├── oop ├── cports.exe ├── psinfo.exe ├── pslist.exe ├── psloglist.exe ├── Assessment.pyc ├── main.py └── Assessment.py ├── README.md ├── linux_assessment.py └── windows_assessment.py /oop/cports.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jobroche/Assessment-Scripts/HEAD/oop/cports.exe -------------------------------------------------------------------------------- /oop/psinfo.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jobroche/Assessment-Scripts/HEAD/oop/psinfo.exe -------------------------------------------------------------------------------- /oop/pslist.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jobroche/Assessment-Scripts/HEAD/oop/pslist.exe -------------------------------------------------------------------------------- /oop/psloglist.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jobroche/Assessment-Scripts/HEAD/oop/psloglist.exe -------------------------------------------------------------------------------- /oop/Assessment.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jobroche/Assessment-Scripts/HEAD/oop/Assessment.pyc -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Assessment-Scripts 2 | 3 | 4 | This is a work in progress...feel free to take a look at the current scripts and take what you need 5 | -------------------------------------------------------------------------------- /oop/main.py: -------------------------------------------------------------------------------- 1 | import platform, os 2 | from Assessment import * 3 | 4 | def main(): 5 | os = platform.system() 6 | if os == 'Windows': 7 | assessment = Windows() 8 | if os == 'Darwin': 9 | assessment = Mac() 10 | if os == 'Linux': 11 | assessment = Linux() 12 | 13 | if __name__ == "__main__": 14 | main() -------------------------------------------------------------------------------- /linux_assessment.py: -------------------------------------------------------------------------------- 1 | #version2 Linosx Assessment Script made for Linux Distros and Mac OSX http://www.sans.org/score/checklists/linuxchecklist.pdf 2 | #!/usr/bin/python3 3 | 4 | import os, platform, subprocess, logging 5 | from itertools import count 6 | from shlex import split 7 | 8 | 9 | #TODO: CHECK for missing updates, ports, start up scripts, open ports, check for apache install (and security), 10 | 11 | def make_dir(basedir, name): 12 | for attempt in count(1): 13 | dirname = os.path.join(basedir, name if attempt == 1 else '{}_{}'.format(name, attempt)) 14 | if not os.path.exists(dirname): 15 | os.mkdir(dirname) 16 | return dirname 17 | 18 | 19 | def sys_info(dirname): #Purpose: reterieve system information 20 | 21 | try: 22 | 23 | logging.info("created system_info directory") 24 | logging.info("start platform module calls") 25 | 26 | with open(os.path.join(make_dir(dirname, "system_info"), "system_info.txt"), 'wb') as f: 27 | f.write(""" 28 | ************************************************************************ 29 | uname: {uname} 30 | ************************************************************************ 31 | 32 | user: {login} 33 | system: {system} 34 | hostname: {node} 35 | release: {release} 36 | kernel version: {version} 37 | processor: {machine} 38 | architecture: {architecture}""".format(uname=platform.uname(), login=os.getlogin(), system=platform.system(), node=platform.node(), 39 | release=platform.release(), version=platform.version(), machine=platform.machine(), architecture=platform.architecture()).encode('ascii')) 40 | 41 | logging.info("end platform calls") 42 | 43 | 44 | #ip configuration 45 | with open(os.path.join('{}/system_info'.format(dirname), "ip_info.txt"), 'wb') as f: 46 | f.write(subprocess.check_output(split('ifconfig -a'))) 47 | 48 | 49 | logging.info("ip configuration logged") 50 | 51 | #environment variables 52 | with open(os.path.join('{}/system_info'.format(dirname), "environment.txt"), 'wb') as f: 53 | f.write('\n'.join('{}: {}'.format(key, value) for key, value in