edr_gen 0.0.4

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: edd9a39f3423323683aec0f19f20d66fdffbcb706d43a24f8be9552cf0565823
+  data.tar.gz: cd191a76e3a64351998a0f5fe9cb40e6a1f7fc5cc416a39744afff0a7e336880
+SHA512:
+  metadata.gz: 5e247c902b674882ccc062868c0a21484685e2a1a667ee2da79f94bfa8752235627df9dc37f3cedcc561354fed1befacee9e9609bfcd60ffe771e87ff7205b7c
+  data.tar.gz: e551c01726306490e64c3e8228cc4eb1e9a575dd27099afbe5ab84c6d399a18c3dbb3f52f2202894508bcce37827ff32dc135adab07b990ca9c11c4308b98719

data/README.md

@@ -0,0 +1,15 @@
+## Configuration
+### Dependencies
+  - Linux or MacOS
+  - Ruby 3.3.0 or higher
+
+### Installation
+  ```bash
+  gem install edr_gen
+  ```
+
+## Usage
+To get a list of available commands, run:
+  ```bash
+  edr_gen help
+  ```

data/bin/edr_gen

@@ -0,0 +1,5 @@
+#!/usr/bin/env ruby
+
+require File.expand_path('../config/initializers/edr_gen_initializer', __dir__)
+
+EdrGen.run(ARGV)

data/config/initializers/edr_gen_initializer.rb

@@ -0,0 +1,17 @@
+# This is the initializer for the edr_gen gem. It requires all initializers and lib files.
+
+# Require all initializers
+current_initializer = File.expand_path(__FILE__)
+Dir[File.join(File.dirname(current_initializer), '**', '*.rb')].each do |file|
+  require file unless File.expand_path(file) == current_initializer
+end
+
+# Require all lib files
+lib_dir = File.expand_path('../../../lib', __FILE__)
+Dir[File.join(lib_dir, '**', '*.rb')].each { |file| require file; }
+
+# Global dependencies
+require 'sys/proctable'
+require 'rainbow'
+require 'yaml'
+require 'httparty'

data/lib/edr_gen/base.rb

@@ -0,0 +1,82 @@
+# frozen_string_literal: true
+
+require 'etc'
+require 'sys/proctable'
+require_relative './../mixins/yaml_logger'
+
+# Base class for EDR Generator
+class EdrGenBase
+  include YamlLogger
+  include Sys
+
+  class EdrGenMissingDependencyError < StandardError; end
+
+  def initialize(args)
+    raise EdrGenMissingDependencyError, "ACTIVITY constant must be defined in the child class" unless defined? self.class::ACTIVITY
+
+    @logger       = YamlLogger
+    @pid          = nil
+    @process_info = {}
+    @path         = args[0]
+    @args         = args[1..-1]
+  end
+
+  private
+
+  attr_accessor :logger, :pid, :process_info, :path, :args
+
+  def execute_process
+    begin
+      @pid = Process.spawn(path, *args)
+
+      return puts Rainbow("  Process not found").color(:red) unless pid
+
+      @process_info = ProcTable.ps(pid:)
+
+      Process.detach(pid)
+    rescue Errno::ENOENT => e
+      puts Rainbow("  Failed to execute command: #{e.message}").color(:red)
+    end
+
+    write_log_entry
+  end
+
+  def common_log_data
+    {
+      timestamp:    process_start_time,                          # Process start time
+      username:     ENV['USER'] || ENV['USERNAME'] || 'Unknown', # User who started the process
+      process_name: process_info&.comm,                          # Process name
+      command_line: process_info&.cmdline,                       # Command line
+      process_id:   process_info&.pid,                           # Process ID
+    }
+  end
+
+  def process_start_time
+    if process_info.respond_to?(:start_tvsec)
+      # macOS
+      seconds      = process_info.start_tvsec
+      microseconds = process_info.start_tvusec || 0
+      Time.at(seconds, microseconds)
+    elsif process_info.respond_to?(:starttime)
+      clock_ticks_per_second = Etc.sysconf(Etc::SC_CLK_TCK)
+      start_time_in_seconds = process_info.starttime.to_f / clock_ticks_per_second
+
+      uptime_seconds = File.read('/proc/uptime').split[0].to_f
+
+      boot_time = Time.now - uptime_seconds
+      process_start_time = boot_time + start_time_in_seconds
+
+      Time.at(process_start_time)
+    else
+      'Unknown'
+    end
+  end
+
+  def write_log_entry
+    if process_info
+      logger.write(activity: self.class::ACTIVITY, data: log_data)
+    else
+      puts Rainbow("  Process not found, no logs have been generated").color(:red)
+    end
+  end
+end

