@etcsec-com/etc-collector 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (617) hide show
  1. package/.env.example +60 -0
  2. package/.env.test.example +33 -0
  3. package/.github/workflows/ci.yml +83 -0
  4. package/.github/workflows/release.yml +246 -0
  5. package/.prettierrc.json +10 -0
  6. package/CHANGELOG.md +15 -0
  7. package/Dockerfile +57 -0
  8. package/LICENSE +190 -0
  9. package/README.md +194 -0
  10. package/dist/api/controllers/audit.controller.d.ts +21 -0
  11. package/dist/api/controllers/audit.controller.d.ts.map +1 -0
  12. package/dist/api/controllers/audit.controller.js +179 -0
  13. package/dist/api/controllers/audit.controller.js.map +1 -0
  14. package/dist/api/controllers/auth.controller.d.ts +16 -0
  15. package/dist/api/controllers/auth.controller.d.ts.map +1 -0
  16. package/dist/api/controllers/auth.controller.js +146 -0
  17. package/dist/api/controllers/auth.controller.js.map +1 -0
  18. package/dist/api/controllers/export.controller.d.ts +27 -0
  19. package/dist/api/controllers/export.controller.d.ts.map +1 -0
  20. package/dist/api/controllers/export.controller.js +80 -0
  21. package/dist/api/controllers/export.controller.js.map +1 -0
  22. package/dist/api/controllers/health.controller.d.ts +5 -0
  23. package/dist/api/controllers/health.controller.d.ts.map +1 -0
  24. package/dist/api/controllers/health.controller.js +16 -0
  25. package/dist/api/controllers/health.controller.js.map +1 -0
  26. package/dist/api/controllers/jobs.controller.d.ts +13 -0
  27. package/dist/api/controllers/jobs.controller.d.ts.map +1 -0
  28. package/dist/api/controllers/jobs.controller.js +125 -0
  29. package/dist/api/controllers/jobs.controller.js.map +1 -0
  30. package/dist/api/controllers/providers.controller.d.ts +15 -0
  31. package/dist/api/controllers/providers.controller.d.ts.map +1 -0
  32. package/dist/api/controllers/providers.controller.js +112 -0
  33. package/dist/api/controllers/providers.controller.js.map +1 -0
  34. package/dist/api/dto/AuditRequest.dto.d.ts +6 -0
  35. package/dist/api/dto/AuditRequest.dto.d.ts.map +1 -0
  36. package/dist/api/dto/AuditRequest.dto.js +3 -0
  37. package/dist/api/dto/AuditRequest.dto.js.map +1 -0
  38. package/dist/api/dto/AuditResponse.dto.d.ts +17 -0
  39. package/dist/api/dto/AuditResponse.dto.d.ts.map +1 -0
  40. package/dist/api/dto/AuditResponse.dto.js +3 -0
  41. package/dist/api/dto/AuditResponse.dto.js.map +1 -0
  42. package/dist/api/dto/TokenRequest.dto.d.ts +6 -0
  43. package/dist/api/dto/TokenRequest.dto.d.ts.map +1 -0
  44. package/dist/api/dto/TokenRequest.dto.js +3 -0
  45. package/dist/api/dto/TokenRequest.dto.js.map +1 -0
  46. package/dist/api/dto/TokenResponse.dto.d.ts +12 -0
  47. package/dist/api/dto/TokenResponse.dto.d.ts.map +1 -0
  48. package/dist/api/dto/TokenResponse.dto.js +3 -0
  49. package/dist/api/dto/TokenResponse.dto.js.map +1 -0
  50. package/dist/api/middlewares/authenticate.d.ts +12 -0
  51. package/dist/api/middlewares/authenticate.d.ts.map +1 -0
  52. package/dist/api/middlewares/authenticate.js +141 -0
  53. package/dist/api/middlewares/authenticate.js.map +1 -0
  54. package/dist/api/middlewares/errorHandler.d.ts +3 -0
  55. package/dist/api/middlewares/errorHandler.d.ts.map +1 -0
  56. package/dist/api/middlewares/errorHandler.js +30 -0
  57. package/dist/api/middlewares/errorHandler.js.map +1 -0
  58. package/dist/api/middlewares/rateLimit.d.ts +3 -0
  59. package/dist/api/middlewares/rateLimit.d.ts.map +1 -0
  60. package/dist/api/middlewares/rateLimit.js +34 -0
  61. package/dist/api/middlewares/rateLimit.js.map +1 -0
  62. package/dist/api/middlewares/validate.d.ts +4 -0
  63. package/dist/api/middlewares/validate.d.ts.map +1 -0
  64. package/dist/api/middlewares/validate.js +31 -0
  65. package/dist/api/middlewares/validate.js.map +1 -0
  66. package/dist/api/routes/audit.routes.d.ts +5 -0
  67. package/dist/api/routes/audit.routes.d.ts.map +1 -0
  68. package/dist/api/routes/audit.routes.js +24 -0
  69. package/dist/api/routes/audit.routes.js.map +1 -0
  70. package/dist/api/routes/auth.routes.d.ts +6 -0
  71. package/dist/api/routes/auth.routes.d.ts.map +1 -0
  72. package/dist/api/routes/auth.routes.js +22 -0
  73. package/dist/api/routes/auth.routes.js.map +1 -0
  74. package/dist/api/routes/export.routes.d.ts +5 -0
  75. package/dist/api/routes/export.routes.d.ts.map +1 -0
  76. package/dist/api/routes/export.routes.js +16 -0
  77. package/dist/api/routes/export.routes.js.map +1 -0
  78. package/dist/api/routes/health.routes.d.ts +4 -0
  79. package/dist/api/routes/health.routes.d.ts.map +1 -0
  80. package/dist/api/routes/health.routes.js +11 -0
  81. package/dist/api/routes/health.routes.js.map +1 -0
  82. package/dist/api/routes/index.d.ts +10 -0
  83. package/dist/api/routes/index.d.ts.map +1 -0
  84. package/dist/api/routes/index.js +20 -0
  85. package/dist/api/routes/index.js.map +1 -0
  86. package/dist/api/routes/providers.routes.d.ts +5 -0
  87. package/dist/api/routes/providers.routes.d.ts.map +1 -0
  88. package/dist/api/routes/providers.routes.js +13 -0
  89. package/dist/api/routes/providers.routes.js.map +1 -0
  90. package/dist/api/validators/audit.schemas.d.ts +60 -0
  91. package/dist/api/validators/audit.schemas.d.ts.map +1 -0
  92. package/dist/api/validators/audit.schemas.js +55 -0
  93. package/dist/api/validators/audit.schemas.js.map +1 -0
  94. package/dist/api/validators/auth.schemas.d.ts +17 -0
  95. package/dist/api/validators/auth.schemas.d.ts.map +1 -0
  96. package/dist/api/validators/auth.schemas.js +21 -0
  97. package/dist/api/validators/auth.schemas.js.map +1 -0
  98. package/dist/app.d.ts +3 -0
  99. package/dist/app.d.ts.map +1 -0
  100. package/dist/app.js +62 -0
  101. package/dist/app.js.map +1 -0
  102. package/dist/config/config.schema.d.ts +65 -0
  103. package/dist/config/config.schema.d.ts.map +1 -0
  104. package/dist/config/config.schema.js +95 -0
  105. package/dist/config/config.schema.js.map +1 -0
  106. package/dist/config/index.d.ts +4 -0
  107. package/dist/config/index.d.ts.map +1 -0
  108. package/dist/config/index.js +75 -0
  109. package/dist/config/index.js.map +1 -0
  110. package/dist/container.d.ts +47 -0
  111. package/dist/container.d.ts.map +1 -0
  112. package/dist/container.js +137 -0
  113. package/dist/container.js.map +1 -0
  114. package/dist/data/database.d.ts +13 -0
  115. package/dist/data/database.d.ts.map +1 -0
  116. package/dist/data/database.js +68 -0
  117. package/dist/data/database.js.map +1 -0
  118. package/dist/data/jobs/token-cleanup.job.d.ts +23 -0
  119. package/dist/data/jobs/token-cleanup.job.d.ts.map +1 -0
  120. package/dist/data/jobs/token-cleanup.job.js +96 -0
  121. package/dist/data/jobs/token-cleanup.job.js.map +1 -0
  122. package/dist/data/migrations/migration.runner.d.ts +13 -0
  123. package/dist/data/migrations/migration.runner.d.ts.map +1 -0
  124. package/dist/data/migrations/migration.runner.js +136 -0
  125. package/dist/data/migrations/migration.runner.js.map +1 -0
  126. package/dist/data/models/Token.model.d.ts +30 -0
  127. package/dist/data/models/Token.model.d.ts.map +1 -0
  128. package/dist/data/models/Token.model.js +3 -0
  129. package/dist/data/models/Token.model.js.map +1 -0
  130. package/dist/data/repositories/token.repository.d.ts +16 -0
  131. package/dist/data/repositories/token.repository.d.ts.map +1 -0
  132. package/dist/data/repositories/token.repository.js +97 -0
  133. package/dist/data/repositories/token.repository.js.map +1 -0
  134. package/dist/providers/azure/auth.provider.d.ts +5 -0
  135. package/dist/providers/azure/auth.provider.d.ts.map +1 -0
  136. package/dist/providers/azure/auth.provider.js +13 -0
  137. package/dist/providers/azure/auth.provider.js.map +1 -0
  138. package/dist/providers/azure/azure-errors.d.ts +40 -0
  139. package/dist/providers/azure/azure-errors.d.ts.map +1 -0
  140. package/dist/providers/azure/azure-errors.js +121 -0
  141. package/dist/providers/azure/azure-errors.js.map +1 -0
  142. package/dist/providers/azure/azure-retry.d.ts +41 -0
  143. package/dist/providers/azure/azure-retry.d.ts.map +1 -0
  144. package/dist/providers/azure/azure-retry.js +85 -0
  145. package/dist/providers/azure/azure-retry.js.map +1 -0
  146. package/dist/providers/azure/graph-client.d.ts +26 -0
  147. package/dist/providers/azure/graph-client.d.ts.map +1 -0
  148. package/dist/providers/azure/graph-client.js +146 -0
  149. package/dist/providers/azure/graph-client.js.map +1 -0
  150. package/dist/providers/azure/graph.provider.d.ts +23 -0
  151. package/dist/providers/azure/graph.provider.d.ts.map +1 -0
  152. package/dist/providers/azure/graph.provider.js +161 -0
  153. package/dist/providers/azure/graph.provider.js.map +1 -0
  154. package/dist/providers/azure/queries/app.queries.d.ts +6 -0
  155. package/dist/providers/azure/queries/app.queries.d.ts.map +1 -0
  156. package/dist/providers/azure/queries/app.queries.js +9 -0
  157. package/dist/providers/azure/queries/app.queries.js.map +1 -0
  158. package/dist/providers/azure/queries/policy.queries.d.ts +6 -0
  159. package/dist/providers/azure/queries/policy.queries.d.ts.map +1 -0
  160. package/dist/providers/azure/queries/policy.queries.js +9 -0
  161. package/dist/providers/azure/queries/policy.queries.js.map +1 -0
  162. package/dist/providers/azure/queries/user.queries.d.ts +7 -0
  163. package/dist/providers/azure/queries/user.queries.d.ts.map +1 -0
  164. package/dist/providers/azure/queries/user.queries.js +10 -0
  165. package/dist/providers/azure/queries/user.queries.js.map +1 -0
  166. package/dist/providers/interfaces/IGraphProvider.d.ts +31 -0
  167. package/dist/providers/interfaces/IGraphProvider.d.ts.map +1 -0
  168. package/dist/providers/interfaces/IGraphProvider.js +3 -0
  169. package/dist/providers/interfaces/IGraphProvider.js.map +1 -0
  170. package/dist/providers/interfaces/ILDAPProvider.d.ts +37 -0
  171. package/dist/providers/interfaces/ILDAPProvider.d.ts.map +1 -0
  172. package/dist/providers/interfaces/ILDAPProvider.js +3 -0
  173. package/dist/providers/interfaces/ILDAPProvider.js.map +1 -0
  174. package/dist/providers/ldap/acl-parser.d.ts +8 -0
  175. package/dist/providers/ldap/acl-parser.d.ts.map +1 -0
  176. package/dist/providers/ldap/acl-parser.js +157 -0
  177. package/dist/providers/ldap/acl-parser.js.map +1 -0
  178. package/dist/providers/ldap/ad-mappers.d.ts +8 -0
  179. package/dist/providers/ldap/ad-mappers.d.ts.map +1 -0
  180. package/dist/providers/ldap/ad-mappers.js +162 -0
  181. package/dist/providers/ldap/ad-mappers.js.map +1 -0
  182. package/dist/providers/ldap/ldap-client.d.ts +33 -0
  183. package/dist/providers/ldap/ldap-client.d.ts.map +1 -0
  184. package/dist/providers/ldap/ldap-client.js +195 -0
  185. package/dist/providers/ldap/ldap-client.js.map +1 -0
  186. package/dist/providers/ldap/ldap-errors.d.ts +48 -0
  187. package/dist/providers/ldap/ldap-errors.d.ts.map +1 -0
  188. package/dist/providers/ldap/ldap-errors.js +120 -0
  189. package/dist/providers/ldap/ldap-errors.js.map +1 -0
  190. package/dist/providers/ldap/ldap-retry.d.ts +14 -0
  191. package/dist/providers/ldap/ldap-retry.d.ts.map +1 -0
  192. package/dist/providers/ldap/ldap-retry.js +102 -0
