├── LICENSE
├── README.md
├── data
└── guest_enum.db
├── fire.py
├── guestlist.py
└── requirements.txt
/LICENSE:
--------------------------------------------------------------------------------
1 | GNU GENERAL PUBLIC LICENSE
2 | Version 3, 29 June 2007
3 |
4 | Copyright (C) 2007 Free Software Foundation, Inc.
5 | Everyone is permitted to copy and distribute verbatim copies
6 | of this license document, but changing it is not allowed.
7 |
8 | Preamble
9 |
10 | The GNU General Public License is a free, copyleft license for
11 | software and other kinds of works.
12 |
13 | The licenses for most software and other practical works are designed
14 | to take away your freedom to share and change the works. By contrast,
15 | the GNU General Public License is intended to guarantee your freedom to
16 | share and change all versions of a program--to make sure it remains free
17 | software for all its users. We, the Free Software Foundation, use the
18 | GNU General Public License for most of our software; it applies also to
19 | any other work released this way by its authors. You can apply it to
20 | your programs, too.
21 |
22 | When we speak of free software, we are referring to freedom, not
23 | price. Our General Public Licenses are designed to make sure that you
24 | have the freedom to distribute copies of free software (and charge for
25 | them if you wish), that you receive source code or can get it if you
26 | want it, that you can change the software or use pieces of it in new
27 | free programs, and that you know you can do these things.
28 |
29 | To protect your rights, we need to prevent others from denying you
30 | these rights or asking you to surrender the rights. Therefore, you have
31 | certain responsibilities if you distribute copies of the software, or if
32 | you modify it: responsibilities to respect the freedom of others.
33 |
34 | For example, if you distribute copies of such a program, whether
35 | gratis or for a fee, you must pass on to the recipients the same
36 | freedoms that you received. You must make sure that they, too, receive
37 | or can get the source code. And you must show them these terms so they
38 | know their rights.
39 |
40 | Developers that use the GNU GPL protect your rights with two steps:
41 | (1) assert copyright on the software, and (2) offer you this License
42 | giving you legal permission to copy, distribute and/or modify it.
43 |
44 | For the developers' and authors' protection, the GPL clearly explains
45 | that there is no warranty for this free software. For both users' and
46 | authors' sake, the GPL requires that modified versions be marked as
47 | changed, so that their problems will not be attributed erroneously to
48 | authors of previous versions.
49 |
50 | Some devices are designed to deny users access to install or run
51 | modified versions of the software inside them, although the manufacturer
52 | can do so. This is fundamentally incompatible with the aim of
53 | protecting users' freedom to change the software. The systematic
54 | pattern of such abuse occurs in the area of products for individuals to
55 | use, which is precisely where it is most unacceptable. Therefore, we
56 | have designed this version of the GPL to prohibit the practice for those
57 | products. If such problems arise substantially in other domains, we
58 | stand ready to extend this provision to those domains in future versions
59 | of the GPL, as needed to protect the freedom of users.
60 |
61 | Finally, every program is threatened constantly by software patents.
62 | States should not allow patents to restrict development and use of
63 | software on general-purpose computers, but in those that do, we wish to
64 | avoid the special danger that patents applied to a free program could
65 | make it effectively proprietary. To prevent this, the GPL assures that
66 | patents cannot be used to render the program non-free.
67 |
68 | The precise terms and conditions for copying, distribution and
69 | modification follow.
70 |
71 | TERMS AND CONDITIONS
72 |
73 | 0. Definitions.
74 |
75 | "This License" refers to version 3 of the GNU General Public License.
76 |
77 | "Copyright" also means copyright-like laws that apply to other kinds of
78 | works, such as semiconductor masks.
79 |
80 | "The Program" refers to any copyrightable work licensed under this
81 | License. Each licensee is addressed as "you". "Licensees" and
82 | "recipients" may be individuals or organizations.
83 |
84 | To "modify" a work means to copy from or adapt all or part of the work
85 | in a fashion requiring copyright permission, other than the making of an
86 | exact copy. The resulting work is called a "modified version" of the
87 | earlier work or a work "based on" the earlier work.
88 |
89 | A "covered work" means either the unmodified Program or a work based
90 | on the Program.
