aspisec 0.0.2 → 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/bin-ruby/aspisec +5 -5
- data/lib-ruby/aspisec/clean.rb +31 -11
- data/lib-ruby/aspisec/config.rb +55 -146
- data/lib-ruby/aspisec/configs/amass.rb +22 -0
- data/lib-ruby/aspisec/configs/bloodhound.rb +27 -0
- data/lib-ruby/aspisec/configs/crackmapexec.rb +28 -0
- data/lib-ruby/aspisec/configs/dbgate.rb +25 -0
- data/lib-ruby/aspisec/configs/ffuf.rb +19 -0
- data/lib-ruby/aspisec/configs/hashcat.rb +33 -0
- data/lib-ruby/aspisec/configs/home_history_files.rb +59 -0
- data/lib-ruby/aspisec/configs/john.rb +26 -0
- data/lib-ruby/aspisec/configs/jwt_tool.rb +19 -0
- data/lib-ruby/aspisec/configs/lsassy.rb +22 -0
- data/lib-ruby/aspisec/configs/manspider.rb +25 -0
- data/lib-ruby/aspisec/configs/metasploit.rb +38 -0
- data/lib-ruby/aspisec/configs/mobsf.rb +30 -0
- data/lib-ruby/aspisec/configs/mongodb_compass.rb +19 -0
- data/lib-ruby/aspisec/configs/mongodb_mongosh.rb +24 -0
- data/lib-ruby/aspisec/configs/ncrack.rb +19 -0
- data/lib-ruby/aspisec/configs/netexec.rb +28 -0
- data/lib-ruby/aspisec/configs/recaf.rb +24 -0
- data/lib-ruby/aspisec/configs/remmina.rb +20 -0
- data/lib-ruby/aspisec/configs/semgrep.rb +22 -0
- data/lib-ruby/aspisec/configs/spiderfoot.rb +24 -0
- data/lib-ruby/aspisec/configs/sqlmap.rb +27 -0
- data/lib-ruby/aspisec/configs/theharvester.rb +19 -0
- data/lib-ruby/aspisec/configs/weevely.rb +31 -0
- data/lib-ruby/aspisec/configs/whatwaf.rb +18 -0
- data/lib-ruby/aspisec/module.rb +35 -0
- data/lib-ruby/aspisec/modules/amass.rb +38 -0
- data/lib-ruby/aspisec/modules/bloodhound.rb +38 -0
- data/lib-ruby/aspisec/modules/dbgate.rb +38 -0
- data/lib-ruby/aspisec/modules/ffuf.rb +33 -0
- data/lib-ruby/aspisec/modules/home_history_files.rb +67 -0
- data/lib-ruby/aspisec/modules/jwt_tool.rb +33 -0
- data/lib-ruby/aspisec/modules/lsassy.rb +38 -0
- data/lib-ruby/aspisec/modules/manspider.rb +38 -0
- data/lib-ruby/aspisec/modules/mobsf.rb +49 -0
- data/lib-ruby/aspisec/modules/mongodb_compass.rb +33 -0
- data/lib-ruby/aspisec/modules/mongodb_mongosh.rb +38 -0
- data/lib-ruby/aspisec/modules/ncrack.rb +33 -0
- data/lib-ruby/aspisec/modules/recaf.rb +38 -0
- data/lib-ruby/aspisec/modules/remmina.rb +34 -0
- data/lib-ruby/aspisec/modules/semgrep.rb +38 -0
- data/lib-ruby/aspisec/modules/spiderfoot.rb +38 -0
- data/lib-ruby/aspisec/modules/weevely.rb +43 -0
- data/lib-ruby/aspisec/modules/whatwaf.rb +33 -0
- data/lib-ruby/aspisec/version.rb +1 -1
- metadata +46 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: dbe0a57b6f1c5229ff19e03f4ae88bcef292252d7d30e432bc7646827b494e8c
|
4
|
+
data.tar.gz: 421810a0cb7d8de592762f67d32111b5be04daf0fbb9f463621f6b128ff17043
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: eb46440a53118318216e8f7bfde559ef8a0e4c40bbfa521dcd55cf02f9669d70aad647500d8faf0316f7d9dfb501cae163321526da9b6d6c39eac9c3d91a5583
|
7
|
+
data.tar.gz: 2835003e81c3a953b2e000ae2551407aae665cf9802d26b02ef37f14a5b9ed17053df8ffbf3bc59be971d73f32bea04e24c3074576c56995104fef093da7f3fd
|
data/bin-ruby/aspisec
CHANGED
@@ -50,12 +50,12 @@ begin
|
|
50
50
|
elsif args['list']
|
51
51
|
Aspisec::Modules.modules.each do |mod|
|
52
52
|
enabled = mod.enabled? ? '✅' : '❌'
|
53
|
-
print "#{enabled} "
|
54
|
-
|
55
|
-
mod.locations.
