aspisec 0.0.2 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 766e59f32c8d0661ea37cc677183ee3e0bc3e844fb8acfd12d3a2420a57b9d13
-  data.tar.gz: 05c24dfb5599dc2c240bc361566deb21adf150827e5f85a75107899a9945a2ca
+  metadata.gz: db59ecafb7c102a11203455aa7f1d1ccbfac7596d0f1530b4557de21e8f5ad06
+  data.tar.gz: d6987cfe9b5ad9108923b9dedaf60269042b5759793ca9d5b23aa11a9a2463dd
 SHA512:
-  metadata.gz: 4b62e8cba7fcf061dec4211525802797bd1c9ae534b7c6a4410363b50c8c8aa8cea589ca450e2b7b7fda16590d73454c1fd82b1c26d44978503ccfe01b4ca0e6
-  data.tar.gz: 005a8aa1c8e48186923f1bb842ee5a521f73c2c902df08663c22b9f55a8e548132ef390d415fd9eaa3de87371a418d8923e207a3ab59a8ce8f6f0f124be7023c
+  metadata.gz: 1365946eb9d604a9d360066ee78667e39098c462c82990130db80a799eeedb9044f6d0c5462d840458c2347a9b163ecf1fdb7b8e465d5cad6e38e45f51ac9a55
+  data.tar.gz: f9aab52c43bb87c353c914032333e86e5cee22649f0c7779d0592a21042ccc858f08cf070119b917f08db78947ef0945c06d688a85be3f499167d7161d52c6af

data/LICENSE

@@ -1,5 +1,6 @@
 MIT License
 
+Copyright (c) 2024 Alexandre ZANNI (independent)
 Copyright (c) 2024 Alexandre ZANNI at ACCEIS
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
@@ -18,4 +19,4 @@ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
+SOFTWARE.

data/bin-ruby/aspisec

@@ -33,8 +33,8 @@ doc = <<~DOCOPT
     aspisec clean
 
   #{paint.decorate('Project:', :red)}
-    #{paint.decorate('source', :underline)} (https://github.com/acceis/aspisec)
-    #{paint.decorate('documentation', :underline)} (https://acceis.github.io/aspisec)
+    #{paint.decorate('source', :underline)} (https://github.com/noraj/aspisec)
+    #{paint.decorate('documentation', :underline)} (https://noraj.github.io/aspisec)
 DOCOPT
 
 begin
@@ -50,12 +50,12 @@ begin
   elsif args['list']
     Aspisec::Modules.modules.each do |mod|
       enabled = mod.enabled? ? '✅' : '❌'
-      print "#{enabled} "
-      puts paint.decorate(mod.name, :red, :on_black)
-      mod.locations.each do |loc|
+      print "#{enabled} : #{paint.decorate(mod.name, :red, :on_black)}".ljust(42)
+      last_index = mod.locations.size - 1
+      mod.locations.each_with_index do |loc, i|
         enabled = loc.enabled? ? '✅' : '❌'
-        print "  #{enabled} "
-        puts paint.decorate(loc.name, :white, :on_black)
+        print "  #{enabled} #{paint.decorate(loc.name, :white, :on_black)}".ljust(27)
+        puts if i == last_index
       end
     end
   end

data/lib-ruby/aspisec/clean.rb

@@ -33,7 +33,7 @@ module Aspisec
       puts "——— #{@painter.decorate(location.name, :cyan, :bold)} ———"
       puts_decorated('Path', location.path.to_s)
       puts_decorated('Type', file_type(location.path))
-      puts_decorated('Size', type_size(location.path))
+      puts_decorated('Size', type_size_human(location.path))
       puts_decorated('Description', location.description) if @describe
       @prompt.yes?("Do you want to remove #{location.name}?")
     end
@@ -77,26 +77,46 @@ module Aspisec
       Dir[File.join(path, '**', '*')].select { |f| File.file?(f) }.sum { |f| File.size(f) }
     end
 
