T1018

atomics/T1018/T1018.yaml

@@ -226,3 +226,61 @@ atomic_tests:
     command: |
       #{adfind_path} -sc dclist
     name: command_prompt
+
+- name: Remote System Discovery - ip neighbour
+  auto_generated_guid: 
+  description: |
+    Use the ip neighbour command to display the known link layer (ARP table) addresses for hosts sharing the same network segment. 
+  supported_platforms:
+  - linux
+  dependency_executor_name: sh
+  dependencies:
+  - description: |
+      Check if ip command exists on the machine
+    prereq_command: |
+      if [ -x "$(command -v ip)" ]; then exit 0; else exit 1; fi;
+    get_prereq_command: |
+      apt-get install iproute2 -y
+  executor:
+    command: |
+      ip neighbour show
+    name: sh
+
+- name: Remote System Discovery - ip route
+  auto_generated_guid: 
+  description: |
+    Use the ip route command to display the kernels routing tables. 
+  supported_platforms:
+  - linux
+  dependency_executor_name: sh
+  dependencies:
+  - description: |
+      Check if ip command exists on the machine
+    prereq_command: |
+      if [ -x "$(command -v ip)" ]; then exit 0; else exit 1; fi;
+    get_prereq_command: |
+      apt-get install iproute2 -y
+  executor:
+    command: |
+      ip route show
+    name: sh
+
+- name: Remote System Discovery - ip tcp_metrics
+  auto_generated_guid: 
+  description: |
+    Use the ip tcp_metrics command to display the recent cached entries for IPv4 and IPv6 source and destination addresses. 
+  supported_platforms:
+  - linux
+  dependency_executor_name: sh
+  dependencies:
+  - description: |
+      Check if ip command exists on the machine
+    prereq_command: |
+      if [ -x "$(command -v ip)" ]; then exit 0; else exit 1; fi;
+    get_prereq_command: |
+      apt-get install iproute2 -y
+  executor:
+    command: |
+      ip tcp_metrics show |grep --invert-match "^127\."
+    name: sh
+