91 |
92 | To "propagate" a work means to do anything with it that, without
93 | permission, would make you directly or secondarily liable for
94 | infringement under applicable copyright law, except executing it on a
95 | computer or modifying a private copy. Propagation includes copying,
96 | distribution (with or without modification), making available to the
97 | public, and in some countries other activities as well.
98 |
99 | To "convey" a work means any kind of propagation that enables other
100 | parties to make or receive copies. Mere interaction with a user through
101 | a computer network, with no transfer of a copy, is not conveying.
102 |
103 | An interactive user interface displays "Appropriate Legal Notices"
104 | to the extent that it includes a convenient and prominently visible
105 | feature that (1) displays an appropriate copyright notice, and (2)
106 | tells the user that there is no warranty for the work (except to the
107 | extent that warranties are provided), that licensees may convey the
108 | work under this License, and how to view a copy of this License. If
109 | the interface presents a list of user commands or options, such as a
110 | menu, a prominent item in the list meets this criterion.
111 |
112 | 1. Source Code.
113 |
114 | The "source code" for a work means the preferred form of the work
115 | for making modifications to it. "Object code" means any non-source
116 | form of a work.
117 |
118 | A "Standard Interface" means an interface that either is an official
119 | standard defined by a recognized standards body, or, in the case of
120 | interfaces specified for a particular programming language, one that
121 | is widely used among developers working in that language.
122 |
123 | The "System Libraries" of an executable work include anything, other
124 | than the work as a whole, that (a) is included in the normal form of
125 | packaging a Major Component, but which is not part of that Major
126 | Component, and (b) serves only to enable use of the work with that
127 | Major Component, or to implement a Standard Interface for which an
128 | implementation is available to the public in source code form. A
129 | "Major Component", in this context, means a major essential component
130 | (kernel, window system, and so on) of the specific operating system
131 | (if any) on which the executable work runs, or a compiler used to
132 | produce the work, or an object code interpreter used to run it.
133 |
134 | The "Corresponding Source" for a work in object code form means all
135 | the source code needed to generate, install, and (for an executable
136 | work) run the object code and to modify the work, including scripts to
137 | control those activities. However, it does not include the work's
138 | System Libraries, or general-purpose tools or generally available free
139 | programs which are used unmodified in performing those activities but
140 | which are not part of the work. For example, Corresponding Source
141 | includes interface definition files associated with source files for
142 | the work, and the source code for shared libraries and dynamically
143 | linked subprograms that the work is specifically designed to require,
144 | such as by intimate data communication or control flow between those
145 | subprograms and other parts of the work.
146 |
147 | The Corresponding Source need not include anything that users
148 | can regenerate automatically from other parts of the Corresponding
149 | Source.
150 |
151 | The Corresponding Source for a work in source code form is that
152 | same work.
153 |
154 | 2. Basic Permissions.
155 |
156 | All rights granted under this License are granted for the term of
157 | copyright on the Program, and are irrevocable provided the stated
158 | conditions are met. This License explicitly affirms your unlimited
159 | permission to run the unmodified Program. The output from running a
160 | covered work is covered by this License only if the output, given its
161 | content, constitutes a covered work. This License acknowledges your
162 | rights of fair use or other equivalent, as provided by copyright law.
163 |
164 | You may make, run and propagate covered works that you do not
165 | convey, without conditions so long as your license otherwise remains
166 | in force. You may convey covered works to others for the sole purpose
167 | of having them make modifications exclusively for you, or provide you
168 | with facilities for running those works, provided that you comply with
169 | the terms of this License in conveying all material for which you do
170 | not control copyright. Those thus making or running the covered works
171 | for you must do so exclusively on your behalf, under your direction
172 | and control, on terms that prohibit them from making any copies of
173 | your copyrighted material outside their relationship with you.
174 |
175 | Conveying under any other circumstances is permitted solely under
176 | the conditions stated below. Sublicensing is not allowed; section 10
177 | makes it unnecessary.
178 |
179 | 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
180 |
181 | No covered work shall be deemed part of an effective technological
182 | measure under any applicable law fulfilling obligations under article
183 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or
184 | similar laws prohibiting or restricting circumvention of such
185 | measures.
186 |
187 | When you convey a covered work, you waive any legal power to forbid
188 | circumvention of technological measures to the extent such circumvention
189 | is effected by exercising rights under this License with respect to
190 | the covered work, and you disclaim any intention to limit operation or
191 | modification of the work as a means of enforcing, against the work's
192 | users, your or third parties' legal rights to forbid circumvention of
193 | technological measures.