  193. package/dist/providers/ldap/ldap-retry.js.map +1 -0
  194. package/dist/providers/ldap/ldap-sanitizer.d.ts +12 -0
  195. package/dist/providers/ldap/ldap-sanitizer.d.ts.map +1 -0
  196. package/dist/providers/ldap/ldap-sanitizer.js +104 -0
  197. package/dist/providers/ldap/ldap-sanitizer.js.map +1 -0
  198. package/dist/providers/ldap/ldap.provider.d.ts +21 -0
  199. package/dist/providers/ldap/ldap.provider.d.ts.map +1 -0
  200. package/dist/providers/ldap/ldap.provider.js +165 -0
  201. package/dist/providers/ldap/ldap.provider.js.map +1 -0
  202. package/dist/providers/ldap/queries/computer.queries.d.ts +6 -0
  203. package/dist/providers/ldap/queries/computer.queries.d.ts.map +1 -0
  204. package/dist/providers/ldap/queries/computer.queries.js +9 -0
  205. package/dist/providers/ldap/queries/computer.queries.js.map +1 -0
  206. package/dist/providers/ldap/queries/group.queries.d.ts +6 -0
  207. package/dist/providers/ldap/queries/group.queries.d.ts.map +1 -0
  208. package/dist/providers/ldap/queries/group.queries.js +9 -0
  209. package/dist/providers/ldap/queries/group.queries.js.map +1 -0
  210. package/dist/providers/ldap/queries/user.queries.d.ts +7 -0
  211. package/dist/providers/ldap/queries/user.queries.d.ts.map +1 -0
  212. package/dist/providers/ldap/queries/user.queries.js +10 -0
  213. package/dist/providers/ldap/queries/user.queries.js.map +1 -0
  214. package/dist/providers/smb/smb.provider.d.ts +68 -0
  215. package/dist/providers/smb/smb.provider.d.ts.map +1 -0
  216. package/dist/providers/smb/smb.provider.js +382 -0
  217. package/dist/providers/smb/smb.provider.js.map +1 -0
  218. package/dist/server.d.ts +2 -0
  219. package/dist/server.d.ts.map +1 -0
  220. package/dist/server.js +44 -0
  221. package/dist/server.js.map +1 -0
  222. package/dist/services/audit/ad-audit.service.d.ts +70 -0
  223. package/dist/services/audit/ad-audit.service.d.ts.map +1 -0
  224. package/dist/services/audit/ad-audit.service.js +1019 -0
  225. package/dist/services/audit/ad-audit.service.js.map +1 -0
  226. package/dist/services/audit/attack-graph.service.d.ts +62 -0
  227. package/dist/services/audit/attack-graph.service.d.ts.map +1 -0
  228. package/dist/services/audit/attack-graph.service.js +702 -0
  229. package/dist/services/audit/attack-graph.service.js.map +1 -0
  230. package/dist/services/audit/audit.service.d.ts +4 -0
  231. package/dist/services/audit/audit.service.d.ts.map +1 -0
  232. package/dist/services/audit/audit.service.js +10 -0
  233. package/dist/services/audit/audit.service.js.map +1 -0
  234. package/dist/services/audit/azure-audit.service.d.ts +37 -0
  235. package/dist/services/audit/azure-audit.service.d.ts.map +1 -0
  236. package/dist/services/audit/azure-audit.service.js +153 -0
  237. package/dist/services/audit/azure-audit.service.js.map +1 -0
  238. package/dist/services/audit/detectors/ad/accounts.detector.d.ts +37 -0
  239. package/dist/services/audit/detectors/ad/accounts.detector.d.ts.map +1 -0
  240. package/dist/services/audit/detectors/ad/accounts.detector.js +881 -0
  241. package/dist/services/audit/detectors/ad/accounts.detector.js.map +1 -0
  242. package/dist/services/audit/detectors/ad/adcs.detector.d.ts +21 -0
  243. package/dist/services/audit/detectors/ad/adcs.detector.d.ts.map +1 -0
  244. package/dist/services/audit/detectors/ad/adcs.detector.js +227 -0
  245. package/dist/services/audit/detectors/ad/adcs.detector.js.map +1 -0
  246. package/dist/services/audit/detectors/ad/advanced.detector.d.ts +63 -0
  247. package/dist/services/audit/detectors/ad/advanced.detector.d.ts.map +1 -0
  248. package/dist/services/audit/detectors/ad/advanced.detector.js +867 -0
  249. package/dist/services/audit/detectors/ad/advanced.detector.js.map +1 -0
  250. package/dist/services/audit/detectors/ad/attack-paths.detector.d.ts +16 -0
  251. package/dist/services/audit/detectors/ad/attack-paths.detector.d.ts.map +1 -0
  252. package/dist/services/audit/detectors/ad/attack-paths.detector.js +369 -0
  253. package/dist/services/audit/detectors/ad/attack-paths.detector.js.map +1 -0
  254. package/dist/services/audit/detectors/ad/compliance.detector.d.ts +28 -0
  255. package/dist/services/audit/detectors/ad/compliance.detector.d.ts.map +1 -0
  256. package/dist/services/audit/detectors/ad/compliance.detector.js +896 -0
  257. package/dist/services/audit/detectors/ad/compliance.detector.js.map +1 -0
  258. package/dist/services/audit/detectors/ad/computers.detector.d.ts +30 -0
  259. package/dist/services/audit/detectors/ad/computers.detector.d.ts.map +1 -0
  260. package/dist/services/audit/detectors/ad/computers.detector.js +799 -0
  261. package/dist/services/audit/detectors/ad/computers.detector.js.map +1 -0
  262. package/dist/services/audit/detectors/ad/gpo.detector.d.ts +17 -0
  263. package/dist/services/audit/detectors/ad/gpo.detector.d.ts.map +1 -0
  264. package/dist/services/audit/detectors/ad/gpo.detector.js +257 -0
  265. package/dist/services/audit/detectors/ad/gpo.detector.js.map +1 -0
  266. package/dist/services/audit/detectors/ad/groups.detector.d.ts +19 -0
  267. package/dist/services/audit/detectors/ad/groups.detector.d.ts.map +1 -0
  268. package/dist/services/audit/detectors/ad/groups.detector.js +488 -0
  269. package/dist/services/audit/detectors/ad/groups.detector.js.map +1 -0
  270. package/dist/services/audit/detectors/ad/index.d.ts +15 -0
  271. package/dist/services/audit/detectors/ad/index.d.ts.map +1 -0
  272. package/dist/services/audit/detectors/ad/index.js +51 -0
  273. package/dist/services/audit/detectors/ad/index.js.map +1 -0
  274. package/dist/services/audit/detectors/ad/kerberos.detector.d.ts +17 -0
  275. package/dist/services/audit/detectors/ad/kerberos.detector.d.ts.map +1 -0
  276. package/dist/services/audit/detectors/ad/kerberos.detector.js +293 -0
  277. package/dist/services/audit/detectors/ad/kerberos.detector.js.map +1 -0
  278. package/dist/services/audit/detectors/ad/monitoring.detector.d.ts +23 -0
  279. package/dist/services/audit/detectors/ad/monitoring.detector.d.ts.map +1 -0
  280. package/dist/services/audit/detectors/ad/monitoring.detector.js +328 -0
  281. package/dist/services/audit/detectors/ad/monitoring.detector.js.map +1 -0
  282. package/dist/services/audit/detectors/ad/network.detector.d.ts +39 -0
  283. package/dist/services/audit/detectors/ad/network.detector.d.ts.map +1 -0
  284. package/dist/services/audit/detectors/ad/network.detector.js +257 -0
  285. package/dist/services/audit/detectors/ad/network.detector.js.map +1 -0
  286. package/dist/services/audit/detectors/ad/password.detector.d.ts +14 -0
  287. package/dist/services/audit/detectors/ad/password.detector.d.ts.map +1 -0
  288. package/dist/services/audit/detectors/ad/password.detector.js +235 -0
  289. package/dist/services/audit/detectors/ad/password.detector.js.map +1 -0
  290. package/dist/services/audit/detectors/ad/permissions.detector.d.ts +20 -0
  291. package/dist/services/audit/detectors/ad/permissions.detector.d.ts.map +1 -0
  292. package/dist/services/audit/detectors/ad/permissions.detector.js +392 -0
  293. package/dist/services/audit/detectors/ad/permissions.detector.js.map +1 -0
  294. package/dist/services/audit/detectors/ad/trusts.detector.d.ts +11 -0
  295. package/dist/services/audit/detectors/ad/trusts.detector.d.ts.map +1 -0
  296. package/dist/services/audit/detectors/ad/trusts.detector.js +186 -0
  297. package/dist/services/audit/detectors/ad/trusts.detector.js.map +1 -0
  298. package/dist/services/audit/detectors/azure/app-security.detector.d.ts +11 -0
  299. package/dist/services/audit/detectors/azure/app-security.detector.d.ts.map +1 -0
  300. package/dist/services/audit/detectors/azure/app-security.detector.js +184 -0
  301. package/dist/services/audit/detectors/azure/app-security.detector.js.map +1 -0
  302. package/dist/services/audit/detectors/azure/conditional-access.detector.d.ts +10 -0
  303. package/dist/services/audit/detectors/azure/conditional-access.detector.d.ts.map +1 -0
  304. package/dist/services/audit/detectors/azure/conditional-access.detector.js +130 -0
  305. package/dist/services/audit/detectors/azure/conditional-access.detector.js.map +1 -0
  306. package/dist/services/audit/detectors/azure/privilege-security.detector.d.ts +8 -0
  307. package/dist/services/audit/detectors/azure/privilege-security.detector.d.ts.map +1 -0
  308. package/dist/services/audit/detectors/azure/privilege-security.detector.js +113 -0
  309. package/dist/services/audit/detectors/azure/privilege-security.detector.js.map +1 -0
  310. package/dist/services/audit/detectors/azure/user-security.detector.d.ts +14 -0
  311. package/dist/services/audit/detectors/azure/user-security.detector.d.ts.map +1 -0
  312. package/dist/services/audit/detectors/azure/user-security.detector.js +198 -0
  313. package/dist/services/audit/detectors/azure/user-security.detector.js.map +1 -0
  314. package/dist/services/audit/detectors/index.d.ts +2 -0
  315. package/dist/services/audit/detectors/index.d.ts.map +1 -0
  316. package/dist/services/audit/detectors/index.js +38 -0
  317. package/dist/services/audit/detectors/index.js.map +1 -0
  318. package/dist/services/audit/response-formatter.d.ts +176 -0
  319. package/dist/services/audit/response-formatter.d.ts.map +1 -0
  320. package/dist/services/audit/response-formatter.js +240 -0
  321. package/dist/services/audit/response-formatter.js.map +1 -0
  322. package/dist/services/audit/scoring.service.d.ts +15 -0
  323. package/dist/services/audit/scoring.service.d.ts.map +1 -0
  324. package/dist/services/audit/scoring.service.js +139 -0
  325. package/dist/services/audit/scoring.service.js.map +1 -0
  326. package/dist/services/auth/crypto.service.d.ts +19 -0
  327. package/dist/services/auth/crypto.service.d.ts.map +1 -0
  328. package/dist/services/auth/crypto.service.js +135 -0
  329. package/dist/services/auth/crypto.service.js.map +1 -0
  330. package/dist/services/auth/errors.d.ts +19 -0
  331. package/dist/services/auth/errors.d.ts.map +1 -0
  332. package/dist/services/auth/errors.js +46 -0
  333. package/dist/services/auth/errors.js.map +1 -0
  334. package/dist/services/auth/token.service.d.ts +41 -0
  335. package/dist/services/auth/token.service.d.ts.map +1 -0
  336. package/dist/services/auth/token.service.js +208 -0
  337. package/dist/services/auth/token.service.js.map +1 -0
  338. package/dist/services/config/config.service.d.ts +6 -0
  339. package/dist/services/config/config.service.d.ts.map +1 -0
  340. package/dist/services/config/config.service.js +64 -0
  341. package/dist/services/config/config.service.js.map +1 -0
  342. package/dist/services/export/export.service.d.ts +28 -0
  343. package/dist/services/export/export.service.d.ts.map +1 -0
  344. package/dist/services/export/export.service.js +28 -0
  345. package/dist/services/export/export.service.js.map +1 -0
  346. package/dist/services/export/formatters/csv.formatter.d.ts +8 -0
  347. package/dist/services/export/formatters/csv.formatter.d.ts.map +1 -0
  348. package/dist/services/export/formatters/csv.formatter.js +46 -0
  349. package/dist/services/export/formatters/csv.formatter.js.map +1 -0
  350. package/dist/services/export/formatters/json.formatter.d.ts +40 -0
