-
Notifications
You must be signed in to change notification settings - Fork 194
/
hostenum.py
108 lines (84 loc) · 3.61 KB
/
hostenum.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
from lib.common import helpers
class Module:
def __init__(self, mainMenu, params=[]):
self.info = {
'Name': 'HostEnum',
'Author': ['@andrewchiles'],
'Description': ('Performs detailed enumeration of the local system in the current user content.'
'Optionally performs Privesc checks and basic Windows Domain enumeration.'),
'Background' : True,
'OutputExtension' : None,
'NeedsAdmin' : False,
'OpsecSafe' : True,
'Language': 'powershell',
'MinLanguageVersion': '2',
'Comments': [
'https://github.com/threatexpress/red-team-scripts'
]
}
# any options needed by the module, settable during runtime
self.options = {
# format:
# value_name : {description, required, default_value}
'Agent' : {
'Description' : 'Agent to run module on.',
'Required' : True,
'Value' : ''
},
'Local' : {
'Description' : 'Perform local Windows enumeration functions.',
'Required' : False,
'Value' : ''
},
'Domain' : {
'Description' : 'Perform additional Windows Domain enumeration functions.',
'Required' : False,
'Value' : ''
},
'Privesc' : {
'Description' : 'Perform additional privilege escalation checks (PowerUp).',
'Required' : False,
'Value' : ''
},
'Quick' : {
'Description' : 'Perform a quick system survey.',
'Required' : False,
'Value' : ''
},
'HTMLReport' : {
'Description' : 'Create an HTML formatted report in current directory.'
'Output filename convention is YYYYMMDD_HHMMSS_HOSTNAME.html',
'Required' : False,
'Value' : ''
}
}
# save off a copy of the mainMenu object to access external functionality
# like listeners/agent handlers/etc.
self.mainMenu = mainMenu
for param in params:
# parameter format is [Name, Value]
option, value = param
if option in self.options:
self.options[option]['Value'] = value
def generate(self):
# read in the common module source code
moduleSource = self.mainMenu.installPath + "/data/module_source/situational_awareness/host/HostEnum.ps1"
try:
f = open(moduleSource, 'r')
except:
print helpers.color("[!] Could not read module source path at: " + str(moduleSource))
return ""
moduleCode = f.read()
f.close()
script = moduleCode
script += "Invoke-HostEnum "
# add any arguments to the end execution of the script
for option,values in self.options.iteritems():
if option.lower() != "agent":
if values['Value'] and values['Value'] != '':
if values['Value'].lower() == "true":
# if we're just adding a switch
script += " -" + str(option)
else:
script += " -" + str(option) + " " + str(values['Value'])
return script