atomicshop 2.11.47__py3-none-any.whl → 3.10.5__py3-none-any.whl

atomicshop/wrappers/win_auditw.py

@@ -0,0 +1,189 @@
+import subprocess
+import winreg
+
+from ..print_api import print_api
+
+
+AUDITING_REG_PATH: str = r"Software\Microsoft\Windows\CurrentVersion\Policies\System\Audit"
+PROCESS_CREATION_INCLUDE_CMDLINE_VALUE: str = "ProcessCreationIncludeCmdLine_Enabled"
+
+
+def enable_command_line_auditing(print_kwargs: dict = None):
+    """
+    Enable the 'Include command line in process creation events' policy.
+
+    reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Audit" /v ProcessCreationIncludeCmdLine_Enabled /t REG_DWORD /d 1 /f
+
+    :param print_kwargs: Optional keyword arguments for the print function.
+    """
+
+    if is_command_line_auditing_enabled():
+        print_api(
+            "[Include command line in process creation events] is already enabled.", color='blue',
+            **(print_kwargs or {}))
+        return
+
+    try:
+        # Open the registry key
+        with winreg.CreateKey(winreg.HKEY_LOCAL_MACHINE, AUDITING_REG_PATH) as reg_key:
+            # Set the value
+            winreg.SetValueEx(reg_key, PROCESS_CREATION_INCLUDE_CMDLINE_VALUE, 0, winreg.REG_DWORD, 1)
+
+        print_api(
+            "Successfully enabled [Include command line in process creation events].",
+            color='green', **(print_kwargs or {}))
+    except WindowsError as e:
+        print_api(
+            f"Failed to enable [Include command line in process creation events]: {e}", error_type=True,
+            color='red', **(print_kwargs or {}))
+
+
+def is_command_line_auditing_enabled():
+    try:
+        # Open the registry key
+        with winreg.OpenKey(winreg.HKEY_LOCAL_MACHINE, AUDITING_REG_PATH, 0, winreg.KEY_READ) as reg_key:
+            # Query the value
+            value, reg_type = winreg.QueryValueEx(reg_key, PROCESS_CREATION_INCLUDE_CMDLINE_VALUE)
+            # Check if the value is 1 (enabled)
+            return value == 1
+    except FileNotFoundError:
+        # Key or value not found, assume it's not enabled
+        return False
+    except WindowsError as e:
+        print(f"Failed to read the 'Include command line in process creation events' setting: {e}")
+        return False
+
+
+def enable_audit_process_creation(print_kwargs: dict = None):
+    """
+    Enable the 'Audit Process Creation' policy.
+    Log: Security
+    Event ID: 4688 - A new process has been created.
+
+    auditpol /set /subcategory:"Process Creation" /success:enable /failure:enable
+
+    :param print_kwargs: Optional keyword arguments for the print function.
+    """
+    if is_audit_process_creation_enabled():
+        print_api("Audit Process Creation is already enabled.", color='blue', **(print_kwargs or {}))
+        return
+
+    # Enable "Audit Process Creation" policy
+    audit_policy_command = [
+        "auditpol", "/set", "/subcategory:Process Creation", "/success:enable", "/failure:enable"
+    ]
+    try:
+        subprocess.run(audit_policy_command, check=True)
+        print_api("Successfully enabled 'Audit Process Creation'.", color='green', **(print_kwargs or {}))
+    except subprocess.CalledProcessError as e:
+        print_api(f"Failed to enable 'Audit Process Creation': {e}", error_type=True, color='red', **(print_kwargs or {}))
+        raise e
+
+
+def is_audit_process_creation_enabled(print_kwargs: dict = None) -> bool:
+    """
+    Check if the 'Audit Process Creation' policy is enabled.
+
+    :param print_kwargs: Optional keyword arguments for the print function.
+    """
+    # Command to check the "Audit Process Creation" policy
+    audit_policy_check_command = [
+        "auditpol", "/get", "/subcategory:Process Creation"
+    ]
+    try:
+        result = subprocess.run(audit_policy_check_command, check=True, capture_output=True, text=True)
+        output = result.stdout
+        # print_api(output)  # Print the output for inspection
+
+        if "Process Creation" in output and "Success and Failure" in output:
+            # print_api(
+            #     "'Audit Process Creation' is enabled for both success and failure.",
