Skip to content

Commit

Permalink
Merge branch 'main' into fix/mula/schedule-report-once-check
Browse files Browse the repository at this point in the history
  • Loading branch information
Rieven authored Nov 28, 2024
2 parents 6d143f8 + dad9c3d commit c243550
Show file tree
Hide file tree
Showing 9 changed files with 206 additions and 176 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -132,6 +132,13 @@
"impact": "System administrator ports should only be reachable from safe and known locations to reduce attack surface.",
"recommendation": "Determine if this port should be reachable from the identified location. Limit access to reduce the attack surface if necessary."
},
"KAT-REMOTE-DESKTOP-PORT": {
"description": "An open Microsoft Remote Desktop Protocol (RDP) port was detected.",
"source": "https://www.cloudflare.com/en-gb/learning/access-management/rdp-security-risks/",
"risk": "medium",
"impact": "Remote desktop ports are often the root cause in ransomware attacks, due to weak password usage, outdated software or insecure configurations.",
"recommendation": "Disable the Microsoft RDP service on port 3389 if this is publicly reachable. Add additional security layers, such as VPN access if these ports do require to be enabled to limit the attack surface."
},
"KAT-OPEN-DATABASE-PORT": {
"description": "A database port is open.",
"source": "https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers",
Expand Down
7 changes: 4 additions & 3 deletions boefjes/boefjes/plugins/kat_shodan_internetdb/main.py
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
from ipaddress import ip_address

import requests
import httpx

from boefjes.job_models import BoefjeMeta

Expand All @@ -12,7 +12,8 @@ def run(boefje_meta: BoefjeMeta) -> list[tuple[set, bytes | str]]:
ip = boefje_meta.arguments["input"]["address"]
if ip_address(ip).is_private:
return [({"info/boefje"}, "Skipping private IP address")]
response = requests.get(f"https://internetdb.shodan.io/{ip}", timeout=REQUEST_TIMEOUT)
response.raise_for_status()
response = httpx.get(f"https://internetdb.shodan.io/{ip}", timeout=REQUEST_TIMEOUT)
if response.status_code != httpx.codes.NOT_FOUND:
response.raise_for_status()

return [(set(), response.content)]
6 changes: 6 additions & 0 deletions octopoes/bits/ask_port_specification/question_schema.json
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,12 @@
"pattern": "^(\\s*(,*)[0-9]+,?\\s*)*$",
"default": "1433,1434,3050,3306,5432"
},
"microsoft_rdp_ports": {
"description": "Comma separated list of (Microsoft) RDP ports",
"type": "string",
"pattern": "^(\\s*(,*)[0-9]+,?\\s*)*$",
"default": "3389"
},
"aggregate_findings": {
"description": "Do you want to aggregate findings into one finding of the IP? Answer with true or false.",
"type": "string",
Expand Down
20 changes: 18 additions & 2 deletions octopoes/bits/port_classification_ip/port_classification_ip.py
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,6 @@
21, # FTP
22, # SSH
23, # Telnet
3389, # Remote Desktop
5900, # VNC
]
DB_TCP_PORTS = [
Expand All @@ -36,6 +35,9 @@
3306, # MySQL
5432, # PostgreSQL
]
MICROSOFT_RDP_PORTS = [
3389 # Microsoft Remote Desktop
]


def get_ports_from_config(config, config_key, default):
Expand All @@ -53,6 +55,7 @@ def run(input_ooi: IPPort, additional_oois: list, config: dict[str, Any]) -> Ite
common_udp_ports = get_ports_from_config(config, "common_udp_ports", COMMON_UDP_PORTS)
sa_tcp_ports = get_ports_from_config(config, "sa_tcp_ports", SA_TCP_PORTS)
db_tcp_ports = get_ports_from_config(config, "db_tcp_ports", DB_TCP_PORTS)
microsoft_rdp_ports = get_ports_from_config(config, "microsoft_rdp_ports", MICROSOFT_RDP_PORTS)