os.environ.items()).encode('ascii')) 54 | 55 | logging.info("environment variables logged") 56 | 57 | except Exception as e: 58 | print("**** Error in sysinfo") 59 | logging.exception('') 60 | 61 | 62 | 63 | def program_list(dirname): #Purpose: retrieve OS installed programs and running processes 64 | 65 | #Retrieve list of all installed programs 66 | with open(os.path.join('{}/system_info'.format(dirname), "installed_programs.txt"), 'wb') as f: 67 | 68 | try: 69 | f.write(subprocess.check_output(split('dpkg --get-selections'))) #debian distros 70 | except subprocess.CalledProcessError: 71 | pass 72 | try: 73 | f.write(subprocess.check_output(split('yum list installed'))) #RPM distros (e.g. RHEL, Fedora, Redhat) 74 | except subprocess.CalledProcessError: 75 | pass 76 | 77 | #Retrieve list of all available updates 78 | with open(os.path.join(make_dir(dirname, "programs"), "installed_programs.txt"), 'wb') as f: 79 | 80 | try: #Debian (e.g. Ubuntu) 81 | f.write(subprocess.check_output(split('sudo apt-get update'))) 82 | except subprocess.CalledProcessError: 83 | pass 84 | try: #RPM (e.g. RHEL, Fedora) 85 | f.write(subprocess.check_output(split('yum list updates'))) 86 | except subprocess.CalledProcessError: 87 | pass 88 | 89 | 90 | #programs compiled by user 91 | with open(os.path.join('{}/programs'.format(dirname), "user_compiled.txt"), 'wb') as f: 92 | f.write(subprocess.check_output(split('ls -la /usr/local/bin'))) 93 | 94 | #process tree 95 | with open(os.path.join('{}/programs'.format(dirname), "process_tree.txt"), 'wb') as f: 96 | f.write(subprocess.check_output('pstree')) 97 | 98 | 99 | #****************** MAIN ********************* 100 | 101 | def main(): 102 | 103 | try: 104 | #create directory w/ format audit_COMPUTERNAME 105 | dirname = make_dir('./', 'audit_{}'.format(platform.node())) 106 | 107 | #configure logging 108 | logging.basicConfig(filename='{}/logger.log'.format(dirname), 109 | format='%(asctime)s %(levelname)s: %(message)s \n', 110 | datefmt='%a, %d %b %Y %I:%M:%S%p', 111 | level='INFO') 112 | 113 | logging.info("created main directory & log configuration") 114 | 115 | 116 | #run chkrootkit: checks binaries for rootkit modification 117 | with open('./{}/chkrootkit_results.log'.format(dirname), 'wb') as f: 118 | print('running binary check...') 119 | f.write(subprocess.check_output(['sudo','./chkrootkit/chkrootkit'])) 120 | 121 | logging.info("finished chkrootkit") 122 | 123 | 124 | #begin assessment 125 | sys_info(dirname) 126 | program_list(dirname) 127 | 128 | except Exception: 129 | logging.exception('') 130 | print("*** Error in main.") 131 | 132 | 133 | if __name__ == '__main__': 134 | main() 135 | 136 | 137 | 138 | 139 | 140 | 141 | -------------------------------------------------------------------------------- /oop/Assessment.py: -------------------------------------------------------------------------------- 1 | import logging, platform, os, argparse, subprocess, shlex, getpass 2 | from itertools import count 3 | 4 | class Assessment(): 5 | def make_dir(self, basedir, name): 6 | for attempt in count(1): 7 | dirname = os.path.join(basedir, name if attempt == 1 else '{}_{}'.format(name, attempt)) 8 | if not os.path.exists(dirname): 9 | os.mkdir(dirname) 10 | return dirname 11 | 12 | def sys_info(self, dirname): 13 | with open(os.path.join(self.make_dir(dirname, "system_info"), "system_info.txt"), 'w') as f: 14 | f.write(""" 15 | ************************************* 16 | {uname} 17 | ************************************* 18 | user: {login} 19 | system: {system} 20 | hostname: {node} 21 | release: {release} 22 | kernel version: {version} 23 | processor: {machine} 24 | architecture: {architecture} 25 | """.format(uname=platform.uname(), login=getpass.getuser(), system=platform.system(), node=platform.node(), 26 | release=platform.release(), version=platform.version(), machine=platform.machine(), architecture=platform.architecture())) 27 | 28 | def get_netinfo(self, dirname): 29 | with