aspisec 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 0774d430a48a87fa3e42c12c3128539d47ad0fd801e0f72d60f6e0bed0d748c7
+  data.tar.gz: 00323257ec5e60891045f4be245854334cb66848ef2232ceb894aefe35cb717c
+SHA512:
+  metadata.gz: 74d2860157892606ce4113612e489cccece2eeaa138e825cf4be93f8c16f3182e18db4276f2bc6ce420e215c9d36b46bb3cbf9dc86f0ca557c2145795658707e
+  data.tar.gz: 64eb61bb34d63920da20059bb040da0890959726bdc407038191036d6d901a224538e7097ccd30e82aae8a33ec262dc26f4536a25699c9a452587e084fc6eaba

data/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 Alexandre ZANNI at ACCEIS
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/bin-ruby/aspisec

@@ -0,0 +1,64 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+# Ruby internal
+# Project internal
+require 'aspisec'
+# External
+require 'docopt'
+require 'pastel'
+
+paint = Pastel.new(eachline: "\n")
+
+doc = <<~DOCOPT
+  #{paint.decorate('AspiSec', :red)} v#{paint.decorate(Aspisec::VERSION, :bold)}
+
+  #{paint.decorate('Usage:', :red)}
+    aspisec [options] clean
+    aspisec [options] list
+    aspisec -h | --help
+    aspisec --version
+
+  #{paint.decorate('Commands:', :red)}
+    clean                   Removes the traces left by offensive security tools
+    list                    List available modules, locations and their status
+
+  #{paint.decorate('Options:', :red)}
+    --debug                 Display arguments
+    -v, --verbose <level>   Set verbosity level (see documentation) [default: 2]
+    -h, --help              Show this screen
+    --version               Show version
+
+  #{paint.decorate('Examples:', :red)}
+    aspisec clean
+
+  #{paint.decorate('Project:', :red)}
+    #{paint.decorate('source', :underline)} (https://github.com/acceis/aspisec)
+    #{paint.decorate('documentation', :underline)} (https://acceis.github.io/aspisec)
+DOCOPT
+
+begin
+  args = Docopt.docopt(doc, version: Aspisec::VERSION)
+  puts args if args['--debug']
+  log_level = 2
+  log_level = args['--verbose'].to_i if args['--verbose']
+  if args['clean']
+    logger = Aspisec::Logger.new(log_level).logger
+    conf = Aspisec::Config.new(logger).conf
+    cl = Aspisec::Clean.new(conf:, logger:)
+    cl.clean
+  elsif args['list']
+    Aspisec::Modules.modules.each do |mod|
+      enabled = mod.enabled? ? '✅' : '❌'
+      print "#{enabled} "
+      puts paint.decorate(mod.name, :red, :on_black)
+      mod.locations.each do |loc|
+        enabled = loc.enabled? ? '✅' : '❌'
+        print "  #{enabled} "
+        puts paint.decorate(loc.name, :white, :on_black)
+      end
+    end
+  end
+rescue Docopt::Exit => e
+  puts e.message
+end