data/lib/edr_gen/create_file.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+class CreateFile < EdrGenBase
+  ACTIVITY = "file_changes"
+
+  def initialize(args)
+    @args = args
+
+    validate_args
+    set_command
+
+    super(@args.slice(0..1))
+  end
+
+  def call
+    puts "  Attempting to create file..."
+    execute_process
+    puts "  File created: #{@args[0]}"
+  end
+
+  private
+
+  def validate_args
+    abort Rainbow("  No filename provided. Please provide a filename.").color(:red) if @args[0].nil?
+  end
+
+  def set_command
+    @args.unshift("touch")
+  end
+
+  def log_data
+    common_log_data.merge({
+      filepath: File.expand_path(@args[0]),
+      activity: "created",
+    })
+  end
+end

data/lib/edr_gen/delete_file.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+class DeleteFile < EdrGenBase
+  ACTIVITY = "file_changes"
+
+  def initialize(args)
+    @filepath = args[0]
+    command   = ["rm #{@filepath}"]
+
+    validate_args
+
+    super(command)
+  end
+
+  def call
+    puts "  Attempting to delete file..."
+    execute_process
+    puts "  File removed: #{@filepath}"
+  end
+
+  private
+
+  def validate_args
+    abort Rainbow("  No filename provided. Please provide a filename.").color(:red) if @filepath.nil?
+    abort Rainbow("  File does not exist. Please provide a valid filename.").color(:red) unless File.exist?(@filepath)
+  end
+
+  def log_data
+    common_log_data.merge({
+      filepath: File.expand_path(@filepath),
+      activity: "deleted",
+    })
+  end
+end

data/lib/edr_gen/foreign_executable.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+# This class is used to run executables that are not part of this program.
+class ForeignExecutable < EdrGenBase
+  ACTIVITY = "process_start"
+
+  def initialize(args)
+    super(args)
+  end
+
+  def call
+    puts "  Executing \"#{path}\" with options: #{args} ..."
+    execute_process
+    puts "  Process started with PID: #{pid}"
+  end
+
+  private
+
+  def log_data
+    common_log_data
+  end
+end

data/lib/edr_gen/modify_file.rb

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+class ModifyFile < EdrGenBase
+  ACTIVITY = "file_changes"
+
+  def initialize(args)
+    @filepath = args[0]
+    @content  = args[1..-1].join(" ")
+    command   = ["echo #{new_content} >> #{filepath}"]
+
+    validate_args
+
+    super(command)
+  end
+
+  def call
+    puts "  Attempting to modify file..."
+    execute_process
+    puts "  File modified: #{filepath}"
+  end
+
+  private
+
+  attr_reader :filepath
+  attr_accessor :content
+
+  def new_content
+    content.empty? ? "default content" : content
+  end
+
+  def validate_args
+    abort Rainbow("  No filename provided. Please provide a filename.").color(:red) if @filepath.nil?
+    abort Rainbow("  File does not exist. Please provide a valid filename.").color(:red) unless File.exist?(@filepath)
+  end
+
+  def log_data
+    common_log_data.merge({
+      filepath: File.expand_path(filepath),
+      activity: "modified",
+    })
+  end
+end

data/lib/edr_gen/tcp_transmit.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+require 'json'
+require 'socket'
+
+# Used to transmit data to an open remote server via a TCP socket connection.
+class TcpTransmit < EdrGenBase
+  ACTIVITY = 'transmit'
+  TIMEOUT = 5
+
+  def initialize(args)
+    super(args)
+
+    @server_host  = args[0] || 'tcpbin.com'
+    @server_port  = args[1] || 4242
+    @data_to_send = args[2..-1]&.join(' ') || 'placeholder data'
+    @process_info = ProcTable.ps(pid: Process.pid)
+  end
+
+  def call
+    puts "  Initiating TCP connection..."
+    connect_and_transmit
+    write_log_entry
+  end
+
+  private
+
+  attr_reader :server_host, :server_port, :data_to_send, :process_info, :bytes_sent, :source, :destination
+
+  def connect_and_transmit
+    Socket.tcp(server_host, server_port, connect_timeout: TIMEOUT) do |socket|
+      @source = "#{socket.local_address.ip_address}:#{socket.local_address.ip_port}"
+      @destination = "#{socket.remote_address.ip_address}:#{socket.remote_address.ip_port}"
+
+      @bytes_sent = socket.write(data_to_send)
+      socket.puts
+      response = socket.gets
+
+      puts Rainbow("  Response: #{response}").green
+    end
+  rescue StandardError => e
+    abort(Rainbow("  An error occurred: #{e.class}: #{e.message}").red)
+  end
+
+  def log_data
+    common_log_data.merge(request_data)
+  end
+
+  def request_data
+    { destination:, source:, data_size: "#{bytes_sent} bytes", protocol: "TCP" }
+  end
+end