open(os.path.join(dirname, "system_info", "ip_configuration.txt"), 'wb') as f: 30 | f.write(subprocess.check_output(shlex.split('ifconfig -a'))) 31 | 32 | with open(os.path.join(dirname, 'system_info', 'network_connections.txt'), 'w') as f: 33 | f.write(""" 34 | ************************************* 35 | + NETSTAT -anbf + 36 | ************************************* 37 | {netstat_all} 38 | 39 | ************************************* 40 | + NETSTAT tcp + 41 | ************************************* 42 | {netstat_tcp} 43 | 44 | ************************************* 45 | + NETSTAT tcp + 46 | ************************************* 47 | {netstat_udp} 48 | 49 | ************************************* 50 | + NETSTAT route + 51 | ************************************* 52 | {netstat_route} 53 | """.format(netstat_all=subprocess.check_output(shlex.split('netstat -an')), netstat_tcp=subprocess.check_output(shlex.split('netstat -anp "tcp"')), netstat_udp=subprocess.check_output(shlex.split('netstat -anp "udp"')), netstat_route=subprocess.check_output(shlex.split('netstat -r')) )) 54 | 55 | def get_environment(self, dirname): 56 | with open(os.path.join('{}/system_info'.format(dirname), "environment.txt"), 'wb') as f: 57 | f.write('\n'.join('{}: {}'.format(key, value) for key, value in os.environ.items()).encode('ascii')) 58 | 59 | def config_logger(self, dirname): 60 | logging.basicConfig(filename='{}/logger.log'.format(dirname), 61 | format='%(asctime)s %(levelname)s: %(message)s \n', 62 | datefmt='%a, %d %b %Y %I:%M:%S%p', 63 | level='INFO') 64 | 65 | def __init__(self): 66 | pass 67 | 68 | class Windows(Assessment): #TODO: mbsa, support more AVs 69 | def sys_info(self, dirname): #obtain disk info, installed apps, installed hotfixes 70 | os.system('psinfo.exe -d -s -h /accepteula >> {}'.format(os.path.join(Assessment.make_dir(self, dirname, "system_info"), 'system_info.txt'))) 71 | 72 | def get_avlogs(self, dirname): #copy McAfee Anti-Virus logs 73 | if os.environ.get("VSEDEFLOGDIR"): 74 | shutil.copytree(os.environ.get('VSEDEFLOGDIR'), os.path.join(Assessment.make_dir(self, dirname, "mcafee_logs"), 'logs')) 75 | logging.info('Assessment Finished.') 76 | print('[*] Retrieved anti-virus logs.') 77 | 78 | def get_fwlogs(self,dirname): #copy Firewall settings and logs 79 | with open (os.path.join(Assessment.make_dir(self, dirname, 'firewall_logs'), 'FWSetting.txt'), 'wb') as f: 80 | if platform.release() == '7': 81 | f.write(subprocess.check_output(shlex.split('netsh firewall show state verbose = enable'))) 82 | f.write(subprocess.check_output(shlex.split('netsh advfirewall firewall show rule name=all'))) 83 | else: 84 | f.write(subprocess.check_output(shlex.split('netsh firewall show state verbose = enable'))) 85 | logging.info('Firewall settings saved.') 86 | 87 | for path in {'{}\\pfirewall.log'.format(os.environ.get('systemroot')), '{}\\system32\\LogFiles\\Firewall\\pfirewall.log'.format(os.environ.get('systemroot')), '{}\\system32\\LogFiles\\Firewall\\w7firewall.log'.format(os.environ.get('systemroot'))}: 88 | if os.path.exists(path): 89 | shutil.copytree(path, os.path.join(dirname,'firewall_logs')) 90 | logging.info('Firewall logs saved.') 91 | print('[*] Retrieved firewall settings and logs.') 92 | 93 | def get_eventlogs(self, dirname): #copy event logs 94 | evtdir = Assessment.make_dir(self, dirname, 'event_logs') 95 | for line in ['Application','System','Security']: 96 | with open (os.path.join(evtdir, '{}.txt'.format(line)), 'wb') as f: 97 | f.write(subprocess.check_output(shlex.split('psloglist.exe -s -t "\\t" -x /accepteula'))) 98 | logging.info('Event logs saved.') 99 | print('[*] Retrieved event logs.') 100 | 101 | def get_gp(self, dirname): #get group policy 102 | try: 103 | subprocess.check_output(shlex.split('gpresult /H gpolicy.html')) 104 | shutil.move('gpolicy.html', os.path.join(dirname,'gpresult')) 105 | logging.info('Group policy saved.') 106 | print('[*] Retrieved group policy.') 