|
53
|
+
print "#{enabled} : #{paint.decorate(mod.name, :red, :on_black)}".ljust(42)
|
54
|
+
last_index = mod.locations.size - 1
|
55
|
+
mod.locations.each_with_index do |loc, i|
|
56
56
|
enabled = loc.enabled? ? '✅' : '❌'
|
57
|
-
print " #{enabled} "
|
58
|
-
puts
|
57
|
+
print " #{enabled} #{paint.decorate(loc.name, :white, :on_black)}".ljust(27)
|
58
|
+
puts if i == last_index
|
59
59
|
end
|
60
60
|
end
|
61
61
|
end
|
data/lib-ruby/aspisec/clean.rb
CHANGED
@@ -33,7 +33,7 @@ module Aspisec
|
|
33
33
|
puts "——— #{@painter.decorate(location.name, :cyan, :bold)} ———"
|
34
34
|
puts_decorated('Path', location.path.to_s)
|
35
35
|
puts_decorated('Type', file_type(location.path))
|
36
|
-
puts_decorated('Size',
|
36
|
+
puts_decorated('Size', type_size_human(location.path))
|
37
37
|
puts_decorated('Description', location.description) if @describe
|
38
38
|
@prompt.yes?("Do you want to remove #{location.name}?")
|
39
39
|
end
|
@@ -77,26 +77,46 @@ module Aspisec
|
|
77
77
|
Dir[File.join(path, '**', '*')].select { |f| File.file?(f) }.sum { |f| File.size(f) }
|
78
78
|
end
|
79
79
|
|
80
|
-
# Displays the size
|
80
|
+
# Displays the size regardless of whether it is a file or a directory or path containing globbing.
|
81
81
|
# @param path [Pathname]
|
82
|
-
# @return [
|
82
|
+
# @return [Integer] size in bytes or -1 if it's a path with globbing
|
83
83
|
def type_size(path)
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
84
|
+
if path.directory?
|
85
|
+
directory_size(path)
|
86
|
+
elsif path.file?
|
87
|
+
path.size
|
88
|
+
else # for example when the location contains glogging representing multiple files
|
89
|
+
-1
|
90
|
+
end
|
91
|
+
end
|
92
|
+
|
93
|
+
# Displays the size (in human-friendly format with {human_size}) regardless of whether it is a file or a directory.
|
94
|
+
# @param path [Pathname]
|
95
|
+
# @return [String] human-friendly size with the most suitable unit, `empty` is the size is zero or `unknown`
|
96
|
+
# for any other cases
|
97
|
+
def type_size_human(path)
|
98
|
+
size = type_size(path)
|
99
|
+
case size
|
100
|
+
when 0
|
101
|
+
'empty'
|
102
|
+
when -1
|
103
|
+
'unknown'
|
104
|
+
else
|
105
|
+
human_size(size)
|
106
|
+
end
|
90
107
|
end
|
91
108
|
|
92
109
|
# Delete the location regardless of whether it is a file or a directory.
|
93
110
|
# @param path [Pathname]
|
94
111
|
# @return [nil]
|
95
112
|
def type_delete(path)
|
113
|
+
@logger.warn("The current user doesn't have permission to remove #{path}") unless path.writable?
|
96
114
|
if path.directory?
