def get_exploited(): exploited_with_monkeys = \ [NodeService.get_displayed_node_by_id(monkey['_id'], True) for monkey in mongo.db.monkey.find({}, {'_id': 1}) if not NodeService.get_monkey_manual_run(NodeService.get_monkey_by_id(monkey['_id']))] exploited_without_monkeys = [ NodeService.get_displayed_node_by_id(node['_id'], True) for node in mongo.db.node.find({'exploited': True}, {'_id': 1}) ] exploited = exploited_with_monkeys + exploited_without_monkeys exploited = [{ 'label': exploited_node['label'], 'ip_addresses': exploited_node['ip_addresses'], 'domain_name': exploited_node['domain_name'], 'exploits': list( set([ ReportService.EXPLOIT_DISPLAY_DICT[exploit['exploiter']] for exploit in exploited_node['exploits'] if exploit['result'] ])) } for exploited_node in exploited] logger.info('Exploited nodes generated for reporting') return exploited
def patch(self, guid): monkey_json = json.loads(request.data) update = {"$set": {'modifytime': datetime.now()}} monkey = NodeService.get_monkey_by_guid(guid) if 'keepalive' in monkey_json: update['$set']['keepalive'] = dateutil.parser.parse( monkey_json['keepalive']) else: update['$set']['keepalive'] = datetime.now() if 'config' in monkey_json: update['$set']['config'] = monkey_json['config'] if 'config_error' in monkey_json: update['$set']['config_error'] = monkey_json['config_error'] if 'tunnel' in monkey_json: tunnel_host_ip = monkey_json['tunnel'].split(":")[-2].replace( "//", "") NodeService.set_monkey_tunnel(monkey["_id"], tunnel_host_ip) ttl = create_monkey_ttl_document( DEFAULT_MONKEY_TTL_EXPIRY_DURATION_IN_SECONDS) update['$set']['ttl_ref'] = ttl.id return mongo.db.monkey.update({"_id": monkey["_id"]}, update, upsert=False)
def get_scanned(): formatted_nodes = [] nodes = \ [NodeService.get_displayed_node_by_id(node['_id'], True) for node in mongo.db.node.find({}, {'_id': 1})] \ + [NodeService.get_displayed_node_by_id(monkey['_id'], True) for monkey in mongo.db.monkey.find({}, {'_id': 1})] for node in nodes: formatted_nodes.append({ 'label': node['label'], 'ip_addresses': node['ip_addresses'], 'accessible_from_nodes': list((x['hostname'] for x in ( NodeService.get_displayed_node_by_id(edge['from'], True) for edge in EdgeService.get_displayed_edges_by_to( node['id'], True)))), 'services': node['services'], 'domain_name': node['domain_name'] }) logger.info('Scanned nodes generated for reporting') return formatted_nodes
def _get_infected_island_net_edges(monkey_island_monkey): existing_ids = [ x.src_node_id for x in EdgeService.get_by_dst_node( dst_node_id=monkey_island_monkey["_id"]) ] monkey_ids = [ x.id for x in Monkey.objects() if ("tunnel" not in x) and (x.id not in existing_ids) and ( x.id != monkey_island_monkey["_id"]) ] edges = [] count = 0 for monkey_id in monkey_ids: count += 1 # generating fake ID, because front end requires unique ID's for each edge. Collision # improbable fake_id = ObjectId(hex(count)[2:].zfill(24)) src_label = NodeService.get_label_for_endpoint(monkey_id) dst_label = NodeService.get_label_for_endpoint( monkey_island_monkey["_id"]) edge = DisplayedEdgeService.generate_pseudo_edge( edge_id=fake_id, src_node_id=monkey_id, dst_node_id=monkey_island_monkey["_id"], src_label=src_label, dst_label=dst_label, ) edges.append(edge) return edges
def process_tunnel_telemetry(telemetry_json): check_tunneling_violation(telemetry_json) monkey_id = NodeService.get_monkey_by_guid(telemetry_json["monkey_guid"])["_id"] if telemetry_json["data"]["proxy"] is not None: tunnel_host_ip = get_tunnel_host_ip_from_proxy_field(telemetry_json) NodeService.set_monkey_tunnel(monkey_id, tunnel_host_ip) else: NodeService.unset_all_monkey_tunnels(monkey_id)