-    # Displays the size (in human-friendly format with {human_size}) regardless of whether it is a file or a directory.
+    # Displays the size regardless of whether it is a file or a directory or path containing globbing.
     # @param path [Pathname]
-    # @return [String] human-friendly size with the most suitable unit, or `empty` is the size is zero
+    # @return [Integer] size in bytes or -1 if it's a path with globbing
     def type_size(path)
-      size = if path.directory?
-               directory_size(path)
-             else
-               path.size
-             end
-      size.zero? ? 'empty' : human_size(size)
+      if path.directory?
+        directory_size(path)
+      elsif path.file?
+        path.size
+      else # for example when the location contains glogging representing multiple files
+        -1
+      end
+    end
+
+    # Displays the size (in human-friendly format with {human_size}) regardless of whether it is a file or a directory.
+    # @param path [Pathname]
+    # @return [String] human-friendly size with the most suitable unit, `empty` is the size is zero or `unknown`
+    #   for any other cases
+    def type_size_human(path)
+      size = type_size(path)
+      case size
+      when 0
+        'empty'
+      when -1
+        'unknown'
+      else
+        human_size(size)
+      end
     end
 
     # Delete the location regardless of whether it is a file or a directory.
     # @param path [Pathname]
     # @return [nil]
     def type_delete(path)
+      @logger.warn("The current user doesn't have permission to remove #{path}") unless path.writable?
       if path.directory?
         path.rmtree
-      else
+      elsif path.file?
         path.delete
+      else # for example when the location contains glogging representing multiple files
+        Dir[path].map { |path| Pathname.new(path).delete }
       end
       nil
     end
@@ -113,7 +133,7 @@ module Aspisec
     # Handles the deletion mode. It could be automatic or manual cleaning.
     # @param loc [Aspisec::Module::Location]
     def delete_mode(loc)
-      return unless loc.enabled? && loc.path.exist?
+      return unless loc.enabled? && loc.exist?
 
       if @autoclean
         delete_location(loc.path)

data/lib-ruby/aspisec/config.rb

@@ -1,8 +1,11 @@
 # frozen_string_literal: true
 
+# internal require all configs
+Dir[File.join(__dir__, 'configs', '*.rb')].each { |f| require(f) }
 # stdlib
 require 'yaml'
 # third-party
+require 'fileutils'
 require 'sxdg'
 require 'tty-logger'
 