|
97
115
|
path.rmtree
|
98
|
-
|
116
|
+
elsif path.file?
|
99
117
|
path.delete
|
118
|
+
else # for example when the location contains glogging representing multiple files
|
119
|
+
Dir[path].map { |path| Pathname.new(path).delete }
|
100
120
|
end
|
101
121
|
nil
|
102
122
|
end
|
@@ -113,7 +133,7 @@ module Aspisec
|
|
113
133
|
# Handles the deletion mode. It could be automatic or manual cleaning.
|
114
134
|
# @param loc [Aspisec::Module::Location]
|
115
135
|
def delete_mode(loc)
|
116
|
-
return unless loc.enabled? && loc.
|
136
|
+
return unless loc.enabled? && loc.exist?
|
117
137
|
|
118
138
|
if @autoclean
|
119
139
|
delete_location(loc.path)
|
data/lib-ruby/aspisec/config.rb
CHANGED
@@ -1,5 +1,7 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
+
# internal require all configs
|
4
|
+
Dir[File.join(__dir__, 'configs', '*.rb')].each { |f| require(f) }
|
3
5
|
# stdlib
|
4
6
|
require 'yaml'
|
5
7
|
# third-party
|
@@ -12,6 +14,7 @@ module Aspisec
|
|
12
14
|
CONFIG_FILENAME = 'aspisec.config.yaml'
|
13
15
|
DEFAULT_CONFIG = {
|
14
16
|
'aspisec' => {
|
17
|
+
'version' => Aspisec::VERSION,
|
15
18
|
# Auto clean, remove files without asking confirmation
|
16
19
|
'autoclean' => {
|
17
20
|
'enabled' => false
|
@@ -44,152 +47,31 @@ module Aspisec
|
|
44
47
|
}
|
45
48
|
}
|
46
49
|
},
|
47
|
-
'sqlmap' =>
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
'
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
'description' => 'Directory containing log files, secrets, hashes, cleartext passwords etc.'
|
73
|
-
},
|
74
|
-
'screenshots' => {
|
75
|
-
'path' => '<base>/screenshots',
|
76
|
-
'description' => 'Directory where are stored all screenshots taken with the --screenshot option.'
|
77
|
-
},
|
78
|
-
'workspaces' => {
|
79
|
-
'path' => '<base>/workspaces',
|
80
|
-
'description' => "Directory containing workspaces.\n" \
|
81
|
-
'Workspaces contain SQLite databases including users (domain, usernames, password), ' \
|
82
|
-
'shares, hosts, dpapi secrets, etc.'
|
83
|
-
}
|
84
|
-
}
|
85
|
-
},
|
86
|
-
'netexec' => {
|
87
|
-
'enabled' => true,
|
88
|
-
'location' => {
|
89
|
-
'base' => '$HOME/.nxc', # ~/.nxc
|
90
|
-
'logs' => {
|
91
|
-
'path' => '<base>/logs',
|
92
|
-
'description' => 'Directory containing log files, secrets, hashes, cleartext password etc.'
|
93
|
-
},
|
94
|
-
'screenshots' => {
|
95
|
-
'path' => '<base>/screenshots',
|
96
|
-
'description' => 'Directory where are stored all screenshots taken with the --screenshot option.'
|
97
|
-
},
|
98
|
-
'workspaces' => {
|
99
|
-
'path' => '<base>/workspaces',
|
100
|
-
'description' => "Directory containing workspaces.\n" \
|
101
|
-
'Workspaces contain SQLite databases including users (domain, usernames, password), ' \
|
102
|
-
'shares, hosts, dpapi secrets, etc.'
|
103
|
-
}
|
104
|
-
}
|
105
|
-
},
|
106
|
-
'hashcat' => {
|
107
|
-
'enabled' => true,
|
108
|
-
'location' => {
|
109
|
-
'base' => '$XDG_DATA_HOME/hashcat', # ~/.local/share/hashcat
|
110
|
-
#
|
111
|
-
#
|
112
|
-
#
|
113
|
-
'sessions' => {
|
114
|
-
'path' => '<base>/sessions',
|
115
|
-
'enaled' => false,
|
116
|
-
'description' => "Directory containing session related data.\n" \
|
117
|
-
'hashcat.log should not contain any sensible data unless the file name ' \
|
118
|
-
"of a target file is sensible.\n" \
|
119
|
-
'show.log should not contain any sensible data unless the folder name is sensible.'