data/lib-ruby/aspisec/clean.rb

@@ -0,0 +1,152 @@
+# frozen_string_literal: true
+
+require 'pastel'
+require 'tty-prompt'
+
+# ActiveSupport minimal load (we only use number_to_human_size)
+require 'active_support'
+require 'active_support/core_ext/numeric/conversions'
+
+module Aspisec
+  # Manage the cleaning operations
+  class Clean
+    # @param conf [Aspisec::Config] an instance of the global configuration
+    #   If none is provided, the default config is loaded.
+    # @param logger [TTY::Logger] logger instance. See {Aspisec::Logger}.
+    #   If none is provided, a default logger with log level 2 is created.
+    #   See {Aspisec::Logger::LOG_LEVEL}.
+    def initialize(conf: nil, logger: nil)
+      @logger = logger || Aspisec::Logger.new.logger
+      @conf = conf || Aspisec::Config.new(@logger).conf
+      @modules = Aspisec::Modules.modules(conf:, logger:).select(&:enabled?)
+      @autoclean = @conf.dig('aspisec', 'autoclean').fetch('enabled', false)
+      @describe = @conf.dig('aspisec', 'describe').fetch('enabled', true)
+      @prompt = TTY::Prompt.new
+      @painter = Pastel.new(eachline: "\n")
+    end
+
+    # Display location (file or directory) information and prompt user for deletion
+    # It will follow the configuration wether it has to display the description or not.
+    # @param location [Aspisec::Module::Location]
+    # @return [true|false]
+    def prompt_removal(location:)
+      puts "——— #{@painter.decorate(location.name, :cyan, :bold)} ———"
+      puts_decorated('Path', location.path.to_s)
+      puts_decorated('Type', file_type(location.path))
+      puts_decorated('Size', type_size(location.path))
+      puts_decorated('Description', location.description) if @describe
+      @prompt.yes?("Do you want to remove #{location.name}?")
+    end
+
+    # Display decorated key/value
+    # @param key [String]
+    # @param value [String]
+    # @return [nil]
+    def puts_decorated(key, value)
+      puts @painter.decorate("#{key}: ", :bright_blue, :bold) + value
+    end
+
+    # Type of file
+    # @param path [Pathname]
+    # @return [String] `file`, `directory` or `other`
+    def file_type(path)
+      if path.file?
+        'file'
+      elsif path.directory?
+        'directory'
+      else
+        'other'
+      end
+    end
+
+    # Formats number as bytes into a human-friendly representation.
+    # @param size [Integer] file size in bytes
+    # @return [String] human-friendly size with the most suitable unit
+    # @see https://api.rubyonrails.org/classes/ActiveSupport/NumberHelper.html#method-i-number_to_human_size
+    def human_size(size)
+      ActiveSupport::NumberHelper.number_to_human_size(size)
+    end
+
+    # Calculate directory size (size of all files stored in it).
+    # It will be the real size of files not the size on disk.
+    # It ignores anything else than files so it could be wrong for symlinks, mounts, etc.
+    # It also don't take into consideration the size of the directory itself.
+    # @param path [Pathname]
+    # @return [Integer] size in bytes
+    def directory_size(path)
+      Dir[File.join(path, '**', '*')].select { |f| File.file?(f) }.sum { |f| File.size(f) }
+    end
+
+    # Displays the size (in human-friendly format with {human_size}) regardless of whether it is a file or a directory.
+    # @param path [Pathname]
+    # @return [String] human-friendly size with the most suitable unit, or `empty` is the size is zero
+    def type_size(path)
+      size = if path.directory?
+               directory_size(path)
+             else
+               path.size
+             end
+      size.zero? ? 'empty' : human_size(size)
+    end
+
+    # Delete the location regardless of whether it is a file or a directory.
+    # @param path [Pathname]
+    # @return [nil]
+    def type_delete(path)
+      if path.directory?
+        path.rmtree
+      else
+        path.delete
+      end
+      nil
+    end
+
+    # Handles and logs deletion of locations
+    # @param path [Pathname]
+    # @return [nil]
+    def delete_location(path)
+      type_delete(path)
+      @logger.info("#{path} was removed")
+      nil
+    end
+
+    # Handles the deletion mode. It could be automatic or manual cleaning.
+    # @param loc [Aspisec::Module::Location]
+    def delete_mode(loc)
+      return unless loc.enabled? && loc.path.exist?
+
+      if @autoclean
+        delete_location(loc.path)
+      else
+        manual_delete(loc)
+      end
+    end
+
+    # Handles the manual deletion mode.
+    # @param loc [Aspisec::Module::Location]
+    def manual_delete(loc)
+      remove = prompt_removal(location: loc)
+      if remove
+        delete_location(loc.path)
+      else
+        @logger.debug("#{loc.path} was left untouched")
+      end
+    end
+
+    # Main method, handling the cleaning.
+    # Only enabled modules and locations will be removed.
+    # Works either with auto-cleaning or ask for manual confirmation.
+    # @return [nil]
+    def clean
+      @modules.each do |mod|
+        next unless mod.enabled?
+
+        puts "━━━━━━━━━━━━ #{@painter.decorate(mod.name, :white, :bold, :on_blue)} ━━━━━━━━━━━━"
+        mod.locations.each do |loc|
+          delete_mode(loc)
+        end
+      end
+      nil
+    end
+  end
+end