+            #     color='green', **(print_kwargs or {}))
+            return True
+        else:
+            # print_api(output, **(print_kwargs or {}))
+            # print_api(
+            #     "'Audit Process Creation' is not fully enabled. Check the output above for details.",
+            #     color='yellow', **(print_kwargs or {}))
+            return False
+    except subprocess.CalledProcessError as e:
+        print_api(f"Failed to check 'Audit Process Creation': {e}", color='red', error_type=True, **(print_kwargs or {}))
+        return False
+
+
+def enable_audit_process_termination(print_kwargs: dict = None):
+    """
+    Enable the 'Audit Process Termination' policy.
+
+    :param print_kwargs: Optional keyword arguments for the print function.
+    """
+    if is_audit_process_termination_enabled():
+        print_api("Audit Process Termination is already enabled.", color='blue', **(print_kwargs or {}))
+        return
+
+    audit_policy_command = [
+        "auditpol", "/set", "/subcategory:Process Termination", "/success:enable", "/failure:enable"
+    ]
+    try:
+        subprocess.run(audit_policy_command, check=True)
+        print_api("Successfully enabled 'Audit Process Termination'.", color='green', **(print_kwargs or {}))
+    except subprocess.CalledProcessError as e:
+        print_api(f"Failed to enable 'Audit Process Termination': {e}", error_type=True, color='red', **(print_kwargs or {}))
+        raise e
+
+
+def is_audit_process_termination_enabled(print_kwargs: dict = None) -> bool:
+    """
+    Check if the 'Audit Process Termination' policy is enabled.
+
+    :param print_kwargs: Optional keyword arguments for the print function.
+    """
+    # Command to check the "Audit Process Creation" policy
+    audit_policy_check_command = [
+        "auditpol", "/get", "/subcategory:Process Termination"
+    ]
+    try:
+        result = subprocess.run(audit_policy_check_command, check=True, capture_output=True, text=True)
+        output = result.stdout
+        # print_api(output)  # Print the output for inspection
+
+        if "Process Termination" in output and "Success and Failure" in output:
+            # print_api(
+            #     "'Audit Process Termination' is enabled for both success and failure.",
+            #     color='green', **(print_kwargs or {}))
+            return True
+        else:
+            # print_api(output, **(print_kwargs or {}))
+            # print_api(
+            #     "'Audit Process Termination' is not fully enabled. Check the output above for details.",
+            #     color='yellow', **(print_kwargs or {}))
+            return False
+    except subprocess.CalledProcessError as e:
+        print_api(f"Failed to check 'Audit Process Termination': {e}", color='red', error_type=True, **(print_kwargs or {}))
+        return False
+
+
+def enable_audit_filtering_platform_connection(print_kwargs: dict = None):
+    """
+    Enable the 'Filtering Platform Connection' policy.
+    This enables you to fetch connection creations and deletions from the Windows Security Event Log.
+    Log: Security
+    Event IDs:
+        5156 - The Windows Filtering Platform has permitted a connection.
+        5158 - The Windows Filtering Platform has blocked a connection.
+    Events include information about source and destination IP addresses and ports.
+
+    auditpol /set /subcategory:"Filtering Platform Connection" /success:enable /failure:enable
+
+    :param print_kwargs: Optional keyword arguments for the print function.
+    """
+
+    audit_policy_command = [
+        "auditpol", "/set", '/subcategory:"Filtering Platform Connection"', "/success:enable", "/failure:enable"
+    ]
+    try:
+        subprocess.run(audit_policy_command, check=True)
+        print_api("Successfully enabled 'Audit Filtering Platform Connection'.", color='green', **(print_kwargs or {}))
+    except subprocess.CalledProcessError as e:
+        print_api(f"Failed to enable 'Audit Filtering Platform Connection': {e}", error_type=True, color='red', **(print_kwargs or {}))
+        raise e