@@ -12,6 +15,7 @@ module Aspisec
     CONFIG_FILENAME = 'aspisec.config.yaml'
     DEFAULT_CONFIG = {
       'aspisec' => {
+        'version' => Aspisec::VERSION,
         # Auto clean, remove files without asking confirmation
         'autoclean' => {
           'enabled' => false
@@ -44,152 +48,32 @@ module Aspisec
             }
           }
         },
-        'sqlmap' => {
-          'enabled' => true,
-          'location' => {
-            'base' => '$XDG_DATA_HOME/sqlmap', # ~/.local/share/sqlmap
-            'history' => {
-              'path' => '<base>/history',
-              'description' => "Directory containing history files.\n" \
-                               "os.hst stores system commands entered when using --os-pwn option.\n" \
-                               'sql.hst stores SQL quries entered when using --os-shell option.'
-            },
-            'logs' => {
-              'path' => '<base>/output',
-              'description' => "Directory containing a folder per target.\n" \
-                               "<target>/log contains all successful injection vectors.\n" \
-                               "<target>/session.sqlite contains retrieved data.\n" \
-                               '<target>/target.txt contains target URL + command used.'
-            }
-          }
-        },
-        'crackmapexec' => {
-          'enabled' => true,
-          'location' => {
-            'base' => '$HOME/.cme', # ~/.cme
-            'logs' => {
-              'path' => '<base>/logs',
-              'description' => 'Directory containing log files, secrets, hashes, cleartext passwords etc.'
-            },
-            'screenshots' => {
-              'path' => '<base>/screenshots',
-              'description' => 'Directory where are stored all screenshots taken with the --screenshot option.'
-            },
-            'workspaces' => {
-              'path' => '<base>/workspaces',
-              'description' => "Directory containing workspaces.\n" \
-                               'Workspaces contain SQLite databases including users (domain, usernames, password), ' \
-                               'shares, hosts, dpapi secrets, etc.'
-            }
-          }
-        },
-        'netexec' => {
-          'enabled' => true,
-          'location' => {
-            'base' => '$HOME/.nxc', # ~/.nxc
-            'logs' => {
-              'path' => '<base>/logs',
-              'description' => 'Directory containing log files, secrets, hashes, cleartext password etc.'
-            },
-            'screenshots' => {
-              'path' => '<base>/screenshots',
-              'description' => 'Directory where are stored all screenshots taken with the --screenshot option.'
-            },
-            'workspaces' => {
-              'path' => '<base>/workspaces',
-              'description' => "Directory containing workspaces.\n" \
-                               'Workspaces contain SQLite databases including users (domain, usernames, password), ' \
-                               'shares, hosts, dpapi secrets, etc.'
-            }
-          }
-        },
-        'hashcat' => {
-          'enabled' => true,
-          'location' => {
-            'base' => '$XDG_DATA_HOME/hashcat', # ~/.local/share/hashcat
-            #
-            #
-            #
-            'sessions' => {
-              'path' => '<base>/sessions',
-              'enaled' => false,
-              'description' => "Directory containing session related data.\n" \
-                               'hashcat.log should not contain any sensible data unless the file name ' \
-                               "of a target file is sensible.\n" \
-                               'show.log should not contain any sensible data unless the folder name is sensible.'
-            },
-            'potfile' => {
-              'path' => '<base>/hashcat.potfile',
-              'description' => "File containing all cracked hashes.\n" \
-                               'Passwords may include enterprize related content or may be easily recognizable.'
-            },
-            'dict_cache' => {
-              'path' => '<base>/hashcat.dictstat2',
-              'enabled' => false,
-              'description' => "File is a cache for dictionaries.\n" \
-                               'It should not be sensible unless dict. contain confidential data.'
-            }
-          }
-        },
-        'theharvester' => {
-          'enabled' => true,
-          'location' => {
-            'base' => '$XDG_DATA_HOME/theHarvester', # ~/.local/share/theHarvester
-            #
-            'stash' => {
-              'path' => '<base>/stash.sqlite',
-              'description' => 'File (SQLite DB) containing all the harvested addresses.'
-            }
-          }
-        },
-        'john' => {
-          'enabled' => true,
-          'location' => {
-            'base' => '$HOME/.john', # ~/.john
-            #
-            #
-            'logs' => {
-              'path' => '<base>/john.log',
-              'description' => "File containing the logs of the commands launched.\n" \
-                               'Does not contain hashes or passwords but usernames and whole command lines.'
-            },
-            'potfile' => {
-              'path' => '<base>/john.pot',
-              'description' => "File containing all cracked hashes.\n" \
-                               'Passwords may include enterprize related content or may be easily recognizable.'
-            }
-          }
-        },
-        'metasploit' => {
-          'enabled' => true,
-          'location' => {
-            'base' => '$HOME/.msf4', # ~/.msf4
-            #
-            #
-            'history' => {
-              'path' => '<base>/history',
-              'description' => "File containing the history of commands used in msf shell.\n" \
-                               'It certainly contains username, passwords, hostnames, etc.'
-            },
-            'logs' => {
-              'path' => '<base>/logs',
-              'description' => "Directory containing log files.\n" \
-                               "framework.log may contain stacktraces that contain payloads.\n" \
-                               "production.log and sessions/ ? (I don't know, empty for me)"
-            },
-            'loot' => {
-              'path' => '<base>/loot',
-              'description' => "Directory containing looted files.\n" \
-                               'Those are retrieved clients files.'
-            },
-            'meterpreter' => {
-              'path' => '<base>/meterpreter_history',
-              'description' => "File containing the history of commands used in meterpreter sessions.\n" \
-                               "Less sensible than msf shell history but could still contains some file paths, \n" \
-                               'for example.'
-            }
-          }
-        }
+        'sqlmap' => Configs::SQLMAP,
+        'crackmapexec' => Configs::CRACKMAPEXEC,
+        'netexec' => Configs::NETEXEC,
+        'hashcat' => Configs::HASHCAT,
+        'theharvester' => Configs::THEHARVESTER,
+        'john' => Configs::JOHN,
+        'metasploit' => Configs::METASPLOIT,
+        'jwt_tool' => Configs::JWT_TOOL,
+        'manspider' => Configs::MANSPIDER,
+        'ncrack' => Configs::NCRACK,
+        'weevely' => Configs::WEEVELY,
+        'spiderfoot' => Configs::SPIDERFOOT,
+        'remmina' => Configs::REMMINA,
+        'mobsf' => Configs::MOBSF,
+        'mongodb-compass' => Configs::MONGODB_COMPASS,
+        'mongodb-mongosh' => Configs::MONGODB_MONGOSH,
+        'lsassy' => Configs::LSASSY,
+        'semgrep' => Configs::SEMGREP,
+        'whatwaf' => Configs::WHATWAF,
+        'amass' => Configs::AMASS,
+        'bloodhound' => Configs::BLOODHOUND,
+        'ffuf' => Configs::FFUF,
+        'recaf' => Configs::RECAF,
+        'dbgate' => Configs::DBGATE,
+        'home-history-files' => Configs::HOME_HISTORY_FILES,
+        'filezilla' => Configs::FILEZILLA
       },
       'audit' => {
         'enabled' => false,
@@ -223,10 +107,37 @@ module Aspisec
       create_config unless config_exist?
       # Else load it
       @conf = load_config
+      # Check the version of the configuration
+      check_version
       # Replace the path variables / plaholders with real values
       expand_path_conf!
     end
 