|
120
|
-
},
|
121
|
-
'potfile' => {
|
122
|
-
'path' => '<base>/hashcat.potfile',
|
123
|
-
'description' => "File containing all cracked hashes.\n" \
|
124
|
-
'Passwords may include enterprize related content or may be easily recognizable.'
|
125
|
-
},
|
126
|
-
'dict_cache' => {
|
127
|
-
'path' => '<base>/hashcat.dictstat2',
|
128
|
-
'enabled' => false,
|
129
|
-
'description' => "File is a cache for dictionaries.\n" \
|
130
|
-
'It should not be sensible unless dict. contain confidential data.'
|
131
|
-
}
|
132
|
-
}
|
133
|
-
},
|
134
|
-
'theharvester' => {
|
135
|
-
'enabled' => true,
|
136
|
-
'location' => {
|
137
|
-
'base' => '$XDG_DATA_HOME/theHarvester', # ~/.local/share/theHarvester
|
138
|
-
#
|
139
|
-
'stash' => {
|
140
|
-
'path' => '<base>/stash.sqlite',
|
141
|
-
'description' => 'File (SQLite DB) containing all the harvested addresses.'
|
142
|
-
}
|
143
|
-
}
|
144
|
-
},
|
145
|
-
'john' => {
|
146
|
-
'enabled' => true,
|
147
|
-
'location' => {
|
148
|
-
'base' => '$HOME/.john', # ~/.john
|
149
|
-
#
|
150
|
-
#
|
151
|
-
'logs' => {
|
152
|
-
'path' => '<base>/john.log',
|
153
|
-
'description' => "File containing the logs of the commands launched.\n" \
|
154
|
-
'Does not contain hashes or passwords but usernames and whole command lines.'
|
155
|
-
},
|
156
|
-
'potfile' => {
|
157
|
-
'path' => '<base>/john.pot',
|
158
|
-
'description' => "File containing all cracked hashes.\n" \
|
159
|
-
'Passwords may include enterprize related content or may be easily recognizable.'
|
160
|
-
}
|
161
|
-
}
|
162
|
-
},
|
163
|
-
'metasploit' => {
|
164
|
-
'enabled' => true,
|
165
|
-
'location' => {
|
166
|
-
'base' => '$HOME/.msf4', # ~/.msf4
|
167
|
-
#
|
168
|
-
#
|
169
|
-
'history' => {
|
170
|
-
'path' => '<base>/history',
|
171
|
-
'description' => "File containing the history of commands used in msf shell.\n" \
|
172
|
-
'It certainly contains username, passwords, hostnames, etc.'
|
173
|
-
},
|
174
|
-
'logs' => {
|
175
|
-
'path' => '<base>/logs',
|
176
|
-
'description' => "Directory containing log files.\n" \
|
177
|
-
"framework.log may contain stacktraces that contain payloads.\n" \
|
178
|
-
"production.log and sessions/ ? (I don't know, empty for me)"
|
179
|
-
},
|
180
|
-
'loot' => {
|
181
|
-
'path' => '<base>/loot',
|
182
|
-
'description' => "Directory containing looted files.\n" \
|
183
|
-
'Those are retrieved clients files.'
|
184
|
-
},
|
185
|
-
'meterpreter' => {
|
186
|
-
'path' => '<base>/meterpreter_history',
|
187
|
-
'description' => "File containing the history of commands used in meterpreter sessions.\n" \
|
188
|
-
"Less sensible than msf shell history but could still contains some file paths, \n" \
|
189
|
-
'for example.'
