Merge pull request #1699 from guardicore/1669-remove-scoutsuite-integration

Remove scoutsuite

Author: shreyamalviya

CHANGELOG.md

@@ -42,6 +42,7 @@ Changelog](https://keepachangelog.com/en/1.0.0/).
 - MySQL fingerprinter. #1648
 - MS08-067 (Conficker) exploiter. #1677
 - Agent bootloader. #1676
+- Zero Trust integration with ScoutSuite. #1669
 
 ### Fixed
 - A bug in network map page that caused delay of telemetry log loading. #1545

docs/content/reference/operating_systems_support.md

@@ -4,7 +4,7 @@ date: 2020-07-14T08:09:53+03:00
 draft: false
 pre: '<i class="fas fa-laptop"></i> '
 weight: 10
-tags: ["setup", "reference", "windows", "linux"] 
+tags: ["setup", "reference", "windows", "linux"]
 ---
 
 The Infection Monkey project supports many popular OSes (but we are always interested in supporting more).

docs/content/usage/integrations/scoutsuite.md

@@ -11,8 +11,6 @@ weight: 1
 Want to assess your progress in achieving a Zero Trust network? The Infection Monkey can automatically evaluate your readiness across the different
 [Zero Trust Extended Framework](https://www.forrester.com/report/The+Zero+Trust+eXtended+ZTX+Ecosystem/-/E-RES137210) principles.
 
-You can additionally scan your cloud infrastructure's compliance to ZeroTrust principles using [ScoutSuite integration.]({{< ref "/usage/integrations/scoutsuite" >}})
-
 ## Configuration
 
 - **Exploits -> Credentials** This configuration value will be used for brute-forcing. The Infection Monkey uses the most popular default passwords and usernames, but feel free to adjust it according to the default passwords common in your network. Keep in mind a longer list means longer scanning times.

docs/content/usage/scenarios/custom-scenario/zero-trust.md

@@ -1,4 +1,5 @@
 import logging
+import time
 
 from common.cloud.aws.aws_service import AwsService
 from common.cmd.aws.aws_cmd_result import AwsCmdResult
@@ -20,6 +21,7 @@ def __init__(self, is_linux, instance_id, region=None):
         self.ssm = AwsService.get_client("ssm", region)
 
     def query_command(self, command_id):
+        time.sleep(2)
         return self.ssm.get_command_invocation(CommandId=command_id, InstanceId=self.instance_id)
 
     def get_command_result(self, command_info):

monkey/common/cloud/scoutsuite_consts.py

@@ -2,7 +2,6 @@ class TelemCategoryEnum:
     EXPLOIT = "exploit"
     POST_BREACH = "post_breach"
     SCAN = "scan"
-    SCOUTSUITE = "scoutsuite"
     STATE = "state"
     SYSTEM_INFO = "system_info"
     TRACE = "trace"

monkey/common/cmd/aws/aws_cmd_runner.py

@@ -41,13 +41,6 @@
 TEST_SEGMENTATION = "segmentation"
 TEST_TUNNELING = "tunneling"
 TEST_COMMUNICATE_AS_BACKDOOR_USER = "communicate_as_backdoor_user"
-TEST_SCOUTSUITE_PERMISSIVE_FIREWALL_RULES = "scoutsuite_permissive_firewall_rules"
-TEST_SCOUTSUITE_UNENCRYPTED_DATA = "scoutsuite_unencrypted_data"
-TEST_SCOUTSUITE_DATA_LOSS_PREVENTION = "scoutsuite_data_loss_prevention"
-TEST_SCOUTSUITE_SECURE_AUTHENTICATION = "scoutsuite_secure_authentication"
-TEST_SCOUTSUITE_RESTRICTIVE_POLICIES = "scoutsuite_unrestrictive_policies"
-TEST_SCOUTSUITE_LOGGING = "scoutsuite_logging"
-TEST_SCOUTSUITE_SERVICE_SECURITY = "scoutsuite_service_security"
 