194 |
195 | 4. Conveying Verbatim Copies.
196 |
197 | You may convey verbatim copies of the Program's source code as you
198 | receive it, in any medium, provided that you conspicuously and
199 | appropriately publish on each copy an appropriate copyright notice;
200 | keep intact all notices stating that this License and any
201 | non-permissive terms added in accord with section 7 apply to the code;
202 | keep intact all notices of the absence of any warranty; and give all
203 | recipients a copy of this License along with the Program.
204 |
205 | You may charge any price or no price for each copy that you convey,
206 | and you may offer support or warranty protection for a fee.
207 |
208 | 5. Conveying Modified Source Versions.
209 |
210 | You may convey a work based on the Program, or the modifications to
211 | produce it from the Program, in the form of source code under the
212 | terms of section 4, provided that you also meet all of these conditions:
213 |
214 | a) The work must carry prominent notices stating that you modified
215 | it, and giving a relevant date.
216 |
217 | b) The work must carry prominent notices stating that it is
218 | released under this License and any conditions added under section
219 | 7. This requirement modifies the requirement in section 4 to
220 | "keep intact all notices".
221 |
222 | c) You must license the entire work, as a whole, under this
223 | License to anyone who comes into possession of a copy. This
224 | License will therefore apply, along with any applicable section 7
225 | additional terms, to the whole of the work, and all its parts,
226 | regardless of how they are packaged. This License gives no
227 | permission to license the work in any other way, but it does not
228 | invalidate such permission if you have separately received it.
229 |
230 | d) If the work has interactive user interfaces, each must display
231 | Appropriate Legal Notices; however, if the Program has interactive
232 | interfaces that do not display Appropriate Legal Notices, your
233 | work need not make them do so.
234 |
235 | A compilation of a covered work with other separate and independent
236 | works, which are not by their nature extensions of the covered work,
237 | and which are not combined with it such as to form a larger program,
238 | in or on a volume of a storage or distribution medium, is called an
239 | "aggregate" if the compilation and its resulting copyright are not
240 | used to limit the access or legal rights of the compilation's users
241 | beyond what the individual works permit. Inclusion of a covered work
242 | in an aggregate does not cause this License to apply to the other
243 | parts of the aggregate.
244 |
245 | 6. Conveying Non-Source Forms.
246 |
247 | You may convey a covered work in object code form under the terms
248 | of sections 4 and 5, provided that you also convey the
249 | machine-readable Corresponding Source under the terms of this License,
250 | in one of these ways:
251 |
252 | a) Convey the object code in, or embodied in, a physical product
253 | (including a physical distribution medium), accompanied by the
254 | Corresponding Source fixed on a durable physical medium
255 | customarily used for software interchange.
256 |
257 | b) Convey the object code in, or embodied in, a physical product
258 | (including a physical distribution medium), accompanied by a
259 | written offer, valid for at least three years and valid for as
260 | long as you offer spare parts or customer support for that product
261 | model, to give anyone who possesses the object code either (1) a
262 | copy of the Corresponding Source for all the software in the
263 | product that is covered by this License, on a durable physical
264 | medium customarily used for software interchange, for a price no
265 | more than your reasonable cost of physically performing this
266 | conveying of source, or (2) access to copy the
267 | Corresponding Source from a network server at no charge.
268 |
269 | c) Convey individual copies of the object code with a copy of the
270 | written offer to provide the Corresponding Source. This
271 | alternative is allowed only occasionally and noncommercially, and
272 | only if you received the object code with such an offer, in accord
273 | with subsection 6b.
274 |
275 | d) Convey the object code by offering access from a designated
276 | place (gratis or for a charge), and offer equivalent access to the
277 | Corresponding Source in the same way through the same place at no
278 | further charge. You need not require recipients to copy the
279 | Corresponding Source along with the object code. If the place to
280 | copy the object code is a network server, the Corresponding Source
281 | may be on a different server (operated by you or a third party)
282 | that supports equivalent copying facilities, provided you maintain
283 | clear directions next to the object code saying where to find the
284 | Corresponding Source. Regardless of what server hosts the
285 | Corresponding Source, you remain obligated to ensure that it is
286 | available for as long as needed to satisfy these requirements.