  351. package/dist/services/export/formatters/json.formatter.d.ts.map +1 -0
  352. package/dist/services/export/formatters/json.formatter.js +58 -0
  353. package/dist/services/export/formatters/json.formatter.js.map +1 -0
  354. package/dist/services/jobs/azure-job-runner.d.ts +38 -0
  355. package/dist/services/jobs/azure-job-runner.d.ts.map +1 -0
  356. package/dist/services/jobs/azure-job-runner.js +199 -0
  357. package/dist/services/jobs/azure-job-runner.js.map +1 -0
  358. package/dist/services/jobs/index.d.ts +4 -0
  359. package/dist/services/jobs/index.d.ts.map +1 -0
  360. package/dist/services/jobs/index.js +20 -0
  361. package/dist/services/jobs/index.js.map +1 -0
  362. package/dist/services/jobs/job-runner.d.ts +64 -0
  363. package/dist/services/jobs/job-runner.d.ts.map +1 -0
  364. package/dist/services/jobs/job-runner.js +952 -0
  365. package/dist/services/jobs/job-runner.js.map +1 -0
  366. package/dist/services/jobs/job-store.d.ts +27 -0
  367. package/dist/services/jobs/job-store.d.ts.map +1 -0
  368. package/dist/services/jobs/job-store.js +261 -0
  369. package/dist/services/jobs/job-store.js.map +1 -0
  370. package/dist/services/jobs/job.types.d.ts +67 -0
  371. package/dist/services/jobs/job.types.d.ts.map +1 -0
  372. package/dist/services/jobs/job.types.js +36 -0
  373. package/dist/services/jobs/job.types.js.map +1 -0
  374. package/dist/types/ad.types.d.ts +74 -0
  375. package/dist/types/ad.types.d.ts.map +1 -0
  376. package/dist/types/ad.types.js +3 -0
  377. package/dist/types/ad.types.js.map +1 -0
  378. package/dist/types/adcs.types.d.ts +58 -0
  379. package/dist/types/adcs.types.d.ts.map +1 -0
  380. package/dist/types/adcs.types.js +38 -0
  381. package/dist/types/adcs.types.js.map +1 -0
  382. package/dist/types/attack-graph.types.d.ts +135 -0
  383. package/dist/types/attack-graph.types.d.ts.map +1 -0
  384. package/dist/types/attack-graph.types.js +58 -0
  385. package/dist/types/attack-graph.types.js.map +1 -0
  386. package/dist/types/audit.types.d.ts +34 -0
  387. package/dist/types/audit.types.d.ts.map +1 -0
  388. package/dist/types/audit.types.js +3 -0
  389. package/dist/types/audit.types.js.map +1 -0
  390. package/dist/types/azure.types.d.ts +61 -0
  391. package/dist/types/azure.types.d.ts.map +1 -0
  392. package/dist/types/azure.types.js +3 -0
  393. package/dist/types/azure.types.js.map +1 -0
  394. package/dist/types/config.types.d.ts +63 -0
  395. package/dist/types/config.types.d.ts.map +1 -0
  396. package/dist/types/config.types.js +3 -0
  397. package/dist/types/config.types.js.map +1 -0
  398. package/dist/types/error.types.d.ts +33 -0
  399. package/dist/types/error.types.d.ts.map +1 -0
  400. package/dist/types/error.types.js +70 -0
  401. package/dist/types/error.types.js.map +1 -0
  402. package/dist/types/finding.types.d.ts +133 -0
  403. package/dist/types/finding.types.d.ts.map +1 -0
  404. package/dist/types/finding.types.js +3 -0
  405. package/dist/types/finding.types.js.map +1 -0
  406. package/dist/types/gpo.types.d.ts +39 -0
  407. package/dist/types/gpo.types.d.ts.map +1 -0
  408. package/dist/types/gpo.types.js +15 -0
  409. package/dist/types/gpo.types.js.map +1 -0
  410. package/dist/types/token.types.d.ts +26 -0
  411. package/dist/types/token.types.d.ts.map +1 -0
  412. package/dist/types/token.types.js +3 -0
  413. package/dist/types/token.types.js.map +1 -0
  414. package/dist/types/trust.types.d.ts +45 -0
  415. package/dist/types/trust.types.d.ts.map +1 -0
  416. package/dist/types/trust.types.js +71 -0
  417. package/dist/types/trust.types.js.map +1 -0
  418. package/dist/utils/entity-converter.d.ts +17 -0
  419. package/dist/utils/entity-converter.d.ts.map +1 -0
  420. package/dist/utils/entity-converter.js +285 -0
  421. package/dist/utils/entity-converter.js.map +1 -0
  422. package/dist/utils/graph.util.d.ts +66 -0
  423. package/dist/utils/graph.util.d.ts.map +1 -0
  424. package/dist/utils/graph.util.js +382 -0
  425. package/dist/utils/graph.util.js.map +1 -0
  426. package/dist/utils/logger.d.ts +7 -0
  427. package/dist/utils/logger.d.ts.map +1 -0
  428. package/dist/utils/logger.js +86 -0
  429. package/dist/utils/logger.js.map +1 -0
  430. package/dist/utils/type-name-normalizer.d.ts +5 -0
  431. package/dist/utils/type-name-normalizer.d.ts.map +1 -0
  432. package/dist/utils/type-name-normalizer.js +218 -0
  433. package/dist/utils/type-name-normalizer.js.map +1 -0
  434. package/docker-compose.yml +26 -0
  435. package/docs/api/README.md +178 -0
  436. package/docs/api/openapi.yaml +1524 -0
  437. package/eslint.config.js +54 -0
  438. package/jest.config.js +38 -0
  439. package/package.json +97 -0
  440. package/scripts/fetch-ad-cert.sh +142 -0
  441. package/src/.gitkeep +0 -0
  442. package/src/api/.gitkeep +0 -0
  443. package/src/api/controllers/.gitkeep +0 -0
  444. package/src/api/controllers/audit.controller.ts +313 -0
  445. package/src/api/controllers/auth.controller.ts +258 -0
  446. package/src/api/controllers/export.controller.ts +153 -0
  447. package/src/api/controllers/health.controller.ts +16 -0
  448. package/src/api/controllers/jobs.controller.ts +187 -0
  449. package/src/api/controllers/providers.controller.ts +165 -0
  450. package/src/api/dto/.gitkeep +0 -0
  451. package/src/api/dto/AuditRequest.dto.ts +8 -0
  452. package/src/api/dto/AuditResponse.dto.ts +19 -0
  453. package/src/api/dto/TokenRequest.dto.ts +8 -0
  454. package/src/api/dto/TokenResponse.dto.ts +14 -0
  455. package/src/api/middlewares/.gitkeep +0 -0
  456. package/src/api/middlewares/authenticate.ts +203 -0
  457. package/src/api/middlewares/errorHandler.ts +54 -0
  458. package/src/api/middlewares/rateLimit.ts +35 -0
  459. package/src/api/middlewares/validate.ts +32 -0
  460. package/src/api/routes/.gitkeep +0 -0
  461. package/src/api/routes/audit.routes.ts +77 -0
  462. package/src/api/routes/auth.routes.ts +71 -0
  463. package/src/api/routes/export.routes.ts +34 -0
  464. package/src/api/routes/health.routes.ts +14 -0
  465. package/src/api/routes/index.ts +40 -0
  466. package/src/api/routes/providers.routes.ts +24 -0
  467. package/src/api/validators/.gitkeep +0 -0
  468. package/src/api/validators/audit.schemas.ts +59 -0
  469. package/src/api/validators/auth.schemas.ts +59 -0
  470. package/src/app.ts +87 -0
  471. package/src/config/.gitkeep +0 -0
  472. package/src/config/config.schema.ts +108 -0
  473. package/src/config/index.ts +82 -0
  474. package/src/container.ts +221 -0
  475. package/src/data/.gitkeep +0 -0
  476. package/src/data/database.ts +78 -0
  477. package/src/data/jobs/token-cleanup.job.ts +166 -0
  478. package/src/data/migrations/.gitkeep +0 -0
  479. package/src/data/migrations/001_initial_schema.sql +47 -0
  480. package/src/data/migrations/migration.runner.ts +125 -0
  481. package/src/data/models/.gitkeep +0 -0
  482. package/src/data/models/Token.model.ts +35 -0
  483. package/src/data/repositories/.gitkeep +0 -0
  484. package/src/data/repositories/token.repository.ts +160 -0
  485. package/src/providers/.gitkeep +0 -0
  486. package/src/providers/azure/.gitkeep +0 -0
  487. package/src/providers/azure/auth.provider.ts +14 -0
  488. package/src/providers/azure/azure-errors.ts +189 -0
  489. package/src/providers/azure/azure-retry.ts +168 -0
  490. package/src/providers/azure/graph-client.ts +315 -0
  491. package/src/providers/azure/graph.provider.ts +294 -0
  492. package/src/providers/azure/queries/app.queries.ts +9 -0
  493. package/src/providers/azure/queries/policy.queries.ts +9 -0
  494. package/src/providers/azure/queries/user.queries.ts +10 -0
  495. package/src/providers/interfaces/.gitkeep +0 -0
  496. package/src/providers/interfaces/IGraphProvider.ts +117 -0
  497. package/src/providers/interfaces/ILDAPProvider.ts +142 -0
  498. package/src/providers/ldap/.gitkeep +0 -0
  499. package/src/providers/ldap/acl-parser.ts +231 -0
  500. package/src/providers/ldap/ad-mappers.ts +280 -0
  501. package/src/providers/ldap/ldap-client.ts +259 -0
  502. package/src/providers/ldap/ldap-errors.ts +188 -0
  503. package/src/providers/ldap/ldap-retry.ts +267 -0
  504. package/src/providers/ldap/ldap-sanitizer.ts +273 -0
  505. package/src/providers/ldap/ldap.provider.ts +293 -0
  506. package/src/providers/ldap/queries/computer.queries.ts +9 -0
  507. package/src/providers/ldap/queries/group.queries.ts +9 -0
  508. package/src/providers/ldap/queries/user.queries.ts +10 -0
  509. package/src/providers/smb/smb.provider.ts +653 -0
  510. package/src/server.ts +60 -0
  511. package/src/services/.gitkeep +0 -0
  512. package/src/services/audit/.gitkeep +0 -0
  513. package/src/services/audit/ad-audit.service.ts +1481 -0
  514. package/src/services/audit/attack-graph.service.ts +1104 -0
  515. package/src/services/audit/audit.service.ts +12 -0
  516. package/src/services/audit/azure-audit.service.ts +286 -0
  517. package/src/services/audit/detectors/ad/accounts.detector.ts +1232 -0
  518. package/src/services/audit/detectors/ad/adcs.detector.ts +449 -0
  519. package/src/services/audit/detectors/ad/advanced.detector.ts +1270 -0
  520. package/src/services/audit/detectors/ad/attack-paths.detector.ts +600 -0
  521. package/src/services/audit/detectors/ad/compliance.detector.ts +1421 -0
  522. package/src/services/audit/detectors/ad/computers.detector.ts +1188 -0
  523. package/src/services/audit/detectors/ad/gpo.detector.ts +485 -0
  524. package/src/services/audit/detectors/ad/groups.detector.ts +685 -0
  525. package/src/services/audit/detectors/ad/index.ts +84 -0
  526. package/src/services/audit/detectors/ad/kerberos.detector.ts +424 -0
  527. package/src/services/audit/detectors/ad/monitoring.detector.ts +501 -0
  528. package/src/services/audit/detectors/ad/network.detector.ts +538 -0
  529. package/src/services/audit/detectors/ad/password.detector.ts +324 -0
  530. package/src/services/audit/detectors/ad/permissions.detector.ts +637 -0
  531. package/src/services/audit/detectors/ad/trusts.detector.ts +315 -0
  532. package/src/services/audit/detectors/azure/app-security.detector.ts +246 -0
  533. package/src/services/audit/detectors/azure/conditional-access.detector.ts +186 -0
  534. package/src/services/audit/detectors/azure/privilege-security.detector.ts +176 -0
  535. package/src/services/audit/detectors/azure/user-security.detector.ts +280 -0
  536. package/src/services/audit/detectors/index.ts +18 -0
  537. package/src/services/audit/response-formatter.ts +604 -0
  538. package/src/services/audit/scoring.service.ts +234 -0
  539. package/src/services/auth/.gitkeep +0 -0
  540. package/src/services/auth/crypto.service.ts +230 -0
  541. package/src/services/auth/errors.ts +47 -0
  542. package/src/services/auth/token.service.ts +420 -0
  543. package/src/services/config/.gitkeep +0 -0
  544. package/src/services/config/config.service.ts +75 -0
  545. package/src/services/export/.gitkeep +0 -0
  546. package/src/services/export/export.service.ts +99 -0
  547. package/src/services/export/formatters/csv.formatter.ts +124 -0
  548. package/src/services/export/formatters/json.formatter.ts +160 -0
  549. package/src/services/jobs/azure-job-runner.ts +312 -0
  550. package/src/services/jobs/index.ts +9 -0
  551. package/src/services/jobs/job-runner.ts +1280 -0
