def test_cert(self): # With cert client = mazerunner.connect( ip_address=self.mazerunner_ip_address, api_key=self.api_key, api_secret=self.api_secret, certificate=self.mazerunner_certificate_path) assert len(client.deployment_groups) == 1 # Without cert client = mazerunner.connect(ip_address=self.mazerunner_ip_address, api_key=self.api_key, api_secret=self.api_secret, certificate=None) assert len(client.deployment_groups) == 1
def assign_group_to_cidr(deployment_group, cidr, connection_params): network = IPNetwork(cidr) client = mazerunner.connect(**connection_params) group = find_deployment_group(client, deployment_group) for address in network.iter_hosts(): name = get_hostname_for_ip(str(address)) if not name: print "Could not resolve hostname for {}".format(address) continue # Find the endpoint object endpoints = client.endpoints.filter(name) e = find_endpoint(endpoints, name) if not e: print "Could not find endpoint object for {}".format(name) continue try: client.endpoints.reassign_to_group(group, [e]) except mazerunner.exceptions.ValidationError: # Workaround... pass print "Endpoint at {} ({}) assigned to group {}".format( address, name, deployment_group)
def setup_method(self, method): logger.debug("setup_method called") with open(pytest.config.option.json_credentials, 'rb') as file_reader: json_dict = json.load(file_reader) self.lab_endpoint_ip = json_dict.get(ENDPOINT_IP_PARAM) self.lab_endpoint_user = json_dict.get(ENDPOINT_USERNAME_PARAM) self.lab_endpoint_password = json_dict.get(ENDPOINT_PASSWORD_PARAM) self.mazerunner_ip_address = json_dict[MAZERUNNER_IP_ADDRESS_PARAM] self.api_key = json_dict[API_ID_PARAM] self.api_secret = json_dict[API_SECRET_PARAM] self.mazerunner_certificate_path = json_dict[ MAZERUNNER_CERTIFICATE_PATH_PARAM] self.client = mazerunner.connect( ip_address=self.mazerunner_ip_address, api_key=self.api_key, api_secret=self.api_secret, certificate=self.mazerunner_certificate_path) self._configure_entities_groups() self._assert_clean_system() self._register_existing_elements() self.file_paths_for_cleanup = [] _clear_deployment_path()
def emit_events(config, events): client = mazerunner.connect(ip_address=config.mazerunner_server, api_key=config.mazerunner_api_id, api_secret=config.mazerunner_api_secret, certificate=config.mazerunner_cert_path) client.active_soc_events.create_multiple_events( soc_name=config.mazerunner_soc_api_interface_name, events_dicts=events)
def main(): """ Here's the procedure: * Parse the command args. * Configure connection to MazeRunner; store in the 'client' variable. * Create a deployment group (which is a logical group of breadcrumbs). * Create the breadcrumbs and their required services and decoy (see create_breadcrumb, \ create_service_if_needed, create_decoy_if_needed). * Load the deployment group info from the server; wait for all the info to arrive. * Deploy the deployment groups. """ args = get_args() client = mazerunner.connect(args.ip_address, args.api_key, args.api_secret, args.certificate) password = _get_password(args.passwords) deployment_group = client.deployment_groups.create( name=args.deployment_group_name) breadcrumb = create_breadcrumb(client, args.breadcrumb_type, BREADCRUMB_DATA[args.breadcrumb_type], args.username, password, args.deployment_group_name) breadcrumb.add_to_group(deployment_group.id) print "Waiting for deployment group to become available - this may take a few minutes" deployment_group.load() while not deployment_group.is_active: time.sleep(5) deployment_group.load() save_to = '%s' % args.deployment_group_name for operating_system in ['Windows', 'Linux']: try: deployment_group.deploy(location_with_name='%s_%s' % (save_to, operating_system), os=operating_system, download_type="install", download_format=args.format) except ValidationError: print 'This breadcrumb is not supported on %s, skipping' % operating_system print "%s deployment package saved to %s.%s" % ( operating_system, save_to, args.format.lower())
def main(): """ Here is what we do: * Parse command arguments. * Create MazeRunner connection. * Get a collection of all breadcrumbs. * Delete all elements in the collection. * Same for deployment groups, decoys, services, endpoints, cidr mappings, background tasks """ args = get_args() client = mazerunner.connect(args.ip_address, args.api_key, args.api_secret, args.certificate) # Delete breadcrumbs: breadcrumbs = client.breadcrumbs print 'Deleting %d breadcrumbs' % len(breadcrumbs) _delete_items_in_collection(breadcrumbs) # Delete deployment groups: deployment_groups = client.deployment_groups print 'Deleting %d deployment groups' % len(deployment_groups) _delete_items_in_collection(deployment_groups, exclude_persist=True) # Delete services: services = client.services print 'Deleting %d services' % len(services) _delete_items_in_collection(services) # Delete decoys: decoys = client.decoys print 'Deleting %d decoys' % len(decoys) _delete_items_in_collection(decoys) # Delete CIDR mappings: cidr_mappings = client.cidr_mappings print 'Deleting %d cidr mappings' % len(cidr_mappings) _delete_items_in_collection(cidr_mappings) # Delete endpoints: endpoints = client.endpoints print 'Deleting %d endpoints' % len(endpoints) _delete_items_in_collection(endpoints) # Acknowledge all complete background tasks: print 'Acknowledging all complete background tasks' client.background_tasks.acknowledge_all_complete()
def main(): args = get_args() if not args.certificate: _suppress_ssl_errors() # Init the MazeRunner client client = mazerunner.connect(args.ip_address, args.api_key, args.api_secret, args.certificate) try: server = SocketServer.UDPServer((HOST, PORT), get_syslog_handler(client)) server.serve_forever(poll_interval=0.5) except KeyboardInterrupt: print ("Ctrl+C Pressed. Shutting down.")
