aspisec 0.0.2 → 0.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 766e59f32c8d0661ea37cc677183ee3e0bc3e844fb8acfd12d3a2420a57b9d13
-  data.tar.gz: 05c24dfb5599dc2c240bc361566deb21adf150827e5f85a75107899a9945a2ca
+  metadata.gz: dbe0a57b6f1c5229ff19e03f4ae88bcef292252d7d30e432bc7646827b494e8c
+  data.tar.gz: 421810a0cb7d8de592762f67d32111b5be04daf0fbb9f463621f6b128ff17043
 SHA512:
-  metadata.gz: 4b62e8cba7fcf061dec4211525802797bd1c9ae534b7c6a4410363b50c8c8aa8cea589ca450e2b7b7fda16590d73454c1fd82b1c26d44978503ccfe01b4ca0e6
-  data.tar.gz: 005a8aa1c8e48186923f1bb842ee5a521f73c2c902df08663c22b9f55a8e548132ef390d415fd9eaa3de87371a418d8923e207a3ab59a8ce8f6f0f124be7023c
+  metadata.gz: eb46440a53118318216e8f7bfde559ef8a0e4c40bbfa521dcd55cf02f9669d70aad647500d8faf0316f7d9dfb501cae163321526da9b6d6c39eac9c3d91a5583
+  data.tar.gz: 2835003e81c3a953b2e000ae2551407aae665cf9802d26b02ef37f14a5b9ed17053df8ffbf3bc59be971d73f32bea04e24c3074576c56995104fef093da7f3fd

data/bin-ruby/aspisec

@@ -50,12 +50,12 @@ begin
   elsif args['list']
     Aspisec::Modules.modules.each do |mod|
       enabled = mod.enabled? ? '✅' : '❌'
-      print "#{enabled} "
-      puts paint.decorate(mod.name, :red, :on_black)
-      mod.locations.each do |loc|
+      print "#{enabled} : #{paint.decorate(mod.name, :red, :on_black)}".ljust(42)
+      last_index = mod.locations.size - 1
+      mod.locations.each_with_index do |loc, i|
         enabled = loc.enabled? ? '✅' : '❌'
-        print "  #{enabled} "
-        puts paint.decorate(loc.name, :white, :on_black)
+        print "  #{enabled} #{paint.decorate(loc.name, :white, :on_black)}".ljust(27)
+        puts if i == last_index
       end
     end
   end

data/lib-ruby/aspisec/clean.rb

@@ -33,7 +33,7 @@ module Aspisec
       puts "——— #{@painter.decorate(location.name, :cyan, :bold)} ———"
       puts_decorated('Path', location.path.to_s)
       puts_decorated('Type', file_type(location.path))
-      puts_decorated('Size', type_size(location.path))
+      puts_decorated('Size', type_size_human(location.path))
       puts_decorated('Description', location.description) if @describe
       @prompt.yes?("Do you want to remove #{location.name}?")
     end
@@ -77,26 +77,46 @@ module Aspisec
       Dir[File.join(path, '**', '*')].select { |f| File.file?(f) }.sum { |f| File.size(f) }
     end
 
-    # Displays the size (in human-friendly format with {human_size}) regardless of whether it is a file or a directory.
+    # Displays the size regardless of whether it is a file or a directory or path containing globbing.
     # @param path [Pathname]
-    # @return [String] human-friendly size with the most suitable unit, or `empty` is the size is zero
+    # @return [Integer] size in bytes or -1 if it's a path with globbing
     def type_size(path)
-      size = if path.directory?
-               directory_size(path)
-             else
-               path.size
-             end
-      size.zero? ? 'empty' : human_size(size)
+      if path.directory?
+        directory_size(path)
+      elsif path.file?
+        path.size
+      else # for example when the location contains glogging representing multiple files
+        -1
+      end
+    end
+
+    # Displays the size (in human-friendly format with {human_size}) regardless of whether it is a file or a directory.
+    # @param path [Pathname]
+    # @return [String] human-friendly size with the most suitable unit, `empty` is the size is zero or `unknown`
+    #   for any other cases
+    def type_size_human(path)
+      size = type_size(path)
+      case size
+      when 0
+        'empty'
+      when -1
+        'unknown'
+      else
+        human_size(size)
+      end
     end
 