data/lib-ruby/aspisec/config.rb

@@ -0,0 +1,323 @@
+# frozen_string_literal: true
+
+# stdlib
+require 'yaml'
+# third-party
+require 'xdg'
+require 'tty-logger'
+
+module Aspisec
+  # Managing the configuration file (location, creation, parsing)
+  class Config
+    CONFIG_FILENAME = 'aspisec.config.yaml'
+    DEFAULT_CONFIG = {
+      'aspisec' => {
+        # Auto clean, remove files without asking confirmation
+        'autoclean' => {
+          'enabled' => false
+        },
+        # Display the description of each location to explain what the file /
+        # directory is storing
+        'describe' => {
+          'enabled' => true
+        }
+      },
+      'tools' => {
+        # Example of a tool configuration
+        'example' => {
+          # Putting this value to false allow to disable the check for this module only
+          'enabled' => false,
+          'location' => {
+            # The base location where the tool stores the confidential stuff to clean
+            # $XDG_DATA_HOME is evaluated with a XDG library so even if the environment
+            # variable doesn't exist it will be replaced with the default standard value
+            'base' => '$XDG_DATA_HOME/tools/ex',
+            'logs' => {
+              # Path to the confidential file n°1
+              # <base> will be replaced by location.base value
+              'path' => '<base>/output',
+              # Each file check can be individually turned off rather than disabling the whole module
+              'enaled' => false,
+              # The description explain which client-related data is stored there and how it is sensitive.
+              # It generally says if it's a file or directory.
+              'description' => 'The directory containing log files. Logs contain IP addresses and hostnames.'
+            }
+          }
+        },
+        'sqlmap' => {
+          'enabled' => true,
+          'location' => {
+            'base' => '$XDG_DATA_HOME/sqlmap', # ~/.local/share/sqlmap
+            'history' => {
+              'path' => '<base>/history',
+              'description' => "Directory containing history files.\n" \
+                               "os.hst stores system commands entered when using --os-pwn option.\n" \
+                               'sql.hst stores SQL quries entered when using --os-shell option.'
+            },
+            'logs' => {
+              'path' => '<base>/output',
+              'description' => "Directory containing a folder per target.\n" \
+                               "<target>/log contains all successful injection vectors.\n" \
+                               "<target>/session.sqlite contains retrieved data.\n" \
+                               '<target>/target.txt contains target URL + command used.'
+            }
+          }
+        },
+        'crackmapexec' => {
+          'enabled' => true,
+          'location' => {
+            'base' => '$HOME/.cme', # ~/.cme
+            'logs' => {
+              'path' => '<base>/logs',
+              'description' => 'Directory containing log files, secrets, hashes, cleartext passwords etc.'
+            },
+            'screenshots' => {
+              'path' => '<base>/screenshots',
+              'description' => 'Directory where are stored all screenshots taken with the --screenshot option.'
+            },
+            'workspaces' => {
+              'path' => '<base>/workspaces',
+              'description' => "Directory containing workspaces.\n" \
+                               'Workspaces contain SQLite databases including users (domain, usernames, password), ' \
+                               'shares, hosts, dpapi secrets, etc.'
+            }
+          }
+        },
+        'netexec' => {
+          'enabled' => true,
+          'location' => {
+            'base' => '$HOME/.nxc', # ~/.nxc
+            'logs' => {
+              'path' => '<base>/logs',
+              'description' => 'Directory containing log files, secrets, hashes, cleartext password etc.'
+            },
+            'screenshots' => {
+              'path' => '<base>/screenshots',
+              'description' => 'Directory where are stored all screenshots taken with the --screenshot option.'
+            },
+            'workspaces' => {
+              'path' => '<base>/workspaces',
+              'description' => "Directory containing workspaces.\n" \
+                               'Workspaces contain SQLite databases including users (domain, usernames, password), ' \
+                               'shares, hosts, dpapi secrets, etc.'
+            }
+          }
+        },
+        'hashcat' => {
+          'enabled' => true,
+          'location' => {
+            'base' => '$XDG_DATA_HOME/hashcat', # ~/.local/share/hashcat
+            #
+            #
+            #
+            'sessions' => {
+              'path' => '<base>/sessions',
+              'enaled' => false,
+              'description' => "Directory containing session related data.\n" \
+                               'hashcat.log should not contain any sensible data unless the file name ' \
+                               "of a target file is sensible.\n" \
+                               'show.log should not contain any sensible data unless the folder name is sensible.'
+            },
+            'potfile' => {
+              'path' => '<base>/hashcat.potfile',
+              'description' => "File containing all cracked hashes.\n" \
+                               'Passwords may include enterprize related content or may be easily recognizable.'
+            },
+            'dict_cache' => {
+              'path' => '<base>/hashcat.dictstat2',
+              'enabled' => false,
+              'description' => "File is a cache for dictionaries.\n" \
+                               'It should not be sensible unless dict. contain confidential data.'
+            }
+          }
+        },
+        'theharvester' => {
+          'enabled' => true,
+          'location' => {
+            'base' => '$XDG_DATA_HOME/theHarvester', # ~/.local/share/theHarvester
+            #
+            'stash' => {
+              'path' => '<base>/stash.sqlite',
+              'description' => 'File (SQLite DB) containing all the harvested addresses.'
+            }
+          }
+        },
+        'john' => {
+          'enabled' => true,
+          'location' => {
+            'base' => '$HOME/.john', # ~/.john
+            #
+            #
+            'logs' => {
+              'path' => '<base>/john.log',
+              'description' => "File containing the logs of the commands launched.\n" \
+                               'Does not contain hashes or passwords but usernames and whole command lines.'