287 |
288 | e) Convey the object code using peer-to-peer transmission, provided
289 | you inform other peers where the object code and Corresponding
290 | Source of the work are being offered to the general public at no
291 | charge under subsection 6d.
292 |
293 | A separable portion of the object code, whose source code is excluded
294 | from the Corresponding Source as a System Library, need not be
295 | included in conveying the object code work.
296 |
297 | A "User Product" is either (1) a "consumer product", which means any
298 | tangible personal property which is normally used for personal, family,
299 | or household purposes, or (2) anything designed or sold for incorporation
300 | into a dwelling. In determining whether a product is a consumer product,
301 | doubtful cases shall be resolved in favor of coverage. For a particular
302 | product received by a particular user, "normally used" refers to a
303 | typical or common use of that class of product, regardless of the status
304 | of the particular user or of the way in which the particular user
305 | actually uses, or expects or is expected to use, the product. A product
306 | is a consumer product regardless of whether the product has substantial
307 | commercial, industrial or non-consumer uses, unless such uses represent
308 | the only significant mode of use of the product.
309 |
310 | "Installation Information" for a User Product means any methods,
311 | procedures, authorization keys, or other information required to install
312 | and execute modified versions of a covered work in that User Product from
313 | a modified version of its Corresponding Source. The information must
314 | suffice to ensure that the continued functioning of the modified object
315 | code is in no case prevented or interfered with solely because
316 | modification has been made.
317 |
318 | If you convey an object code work under this section in, or with, or
319 | specifically for use in, a User Product, and the conveying occurs as
320 | part of a transaction in which the right of possession and use of the
321 | User Product is transferred to the recipient in perpetuity or for a
322 | fixed term (regardless of how the transaction is characterized), the
323 | Corresponding Source conveyed under this section must be accompanied
324 | by the Installation Information. But this requirement does not apply
325 | if neither you nor any third party retains the ability to install
326 | modified object code on the User Product (for example, the work has
327 | been installed in ROM).
328 |
329 | The requirement to provide Installation Information does not include a
330 | requirement to continue to provide support service, warranty, or updates
331 | for a work that has been modified or installed by the recipient, or for
332 | the User Product in which it has been modified or installed. Access to a
333 | network may be denied when the modification itself materially and
334 | adversely affects the operation of the network or violates the rules and
335 | protocols for communication across the network.
336 |
337 | Corresponding Source conveyed, and Installation Information provided,
338 | in accord with this section must be in a format that is publicly
339 | documented (and with an implementation available to the public in
340 | source code form), and must require no special password or key for
341 | unpacking, reading or copying.
342 |
343 | 7. Additional Terms.
344 |
345 | "Additional permissions" are terms that supplement the terms of this
346 | License by making exceptions from one or more of its conditions.
347 | Additional permissions that are applicable to the entire Program shall
348 | be treated as though they were included in this License, to the extent
349 | that they are valid under applicable law. If additional permissions
350 | apply only to part of the Program, that part may be used separately
351 | under those permissions, but the entire Program remains governed by
352 | this License without regard to the additional permissions.
353 |
354 | When you convey a copy of a covered work, you may at your option
355 | remove any additional permissions from that copy, or from any part of
356 | it. (Additional permissions may be written to require their own
357 | removal in certain cases when you modify the work.) You may place
358 | additional permissions on material, added by you to a covered work,
359 | for which you have or can give appropriate copyright permission.
360 |
361 | Notwithstanding any other provision of this License, for material you
362 | add to a covered work, you may (if authorized by the copyright holders of
363 | that material) supplement the terms of this License with terms:
364 |
365 | a) Disclaiming warranty or limiting liability differently from the
366 | terms of sections 15 and 16 of this License; or
367 |
368 | b) Requiring preservation of specified reasonable legal notices or
369 | author attributions in that material or in the Appropriate Legal
370 | Notices displayed by works containing it; or
371 |
372 | c) Prohibiting misrepresentation of the origin of that material, or
373 | requiring that modified versions of such material be marked in
374 | reasonable ways as different from the original version; or
375 |
376 | d) Limiting the use for publicity purposes of names of licensors or
377 | authors of the material; or
378 |
379 | e) Declining to grant rights under trademark law for use of some
380 | trade names, trademarks, or service marks; or
381 |
382 | f) Requiring indemnification of licensors and authors of that
383 | material by anyone who conveys the material (or modified versions of
384 | it) with contractual assumptions of liability to the recipient, for
385 | any liability that these contractual assumptions directly impose on
386 | those licensors and authors.
