guardicore/monkey

In domain networks, query domain to scan machines in domain

Open

#191 opened on Oct 7, 2018

View on GitHub
 (1 comment) (0 reactions) (1 assignee)Python (6,250 stars) (752 forks)batch import
Complexity: MediumFeatureHelp wantedImpact: Medium

Description

Expected Behavior

The Monkey should have a feature (with a toggle) to query the domain controller and get a list of domain joined machines to try and attack. Since the Monkey in this case would be running in a domain machine, the credentials stolen by mimikatz will likely be valid for other domain joined machines.

We could get the data using WMI queries we're already running or by running PowerShell commands

Contributor guide

Tech stack
python
Domain
backendsecurity
Issue type
feature
DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.
4
Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.
over 1 week
Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.
stale
ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.
mostly clear
Prerequisites
PythonWindows domain knowledgePowerShell basicsWMI understanding
Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.
20
Research direction
Investigate how the Monkey currently performs WMI queries (likely in the exploit modules). Look at existing code for WMI execution (e.g., 'exploit/wmi' class). Research how to query Active Directory for domain joined machines via LDAP or PowerShell from Python. Consider using the 'pyad' library or subprocess to run PowerShell commands. The issue suggests a toggle to enable this feature; design a configuration option. Check if there are any linked PRs or comments that provide more context.