+            },
+            'potfile' => {
+              'path' => '<base>/john.pot',
+              'description' => "File containing all cracked hashes.\n" \
+                               'Passwords may include enterprize related content or may be easily recognizable.'
+            }
+          }
+        },
+        'metasploit' => {
+          'enabled' => true,
+          'location' => {
+            'base' => '$HOME/.msf4', # ~/.msf4
+            #
+            #
+            'history' => {
+              'path' => '<base>/history',
+              'description' => "File containing the history of commands used in msf shell.\n" \
+                               'It certainly contains username, passwords, hostnames, etc.'
+            },
+            'logs' => {
+              'path' => '<base>/logs',
+              'description' => "Directory containing log files.\n" \
+                               "framework.log may contain stacktraces that contain payloads.\n" \
+                               "production.log and sessions/ ? (I don't know, empty for me)"
+            },
+            'loot' => {
+              'path' => '<base>/loot',
+              'description' => "Directory containing looted files.\n" \
+                               'Those are retrieved clients files.'
+            },
+            'meterpreter' => {
+              'path' => '<base>/meterpreter_history',
+              'description' => "File containing the history of commands used in meterpreter sessions.\n" \
+                               "Less sensible than msf shell history but could still contains some file paths, \n" \
+                               'for example.'
+            }
+          }
+        }
+      },
+      'audit' => {
+        'enabled' => false,
+        'location' => {
+          'base' => '$HOME/Projets'
+        }
+      }
+    }.freeze
+
+    # The parsed Aspisec configuration
+    # @return [Hash] the Aspisec configuration object
+    attr_reader :conf
+
+    # Load config. or create a default config. file if not existing.
+    # Also parse and interprete custom values.
+    # @param logger [TTY::Logger] logger instance. See {Aspisec::Logger}.
+    #   If none is provided, a default logger with log level 2 is created.
+    #   See {Aspisec::Logger::LOG_LEVEL}.
+    # @example
+    #   # With default logger
+    #   cnf = Aspisec::Config.new
+    #   cnf.conf
+    #   # With custom logger
+    #   logger = Aspisec::Logger.new(0).logger
+    #   cnf = Aspisec::Config.new(logger)
+    #   cnf.conf
+    def initialize(logger = nil)
+      # Set log level
+      @logger = logger || Aspisec::Logger.new.logger
+      # Create the configuration file if it doesn't exist
+      create_config unless config_exist?
+      # Else load it
+      @conf = load_config
+      # Replace the path variables / plaholders with real values
+      expand_path_conf!
+    end
+
+    # Read and parse (YAML ➡️ Ruby Hash) the config. file
+    # @return [Hash|nil] the corresponding Ruby object parsed from the YAML file
+    #   or `nil` if the configuration file doesn't exist
+    def load_config
+      if config_exist?
+        @logger.debug("Loading configuration from #{config_filepath}")
+        YAML.load_file(config_filepath, symbolize_names: false)
+      else
+        @logger.warn('Configuration not loaded')
+        nil
+      end
+    end
+
+    # Create the configuration file with default value at default location if it doesn't already exist
+    def create_config
+      return if config_exist?
+
+      parent_dir = File.dirname(config_filepath)
+      # create parent folder recursively if it doesn't already exist
+      FileUtils.mkpath(parent_dir)
+      @logger.info("Creating configuration file: #{config_filepath}")
+      File.write(config_filepath, YAML.dump(DEFAULT_CONFIG))
+    end
+
+    # Get the Aspisec configuration file path
+    # @return [String] absolute file path
+    def config_filepath
+      xdg = XDG.new
+      # Logging this floods debug info and is not meaningful
+      # path = xdg.config_home + 'aspisec' + CONFIG_FILENAME
+      # @logger.debug("The default configuration file path should be: #{path}")
+      # path
+      # https://github.com/rubocop/rubocop/issues/11757
+      # rubocop:disable Style/StringConcatenation
+      xdg.config_home + 'aspisec' + CONFIG_FILENAME # /home/noraj/.config/aspisec/aspisec.config.yaml
+      # rubocop:enable Style/StringConcatenation
+    end
+
+    # Check if the Aspisec configuration file exists or not
+    # @return [true|false]
+    def config_exist?
+      # Logging this floods debug info and is not meaningful
+      # exist = File.exist?(config_filepath)
+      # neg = exist ? '' : 'does not'
+      # @logger.debug("The configuration file #{config_filepath} #{neg} exist")
+      # exist
+      File.exist?(config_filepath)
+    end
+
+    # @note see {Aspisec::Config.expand_path_variables}
+    def expand_path_variables(path)
+      Config.expand_path_variables(path)
+    end
+
+    # Evaluate XDG variables and $HOME in file path
+    # @param path [String] path with variables
+    # @return the absolute version of the evaluated path
+    # @note Arguments other than Strings are returned untouched, useful to iterate over configuration values
+    # @example
+    #   conf.expand_path_variables('$XDG_DATA_HOME/sqlmap')
+    #   # => "/home/noraj/.local/share/sqlmap"
+    def self.expand_path_variables(path)
+      return path unless path.is_a?(String) # not a path, let untouched
+
+      xdg = XDG.new
+      case path
+      when /\$XDG_CONFIG_HOME/
+        path.sub!('$XDG_CONFIG_HOME', xdg.config_home.to_s)
+      when /\$XDG_DATA_HOME/
+        path.sub!('$XDG_DATA_HOME', xdg.data_home.to_s)
+      when /\$HOME/
+        path.sub!('$HOME', Dir.home)
+      end
+      File.expand_path(path)
+    end
+
+    # Expand all base location with {Aspisec::Config.expand_path_variables} in the configuration
+    # + expand the custom `<base>` tags
+    def expand_path_conf!
+      @conf['tools'].each_key do |tool|
+        base_path = @conf.dig('tools', tool, 'location', 'base')
+        @conf['tools'][tool]['location']['base'] = expand_path_variables(base_path)
+        @conf['tools'][tool]['location'].each_key do |k|
+          unless k == 'base'
+            feature_path = @conf.dig('tools', tool, 'location', k, 'path')
+            @conf['tools'][tool]['location'][k]['path'] = feature_path.sub('<base>', base_path) if feature_path
+          end
+        end
+      end
+      @conf['audit']['location']['base'] = expand_path_variables(@conf.dig('audit', 'location', 'base'))
+      @conf
+    end
+  end
+end

