adassault 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: b131722d9575f757c8cdf53cac4e4419d9968d5eeb11a66dabb4ef542fe85a5c
+  data.tar.gz: bf1de9fd4ddc2dd772980bc93945fd23309e5c7634e79bcb1171530e5b48db9c
+SHA512:
+  metadata.gz: bf803a032eb88ccc4444eebbf32c8edf94dc724ceec842e82855e6e75943e75e84e01514633f33f09565017dae052698d23ae7973b895863298f9318131eddbe
+  data.tar.gz: 31826ce2fed8ac57816ecbcfcd3063ea985f94f5dbdc908fcb0f51af5ae89d518866a20daad76e73f78ed1b2b0ecfeaf1ea823b2517591d2c29e8d566fbbba89

data/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 Alexandre ZANNI
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/bin/ada

@@ -0,0 +1,10 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+# Ruby internal
+# Project internal
+require 'adassault'
+require 'adassault/cli'
+# External
+
+ADAssault::CLI.run(ARGV)

data/bin/adassault

@@ -0,0 +1,10 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+# Ruby internal
+# Project internal
+require 'adassault'
+require 'adassault/cli'
+# External
+
+ADAssault::CLI.run(ARGV)

data/lib/adassault/cli/dns.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+require 'adassault/dns'
+require 'gli'
+
+module ADAssault
+  class CLI
+    extend GLI::App
+
+    desc 'DNS related commands'
+    # since 0.0.1
+    command :dns do |dns|
+      dns.desc 'Spot all domain controllers in a Microsoft Active Directory environment'
+      # since 0.0.1
+      dns.command :find_dcs do |find_dcs|
+        find_dcs.flag %i[d domain], desc: 'Active Directory domain.', type: String, required: false
+        find_dcs.flag %i[s nameserver name-server],
+                      desc: 'The IP address of the domain DNS server. If not provided uses your system DNS.',
+                      type: String
+        find_dcs.action do |_global_options, options, _args|
+          dns_opts = options[:nameserver].nil? ? nil : { nameserver: [options[:nameserver]] }
+          dcd = ADAssault::DNS::FindDCs.new(options[:domain], dns_opts)
+          dcd.display
+        end
+      end
+
+      dns.desc 'TODO'
+      dns.command :entry_add do |entry_add|
+        entry_add.action do |_global_options, _options, _args|
+          puts 'entry_add'
+        end
+      end
+
+      dns.desc 'TODO'
+      dns.command :entry_delete do |entry_delete|
+        entry_delete.action do |_global_options, _options, _args|
+          puts 'entry_delete'
+        end
+      end
+
+      dns.desc 'TODO'
+      dns.command :entry_update do |entry_update|
+        entry_update.action do |_global_options, _options, _args|
+          puts 'entry_update'
+        end
+      end
+    end
+  end
+end

data/lib/adassault/cli.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+require 'adassault/version'
+require 'adassault/cli/dns'
+
+require 'gli'
+require 'paint'
+
+module ADAssault
+  # Class containing all commands and sub-commands for the CLI,
+  # mapping CLI commands with library classes.
+  # @since 0.0.1
+  class CLI
+    extend GLI::App
+
+    program_desc 'ADAsault desc'
+    subcommand_option_handling :normal
+    sort_help :alpha # :manually
+    version ADAssault::VERSION
+
+    switch [:color], desc: 'Switch colorized output', default_value: true
+    switch [:debug], desc: 'Display options', default_value: false
+    pre do |global_options, command, options, args|
+      Paint.mode = 0 unless global_options[:color]
+      if global_options[:debug]
+        puts 'Global options:'
+        p global_options
+        puts "\nCommand:"
+        p command
+        puts "\nLocal options:"
+        p options
+        puts "\nArguments:"
+        p args
+      end
+      true # https://github.com/davetron5000/gli/issues/321
+    end
+  end
+end