     # Delete the location regardless of whether it is a file or a directory.
     # @param path [Pathname]
     # @return [nil]
     def type_delete(path)
+      @logger.warn("The current user doesn't have permission to remove #{path}") unless path.writable?
       if path.directory?
         path.rmtree
-      else
+      elsif path.file?
         path.delete
+      else # for example when the location contains glogging representing multiple files
+        Dir[path].map { |path| Pathname.new(path).delete }
       end
       nil
     end
@@ -113,7 +133,7 @@ module Aspisec
     # Handles the deletion mode. It could be automatic or manual cleaning.
     # @param loc [Aspisec::Module::Location]
     def delete_mode(loc)
-      return unless loc.enabled? && loc.path.exist?
+      return unless loc.enabled? && loc.exist?
 
       if @autoclean
         delete_location(loc.path)

data/lib-ruby/aspisec/config.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+# internal require all configs
+Dir[File.join(__dir__, 'configs', '*.rb')].each { |f| require(f) }
 # stdlib
 require 'yaml'
 # third-party
@@ -12,6 +14,7 @@ module Aspisec
     CONFIG_FILENAME = 'aspisec.config.yaml'
     DEFAULT_CONFIG = {
       'aspisec' => {
+        'version' => Aspisec::VERSION,
         # Auto clean, remove files without asking confirmation
         'autoclean' => {
           'enabled' => false
@@ -44,152 +47,31 @@ module Aspisec
             }
           }
         },
-        'sqlmap' => {
-          'enabled' => true,
-          'location' => {
-            'base' => '$XDG_DATA_HOME/sqlmap', # ~/.local/share/sqlmap
-            'history' => {
-              'path' => '<base>/history',
-              'description' => "Directory containing history files.\n" \
-                               "os.hst stores system commands entered when using --os-pwn option.\n" \
-                               'sql.hst stores SQL quries entered when using --os-shell option.'
-            },
-            'logs' => {
-              'path' => '<base>/output',
-              'description' => "Directory containing a folder per target.\n" \
-                               "<target>/log contains all successful injection vectors.\n" \
-                               "<target>/session.sqlite contains retrieved data.\n" \
-                               '<target>/target.txt contains target URL + command used.'
-            }
-          }
-        },
-        'crackmapexec' => {
-          'enabled' => true,
-          'location' => {
-            'base' => '$HOME/.cme', # ~/.cme
-            'logs' => {
-              'path' => '<base>/logs',
-              'description' => 'Directory containing log files, secrets, hashes, cleartext passwords etc.'
-            },
-            'screenshots' => {
-              'path' => '<base>/screenshots',
-              'description' => 'Directory where are stored all screenshots taken with the --screenshot option.'
-            },
-            'workspaces' => {
-              'path' => '<base>/workspaces',
-              'description' => "Directory containing workspaces.\n" \
-                               'Workspaces contain SQLite databases including users (domain, usernames, password), ' \
-                               'shares, hosts, dpapi secrets, etc.'
-            }
-          }
-        },
-        'netexec' => {
-          'enabled' => true,
-          'location' => {
-            'base' => '$HOME/.nxc', # ~/.nxc
-            'logs' => {
-              'path' => '<base>/logs',
-              'description' => 'Directory containing log files, secrets, hashes, cleartext password etc.'
-            },
-            'screenshots' => {
-              'path' => '<base>/screenshots',
-              'description' => 'Directory where are stored all screenshots taken with the --screenshot option.'
-            },
-            'workspaces' => {
-              'path' => '<base>/workspaces',
-              'description' => "Directory containing workspaces.\n" \
-                               'Workspaces contain SQLite databases including users (domain, usernames, password), ' \
-                               'shares, hosts, dpapi secrets, etc.'
-            }
-          }
-        },
-        'hashcat' => {
-          'enabled' => true,
-          'location' => {
-            'base' => '$XDG_DATA_HOME/hashcat', # ~/.local/share/hashcat
-            #
-            #
-            #
-            'sessions' => {
-              'path' => '<base>/sessions',
-              'enaled' => false,
-              'description' => "Directory containing session related data.\n" \
-                               'hashcat.log should not contain any sensible data unless the file name ' \