387 |
388 | All other non-permissive additional terms are considered "further
389 | restrictions" within the meaning of section 10. If the Program as you
390 | received it, or any part of it, contains a notice stating that it is
391 | governed by this License along with a term that is a further
392 | restriction, you may remove that term. If a license document contains
393 | a further restriction but permits relicensing or conveying under this
394 | License, you may add to a covered work material governed by the terms
395 | of that license document, provided that the further restriction does
396 | not survive such relicensing or conveying.
397 |
398 | If you add terms to a covered work in accord with this section, you
399 | must place, in the relevant source files, a statement of the
400 | additional terms that apply to those files, or a notice indicating
401 | where to find the applicable terms.
402 |
403 | Additional terms, permissive or non-permissive, may be stated in the
404 | form of a separately written license, or stated as exceptions;
405 | the above requirements apply either way.
406 |
407 | 8. Termination.
408 |
409 | You may not propagate or modify a covered work except as expressly
410 | provided under this License. Any attempt otherwise to propagate or
411 | modify it is void, and will automatically terminate your rights under
412 | this License (including any patent licenses granted under the third
413 | paragraph of section 11).
414 |
415 | However, if you cease all violation of this License, then your
416 | license from a particular copyright holder is reinstated (a)
417 | provisionally, unless and until the copyright holder explicitly and
418 | finally terminates your license, and (b) permanently, if the copyright
419 | holder fails to notify you of the violation by some reasonable means
420 | prior to 60 days after the cessation.
421 |
422 | Moreover, your license from a particular copyright holder is
423 | reinstated permanently if the copyright holder notifies you of the
424 | violation by some reasonable means, this is the first time you have
425 | received notice of violation of this License (for any work) from that
426 | copyright holder, and you cure the violation prior to 30 days after
427 | your receipt of the notice.
428 |
429 | Termination of your rights under this section does not terminate the
430 | licenses of parties who have received copies or rights from you under
431 | this License. If your rights have been terminated and not permanently
432 | reinstated, you do not qualify to receive new licenses for the same
433 | material under section 10.
434 |
435 | 9. Acceptance Not Required for Having Copies.
436 |
437 | You are not required to accept this License in order to receive or
438 | run a copy of the Program. Ancillary propagation of a covered work
439 | occurring solely as a consequence of using peer-to-peer transmission
440 | to receive a copy likewise does not require acceptance. However,
441 | nothing other than this License grants you permission to propagate or
442 | modify any covered work. These actions infringe copyright if you do
443 | not accept this License. Therefore, by modifying or propagating a
444 | covered work, you indicate your acceptance of this License to do so.
445 |
446 | 10. Automatic Licensing of Downstream Recipients.
447 |
448 | Each time you convey a covered work, the recipient automatically
449 | receives a license from the original licensors, to run, modify and
450 | propagate that work, subject to this License. You are not responsible
451 | for enforcing compliance by third parties with this License.
452 |
453 | An "entity transaction" is a transaction transferring control of an
454 | organization, or substantially all assets of one, or subdividing an
455 | organization, or merging organizations. If propagation of a covered
456 | work results from an entity transaction, each party to that
457 | transaction who receives a copy of the work also receives whatever
458 | licenses to the work the party's predecessor in interest had or could
459 | give under the previous paragraph, plus a right to possession of the
460 | Corresponding Source of the work from the predecessor in interest, if
461 | the predecessor has it or can get it with reasonable efforts.
462 |
463 | You may not impose any further restrictions on the exercise of the
464 | rights granted or affirmed under this License. For example, you may
465 | not impose a license fee, royalty, or other charge for exercise of
466 | rights granted under this License, and you may not initiate litigation
467 | (including a cross-claim or counterclaim in a lawsuit) alleging that
468 | any patent claim is infringed by making, using, selling, offering for
469 | sale, or importing the Program or any portion of it.
470 |
471 | 11. Patents.
472 |
473 | A "contributor" is a copyright holder who authorizes use under this
474 | License of the Program or a work on which the Program is based. The
475 | work thus licensed is called the contributor's "contributor version".