data/lib-ruby/aspisec/logger.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+require 'tty-logger'
+
+module Aspisec
+  # CLI / Terminal / console information logging
+  class Logger
+    # Mapping integers to log levels from tty-logger (https://github.com/piotrmurach/tty-logger?tab=readme-ov-file#22-levels)
+    LOG_LEVEL = {
+      0 => :debug,
+      1 => :info,
+      2 => :warn,
+      3 => :error,
+      4 => :fatal
+    }.freeze
+
+    # The configuration of the logger
+    # @return [TTY::Logger]
+    attr_reader :logger
+
+    # @param log_level [Integer] Default is 2. See {LOG_LEVEL}.
+    # @example
+    #   logger = Aspisec::Logger.new(0).logger
+    #   conf = Aspisec::Config.new(logger)
+    def initialize(log_level = 2)
+      @logger = TTY::Logger.new { |config| config.level = LOG_LEVEL[log_level] }
+    end
+  end
+end

data/lib-ruby/aspisec/module.rb

@@ -0,0 +1,103 @@
+# frozen_string_literal: true
+
+# stdlib
+require 'pathname'
+# third-party
+require 'tty-logger'
+
+module Aspisec
+  # Generic module class that will be inherited in all modules instances
+  class Module
+    # The configuration for the tool.
+    # Sub-tree under `tools > tool_name` of {Aspisec::Config#conf}.
+    # @return [Hash]
+    attr_reader :conf
+
+    # The name of the tool.
+    # @return [String] tool name
+    attr_reader :name
+
+    # List of locations (name).
+    # Returns something only on module instances like {Aspisec::Modules::Sqlmap}.
+    # Will be empty for {Aspisec::Module}.
+    # For a list of objects, rather use {locations}.
+    # @return [Array<String>]
+    attr_reader :locations_list
+
+    # The base location (directory) where the tool data is stored.
+    # @return [Pathname] file path
+    attr_reader :base
+
+    # Not meant to be used directly but to be inherited in modules instead
+    # @param conf [Aspisec::Config] an instance of the global configuration
+    # @param tool_name [String] The name of the tool. It must match the configuration key.
+    # @param logger [TTY::Logger] logger instance. See {Aspisec::Logger}.
+    #   If none is provided, a default logger with log level 2 is created.
+    #   See {Aspisec::Logger::LOG_LEVEL}.
+    # @example
+    #   conf = Aspisec::Config.new.conf
+    #   # you should never do that as you'll get incomplete data and features
+    #   sqlmap = Aspisec::Module.new(conf, 'sqlmap')
+    #   # rather call the sqlmap module that will inherit this class
+    #   sqlmap = Aspisec::Modules::Sqlmap.new(conf)
+    def initialize(conf, tool_name, logger: nil)
+      @logger = logger || Aspisec::Logger.new.logger
+      @name = tool_name
+      @logger.debug("Module #{@name} was loaded", app: @name)
+      @conf = conf['tools'][tool_name]
+      @base = Pathname.new(@conf.dig('location', 'base'))
+      @enabled = @conf.fetch('enabled', true)
+      @locations_list = []
+    end
+
+    # Is this module enabled?
+    # @return [true|false]
+    def enabled?
+      @enabled
+    end
+
+    # Returns all locations available for the tool.
+    # It returns a list {Location} objects unline {locations_list} that returns
+    # only strings (location names).
+    # @return [Array<Location>]
+    def locations
+      # Re-compute what's already cumputed and stored in properties
+      # @locations_list.map { |loc| Location.new(@conf, loc) }
+      # Access properties rather than re-computing
+      # Using send() is safe here because the input is a hadrcaoded whitelist
+      @locations_list.map { |loc| send(loc) }
+    end
+
+    # Object easing the manipulation of locations.
+    # Helpers to get the path, check if this feature/file/directory is enabled, etc.
+    class Location
+      # Name of the feature, file or directory of the tool.
+      # @return [String]
+      attr_reader :name
+
+      # File path of the file or directory location to clean.
+      # @return [Pathname] absolute path
+      attr_reader :path
+
+      # Explanation of what the location (file / directory) is containing, to give an idea of how sensitive it is.
+      # @return [String] description
+      attr_reader :description
+
+      # @param tool_conf [Hash] Tool configuration as returned by {Aspisec::Module#conf}.
+      # @param feature_name [String] Name of the feature/file/directory to clean.
+      #   Must be equal to the configuration key.
+      def initialize(tool_conf, feature_name)
+        @name = feature_name
+        @path = Pathname.new(tool_conf.dig('location', @name, 'path'))
+        @enabled = tool_conf.dig('location', @name).fetch('enabled', true)
+        @description = tool_conf.dig('location', @name).fetch('description', '')
+      end
+
+      # Is this location enabled?
+      # @return [true|false]
+      def enabled?
+        @enabled
+      end
+    end
+  end
+end

data/lib-ruby/aspisec/modules/crackmapexec.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+require 'aspisec/module'
+
+module Aspisec
+  module Modules
+    # CrackMapExec module.
+    # Inherits {Aspisec::Module}.
+    # For more examples of methods, see {Aspisec::Modules::Sqlmap}.
+    # @see https://github.com/byt3bl33d3r/CrackMapExec
+    # @example
+    #   # Get the global config
+    #   conf = Aspisec::Config.new.conf
+    #   # Create a Crackmapexec module instance
+    #   cme = Aspisec::Modules::Crackmapexec.new(conf)
+    #   # Locations available
+    #   cme.locations_list # => ["logs", "screenshots", "workspaces"]
+    class Crackmapexec < Aspisec::Module
+      # see {Aspisec::Config::DEFAULT_CONFIG} or call {Aspisec::Module::Location#description}.
+      # @return [Location]
+      attr_reader :logs
+
+      # see {Aspisec::Config::DEFAULT_CONFIG} or call {Aspisec::Module::Location#description}.
+      # @return [Location]
+      attr_reader :screenshots
+
+      # see {Aspisec::Config::DEFAULT_CONFIG} or call {Aspisec::Module::Location#description}.
+      # @return [Location]
+      attr_reader :workspaces
+
+      # Inherits from {Aspisec::Module} but without the `tool_name` argument
+      # because it is hardcoded for each module.
+      # @param conf [Aspisec::Config] an instance of the global configuration
+      def initialize(conf, logger: nil)
+        super(conf, 'crackmapexec', logger:)
+        @logs = Location.new(@conf, 'logs')
+        @screenshots = Location.new(@conf, 'screenshots')
+        @workspaces = Location.new(@conf, 'workspaces')
+        @locations_list = %w[logs screenshots workspaces]
+      end
+    end
+  end
+end

