Merge branch 'release/2.1.0'

Release Infection Monkey v2.1.0

Author: mssalvatore

.github/PULL_REQUEST_TEMPLATE.md

@@ -14,6 +14,8 @@ Add any further explanations here.
 ## Testing Checklist
 
 * [ ] Added relevant unit tests?
-* [ ] Have you successfully tested your changes locally? Elaborate:
+* [ ] Do all unit tests pass?
+* [ ] Do all end-to-end tests pass?
+* [ ] Any other testing performed?
     > Tested by {Running the Monkey locally with relevant config/running Island/...}
 * [ ] If applicable, add screenshots or log transcripts of the feature working

.pre-commit-config.yaml

@@ -1,7 +1,7 @@
 default_stages: [commit]
 repos:
   - repo: https://github.com/pycqa/isort
-    rev: 5.10.1
+    rev: 5.12.0
     hooks:
       - id: isort
         name: isort (python)
@@ -12,16 +12,16 @@ repos:
         name: isort (pyi)
         types: [pyi]
   - repo: https://github.com/psf/black
-    rev: 22.3.0
+    rev: 23.1.0
     hooks:
       - id: black
-  - repo: https://gitlab.com/pycqa/flake8
-    rev: 4.0.1
+  - repo: https://github.com/PyCQA/flake8
+    rev: 6.0.0
     hooks:
       - id: flake8
         additional_dependencies: [dlint]
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.1.0
+    rev: v4.4.0
     hooks:
       - id: check-added-large-files
       - id: check-case-conflict
@@ -31,19 +31,19 @@ repos:
       - id: end-of-file-fixer
       - id: trailing-whitespace
   - repo: https://github.com/eslint/eslint
-    rev: v8.12.0
+    rev: v8.35.0
     hooks:
       - id: eslint
         args: ["monkey/monkey_island/cc/ui/src/", "--fix", "--max-warnings=0"]
   - repo: https://github.com/pre-commit/mirrors-mypy
-    rev: v0.971
+    rev: v1.0.1
     hooks:
       - id: mypy
         additional_dependencies: [types-ipaddress, types-paramiko, types-python-dateutil, types-pytz, types-PyYAML, types-requests]
         exclude: "vulture_allowlist.py"
-        args: [--ignore-missing-imports]
+        args: [--ignore-missing-imports, --check-untyped-defs]
   - repo: https://github.com/koalaman/shellcheck-precommit
-    rev: v0.7.2
+    rev: v0.9.0
     hooks:
     -   id: shellcheck
   - repo: local
@@ -56,6 +56,10 @@ repos:
         exclude: "monkey/monkey_island/cc/ui"
         stages: [push]
   - repo: https://github.com/jendrikseipp/vulture
-    rev: v2.3
+    rev: v2.7
     hooks:
       - id: vulture
+  - repo: https://github.com/mssalvatore/merge-issue-number-hook
+    rev: v1.0.0
+    hooks:
+      - id: merge-issue-number

.travis.yml

@@ -15,7 +15,7 @@ jobs:
     - name: "Monkey Linux"
       language: python
       python:
-        - 3.7
+        - 3.11
       os: linux
       dist: focal
       vm:
@@ -76,7 +76,7 @@ jobs:
         ## run unit tests and generate coverage data
         - cd monkey  # this is our source dir
         - pip install pytest-xdist
-        - python -m pytest -n auto --dist loadscope --cov=. # have to use `python -m pytest` instead of `pytest` to add "{$builddir}/monkey/monkey" to sys.path.
+        - python -m pytest -n auto --dist worksteal --cov=. # have to use `python -m pytest` instead of `pytest` to add "{$builddir}/monkey/monkey" to sys.path.
 
         # check js code. the npm install must happen after the flake8 because the node_modules folder will cause a lot of errors.
         - cd monkey_island/cc/ui
@@ -99,12 +99,12 @@ jobs:
       vm:
         size: x-large
       before_install:
-        - choco install python --version=3.7.9
+        - choco install python --version=3.11
         - python -m pip install -U pip setuptools virtualenv
         - python -m virtualenv $HOME/venv
         - source $HOME/venv/Scripts/activate
       env:
-        PATH=/c/Python37:/c/Python37/Scripts:$PATH
+        PATH=/c/Python311:/c/Python311/Scripts:$PATH
       cache:
         pip: true
         directories:
@@ -113,7 +113,7 @@ jobs:
       install:
         # Python
         - nproc
-        - pip install pipenv==2022.7.4
+        - pip install pipenv
           # Install island and monkey requirements as they are needed by UT's
         - pushd monkey/monkey_island
         - pipenv sync --dev  # This installs dependencies from lock
@@ -126,7 +126,7 @@ jobs:
         ## run unit tests and generate coverage data
         - cd monkey  # this is our source dir
         - pip install pytest-xdist
-        - python -m pytest -n auto --dist loadscope
+        - python -m pytest -n auto --dist worksteal
 
 
 notifications:

CHANGELOG.md

@@ -5,6 +5,44 @@ file.
 The format is based on [Keep a
 Changelog](https://keepachangelog.com/en/1.0.0/).
 
