Add plugins and docker files

365xMVP · Jul 29, 2022 · 9ea91dd · 9ea91dd
1 parent 8b3bb4c
commit 9ea91dd
Show file tree

Hide file tree

Showing 161 changed files with 19,345 additions and 0 deletions.
diff --git a/docker/Dockerfile_linux b/docker/Dockerfile_linux
@@ -0,0 +1,56 @@
+#bueno para mirar https://github.com/Stijnc/polaris-pshtml-docker
+FROM mcr.microsoft.com/powershell
+#Labels
+LABEL version="1.0"
+LABEL description="Monkey365 container"
+LABEL author "Juan Garrido"
+LABEL email "[email protected]"
+LABEL twitter "https://twitter.com/tr1ana"
+# Metadata parameters
+ARG VERSION
+ARG VCS_URL
+ARG BUILD_DATE
+
+# Metadata ("http://label-schema.org/rc1/")
+LABEL org.label-schema.vendor="Juan Garrido" \
+      org.label-schema.name="PowerShell Monkey365 linux container" \
+      org.label-schema.description="PowerShell Monkey365 tool running in a Linux container" \
+      org.label-schema.version=$VERSION \
+      org.label-schema.vcs-url="https://github.com/silverhack/monkey365" \
+      org.label-schema.build-date=$BUILD_DATE \
+      org.label-schema.schema-version="1.0" \
+      readme.md="https://github.com/silverhack/monkey365/README.md"
+
+ARG USERNAME=monkey365
+ARG USER_UID=1000
+ARG USER_GID=$USER_UID
+# Create the home directory for the new app user.
+RUN mkdir -p /home/$USERNAME
+
+# Create an app user so our program doesn't run as root.
+RUN groupadd --gid $USER_GID $USERNAME &&\
+    useradd --uid $USER_UID --gid $USER_GID -m $USERNAME -s /sbin/nologin -c "Docker Monkey365 app user" &&\
+	chown -R $USER_UID:$USER_GID /home/$USERNAME
+
+# Set the home directory to our app user's home.
+ENV HOME=/home/$USERNAME
+ENV MODULE_HOME=/home/$USERNAME/monkey365
+
+## SETTING UP THE APP ##
+RUN mkdir -p $MODULE_HOME
+
+#Copy files
+COPY --chown=$USER_UID:$USER_GID ./ $MODULE_HOME
+
+# Create a path in .config, then add required Import-Module command to the file
+RUN mkdir -p $HOME/.config/powershell/
+RUN echo "Import-Module /home/$USERNAME/monkey365 -InformationAction Continue" > $HOME/.config/powershell/Microsoft.PowerShell_profile.ps1
+
+#Run chown
+RUN chown -R $USER_UID:$USER_GID /home/monkey365
+
+#Set WORKDIR
+WORKDIR $HOME
+
+# Change to the app user.
+USER $USERNAME
diff --git a/docker/Dockerfile_windows b/docker/Dockerfile_windows
@@ -0,0 +1,45 @@
+FROM mcr.microsoft.com/powershell
+#Labels
+LABEL version="1.0"
+LABEL description="Monkey365 container"
+LABEL author "Juan Garrido"
+LABEL email "[email protected]"
+LABEL twitter "https://twitter.com/tr1ana"
+# Metadata parameters
+ARG VERSION
+ARG VCS_URL
+ARG BUILD_DATE
+
+# Metadata ("http://label-schema.org/rc1/")
+LABEL org.label-schema.vendor="Juan Garrido" \
+      org.label-schema.name="PowerShell Monkey365 Windows container" \
+      org.label-schema.description="PowerShell Monkey365 tool running in a Windows container" \
+      org.label-schema.version=$VERSION \
+      org.label-schema.vcs-url="https://github.com/silverhack/monkey365" \
+      org.label-schema.build-date=$BUILD_DATE \
+      org.label-schema.schema-version="1.0" \
+      readme.md="https://github.com/silverhack/monkey365/README.md"
+
+ARG USERNAME=ContainerUser
+
+# Set the home directory to our app user's home.