 TESTS = (
     TEST_SEGMENTATION,
@@ -59,13 +52,6 @@
     TEST_DATA_ENDPOINT_ELASTIC,
     TEST_TUNNELING,
     TEST_COMMUNICATE_AS_BACKDOOR_USER,
-    TEST_SCOUTSUITE_PERMISSIVE_FIREWALL_RULES,
-    TEST_SCOUTSUITE_UNENCRYPTED_DATA,
-    TEST_SCOUTSUITE_DATA_LOSS_PREVENTION,
-    TEST_SCOUTSUITE_SECURE_AUTHENTICATION,
-    TEST_SCOUTSUITE_RESTRICTIVE_POLICIES,
-    TEST_SCOUTSUITE_LOGGING,
-    TEST_SCOUTSUITE_SERVICE_SECURITY,
 )
 
 PRINCIPLE_DATA_CONFIDENTIALITY = "data_transit"
@@ -219,77 +205,6 @@
         PILLARS_KEY: [PEOPLE, NETWORKS, VISIBILITY_ANALYTICS],
         POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED, STATUS_PASSED],
     },
-    TEST_SCOUTSUITE_PERMISSIVE_FIREWALL_RULES: {
-        TEST_EXPLANATION_KEY: "ScoutSuite assessed cloud firewall rules and settings.",
-        FINDING_EXPLANATION_BY_STATUS_KEY: {
-            STATUS_FAILED: "ScoutSuite found overly permissive firewall rules.",
-            STATUS_PASSED: "ScoutSuite found no problems with cloud firewall rules.",
-        },
-        PRINCIPLE_KEY: PRINCIPLE_RESTRICTIVE_NETWORK_POLICIES,
-        PILLARS_KEY: [NETWORKS],
-        POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED, STATUS_PASSED],
-    },
-    TEST_SCOUTSUITE_UNENCRYPTED_DATA: {
-        TEST_EXPLANATION_KEY: "ScoutSuite searched for resources containing " "unencrypted data.",
-        FINDING_EXPLANATION_BY_STATUS_KEY: {
-            STATUS_FAILED: "ScoutSuite found resources with unencrypted data.",
-            STATUS_PASSED: "ScoutSuite found no resources with unencrypted data.",
-        },
-        PRINCIPLE_KEY: PRINCIPLE_DATA_CONFIDENTIALITY,
-        PILLARS_KEY: [DATA],
-        POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED, STATUS_PASSED],
-    },
-    TEST_SCOUTSUITE_DATA_LOSS_PREVENTION: {
-        TEST_EXPLANATION_KEY: "ScoutSuite searched for resources which are not "
-        "protected against data loss.",
-        FINDING_EXPLANATION_BY_STATUS_KEY: {
-            STATUS_FAILED: "ScoutSuite found resources not protected against data loss.",
-            STATUS_PASSED: "ScoutSuite found that all resources are secured against data loss.",
-        },
-        PRINCIPLE_KEY: PRINCIPLE_DISASTER_RECOVERY,
-        PILLARS_KEY: [DATA],
-        POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED, STATUS_PASSED],
-    },
-    TEST_SCOUTSUITE_SECURE_AUTHENTICATION: {
-        TEST_EXPLANATION_KEY: "ScoutSuite searched for issues related to users' " "authentication.",
-        FINDING_EXPLANATION_BY_STATUS_KEY: {
-            STATUS_FAILED: "ScoutSuite found issues related to users' authentication.",
-            STATUS_PASSED: "ScoutSuite found no issues related to users' authentication.",
-        },
-        PRINCIPLE_KEY: PRINCIPLE_SECURE_AUTHENTICATION,
-        PILLARS_KEY: [PEOPLE, WORKLOADS],
-        POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED, STATUS_PASSED],
-    },
-    TEST_SCOUTSUITE_RESTRICTIVE_POLICIES: {
-        TEST_EXPLANATION_KEY: "ScoutSuite searched for permissive user access " "policies.",
-        FINDING_EXPLANATION_BY_STATUS_KEY: {
-            STATUS_FAILED: "ScoutSuite found permissive user access policies.",
-            STATUS_PASSED: "ScoutSuite found no issues related to user access policies.",
-        },
-        PRINCIPLE_KEY: PRINCIPLE_USERS_MAC_POLICIES,
-        PILLARS_KEY: [PEOPLE, WORKLOADS],
-        POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED, STATUS_PASSED],
-    },
-    TEST_SCOUTSUITE_LOGGING: {
-        TEST_EXPLANATION_KEY: "ScoutSuite searched for issues, related to logging.",
-        FINDING_EXPLANATION_BY_STATUS_KEY: {
-            STATUS_FAILED: "ScoutSuite found logging issues.",
-            STATUS_PASSED: "ScoutSuite found no logging issues.",
-        },
-        PRINCIPLE_KEY: PRINCIPLE_MONITORING_AND_LOGGING,
-        PILLARS_KEY: [AUTOMATION_ORCHESTRATION, VISIBILITY_ANALYTICS],
-        POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED, STATUS_PASSED],
-    },
-    TEST_SCOUTSUITE_SERVICE_SECURITY: {
-        TEST_EXPLANATION_KEY: "ScoutSuite searched for service security issues.",
-        FINDING_EXPLANATION_BY_STATUS_KEY: {
-            STATUS_FAILED: "ScoutSuite found service security issues.",
-            STATUS_PASSED: "ScoutSuite found no service security issues.",
-        },
-        PRINCIPLE_KEY: PRINCIPLE_MONITORING_AND_LOGGING,
-        PILLARS_KEY: [DEVICES, NETWORKS],
-        POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED, STATUS_PASSED],
-    },
 }
 