data/lib-ruby/aspisec/modules/hashcat.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+require 'aspisec/module'
+
+module Aspisec
+  module Modules
+    # HashCat module.
+    # Inherits {Aspisec::Module}.
+    # For more examples of methods, see {Aspisec::Modules::Sqlmap}.
+    # @see https://github.com/hashcat/hashcat
+    # @example
+    #   # Get the global config
+    #   conf = Aspisec::Config.new.conf
+    #   # Create a Hashcat module instance
+    #   hc = Aspisec::Modules::Hashcat.new(conf)
+    #   # Locations available
+    #   hc.locations_list # => ["sessions", "potfile", "dict_cache"]
+    class Hashcat < Aspisec::Module
+      # see {Aspisec::Config::DEFAULT_CONFIG} or call {Aspisec::Module::Location#description}.
+      # @return [Location]
+      attr_reader :sessions
+
+      # see {Aspisec::Config::DEFAULT_CONFIG} or call {Aspisec::Module::Location#description}.
+      # @return [Location]
+      attr_reader :potfile
+
+      # see {Aspisec::Config::DEFAULT_CONFIG} or call {Aspisec::Module::Location#description}.
+      # @return [Location]
+      attr_reader :dict_cache
+
+      # Inherits from {Aspisec::Module} but has only the `conf` argument,
+      # `tool_name` is hardcoded for each module.
+      # @param conf [Aspisec::Config] an instance of the global configuration
+      def initialize(conf, logger: nil)
+        super(conf, 'hashcat', logger:)
+        @sessions = Location.new(@conf, 'sessions')
+        @potfile = Location.new(@conf, 'potfile')
+        @dict_cache = Location.new(@conf, 'dict_cache')
+        @locations_list = %w[sessions potfile dict_cache]
+      end
+    end
+  end
+end

data/lib-ruby/aspisec/modules/john.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+require 'aspisec/module'
+
+module Aspisec
+  module Modules
+    # John (the Ripper) module.
+    # Inherits {Aspisec::Module}.
+    # For more examples of methods, see {Aspisec::Modules::Sqlmap}.
+    # @see https://github.com/openwall/john
+    # @example
+    #   # Get the global config
+    #   conf = Aspisec::Config.new.conf
+    #   # Create a John module instance
+    #   john = Aspisec::Modules::John.new(conf)
+    #   # Locations available
+    #   john.locations_list # => ["logs", "potfile"]
+    class John < Aspisec::Module
+      # see {Aspisec::Config::DEFAULT_CONFIG} or call {Aspisec::Module::Location#description}.
+      # @return [Location]
+      attr_reader :logs
+
+      # see {Aspisec::Config::DEFAULT_CONFIG} or call {Aspisec::Module::Location#description}.
+      # @return [Location]
+      attr_reader :potfile
+
+      # Inherits from {Aspisec::Module} but has only the `conf` argument,
+      # `tool_name` is hardcoded for each module.
+      # @param conf [Aspisec::Config] an instance of the global configuration
+      def initialize(conf, logger: nil)
+        super(conf, 'john', logger:)
+        @logs = Location.new(@conf, 'logs')
+        @potfile = Location.new(@conf, 'potfile')
+        @locations_list = %w[logs potfile]
+      end
+    end
+  end
+end

data/lib-ruby/aspisec/modules/metasploit.rb

@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+
+require 'aspisec/module'
+
+module Aspisec
+  module Modules
+    # Metasploit module.
+    # Inherits {Aspisec::Module}.
+    # For more examples of methods, see {Aspisec::Modules::Sqlmap}.
+    # @see https://github.com/rapid7/metasploit-framework
+    # @example
+    #   # Get the global config
+    #   conf = Aspisec::Config.new.conf
+    #   # Create a Metasploit module instance
+    #   msf = Aspisec::Modules::Metasploit.new(conf)
+    #   # Locations available
+    #   msf.locations_list # => ["history", "logs", "loot", "meterpreter"]
+    class Metasploit < Aspisec::Module
+      # see {Aspisec::Config::DEFAULT_CONFIG} or call {Aspisec::Module::Location#description}.
+      # @return [Location]
+      attr_reader :history
+
+      # see {Aspisec::Config::DEFAULT_CONFIG} or call {Aspisec::Module::Location#description}.
+      # @return [Location]
+      attr_reader :logs
+
+      # see {Aspisec::Config::DEFAULT_CONFIG} or call {Aspisec::Module::Location#description}.
+      # @return [Location]
+      attr_reader :loot
+
+      # see {Aspisec::Config::DEFAULT_CONFIG} or call {Aspisec::Module::Location#description}.
+      # @return [Location]
+      attr_reader :meterpreter
+
+      # Inherits from {Aspisec::Module} but has only the `conf` argument,
+      # `tool_name` is hardcoded for each module.
+      # @param conf [Aspisec::Config] an instance of the global configuration
+      def initialize(conf, logger: nil)
+        super(conf, 'metasploit', logger:)
+        @history = Location.new(@conf, 'history')
+        @logs = Location.new(@conf, 'logs')
+        @loot = Location.new(@conf, 'loot')
+        @meterpreter = Location.new(@conf, 'meterpreter')
+        @locations_list = %w[history logs loot meterpreter]
+      end
+    end
+  end
+end