+ENV HOME=C:/Users/ContainerUser
+ENV MODULE_HOME=$HOME/monkey365
+
+# Change to the app user.
+USER $USERNAME
+
+## SETTING UP THE APP ##
+RUN PowerShell -Command "New-Item -Path $env:USERPROFILE -Name monkey365 -Type Directory -Force"
+
+#Copy files
+COPY ./ $MODULE_HOME
+
+# Create a path in .config, then add required Import-Module command to the file
+RUN PowerShell -Command "New-Item -Path $env:USERPROFILE/Documents/PowerShell -Name Microsoft.PowerShell_profile.ps1 -Value 'Import-Module $Home/monkey365 -InformationAction Continue' -Force"
+
+#Set WORKDIR
+WORKDIR $HOME
+
+# Change to the app user.
+USER $USERNAME
diff --git a/plugins/aad/graph/applications/Get-MonkeyADApplication.ps1 b/plugins/aad/graph/applications/Get-MonkeyADApplication.ps1
diff --git a/plugins/aad/graph/audit/Get-MonkeyADAudit.ps1 b/plugins/aad/graph/audit/Get-MonkeyADAudit.ps1
@@ -0,0 +1,125 @@
+# Monkey365 - the PowerShell Cloud Security Tool for Azure and Microsoft 365 (copyright 2022) by Juan Garrido
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+Function Get-MonkeyADAudit{
+    <#
+        .SYNOPSIS
+		Plugin extract audit logs from Azure AD
+
+        .DESCRIPTION
+		Plugin extract audit logs from Azure AD
+
+        .INPUTS
+
+        .OUTPUTS
+
+        .EXAMPLE
+
+        .NOTES
+	        Author		: Juan Garrido
+            Twitter		: @tr1ana
+            File Name	: Get-MonkeyADAudit
+            Version     : 1.0
+
+        .LINK
+            https://github.com/silverhack/monkey365
+    #>
+
+    [cmdletbinding()]
+    Param (
+        [Parameter(Mandatory= $false, HelpMessage="Background Plugin ID")]
+        [String]$pluginId
+    )
+    Begin{
+        $AADConfig = $O365Object.internal_config.azuread
+        #Get Environment
+        $Environment = $O365Object.Environment
+        #Get Azure Active Directory Auth
+        $AADAuth = $O365Object.auth_tokens.Graph
+    }
+    Process{
+        $msg = @{
+            MessageData = ($message.MonkeyGenericTaskMessage -f $pluginId, "audit", $O365Object.TenantID);
+            callStack = (Get-PSCallStack | Select-Object -First 1);
+            logLevel = 'info';
+            InformationAction = $InformationAction;
+            Tags = @('AzureGraphAuditLog');
+        }
+        Write-Information @msg
+        Try{
+            $DaysAgo = "{0:s}" -f (get-date).AddDays($AADConfig.AuditLogDaysAgo) + "Z"
+        }
+        Catch{
+            $DaysAgo = -15
+        }
+        $Query = '&$filter=activityDate gt {0}' -f $DaysAgo
+        #Get audit log
+        $params = @{
+            Authentication = $AADAuth;
+            ObjectType = 'activities/audit';
+            Query = $Query
+            Environment = $Environment;
+            ContentType = 'application/json';
+            Method = "GET";
+            APIVersion = "beta";
+        }
+        #Get Audit Logs from Azure AAD
+        $all_events = Get-MonkeyGraphObject @params
+        $formatted_events = @()
+        if ($all_events){
+            $msg = @{
+                MessageData = ($message.MonkeyResponseCountMessage -f $all_events.Count);
+                callStack = (Get-PSCallStack | Select-Object -First 1);
+                logLevel = 'info';
+                InformationAction = $InformationAction;
+                Tags = @('AzureGraphAuditLogCount');
+            }
+            Write-Information @msg
+            #Iterate over all events
+            foreach ($entry in $all_events){
+                $entry.actor = $entry.actor.userPrincipalName
+                $entry | Add-Member -type NoteProperty -name targetResourceType -Value $entry.targets.targetResourceType
+                $entry | Add-Member -type NoteProperty -name targetobjectId -Value $entry.targets.objectId