+    # Comparison between Aspisec tool version and Aspisec configuration version
+    # @return [true|false] true when the tool and configuration version match
+    def check_version
+      version = @conf.dig('aspisec', 'version')
+      matching = true
+      if version.nil?
+        @logger.warn('No version found in the configuration (old version).')
+        matching = false
+      elsif Gem::Version.new(Aspisec::VERSION) > Gem::Version.new(version)
+        message = "The configuration is older (#{version}) than the tool (#{Aspisec::VERSION})." \
+                  'Some module or features may be missing.'
+        @logger.warn(message)
+        matching = false
+      elsif Gem::Version.new(Aspisec::VERSION) < Gem::Version.new(version)
+        message = "The configuration is newer (#{version}) than the tool (#{Aspisec::VERSION})." \
+                  'You may experience issues.'
+        @logger.warn(message)
+        matching = false
+      end
+      unless matching
+        @logger.warn("\"rm #{config_filepath}\" if you want Aspisec to recreate a default configuration file")
+      end
+      matching
+    end
+
     # Read and parse (YAML ➡️ Ruby Hash) the config. file
     # @return [Hash|nil] the corresponding Ruby object parsed from the YAML file
     #   or `nil` if the configuration file doesn't exist

data/lib-ruby/aspisec/configs/amass.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module Aspisec
+  class Config
+    module Configs
+      AMASS = {
+        'enabled' => true,
+        'location' => {
+          'base' => '$XDG_CONFIG_HOME/amass', # ~/.config/amass
+          'logs' => {
+            'path' => '<base>/amass.log',
+            'description' => 'Log file containing the searched domain.'
+          },
+          'database' => {
+            'path' => '<base>/amass.sqlite',
+            'description' => "Database file.\nContains search results."
+          }
+        }
+      }.freeze
+    end
+  end
+end