data/lib/adassault/dns/find_dcs.rb

@@ -0,0 +1,130 @@
+# frozen_string_literal: true
+
+require 'resolv'
+require 'paint'
+
+module ADAssault
+  # @since 0.0.1
+  module DNS
+    # Spot all domain controllers in a Microsoft Active Directory environment
+    # @since 0.0.1
+    class FindDCs
+      # Hash containing all DCs.
+      # Cached result of {fetch_dcs}.
+      # @return [Hash] hash containing all DCs
+      # @since 0.0.1
+      attr_reader :dcs
+
+      # Create the FindDCs object.
+      # @param ad_domain [String] the Active Directory domain to work on.
+      # @param dns_opts [Hash] options for the DNS resolver. See [Resolv::DNS.new](https://ruby-doc.org/3.3.0/stdlibs/resolv/Resolv/DNS.html#method-c-new).
+      # @option dns_opts [Array|String] :nameserver the DNS server to contact
+      # @example
+      #   dcd = ADAssault::DNS::FindDCs.new('THM.local', nameserver: ['10.10.25.54'])
+      #   dcd = ADAssault::DNS::FindDCs.new('spookysec.local', nameserver: ['10.10.197.59'])
+      #   dcd = ADAssault::DNS::FindDCs.new('za.tryhackme.com', nameserver: ['10.200.28.101'])
+      def initialize(ad_domain, dns_opts = nil)
+        @ad_domain = ad_domain
+        @dns_opts = dns_opts
+        @dcs = fetch_dcs
+      end
+
+      # Get DC(s) FQDN directly from the DNS server.
+      # Not cached in `@dcs`.
+      # @return [Array] the list of FQDN of all DCs
+      # @example
+      #   dcd.dc_fqdn
+      #   # => ["THMDC.za.tryhackme.com"]
+      # @see https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/how-domain-controllers-are-located
+      # @since 0.0.1
+      def dc_fqdn
+        Resolv::DNS.open(@dns_opts) do |dns|
+          # _kerberos._tcp, _kpasswd._tcp, _ldap._tcp works too but are not MS only
+          # _kerberos._tcp.dc._msdcs
+          # _ldap._tcp.pdc._msdcs, _gc._tcp
+          # _udp variants
+          ress = dns.getresources "_ldap._tcp.dc._msdcs.#{@ad_domain}", Resolv::DNS::Resource::IN::ANY
+          ress.map { |x| x.target.to_s }
+        end
+      end
+
+      # Get DC(s) computer name directly from the DNS server.
+      # Not cached in `@dcs`.
+      # Call {dc_fqdn} and extract the name from it (substract the domain).
+      # @return [Array] the list of computer name of all DCs
+      # @example
+      #   dcd.dc_name
+      #   # => ["THMDC"]
+      # @since 0.0.1
+      def dc_name
+        dc_fqdn.map { |x| x[...-@ad_domain.size - 1] }
+      end
+
+      # Get DC(s) IP address name directly from the DNS server.
+      # Not cached in `@dcs`.
+      # @return [Array] the list of IP address of all DCs
+      # @example
+      #   dcd.dc_ip
+      #   # => ["10.10.10.101", "10.200.28.101"]
+      # @since 0.0.1
+      def dc_ip
+        Resolv::DNS.open(@dns_opts) do |dns|
+          ress = dns.getresources "gc._msdcs.#{@ad_domain}", Resolv::DNS::Resource::IN::A
+          ress.map { |x| x.address.to_s }
+        end
+      end
+
+      # rubocop:disable Metrics/MethodLength
+
+      # Generates a hash containing all DCs.
+      # The key is the short name, the value is a hash with two keys: the FQDN and the IPs addresses.
+      # This method is called while instantiating the class and teh result stored in `@dcs` attribute.
+      # @return [Hash] hash containing all DCs
+      # @since 0.0.1
+      def fetch_dcs
+        h = {}
+        dc_fqdn.each do |fqdn|
+          Resolv::DNS.open(@dns_opts) do |dns|
+            ress = dns.getresources fqdn, Resolv::DNS::Resource::IN::A
+            short_name = fqdn[...-@ad_domain.size - 1].upcase
+            h[short_name] = {
+              fqdn: fqdn,
+              ips: ress.map { |x| x.address.to_s }
+            }
+          end
+        end
+        h
+      end
+      # rubocop:enable Metrics/MethodLength
+
+      # Display a CLI-friendly output listing all DCs with their short name, FQDN and IP addresses.
+      # @return [nil]
+      # @since 0.0.1
+      def display
+        dcs.each do |short_name, dc|
+          puts "#{Paint[short_name, :bold,
+                        'dark turquoise']} (#{Paint[dc[:fqdn], 'cyan']}) - #{Paint[dc[:ips].join(', '), 'aquamarine']}"
+        end
+      end
+
+      # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
+
+      # @deprecated Use {display} instead.
+      def display_old
+        puts Paint['DC(s) name', :underline, :bold, 'dark turquoise']
+        dc_name.each do |name|
+          puts Paint["🔍 #{name}"]
+        end
+        puts Paint["\nDC(s) FQDN", :underline, :bold, 'cyan']
+        dc_fqdn.each do |fqdn|
+          puts Paint["🔍 #{fqdn}"]
+        end
+        puts Paint["\nDC(s) IP address", :underline, :bold, 'aquamarine']
+        dc_ip.each do |ip|
+          puts Paint["🔍 #{ip}"]
+        end
+      end
+      # rubocop:enable Metrics/MethodLength, Metrics/AbcSize
+    end
+  end
+end

data/lib/adassault/dns.rb

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+
+require 'adassault/dns/find_dcs'

data/lib/adassault/version.rb

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+module ADAssault
+  # Version of ADAssault library and app
+  VERSION = '0.0.1'
+end

data/lib/adassault.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+require 'adassault/version'
+
+require 'adassault/dns'

metadata

@@ -0,0 +1,93 @@
+--- !ruby/object:Gem::Specification
+name: adassault
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Alexandre ZANNI
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2024-06-23 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: gli
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.21'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.21'
+- !ruby/object:Gem::Dependency
+  name: paint
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.3'
+description: An Active Directory environments pentest tool complementary to existing
+  ones like NetExec
+email: alexandre.zanni@europe.com
+executables:
+- ada
+- adassault
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE
+- bin/ada
+- bin/adassault
+- lib/adassault.rb
+- lib/adassault/cli.rb
+- lib/adassault/cli/dns.rb
+- lib/adassault/dns.rb
+- lib/adassault/dns/find_dcs.rb
+- lib/adassault/version.rb
+homepage: https://noraj.github.io/adassault/
+licenses:
+- MIT
+metadata:
+  yard.run: yard
+  bug_tracker_uri: https://github.com/noraj/ADAssault/issues
+  changelog_uri: https://noraj.github.io/ADAssault/yard/file.CHANGELOG.html
+  documentation_uri: https://noraj.github.io/ADAssault/yard/file.Usage.html
+  homepage_uri: https://noraj.github.io/ADAssault/yard/
+  source_code_uri: https://github.com/noraj/ADAssault/
+  funding_uri: https://github.com/sponsors/noraj
+  rubygems_mfa_required: 'true'
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.0.0
+  - - "<"
+    - !ruby/object:Gem::Version
+      version: '4.0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.5.3
+signing_key:
+specification_version: 4
+summary: Dominate the Active Directory game
+test_files: []