-                               "of a target file is sensible.\n" \
-                               'show.log should not contain any sensible data unless the folder name is sensible.'
-            },
-            'potfile' => {
-              'path' => '<base>/hashcat.potfile',
-              'description' => "File containing all cracked hashes.\n" \
-                               'Passwords may include enterprize related content or may be easily recognizable.'
-            },
-            'dict_cache' => {
-              'path' => '<base>/hashcat.dictstat2',
-              'enabled' => false,
-              'description' => "File is a cache for dictionaries.\n" \
-                               'It should not be sensible unless dict. contain confidential data.'
-            }
-          }
-        },
-        'theharvester' => {
-          'enabled' => true,
-          'location' => {
-            'base' => '$XDG_DATA_HOME/theHarvester', # ~/.local/share/theHarvester
-            #
-            'stash' => {
-              'path' => '<base>/stash.sqlite',
-              'description' => 'File (SQLite DB) containing all the harvested addresses.'
-            }
-          }
-        },
-        'john' => {
-          'enabled' => true,
-          'location' => {
-            'base' => '$HOME/.john', # ~/.john
-            #
-            #
-            'logs' => {
-              'path' => '<base>/john.log',
-              'description' => "File containing the logs of the commands launched.\n" \
-                               'Does not contain hashes or passwords but usernames and whole command lines.'
-            },
-            'potfile' => {
-              'path' => '<base>/john.pot',
-              'description' => "File containing all cracked hashes.\n" \
-                               'Passwords may include enterprize related content or may be easily recognizable.'
-            }
-          }
-        },
-        'metasploit' => {
-          'enabled' => true,
-          'location' => {
-            'base' => '$HOME/.msf4', # ~/.msf4
-            #
-            #
-            'history' => {
-              'path' => '<base>/history',
-              'description' => "File containing the history of commands used in msf shell.\n" \
-                               'It certainly contains username, passwords, hostnames, etc.'
-            },
-            'logs' => {
-              'path' => '<base>/logs',
-              'description' => "Directory containing log files.\n" \
-                               "framework.log may contain stacktraces that contain payloads.\n" \
-                               "production.log and sessions/ ? (I don't know, empty for me)"
-            },
-            'loot' => {
-              'path' => '<base>/loot',
-              'description' => "Directory containing looted files.\n" \
-                               'Those are retrieved clients files.'
-            },
-            'meterpreter' => {
-              'path' => '<base>/meterpreter_history',
-              'description' => "File containing the history of commands used in meterpreter sessions.\n" \
-                               "Less sensible than msf shell history but could still contains some file paths, \n" \
-                               'for example.'
-            }
-          }
-        }
+        'sqlmap' => Configs::SQLMAP,
+        'crackmapexec' => Configs::CRACKMAPEXEC,
+        'netexec' => Configs::NETEXEC,
+        'hashcat' => Configs::HASHCAT,
+        'theharvester' => Configs::THEHARVESTER,
+        'john' => Configs::JOHN,
+        'metasploit' => Configs::METASPLOIT,
+        'jwt_tool' => Configs::JWT_TOOL,
+        'manspider' => Configs::MANSPIDER,
+        'ncrack' => Configs::NCRACK,
+        'weevely' => Configs::WEEVELY,
+        'spiderfoot' => Configs::SPIDERFOOT,
+        'remmina' => Configs::REMMINA,
+        'mobsf' => Configs::MOBSF,
+        'mongodb-compass' => Configs::MONGODB_COMPASS,
+        'mongodb-mongosh' => Configs::MONGODB_MONGOSH,
+        'lsassy' => Configs::LSASSY,
+        'semgrep' => Configs::SEMGREP,
+        'whatwaf' => Configs::WHATWAF,
+        'amass' => Configs::AMASS,
+        'bloodhound' => Configs::BLOODHOUND,
+        'ffuf' => Configs::FFUF,
+        'recaf' => Configs::RECAF,
+        'dbgate' => Configs::DBGATE,
+        'home-history-files' => Configs::HOME_HISTORY_FILES
       },
       'audit' => {
         'enabled' => false,
@@ -223,10 +105,37 @@ module Aspisec
       create_config unless config_exist?
       # Else load it
       @conf = load_config
+      # Check the version of the configuration
+      check_version
       # Replace the path variables / plaholders with real values
       expand_path_conf!
     end
 