atomicshop/wrappers/winregw/winreg_installed_software.py

@@ -0,0 +1,58 @@
+import os
+import winreg
+
+
+def get_installed_software() -> list[dict]:
+    registry_path: str = r"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
+    data: list[dict] = []
+
+    # Open the specified registry path
+    with winreg.OpenKey(winreg.HKEY_LOCAL_MACHINE, registry_path) as reg_key:
+        i = 0
+        while True:
+            try:
+                # Enumerate all sub-keys
+                subkey_name = winreg.EnumKey(reg_key, i)
+                subkey_path = os.path.join(registry_path, subkey_name)
+                with winreg.OpenKey(winreg.HKEY_LOCAL_MACHINE, subkey_path) as subkey:
+                    try:
+                        # Fetch DisplayName and DisplayVersion if they exist
+                        display_name, _ = winreg.QueryValueEx(subkey, "DisplayName")
+                    except FileNotFoundError:
+                        display_name = "N/A"
+
+                    try:
+                        display_version, _ = winreg.QueryValueEx(subkey, "DisplayVersion")
+                    except FileNotFoundError:
+                        display_version = "N/A"
+
+                    try:
+                        install_date, _ = winreg.QueryValueEx(subkey, "InstallDate")
+                    except FileNotFoundError:
+                        install_date = "N/A"
+
+                    try:
+                        install_location, _ = winreg.QueryValueEx(subkey, "InstallLocation")
+                    except FileNotFoundError:
+                        install_location = "N/A"
+
+                    try:
+                        install_source, _ = winreg.QueryValueEx(subkey, "InstallSource")
+                    except FileNotFoundError:
+                        install_source = "N/A"
+
+                    if display_name != "N/A":
+                        data.append({
+                            "DisplayName": display_name,
+                            "DisplayVersion": display_version,
+                            "InstallDate": install_date,
+                            "SubkeyName": subkey_name,
+                            "InstallLocation": install_location,
+                            "InstallSource": install_source
+                        })
+            except OSError:
+                break  # No more subkeys
+
+            i += 1
+
+    return data