def transfer_files_to_cuckoo(cuckoo_api, verify_ssl, connection_params): # Create a temporary directory to store our bin files in dirpath = tempfile.mkdtemp() try: # Instantiate our MazeRunner connection client = mazerunner.connect(**connection_params) # Download files from MazeRunner, Upload files to Cuckoo alert_files = retrieve_files_from_mazerunner(client, dirpath) send_files_to_cuckoo(cuckoo_api, verify_ssl, alert_files) finally: # Clean up after our work shutil.rmtree(dirpath) print "Process complete"
def main(): args = get_args() linux_endpoints_to_deploy = [] # Parse CSV file if we got one if args.csv: linux_endpoints_to_deploy = parse_csv_file(args.csv) elif args.ip and args.port and args.user and args.passwd: # save endpoint's specific data if we got it from the command line linux_endpoints_to_deploy.append({ HOST_KEY: args.ip, PORT_KEY: args.port, USER_KEY: args.user, PASS_KEY: args.passwd }) if not linux_endpoints_to_deploy: raise Exception("No endpoints found to work on.") # Init the MazeRunner client client = mazerunner.connect(args.ip_address, args.api_key, args.api_secret, args.certificate, False) # Get a new tempfile name dep_file = tempfile.mkdtemp() dep_file_full = "{}.zip".format(dep_file) # Get the deployment group we want to deploy deployment_groups = [ deployment_group for deployment_group in client.deployment_groups if deployment_group.name == args.deployment_group ] if not deployment_groups: raise Exception("Deployment group names '{}' not found.".format( args.deployment_group)) deployment_group = deployment_groups[0] # Create the deployment file deployment_group.deploy(dep_file, 'Linux', args.deployment_type, 'ZIP') # Deploy the file on all endpoints we have deploy_zip_on_endpoints(dep_file_full, linux_endpoints_to_deploy, args.deployment_type, args.deployment_group)
def main(): """ Here's the procedure: * Parse the command args. * Configure connection to MazeRunner; store in the 'client' variable. * Create a deployment group (which is a logical group of breadcrumbs). * Create the breadcrumbs and their required services and decoy (see create_breadcrumb, \ create_service_if_needed, create_decoy_if_needed). * Load the deployment group info from the server; wait for all the info to arrive. * Deploy the deployment groups. """ args = get_args() client = mazerunner.connect(args.ip_address, args.api_key, args.api_secret, args.certificate, False) password = _get_password(args.passwords) deployment_group = client.deployment_groups.create( name=args.deployment_group_name) for breadcrumb_type in BREADCRUMB_DATA: breadcrumb = create_breadcrumb(client, breadcrumb_type, BREADCRUMB_DATA[breadcrumb_type], args.username, password, args.deployment_group_name) breadcrumb.add_to_group(deployment_group.id) print "Waiting for deployment group to be available - this takes a few minutes" deployment_group.load() while not deployment_group.is_active: time.sleep(5) deployment_group.load() save_to = '%s' % args.deployment_group_name deployment_group.deploy(location_with_name=save_to, os=args.os, download_type="install", download_format=args.format) print "Deployment package saved to %s.%s" % (save_to, args.format.lower())
def main(): """ Here is what we do: * Parse command arguments. * Fetch all possible types of alerts. * Get an AlertCollection: show/hide muted alerts according to option specified in \ the command, and show all types of alerts. * Check the current amount of alerts. * Periodically check for alerts and print the new ones. """ args = get_args() client = mazerunner.connect(args.ip_address, args.api_key, args.api_secret, args.certificate) # Get alerts alert_types = client.alerts.params()['alert_type'] last_seen_id = 0 print("Showing all alerts live. Press Ctrl+C to exit.") try: while True: time.sleep(WAIT_TIME) alert_filter = client.alerts.filter( filter_enabled=True, only_alerts=not args.show_muted, alert_types=alert_types, id_greater_than=last_seen_id) for alert in alert_filter: print( DISPLAY_FORMAT.format(decoy_name=alert.decoy['name'], alert_type=alert.alert_type)) if alert.id > last_seen_id: last_seen_id = alert.id except KeyboardInterrupt: sys.exit()