+    # Comparison between Aspisec tool version and Aspisec configuration version
+    # @return [true|false] true when the tool and configuration version match
+    def check_version
+      version = @conf.dig('aspisec', 'version')
+      matching = true
+      if version.nil?
+        @logger.warn('No version found in the configuration (old version).')
+        matching = false
+      elsif Gem::Version.new(Aspisec::VERSION) > Gem::Version.new(version)
+        message = "The configuration is older (#{version}) than the tool (#{Aspisec::VERSION})." \
+                  'Some module or features may be missing.'
+        @logger.warn(message)
+        matching = false
+      elsif Gem::Version.new(Aspisec::VERSION) < Gem::Version.new(version)
+        message = "The configuration is newer (#{version}) than the tool (#{Aspisec::VERSION})." \
+                  'You may experience issues.'
+        @logger.warn(message)
+        matching = false
+      end
+      unless matching
+        @logger.warn("\"rm #{config_filepath}\" if you want Aspisec to recreate a default configuration file")
+      end
+      matching
+    end
+
     # Read and parse (YAML ➡️ Ruby Hash) the config. file
     # @return [Hash|nil] the corresponding Ruby object parsed from the YAML file
     #   or `nil` if the configuration file doesn't exist

data/lib-ruby/aspisec/configs/amass.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module Aspisec
+  class Config
+    module Configs
+      AMASS = {
+        'enabled' => true,
+        'location' => {
+          'base' => '$XDG_CONFIG_HOME/amass', # ~/.config/amass
+          'logs' => {
+            'path' => '<base>/amass.log',
+            'description' => 'Log file containing the searched domain.'
+          },
+          'database' => {
+            'path' => '<base>/amass.sqlite',
+            'description' => "Database file.\nContains search results."
+          }
+        }
+      }.freeze
+    end
+  end
+end

data/lib-ruby/aspisec/configs/bloodhound.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+module Aspisec
+  class Config
+    module Configs
+      BLOODHOUND = {
+        'enabled' => false,
+        'location' => {
+          'base' => '/var/lib/neo4j',
+          'database' => {
+            'path' => '<base>/data/databases/neo4j',
+            'description' => "Folder containing the database data.\n" \
+                             "Data contains all dumped AD objects.\n" \
+                             "Bloodhound use default neo4j database.\n" \
+                             '⚠ Requires neo4j or root permissions to remove.'
+          },
+          'transactions' => {
+            'path' => '<base>/data/transactions/neo4j',
+            'description' => "Folder containing database transactions.\n" \
+                             "Bloodhound use default neo4j database.\n" \
+                             '⚠ Requires neo4j or root permissions to remove.'
+          }
+        }
+      }.freeze
+    end
+  end
+end