data/lib-ruby/aspisec/configs/bloodhound.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+module Aspisec
+  class Config
+    module Configs
+      BLOODHOUND = {
+        'enabled' => false,
+        'location' => {
+          'base' => '/var/lib/neo4j',
+          'database' => {
+            'path' => '<base>/data/databases/neo4j',
+            'description' => "Folder containing the database data.\n" \
+                             "Data contains all dumped AD objects.\n" \
+                             "Bloodhound use default neo4j database.\n" \
+                             '⚠ Requires neo4j or root permissions to remove.'
+          },
+          'transactions' => {
+            'path' => '<base>/data/transactions/neo4j',
+            'description' => "Folder containing database transactions.\n" \
+                             "Bloodhound use default neo4j database.\n" \
+                             '⚠ Requires neo4j or root permissions to remove.'
+          }
+        }
+      }.freeze
+    end
+  end
+end

data/lib-ruby/aspisec/configs/crackmapexec.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+module Aspisec
+  class Config
+    module Configs
+      CRACKMAPEXEC = {
+        'enabled' => true,
+        'location' => {
+          'base' => '$HOME/.cme', # ~/.cme
+          'logs' => {
+            'path' => '<base>/logs',
+            'description' => 'Directory containing log files, secrets, hashes, cleartext passwords etc.'
+          },
+          'screenshots' => {
+            'path' => '<base>/screenshots',
+            'description' => 'Directory where are stored all screenshots taken with the --screenshot option.'
+          },
+          'workspaces' => {
+            'path' => '<base>/workspaces',
+            'description' => "Directory containing workspaces.\n" \
+                             'Workspaces contain SQLite databases including users (domain, usernames, password), ' \
+                             'shares, hosts, dpapi secrets, etc.'
+          }
+        }
+      }.freeze
+    end
+  end
+end

data/lib-ruby/aspisec/configs/dbgate.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+module Aspisec
+  class Config
+    module Configs
+      DBGATE = {
+        'enabled' => true,
+        'location' => {
+          'base' => '$HOME/.dbgate', # ~/.dbgate
+          'connections' => {
+            'enabled' => false,
+            'path' => '<base>/connections.jsonl',
+            'description' => "File containing connection shortchuts.\n" \
+                             'Connection objects contain target domain or IP address.'
+          },
+          'logs' => {
+            'path' => '<base>/logs',
+            'description' => "Logs folder.\n" \
+                             "Those log events shouldn't contain customer information but who knows."
+          }
+        }
+      }.freeze
+    end
+  end
+end

data/lib-ruby/aspisec/configs/ffuf.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Aspisec
+  class Config
+    module Configs
+      FFUF = {
+        'enabled' => true,
+        'location' => {
+          'base' => '$XDG_CONFIG_HOME/ffuf', # ~/.config/ffuf
+          'history' => {
+            'path' => '<base>/history',
+            'description' => "Folder containing the history of command options used.\n" \
+                             'Those files contain target URL but may also contains secrets in headers.'
+          }
+        }
+      }.freeze
+    end
+  end
+end

data/lib-ruby/aspisec/configs/filezilla.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+module Aspisec
+  class Config
+    module Configs
+      FILEZILLA = {
+        'enabled' => true,
+        'location' => {
+          'base' => '$XDG_CONFIG_HOME/filezilla', # ~/.config/filezilla
+          'connexions' => {
+            'path' => '<base>/sitemanager.xml',
+            'description' => 'Saved connexions settings including passwords.'
+          },
+          'config' => {
+            'enabled' => false,
+            'path' => '<base>/filezilla.xml',
+            'description' => 'Global configuration, contains site names.'
+          },
+          'queue' => {
+            'enabled' => false,
+            'path' => '<base>/queue.sqlite3',
+            'description' => 'Queue of files not downloaded/uploaded yet.'
+          }
+        }
+      }.freeze
+    end
+  end
+end