 EVENT_TYPE_MONKEY_NETWORK = "monkey_network"

monkey/common/common_consts/telem_categories.py

@@ -3,19 +3,6 @@
 from urllib.parse import urlparse
 
 
-def get_host_from_network_location(network_location: str) -> str:
-    """
-    URL structure is "<scheme>://<net_loc>/<path>;<params>?<query>#<fragment>" (
-    https://tools.ietf.org/html/rfc1808.html)
-    And the net_loc is "<user>:<password>@<host>:<port>" (
-    https://tools.ietf.org/html/rfc1738#section-3.1)
-    :param network_location:  server network location
-    :return:  host part of the network location
-    """
-    url = urlparse("http://" + network_location)
-    return str(url.hostname)
-
-
 def remove_port(url):
     parsed = urlparse(url)
     with_port = f"{parsed.scheme}://{parsed.netloc}"

monkey/common/common_consts/zero_trust_consts.py

@@ -22,10 +22,6 @@ class IncorrectCredentialsError(Exception):
     """ Raise to indicate that authentication failed """
 
 
-class RulePathCreatorNotFound(Exception):
-    """ Raise to indicate that ScoutSuite rule doesn't have a path creator"""
-
-
 class InvalidAWSKeys(Exception):
     """ Raise to indicate that AWS API keys are invalid"""
 
@@ -34,10 +30,6 @@ class NoInternetError(Exception):
     """ Raise to indicate problems caused when no internet connection is present"""
 
 
-class ScoutSuiteScanError(Exception):
-    """ Raise to indicate problems ScoutSuite encountered during scanning"""
-
-
 class UnknownFindingError(Exception):
     """ Raise when provided finding is of unknown type"""
 

monkey/common/network/network_utils.py

@@ -18,7 +18,6 @@ pypykatz = "==0.3.12"
 requests = ">=2.24"
 urllib3 = "==1.26.5"
 WMI = {version = "==1.5.1", sys_platform = "== 'win32'"}
-ScoutSuite = {git = "git://github.com/guardicode/ScoutSuite"}
 pyopenssl = "==19.0.0" # We can't build 32bit ubuntu12 binary with newer versions of pyopenssl
 pypsrp = "*"
 typing-extensions = "*" # Allows us to use 3.9 typing features on 3.7 project