107 | except Exception as e: 108 | logging.info('Group Policy Error: {}'.format(e)) 109 | 110 | def get_netinfo(self, dirname): 111 | with open(os.path.join(dirname, "system_info", "ip_configuration.txt"), 'wb') as f: 112 | f.write(subprocess.check_output(shlex.split('ipconfig /all'))) 113 | 114 | with open(os.path.join(dirname, 'system_info', 'network_connections.txt'), 'w') as f: 115 | f.write(""" 116 | ************************************* 117 | + NETSTAT -anbf + 118 | ************************************* 119 | {netstat_all} 120 | 121 | ************************************* 122 | + NETSTAT tcp + 123 | ************************************* 124 | {netstat_tcp} 125 | 126 | ************************************* 127 | + NETSTAT tcp + 128 | ************************************* 129 | {netstat_udp} 130 | 131 | ************************************* 132 | + NETSTAT route + 133 | ************************************* 134 | {netstat_route} 135 | """.format(netstat_all=subprocess.check_output(shlex.split('netstat -anbf')), netstat_tcp=subprocess.check_output(shlex.split('netstat -anp "tcp"')), netstat_udp=subprocess.check_output(shlex.split('netstat -anp "udp"')), netstat_route=subprocess.check_output(shlex.split('netstat -r')) )) 136 | 137 | subprocess.check_output(shlex.split('cports.exe /shtml {}'.format(os.path.join(dirname, 'system_info', 'cports.html')))) 138 | 139 | def __init__(self): 140 | dirname = Assessment.make_dir(self, './', 'audit_{}'.format(platform.node())) 141 | Assessment.config_logger(self, dirname) 142 | self.sys_info(dirname) 143 | self.get_fwlogs(dirname) 144 | self.get_eventlogs(dirname) 145 | self.get_netinfo(dirname) 146 | 147 | class Mac(Assessment): 148 | def __init__(self): 149 | print('hello world from Mac') 150 | 151 | class Linux(Assessment): #TODO: check services and obtain configuration files for services 152 | 153 | def get_programs(self, dirname): #Purpose: retrieve OS installed programs and running processes 154 | #platform.version() 155 | with open(os.path.join('{}/system_info'.format(dirname), "installed_programs.txt"), 'wb') as f: 156 | if 'Debian' in platform.version(): 157 | f.write(subprocess.check_output(shlex.split('dpkg --get-selections'))) #debian distros 158 | else: 159 | try: 160 | f.write(subprocess.check_output(shlex.split('yum list installed'))) #RPM distros (e.g. RHEL, Fedora, Redhat) 161 | except subprocess.CalledProcessError: 162 | f.write('[!] Implement program files for {}'.format(platform.version())) 163 | 164 | #Retrieve list of all available updates 165 | with open(os.path.join(make_dir(dirname, "programs"), "installed_programs.txt"), 'wb') as f: 166 | if 'Debian' in platform.version(): 167 | f.write(subprocess.check_output(shlex.split('sudo apt-get update'))) 168 | else: 169 | try: #RPM (e.g. RHEL, Fedora) 170 | f.write(subprocess.check_output(shlex.split('yum list updates'))) 171 | except subprocess.CalledProcessError: 172 | f.write('[!] Implement update listing for {}'.format(platform.version())) 173 | 174 | def get_services(self, dirname): 175 | with open(os.path.join('{}/system_info'.format(dirname), "services.txt"), 'wb') as f: 176 | f.write(subprocess.check_output(shlex.split('netstat -tulpn'))) 177 | f.write(subprocess.check_output(shlex.split('service --status-all'))) 178 | 179 | if 'running' in subprocess.check_output(shlex.split('service apache2 status')) or in subprocess.check_output(shlex.split('service httpd status')): 180 | shutil.copyfile('/etc/httpd', os.path.join('{}/system_info'.format(dirname), 'apache_httpd')) 181 | 182 | #e.g. if apache in running services -> copy server configuration onto dirname 183 | def __init__(self): 184 | dirname = Assessment.make_dir(self, './', 'audit_{}'.format(platform.node())) 185 | Assessment.config_logger(self, dirname) 186 | Assessment.sys_info(self, dirname) 187 | 188 | -------------------------------------------------------------------------------- /windows_assessment.py: -------------------------------------------------------------------------------- 1 | #Vulnerability Assessment Script for Win Machines 2 | #Author: Jonathan Broche 3 | #Purpose: Retrieve system information such as logs, ports and more in order to investigate possible compromised systems. 