Organization:HoneyNet project
Project site:Infection Monkey
Forked project repository: My Fork
My major tasks were to add three vulnerabilities to Infection Monkey vulnerability scanner:
What I've done:
- Created a framework for web remote code execution vulnerabilities
- Implemented Struts2, Oracle Web Logic vulnerabilities(first by hand and then changed according to my framework) and SSH key stealing
- Fixed or found following bugs: guardicore/monkey#118 and guardicore/monkey#156
- Implemented Elastic search vulnerability according to my framework
- Implemented Hadoop server remote code execution
At the moment of writing majority of my pull requests still waits for code review from mentors, but it was made with their guidance so no major code changes should be required to these features.
What is left to do:
I'll potentialy need to fix/refactor code here and there after code review.
I would like to implement mentor's suggestion: url to ip address translation. Eg. www.target.com -> 192.168.1.1
What I've learnt:
- This project was a decent introduction to programming with python
- Properly using git and contributing to large projects how-tos
- About web exploits, CVE's evaluation and other cyber security related things
What I've struggled with the most:
- I(or mostly my laptop) was not prepaired for handling multiple virtual machines at once and worked slowly
- Correct git workflow