def main(): """ Here is what we do: * Parse command arguments. * Fetch all possible types of alerts. * Get an AlertCollection: show/hide muted alerts according to option specified in \ the command, and show all types of alerts. * Check the current amount of alerts. * Periodically check for alerts and print the new ones. """ args = get_args() client = mazerunner.connect(args.ip_address, args.api_key, args.api_secret, args.certificate) # Get alerts alerts = client.alerts alert_types = alerts.params()['alert_type'] filtered_alerts = alerts.filter(filter_enabled=True, only_alerts=not args.show_muted, alert_types=alert_types) print "Showing all alerts live. Press Ctrl+C to exit." last_length = len(list(filtered_alerts)) try: while True: time.sleep(WAIT_TIME) current_length = len(list(filtered_alerts)) if current_length > last_length: alert_list = list(filtered_alerts) for i in range(last_length, current_length): print DISPLAY_FORMAT.format( decoy_name=alert_list[i].decoy['name'], alert_type=alert_list[i].alert_type) last_length = current_length except KeyboardInterrupt: sys.exit()
def main(): """ Here is what we do: * Parse command arguments. * Create MazeRunner connection. * Get a collection of all breadcrumbs. * Delete all elements in the collection. * Same for services. * Same for decoys. """ args = get_args() client = mazerunner.connect(args.ip_address, args.api_key, args.api_secret, args.certificate, False) # delete breadcrumbs: breadcrumbs = client.breadcrumbs print 'deleting %d breadcrumbs' % len(breadcrumbs) _delete_items_in_collection(breadcrumbs) # delete deployment groups: deployment_groups = client.deployment_groups print 'deleting %d deployment groups' % len(deployment_groups) _delete_items_in_collection(deployment_groups, exclude_persist=True) # delete services: services = client.services print 'deleting %d services' % len(services) _delete_items_in_collection(services) # delete decoys: decoys = client.decoys print 'deleting %d decoys' % len(decoys) _delete_items_in_collection(decoys)
def main(): """ Here is what we do: * Parse the command arguments. * Create a decoy named "Backup Server Decoy". * Wait until the decoy is created. * Create an SMB service. * Attach the SMB service to the decoy we previously created. * Load users & passwords data file. * Create breadcrumbs and attach them to the service we previously created. * Start the decoy machine. At the end of this process, we will have a nested (KVM) decoy. On that decoy, we will have an SMB service installed, which will have several SMB users. """ args = get_args() # Connect to the MazeRunner API # The client object holds your session data and allows you to access the MazeRunner resources client = mazerunner.connect(args.ip_address, args.api_key, args.api_secret, args.certificate, False) # Create a decoy # This will create a decoy virtual machine inside MazeRunner. # The decoy acts as a trap, # Any action done on the decoy is monitored and will generate an alert on MazeRunner print "Creating Decoy" decoy = client.decoys.create(name="Backup Server Decoy", hostname="nas-backup-02", os="Ubuntu_1404", vm_type="KVM") while decoy.machine_status != "not_seen": # make sure the decoy was created time.sleep(5) decoy.load() # Create a service # Different services allow you to mimic different resources you have on your network print "Creating service" smb_zip_file = _create_dummy_zip_file() service = client.services.create(name="SMB Serice", service_type="smb", share_name="accounting", zip_file_path=smb_zip_file) os.remove(smb_zip_file) # Connect the service to the decoy # When a service is connected to a decoy, you may access the service on the decoy. # Any such interaction will generate an alert print "Connecting service to decoy" service.connect_to_decoy(decoy.id) with open(args.usernames_file, 'r') as f: data = f.read() usernames = [u.strip() for u in data.split('\n') if u.strip()] if args.passwords: with open(args.passwords, 'r') as f: data = f.read() passwords = [p.strip() for p in data.split('\n') if p.strip()] else: passwords = ['pass', '1234', 'xyz', 'qwerty'] # default common passwords print "Creating Breadcrumbs" for idx, username in enumerate(usernames): # Create breadcrumb # Breadcrumbs can be deployed on endpoints to trick an attacker to interact with a decoy and generate an alert breadcrumb = client.breadcrumbs.create( name="SMB Breadcrumb %d" % idx, breadcrumb_type="netshare", username=username, password=random.choice(passwords)) # Connect the breadrumb to the service # When a breadcrumb is connected to a service, the credential and other information # found in the breadcrumb will be usable with the service breadcrumb.connect_to_service(service.id) # Power the decoy on # After we set up the entire deception chain - its time to power on the decoy! decoy.power_on()