+                $entry | Add-Member -type NoteProperty -name targetName -Value $entry.targets.name
+                $entry | Add-Member -type NoteProperty -name targetUserPrincipalName -Value $entry.targets.userPrincipalName
+                $Changes = $entry.targets.modifiedProperties
+                $entry | Add-Member -type NoteProperty -name ChangeAttribute -Value (@($Changes.name) -join ',')
+                $entry | Add-Member -type NoteProperty -name OldValue -Value (@($Changes.oldvalue) -join ',')
+                $entry | Add-Member -type NoteProperty -name NewValue -Value (@($Changes.newvalue) -join ',')
+                $formatted_events += $entry
+            }
+        }
+    }
+    End{
+        if($formatted_events){
+            $formatted_events = $formatted_events | Select-Object $AADConfig.AuditLogFilter
+            $formatted_events.PSObject.TypeNames.Insert(0,'Monkey365.AzureAAD.AuditLogs')
+            [pscustomobject]$obj = @{
+                Data = $formatted_events
+            }
+            $returnData.aad_audit_logs = $obj
+        }
+        else{
+            $msg = @{
+                MessageData = ($message.MonkeyEmptyResponseMessage -f "Audit Log", $O365Object.TenantID);
+                callStack = (Get-PSCallStack | Select-Object -First 1);
+                logLevel = 'warning';
+                InformationAction = $InformationAction;
+                Tags = @('AzureGraphUsersEmptyResponse');
+            }
+            Write-Warning @msg
+        }
+    }
+}
diff --git a/plugins/aad/graph/authorisation/Get-MonkeyADAuthorisationPolicy.ps1 b/plugins/aad/graph/authorisation/Get-MonkeyADAuthorisationPolicy.ps1
@@ -0,0 +1,76 @@
+# Monkey365 - the PowerShell Cloud Security Tool for Azure and Microsoft 365 (copyright 2022) by Juan Garrido
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+Function Get-MonkeyADAuthorisationPolicy{
+    <#
+        .SYNOPSIS
+		Plugin to get password reset policy from Azure AD
+
+        .DESCRIPTION
+		Plugin to get password reset policy from Azure AD
+
+        .INPUTS
+
+        .OUTPUTS
+
+        .EXAMPLE
+
+        .NOTES
+	        Author		: Juan Garrido
+            Twitter		: @tr1ana
+            File Name	: Get-MonkeyADAuthorisationPolicy
+            Version     : 1.0
+
+        .LINK
+            https://github.com/silverhack/monkey365
+    #>
+
+    [cmdletbinding()]
+    Param (
+        [Parameter(Mandatory= $false, HelpMessage="Background Plugin ID")]
+        [String]$pluginId
+    )
+    Process{
+        $msg = @{
+            MessageData = ($message.MonkeyGenericTaskMessage -f $pluginId, "Azure AD authorisation policy", $O365Object.TenantID);
+            callStack = (Get-PSCallStack | Select-Object -First 1);
+            logLevel = 'info';
+            InformationAction = $InformationAction;
+            Tags = @('GraphAuthPolicy');
+        }
+        Write-Information @msg
+        #Query
+        $ad_auth_policy = Get-PSGraphAuthorizationPolicy @params
+    }
+    End{
+        if ($ad_auth_policy){
+            $ad_auth_policy.PSObject.TypeNames.Insert(0,'Monkey365.AzureAD.AuthorisationPolicy')
+            [pscustomobject]$obj = @{
+                Data = $ad_auth_policy
+            }
+            $returnData.aad_auth_policy = $obj
+        }
+        else{
+            $msg = @{
+                MessageData = ($message.MonkeyEmptyResponseMessage -f "Azure AD authorisation policy", $O365Object.TenantID);
+                callStack = (Get-PSCallStack | Select-Object -First 1);
+                logLevel = 'warning';
+                InformationAction = $InformationAction;
+                Tags = @('GraphAuthPolicyEmptyResponse');
+            }
+            Write-Warning @msg
+        }
+    }
+}