|
190
|
-
}
|
191
|
-
}
|
192
|
-
}
|
50
|
+
'sqlmap' => Configs::SQLMAP,
|
51
|
+
'crackmapexec' => Configs::CRACKMAPEXEC,
|
52
|
+
'netexec' => Configs::NETEXEC,
|
53
|
+
'hashcat' => Configs::HASHCAT,
|
54
|
+
'theharvester' => Configs::THEHARVESTER,
|
55
|
+
'john' => Configs::JOHN,
|
56
|
+
'metasploit' => Configs::METASPLOIT,
|
57
|
+
'jwt_tool' => Configs::JWT_TOOL,
|
58
|
+
'manspider' => Configs::MANSPIDER,
|
59
|
+
'ncrack' => Configs::NCRACK,
|
60
|
+
'weevely' => Configs::WEEVELY,
|
61
|
+
'spiderfoot' => Configs::SPIDERFOOT,
|
62
|
+
'remmina' => Configs::REMMINA,
|
63
|
+
'mobsf' => Configs::MOBSF,
|
64
|
+
'mongodb-compass' => Configs::MONGODB_COMPASS,
|
65
|
+
'mongodb-mongosh' => Configs::MONGODB_MONGOSH,
|
66
|
+
'lsassy' => Configs::LSASSY,
|
67
|
+
'semgrep' => Configs::SEMGREP,
|
68
|
+
'whatwaf' => Configs::WHATWAF,
|
69
|
+
'amass' => Configs::AMASS,
|
70
|
+
'bloodhound' => Configs::BLOODHOUND,
|
71
|
+
'ffuf' => Configs::FFUF,
|
72
|
+
'recaf' => Configs::RECAF,
|
73
|
+
'dbgate' => Configs::DBGATE,
|
74
|
+
'home-history-files' => Configs::HOME_HISTORY_FILES
|
193
75
|
},
|
194
76
|
'audit' => {
|
195
77
|
'enabled' => false,
|
@@ -223,10 +105,37 @@ module Aspisec
|
|
223
105
|
create_config unless config_exist?
|
224
106
|
# Else load it
|
225
107
|
@conf = load_config
|
108
|
+
# Check the version of the configuration
|
109
|
+
check_version
|
226
110
|
# Replace the path variables / plaholders with real values
|
227
111
|
expand_path_conf!
|
228
112
|
end
|
229
113
|
|
114
|
+
# Comparison between Aspisec tool version and Aspisec configuration version
|
115
|
+
# @return [true|false] true when the tool and configuration version match
|
116
|
+
def check_version
|
117
|
+
version = @conf.dig('aspisec', 'version')
|
118
|
+
matching = true
|
119
|
+
if version.nil?
|
120
|
+
@logger.warn('No version found in the configuration (old version).')
|
121
|
+
matching = false
|
122
|
+
elsif Gem::Version.new(Aspisec::VERSION) > Gem::Version.new(version)
|
123
|
+
message = "The configuration is older (#{version}) than the tool (#{Aspisec::VERSION})." \
|
124
|
+
'Some module or features may be missing.'
|
125
|
+
@logger.warn(message)
|
126
|
+
matching = false
|
127
|
+
elsif Gem::Version.new(Aspisec::VERSION) < Gem::Version.new(version)
|
128
|
+
message = "The configuration is newer (#{version}) than the tool (#{Aspisec::VERSION})." \
|
129
|
+
'You may experience issues.'
|
130
|
+
@logger.warn(message)
|
131
|
+
matching = false
|
132
|
+
end
|
133
|
+
unless matching
|
134
|
+
@logger.warn("\"rm #{config_filepath}\" if you want Aspisec to recreate a default configuration file")
|
135
|
+
end
|
136
|
+
matching
|
137
|
+
end
|
138
|
+
|
230
139
|
# Read and parse (YAML ➡️ Ruby Hash) the config. file
|
231
140
|
# @return [Hash|nil] the corresponding Ruby object parsed from the YAML file
|
232
141
|
# or `nil` if the configuration file doesn't exist
|
@@ -0,0 +1,22 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Aspisec
|
4
|
+
class Config
|
5
|
+
module Configs
|
6
|
+
AMASS = {
|
7
|
+
'enabled' => true,
|
8
|
+
'location' => {
|
9
|
+
'base' => '$XDG_CONFIG_HOME/amass', # ~/.config/amass
|
10
|
+
'logs' => {
|
11
|
+
'path' => '<base>/amass.log',
|
12
|
+
'description' => 'Log file containing the searched domain.'