4 | #Tested on: Windows 7, XP SP2/SP3 5 | 6 | import urllib.request, platform, os, ctypes, sys, datetime, subprocess, logging, shlex, shutil, time 7 | import xml.etree.ElementTree as ET 8 | 9 | def check_definitions(): #download latest MBSA definitions and run assessment 10 | 11 | if os.path.exists("wsusscn2.cab"): 12 | if datetime.date.fromtimestamp(os.path.getmtime("wsusscn2.cab")) != datetime.date.today(): 13 | try: 14 | print('[*] Updated MBSA CAB file.') 15 | with open ('wsusscn2.cab', 'wb') as f: 16 | f.write(urllib.request.urlopen('http://go.microsoft.com/fwlink/?LinkId=76054').read()) 17 | print('[*] MBSA CAB file successfully updated.') 18 | except Exception as e: 19 | print('Error: {}'.format(e)) 20 | run_assessment('audit_{}'.format(platform.node())) 21 | else: 22 | print('[*] Downloading MBSA CAB file.') 23 | with open ('wsusscn2.cab', 'wb') as f: 24 | f.write(urllib.request.urlopen('http://go.microsoft.com/fwlink/?LinkId=76054').read()) 25 | run_assessment('audit_{}'.format(platform.node())) 26 | 27 | def parse_xml(dirname): 28 | 29 | try: 30 | tree = ET.parse(os.path.join(dirname,'mbsa.xml')) 31 | root = tree.getroot() 32 | 33 | with open(os.path.join(dirname,'mbsa_results.txt'),'w') as f: 34 | 35 | try: 36 | f.write('*************************************************************************\n') 37 | f.write('Developer Tools, Runtimes and Redistributables Security Updates - {}'.format(root[1][0].text)) #dev updates 38 | f.write('\n*************************************************************************\n\n') 39 | for child in root[1][1]: 40 | if child.attrib['IsInstalled'].lower() == 'true': #update installed 41 | pass 42 | else: 43 | for subchild in child: #update not installed - write to file 44 | if subchild.tag.lower() in 'title': 45 | f.write('Title: {}\n'.format(subchild.text)) 46 | for subsubchild in subchild: 47 | if subsubchild.tag.lower() in {'bulletinurl', 'downloadurl'}: 48 | if subsubchild.tag.lower() in 'bulletinurl': 49 | f.write('BulletinURL: {}\n'.format(subsubchild.text)) 50 | else: 51 | f.write('DownloadURL: {}\n\n--\n'.format(subsubchild.text)) 52 | except IndexError: 53 | pass 54 | 55 | 56 | try: 57 | f.write('\n*************************************************************************\n') 58 | f.write('Office Security Updates - {}'.format(root[2][0].text))#Office Security Updates 59 | f.write('\n*************************************************************************\n\n') 60 | for child in root[2][1]: 61 | if child.attrib['IsInstalled'].lower() == 'true': #update installed 62 | pass 63 | else: 64 | for subchild in child: #update not installed - write to file 65 | if subchild.tag.lower() in 'title': 66 | f.write('Title: {}\n'.format(subchild.text)) 67 | for subsubchild in subchild: 68 | if subsubchild.tag.lower() in {'bulletinurl', 'downloadurl'}: 69 | if subsubchild.tag.lower() in 'bulletinurl': 70 | f.write('BulletinURL: {}\n'.format(subsubchild.text)) 71 | else: 72 | f.write('DownloadURL: {}\n\n--\n'.format(subsubchild.text)) 73 | except IndexError: 74 | pass 75 | 76 | 77 | try: 78 | f.write('\n*************************************************************************\n') 79 | f.write('SQL Server Security Updates - {}'.format(root[3][0].text)) #SQL 80 | f.write('\n*************************************************************************\n\n') 81 | for child in root[3][1]: 82 | if child.attrib['IsInstalled'].lower() == 'true': #update installed 83 | pass 84 | else: 85 | for subchild in child: #update not installed - write to file 86 | if subchild.tag.lower() in 'title': 87 | f.write('Title: {}\n'.format(subchild.text)) 88 | for subsubchild in subchild: 89 | if subsubchild.tag.lower() in {'bulletinurl', 'downloadurl'}: 