data/lib-ruby/aspisec/modules/netexec.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+require 'aspisec/module'
+
+module Aspisec
+  module Modules
+    # NetExec module.
+    # Inherits {Aspisec::Module}.
+    # For more examples of methods, see {Aspisec::Modules::Sqlmap}.
+    # @see https://github.com/Pennyw0rth/NetExec
+    # @example
+    #   # Get the global config
+    #   conf = Aspisec::Config.new.conf
+    #   # Create a Netexec module instance
+    #   nxc = Aspisec::Modules::Netexec.new(conf)
+    #   # Locations available
+    #   nxc.locations_list # => ["logs", "screenshots", "workspaces"]
+    class Netexec < Aspisec::Module
+      # see {Aspisec::Config::DEFAULT_CONFIG} or call {Aspisec::Module::Location#description}.
+      # @return [Location]
+      attr_reader :logs
+
+      # see {Aspisec::Config::DEFAULT_CONFIG} or call {Aspisec::Module::Location#description}.
+      # @return [Location]
+      attr_reader :screenshots
+
+      # see {Aspisec::Config::DEFAULT_CONFIG} or call {Aspisec::Module::Location#description}.
+      # @return [Location]
+      attr_reader :workspaces
+
+      # Inherits from {Aspisec::Module} but has only the `conf` argument,
+      # `tool_name` is hardcoded for each module.
+      # @param conf [Aspisec::Config] an instance of the global configuration
+      def initialize(conf, logger: nil)
+        super(conf, 'netexec', logger:)
+        @logs = Location.new(@conf, 'logs')
+        @screenshots = Location.new(@conf, 'screenshots')
+        @workspaces = Location.new(@conf, 'workspaces')
+        @locations_list = %w[logs screenshots workspaces]
+      end
+    end
+  end
+end

data/lib-ruby/aspisec/modules/sqlmap.rb

@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+
+require 'aspisec/module'
+
+module Aspisec
+  module Modules
+    # Sqlmap module.
+    # Inherits {Aspisec::Module}.
+    # @see https://github.com/sqlmapproject/sqlmap
+    # @example
+    #   # Get the global config
+    #   conf = Aspisec::Config.new.conf
+    #   # Create a Sqlmap module instance
+    #   sqlmap = Aspisec::Modules::Sqlmap.new(conf)
+    #   # Generic methods
+    #   sqlmap.name # => "sqlmap"
+    #   sqlmap.conf # => {…}
+    #   sqlmap.enabled? # => true
+    #   sqlmap.base # => #<Pathname:/home/noraj/.local/share/sqlmap>
+    #   sqlmap.locations_list # => ["history", "logs"]
+    #   sqlmap.locations # => [#<Aspisec::Module::Location …>, … ]
+    #   # Custom methods for the feature/file/directory location of Sqlmap to clean
+    #   sqlmap.history # => #<Aspisec::Module::Location …>
+    #   sqlmap.logs # => #<Aspisec::Module::Location …>
+    #   # But those custom locations benefits of generic methods
+    #   sqlmap.history.enabled? # => true
+    #   sqlmap.history.name # => => "history"
+    #   sqlmap.history.description # => "Directory containing…"
+    #   sqlmap.history.path => #<Pathname:/home/noraj/.local/share/sqlmap/history>
+    #   # Since `.path` returns a {Pathname} object, we can use generic {File},
+    #   # {FileTest} methods and some from {Dir} and {FileUtils} as well.
+    #   sqlmap.history.path.exist? # => true
+    #   sqlmap.history.path.file? # => false
+    #   sqlmap.history.path.directory? # => true
+    #   sqlmap.history.path.readable? # => true
+    #   sqlmap.history.path.children # => [#<Pathname:/home/noraj/.local/share/sqlmap/history/os.hst>, #<Pathname:…>]
+    #   sqlmap.history.path.children.first.size # => 10
+    class Sqlmap < Aspisec::Module
+      # see {Aspisec::Config::DEFAULT_CONFIG} or call {Aspisec::Module::Location#description}.
+      # @return [Location]
+      attr_reader :history
+
+      # see {Aspisec::Config::DEFAULT_CONFIG} or call {Aspisec::Module::Location#description}.
+      # @return [Location]
+      attr_reader :logs
+
+      # Inherits from {Aspisec::Module} but has only the `conf` argument,
+      # `tool_name` is hardcoded for each module.
+      # @param conf [Aspisec::Config] an instance of the global configuration
+      def initialize(conf, logger: nil)
+        super(conf, 'sqlmap', logger:)
+        @history = Location.new(@conf, 'history')
+        @logs = Location.new(@conf, 'logs')
+        @locations_list = %w[history logs]
+      end
+    end
+  end
+end