+## [2.1.0] - 2023-04-19
+### Added
+- Logout button. #3063
+- An option to the Hadoop exploiter to try all discovered HTTP ports. #2136
+- `GET /api/agent-otp`. #3076
+- `POST /api/agent-otp-login` endpoint. #3076
+- A smarter brute-forcing strategy for SMB exploiter. #3039
+- `POST /api/refresh-authentication-token` endpoint that allows refreshing of
+  the access token. #3181
+
+### Changed
+- Migrated the hard-coded SMB exploiter to a plugin. #2952
+- Python version from 3.7 to 3.11.2. #2705
+- MSI installer is now build with InnoSetup. #1911
+
+### Fixed
+- A UI deficiency where invalid configurations could be submitted to the
+  backend. #1301, #2989
+- Notification spam bug. #2731
+- Agent propagator crashes if exploiters malfunction. #2992
+- Configuration order not preserved in debugging output. #2860
+- A bug in the Hadoop exploiter that resulted in speculative execution of
+  multiple agents. #2758
+- Formatting of the manual run command when copy/pasting from the web UI. #3115
+- A bug where plugins received an incorrect agent ID. #3119
+- Random logouts when the UI is being actively used. #2049, #3079, #3137
+
+### Security
+- Fixed plaintext private key in SSHKey pair list in UI. #2950
+- Upgraded MongoDB version from 4.x to 6.0.4. #2706
+- Replaced the `SystemSingleton` component, which could allow local users to
+  execute a DoS attack against agents. #2817
+- Replaced our bespoke authentication solution with `flask-security-too`.
+  #2049, #2157, #3078, #3138
+- Enforced access control around sensitive API endpoints. #2049, #2157
+- Upgraded 3rd-party dependencies. #2705, #2970, #2865, #3125
+- Fixed a potential XSS issue in exploiter plugins. #3081
+
 ## [2.0.0] - 2023-02-08
 ### Added
 - `credentials.json` file for storing Monkey Island user login information. #1206

README.md

@@ -20,16 +20,6 @@ The Infection Monkey is comprised of two parts:
 
 To read more about the Monkey, visit [akamai.com/infectionmonkey](https://www.akamai.com/infectionmonkey).
 
-## 💥 We're Hiring 💥
-We are looking for a software engineering manager with a passion for UX and
-cybersecurity to join the Infection Monkey development team. This is a remote
-position and is open anywhere in Israel. You can learn more about Infection
-Monkey on our [website](https://www.akamai.com/infectionmonkey).
-
-For more information, or to apply, see the official job post:
-  - [Israel](https://akamaicareers.inflightcloud.com/jobdetails/aka_ext/028224?section=aka_ext&job=028224)
-
-
 
 ## Screenshots
 

build_scripts/.gitignore

@@ -0,0 +1 @@
+agent-dist/

build_scripts/README.md

@@ -44,5 +44,19 @@ NOTE: This script is intended to be run from a clean VM. You can also manually
 remove build artifacts by running `docker/clean.sh`
 
 ### Running the Docker Image
-The build script will produce a `.tgz` file in `./dist/`. See
-`docker/DOCKER_README.md` for instructions on running the docker image.
+The build script will produce a `.tgz` file in `./dist/`.
+To load the `.tgz` file:
+
+1. Extract the Monkey Island Docker tarball:
+    ```bash
+    tar -xvzf InfectionMonkey-docker-v2.0.0.tgz
+    ```
+
+1. Load the Monkey Island Docker image:
+
+    ```bash
+    sudo docker load -i InfectionMonkey-docker-v2.0.0.tar
+    ```
+
+For more information on how to run your local Monkey Island Docker image,  see
+[https://techdocs.akamai.com/infection-monkey/docs/docker/](https://techdocs.akamai.com/infection-monkey/docs/docker/).