90 | if subsubchild.tag.lower() in 'bulletinurl': 91 | f.write('BulletinURL: {}\n'.format(subsubchild.text)) 92 | else: 93 | f.write('DownloadURL: {}\n\n--\n'.format(subsubchild.text)) 94 | except IndexError: 95 | pass 96 | 97 | 98 | 99 | try: 100 | f.write('\n*************************************************************************\n') 101 | f.write('Windows Security Updates - {}'.format(root[4][0].text)) #Windows Security Updates 102 | f.write('\n*************************************************************************\n\n') 103 | for child in root[4][1]: 104 | if child.attrib['IsInstalled'].lower() == 'true': #update installed 105 | pass 106 | else: 107 | for subchild in child: #update not installed - write to file 108 | if subchild.tag.lower() in 'title': 109 | f.write('Title: {}\n'.format(subchild.text)) 110 | for subsubchild in subchild: 111 | if subsubchild.tag.lower() in {'bulletinurl', 'downloadurl'}: 112 | if subsubchild.tag.lower() in 'bulletinurl': 113 | f.write('BulletinURL: {}\n'.format(subsubchild.text)) 114 | else: 115 | f.write('DownloadURL: {}\n\n--\n'.format(subsubchild.text)) 116 | except IndexError: 117 | pass 118 | 119 | try: 120 | f.write('\n*************************************************************************\n') 121 | f.write('Incomplete Updates - {}'.format(root[5][0].text)) #Incomplete Updates 122 | f.write('\n*************************************************************************\n') 123 | for child in root[5][1]: 124 | if child.attrib['IsInstalled'].lower() == 'true': #update installed 125 | pass 126 | else: 127 | for subchild in child: #update not installed - write to file 128 | if subchild.tag.lower() in 'title': 129 | f.write('Title: {}\n'.format(subchild.text)) 130 | for subsubchild in subchild: 131 | if subsubchild.tag.lower() in {'bulletinurl', 'downloadurl'}: 132 | if subsubchild.tag.lower() in 'bulletinurl': 133 | f.write('BulletinURL: {}\n'.format(subsubchild.text)) 134 | else: 135 | f.write('DownloadURL: {}\n\n--\n'.format(subsubchild.text)) 136 | except IndexError: 137 | pass 138 | 139 | except Exception as e: 140 | logging.info('Parse XML Error: {}'.format(e)) 141 | 142 | 143 | 144 | def run_assessment(dirname): 145 | 146 | if os.path.exists(dirname): #create directory TODO: make a better naming scheme/format 147 | dirname = 'audit_{}_{}'.format(platform.node(), str(datetime.datetime.now()).replace(':','_')).replace(' ','_').replace('.','_') 148 | os.mkdir(dirname) 149 | print('[*] {} directory created.'.format(dirname)) 150 | else: 151 | os.mkdir(dirname) 152 | print('[*] {} directory created.'.format(dirname)) 153 | 154 | #create log file 155 | logging.basicConfig(filename='{}.log'.format(os.path.join(dirname,dirname)), 156 | format='%(asctime)s %(levelname)s: %(message)s \n', 157 | datefmt='%a, %d %b %Y %I:%M:%S%p', 158 | level='INFO') 159 | 160 | logging.info('Starting Assessment') 161 | logging.info('OS: {} - Machine name: {} - Logged in user: {}'.format(platform.platform(), platform.node(), os.environ['USERNAME'])) 162 | print('[*] Logger started.') 163 | 164 | try: 165 | print('[*] Starting assessment.') 166 | #create directories 167 | for dir in {'sys_info','event_logs','firewall_logs','gpresult','mcafee_logs'}: 168 | os.mkdir(os.path.join(dirname,dir)) 169 | logging.info('System information saved.') 170 | 171 | os.system('systeminfo | find /i "install" > {}\sys_info\system_info.txt'.format(dirname)) 172 | os.system('psinfo.exe -d -s -h /accepteula >> {}\sys_info\system_info.txt'.format(dirname)) 173 | print('[*] Retrieved systeminfo.') 174 | 175 | with open (os.path.join(dirname, 'sys_info', 'ip_config.txt'), 'wb') as f: 176 | f.write(subprocess.check_output(shlex.split('ipconfig /all'))) 177 | logging.info('IP configuration saved.') 178 | print('[*] Retrieved ip configuration.') 179 | 180 | 181 | with open (os.path.join(dirname, 'sys_info', 'set_info.txt'), 'w') as f: 182 | for variable in os.environ: 183 | f.write('{}: {}\n'.format(variable, os.environ[variable])) 184 | logging.info('Environment variables saved.') 