data/lib-ruby/aspisec/modules/theharvester.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+require 'aspisec/module'
+
+module Aspisec
+  module Modules
+    # theHarvester module.
+    # Inherits {Aspisec::Module}.
+    # For more examples of methods, see {Aspisec::Modules::Sqlmap}.
+    # @see https://github.com/laramies/theHarvester
+    # @example
+    #   # Get the global config
+    #   conf = Aspisec::Config.new.conf
+    #   # Create a Theharvester module instance
+    #   th = Aspisec::Modules::Theharvester.new(conf)
+    #   # Locations available
+    #   th.locations_list # => ["stash"]
+    class Theharvester < Aspisec::Module
+      # see {Aspisec::Config::DEFAULT_CONFIG} or call {Aspisec::Module::Location#description}.
+      # @return [Location]
+      attr_reader :stash
+
+      # Inherits from {Aspisec::Module} but has only the `conf` argument,
+      # `tool_name` is hardcoded for each module.
+      # @param conf [Aspisec::Config] an instance of the global configuration
+      def initialize(conf, logger: nil)
+        super(conf, 'theharvester', logger:)
+        @stash = Location.new(@conf, 'stash')
+        @locations_list = %w[stash]
+      end
+    end
+  end
+end

data/lib-ruby/aspisec/modules.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+# require all modules
+Dir[File.join(__dir__, 'modules', '*.rb')].each { |f| require(f) }
+
+module Aspisec
+  # This Ruby module contains all Aspisec modules.
+  # Each Aspisec module is a Ruby class inherinting the Aspisec::Module base class.
+  # The "Modules" module also contains methods to manage all Aspisec modules.
+  module Modules
+    # List all available Aspisec modules
+    # @return [Array<Symbol>] list of symbolized module names
+    # @example
+    #   Aspisec::Modules.list_modules
+    #   # => [:Netexec, :Sqlmap, :Hashcat, :Theharvester, :Crackmapexec, :John, :Metasploit]
+    def self.list_modules
+      Aspisec::Modules.constants.select { |c| Aspisec::Modules.const_get(c) <= Aspisec::Module }
+    end
+
+    # Intanciates all Aspisec modules
+    # @param conf [Aspisec::Config] an instance of the global configuration
+    #   If none is provided, the default config is loaded.
+    # @param logger [TTY::Logger] logger instance. See {Aspisec::Logger}.
+    #   If none is provided, a default logger with log level 2 is created.
+    #   See {Aspisec::Logger::LOG_LEVEL}.
+    # @return [Array<Aspisec::Module>]
+    def self.modules(conf: nil, logger: nil)
+      cnf = conf || Aspisec::Config.new(logger).conf
+      list_modules.map { |c| Aspisec::Modules.const_get(c).new(cnf, logger:) }
+    end
+  end
+end

data/lib-ruby/aspisec/version.rb

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+module Aspisec
+  # Version of aspisec library and app
+  VERSION = '0.0.1'
+end

data/lib-ruby/aspisec.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+require 'aspisec/version'
+
+require 'aspisec/clean'
+require 'aspisec/config'
+require 'aspisec/logger'
+require 'aspisec/modules'

metadata

@@ -0,0 +1,161 @@
+--- !ruby/object:Gem::Specification
+name: aspisec
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Alexandre ZANNI
+autorequire:
+bindir: bin-ruby
+cert_chain: []
+date: 2024-04-08 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '7.1'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 7.1.3.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '7.1'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 7.1.3.2
+- !ruby/object:Gem::Dependency
+  name: docopt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.6'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.6'
+- !ruby/object:Gem::Dependency
+  name: pastel
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.8'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.8'
+- !ruby/object:Gem::Dependency
+  name: tty-logger
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.6'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.6'
+- !ruby/object:Gem::Dependency
+  name: tty-prompt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.23'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.23'
+- !ruby/object:Gem::Dependency
+  name: xdg
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '8.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '8.0'
+description: Vacuuming out the remnants of offensive tools. AspiSec is responsible
+  for removing the traces and confidential information left by offensive security
+  tools on an auditor's computer in various cache and log files.
+email: alexandre.zanni@europe.com
+executables:
+- aspisec
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE
+- bin-ruby/aspisec
+- lib-ruby/aspisec.rb
+- lib-ruby/aspisec/clean.rb
+- lib-ruby/aspisec/config.rb
+- lib-ruby/aspisec/logger.rb
+- lib-ruby/aspisec/module.rb
+- lib-ruby/aspisec/modules.rb
+- lib-ruby/aspisec/modules/crackmapexec.rb
+- lib-ruby/aspisec/modules/hashcat.rb
+- lib-ruby/aspisec/modules/john.rb
+- lib-ruby/aspisec/modules/metasploit.rb
+- lib-ruby/aspisec/modules/netexec.rb
+- lib-ruby/aspisec/modules/sqlmap.rb
+- lib-ruby/aspisec/modules/theharvester.rb
+- lib-ruby/aspisec/version.rb
+homepage: https://acceis.github.io/aspisec/
+licenses:
+- MIT
+metadata:
+  yard.run: yard
+  bug_tracker_uri: https://github.com/acceis/aspisec/issues
+  changelog_uri: https://github.com/acceis/aspisec/blob/master/docs/CHANGELOG.md
+  documentation_uri: https://acceis.github.io/aspisec/
+  homepage_uri: https://acceis.github.io/aspisec/
+  source_code_uri: https://github.com/acceis/aspisec/
+  rubygems_mfa_required: 'true'
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib-ruby
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.1.0
+  - - "<"
+    - !ruby/object:Gem::Version
+      version: '4.0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.5.3
+signing_key:
+specification_version: 4
+summary: Removes the traces left by offensive security tools.
+test_files: []