build_scripts/appimage/AppRun

@@ -5,11 +5,6 @@ self="$(readlink -f -- $0)"
 here="${self%/*}"
 APPDIR="${APPDIR:-${here}}"
 
-# Export TCl/Tk
-export TCL_LIBRARY="${APPDIR}/usr/share/tcltk/tcl8.4"
-export TK_LIBRARY="${APPDIR}/usr/share/tcltk/tk8.4"
-export TKPATH="${TK_LIBRARY}"
-
 # Export SSL certificate
 export SSL_CERT_FILE="${APPDIR}/opt/_internal/certs.pem"
 
@@ -24,12 +19,12 @@ do
     if [[ "${opt}" =~ "I" ]] || [[ "${opt}" =~ "E" ]]; then
         # Environment variables are disabled ($PYTHONHOME). Let's run in a safe
         # mode from the raw Python binary inside the AppImage
-        "$APPDIR/opt/python3.7/bin/python3.7" "$@"
+        "$APPDIR/opt/python3.11/bin/python3.11" "$@"
         exit "$?"
     fi
 done
 
 export PYTHONNOUSERSITE=1
-(PYTHONHOME="${APPDIR}/opt/python3.7" exec "${APPDIR}/opt/python3.7/bin/python3.7" "${APPDIR}/usr/src/monkey_island.py" $@)
+(PYTHONHOME="${APPDIR}/opt/python3.11" exec "${APPDIR}/opt/python3.11/bin/python3.11" "${APPDIR}/usr/src/monkey_island.py" $@)
 
 exit "$?"

build_scripts/appimage/appimage.sh

@@ -1,8 +1,9 @@
 #!/bin/bash
 
+# Changes: python version
 LINUXDEPLOY_URL="https://github.com/linuxdeploy/linuxdeploy/releases/download/continuous/linuxdeploy-x86_64.AppImage"
-PYTHON_VERSION="3.7.16"
-PYTHON_APPIMAGE_URL="https://github.com/niess/python-appimage/releases/download/python3.7/python${PYTHON_VERSION}-cp37-cp37m-manylinux1_x86_64.AppImage"
+PYTHON_VERSION="3.11.3"
+PYTHON_APPIMAGE_URL="https://github.com/niess/python-appimage/releases/download/python3.11/python${PYTHON_VERSION}-cp311-cp311-manylinux2014_x86_64.AppImage"
 APPIMAGE_DIR=$(realpath "$(dirname "${BASH_SOURCE[0]}")")
 APPDIR="$APPIMAGE_DIR/squashfs-root"
 BUILD_DIR="$APPDIR/usr/src"
@@ -32,7 +33,7 @@ setup_build_dir() {
 
   pushd "$APPIMAGE_DIR" || handle_error
 
-  setup_python_37_appdir
+  setup_python_appdir
 
   mkdir -p "$BUILD_DIR"
 
@@ -53,10 +54,10 @@ setup_build_dir() {
   popd || handle_error
 }
 
-setup_python_37_appdir() {
+setup_python_appdir() {
   PYTHON_APPIMAGE="python${PYTHON_VERSION}_x86_64.AppImage"
 
-  log_message "downloading Python3.7 Appimage"
+  log_message "downloading Python Appimage"
   curl -L -o "$PYTHON_APPIMAGE" "$PYTHON_APPIMAGE_URL"
 
   chmod u+x "$PYTHON_APPIMAGE"
@@ -77,12 +78,14 @@ install_monkey_island_python_dependencies() {
   log_message "Installing island requirements"
 
   log_message "Installing pipenv"
-  "$APPDIR"/AppRun -m pip install pipenv==2022.7.4 || handle_error
+  "$APPDIR"/AppRun -m pip install pipenv || handle_error
   export CI=1
 
   log_message "Installing dependencies"
   pushd "$BUILD_DIR/monkey_island" || handle_error
-  "$APPDIR"/AppRun -m pipenv --python "$APPDIR/AppRun" sync --system || handle_error
+  "$APPDIR"/AppRun -m pipenv --python "$APPDIR/AppRun" requirements > requirements.txt || handle_error
+  "$APPDIR"/AppRun -m pip install -r requirements.txt || handle_error
+  rm requirements.txt
   popd || handle_error
 
   log_message "Uninstalling pipenv (build dependency only)"

build_scripts/appimage/install-infection-monkey-service.sh

@@ -130,7 +130,7 @@ while (( "$#" )); do
       exit 0
       ;;
     *)
-      die "Error: Unsupported parameter $1."
+      die "Error: Unsupported parameter \"$1\"."
       ;;
   esac
 done