|
13
|
+
},
|
14
|
+
'database' => {
|
15
|
+
'path' => '<base>/amass.sqlite',
|
16
|
+
'description' => "Database file.\nContains search results."
|
17
|
+
}
|
18
|
+
}
|
19
|
+
}.freeze
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
@@ -0,0 +1,27 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Aspisec
|
4
|
+
class Config
|
5
|
+
module Configs
|
6
|
+
BLOODHOUND = {
|
7
|
+
'enabled' => false,
|
8
|
+
'location' => {
|
9
|
+
'base' => '/var/lib/neo4j',
|
10
|
+
'database' => {
|
11
|
+
'path' => '<base>/data/databases/neo4j',
|
12
|
+
'description' => "Folder containing the database data.\n" \
|
13
|
+
"Data contains all dumped AD objects.\n" \
|
14
|
+
"Bloodhound use default neo4j database.\n" \
|
15
|
+
'⚠ Requires neo4j or root permissions to remove.'
|
16
|
+
},
|
17
|
+
'transactions' => {
|
18
|
+
'path' => '<base>/data/transactions/neo4j',
|
19
|
+
'description' => "Folder containing database transactions.\n" \
|
20
|
+
"Bloodhound use default neo4j database.\n" \
|
21
|
+
'⚠ Requires neo4j or root permissions to remove.'
|
22
|
+
}
|
23
|
+
}
|
24
|
+
}.freeze
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
@@ -0,0 +1,28 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Aspisec
|
4
|
+
class Config
|
5
|
+
module Configs
|
6
|
+
CRACKMAPEXEC = {
|
7
|
+
'enabled' => true,
|
8
|
+
'location' => {
|
9
|
+
'base' => '$HOME/.cme', # ~/.cme
|
10
|
+
'logs' => {
|
11
|
+
'path' => '<base>/logs',
|
12
|
+
'description' => 'Directory containing log files, secrets, hashes, cleartext passwords etc.'
|
13
|
+
},
|
14
|
+
'screenshots' => {
|
15
|
+
'path' => '<base>/screenshots',
|
16
|
+
'description' => 'Directory where are stored all screenshots taken with the --screenshot option.'
|
17
|
+
},
|
18
|
+
'workspaces' => {
|
19
|
+
'path' => '<base>/workspaces',
|
20
|
+
'description' => "Directory containing workspaces.\n" \
|
21
|
+
'Workspaces contain SQLite databases including users (domain, usernames, password), ' \
|
22
|
+
'shares, hosts, dpapi secrets, etc.'
|
23
|
+
}
|
24
|
+
}
|
25
|
+
}.freeze
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
@@ -0,0 +1,25 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Aspisec
|
4
|
+
class Config
|
5
|
+
module Configs
|
6
|
+
DBGATE = {
|
7
|
+
'enabled' => true,
|
8
|
+
'location' => {
|
9
|
+
'base' => '$HOME/.dbgate', # ~/.dbgate
|
10
|
+
'connections' => {
|
11
|
+
'enabled' => false,
|
12
|
+
'path' => '<base>/connections.jsonl',
|
13
|
+
'description' => "File containing connection shortchuts.\n" \
|
14
|
+
'Connection objects contain target domain or IP address.'
|
15
|
+
},
|
16
|
+
'logs' => {
|
17
|
+
'path' => '<base>/logs',
|
18
|
+
'description' => "Logs folder.\n" \
|
19
|
+
"Those log events shouldn't contain customer information but who knows."
|
20
|
+
}
|
21
|
+
}
|
22
|
+
}.freeze
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
@@ -0,0 +1,19 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Aspisec
|
4
|
+
class Config
|
5
|
+
module Configs
|
6
|
+
FFUF = {
|
7
|
+
'enabled' => true,
|
8
|
+
'location' => {
|
9
|
+
'base' => '$XDG_CONFIG_HOME/ffuf', # ~/.config/ffuf
|
10
|
+
'history' => {
|
11
|
+
'path' => '<base>/history',
|
12
|
+
'description' => "Folder containing the history of command options used.\n" \
|
13
|
+
'Those files contain target URL but may also contains secrets in headers.'