data/lib-ruby/aspisec/configs/hashcat.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+module Aspisec
+  class Config
+    module Configs
+      HASHCAT = {
+        'enabled' => true,
+        'location' => {
+          'base' => '$XDG_DATA_HOME/hashcat', # ~/.local/share/hashcat
+          'sessions' => {
+            'path' => '<base>/sessions',
+            'enaled' => false,
+            'description' => "Directory containing session related data.\n" \
+                             'hashcat.log should not contain any sensible data unless the file name ' \
+                             "of a target file is sensible.\n" \
+                             'show.log should not contain any sensible data unless the folder name is sensible.'
+          },
+          'potfile' => {
+            'path' => '<base>/hashcat.potfile',
+            'description' => "File containing all cracked hashes.\n" \
+                             'Passwords may include enterprize related content or may be easily recognizable.'
+          },
+          'dict_cache' => {
+            'path' => '<base>/hashcat.dictstat2',
+            'enabled' => false,
+            'description' => "File is a cache for dictionaries.\n" \
+                             'It should not be sensible unless dict. contain confidential data.'
+          }
+        }
+      }.freeze
+    end
+  end
+end

data/lib-ruby/aspisec/configs/home_history_files.rb

@@ -0,0 +1,59 @@
+# frozen_string_literal: true
+
+module Aspisec
+  class Config
+    module Configs
+      HOME_HISTORY_FILES = {
+        'enabled' => true,
+        'location' => {
+          'base' => '$HOME', # ~/
+          'python' => {
+            'path' => '<base>/.python_history',
+            'description' => "Python history file.\n" \
+                             'Contains all commands entered in the Python REPL.'
+          },
+          'postgresql' => {
+            'path' => '<base>/.psql_history',
+            'description' => "PostgreSQL history file.\n" \
+                             'Contains all commands entered in the PostegreSQL shell.'
+          },
+          'ruby-irb' => {
+            'path' => '<base>/.irb_history',
+            'description' => "Ruby (IRB) hitory file.\n" \
+                             'Contains all commands entered in the Ruby REPL.'
+          },
+          'ruby-rdbg' => {
+            'path' => '<base>/.rdbg_history',
+            'description' => "Ruby (rdbg) hitory file.\n" \
+                             'Contains all commands entered in the Ruby debugger.'
+          },
+          'redis-cli' => {
+            'path' => '<base>/.rediscli_history',
+            'description' => "Redis CLI history file.\n" \
+                             'Contains all commands entered in the redis-cli shell.'
+          },
+          'bash' => {
+            'enabled' => false,
+            'path' => '<base>/.bash_history',
+            'description' => "Bash history file.\n" \
+                             'Contains all commands entered in the Bash shell.'
+          },
+          'zsh' => {
+            'enabled' => false,
+            'path' => '<base>/.zsh_history',
+            'description' => "Zsh history file.\n" \
+                             'Contains all commands entered in the Zsh shell.'
+          },
+          'zsh-alt' => {
+            'enabled' => false,
+            'path' => '<base>/.histfile',
+            'description' => "Zsh history file.\n" \
+                             "Contains all commands entered in the Zsh shell.\n" \
+                             'Alternative Zsh history file location set by zsh-newuser-install in HISTFILE ' \
+                             'environment variable.'
+          }
+        }
+      }.freeze
+    end
+  end
+end

data/lib-ruby/aspisec/configs/john.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+module Aspisec
+  class Config
+    module Configs
+      JOHN = {
+        'enabled' => true,
+        'location' => {
+          'base' => '$HOME/.john', # ~/.john
+          'logs' => {
+            'path' => '<base>/john.log',
+            'description' => "File containing the logs of the commands launched.\n" \
+                             'Does not contain hashes or passwords but usernames and whole command lines.'
+          },
+          'potfile' => {
+            'path' => '<base>/john.pot',
+            'description' => "File containing all cracked hashes.\n" \
+                             'Passwords may include enterprize related content or may be easily recognizable.'
+          }
+        }
+      }.freeze
+    end
+  end
+end

data/lib-ruby/aspisec/configs/jwt_tool.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Aspisec
+  class Config
+    module Configs
+      JWT_TOOL = {
+        'enabled' => true,
+        'location' => {
+          'base' => '$HOME/.jwt_tool', # ~/.jwt_tool
+          'logs' => {
+            'path' => '<base>/logs.txt',
+            'description' => "File containing the logs of the commands launched.\n" \
+                             'Contains the JWT for all injections and tamper attemps.'
+          }
+        }
+      }.freeze
+    end
+  end
+end