def get_all_net_nodes(): monkeys = NetNodeService._get_monkey_net_nodes() nodes = NetNodeService._get_standard_net_nodes() if NodeService.get_monkey_island_monkey() is None: monkey_island = [NodeService.get_monkey_island_pseudo_net_node()] else: monkey_island = [] return monkeys + nodes + monkey_island
def get_tunnels(): return [ { 'type': 'tunnel', 'machine': NodeService.get_node_hostname(NodeService.get_node_or_monkey_by_id(tunnel['_id'])), 'dest': NodeService.get_node_hostname(NodeService.get_node_or_monkey_by_id(tunnel['tunnel'])) } for tunnel in mongo.db.monkey.find({'tunnel': {'$exists': True}}, {'tunnel': 1})]
def get(self): NodeService.update_dead_monkeys() island_monkey = NodeService.get_monkey_island_monkey() if island_monkey is not None: is_monkey_running = not Monkey.get_single_monkey_by_id(island_monkey["_id"]).is_dead() else: is_monkey_running = False return jsonify(is_running=is_monkey_running)
def update_node_credentials_from_successful_attempts(edge: EdgeService, telemetry_json): for attempt in telemetry_json["data"]["attempts"]: if attempt["result"]: found_creds = {"user": attempt["user"]} for field in ["password", "lm_hash", "ntlm_hash", "ssh_key"]: if len(attempt[field]) != 0: found_creds[field] = attempt[field] NodeService.add_credentials_to_node(edge.dst_node_id, found_creds)
def get_all_displayed_nodes(): nodes_without_monkeys = [ NodeService.get_displayed_node_by_id(node['_id'], True) for node in mongo.db.node.find({}, {'_id': 1}) ] nodes_with_monkeys = [ NodeService.get_displayed_node_by_id(monkey['_id'], True) for monkey in mongo.db.monkey.find({}, {'_id': 1}) ] nodes = nodes_without_monkeys + nodes_with_monkeys return nodes
def update_network_with_exploit(edge: EdgeService, telemetry_json): telemetry_json["data"]["info"]["started"] = dateutil.parser.parse( telemetry_json["data"]["info"]["started"]) telemetry_json["data"]["info"]["finished"] = dateutil.parser.parse( telemetry_json["data"]["info"]["finished"]) new_exploit = copy.deepcopy(telemetry_json["data"]) new_exploit.pop("machine") new_exploit["timestamp"] = telemetry_json["timestamp"] edge.update_based_on_exploit(new_exploit) if new_exploit["result"]: NodeService.set_node_exploited(edge.dst_node_id)
def get_tunnels(): return [ { "type": "tunnel", "machine": NodeService.get_node_hostname( NodeService.get_node_or_monkey_by_id(tunnel["_id"]) ), "dest": NodeService.get_node_hostname( NodeService.get_node_or_monkey_by_id(tunnel["tunnel"]) ), } for tunnel in mongo.db.monkey.find({"tunnel": {"$exists": True}}, {"tunnel": 1}) ]
def get_exploit_info_by_dict(class_name: str, exploit_dict: dict) -> ExploiterReportInfo: ip_addr = exploit_dict["data"]["machine"]["ip_addr"] machine = NodeService.get_node_hostname( NodeService.get_node_or_monkey_by_ip(ip_addr)) port = exploit_dict["data"]["info"]["vulnerable_service"]["port"] service = exploit_dict["data"]["info"]["vulnerable_service"][ "service_name"] return ExploiterReportInfo(ip_address=ip_addr, machine=machine, type=class_name, port=port, service=service)
def get_edge_by_scan_or_exploit_telemetry(telemetry_json): dst_ip = telemetry_json["data"]["machine"]["ip_addr"] dst_domain_name = telemetry_json["data"]["machine"]["domain_name"] src_monkey = NodeService.get_monkey_by_guid(telemetry_json["monkey_guid"]) dst_node = NodeService.get_monkey_by_ip(dst_ip) if dst_node is None: dst_node = NodeService.get_or_create_node(dst_ip, dst_domain_name) src_label = NodeService.get_label_for_endpoint(src_monkey["_id"]) dst_label = NodeService.get_label_for_endpoint(dst_node["_id"]) return EdgeService.get_or_create_edge(src_monkey["_id"], dst_node["_id"], src_label, dst_label)