|
14
|
+
}
|
15
|
+
}
|
16
|
+
}.freeze
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
@@ -0,0 +1,33 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Aspisec
|
4
|
+
class Config
|
5
|
+
module Configs
|
6
|
+
HASHCAT = {
|
7
|
+
'enabled' => true,
|
8
|
+
'location' => {
|
9
|
+
'base' => '$XDG_DATA_HOME/hashcat', # ~/.local/share/hashcat
|
10
|
+
'sessions' => {
|
11
|
+
'path' => '<base>/sessions',
|
12
|
+
'enaled' => false,
|
13
|
+
'description' => "Directory containing session related data.\n" \
|
14
|
+
'hashcat.log should not contain any sensible data unless the file name ' \
|
15
|
+
"of a target file is sensible.\n" \
|
16
|
+
'show.log should not contain any sensible data unless the folder name is sensible.'
|
17
|
+
},
|
18
|
+
'potfile' => {
|
19
|
+
'path' => '<base>/hashcat.potfile',
|
20
|
+
'description' => "File containing all cracked hashes.\n" \
|
21
|
+
'Passwords may include enterprize related content or may be easily recognizable.'
|
22
|
+
},
|
23
|
+
'dict_cache' => {
|
24
|
+
'path' => '<base>/hashcat.dictstat2',
|
25
|
+
'enabled' => false,
|
26
|
+
'description' => "File is a cache for dictionaries.\n" \
|
27
|
+
'It should not be sensible unless dict. contain confidential data.'
|
28
|
+
}
|
29
|
+
}
|
30
|
+
}.freeze
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
@@ -0,0 +1,59 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Aspisec
|
4
|
+
class Config
|
5
|
+
module Configs
|
6
|
+
HOME_HISTORY_FILES = {
|
7
|
+
'enabled' => true,
|
8
|
+
'location' => {
|
9
|
+
'base' => '$HOME', # ~/
|
10
|
+
'python' => {
|
11
|
+
'path' => '<base>/.python_history',
|
12
|
+
'description' => "Python history file.\n" \
|
13
|
+
'Contains all commands entered in the Python REPL.'
|
14
|
+
},
|
15
|
+
'postgresql' => {
|
16
|
+
'path' => '<base>/.psql_history',
|
17
|
+
'description' => "PostgreSQL history file.\n" \
|
18
|
+
'Contains all commands entered in the PostegreSQL shell.'
|
19
|
+
},
|
20
|
+
'ruby-irb' => {
|
21
|
+
'path' => '<base>/.irb_history',
|
22
|
+
'description' => "Ruby (IRB) hitory file.\n" \
|
23
|
+
'Contains all commands entered in the Ruby REPL.'
|
24
|
+
},
|
25
|
+
'ruby-rdbg' => {
|
26
|
+
'path' => '<base>/.rdbg_history',
|
27
|
+
'description' => "Ruby (rdbg) hitory file.\n" \
|
28
|
+
'Contains all commands entered in the Ruby debugger.'
|
29
|
+
},
|
30
|
+
'redis-cli' => {
|
31
|
+
'path' => '<base>/.rediscli_history',
|
32
|
+
'description' => "Redis CLI history file.\n" \
|
33
|
+
'Contains all commands entered in the redis-cli shell.'
|
34
|
+
},
|
35
|
+
'bash' => {
|
36
|
+
'enabled' => false,
|
37
|
+
'path' => '<base>/.bash_history',
|
38
|
+
'description' => "Bash history file.\n" \
|
39
|
+
'Contains all commands entered in the Bash shell.'
|
40
|
+
},
|
41
|
+
'zsh' => {
|
42
|
+
'enabled' => false,
|
43
|
+
'path' => '<base>/.zsh_history',
|
44
|
+
'description' => "Zsh history file.\n" \
|
45
|
+
'Contains all commands entered in the Zsh shell.'
|
46
|
+
},
|
47
|
+
'zsh-alt' => {
|
48
|
+
'enabled' => false,
|
49
|
+
'path' => '<base>/.histfile',
|
50
|
+
'description' => "Zsh history file.\n" \
|
51
|
+
"Contains all commands entered in the Zsh shell.\n" \
|
52
|
+
'Alternative Zsh history file location set by zsh-newuser-install in HISTFILE ' \
|
53
|
+
'environment variable.'
|
54
|
+
}
|
55
|
+
}
|
56
|
+
}.freeze
|
57
|
+
end
|
58
|
+
end
|
59
|
+
end
|
@@ -0,0 +1,26 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Aspisec
|
4
|
+
class Config
|
5
|
+
module Configs
|
6
|
+
JOHN = {
|
7
|
+
'enabled' => true,
|
8
|
+
'location' => {
|
9
|
+
'base' => '$HOME/.john', # ~/.john
|
10
|
+
#
|
11
|
+
#
|
12
|
+
'logs' => {
|
13
|
+
'path' => '<base>/john.log',
|
14
|
+
'description' => "File containing the logs of the commands launched.\n" \
|
15
|
+
'Does not contain hashes or passwords but usernames and whole command lines.'
|
16
|
+
},
|
17
|
+
'potfile' => {
|
18
|
+
'path' => '<base>/john.pot',
|
19
|
+
'description' => "File containing all cracked hashes.\n" \
|
20
|
+
'Passwords may include enterprize related content or may be easily recognizable.'
|
21
|
+
}
|
22
|
+
}
|
23
|
+
}.freeze
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
@@ -0,0 +1,19 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Aspisec
|
4
|
+
class Config
|
5
|
+
module Configs
|
6
|
+
JWT_TOOL = {
|
7
|
+
'enabled' => true,
|
8
|
+
'location' => {
|
9
|
+
'base' => '$HOME/.jwt_tool', # ~/.jwt_tool
|
10
|
+
'logs' => {
|
11
|
+
'path' => '<base>/logs.txt',
|
12
|
+
'description' => "File containing the logs of the commands launched.\n" \
|
13
|
+
'Contains the JWT for all injections and tamper attemps.'
|
14
|
+
}
|
15
|
+
}
|
16
|
+
}.freeze
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
@@ -0,0 +1,22 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Aspisec
|
4
|
+
class Config
|
5
|
+
module Configs
|
6
|
+
LSASSY = {
|
7
|
+
'enabled' => true,
|
8
|
+
'location' => {
|
9
|
+
'base' => '$XDG_CONFIG_HOME/lsassy', # ~/.config/lsassy
|
10
|
+
'masterkeys' => {
|
11
|
+
'path' => '<base>/masterkeys.txt',
|
12
|
+
'description' => 'File containing master keys retreived from targets.'
|
13
|
+
},
|
14
|
+
'tickets' => {
|
15
|
+
'path' => '<base>/tickets',
|
16
|
+
'description' => 'Folder containing dumped tickets (TGT, TGS) from targets.'
|
17
|
+
}
|
18
|
+
}
|
19
|
+
}.freeze
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
@@ -0,0 +1,25 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Aspisec
|
4
|
+
class Config
|
5
|
+
module Configs
|
6
|
+
MANSPIDER = {
|
7
|
+
'enabled' => true,
|
8
|
+
'location' => {
|
9
|
+
'base' => '$HOME/.manspider', # ~/.manspider
|
10
|
+
'logs' => {
|
11
|
+
'path' => '<base>/logs',
|
12
|
+
'description' => "Directory containing log files.\n" \
|
13
|
+
'Log files contains commands with the password not redacted and the path of all ' \
|
14
|
+
'extracted files.'
|
15
|
+
},
|
16
|
+
'loot' => {
|
17
|
+
'path' => '<base>/loot',
|
18
|
+
'description' => "Directory containing looted files.\n" \
|
19
|
+
'Those are retrieved clients files.'
|
20
|
+
}
|
21
|
+
}
|
22
|
+
}.freeze
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|