atomicshop/wrappers/winregw/winreg_network.py

@@ -0,0 +1,232 @@
+import winreg
+import socket
+
+
+def get_network_interfaces_settings(
+        interface_guid: str = None
+) -> dict:
+    """
+    Get network interface settings from the Windows registry.
+
+    :param interface_guid: str, GUID of the network interface to retrieve settings for.
+        If None, settings for all interfaces will be retrieved.
+    :return: dict, network interface settings.
+    """
+    registry_path = r"SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces"
+    network_info = {}
+
+    with winreg.OpenKey(winreg.HKEY_LOCAL_MACHINE, registry_path) as interfaces_key:
+        interface_count = winreg.QueryInfoKey(interfaces_key)[0]
+
+        for i in range(interface_count):
+            current_interface_guid = winreg.EnumKey(interfaces_key, i)
+
+            # If an interface GUID is provided, and it doesn't match the current one, skip it
+            if interface_guid and interface_guid != current_interface_guid:
+                continue
+
+            interface_path = f"{registry_path}\\{current_interface_guid}"
+            interface_data = {}
+
+            with winreg.OpenKey(winreg.HKEY_LOCAL_MACHINE, interface_path) as key:
+                value_count = winreg.QueryInfoKey(key)[1]
+
+                for j in range(value_count):
+                    value_name, value_data, _ = winreg.EnumValue(key, j)
+                    interface_data[value_name] = value_data
+
+                # Populate the dictionary for the current interface
+                network_info[current_interface_guid] = interface_data
+
+    return network_info
+
+
+def get_network_connections_to_guids() -> dict:
+    """
+    Get a dictionary mapping network connection names to their corresponding GUIDs.
+
+    :return: dict, GUIDs to connection names.
+    """
+    adapters = {}
+    registry_path = r"SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}"
+
+    with winreg.OpenKey(winreg.HKEY_LOCAL_MACHINE, registry_path) as network_key:
+        adapter_count = winreg.QueryInfoKey(network_key)[0]
+
+        for i in range(adapter_count):
+            adapter_guid = winreg.EnumKey(network_key, i)
+            adapter_path = f"{registry_path}\\{adapter_guid}\\Connection"
+
+            try:
+                with winreg.OpenKey(winreg.HKEY_LOCAL_MACHINE, adapter_path) as connection_key:
+                    adapter_name, _ = winreg.QueryValueEx(connection_key, "Name")
+                    adapters[adapter_guid] = adapter_name
+            except FileNotFoundError:
+                # Some GUIDs might not have a corresponding 'Connection' key, so we skip them
+                continue
+
+    return adapters
+
+
+def get_enum_info_by_pnpinstanceid(
+        pnp_instance_id: str
+) -> dict:
+    """
+    Get all information from the Enum registry key for a device with a specific PnPInstanceId.
+
+    :param pnp_instance_id: str, PnPInstanceId of the device.
+    :return: dict, device information.
+    """
+    enum_registry_path = r"SYSTEM\CurrentControlSet\Enum"
+    device_info = {}
+
+    # Construct the full path to the device in the Enum registry
+    hardware_path = f"{enum_registry_path}\\{pnp_instance_id}"
+
+    # Open the registry key corresponding to the device
+    with winreg.OpenKey(winreg.HKEY_LOCAL_MACHINE, hardware_path) as hardware_key:
+        num_values = winreg.QueryInfoKey(hardware_key)[1]
+
+        # Retrieve all values under this key
+        for i in range(num_values):
+            value_name, value_data, _ = winreg.EnumValue(hardware_key, i)
+            device_info[value_name] = value_data
+
+    return device_info
+
+
+def get_network_connections_details(get_enum_info: bool = True) -> dict:
+    """
+    Get network adapter details from the Windows registry.
+
+    :param get_enum_info: bool, if True, retrieve all information from the corresponding Enum key.
+        This is useful for getting additional information about the network adapter, like make, model, diver details.
+    :return: dict, network adapter details.
+    """
+    adapter_details = {}
+    network_registry_path = r"SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}"
+
+    with winreg.OpenKey(winreg.HKEY_LOCAL_MACHINE, network_registry_path) as network_key:
+        adapter_count = winreg.QueryInfoKey(network_key)[0]
+
+        for i in range(adapter_count):
+            adapter_guid = winreg.EnumKey(network_key, i)
+            adapter_path = f"{network_registry_path}\\{adapter_guid}\\Connection"
+
+            try:
+                with winreg.OpenKey(winreg.HKEY_LOCAL_MACHINE, adapter_path) as connection_key:
+                    adapter_name, _ = winreg.QueryValueEx(connection_key, "Name")
+                    pnp_instance_id, _ = winreg.QueryValueEx(connection_key, "PnPInstanceId")
+
+                    # Get all information from the corresponding Enum key
+                    if get_enum_info:
