def run(self):
self.config = self.parse_args(sys.argv[1:])
case_logger = case.Logger(add_handler=True, verbose=self.config.verbose)
case_logger.event_to_logs("Parsing successful proceeding to incident plan.")
compromise_object = None
if self.config.func == 'host_compromise':
hc = host.Compromise(
user = self.config.user,
ssh_key_file = self.config.ssh_key,
compromised_host_ip = self.config.instance_ip,
prog = self.prog,
case = case.Case(
self.config.case_number,
self.config.examiner_cidr_range,
self.config.bucket_name
),
logger = case_logger
)
compromise_object = hc
try:
hc.mitigate()
except KeyboardInterrupt:
pass
elif self.config.func == 'key_compromise':
kc = key.Compromise(
self.config.examiner_cidr_range,
self.config.access_key_id,
case = case.Case(
self.config.case_number,
self.config.examiner_cidr_range,
self.config.bucket_name
),
logger = case_logger
)
compromise_object = kc
try:
kc.mitigate()
except KeyboardInterrupt:
pass
def run(self):
self.config = self.parse_args(sys.argv[1:])
case_obj = case.Case(self.config.case_number,
self.config.examiner_cidr_range,
self.config.bucket_name)
if self.config.verbose:
log_level = logging.DEBUG
else:
log_level = logging.INFO
aws_ir.set_stream_logger(level=log_level)
aws_ir.set_file_logger(case_obj.case_number, level=log_level)
logger = logging.getLogger(__name__)
aws_ir.wrap_log_file(case_obj.case_number)
logger.info("Initialization successful proceeding to incident plan.")
compromise_object = None
if self.config.func == 'instance_compromise':
hc = host.Compromise(user=self.config.user,
ssh_key_file=self.config.ssh_key,
compromised_host_ip=self.config.instance_ip,
prog=self.prog,
case=case_obj)
compromise_object = hc
try:
hc.mitigate()
except KeyboardInterrupt:
pass
elif self.config.func == 'key_compromise':
kc = key.Compromise(self.config.examiner_cidr_range,
self.config.access_key_id,
case=case_obj)
compromise_object = kc
try:
kc.mitigate()
except KeyboardInterrupt:
pass
def run(self):
self.config = self.parse_args(sys.argv[1:])
case_obj = case.Case(self.config.case_number,
self.config.examiner_cidr_range,
self.config.bucket_name, self.config.profile)
if self.config.verbose:
log_level = logging.DEBUG
else:
log_level = logging.INFO
aws_ir.set_stream_logger(level=log_level)
aws_ir.set_file_logger(case_obj.case_number, level=log_level)
logger = logging.getLogger(__name__)
aws_ir.wrap_log_file(case_obj.case_number)
logger.info("Initialization successful proceeding to incident plan.")
if self.config.func == 'instance_compromise':
if self.config.target:
case_obj.prep_aws_connections()
hc = host.Compromise(user=self.config.user,
ssh_key_file=self.config.ssh_key,
target=self.config.target,
prog=self.prog,
case=case_obj,
steps=self.config.plugins)
try:
hc.mitigate()
except KeyboardInterrupt:
pass
if self.config.targets:
logger.info(
'Alert : multi-host mode engaged targets in file will attempt processing.'
)
batch_file = os.path.abspath(self.config.targets)
with open(batch_file) as f:
targets = f.read().split('\n')
for target in targets:
if target is not '':
hc = host.Compromise(user=self.config.user,
ssh_key_file=self.config.ssh_key,
target=target,
prog=self.prog,
case=case_obj,
steps=self.config.plugins)
try:
logger.info(
"Attempting processing instance {i}".format(
i=target))
hc.mitigate()
except KeyboardInterrupt:
pass
elif self.config.func == 'key_compromise':
kc = key.Compromise(
examiner_cidr_range=self.config.examiner_cidr_range,
compromised_access_key_id=self.config.access_key_id,
region='us-west-2',
case=case_obj,
steps=self.config.plugins)
try:
kc.mitigate()
except KeyboardInterrupt:
pass