185 | print('[*] Retrieved env variables.') 186 | 187 | try: 188 | print('[*] Starting MBSA.\n') 189 | with open (os.path.join(dirname, 'mbsa.xml'), 'wb') as f: 190 | f.write(subprocess.check_output(shlex.split('mbsacli.exe /catalog wsusscn2.cab /wi /nvc /nd /xmlout'))) 191 | parse_xml(dirname) 192 | except Exception as e: 193 | print('[!] MBSA Error: {}'.format(e)) 194 | logging.info('MBSA Error: {}'.format(e)) 195 | print('[*] Status Report: 25% Completed') 196 | 197 | #cports 198 | subprocess.check_output(shlex.split('cports.exe /shtml "{}"'.format(os.path.join(dirname,'sys_info','cports.html')))) 199 | logging.info('Services and ports saved.') 200 | print('[*] Retrieved ports.') 201 | 202 | #processes 203 | with open (os.path.join(dirname,'sys_info','process_info.txt'), 'wb') as f: 204 | f.write(subprocess.check_output(shlex.split('pslist.exe /accepteula'))) 205 | logging.info('Process information saved.') 206 | print('[*] Retrieved processes.') 207 | 208 | for line in ["users","policy","rights","shares","printers","services","groups"]: 209 | subprocess.check_output(shlex.split('dumpsec.exe /rpt="{}" /saveas=fixed /showtruelastlogon /outfile="{}.txt"'.format(line, os.path.join(dirname,'sys_info', line)))) 210 | logging.info('Group policy information saved.') 211 | print('[*] Status Report: 50% Completed') 212 | 213 | #Save the list of event log files 214 | for line in ['Application','System','Security']: 215 | with open (os.path.join(dirname, 'event_logs', '{}.txt'.format(line)), 'wb') as f: 216 | f.write(subprocess.check_output(shlex.split('psloglist.exe -s -t "\\t" -x /accepteula'))) 217 | logging.info('Event logs saved.') 218 | print('[*] Retrieved event logs.') 219 | 220 | #firewall settings 221 | with open (os.path.join(dirname, 'firewall_logs', 'FWSetting.txt'), 'wb') as f: 222 | if platform.win32_ver()[0] == '7': 223 | f.write(subprocess.check_output(shlex.split('netsh firewall show state verbose = enable'))) 224 | f.write(subprocess.check_output(shlex.split('netsh advfirewall firewall show rule name=all'))) 225 | else: 226 | f.write(subprocess.check_output(shlex.split('netsh firewall show state verbose = enable'))) 227 | logging.info('Firewall settings saved.') 228 | print('[*] Retrieved firewall settings.') 229 | print('[*] Status Report: 75% Completed') 230 | 231 | #copy firewall logs 232 | for path in {'{}\\pfirewall.log'.format(os.environ.get('systemroot')), '{}\\system32\\LogFiles\\Firewall\\pfirewall.log'.format(os.environ.get('systemroot')), '{}\\system32\\LogFiles\\Firewall\\w7firewall.log'.format(os.environ.get('systemroot'))}: 233 | if os.path.exists(path): 234 | shutil.copytree(path, os.path.join(dirname,'firewall_logs')) 235 | logging.info('Firewall logs saved.') 236 | 237 | 238 | #group policy 239 | try: 240 | subprocess.check_output(shlex.split('gpresult /H gpolicy.html')) 241 | shutil.move('gpolicy.html', os.path.join(dirname,'gpresult')) 242 | logging.info('Group policy saved.') 243 | print('[*] Retrieved group policy.') 244 | except Exception as e: 245 | logging.info('Group Policy Error: {}'.format(e)) 246 | 247 | #copy mcafee logs 248 | if os.environ.get("VSEDEFLOGDIR"): 249 | shutil.copytree(os.environ.get('VSEDEFLOGDIR'), os.path.join(dirname, 'mcafee_logs', 'logs')) 250 | logging.info('Assessment Finished.') 251 | print('[*] Retrieved anti-virus logs.') 252 | print('[*] Status Report: 100% Completed') 253 | time.sleep(2) 254 | 255 | except Exception as e: 256 | print(e) 257 | logging.info('Error: {}'.format(e)) 258 | 259 | def main(): #TODO: create functions that point to main 260 | if platform.system() == "Windows" and ctypes.windll.shell32.IsUserAnAdmin(): 261 | check_definitions() 262 | else: 263 | print('[!] Run application as administrator.') 264 | time.sleep(20) 265 | if __name__ == '__main__': 266 | main() --------------------------------------------------------------------------------