+                        enum_info: dict = get_enum_info_by_pnpinstanceid(pnp_instance_id)
+                    else:
+                        enum_info: dict = {}
+
+                    # Store the retrieved information
+                    adapter_details[adapter_guid] = {
+                        "Name": adapter_name,
+                        "PnPInstanceId": pnp_instance_id,
+                        "EnumInfo": enum_info
+                    }
+
+            except FileNotFoundError:
+                continue
+
+    return adapter_details
+
+
+def _get_default_dns_gateway() -> tuple[bool, list[str]]:
+    """
+    NOTICE: This stopped working from the last Windows update on 11.06.2025.
+    They moved it to 'ProfileNameServer', anyway Since Windows 8 the recommended API has been the WMI
+    NetTCPIP CIM provider (MSFT_DNSClientServerAddress) - didn't test it though.
+    Just moved to netsh wrapping for now.
+
+    Get the default DNS gateway from the Windows registry.
+
+    :return: tuple(is dynamic boolean, list of DNS server IPv4s).
+        If nothing found will return (None, None).
+    """
+
+    def get_current_interface_status(current_interface_settings: dict) -> tuple[bool, list[str]]:
+        if current_interface_settings['NameServer']:
+            result = (False, current_interface_settings['NameServer'].split(','))
+        else:
+            result = (True, current_interface_settings['DhcpNameServer'].split(','))
+
+        return result
+
+
+    # Get current default IPv4 address of the interface that is being used for internet.
+    default_ipv4_address: str = socket.gethostbyname(socket.gethostname())
+    # If the default IPv4 address is localhost, then it could mean that the system is not connected to the internet.
+    # Or there is no network adapter at all.
+    default_dns_gateway_list: list[str] = []
+    if default_ipv4_address == '127.0.0.1':
+        from ... import dns
+        default_dns_gateway_list = dns.get_default_dns_gateway_with_dns_resolver()
+
+    # Get all network interface settings from the registry.
+    all_interfaces_configurations = get_network_interfaces_settings()
+
+    # Find the interface that has this IPv4 assigned.
+    function_result: tuple = tuple()
+    for interface_guid, interface_settings in all_interfaces_configurations.items():
+        if not interface_settings:
+            continue
+
+        if ' ' in interface_settings['NameServer']:
+            interface_settings['NameServer'] = interface_settings['NameServer'].replace(' ', ',')
+        if 'DhcpNameServer' in interface_settings and ' ' in interface_settings['DhcpNameServer']:
+            interface_settings['DhcpNameServer'] = interface_settings['DhcpNameServer'].replace(' ', ',')
+
+        if not default_dns_gateway_list:
+            current_interface_static_ipv4_address: list = interface_settings.get('IPAddress', None)
+            current_interface_dynamic_ipv4_address: str = interface_settings.get('DhcpIPAddress', None)
+
+            static_and_ip_match: bool = (
+                    current_interface_static_ipv4_address and
+                    current_interface_static_ipv4_address[0] == default_ipv4_address)
+            dynamic_and_ip_match: bool = (
+                    current_interface_dynamic_ipv4_address and
+                    current_interface_dynamic_ipv4_address == default_ipv4_address)
+            if static_and_ip_match or dynamic_and_ip_match:
+                function_result = get_current_interface_status(interface_settings)
+
+                break
+        else:
+            current_interface_name_server_list: list[str] = interface_settings['NameServer'].split(',')
+            current_interface_dhcp_name_server_list: list[str] = interface_settings['DhcpNameServer'].split(',')
+            if (current_interface_name_server_list == default_dns_gateway_list or
+                    current_interface_dhcp_name_server_list == default_dns_gateway_list):
+                function_result = get_current_interface_status(interface_settings)
+
+                break
+
+    if not function_result:
+        function_result = (None, None)
+
+    # noinspection PyTypeChecker
+    return function_result
+
+
+def change_metric_of_network_adapter(
+        adapter_guid: str,
+        metric: int
+) -> None:
+    """
+    Change the metric of a network adapter.
+    After you set new metric you need to restart the network adapter for the changes to take effect.
+
+    :param adapter_guid: str, GUID of the network adapter.
+    :param metric: int, new metric value.
+    :return: None
+    """
+
+    reg_path = fr"SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{adapter_guid}"
+
+    with winreg.OpenKey(winreg.HKEY_LOCAL_MACHINE, reg_path, 0, winreg.KEY_SET_VALUE) as key:
+        winreg.SetValueEx(key, "UseAutomaticMetric", 0, winreg.REG_DWORD, 0)
+        winreg.SetValueEx(key, "InterfaceMetric", 0, winreg.REG_DWORD, metric)