  552. package/src/services/jobs/job-store.ts +384 -0
  553. package/src/services/jobs/job.types.ts +182 -0
  554. package/src/types/.gitkeep +0 -0
  555. package/src/types/ad.types.ts +91 -0
  556. package/src/types/adcs.types.ts +107 -0
  557. package/src/types/attack-graph.types.ts +260 -0
  558. package/src/types/audit.types.ts +42 -0
  559. package/src/types/azure.types.ts +68 -0
  560. package/src/types/config.types.ts +79 -0
  561. package/src/types/error.types.ts +69 -0
  562. package/src/types/finding.types.ts +284 -0
  563. package/src/types/gpo.types.ts +72 -0
  564. package/src/types/smb2.d.ts +73 -0
  565. package/src/types/token.types.ts +32 -0
  566. package/src/types/trust.types.ts +140 -0
  567. package/src/utils/.gitkeep +0 -0
  568. package/src/utils/entity-converter.ts +453 -0
  569. package/src/utils/graph.util.ts +609 -0
  570. package/src/utils/logger.ts +111 -0
  571. package/src/utils/type-name-normalizer.ts +302 -0
  572. package/tests/.gitkeep +0 -0
  573. package/tests/e2e/.gitkeep +0 -0
  574. package/tests/fixtures/.gitkeep +0 -0
  575. package/tests/integration/.gitkeep +0 -0
  576. package/tests/integration/README.md +156 -0
  577. package/tests/integration/ad-audit.integration.test.ts +216 -0
  578. package/tests/integration/api/.gitkeep +0 -0
  579. package/tests/integration/api/endpoints.integration.test.ts +431 -0
  580. package/tests/integration/auth/jwt-authentication.integration.test.ts +358 -0
  581. package/tests/integration/providers/.gitkeep +0 -0
  582. package/tests/integration/providers/azure-basic.integration.test.ts +167 -0
  583. package/tests/integration/providers/ldap-basic.integration.test.ts +152 -0
  584. package/tests/integration/providers/ldap-connectivity.test.ts +44 -0
  585. package/tests/integration/providers/ldap-provider.integration.test.ts +347 -0
  586. package/tests/mocks/.gitkeep +0 -0
  587. package/tests/setup.ts +16 -0
  588. package/tests/unit/.gitkeep +0 -0
  589. package/tests/unit/api/middlewares/authenticate.test.ts +446 -0
  590. package/tests/unit/providers/.gitkeep +0 -0
  591. package/tests/unit/providers/azure/azure-errors.test.ts +193 -0
  592. package/tests/unit/providers/azure/azure-retry.test.ts +254 -0
  593. package/tests/unit/providers/azure/graph-provider.test.ts +313 -0
  594. package/tests/unit/providers/ldap/ad-mappers.test.ts +392 -0
  595. package/tests/unit/providers/ldap/ldap-provider.test.ts +376 -0
  596. package/tests/unit/providers/ldap/ldap-retry.test.ts +377 -0
  597. package/tests/unit/providers/ldap/ldap-sanitizer.test.ts +301 -0
  598. package/tests/unit/sample.test.ts +19 -0
  599. package/tests/unit/services/.gitkeep +0 -0
  600. package/tests/unit/services/audit/detectors/ad/accounts.detector.test.ts +393 -0
  601. package/tests/unit/services/audit/detectors/ad/advanced.detector.test.ts +380 -0
  602. package/tests/unit/services/audit/detectors/ad/computers.detector.test.ts +440 -0
  603. package/tests/unit/services/audit/detectors/ad/groups.detector.test.ts +276 -0
  604. package/tests/unit/services/audit/detectors/ad/kerberos.detector.test.ts +215 -0
  605. package/tests/unit/services/audit/detectors/ad/password.detector.test.ts +226 -0
  606. package/tests/unit/services/audit/detectors/ad/permissions.detector.test.ts +244 -0
  607. package/tests/unit/services/audit/detectors/azure/app-security.detector.test.ts +349 -0
  608. package/tests/unit/services/audit/detectors/azure/conditional-access.detector.test.ts +374 -0
  609. package/tests/unit/services/audit/detectors/azure/privilege-security.detector.test.ts +374 -0
  610. package/tests/unit/services/audit/detectors/azure/user-security.detector.test.ts +297 -0
  611. package/tests/unit/services/auth/crypto.service.test.ts +296 -0
  612. package/tests/unit/services/auth/token.service.test.ts +579 -0
  613. package/tests/unit/services/export/export.service.test.ts +241 -0
  614. package/tests/unit/services/export/formatters/csv.formatter.test.ts +270 -0
  615. package/tests/unit/services/export/formatters/json.formatter.test.ts +258 -0
  616. package/tests/unit/utils/.gitkeep +0 -0
  617. package/tsconfig.json +50 -0
package/dist/services/audit/detectors/ad/permissions.detector.js ADDED
@@ -0,0 +1,392 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.detectAclGenericAll = detectAclGenericAll;
4
+ exports.detectAclWriteDacl = detectAclWriteDacl;
5
+ exports.detectAclWriteOwner = detectAclWriteOwner;
6
+ exports.detectAclGenericWrite = detectAclGenericWrite;
7
+ exports.detectAclForceChangePassword = detectAclForceChangePassword;
8
+ exports.detectEveryoneInAcl = detectEveryoneInAcl;
9
+ exports.detectWriteSpnAbuse = detectWriteSpnAbuse;
10
+ exports.detectGpoLinkPoisoning = detectGpoLinkPoisoning;
11
+ exports.detectAdminSdHolderBackdoor = detectAdminSdHolderBackdoor;
12
+ exports.detectAclSelfMembership = detectAclSelfMembership;
13
+ exports.detectAclAddMember = detectAclAddMember;
14
+ exports.detectAclWritePropertyExtended = detectAclWritePropertyExtended;
15
+ exports.detectAclDsReplicationGetChanges = detectAclDsReplicationGetChanges;
16
+ exports.detectAclUserForceChangePassword = detectAclUserForceChangePassword;
17
+ exports.detectAclComputerWriteValidatedDns = detectAclComputerWriteValidatedDns;
18
+ exports.detectComputerAclGenericAll = detectComputerAclGenericAll;
19
+ exports.detectPermissionsVulnerabilities = detectPermissionsVulnerabilities;
20
+ function getUniqueObjects(entries) {
21
+ return [...new Set(entries.map((ace) => ace.objectDn))];
22
+ }
23
+ function detectAclGenericAll(aclEntries, includeDetails) {
24
+ const GENERIC_ALL = 0x10000000;
25
+ const AD_FULL_CONTROL = 0x000f01ff;
26
+ const affected = aclEntries.filter((ace) => {
27
+ if ((ace.accessMask & GENERIC_ALL) !== 0)
28
+ return true;
29
+ return (ace.accessMask & AD_FULL_CONTROL) === AD_FULL_CONTROL;
30
+ });
31
+ const uniqueObjects = getUniqueObjects(affected);
32
+ const totalInstances = affected.length;
33
+ return {
34
+ type: 'ACL_GENERICALL',
35
+ severity: 'high',
36
+ category: 'permissions',
37
+ title: 'ACL GenericAll',
38
+ description: 'GenericAll permission on sensitive AD objects. Full control over object (reset passwords, modify groups, etc.).',
39
+ count: uniqueObjects.length,
40
+ totalInstances: totalInstances !== uniqueObjects.length ? totalInstances : undefined,
41
+ affectedEntities: includeDetails ? uniqueObjects : undefined,
42
+ };
43
+ }
44
+ function detectAclWriteDacl(aclEntries, includeDetails) {
45
+ const WRITE_DACL = 0x00040000;
46
+ const affected = aclEntries.filter((ace) => {
47
+ return (ace.accessMask & WRITE_DACL) !== 0;
48
+ });
49
+ const uniqueObjects = getUniqueObjects(affected);
50
+ const totalInstances = affected.length;
51
+ return {
52
+ type: 'ACL_WRITEDACL',
53
+ severity: 'high',
54
+ category: 'permissions',
55
+ title: 'ACL WriteDACL',
56
+ description: "WriteDACL permission on sensitive AD objects. Can modify object's security descriptor to grant additional permissions.",
57
+ count: uniqueObjects.length,
58
+ totalInstances: totalInstances !== uniqueObjects.length ? totalInstances : undefined,
59
+ affectedEntities: includeDetails ? uniqueObjects : undefined,
60
+ };
61
+ }
62
+ function detectAclWriteOwner(aclEntries, includeDetails) {
63
+ const WRITE_OWNER = 0x00080000;
64
+ const affected = aclEntries.filter((ace) => {
65
+ return (ace.accessMask & WRITE_OWNER) !== 0;
66
+ });
67
+ const uniqueObjects = getUniqueObjects(affected);
68
+ const totalInstances = affected.length;
69
+ return {
70
+ type: 'ACL_WRITEOWNER',
71
+ severity: 'high',
72
+ category: 'permissions',
73
+ title: 'ACL WriteOwner',
74
+ description: 'WriteOwner permission on sensitive AD objects. Can take ownership of object and modify permissions.',
75
+ count: uniqueObjects.length,
76
+ totalInstances: totalInstances !== uniqueObjects.length ? totalInstances : undefined,
77
+ affectedEntities: includeDetails ? uniqueObjects : undefined,
78
+ };
79
+ }
80
+ function detectAclGenericWrite(aclEntries, includeDetails) {
81
+ const GENERIC_WRITE = 0x40000000;
82
+ const affected = aclEntries.filter((ace) => {
83
+ return (ace.accessMask & GENERIC_WRITE) !== 0;
84
+ });
85
+ const uniqueObjects = getUniqueObjects(affected);
86
+ const totalInstances = affected.length;
87
+ return {
88
+ type: 'ACL_GENERICWRITE',
89
+ severity: 'medium',
90
+ category: 'permissions',
91
+ title: 'ACL GenericWrite',
92
+ description: 'GenericWrite permission on sensitive AD objects. Can modify many object attributes.',
93
+ count: uniqueObjects.length,
94
+ totalInstances: totalInstances !== uniqueObjects.length ? totalInstances : undefined,
95
+ affectedEntities: includeDetails ? uniqueObjects : undefined,
96
+ };
97
+ }
98
+ function detectAclForceChangePassword(aclEntries, includeDetails) {
99
+ const FORCE_CHANGE_PASSWORD_GUID = '00299570-246d-11d0-a768-00aa006e0529';
100
+ const affected = aclEntries.filter((ace) => {
101
+ return ace.objectType === FORCE_CHANGE_PASSWORD_GUID;
102
+ });
103
+ const uniqueObjects = getUniqueObjects(affected);
104
+ const totalInstances = affected.length;
105
+ return {
106
+ type: 'ACL_FORCECHANGEPASSWORD',
107
+ severity: 'medium',
108
+ category: 'permissions',
109
+ title: 'ACL Force Change Password',
110
+ description: 'ExtendedRight to force password change on user accounts. Can reset passwords without knowing current password.',
111
+ count: uniqueObjects.length,
112
+ totalInstances: totalInstances !== uniqueObjects.length ? totalInstances : undefined,
113
+ affectedEntities: includeDetails ? uniqueObjects : undefined,
114
+ };
115
+ }
116
+ function detectEveryoneInAcl(aclEntries, includeDetails) {
117
+ const EVERYONE_SID = 'S-1-1-0';
118
+ const AUTHENTICATED_USERS_SID = 'S-1-5-11';
119
+ const WRITE_MASK = 0x00020000;
120
+ const affected = aclEntries.filter((ace) => {
121
+ const isEveryone = ace.trustee === EVERYONE_SID || ace.trustee === AUTHENTICATED_USERS_SID;
122
+ const hasWrite = (ace.accessMask & WRITE_MASK) !== 0;
123
+ return isEveryone && hasWrite;
124
+ });
125
+ const uniqueObjects = getUniqueObjects(affected);
126
+ const totalInstances = affected.length;
127
+ return {
128
+ type: 'EVERYONE_IN_ACL',
129
+ severity: 'medium',
130
+ category: 'permissions',
131
+ title: 'Everyone in ACL',
132
+ description: 'Everyone or Authenticated Users with write permissions in ACL. Overly permissive access.',
133
+ count: uniqueObjects.length,
134
+ totalInstances: totalInstances !== uniqueObjects.length ? totalInstances : undefined,
135
+ affectedEntities: includeDetails ? uniqueObjects : undefined,
136
+ };
137
+ }
138
+ function detectWriteSpnAbuse(aclEntries, includeDetails) {
139
+ const SPN_PROPERTY_GUID = 'f3a64788-5306-11d1-a9c5-0000f80367c1';
140
+ const affected = aclEntries.filter((ace) => {
141
+ return ace.objectType === SPN_PROPERTY_GUID;
142
+ });
143
+ const uniqueObjects = getUniqueObjects(affected);
144
+ const totalInstances = affected.length;
145
+ return {
146
+ type: 'WRITESPN_ABUSE',
147
+ severity: 'medium',
148
+ category: 'permissions',
149
+ title: 'Write SPN Abuse',
150
+ description: 'WriteProperty permission for servicePrincipalName attribute. Can set SPNs for targeted Kerberoasting.',
151
+ count: uniqueObjects.length,
152
+ totalInstances: totalInstances !== uniqueObjects.length ? totalInstances : undefined,
153
+ affectedEntities: includeDetails ? uniqueObjects : undefined,
154
+ };
155
+ }
156
+ function detectGpoLinkPoisoning(aclEntries, includeDetails) {
157
+ const GENERIC_WRITE = 0x40000000;
158
+ const GENERIC_ALL = 0x10000000;
159
+ const WRITE_DACL = 0x00040000;
160
+ const affected = aclEntries.filter((ace) => {
161
+ const isGpo = ace.objectDn.includes('CN=Policies,CN=System');
162
+ const hasDangerousPermission = (ace.accessMask & GENERIC_ALL) !== 0 ||
163
+ (ace.accessMask & GENERIC_WRITE) !== 0 ||
164
+ (ace.accessMask & WRITE_DACL) !== 0;
165
+ return isGpo && hasDangerousPermission;
166
+ });
167
+ const uniqueObjects = getUniqueObjects(affected);
168
+ const totalInstances = affected.length;
169
+ return {
170
+ type: 'GPO_LINK_POISONING',
171
+ severity: 'medium',
172
+ category: 'permissions',
173
+ title: 'GPO Link Poisoning',
174
+ description: 'Weak ACLs on Group Policy Objects. Can modify GPO to execute code on targeted systems.',
175
+ count: uniqueObjects.length,
176
+ totalInstances: totalInstances !== uniqueObjects.length ? totalInstances : undefined,
177
+ affectedEntities: includeDetails ? uniqueObjects : undefined,
178
+ };
179
+ }
180
+ function detectAdminSdHolderBackdoor(aclEntries, includeDetails) {
181
+ const affected = aclEntries.filter((ace) => {
182
+ return ace.objectDn.includes('CN=AdminSDHolder,CN=System');
183
+ });
184
+ const uniqueObjects = getUniqueObjects(affected);
185
+ const totalInstances = affected.length;
186
+ return {
187
+ type: 'ADMINSDHOLDER_BACKDOOR',
188
+ severity: 'medium',
189
+ category: 'permissions',
190
+ title: 'AdminSDHolder Backdoor',
191
+ description: 'Unexpected ACL on AdminSDHolder object. Persistent permissions on admin accounts.',
192
+ count: uniqueObjects.length,
193
+ totalInstances: totalInstances !== uniqueObjects.length ? totalInstances : undefined,
194
+ affectedEntities: includeDetails ? uniqueObjects : undefined,
195
+ };
196
+ }
197
+ function detectAclSelfMembership(aclEntries, includeDetails) {
198
+ const SELF_MEMBERSHIP_GUID = 'bf9679c0-0de6-11d0-a285-00aa003049e2';
199
+ const WRITE_SELF = 0x8;
200
+ const affected = aclEntries.filter((ace) => {
201
+ const hasWriteSelf = (ace.accessMask & WRITE_SELF) !== 0;
202
+ const isSelfMembership = ace.objectType?.toLowerCase() === SELF_MEMBERSHIP_GUID ||
203
+ ace.objectType?.toLowerCase().includes('member');
204
+ return hasWriteSelf || isSelfMembership;
205
+ });
206
+ const uniqueObjects = getUniqueObjects(affected);
207
+ const totalInstances = affected.length;
208
+ return {
209
+ type: 'ACL_SELF_MEMBERSHIP',
210
+ severity: 'high',
211
+ category: 'permissions',
212
+ title: 'Self-Membership Rights',
213
+ description: 'Principals with self-membership rights on groups. ' +
214
+ 'Allows adding oneself to a group, potentially gaining elevated privileges.',
215
+ count: uniqueObjects.length,
216
+ totalInstances: totalInstances !== uniqueObjects.length ? totalInstances : undefined,
217
+ affectedEntities: includeDetails ? uniqueObjects : undefined,
218
+ };
219
+ }
220
+ function detectAclAddMember(aclEntries, includeDetails) {
221
+ const MEMBER_GUID = 'bf9679c0-0de6-11d0-a285-00aa003049e2';
222
+ const WRITE_PROPERTY = 0x20;
223
+ const affected = aclEntries.filter((ace) => {
224
+ const hasWriteProperty = (ace.accessMask & WRITE_PROPERTY) !== 0;
225
+ const isMemberProperty = ace.objectType?.toLowerCase() === MEMBER_GUID;
226
+ return hasWriteProperty && isMemberProperty;
227
+ });
228
+ const uniqueObjects = getUniqueObjects(affected);
229
+ const totalInstances = affected.length;
230
+ return {
231
+ type: 'ACL_ADD_MEMBER',
232
+ severity: 'medium',
233
+ category: 'permissions',
234
+ title: 'Add-Member Rights on Groups',
235
+ description: 'Principals with rights to add members to groups. ' +
236
+ 'Can be abused to add accounts to privileged groups.',
237
+ count: uniqueObjects.length,
238
+ totalInstances: totalInstances !== uniqueObjects.length ? totalInstances : undefined,
239
+ affectedEntities: includeDetails ? uniqueObjects : undefined,
240
+ };
241
+ }
242
+ function detectAclWritePropertyExtended(aclEntries, includeDetails) {
243
+ const DANGEROUS_PROPERTIES = [
244
+ '00299570-246d-11d0-a768-00aa006e0529',
245
+ 'bf967a68-0de6-11d0-a285-00aa003049e2',
246
+ 'bf967950-0de6-11d0-a285-00aa003049e2',
247
+ '5f202010-79a5-11d0-9020-00c04fc2d4cf',
248
+ ];
249
+ const WRITE_PROPERTY = 0x20;
250
+ const affected = aclEntries.filter((ace) => {
251
+ const hasWriteProperty = (ace.accessMask & WRITE_PROPERTY) !== 0;
252
+ const isDangerousProperty = ace.objectType && DANGEROUS_PROPERTIES.includes(ace.objectType.toLowerCase());
253
+ return hasWriteProperty && isDangerousProperty;
254
+ });
255
+ const uniqueObjects = getUniqueObjects(affected);
256
+ const totalInstances = affected.length;
257
+ return {
258
+ type: 'ACL_WRITE_PROPERTY_EXTENDED',
259
+ severity: 'medium',
260
+ category: 'permissions',
261
+ title: 'Extended Write Property Rights',
262
+ description: 'Principals with dangerous extended write property rights. ' +
263
+ 'Can modify script paths, home directories, or key credentials.',
264
+ count: uniqueObjects.length,
265
+ totalInstances: totalInstances !== uniqueObjects.length ? totalInstances : undefined,
266
+ affectedEntities: includeDetails ? uniqueObjects : undefined,
267
+ };
268
+ }
269
+ function detectAclDsReplicationGetChanges(aclEntries, includeDetails) {
270
+ const REPLICATION_GUIDS = [
271
+ '1131f6aa-9c07-11d1-f79f-00c04fc2dcd2',
272
+ '1131f6ad-9c07-11d1-f79f-00c04fc2dcd2',
273
+ ];
274
+ const affected = aclEntries.filter((ace) => {
275
+ return (ace.objectType && REPLICATION_GUIDS.includes(ace.objectType.toLowerCase()));
276
+ });
277
+ const uniqueObjects = getUniqueObjects(affected);
278
+ const totalInstances = affected.length;
279
+ return {
280
+ type: 'ACL_DS_REPLICATION_GET_CHANGES',
281
+ severity: 'critical',
282
+ category: 'permissions',
283
+ title: 'DS-Replication-Get-Changes Rights (DCSync)',
284
+ description: 'Non-standard principals with directory replication rights. ' +
285
+ 'Enables DCSync attacks to extract all password hashes from the domain.',
286
+ count: uniqueObjects.length,
287
+ totalInstances: totalInstances !== uniqueObjects.length ? totalInstances : undefined,
288
+ affectedEntities: includeDetails ? uniqueObjects : undefined,
289
+ details: {
290
+ risk: 'Complete domain compromise through password hash extraction.',
291
+ recommendation: 'Remove replication rights from all non-DC accounts.',
292
+ },
293
+ };
294
+ }
295
+ function detectAclUserForceChangePassword(aclEntries, includeDetails) {
296
+ const FORCE_CHANGE_PASSWORD_GUID = '00299570-246d-11d0-a768-00aa006e0529';
297
+ const affected = aclEntries.filter((ace) => {
298
+ return ace.objectType?.toLowerCase() === FORCE_CHANGE_PASSWORD_GUID;
299
+ });
300
+ const uniqueObjects = getUniqueObjects(affected);
301
+ const totalInstances = affected.length;
302
+ return {
303
+ type: 'ACL_USER_FORCE_CHANGE_PASSWORD',
304
+ severity: 'medium',
305
+ category: 'permissions',
306
+ title: 'User-Force-Change-Password Rights',
307
+ description: 'Principals with rights to force password change on user accounts. ' +
308
+ 'Can reset passwords to take over accounts.',
309
+ count: uniqueObjects.length,
310
+ totalInstances: totalInstances !== uniqueObjects.length ? totalInstances : undefined,
311
+ affectedEntities: includeDetails ? uniqueObjects : undefined,
312
+ };
313
+ }
314
+ function detectAclComputerWriteValidatedDns(aclEntries, includeDetails) {
315
+ const VALIDATED_DNS_GUID = '72e39547-7b18-11d1-adef-00c04fd8d5cd';
316
+ const affected = aclEntries.filter((ace) => {
317
+ const isComputerObject = ace.objectDn.toLowerCase().includes('cn=computers');
318
+ const hasDnsRight = ace.objectType?.toLowerCase() === VALIDATED_DNS_GUID;
319
+ return isComputerObject && hasDnsRight;
320
+ });
321
+ const uniqueObjects = getUniqueObjects(affected);
322
+ const totalInstances = affected.length;
323
+ return {
324
+ type: 'ACL_COMPUTER_WRITE_VALIDATED_DNS',
325
+ severity: 'medium',
326
+ category: 'permissions',
327
+ title: 'Validated-Write-DNS on Computers',
328
+ description: 'Principals with rights to modify DNS host names on computer objects. ' +
329
+ 'Can be used for DNS spoofing and MITM attacks.',
330
+ count: uniqueObjects.length,
331
+ totalInstances: totalInstances !== uniqueObjects.length ? totalInstances : undefined,
332
+ affectedEntities: includeDetails ? uniqueObjects : undefined,
333
+ };
334
+ }
335
+ function detectComputerAclGenericAll(aclEntries, includeDetails, computerDns) {
336
+ const GENERIC_ALL = 0x10000000;
337
+ const AD_FULL_CONTROL = 0x000f01ff;
338
+ const computerDnSet = new Set(computerDns ? computerDns.map((dn) => dn.toLowerCase()) : []);
339
+ const computerAcls = aclEntries.filter((ace) => {
340
+ const dn = ace.objectDn.toLowerCase();
341
+ if (computerDnSet.size > 0) {
342
+ return computerDnSet.has(dn);
343
+ }
344
+ const cnMatch = dn.match(/cn=([^,]+)/i);
345
+ if (cnMatch && cnMatch[1] && cnMatch[1].endsWith('$')) {
346
+ return true;
347
+ }
348
+ return (dn.includes('ou=computers') ||
349
+ dn.includes('ou=workstations') ||
350
+ dn.includes('ou=servers') ||
351
+ dn.includes('cn=computers,'));
352
+ });
353
+ const affected = computerAcls.filter((ace) => {
354
+ if ((ace.accessMask & GENERIC_ALL) !== 0)
355
+ return true;
356
+ return (ace.accessMask & AD_FULL_CONTROL) === AD_FULL_CONTROL;
357
+ });
358
+ const uniqueObjects = getUniqueObjects(affected);
359
+ const totalInstances = affected.length;
360
+ return {
361
+ type: 'COMPUTER_ACL_GENERICALL',
362
+ severity: 'high',
363
+ category: 'permissions',
364
+ title: 'Computer ACL GenericAll',
365
+ description: 'GenericAll permission on computer objects. Attacker with this permission can take over the computer, ' +
366
+ 'configure Resource-Based Constrained Delegation (RBCD), or extract credentials.',
367
+ count: uniqueObjects.length,
368
+ totalInstances: totalInstances !== uniqueObjects.length ? totalInstances : undefined,
369
+ affectedEntities: includeDetails ? uniqueObjects : undefined,
370
+ };
371
+ }
372
+ function detectPermissionsVulnerabilities(aclEntries, includeDetails, computerDns) {
373
+ return [
374
+ detectAclGenericAll(aclEntries, includeDetails),
375
+ detectComputerAclGenericAll(aclEntries, includeDetails, computerDns),
376
+ detectAclWriteDacl(aclEntries, includeDetails),
377
+ detectAclWriteOwner(aclEntries, includeDetails),
378
+ detectAclGenericWrite(aclEntries, includeDetails),
379
+ detectAclForceChangePassword(aclEntries, includeDetails),
380
+ detectEveryoneInAcl(aclEntries, includeDetails),
381
+ detectWriteSpnAbuse(aclEntries, includeDetails),
382
+ detectGpoLinkPoisoning(aclEntries, includeDetails),
383
+ detectAdminSdHolderBackdoor(aclEntries, includeDetails),
384
+ detectAclSelfMembership(aclEntries, includeDetails),
385
+ detectAclAddMember(aclEntries, includeDetails),
386
+ detectAclWritePropertyExtended(aclEntries, includeDetails),
387
+ detectAclDsReplicationGetChanges(aclEntries, includeDetails),
388
+ detectAclUserForceChangePassword(aclEntries, includeDetails),
389
+ detectAclComputerWriteValidatedDns(aclEntries, includeDetails),
390
+ ].filter((finding) => finding.count > 0);
391
+ }
392
+ //# sourceMappingURL=permissions.detector.js.map
package/dist/services/audit/detectors/ad/permissions.detector.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"permissions.detector.js","sourceRoot":"","sources":["../../../../../src/services/audit/detectors/ad/permissions.detector.ts"],"names":[],"mappings":";;AA8CA,kDA4BC;AAKD,gDAoBC;AAKD,kDAoBC;AAKD,sDAoBC;AAKD,oEAoBC;AAKD,kDAwBC;AAKD,kDAoBC;AAKD,wDA4BC;AAKD,kEAkBC;AAWD,0DA4BC;AAWD,gDA0BC;AAWD,wEAoCC;AAWD,4EAoCC;AAWD,4EA0BC;AAWD,gFA4BC;AAUD,kEA6DC;AASD,4EA0BC;AAzlBD,SAAS,gBAAgB,CAAC,OAAmB;IAC3C,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;AAC1D,CAAC;AASD,SAAgB,mBAAmB,CAAC,UAAsB,EAAE,cAAuB;IAEjF,MAAM,WAAW,GAAG,UAAU,CAAC;IAG/B,MAAM,eAAe,GAAG,UAAU,CAAC;IAEnC,MAAM,QAAQ,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE;QAEzC,IAAI,CAAC,GAAG,CAAC,UAAU,GAAG,WAAW,CAAC,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QAGtD,OAAO,CAAC,GAAG,CAAC,UAAU,GAAG,eAAe,CAAC,KAAK,eAAe,CAAC;IAChE,CAAC,CAAC,CAAC;IAEH,MAAM,aAAa,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IACjD,MAAM,cAAc,GAAG,QAAQ,CAAC,MAAM,CAAC;IAEvC,OAAO;QACL,IAAI,EAAE,gBAAgB;QACtB,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,aAAa;QACvB,KAAK,EAAE,gBAAgB;QACvB,WAAW,EAAE,iHAAiH;QAC9H,KAAK,EAAE,aAAa,CAAC,MAAM;QAC3B,cAAc,EAAE,cAAc,KAAK,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS;QACpF,gBAAgB,EAAE,cAAc,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS;KAC7D,CAAC;AACJ,CAAC;AAKD,SAAgB,kBAAkB,CAAC,UAAsB,EAAE,cAAuB;IAChF,MAAM,UAAU,GAAG,UAAU,CAAC;IAE9B,MAAM,QAAQ,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE;QACzC,OAAO,CAAC,GAAG,CAAC,UAAU,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC;IAC7C,CAAC,CAAC,CAAC;IAEH,MAAM,aAAa,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IACjD,MAAM,cAAc,GAAG,QAAQ,CAAC,MAAM,CAAC;IAEvC,OAAO;QACL,IAAI,EAAE,eAAe;QACrB,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,aAAa;QACvB,KAAK,EAAE,eAAe;QACtB,WAAW,EAAE,wHAAwH;QACrI,KAAK,EAAE,aAAa,CAAC,MAAM;QAC3B,cAAc,EAAE,cAAc,KAAK,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS;QACpF,gBAAgB,EAAE,cAAc,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS;KAC7D,CAAC;AACJ,CAAC;AAKD,SAAgB,mBAAmB,CAAC,UAAsB,EAAE,cAAuB;IACjF,MAAM,WAAW,GAAG,UAAU,CAAC;IAE/B,MAAM,QAAQ,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE;QACzC,OAAO,CAAC,GAAG,CAAC,UAAU,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC;IAC9C,CAAC,CAAC,CAAC;IAEH,MAAM,aAAa,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IACjD,MAAM,cAAc,GAAG,QAAQ,CAAC,MAAM,CAAC;IAEvC,OAAO;QACL,IAAI,EAAE,gBAAgB;QACtB,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,aAAa;QACvB,KAAK,EAAE,gBAAgB;QACvB,WAAW,EAAE,qGAAqG;QAClH,KAAK,EAAE,aAAa,CAAC,MAAM;QAC3B,cAAc,EAAE,cAAc,KAAK,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS;QACpF,gBAAgB,EAAE,cAAc,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS;KAC7D,CAAC;AACJ,CAAC;AAKD,SAAgB,qBAAqB,CAAC,UAAsB,EAAE,cAAuB;IACnF,MAAM,aAAa,GAAG,UAAU,CAAC;IAEjC,MAAM,QAAQ,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE;QACzC,OAAO,CAAC,GAAG,CAAC,UAAU,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;IAChD,CAAC,CAAC,CAAC;IAEH,MAAM,aAAa,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IACjD,MAAM,cAAc,GAAG,QAAQ,CAAC,MAAM,CAAC;IAEvC,OAAO;QACL,IAAI,EAAE,kBAAkB;QACxB,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,aAAa;QACvB,KAAK,EAAE,kBAAkB;QACzB,WAAW,EAAE,qFAAqF;QAClG,KAAK,EAAE,aAAa,CAAC,MAAM;QAC3B,cAAc,EAAE,cAAc,KAAK,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS;QACpF,gBAAgB,EAAE,cAAc,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS;KAC7D,CAAC;AACJ,CAAC;AAKD,SAAgB,4BAA4B,CAAC,UAAsB,EAAE,cAAuB;IAC1F,MAAM,0BAA0B,GAAG,sCAAsC,CAAC;IAE1E,MAAM,QAAQ,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE;QACzC,OAAO,GAAG,CAAC,UAAU,KAAK,0BAA0B,CAAC;IACvD,CAAC,CAAC,CAAC;IAEH,MAAM,aAAa,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IACjD,MAAM,cAAc,GAAG,QAAQ,CAAC,MAAM,CAAC;IAEvC,OAAO;QACL,IAAI,EAAE,yBAAyB;QAC/B,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,aAAa;QACvB,KAAK,EAAE,2BAA2B;QAClC,WAAW,EAAE,gHAAgH;QAC7H,KAAK,EAAE,aAAa,CAAC,MAAM;QAC3B,cAAc,EAAE,cAAc,KAAK,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS;QACpF,gBAAgB,EAAE,cAAc,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS;KAC7D,CAAC;AACJ,CAAC;AAKD,SAAgB,mBAAmB,CAAC,UAAsB,EAAE,cAAuB;IACjF,MAAM,YAAY,GAAG,SAAS,CAAC;IAC/B,MAAM,uBAAuB,GAAG,UAAU,CAAC;IAC3C,MAAM,UAAU,GAAG,UAAU,CAAC;IAE9B,MAAM,QAAQ,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE;QACzC,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,KAAK,YAAY,IAAI,GAAG,CAAC,OAAO,KAAK,uBAAuB,CAAC;QAC3F,MAAM,QAAQ,GAAG,CAAC,GAAG,CAAC,UAAU,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC;QACrD,OAAO,UAAU,IAAI,QAAQ,CAAC;IAChC,CAAC,CAAC,CAAC;IAEH,MAAM,aAAa,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IACjD,MAAM,cAAc,GAAG,QAAQ,CAAC,MAAM,CAAC;IAEvC,OAAO;QACL,IAAI,EAAE,iBAAiB;QACvB,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,aAAa;QACvB,KAAK,EAAE,iBAAiB;QACxB,WAAW,EAAE,0FAA0F;QACvG,KAAK,EAAE,aAAa,CAAC,MAAM;QAC3B,cAAc,EAAE,cAAc,KAAK,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS;QACpF,gBAAgB,EAAE,cAAc,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS;KAC7D,CAAC;AACJ,CAAC;AAKD,SAAgB,mBAAmB,CAAC,UAAsB,EAAE,cAAuB;IACjF,MAAM,iBAAiB,GAAG,sCAAsC,CAAC;IAEjE,MAAM,QAAQ,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE;QACzC,OAAO,GAAG,CAAC,UAAU,KAAK,iBAAiB,CAAC;IAC9C,CAAC,CAAC,CAAC;IAEH,MAAM,aAAa,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IACjD,MAAM,cAAc,GAAG,QAAQ,CAAC,MAAM,CAAC;IAEvC,OAAO;QACL,IAAI,EAAE,gBAAgB;QACtB,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,aAAa;QACvB,KAAK,EAAE,iBAAiB;QACxB,WAAW,EAAE,uGAAuG;QACpH,KAAK,EAAE,aAAa,CAAC,MAAM;QAC3B,cAAc,EAAE,cAAc,KAAK,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS;QACpF,gBAAgB,EAAE,cAAc,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS;KAC7D,CAAC;AACJ,CAAC;AAKD,SAAgB,sBAAsB,CAAC,UAAsB,EAAE,cAAuB;IACpF,MAAM,aAAa,GAAG,UAAU,CAAC;IACjC,MAAM,WAAW,GAAG,UAAU,CAAC;IAC/B,MAAM,UAAU,GAAG,UAAU,CAAC;IAE9B,MAAM,QAAQ,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE;QACzC,MAAM,KAAK,GAAG,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,uBAAuB,CAAC,CAAC;QAC7D,MAAM,sBAAsB,GAC1B,CAAC,GAAG,CAAC,UAAU,GAAG,WAAW,CAAC,KAAK,CAAC;YACpC,CAAC,GAAG,CAAC,UAAU,GAAG,aAAa,CAAC,KAAK,CAAC;YACtC,CAAC,GAAG,CAAC,UAAU,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC;QAEtC,OAAO,KAAK,IAAI,sBAAsB,CAAC;IACzC,CAAC,CAAC,CAAC;IAEH,MAAM,aAAa,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IACjD,MAAM,cAAc,GAAG,QAAQ,CAAC,MAAM,CAAC;IAEvC,OAAO;QACL,IAAI,EAAE,oBAAoB;QAC1B,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,aAAa;QACvB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EAAE,wFAAwF;QACrG,KAAK,EAAE,aAAa,CAAC,MAAM;QAC3B,cAAc,EAAE,cAAc,KAAK,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS;QACpF,gBAAgB,EAAE,cAAc,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS;KAC7D,CAAC;AACJ,CAAC;AAKD,SAAgB,2BAA2B,CAAC,UAAsB,EAAE,cAAuB;IACzF,MAAM,QAAQ,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE;QACzC,OAAO,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,4BAA4B,CAAC,CAAC;IAC7D,CAAC,CAAC,CAAC;IAEH,MAAM,aAAa,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IACjD,MAAM,cAAc,GAAG,QAAQ,CAAC,MAAM,CAAC;IAEvC,OAAO;QACL,IAAI,EAAE,wBAAwB;QAC9B,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,aAAa;QACvB,KAAK,EAAE,wBAAwB;QAC/B,WAAW,EAAE,mFAAmF;QAChG,KAAK,EAAE,aAAa,CAAC,MAAM;QAC3B,cAAc,EAAE,cAAc,KAAK,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS;QACpF,gBAAgB,EAAE,cAAc,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS;KAC7D,CAAC;AACJ,CAAC;AAWD,SAAgB,uBAAuB,CAAC,UAAsB,EAAE,cAAuB;IAErF,MAAM,oBAAoB,GAAG,sCAAsC,CAAC;IACpE,MAAM,UAAU,GAAG,GAAG,CAAC;IAEvB,MAAM,QAAQ,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE;QACzC,MAAM,YAAY,GAAG,CAAC,GAAG,CAAC,UAAU,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC;QACzD,MAAM,gBAAgB,GACpB,GAAG,CAAC,UAAU,EAAE,WAAW,EAAE,KAAK,oBAAoB;YACtD,GAAG,CAAC,UAAU,EAAE,WAAW,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACnD,OAAO,YAAY,IAAI,gBAAgB,CAAC;IAC1C,CAAC,CAAC,CAAC;IAEH,MAAM,aAAa,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IACjD,MAAM,cAAc,GAAG,QAAQ,CAAC,MAAM,CAAC;IAEvC,OAAO;QACL,IAAI,EAAE,qBAAqB;QAC3B,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,aAAa;QACvB,KAAK,EAAE,wBAAwB;QAC/B,WAAW,EACT,oDAAoD;YACpD,4EAA4E;QAC9E,KAAK,EAAE,aAAa,CAAC,MAAM;QAC3B,cAAc,EAAE,cAAc,KAAK,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS;QACpF,gBAAgB,EAAE,cAAc,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS;KAC7D,CAAC;AACJ,CAAC;AAWD,SAAgB,kBAAkB,CAAC,UAAsB,EAAE,cAAuB;IAEhF,MAAM,WAAW,GAAG,sCAAsC,CAAC;IAC3D,MAAM,cAAc,GAAG,IAAI,CAAC;IAE5B,MAAM,QAAQ,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE;QACzC,MAAM,gBAAgB,GAAG,CAAC,GAAG,CAAC,UAAU,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;QACjE,MAAM,gBAAgB,GAAG,GAAG,CAAC,UAAU,EAAE,WAAW,EAAE,KAAK,WAAW,CAAC;QACvE,OAAO,gBAAgB,IAAI,gBAAgB,CAAC;IAC9C,CAAC,CAAC,CAAC;IAEH,MAAM,aAAa,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IACjD,MAAM,cAAc,GAAG,QAAQ,CAAC,MAAM,CAAC;IAEvC,OAAO;QACL,IAAI,EAAE,gBAAgB;QACtB,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,aAAa;QACvB,KAAK,EAAE,6BAA6B;QACpC,WAAW,EACT,mDAAmD;YACnD,qDAAqD;QACvD,KAAK,EAAE,aAAa,CAAC,MAAM;QAC3B,cAAc,EAAE,cAAc,KAAK,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS;QACpF,gBAAgB,EAAE,cAAc,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS;KAC7D,CAAC;AACJ,CAAC;AAWD,SAAgB,8BAA8B,CAC5C,UAAsB,EACtB,cAAuB;IAGvB,MAAM,oBAAoB,GAAG;QAC3B,sCAAsC;QACtC,sCAAsC;QACtC,sCAAsC;QACtC,sCAAsC;KACvC,CAAC;IAEF,MAAM,cAAc,GAAG,IAAI,CAAC;IAE5B,MAAM,QAAQ,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE;QACzC,MAAM,gBAAgB,GAAG,CAAC,GAAG,CAAC,UAAU,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;QACjE,MAAM,mBAAmB,GACvB,GAAG,CAAC,UAAU,IAAI,oBAAoB,CAAC,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC,CAAC;QAChF,OAAO,gBAAgB,IAAI,mBAAmB,CAAC;IACjD,CAAC,CAAC,CAAC;IAEH,MAAM,aAAa,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IACjD,MAAM,cAAc,GAAG,QAAQ,CAAC,MAAM,CAAC;IAEvC,OAAO;QACL,IAAI,EAAE,6BAA6B;QACnC,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,aAAa;QACvB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,4DAA4D;YAC5D,gEAAgE;QAClE,KAAK,EAAE,aAAa,CAAC,MAAM;QAC3B,cAAc,EAAE,cAAc,KAAK,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS;QACpF,gBAAgB,EAAE,cAAc,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS;KAC7D,CAAC;AACJ,CAAC;AAWD,SAAgB,gCAAgC,CAC9C,UAAsB,EACtB,cAAuB;IAIvB,MAAM,iBAAiB,GAAG;QACxB,sCAAsC;QACtC,sCAAsC;KACvC,CAAC;IAEF,MAAM,QAAQ,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE;QACzC,OAAO,CACL,GAAG,CAAC,UAAU,IAAI,iBAAiB,CAAC,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC,CAC3E,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,MAAM,aAAa,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IACjD,MAAM,cAAc,GAAG,QAAQ,CAAC,MAAM,CAAC;IAEvC,OAAO;QACL,IAAI,EAAE,gCAAgC;QACtC,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,aAAa;QACvB,KAAK,EAAE,4CAA4C;QACnD,WAAW,EACT,6DAA6D;YAC7D,wEAAwE;QAC1E,KAAK,EAAE,aAAa,CAAC,MAAM;QAC3B,cAAc,EAAE,cAAc,KAAK,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS;QACpF,gBAAgB,EAAE,cAAc,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS;QAC5D,OAAO,EAAE;YACP,IAAI,EAAE,8DAA8D;YACpE,cAAc,EAAE,qDAAqD;SACtE;KACF,CAAC;AACJ,CAAC;AAWD,SAAgB,gCAAgC,CAC9C,UAAsB,EACtB,cAAuB;IAGvB,MAAM,0BAA0B,GAAG,sCAAsC,CAAC;IAE1E,MAAM,QAAQ,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE;QACzC,OAAO,GAAG,CAAC,UAAU,EAAE,WAAW,EAAE,KAAK,0BAA0B,CAAC;IACtE,CAAC,CAAC,CAAC;IAEH,MAAM,aAAa,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IACjD,MAAM,cAAc,GAAG,QAAQ,CAAC,MAAM,CAAC;IAEvC,OAAO;QACL,IAAI,EAAE,gCAAgC;QACtC,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,aAAa;QACvB,KAAK,EAAE,mCAAmC;QAC1C,WAAW,EACT,oEAAoE;YACpE,4CAA4C;QAC9C,KAAK,EAAE,aAAa,CAAC,MAAM;QAC3B,cAAc,EAAE,cAAc,KAAK,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS;QACpF,gBAAgB,EAAE,cAAc,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS;KAC7D,CAAC;AACJ,CAAC;AAWD,SAAgB,kCAAkC,CAChD,UAAsB,EACtB,cAAuB;IAGvB,MAAM,kBAAkB,GAAG,sCAAsC,CAAC;IAElE,MAAM,QAAQ,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE;QACzC,MAAM,gBAAgB,GAAG,GAAG,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;QAC7E,MAAM,WAAW,GAAG,GAAG,CAAC,UAAU,EAAE,WAAW,EAAE,KAAK,kBAAkB,CAAC;QACzE,OAAO,gBAAgB,IAAI,WAAW,CAAC;IACzC,CAAC,CAAC,CAAC;IAEH,MAAM,aAAa,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IACjD,MAAM,cAAc,GAAG,QAAQ,CAAC,MAAM,CAAC;IAEvC,OAAO;QACL,IAAI,EAAE,kCAAkC;QACxC,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,aAAa;QACvB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,uEAAuE;YACvE,gDAAgD;QAClD,KAAK,EAAE,aAAa,CAAC,MAAM;QAC3B,cAAc,EAAE,cAAc,KAAK,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS;QACpF,gBAAgB,EAAE,cAAc,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS;KAC7D,CAAC;AACJ,CAAC;AAUD,SAAgB,2BAA2B,CACzC,UAAsB,EACtB,cAAuB,EACvB,WAAsB;IAGtB,MAAM,WAAW,GAAG,UAAU,CAAC;IAE/B,MAAM,eAAe,GAAG,UAAU,CAAC;IAGnC,MAAM,aAAa,GAAG,IAAI,GAAG,CAC3B,WAAW,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAC7D,CAAC;IAGF,MAAM,YAAY,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE;QAC7C,MAAM,EAAE,GAAG,GAAG,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;QAGtC,IAAI,aAAa,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC3B,OAAO,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAC/B,CAAC;QAID,MAAM,OAAO,GAAG,EAAE,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;QACxC,IAAI,OAAO,IAAI,OAAO,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACtD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,CACL,EAAE,CAAC,QAAQ,CAAC,cAAc,CAAC;YAC3B,EAAE,CAAC,QAAQ,CAAC,iBAAiB,CAAC;YAC9B,EAAE,CAAC,QAAQ,CAAC,YAAY,CAAC;YACzB,EAAE,CAAC,QAAQ,CAAC,eAAe,CAAC,CAC7B,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE;QAE3C,IAAI,CAAC,GAAG,CAAC,UAAU,GAAG,WAAW,CAAC,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QAEtD,OAAO,CAAC,GAAG,CAAC,UAAU,GAAG,eAAe,CAAC,KAAK,eAAe,CAAC;IAChE,CAAC,CAAC,CAAC;IAEH,MAAM,aAAa,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IACjD,MAAM,cAAc,GAAG,QAAQ,CAAC,MAAM,CAAC;IAEvC,OAAO;QACL,IAAI,EAAE,yBAAyB;QAC/B,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,aAAa;QACvB,KAAK,EAAE,yBAAyB;QAChC,WAAW,EACT,uGAAuG;YACvG,iFAAiF;QACnF,KAAK,EAAE,aAAa,CAAC,MAAM;QAC3B,cAAc,EAAE,cAAc,KAAK,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS;QACpF,gBAAgB,EAAE,cAAc,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS;KAC7D,CAAC;AACJ,CAAC;AASD,SAAgB,gCAAgC,CAC9C,UAAsB,EACtB,cAAuB,EACvB,WAAsB;IAEtB,OAAO;QAEL,mBAAmB,CAAC,UAAU,EAAE,cAAc,CAAC;QAC/C,2BAA2B,CAAC,UAAU,EAAE,cAAc,EAAE,WAAW,CAAC;QACpE,kBAAkB,CAAC,UAAU,EAAE,cAAc,CAAC;QAC9C,mBAAmB,CAAC,UAAU,EAAE,cAAc,CAAC;QAE/C,qBAAqB,CAAC,UAAU,EAAE,cAAc,CAAC;QACjD,4BAA4B,CAAC,UAAU,EAAE,cAAc,CAAC;QACxD,mBAAmB,CAAC,UAAU,EAAE,cAAc,CAAC;QAC/C,mBAAmB,CAAC,UAAU,EAAE,cAAc,CAAC;QAC/C,sBAAsB,CAAC,UAAU,EAAE,cAAc,CAAC;QAClD,2BAA2B,CAAC,UAAU,EAAE,cAAc,CAAC;QAEvD,uBAAuB,CAAC,UAAU,EAAE,cAAc,CAAC;QACnD,kBAAkB,CAAC,UAAU,EAAE,cAAc,CAAC;QAC9C,8BAA8B,CAAC,UAAU,EAAE,cAAc,CAAC;QAC1D,gCAAgC,CAAC,UAAU,EAAE,cAAc,CAAC;QAC5D,gCAAgC,CAAC,UAAU,EAAE,cAAc,CAAC;QAC5D,kCAAkC,CAAC,UAAU,EAAE,cAAc,CAAC;KAC/D,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;AAC3C,CAAC"}
package/dist/services/audit/detectors/ad/trusts.detector.d.ts ADDED
@@ -0,0 +1,11 @@
1
+ import { Finding } from '../../../../types/finding.types';
2
+ import { ADTrustExtended } from '../../../../types/trust.types';
3
+ export declare function detectTrustSidFilteringDisabled(trusts: ADTrustExtended[], includeDetails: boolean): Finding;
4
+ export declare function detectTrustExternalNoSelectiveAuth(trusts: ADTrustExtended[], includeDetails: boolean): Finding;
5
+ export declare function detectTrustBidirectional(trusts: ADTrustExtended[], includeDetails: boolean): Finding;
6
+ export declare function detectTrustForestTransitive(trusts: ADTrustExtended[], includeDetails: boolean): Finding;
7
+ export declare function detectTrustAesDisabled(trusts: ADTrustExtended[], includeDetails: boolean): Finding;
8
+ export declare function detectTrustRc4Only(trusts: ADTrustExtended[], includeDetails: boolean): Finding;
9
+ export declare function detectTrustInactive(trusts: ADTrustExtended[], includeDetails: boolean): Finding;
10
+ export declare function detectTrustVulnerabilities(trusts: ADTrustExtended[], includeDetails: boolean): Finding[];
11
+ //# sourceMappingURL=trusts.detector.d.ts.map
package/dist/services/audit/detectors/ad/trusts.detector.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"trusts.detector.d.ts","sourceRoot":"","sources":["../../../../../src/services/audit/detectors/ad/trusts.detector.ts"],"names":[],"mappings":"AAkBA,OAAO,EAAE,OAAO,EAAE,MAAM,iCAAiC,CAAC;AAC1D,OAAO,EACL,eAAe,EAMhB,MAAM,+BAA+B,CAAC;AAMvC,wBAAgB,+BAA+B,CAC7C,MAAM,EAAE,eAAe,EAAE,EACzB,cAAc,EAAE,OAAO,GACtB,OAAO,CA+BT;AAMD,wBAAgB,kCAAkC,CAChD,MAAM,EAAE,eAAe,EAAE,EACzB,cAAc,EAAE,OAAO,GACtB,OAAO,CAkCT;AAMD,wBAAgB,wBAAwB,CACtC,MAAM,EAAE,eAAe,EAAE,EACzB,cAAc,EAAE,OAAO,GACtB,OAAO,CA2BT;AAMD,wBAAgB,2BAA2B,CACzC,MAAM,EAAE,eAAe,EAAE,EACzB,cAAc,EAAE,OAAO,GACtB,OAAO,CAsBT;AAeD,wBAAgB,sBAAsB,CACpC,MAAM,EAAE,eAAe,EAAE,EACzB,cAAc,EAAE,OAAO,GACtB,OAAO,CAyBT;AAMD,wBAAgB,kBAAkB,CAChC,MAAM,EAAE,eAAe,EAAE,EACzB,cAAc,EAAE,OAAO,GACtB,OAAO,CA+BT;AAMD,wBAAgB,mBAAmB,CACjC,MAAM,EAAE,eAAe,EAAE,EACzB,cAAc,EAAE,OAAO,GACtB,OAAO,CA4BT;AAKD,wBAAgB,0BAA0B,CACxC,MAAM,EAAE,eAAe,EAAE,EACzB,cAAc,EAAE,OAAO,GACtB,OAAO,EAAE,CAUX"}
package/dist/services/audit/detectors/ad/trusts.detector.js ADDED
@@ -0,0 +1,186 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.detectTrustSidFilteringDisabled = detectTrustSidFilteringDisabled;
4
+ exports.detectTrustExternalNoSelectiveAuth = detectTrustExternalNoSelectiveAuth;
5
+ exports.detectTrustBidirectional = detectTrustBidirectional;
6
+ exports.detectTrustForestTransitive = detectTrustForestTransitive;
7
+ exports.detectTrustAesDisabled = detectTrustAesDisabled;
8
+ exports.detectTrustRc4Only = detectTrustRc4Only;
9
+ exports.detectTrustInactive = detectTrustInactive;
10
+ exports.detectTrustVulnerabilities = detectTrustVulnerabilities;
11
+ const trust_types_1 = require("../../../../types/trust.types");
12
+ function detectTrustSidFilteringDisabled(trusts, includeDetails) {
13
+ const affected = trusts.filter((t) => {
14
+ if ((t.trustAttributes & trust_types_1.TRUST_ATTRIBUTE_WITHIN_FOREST) !== 0) {
15
+ return false;
16
+ }
17
+ const sidFilteringDisabled = (t.trustAttributes & trust_types_1.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN) === 0;
18
+ return sidFilteringDisabled;
19
+ });
20
+ return {
21
+ type: 'TRUST_SID_FILTERING_DISABLED',
22
+ severity: 'high',
23
+ category: 'trusts',
24
+ title: 'SID Filtering Disabled on Trust',
25
+ description: 'Trust relationships without SID filtering allow SID history injection attacks, enabling attackers to impersonate any user in the trusted domain.',
26
+ count: affected.length,
27
+ affectedEntities: includeDetails ? affected.map((t) => t.name) : undefined,
28
+ details: affected.length > 0
29
+ ? {
30
+ recommendation: 'Enable SID filtering (quarantine) on external and forest trusts.',
31
+ }
32
+ : undefined,
33
+ };
34
+ }
35
+ function detectTrustExternalNoSelectiveAuth(trusts, includeDetails) {
36
+ const affected = trusts.filter((t) => {
37
+ const isExternal = (t.trustAttributes & trust_types_1.TRUST_ATTRIBUTE_FOREST_TRANSITIVE) === 0 &&
38
+ (t.trustAttributes & trust_types_1.TRUST_ATTRIBUTE_WITHIN_FOREST) === 0;
39
+ if (!isExternal)
40
+ return false;
41
+ const selectiveAuthDisabled = (t.trustAttributes & trust_types_1.TRUST_ATTRIBUTE_CROSS_ORGANIZATION) === 0;
42
+ return selectiveAuthDisabled;
43
+ });
44
+ return {
45
+ type: 'TRUST_EXTERNAL_NO_SELECTIVE_AUTH',
46
+ severity: 'high',
47
+ category: 'trusts',
48
+ title: 'External Trust Without Selective Authentication',
49
+ description: 'External trust without selective authentication allows any user from the trusted domain to authenticate to any resource in this domain.',
50
+ count: affected.length,
51
+ affectedEntities: includeDetails ? affected.map((t) => t.name) : undefined,
52
+ details: affected.length > 0
53
+ ? {
54
+ recommendation: 'Enable selective authentication and explicitly grant access only to required resources.',
55
+ }
56
+ : undefined,
57
+ };
58
+ }
59
+ function detectTrustBidirectional(trusts, includeDetails) {
60
+ const affected = trusts.filter((t) => {
61
+ if ((t.trustAttributes & trust_types_1.TRUST_ATTRIBUTE_WITHIN_FOREST) !== 0) {
62
+ return false;
63
+ }
64
+ return t.trustDirection === trust_types_1.TRUST_DIRECTION_BIDIRECTIONAL;
65
+ });
66
+ return {
67
+ type: 'TRUST_BIDIRECTIONAL',
68
+ severity: 'medium',
69
+ category: 'trusts',
70
+ title: 'Bidirectional Trust Relationship',
71
+ description: 'Two-way trust allows authentication in both directions, increasing the attack surface. A compromise in either domain can lead to lateral movement to the other.',
72
+ count: affected.length,
73
+ affectedEntities: includeDetails ? affected.map((t) => t.name) : undefined,
74
+ details: affected.length > 0
75
+ ? {
76
+ recommendation: 'Consider using one-way trusts where possible. Implement selective authentication.',
77
+ }
78
+ : undefined,
79
+ };
80
+ }
81
+ function detectTrustForestTransitive(trusts, includeDetails) {
82
+ const affected = trusts.filter((t) => {
83
+ return (t.trustAttributes & trust_types_1.TRUST_ATTRIBUTE_FOREST_TRANSITIVE) !== 0;
84
+ });
85
+ return {
86
+ type: 'TRUST_FOREST_TRANSITIVE',
87
+ severity: 'medium',
88
+ category: 'trusts',
89
+ title: 'Transitive Forest Trust',
90
+ description: 'Forest trust is transitive, meaning all domains in the trusted forest can access this domain. This significantly increases the trust boundary.',
91
+ count: affected.length,
92
+ affectedEntities: includeDetails ? affected.map((t) => t.name) : undefined,
93
+ details: affected.length > 0
94
+ ? {
95
+ recommendation: 'Review necessity of forest trust. Consider selective authentication and SID filtering.',
96
+ }
97
+ : undefined,
98
+ };
99
+ }
100
+ const ENC_TYPE_DES_CBC_CRC = 0x1;
101
+ const ENC_TYPE_DES_CBC_MD5 = 0x2;
102
+ const ENC_TYPE_RC4_HMAC = 0x4;
103
+ const ENC_TYPE_AES128 = 0x8;
104
+ const ENC_TYPE_AES256 = 0x10;
105
+ const ENC_WEAK_ONLY = ENC_TYPE_DES_CBC_CRC | ENC_TYPE_DES_CBC_MD5 | ENC_TYPE_RC4_HMAC;
106
+ const ENC_AES_TYPES = ENC_TYPE_AES128 | ENC_TYPE_AES256;
107
+ function detectTrustAesDisabled(trusts, includeDetails) {
108
+ const affected = trusts.filter((t) => {
109
