def get_report_data():
data = {'title': T1003.technique_title()}
if mongo.db.telemetry.count_documents(T1003.query):
status = ScanStatus.USED.value
else:
status = ScanStatus.UNSCANNED.value
data.update(T1003.get_message_and_status(status))
data.update(T1003.get_mitigation_by_status(status))
data['stolen_creds'] = ReportService.get_stolen_creds()
data['stolen_creds'].extend(ReportService.get_ssh_keys())
return data
def safe_generate_regular_report():
# Local import to avoid circular imports
from monkey_island.cc.services.reporting.report import ReportService
__regular_report_generating_lock.acquire()
report = ReportService.generate_report()
__regular_report_generating_lock.release()
return report
def test_get_stolen_creds_no_creds(fake_mongo):
fake_mongo.db.telemetry.insert_one(NO_CREDS_TELEMETRY_TELEM)
stolen_creds_no_creds = ReportService.get_stolen_creds()
expected_stolen_creds_no_creds = []
assert expected_stolen_creds_no_creds == stolen_creds_no_creds
def get_report_data():
@T1003.is_status_disabled
def get_technique_status_and_data():
if mongo.db.telemetry.count_documents(T1003.query):
status = ScanStatus.USED.value
else:
status = ScanStatus.UNSCANNED.value
return (status, [])
data = {"title": T1003.technique_title()}
status, _ = get_technique_status_and_data()
data.update(T1003.get_message_and_status(status))
data.update(T1003.get_mitigation_by_status(status))
data["stolen_creds"] = ReportService.get_stolen_creds()
data["stolen_creds"].extend(ReportService.get_ssh_keys())
return data
def get(self, **kw):
try:
logger.warning(
"Trying to clear caches! Make sure this is not production")
ReportService.delete_saved_report_if_exists()
AttackReportService.delete_saved_report_if_exists()
# TODO: Monkey.clear_caches(), clear LRU caches of function in the Monkey object
except RuntimeError as e:
logger.exception(e)
flask_restful.abort(500, error_info=str(e))
if ReportService.is_report_generated(
) or AttackReportService.is_report_generated():
logger.error(NOT_ALL_REPORTS_DELETED)
flask_restful.abort(500, error_info=NOT_ALL_REPORTS_DELETED)
return {"success": "true"}
def _on_finished_infection():
# Checking is_report_being_generated here, because we don't want to wait to generate a
# report; rather,
# we want to skip and reply.
if not is_report_being_generated() and not ReportService.is_latest_report_exists():
safe_generate_reports()
if ConfigService.is_test_telem_export_enabled() and not TestTelemStore.TELEMS_EXPORTED:
TestTelemStore.export_telems()
def get_propagation_stats() -> Dict:
scanned = ReportService.get_scanned()
exploited = get_monkey_exploited()
return {
"num_scanned_nodes": len(scanned),
"num_exploited_nodes": len(exploited),
"num_exploited_per_exploit": _get_exploit_counts(exploited),
}
def get_completed_steps(self):
is_any_exists = NodeService.is_any_monkey_exists()
infection_done = NodeService.is_monkey_finished_running()
if infection_done:
# Checking is_report_being_generated here, because we don't want to wait to generate a report; rather,
# we want to skip and reply.
if not is_report_being_generated(
) and not ReportService.is_latest_report_exists():
safe_generate_reports()
report_done = ReportService.is_report_generated()
else: # Infection is not done
report_done = False
return dict(run_server=True,
run_monkey=is_any_exists,
infection_done=infection_done,
report_done=report_done)
def test_get_stolen_creds_exploit(fake_mongo):
fake_mongo.db.telemetry.insert_one(EXPLOIT_TELEMETRY_TELEM)
stolen_creds_exploit = ReportService.get_stolen_creds()
expected_stolen_creds_exploit = [
{"origin": VICTIM_DOMAIN_NAME, "type": "LM hash", "username": USER},
{"origin": VICTIM_DOMAIN_NAME, "type": "NTLM hash", "username": USER},
]
assert expected_stolen_creds_exploit == stolen_creds_exploit
def test_get_stolen_creds_system_info(fake_mongo):
fake_mongo.db.monkey.insert_one(MONKEY_TELEM)
save_telemetry(SYSTEM_INFO_TELEMETRY_TELEM)
stolen_creds_system_info = ReportService.get_stolen_creds()
expected_stolen_creds_system_info = [
{"origin": HOSTNAME, "type": "Clear Password", "username": USER},
{"origin": HOSTNAME, "type": "LM hash", "username": USER},
{"origin": HOSTNAME, "type": "NTLM hash", "username": USER},
]
assert expected_stolen_creds_system_info == stolen_creds_system_info
def get_completed_steps():
is_any_exists = NodeService.is_any_monkey_exists()
infection_done = NodeService.is_monkey_finished_running()
if infection_done:
InfectionLifecycle._on_finished_infection()
report_done = ReportService.is_report_generated()
else: # Infection is not done
report_done = False
return dict(run_server=True,
run_monkey=is_any_exists,
infection_done=infection_done,
report_done=report_done)
def get(self, report_type=SECURITY_REPORT_TYPE, report_data=None):
if report_type == SECURITY_REPORT_TYPE:
return ReportService.get_report()
elif report_type == ZERO_TRUST_REPORT_TYPE:
if report_data == REPORT_DATA_PILLARS:
return jsonify({
"statusesToPillars": ZeroTrustService.get_statuses_to_pillars(),
"pillarsToStatuses": ZeroTrustService.get_pillars_to_statuses(),
"grades": ZeroTrustService.get_pillars_grades()
}
)
elif report_data == REPORT_DATA_PRINCIPLES_STATUS:
return jsonify(ZeroTrustService.get_principles_status())
elif report_data == REPORT_DATA_FINDINGS:
return jsonify(ZeroTrustService.get_all_findings())
flask_restful.abort(http.client.NOT_FOUND)
def get_report_data():
data = {'title': T1136.technique_title()}
scanned_nodes = ReportService.get_scanned()
status = ScanStatus.UNSCANNED.value
for node in scanned_nodes:
if node['pba_results'] != 'None':
for pba in node['pba_results']:
if pba['name'] in [POST_BREACH_BACKDOOR_USER,
POST_BREACH_COMMUNICATE_AS_NEW_USER]:
status = ScanStatus.USED.value if pba['result'][1]\
else ScanStatus.SCANNED.value
data.update({
'info': [{
'machine': {
'hostname': pba['hostname'],
'ips': node['ip_addresses'],
},
'result': ': '.join([pba['name'], pba['result'][0]])
}]
})
data.update(T1136.get_base_data_by_status(status))
return data
def get(self):
return ReportService.get_report()