data/lib/edr_gen/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module EDRGen
+  VERSION = '0.0.4'
+end

data/lib/edr_gen.rb

@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+
+class EdrGen
+  HELP     = 'help'
+  EXEC     = 'exec'
+  CREATE   = 'create'
+  DELETE   = 'delete'
+  MODIFY   = 'modify'
+  TRANSMIT = 'transmit'
+
+  def self.run(args)
+    new(args).run
+  end
+
+  def initialize(args)
+    @command           = args[0]
+    @command_arguments = args[1..-1]
+  end
+
+  def run
+    case command
+    when HELP
+      help_message
+    when EXEC
+      ForeignExecutable.new(command_arguments).call
+    when CREATE
+      CreateFile.new(command_arguments).call
+    when MODIFY
+      ModifyFile.new(command_arguments).call
+    when DELETE
+      DeleteFile.new(command_arguments).call
+    when TRANSMIT
+      TcpTransmit.new(command_arguments).call
+    else
+      puts "Invalid command. For a list of valid commands, run #{Rainbow("edr_gen help").color(:yellow)}"
+    end
+  end
+
+  private
+
+  attr_reader :command, :command_arguments
+
+  def help_message
+    puts Rainbow(
+      <<-HEREDOC
+        Usage:  edr_gen [command] [options]
+  
+        #{HELP}                         Displays this help message.
+        #{EXEC}     <path> [options]    Runs a foreign executable file with optional arguments.
+        #{CREATE}   <path>              Creates a new file.
+        #{MODIFY}   <path> <content>    Appends content to a file.
+        #{DELETE}   <path>              Deletes a file.
+        #{TRANSMIT} <url> <port> <data> Initiates a simple TCP socket connection and transmits data. 
+                                        Defaults to tcpbin.com:4242 with placeholder data.
+      HEREDOC
+    ).color(:yellow)
+  end
+end

data/lib/mixins/yaml_logger.rb

@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+
+require 'yaml'
+require 'fileutils'
+
+module YamlLogger
+  LOG_DIRECTORY = 'logs'
+
+  def self.write(activity:, data:)
+    ensure_log_directory_exists
+
+    begin
+      File.open(file_path, "a+") do |file|
+        file.puts formatted_entry(activity:, data:).to_yaml
+        puts "  Log entry added to #{File.expand_path(file)}"
+      end
+
+    rescue StandardError => e
+      puts Rainbow("  Failed to write to log file: #{e.message} #{e.backtrace}").color(:red)
+    end
+  end
+
+  private
+
+  def self.ensure_log_directory_exists
+    FileUtils.mkdir_p(LOG_DIRECTORY) unless Dir.exist?(LOG_DIRECTORY)
+  end
+
+  def self.file_path
+    File.join(LOG_DIRECTORY, "#{today}.yml")
+  end
+
+  def self.formatted_entry(activity:, data:)
+    {
+      self.timestamp => {
+        activity => data.transform_keys(&:to_s)
+      }
+    }
+  end
+
+  def self.timestamp
+    Time.now.strftime("%Y-%m-%d:%H:%M:%S")
+  end
+
+  def self.today
+    Time.now.strftime("%Y_%m_%d")
+  end
+end

metadata

@@ -0,0 +1,111 @@
+--- !ruby/object:Gem::Specification
+name: edr_gen
+version: !ruby/object:Gem::Version
+  version: 0.0.4
+platform: ruby
+authors:
+- Jason Loutensock
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2024-09-16 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: sys-proctable
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: rainbow
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: yaml
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+- !ruby/object:Gem::Dependency
+  name: httparty
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.19'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.19'
+description:
+email:
+executables:
+- edr_gen
+extensions: []
+extra_rdoc_files: []
+files:
+- README.md
+- bin/edr_gen
+- config/initializers/edr_gen_initializer.rb
+- lib/edr_gen.rb
+- lib/edr_gen/base.rb
+- lib/edr_gen/create_file.rb
+- lib/edr_gen/delete_file.rb
+- lib/edr_gen/foreign_executable.rb
+- lib/edr_gen/modify_file.rb
+- lib/edr_gen/tcp_transmit.rb
+- lib/edr_gen/version.rb
+- lib/mixins/yaml_logger.rb
+homepage: https://github.com/jasonguyperson/edr_gen
+licenses:
+-
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.3.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.5.18
+signing_key:
+specification_version: 4
+summary: A testing and mixins tool for EDRs
+test_files: []