{atomicshop-2.11.47.dist-info → atomicshop-3.10.5.dist-info}/METADATA

@@ -1,65 +1,47 @@
-Metadata-Version: 2.1
+Metadata-Version: 2.4
 Name: atomicshop
-Version: 2.11.47
+Version: 3.10.5
 Summary: Atomic functions and classes to make developer life easier
 Author: Denis Kras
-License: MIT License
-        
-        Copyright (c) 2023 Bugsec, Denis Kras
-        
-        Permission is hereby granted, free of charge, to any person obtaining a copy
-        of this software and associated documentation files (the "Software"), to deal
-        in the Software without restriction, including without limitation the rights
-        to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-        copies of the Software, and to permit persons to whom the Software is
-        furnished to do so, subject to the following conditions:
-        
-        The above copyright notice and this permission notice shall be included in all
-        copies or substantial portions of the Software.
-        
-        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-        SOFTWARE.
+License-Expression: MIT
 Project-URL: Homepage, https://github.com/BugSec-Official/atomicshop
 Classifier: Intended Audience :: Developers
-Classifier: License :: OSI Approved :: MIT License
 Classifier: Programming Language :: Python :: 3
 Classifier: Topic :: Software Development :: Libraries :: Python Modules
-Requires-Python: >=3.10
+Requires-Python: <3.14,>=3.12
 Description-Content-Type: text/markdown
 License-File: LICENSE.txt
 Requires-Dist: wheel
-Requires-Dist: cryptography
-Requires-Dist: dnslib
-Requires-Dist: dnspython
-Requires-Dist: docker
-Requires-Dist: elasticsearch
+Requires-Dist: setuptools
+Requires-Dist: beautifulsoup4==4.14.3
+Requires-Dist: cryptography==46.0.3
+Requires-Dist: dkarchiver==1.0.1
+Requires-Dist: dkinst
+Requires-Dist: dnslib==0.9.26
+Requires-Dist: dnspython==2.8.0
+Requires-Dist: docker==7.1.0
+Requires-Dist: flask_socketio==5.5.1
+Requires-Dist: google-api-python-client==2.187.0
+Requires-Dist: google-genai==1.53.0
+Requires-Dist: icmplib==3.0.4
 Requires-Dist: numpy
-Requires-Dist: olefile
-Requires-Dist: openpyxl
-Requires-Dist: pandas
-Requires-Dist: paramiko
-Requires-Dist: playwright
-Requires-Dist: playwright-stealth
-Requires-Dist: protobuf
-Requires-Dist: psutil
-Requires-Dist: py7zr
-Requires-Dist: pyautogui
-Requires-Dist: pyopenssl
-Requires-Dist: python-bidi
+Requires-Dist: olefile==0.47
+Requires-Dist: openpyxl==3.1.5
+Requires-Dist: pandas==2.3.3
+Requires-Dist: paramiko==4.0.0
+Requires-Dist: pefile==2024.8.26
+Requires-Dist: playwright==1.56.0
+Requires-Dist: psutil==7.1.3
+Requires-Dist: pymongo==4.15.5
+Requires-Dist: pyopenssl==25.3.0
 Requires-Dist: python-docx
-Requires-Dist: python-magic
-Requires-Dist: reportlab
-Requires-Dist: setuptools
+Requires-Dist: pywin32==311; platform_system == "Windows"
 Requires-Dist: SoundCard
 Requires-Dist: soundfile
 Requires-Dist: SpeechRecognition
-Requires-Dist: tldextract
-Requires-Dist: pywin32 ; platform_system == "Windows"
+Requires-Dist: tldextract==5.3.0
+Requires-Dist: websockets==15.0.1
+Dynamic: license-file
 
 <h1 align="center">Atomic Workshop</h1>
 
@@ -151,9 +133,9 @@ To get a local copy up and running follow these simple steps.
    ```
 
    The latest version on PyPI is 0.2, so you will need to install from GitHub.
-   Alternatively, you can use a cmd file in the addon folder after 'atomicshop' installation:
+   Alternatively, you can use a command anywhere in CMD after 'atomicshop' installation:
    ```sh
-   "\Lib\site-packages\atomicshop\addons\a_setup_scripts\install_pywintrace_0.3.cmd"
+   pywintrace install
    ```
 
 4. If you get an exception while installing the 'psycopg2' package on ubuntu, install this binary: