aspisec 0.0.2 → 0.1.0

data/lib-ruby/aspisec/configs/metasploit.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+module Aspisec
+  class Config
+    module Configs
+      METASPLOIT = {
+        'enabled' => true,
+        'location' => {
+          'base' => '$HOME/.msf4', # ~/.msf4
+          #
+          #
+          'history' => {
+            'path' => '<base>/history',
+            'description' => "File containing the history of commands used in msf shell.\n" \
+                             'It certainly contains username, passwords, hostnames, etc.'
+          },
+          'logs' => {
+            'path' => '<base>/logs',
+            'description' => "Directory containing log files.\n" \
+                             "framework.log may contain stacktraces that contain payloads.\n" \
+                             "production.log and sessions/ ? (I don't know, empty for me)"
+          },
+          'loot' => {
+            'path' => '<base>/loot',
+            'description' => "Directory containing looted files.\n" \
+                             'Those are retrieved clients files.'
+          },
+          'meterpreter' => {
+            'path' => '<base>/meterpreter_history',
+            'description' => "File containing the history of commands used in meterpreter sessions.\n" \
+                             "Less sensible than msf shell history but could still contains some file paths, \n" \
+                             'for example.'
+          }
+        }
+      }.freeze
+    end
+  end
+end

data/lib-ruby/aspisec/configs/mobsf.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module Aspisec
+  class Config
+    module Configs
+      MOBSF = {
+        'enabled' => true,
+        'location' => {
+          'base' => '$HOME/.MobSF', # ~/.MobSF
+          'logs' => {
+            'path' => '<base>/debug.log',
+            'description' => 'Logs file containing at least APK name.'
+          },
+          'downloads' => {
+            'path' => '<base>/downloads',
+            'description' => 'Directory where are stored files extracted from APK or screenshots of the app running.'
+          },
+          'uploads' => {
+            'path' => '<base>/uploads',
+            'description' => 'Directory containing decompressed APKs.'
+          },
+          'database' => {
+            'path' => '<base>/db.sqlite3',
+            'description' => 'Database file containing at least APK name.'
+          }
+        }
+      }.freeze
+    end
+  end
+end

data/lib-ruby/aspisec/configs/mongodb_compass.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Aspisec
+  class Config
+    module Configs
+      MONGODB_COMPASS = {
+        'enabled' => true,
+        'location' => {
+          'base' => '$HOME/.mongodb/compass', # ~/.mongodb/compass
+          'logs' => {
+            'path' => '<base>/*_log.gz',
+            'description' => "Compressed log files.\n" \
+                             'Credentials are redacted but logs still contain IP and port.'
+          }
+        }
+      }.freeze
+    end
+  end
+end

data/lib-ruby/aspisec/configs/mongodb_mongosh.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+module Aspisec
+  class Config
+    module Configs
+      MONGODB_MONGOSH = {
+        'enabled' => true,
+        'location' => {
+          'base' => '$HOME/.mongodb/mongosh', # ~/.mongodb/mongosh
+          'logs' => {
+            'path' => '<base>/*_log',
+            'description' => "Log files.\n" \
+                             'Contain at least information about target (IP, port).'
+          },
+          'history' => {
+            'path' => '<base>/mongosh_repl_history',
+            'description' => "History file.\n" \
+                             'Contain the history of commands typed in mongosh shell.'
+          }
+        }
+      }.freeze
+    end
+  end
+end

data/lib-ruby/aspisec/configs/ncrack.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Aspisec
+  class Config
+    module Configs
+      NCRACK = {
+        'enabled' => true,
+        'location' => {
+          'base' => '$HOME/.ncrack', # ~/.ncrack
+          'restore' => {
+            'path' => '<base>',
+            'description' => "Directory containing retore files to resume a cracking session.\n" \
+                             'Restore files contain the command launch including the username or wordlist used.'
+          }
+        }
+      }.freeze
+    end
+  end
+end

data/lib-ruby/aspisec/configs/netexec.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+module Aspisec
+  class Config
+    module Configs
+      NETEXEC = {
+        'enabled' => true,
+        'location' => {
+          'base' => '$HOME/.nxc', # ~/.nxc
+          'logs' => {
+            'path' => '<base>/logs',
+            'description' => 'Directory containing log files, secrets, hashes, cleartext password etc.'
+          },
+          'screenshots' => {
+            'path' => '<base>/screenshots',
+            'description' => 'Directory where are stored all screenshots taken with the --screenshot option.'
+          },
+          'workspaces' => {
+            'path' => '<base>/workspaces',
+            'description' => "Directory containing workspaces.\n" \
+                             'Workspaces contain SQLite databases including users (domain, usernames, password), ' \
+                             'shares, hosts, dpapi secrets, etc.'
+          }
+        }
+      }.freeze
+    end
+  end
+end

data/lib-ruby/aspisec/configs/recaf.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+module Aspisec
+  class Config
+    module Configs
+      RECAF = {
+        'enabled' => true,
+        'location' => {
+          'base' => '$XDG_CONFIG_HOME/Recaf', # ~/.config/Recaf
+          'classpath' => {
+            'path' => '<base>/classpath',
+            'description' => "Folder containing JARs.\n" \
+                             'Those JARs contain the classpath of previously openned JARs.'
+          },
+          'logs' => {
+            'path' => '<base>/rclog.txt',
+            'description' => "Log file of the last session.\n" \
+                             'Contains class names, file names or commands if openned in CLI mode.'
+          }
+        }
+      }.freeze
+    end
+  end
+end

data/lib-ruby/aspisec/configs/remmina.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+module Aspisec
+  class Config
+    module Configs
+      REMMINA = {
+        'enabled' => true,
+        'location' => {
+          'base' => '$XDG_DATA_HOME/remmina', # ~/.local/share/remmina/
+          'configs' => {
+            'enabled' => false,
+            'path' => '<base>/*.remmina',
+            'description' => "Configuration files for saved targets.\n" \
+                             'It could contain usernames, passwords, IP addresses, target name.'
+          }
+        }
+      }.freeze
+    end
+  end
+end

data/lib-ruby/aspisec/configs/semgrep.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module Aspisec
+  class Config
+    module Configs
+      SEMGREP = {
+        'enabled' => true,
+        'location' => {
+          'base' => '$HOME/.semgrep', # ~/.semgrep
+          'logs1' => {
+            'path' => '<base>/last.log',
+            'description' => 'Logs files containing project path.'
+          },
+          'logs2' => {
+            'path' => '<base>/semgrep.log',
+            'description' => 'Logs files containing project path.'
+          }
+        }
+      }.freeze
+    end
+  end
+end

data/lib-ruby/aspisec/configs/spiderfoot.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+module Aspisec
+  class Config
+    module Configs
+      SPIDERFOOT = {
+        'enabled' => true,
+        'location' => {
+          'base' => '$HOME/.spiderfoot', # ~/.spiderfoot
+          'database' => {
+            'path' => '<base>/spiderfoot.db',
+            'description' => "Database file.\n" \
+                             'It contains target domains in logs and results.'
+          },
+          'logs' => {
+            'path' => '<base>/logs',
+            'description' => "Directory containing debug and errors logs.\n" \
+                             'Logs contain IP addresses of targets.'
+          }
+        }
+      }.freeze
+    end
+  end
+end

data/lib-ruby/aspisec/configs/sqlmap.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+module Aspisec
+  class Config
+    module Configs
+      SQLMAP = {
+        'enabled' => true,
+        'location' => {
+          'base' => '$XDG_DATA_HOME/sqlmap', # ~/.local/share/sqlmap
+          'history' => {
+            'path' => '<base>/history',
+            'description' => "Directory containing history files.\n" \
+                             "os.hst stores system commands entered when using --os-pwn option.\n" \
+                             'sql.hst stores SQL quries entered when using --os-shell option.'
+          },
+          'logs' => {
+            'path' => '<base>/output',
+            'description' => "Directory containing a folder per target.\n" \
+                             "<target>/log contains all successful injection vectors.\n" \
+                             "<target>/session.sqlite contains retrieved data.\n" \
+                             '<target>/target.txt contains target URL + command used.'
+          }
+        }
+      }.freeze
+    end
+  end
+end

data/lib-ruby/aspisec/configs/theharvester.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Aspisec
+  class Config
+    module Configs
+      THEHARVESTER = {
+        'enabled' => true,
+        'location' => {
+          'base' => '$XDG_DATA_HOME/theHarvester', # ~/.local/share/theHarvester
+          #
+          'stash' => {
+            'path' => '<base>/stash.sqlite',
+            'description' => 'File (SQLite DB) containing all the harvested addresses.'
+          }
+        }
+      }.freeze
+    end
+  end
+end

data/lib-ruby/aspisec/configs/weevely.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+module Aspisec
+  class Config
+    module Configs
+      WEEVELY = {
+        'enabled' => true,
+        'location' => {
+          'base' => '$HOME/.weevely', # ~/.weevely
+          'history' => {
+            'path' => '<base>/history',
+            'description' => 'File containing the history of the commands typed on webshells.'
+          },
+          'sessions' => {
+            'path' => '<base>/sessions',
+            'description' => "Directory containing session files.\n" \
+                             'Session files contain URL to webshell, webshell password, extension results, etc.'
+          },
+          'logs' => {
+            'path' => '<base>/weevely.log*',
+            'description' => "Files containing the logs.\n" \
+                             "A log file contains the response to commands executed on the remote machine.\n" \
+                             'As there is a rotation, mutiple log files may exist. The last will be weevely.log ' \
+                             'then the older ones will follow the pattern weevely.log.<number> e.g. weevely.log.1 ' \
+                             'etc.'
+          }
+        }
+      }.freeze
+    end
+  end
+end

data/lib-ruby/aspisec/configs/whatwaf.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module Aspisec
+  class Config
+    module Configs
+      WHATWAF = {
+        'enabled' => true,
+        'location' => {
+          'base' => '$HOME/.whatwaf', # ~/.whatwaf
+          'database' => {
+            'path' => '<base>/whatwaf.sqlite',
+            'description' => 'File (database) containing cached payloads and URLs.'
+          }
+        }
+      }.freeze
+    end
+  end
+end

data/lib-ruby/aspisec/module.rb

@@ -45,11 +45,22 @@ module Aspisec
       @name = tool_name
       @logger.debug("Module #{@name} was loaded", app: @name)
       @conf = conf['tools'][tool_name]
+      check_config
       @base = Pathname.new(@conf.dig('location', 'base'))
       @enabled = @conf.fetch('enabled', true)
       @locations_list = []
     end
 
+    # Raise an issue if the module configuration is missing
+    def check_config
+      return unless @conf.nil?
+
+      message = "Configuration for module #{@name} is missing." \
+                'You may use an old version of the configuration file.'
+      @logger.error(message, app: @name)
+      raise 'Missing configuration for the current module.'
+    end
+
     # Is this module enabled?
     # @return [true|false]
     def enabled?
@@ -98,6 +109,30 @@ module Aspisec
       def enabled?
         @enabled
       end
+
+      # Check if the location exist (weither it's a file, directory or a path contaning globbing so
+      # multiple files / directories).
+      # loc.path.exist? will return false when a path contains globbing as it's not expended,
+      # that's the main reason for creating the loc.exist? helper.
+      # @return [true|false]
+      def exist?
+        return true if path.exist?
+
+        # this case is needed to support globbing
+        candidates = Dir[path].map { |path| Pathname.new(path).exist? }
+        # rubocop:disable Lint/DuplicateBranch
+        # false positive in rubocop rule
+        if candidates.empty? # necessary because [].all? always return true whatever the condition is
+          # this is preventing doing a simple one-liner like
+          # self.path.exist? || Dir[self.path].map { |path| Pathname.new(path).exist? }.all? { |bool| bool == true }
+          false
+        elsif candidates.all? { |bool| bool == true }
+          true
+        else
+          false
+        end
+        # rubocop:enable Lint/DuplicateBranch
+      end
     end
   end
 end

data/lib-ruby/aspisec/modules/amass.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+require 'aspisec/module'
+
+module Aspisec
+  module Modules
+    # Amass module.
+    # Inherits {Aspisec::Module}.
+    # For more examples of methods, see {Aspisec::Modules::Sqlmap}.
+    # @see https://github.com/OWASP/Amass
+    # @example
+    #   # Get the global config
+    #   conf = Aspisec::Config.new.conf
+    #   # Create a Amass module instance
+    #   ama = Aspisec::Modules::Amass.new(conf)
+    #   # Locations available
+    #   ama.locations_list # => ["logs", "database"]
+    class Amass < Aspisec::Module
+      # see {Aspisec::Config::DEFAULT_CONFIG} or call {Aspisec::Module::Location#description}.
+      # @return [Location]
+      attr_reader :logs
+
+      # see {Aspisec::Config::DEFAULT_CONFIG} or call {Aspisec::Module::Location#description}.
+      # @return [Location]
+      attr_reader :database
+
+      # Inherits from {Aspisec::Module} but has only the `conf` argument,
+      # `tool_name` is hardcoded for each module.
+      # @param conf [Aspisec::Config] an instance of the global configuration
+      def initialize(conf, logger: nil)
+        super(conf, 'amass', logger:)
+        @logs = Location.new(@conf, 'logs')
+        @database = Location.new(@conf, 'database')
+        @locations_list = %w[logs database]
+      end
+    end
+  end
+end

data/lib-ruby/aspisec/modules/bloodhound.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+require 'aspisec/module'
+
+module Aspisec
+  module Modules
+    # Bloodhound module.
+    # Inherits {Aspisec::Module}.
+    # For more examples of methods, see {Aspisec::Modules::Sqlmap}.
+    # @see https://github.com/BloodHoundAD/BloodHound
+    # @example
+    #   # Get the global config
+    #   conf = Aspisec::Config.new.conf
+    #   # Create a Bloodhound module instance
+    #   blh = Aspisec::Modules::Bloodhound.new(conf)
+    #   # Locations available
+    #   blh.locations_list # => ["database", "transactions"]
+    class Bloodhound < Aspisec::Module
+      # see {Aspisec::Config::DEFAULT_CONFIG} or call {Aspisec::Module::Location#description}.
+      # @return [Location]
+      attr_reader :database
+
+      # see {Aspisec::Config::DEFAULT_CONFIG} or call {Aspisec::Module::Location#description}.
+      # @return [Location]
+      attr_reader :transactions
+
+      # Inherits from {Aspisec::Module} but has only the `conf` argument,
+      # `tool_name` is hardcoded for each module.
+      # @param conf [Aspisec::Config] an instance of the global configuration
+      def initialize(conf, logger: nil)
+        super(conf, 'bloodhound', logger:)
+        @database = Location.new(@conf, 'database')
+        @transactions = Location.new(@conf, 'transactions')
+        @locations_list = %w[database transactions]
+      end
+    end
+  end
+end

data/lib-ruby/aspisec/modules/dbgate.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+require 'aspisec/module'
+
+module Aspisec
+  module Modules
+    # dbgate module.
+    # Inherits {Aspisec::Module}.
+    # For more examples of methods, see {Aspisec::Modules::Sqlmap}.
+    # @see https://github.com/dbgate/dbgate
+    # @example
+    #   # Get the global config
+    #   conf = Aspisec::Config.new.conf
+    #   # Create a Dbgate module instance
+    #   dbg = Aspisec::Modules::Dbgate.new(conf)
+    #   # Locations available
+    #   dbg.locations_list # => ["connections", "logs"]
+    class Dbgate < Aspisec::Module
+      # see {Aspisec::Config::DEFAULT_CONFIG} or call {Aspisec::Module::Location#description}.
+      # @return [Location]
+      attr_reader :connections
+
+      # see {Aspisec::Config::DEFAULT_CONFIG} or call {Aspisec::Module::Location#description}.
+      # @return [Location]
+      attr_reader :logs
+
+      # Inherits from {Aspisec::Module} but has only the `conf` argument,
+      # `tool_name` is hardcoded for each module.
+      # @param conf [Aspisec::Config] an instance of the global configuration
+      def initialize(conf, logger: nil)
+        super(conf, 'dbgate', logger:)
+        @connections = Location.new(@conf, 'connections')
+        @logs = Location.new(@conf, 'logs')
+        @locations_list = %w[connections logs]
+      end
+    end
+  end
+end

data/lib-ruby/aspisec/modules/ffuf.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+require 'aspisec/module'
+
+module Aspisec
+  module Modules
+    # ffuf module.
+    # Inherits {Aspisec::Module}.
+    # For more examples of methods, see {Aspisec::Modules::Sqlmap}.
+    # @see https://github.com/ffuf/ffuf
+    # @example
+    #   # Get the global config
+    #   conf = Aspisec::Config.new.conf
+    #   # Create a Ffuf module instance
+    #   ffu = Aspisec::Modules::Ffuf.new(conf)
+    #   # Locations available
+    #   ffu.locations_list # => ["history"]
+    class Ffuf < Aspisec::Module
+      # see {Aspisec::Config::DEFAULT_CONFIG} or call {Aspisec::Module::Location#description}.
+      # @return [Location]
+      attr_reader :history
+
+      # Inherits from {Aspisec::Module} but has only the `conf` argument,
+      # `tool_name` is hardcoded for each module.
+      # @param conf [Aspisec::Config] an instance of the global configuration
+      def initialize(conf, logger: nil)
+        super(conf, 'ffuf', logger:)
+        @history = Location.new(@conf, 'history')
+        @locations_list = %w[history]
+      end
+    end
+  end
+end

data/lib-ruby/aspisec/modules/home_history_files.rb

@@ -0,0 +1,67 @@
+# frozen_string_literal: true
+
+require 'aspisec/module'
+
+module Aspisec
+  module Modules
+    # Module for various history files stored in the user home directory.
+    # Inherits {Aspisec::Module}.
+    # For more examples of methods, see {Aspisec::Modules::Sqlmap}.
+    # @example
+    #   # Get the global config
+    #   conf = Aspisec::Config.new.conf
+    #   # Create a HomeHistoryFiles module instance
+    #   hhf = Aspisec::Modules::HomeHistoryFiles.new(conf)
+    #   # Locations available
+    #   hhf.locations_list # => ["python", "postgresql", "ruby_irb", "ruby_rdbg", "redis_cli", "bash", "zsh", "zsh_alt"]
+    class HomeHistoryFiles < Aspisec::Module
+      # see {Aspisec::Config::DEFAULT_CONFIG} or call {Aspisec::Module::Location#description}.
+      # @return [Location]
+      attr_reader :python
+
+      # see {Aspisec::Config::DEFAULT_CONFIG} or call {Aspisec::Module::Location#description}.
+      # @return [Location]
+      attr_reader :postgresql
+
+      # see {Aspisec::Config::DEFAULT_CONFIG} or call {Aspisec::Module::Location#description}.
+      # @return [Location]
+      attr_reader :ruby_irb
+
+      # see {Aspisec::Config::DEFAULT_CONFIG} or call {Aspisec::Module::Location#description}.
+      # @return [Location]
+      attr_reader :ruby_rdbg
+
+      # see {Aspisec::Config::DEFAULT_CONFIG} or call {Aspisec::Module::Location#description}.
+      # @return [Location]
+      attr_reader :redis_cli
+
+      # see {Aspisec::Config::DEFAULT_CONFIG} or call {Aspisec::Module::Location#description}.
+      # @return [Location]
+      attr_reader :bash
+
+      # see {Aspisec::Config::DEFAULT_CONFIG} or call {Aspisec::Module::Location#description}.
+      # @return [Location]
+      attr_reader :zsh
+
+      # see {Aspisec::Config::DEFAULT_CONFIG} or call {Aspisec::Module::Location#description}.
+      # @return [Location]
+      attr_reader :zsh_alt
+
+      # Inherits from {Aspisec::Module} but has only the `conf` argument,
+      # `tool_name` is hardcoded for each module.
+      # @param conf [Aspisec::Config] an instance of the global configuration
+      def initialize(conf, logger: nil)
+        super(conf, 'home-history-files', logger:)
+        @python = Location.new(@conf, 'python')
+        @postgresql = Location.new(@conf, 'postgresql')
+        @ruby_irb = Location.new(@conf, 'ruby-irb')
+        @ruby_rdbg = Location.new(@conf, 'ruby-rdbg')
+        @redis_cli = Location.new(@conf, 'redis-cli')
+        @bash = Location.new(@conf, 'bash')
+        @zsh = Location.new(@conf, 'zsh')
+        @zsh_alt = Location.new(@conf, 'zsh-alt')
+        @locations_list = %w[python postgresql ruby_irb ruby_rdbg redis_cli bash zsh zsh_alt]
+      end
+    end
+  end
+end

data/lib-ruby/aspisec/modules/jwt_tool.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+require 'aspisec/module'
+
+module Aspisec
+  module Modules
+    # jwt_tool module.
+    # Inherits {Aspisec::Module}.
+    # For more examples of methods, see {Aspisec::Modules::Sqlmap}.
+    # @see https://github.com/ticarpi/jwt_tool
+    # @example
+    #   # Get the global config
+    #   conf = Aspisec::Config.new.conf
+    #   # Create a JwtTool module instance
+    #   jwt = Aspisec::Modules::JwtTool.new(conf)
+    #   # Locations available
+    #   jwt.locations_list # => ["logs"]
+    class JwtTool < Aspisec::Module
+      # see {Aspisec::Config::DEFAULT_CONFIG} or call {Aspisec::Module::Location#description}.
+      # @return [Location]
+      attr_reader :logs
+
+      # Inherits from {Aspisec::Module} but has only the `conf` argument,
+      # `tool_name` is hardcoded for each module.
+      # @param conf [Aspisec::Config] an instance of the global configuration
+      def initialize(conf, logger: nil)
+        super(conf, 'jwt_tool', logger:)
+        @logs = Location.new(@conf, 'logs')
+        @locations_list = %w[logs]
+      end
+    end
+  end
+end