data/lib-ruby/aspisec/configs/crackmapexec.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+module Aspisec
+  class Config
+    module Configs
+      CRACKMAPEXEC = {
+        'enabled' => true,
+        'location' => {
+          'base' => '$HOME/.cme', # ~/.cme
+          'logs' => {
+            'path' => '<base>/logs',
+            'description' => 'Directory containing log files, secrets, hashes, cleartext passwords etc.'
+          },
+          'screenshots' => {
+            'path' => '<base>/screenshots',
+            'description' => 'Directory where are stored all screenshots taken with the --screenshot option.'
+          },
+          'workspaces' => {
+            'path' => '<base>/workspaces',
+            'description' => "Directory containing workspaces.\n" \
+                             'Workspaces contain SQLite databases including users (domain, usernames, password), ' \
+                             'shares, hosts, dpapi secrets, etc.'
+          }
+        }
+      }.freeze
+    end
+  end
+end

data/lib-ruby/aspisec/configs/dbgate.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+module Aspisec
+  class Config
+    module Configs
+      DBGATE = {
+        'enabled' => true,
+        'location' => {
+          'base' => '$HOME/.dbgate', # ~/.dbgate
+          'connections' => {
+            'enabled' => false,
+            'path' => '<base>/connections.jsonl',
+            'description' => "File containing connection shortchuts.\n" \
+                             'Connection objects contain target domain or IP address.'
+          },
+          'logs' => {
+            'path' => '<base>/logs',
+            'description' => "Logs folder.\n" \
+                             "Those log events shouldn't contain customer information but who knows."
+          }
+        }
+      }.freeze
+    end
+  end
+end

data/lib-ruby/aspisec/configs/ffuf.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Aspisec
+  class Config
+    module Configs
+      FFUF = {
+        'enabled' => true,
+        'location' => {
+          'base' => '$XDG_CONFIG_HOME/ffuf', # ~/.config/ffuf
+          'history' => {
+            'path' => '<base>/history',
+            'description' => "Folder containing the history of command options used.\n" \
+                             'Those files contain target URL but may also contains secrets in headers.'
+          }
+        }
+      }.freeze
+    end
+  end
+end

data/lib-ruby/aspisec/configs/hashcat.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+module Aspisec
+  class Config
+    module Configs
+      HASHCAT = {
+        'enabled' => true,
+        'location' => {
+          'base' => '$XDG_DATA_HOME/hashcat', # ~/.local/share/hashcat
+          'sessions' => {
+            'path' => '<base>/sessions',
+            'enaled' => false,
+            'description' => "Directory containing session related data.\n" \
+                             'hashcat.log should not contain any sensible data unless the file name ' \
+                             "of a target file is sensible.\n" \
+                             'show.log should not contain any sensible data unless the folder name is sensible.'
+          },
+          'potfile' => {
+            'path' => '<base>/hashcat.potfile',
+            'description' => "File containing all cracked hashes.\n" \
+                             'Passwords may include enterprize related content or may be easily recognizable.'
+          },
+          'dict_cache' => {
+            'path' => '<base>/hashcat.dictstat2',
+            'enabled' => false,
+            'description' => "File is a cache for dictionaries.\n" \
+                             'It should not be sensible unless dict. contain confidential data.'
+          }
+        }
+      }.freeze
+    end
+  end
+end