for ip_port in additional_oois:
port = ip_port.port
Expand All @@ -66,7 +69,8 @@ def run(input_ooi: IPPort, additional_oois: list, config: dict[str, Any]) -> Ite
yield Finding(
finding_type=open_sa_port.reference,
ooi=ip_port.reference,
description=f"Port {port}/{protocol.value} is a system administrator port and should not be open.",
description=f"Port {port}/{protocol.value} is a system administrator port and "
f"should possibly not be open.",
)
elif protocol == Protocol.TCP and port in db_tcp_ports:
ft = KATFindingType(id="KAT-OPEN-DATABASE-PORT")
Expand All @@ -79,6 +83,18 @@ def run(input_ooi: IPPort, additional_oois: list, config: dict[str, Any]) -> Ite
ooi=ip_port.reference,
description=f"Port {port}/{protocol.value} is a database port and should not be open.",
)
elif port in microsoft_rdp_ports:
open_rdp_port = KATFindingType(id="KAT-REMOTE-DESKTOP-PORT")
if aggregate_findings:
open_ports.append(ip_port.port)
else:
yield open_rdp_port
yield Finding(
finding_type=open_rdp_port.reference,
ooi=ip_port.reference,
description=f"Port {port}/{protocol.value} is a Microsoft Remote Desktop port and "
f"should possibly not be open.",
)
elif (protocol == Protocol.TCP and port not in common_tcp_ports) or (
protocol == Protocol.UDP and port not in common_udp_ports
):
Expand Down
2 changes: 1 addition & 1 deletion octopoes/tests/test_bit_ports.py
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ def test_port_classification_tcp_22():
assert len(results) == 2
finding = results[-1]
assert isinstance(finding, Finding)
assert finding.description == "Port 22/tcp is a system administrator port and should not be open."
assert finding.description == "Port 22/tcp is a system administrator port and should possibly not be open."


def test_port_classification_tcp_5432():
Expand Down
2 changes: 1 addition & 1 deletion rocky/assets/js/reportActionForms.js
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ export function renderRenameSelection(modal, selection) {
references.push(input_element.value);
});

let table_element = document.getElementById("rename-table");
let table_element = document.getElementById("report-name-table");
let table_body = table_element.querySelector("tbody");
let table_row = table_element.querySelector("tr.rename-table-row");

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,11 +7,11 @@
{% fill "content" %}
<form id="rename-form" class="inline layout-wide" method="post">
{% csrf_token %}
<table id="rename-table">
<table id="report-name-table">
<thead>
<tr>
<th>{% translate "Report type" %}</th>
<th>{% translate "Name" %}</th>
<th colspan="2">{% translate "Name" %}</th>
{% comment %} <th>{% translate "Reference date" %}</th> {% endcomment %}
</tr>
</thead>
Expand All @@ -22,9 +22,14 @@
</ul>
</td>
<td class="name">
<input type="text" name="report_name" class="report-name-input">
<input type="text" name="report_name" class="report-name-input name-input">
<input type="hidden" name="report_reference" class="report-reference-input">
</td>
<td>
<button type="button"
class="icon ti-arrow-back-up action-button reset-button hidden"
aria-label="{% translate "Reset" %}"></button>
</td>
{% comment %} <td class="date"></td> {% endcomment %}
</tr>
</tbody>
Expand Down
14 changes: 6 additions & 8 deletions rocky/reports/templates/report_overview/report_history.html
Original file line number Diff line number Diff line change
Expand Up @@ -11,15 +11,13 @@
{% include "report_overview/report_overview_header.html" %}
{% include "report_overview/report_overview_navigation.html" with active="history" %}

<div class="horizontal-scroll">
<h2>{% translate "Reports history" %}</h2>
<p>
{% translate "On this page you can see all the reports that have been generated in the past. To create a new report, click the 'Generate Report' button." %}
</p>
{% include "report_overview/report_history_table.html" %}
{% include "partials/list_paginator.html" %}
<h2>{% translate "Reports history" %}</h2>
<p>
{% translate "On this page you can see all the reports that have been generated in the past. To create a new report, click the 'Generate Report' button." %}
</p>
{% include "report_overview/report_history_table.html" %}
{% include "partials/list_paginator.html" %}

</div>
</section>
</main>
{% endblock content %}
Loading

0 comments on commit c243550

Please sign in to comment.