment_groups = client.deployment_groups
print 'deleting %d deployment groups' % len(deployment_groups)
_delete_items_in_collection(deployment_groups, exclude_persist=True)
# delete services:
services = client.services
print 'deleting %d services' % len(services)
_delete_items_in_collection(services)
# delete decoys:
decoys = client.decoys
print 'deleting %d decoys' % len(decoys)
_delete_items_in_collection(decoys)
def main():
"""
Here is what we do:
* Parse the command arguments.
* Create a decoy named "Backup Server Decoy".
* Wait until the decoy is created.
* Create an SMB service.
* Attach the SMB service to the decoy we previously created.
* Load users & passwords data file.
* Create breadcrumbs and attach them to the service we previously created.
* Start the decoy machine.
At the end of this process, we will have a nested (KVM) decoy.
On that decoy, we will have an SMB service installed, which will have several SMB users.
"""
args = get_args()
# Connect to the MazeRunner API
# The client object holds your session data and allows you to access the MazeRunner resources
client = mazerunner.connect(args.ip_address, args.api_key, args.api_secret,
args.certificate, False)
# Create a decoy
# This will create a decoy virtual machine inside MazeRunner.
# The decoy acts as a trap,
# Any action done on the decoy is monitored and will generate an alert on MazeRunner
print "Creating Decoy"
decoy = client.decoys.create(name="Backup Server Decoy",
hostname="nas-backup-02",
os="Ubuntu_1404",
vm_type="KVM")
while decoy.machine_status != "not_seen": # make sure the decoy was created
time.sleep(5)
decoy.load()
# Create a service
# Different services allow you to mimic different resources you have on your network
print "Creating service"
smb_zip_file = _create_dummy_zip_file()
service = client.services.create(name="SMB Serice",
service_type="smb",
share_name="accounting",
zip_file_path=smb_zip_file)
os.remove(smb_zip_file)
# Connect the service to the decoy
# When a service is connected to a decoy, you may access the service on the decoy.
# Any such interaction will generate an alert
print "Connecting service to decoy"
service.connect_to_decoy(decoy.id)
with open(args.usernames_file, 'r') as f:
data = f.read()
usernames = [u.strip() for u in data.split('\n') if u.strip()]
if args.passwords:
with open(args.passwords, 'r') as f:
data = f.read()
passwords = [p.strip() for p in data.split('\n') if p.strip()]
else:
passwords = ['pass', '1234', 'xyz',
'qwerty'] # default common passwords
print "Creating Breadcrumbs"
for idx, username in enumerate(usernames):
# Create breadcrumb
# Breadcrumbs can be deployed on endpoints to trick an attacker to interact with a decoy and generate an alert
breadcrumb = client.breadcrumbs.create(
name="SMB Breadcrumb %d" % idx,
breadcrumb_type="netshare",
username=username,
password=random.choice(passwords))
# Connect the breadrumb to the service
# When a breadcrumb is connected to a service, the credential and other information
# found in the breadcrumb will be usable with the service
breadcrumb.connect_to_service(service.id)
# Power the decoy on
# After we set up the entire deception chain - its time to power on the decoy!
decoy.power_on()