data/lib-ruby/aspisec/configs/home_history_files.rb

@@ -0,0 +1,59 @@
+# frozen_string_literal: true
+
+module Aspisec
+  class Config
+    module Configs
+      HOME_HISTORY_FILES = {
+        'enabled' => true,
+        'location' => {
+          'base' => '$HOME', # ~/
+          'python' => {
+            'path' => '<base>/.python_history',
+            'description' => "Python history file.\n" \
+                             'Contains all commands entered in the Python REPL.'
+          },
+          'postgresql' => {
+            'path' => '<base>/.psql_history',
+            'description' => "PostgreSQL history file.\n" \
+                             'Contains all commands entered in the PostegreSQL shell.'
+          },
+          'ruby-irb' => {
+            'path' => '<base>/.irb_history',
+            'description' => "Ruby (IRB) hitory file.\n" \
+                             'Contains all commands entered in the Ruby REPL.'
+          },
+          'ruby-rdbg' => {
+            'path' => '<base>/.rdbg_history',
+            'description' => "Ruby (rdbg) hitory file.\n" \
+                             'Contains all commands entered in the Ruby debugger.'
+          },
+          'redis-cli' => {
+            'path' => '<base>/.rediscli_history',
+            'description' => "Redis CLI history file.\n" \
+                             'Contains all commands entered in the redis-cli shell.'
+          },
+          'bash' => {
+            'enabled' => false,
+            'path' => '<base>/.bash_history',
+            'description' => "Bash history file.\n" \
+                             'Contains all commands entered in the Bash shell.'
+          },
+          'zsh' => {
+            'enabled' => false,
+            'path' => '<base>/.zsh_history',
+            'description' => "Zsh history file.\n" \
+                             'Contains all commands entered in the Zsh shell.'
+          },
+          'zsh-alt' => {
+            'enabled' => false,
+            'path' => '<base>/.histfile',
+            'description' => "Zsh history file.\n" \
+                             "Contains all commands entered in the Zsh shell.\n" \
+                             'Alternative Zsh history file location set by zsh-newuser-install in HISTFILE ' \
+                             'environment variable.'
+          }
+        }
+      }.freeze
+    end
+  end
+end

data/lib-ruby/aspisec/configs/john.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+module Aspisec
+  class Config
+    module Configs
+      JOHN = {
+        'enabled' => true,
+        'location' => {
+          'base' => '$HOME/.john', # ~/.john
+          #
+          #
+          'logs' => {
+            'path' => '<base>/john.log',
+            'description' => "File containing the logs of the commands launched.\n" \
+                             'Does not contain hashes or passwords but usernames and whole command lines.'
+          },
+          'potfile' => {
+            'path' => '<base>/john.pot',
+            'description' => "File containing all cracked hashes.\n" \
+                             'Passwords may include enterprize related content or may be easily recognizable.'
+          }
+        }
+      }.freeze
+    end
+  end
+end

data/lib-ruby/aspisec/configs/jwt_tool.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Aspisec
+  class Config
+    module Configs
+      JWT_TOOL = {
+        'enabled' => true,
+        'location' => {
+          'base' => '$HOME/.jwt_tool', # ~/.jwt_tool
+          'logs' => {
+            'path' => '<base>/logs.txt',
+            'description' => "File containing the logs of the commands launched.\n" \
+                             'Contains the JWT for all injections and tamper attemps.'
+          }
+        }
+      }.freeze
+    end
+  end
+end

data/lib-ruby/aspisec/configs/lsassy.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module Aspisec
+  class Config
+    module Configs
+      LSASSY = {
+        'enabled' => true,
+        'location' => {
+          'base' => '$XDG_CONFIG_HOME/lsassy', # ~/.config/lsassy
+          'masterkeys' => {
+            'path' => '<base>/masterkeys.txt',
+            'description' => 'File containing master keys retreived from targets.'
+          },
+          'tickets' => {
+            'path' => '<base>/tickets',
+            'description' => 'Folder containing dumped tickets (TGT, TGS) from targets.'
+          }
+        }
+      }.freeze
+    end
+  end
+end

data/lib-ruby/aspisec/configs/manspider.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+module Aspisec
+  class Config
+    module Configs
+      MANSPIDER = {
+        'enabled' => true,
+        'location' => {
+          'base' => '$HOME/.manspider', # ~/.manspider
+          'logs' => {
+            'path' => '<base>/logs',
+            'description' => "Directory containing log files.\n" \
+                             'Log files contains commands with the password not redacted and the path of all ' \
+                             'extracted files.'
+          },
+          'loot' => {
+            'path' => '<base>/loot',
+            'description' => "Directory containing looted files.\n" \
+                             'Those are retrieved clients files.'
+          }
+        }
+      }.freeze
+    end
+  end
+end