+ if (t.supportedEncryptionTypes === undefined)
110
+ return false;
111
+ return (t.supportedEncryptionTypes & ENC_AES_TYPES) === 0;
112
+ });
113
+ return {
114
+ type: 'TRUST_AES_DISABLED',
115
+ severity: 'high',
116
+ category: 'trusts',
117
+ title: 'AES Encryption Disabled on Trust',
118
+ description: 'Trust relationship does not support AES encryption. This forces the use of weaker encryption algorithms (RC4/DES) which are more vulnerable to offline cracking.',
119
+ count: affected.length,
120
+ affectedEntities: includeDetails ? affected.map((t) => t.name) : undefined,
121
+ details: affected.length > 0
122
+ ? {
123
+ recommendation: 'Enable AES128 and AES256 encryption on trust relationship. Ensure both domains support AES.',
124
+ }
125
+ : undefined,
126
+ };
127
+ }
128
+ function detectTrustRc4Only(trusts, includeDetails) {
129
+ const affected = trusts.filter((t) => {
130
+ if (t.supportedEncryptionTypes === undefined)
131
+ return false;
132
+ const hasOnlyWeak = (t.supportedEncryptionTypes & ENC_WEAK_ONLY) !== 0 &&
133
+ (t.supportedEncryptionTypes & ENC_AES_TYPES) === 0;
134
+ const isRc4Only = hasOnlyWeak && (t.supportedEncryptionTypes & ENC_TYPE_RC4_HMAC) !== 0;
135
+ return isRc4Only;
136
+ });
137
+ return {
138
+ type: 'TRUST_RC4_ONLY',
139
+ severity: 'high',
140
+ category: 'trusts',
141
+ title: 'Trust Only Supports RC4 Encryption',
142
+ description: 'Trust relationship only supports RC4 encryption (no AES). RC4 is deprecated and Kerberos tickets encrypted with RC4 are vulnerable to offline cracking attacks.',
143
+ count: affected.length,
144
+ affectedEntities: includeDetails ? affected.map((t) => t.name) : undefined,
145
+ details: affected.length > 0
146
+ ? {
147
+ recommendation: 'Enable AES encryption on trust. If the partner domain does not support AES, plan an upgrade path.',
148
+ }
149
+ : undefined,
150
+ };
151
+ }
152
+ function detectTrustInactive(trusts, includeDetails) {
153
+ const now = Date.now();
154
+ const sixMonthsAgo = now - 180 * 24 * 60 * 60 * 1000;
155
+ const affected = trusts.filter((t) => {
156
+ if (!t.whenChanged)
157
+ return false;
158
+ return t.whenChanged.getTime() < sixMonthsAgo;
159
+ });
160
+ return {
161
+ type: 'TRUST_INACTIVE',
162
+ severity: 'medium',
163
+ category: 'trusts',
164
+ title: 'Inactive Trust Relationship',
165
+ description: 'Trust relationship has not been modified in over 180 days. May indicate an abandoned or forgotten trust that should be reviewed for necessity.',
166
+ count: affected.length,
167
+ affectedEntities: includeDetails ? affected.map((t) => t.name) : undefined,
168
+ details: affected.length > 0
169
+ ? {
170
+ recommendation: 'Review necessity of inactive trusts. Remove trusts that are no longer needed to reduce attack surface.',
171
+ }
172
+ : undefined,
173
+ };
174
+ }
175
+ function detectTrustVulnerabilities(trusts, includeDetails) {
176
+ return [
177
+ detectTrustSidFilteringDisabled(trusts, includeDetails),
178
+ detectTrustExternalNoSelectiveAuth(trusts, includeDetails),
179
+ detectTrustBidirectional(trusts, includeDetails),
180
+ detectTrustForestTransitive(trusts, includeDetails),
181
+ detectTrustAesDisabled(trusts, includeDetails),
182
+ detectTrustRc4Only(trusts, includeDetails),
183
+ detectTrustInactive(trusts, includeDetails),
184
+ ].filter((finding) => finding.count > 0);
185
+ }
186
+ //# sourceMappingURL=trusts.detector.js.map
package/dist/services/audit/detectors/ad/trusts.detector.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"trusts.detector.js","sourceRoot":"","sources":["../../../../../src/services/audit/detectors/ad/trusts.detector.ts"],"names":[],"mappings":";;AAgCA,0EAkCC;AAMD,gFAqCC;AAMD,4DA8BC;AAMD,kEAyBC;AAeD,wDA4BC;AAMD,gDAkCC;AAMD,kDA+BC;AAKD,gEAaC;AAvSD,+DAOuC;AAMvC,SAAgB,+BAA+B,CAC7C,MAAyB,EACzB,cAAuB;IAIvB,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;QAEnC,IAAI,CAAC,CAAC,CAAC,eAAe,GAAG,2CAA6B,CAAC,KAAK,CAAC,EAAE,CAAC;YAC9D,OAAO,KAAK,CAAC;QACf,CAAC;QAGD,MAAM,oBAAoB,GAAG,CAAC,CAAC,CAAC,eAAe,GAAG,gDAAkC,CAAC,KAAK,CAAC,CAAC;QAE5F,OAAO,oBAAoB,CAAC;IAC9B,CAAC,CAAC,CAAC;IAEH,OAAO;QACL,IAAI,EAAE,8BAA8B;QACpC,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,iCAAiC;QACxC,WAAW,EACT,kJAAkJ;QACpJ,KAAK,EAAE,QAAQ,CAAC,MAAM;QACtB,gBAAgB,EAAE,cAAc,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;QAC1E,OAAO,EACL,QAAQ,CAAC,MAAM,GAAG,CAAC;YACjB,CAAC,CAAC;gBACE,cAAc,EAAE,kEAAkE;aACnF;YACH,CAAC,CAAC,SAAS;KAChB,CAAC;AACJ,CAAC;AAMD,SAAgB,kCAAkC,CAChD,MAAyB,EACzB,cAAuB;IAIvB,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;QAEnC,MAAM,UAAU,GACd,CAAC,CAAC,CAAC,eAAe,GAAG,+CAAiC,CAAC,KAAK,CAAC;YAC7D,CAAC,CAAC,CAAC,eAAe,GAAG,2CAA6B,CAAC,KAAK,CAAC,CAAC;QAE5D,IAAI,CAAC,UAAU;YAAE,OAAO,KAAK,CAAC;QAG9B,MAAM,qBAAqB,GAAG,CAAC,CAAC,CAAC,eAAe,GAAG,gDAAkC,CAAC,KAAK,CAAC,CAAC;QAE7F,OAAO,qBAAqB,CAAC;IAC/B,CAAC,CAAC,CAAC;IAEH,OAAO;QACL,IAAI,EAAE,kCAAkC;QACxC,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,iDAAiD;QACxD,WAAW,EACT,yIAAyI;QAC3I,KAAK,EAAE,QAAQ,CAAC,MAAM;QACtB,gBAAgB,EAAE,cAAc,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;QAC1E,OAAO,EACL,QAAQ,CAAC,MAAM,GAAG,CAAC;YACjB,CAAC,CAAC;gBACE,cAAc,EACZ,yFAAyF;aAC5F;YACH,CAAC,CAAC,SAAS;KAChB,CAAC;AACJ,CAAC;AAMD,SAAgB,wBAAwB,CACtC,MAAyB,EACzB,cAAuB;IAEvB,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;QAEnC,IAAI,CAAC,CAAC,CAAC,eAAe,GAAG,2CAA6B,CAAC,KAAK,CAAC,EAAE,CAAC;YAC9D,OAAO,KAAK,CAAC;QACf,CAAC;QAED,OAAO,CAAC,CAAC,cAAc,KAAK,2CAA6B,CAAC;IAC5D,CAAC,CAAC,CAAC;IAEH,OAAO;QACL,IAAI,EAAE,qBAAqB;QAC3B,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,iKAAiK;QACnK,KAAK,EAAE,QAAQ,CAAC,MAAM;QACtB,gBAAgB,EAAE,cAAc,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;QAC1E,OAAO,EACL,QAAQ,CAAC,MAAM,GAAG,CAAC;YACjB,CAAC,CAAC;gBACE,cAAc,EACZ,mFAAmF;aACtF;YACH,CAAC,CAAC,SAAS;KAChB,CAAC;AACJ,CAAC;AAMD,SAAgB,2BAA2B,CACzC,MAAyB,EACzB,cAAuB;IAEvB,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;QACnC,OAAO,CAAC,CAAC,CAAC,eAAe,GAAG,+CAAiC,CAAC,KAAK,CAAC,CAAC;IACvE,CAAC,CAAC,CAAC;IAEH,OAAO;QACL,IAAI,EAAE,yBAAyB;QAC/B,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,yBAAyB;QAChC,WAAW,EACT,gJAAgJ;QAClJ,KAAK,EAAE,QAAQ,CAAC,MAAM;QACtB,gBAAgB,EAAE,cAAc,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;QAC1E,OAAO,EACL,QAAQ,CAAC,MAAM,GAAG,CAAC;YACjB,CAAC,CAAC;gBACE,cAAc,EACZ,wFAAwF;aAC3F;YACH,CAAC,CAAC,SAAS;KAChB,CAAC;AACJ,CAAC;AAGD,MAAM,oBAAoB,GAAG,GAAG,CAAC;AACjC,MAAM,oBAAoB,GAAG,GAAG,CAAC;AACjC,MAAM,iBAAiB,GAAG,GAAG,CAAC;AAC9B,MAAM,eAAe,GAAG,GAAG,CAAC;AAC5B,MAAM,eAAe,GAAG,IAAI,CAAC;AAC7B,MAAM,aAAa,GAAG,oBAAoB,GAAG,oBAAoB,GAAG,iBAAiB,CAAC;AACtF,MAAM,aAAa,GAAG,eAAe,GAAG,eAAe,CAAC;AAMxD,SAAgB,sBAAsB,CACpC,MAAyB,EACzB,cAAuB;IAEvB,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;QAEnC,IAAI,CAAC,CAAC,wBAAwB,KAAK,SAAS;YAAE,OAAO,KAAK,CAAC;QAE3D,OAAO,CAAC,CAAC,CAAC,wBAAwB,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;IAC5D,CAAC,CAAC,CAAC;IAEH,OAAO;QACL,IAAI,EAAE,oBAAoB;QAC1B,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,kKAAkK;QACpK,KAAK,EAAE,QAAQ,CAAC,MAAM;QACtB,gBAAgB,EAAE,cAAc,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;QAC1E,OAAO,EACL,QAAQ,CAAC,MAAM,GAAG,CAAC;YACjB,CAAC,CAAC;gBACE,cAAc,EACZ,6FAA6F;aAChG;YACH,CAAC,CAAC,SAAS;KAChB,CAAC;AACJ,CAAC;AAMD,SAAgB,kBAAkB,CAChC,MAAyB,EACzB,cAAuB;IAEvB,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;QAEnC,IAAI,CAAC,CAAC,wBAAwB,KAAK,SAAS;YAAE,OAAO,KAAK,CAAC;QAE3D,MAAM,WAAW,GACf,CAAC,CAAC,CAAC,wBAAwB,GAAG,aAAa,CAAC,KAAK,CAAC;YAClD,CAAC,CAAC,CAAC,wBAAwB,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;QAErD,MAAM,SAAS,GACb,WAAW,IAAI,CAAC,CAAC,CAAC,wBAAwB,GAAG,iBAAiB,CAAC,KAAK,CAAC,CAAC;QACxE,OAAO,SAAS,CAAC;IACnB,CAAC,CAAC,CAAC;IAEH,OAAO;QACL,IAAI,EAAE,gBAAgB;QACtB,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,oCAAoC;QAC3C,WAAW,EACT,iKAAiK;QACnK,KAAK,EAAE,QAAQ,CAAC,MAAM;QACtB,gBAAgB,EAAE,cAAc,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;QAC1E,OAAO,EACL,QAAQ,CAAC,MAAM,GAAG,CAAC;YACjB,CAAC,CAAC;gBACE,cAAc,EACZ,mGAAmG;aACtG;YACH,CAAC,CAAC,SAAS;KAChB,CAAC;AACJ,CAAC;AAMD,SAAgB,mBAAmB,CACjC,MAAyB,EACzB,cAAuB;IAEvB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,YAAY,GAAG,GAAG,GAAG,GAAG,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;IAErD,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;QAEnC,IAAI,CAAC,CAAC,CAAC,WAAW;YAAE,OAAO,KAAK,CAAC;QAEjC,OAAO,CAAC,CAAC,WAAW,CAAC,OAAO,EAAE,GAAG,YAAY,CAAC;IAChD,CAAC,CAAC,CAAC;IAEH,OAAO;QACL,IAAI,EAAE,gBAAgB;QACtB,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,6BAA6B;QACpC,WAAW,EACT,gJAAgJ;QAClJ,KAAK,EAAE,QAAQ,CAAC,MAAM;QACtB,gBAAgB,EAAE,cAAc,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;QAC1E,OAAO,EACL,QAAQ,CAAC,MAAM,GAAG,CAAC;YACjB,CAAC,CAAC;gBACE,cAAc,EACZ,wGAAwG;aAC3G;YACH,CAAC,CAAC,SAAS;KAChB,CAAC;AACJ,CAAC;AAKD,SAAgB,0BAA0B,CACxC,MAAyB,EACzB,cAAuB;IAEvB,OAAO;QACL,+BAA+B,CAAC,MAAM,EAAE,cAAc,CAAC;QACvD,kCAAkC,CAAC,MAAM,EAAE,cAAc,CAAC;QAC1D,wBAAwB,CAAC,MAAM,EAAE,cAAc,CAAC;QAChD,2BAA2B,CAAC,MAAM,EAAE,cAAc,CAAC;QACnD,sBAAsB,CAAC,MAAM,EAAE,cAAc,CAAC;QAC9C,kBAAkB,CAAC,MAAM,EAAE,cAAc,CAAC;QAC1C,mBAAmB,CAAC,MAAM,EAAE,cAAc,CAAC;KAC5C,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;AAC3C,CAAC"}
package/dist/services/audit/detectors/azure/app-security.detector.d.ts ADDED
@@ -0,0 +1,11 @@
1
+ import { AzureApp } from '../../../../types/azure.types';
2
+ import { Finding } from '../../../../types/finding.types';
3
+ export declare function detectAppExcessiveGraphPerms(apps: AzureApp[], includeDetails: boolean): Finding;
4
+ export declare function detectAppCredentialExpired(apps: AzureApp[], includeDetails: boolean): Finding;
5
+ export declare function detectAppLongLivedCreds(apps: AzureApp[], includeDetails: boolean): Finding;
6
+ export declare function detectAppMultitenantUnverified(apps: AzureApp[], includeDetails: boolean): Finding;
7
+ export declare function detectAppCredentialExpiring(apps: AzureApp[], includeDetails: boolean): Finding;
8
+ export declare function detectSpDisabledWithCreds(apps: AzureApp[], includeDetails: boolean): Finding;
9
+ export declare function detectAppNoOwner(apps: AzureApp[], includeDetails: boolean): Finding;
10
+ export declare function detectAppSecurityVulnerabilities(apps: AzureApp[], includeDetails: boolean): Finding[];
11
+ //# sourceMappingURL=app-security.detector.d.ts.map
package/dist/services/audit/detectors/azure/app-security.detector.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"app-security.detector.d.ts","sourceRoot":"","sources":["../../../../../src/services/audit/detectors/azure/app-security.detector.ts"],"names":[],"mappings":"AAqBA,OAAO,EAAE,QAAQ,EAAE,MAAM,+BAA+B,CAAC;AACzD,OAAO,EAAE,OAAO,EAAE,MAAM,iCAAiC,CAAC;AAM1D,wBAAgB,4BAA4B,CAAC,IAAI,EAAE,QAAQ,EAAE,EAAE,cAAc,EAAE,OAAO,GAAG,OAAO,CAgD/F;AAKD,wBAAgB,0BAA0B,CAAC,IAAI,EAAE,QAAQ,EAAE,EAAE,cAAc,EAAE,OAAO,GAAG,OAAO,CAwB7F;AAKD,wBAAgB,uBAAuB,CAAC,IAAI,EAAE,QAAQ,EAAE,EAAE,cAAc,EAAE,OAAO,GAAG,OAAO,CAyB1F;AAKD,wBAAgB,8BAA8B,CAAC,IAAI,EAAE,QAAQ,EAAE,EAAE,cAAc,EAAE,OAAO,GAAG,OAAO,CAiBjG;AAKD,wBAAgB,2BAA2B,CAAC,IAAI,EAAE,QAAQ,EAAE,EAAE,cAAc,EAAE,OAAO,GAAG,OAAO,CA0B9F;AAKD,wBAAgB,yBAAyB,CAAC,IAAI,EAAE,QAAQ,EAAE,EAAE,cAAc,EAAE,OAAO,GAAG,OAAO,CAiB5F;AAKD,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,QAAQ,EAAE,EAAE,cAAc,EAAE,OAAO,GAAG,OAAO,CAenF;AAKD,wBAAgB,gCAAgC,CAAC,IAAI,EAAE,QAAQ,EAAE,EAAE,cAAc,EAAE,OAAO,GAAG,OAAO,EAAE,CAUrG"}