476 |
477 | A contributor's "essential patent claims" are all patent claims
478 | owned or controlled by the contributor, whether already acquired or
479 | hereafter acquired, that would be infringed by some manner, permitted
480 | by this License, of making, using, or selling its contributor version,
481 | but do not include claims that would be infringed only as a
482 | consequence of further modification of the contributor version. For
483 | purposes of this definition, "control" includes the right to grant
484 | patent sublicenses in a manner consistent with the requirements of
485 | this License.
486 |
487 | Each contributor grants you a non-exclusive, worldwide, royalty-free
488 | patent license under the contributor's essential patent claims, to
489 | make, use, sell, offer for sale, import and otherwise run, modify and
490 | propagate the contents of its contributor version.
491 |
492 | In the following three paragraphs, a "patent license" is any express
493 | agreement or commitment, however denominated, not to enforce a patent
494 | (such as an express permission to practice a patent or covenant not to
495 | sue for patent infringement). To "grant" such a patent license to a
496 | party means to make such an agreement or commitment not to enforce a
497 | patent against the party.
498 |
499 | If you convey a covered work, knowingly relying on a patent license,
500 | and the Corresponding Source of the work is not available for anyone
501 | to copy, free of charge and under the terms of this License, through a
502 | publicly available network server or other readily accessible means,
503 | then you must either (1) cause the Corresponding Source to be so
504 | available, or (2) arrange to deprive yourself of the benefit of the
505 | patent license for this particular work, or (3) arrange, in a manner
506 | consistent with the requirements of this License, to extend the patent
507 | license to downstream recipients. "Knowingly relying" means you have
508 | actual knowledge that, but for the patent license, your conveying the
509 | covered work in a country, or your recipient's use of the covered work
510 | in a country, would infringe one or more identifiable patents in that
511 | country that you have reason to believe are valid.
512 |
513 | If, pursuant to or in connection with a single transaction or
514 | arrangement, you convey, or propagate by procuring conveyance of, a
515 | covered work, and grant a patent license to some of the parties
516 | receiving the covered work authorizing them to use, propagate, modify
517 | or convey a specific copy of the covered work, then the patent license
518 | you grant is automatically extended to all recipients of the covered
519 | work and works based on it.
520 |
521 | A patent license is "discriminatory" if it does not include within
522 | the scope of its coverage, prohibits the exercise of, or is
523 | conditioned on the non-exercise of one or more of the rights that are
524 | specifically granted under this License. You may not convey a covered
525 | work if you are a party to an arrangement with a third party that is
526 | in the business of distributing software, under which you make payment
527 | to the third party based on the extent of your activity of conveying
528 | the work, and under which the third party grants, to any of the
529 | parties who would receive the covered work from you, a discriminatory
530 | patent license (a) in connection with copies of the covered work
531 | conveyed by you (or copies made from those copies), or (b) primarily
532 | for and in connection with specific products or compilations that
533 | contain the covered work, unless you entered into that arrangement,
534 | or that patent license was granted, prior to 28 March 2007.
535 |
536 | Nothing in this License shall be construed as excluding or limiting
537 | any implied license or other defenses to infringement that may
538 | otherwise be available to you under applicable patent law.
539 |
540 | 12. No Surrender of Others' Freedom.
541 |
542 | If conditions are imposed on you (whether by court order, agreement or
543 | otherwise) that contradict the conditions of this License, they do not
544 | excuse you from the conditions of this License. If you cannot convey a
545 | covered work so as to satisfy simultaneously your obligations under this
546 | License and any other pertinent obligations, then as a consequence you may
547 | not convey it at all. For example, if you agree to terms that obligate you
548 | to collect a royalty for further conveying from those to whom you convey
549 | the Program, the only way you could satisfy both those terms and this
550 | License would be to refrain entirely from conveying the Program.
551 |
552 | 13. Use with the GNU Affero General Public License.
553 |
554 | Notwithstanding any other provision of this License, you have
555 | permission to link or combine any covered work with a work licensed
556 | under version 3 of the GNU Affero General Public License into a single
557 | combined work, and to convey the resulting work. The terms of this
558 | License will continue to apply to the part which is the covered work,
559 | but the special requirements of the GNU Affero General Public License,
560 | section 13, concerning interaction through a network will apply to the
561 | combination as such.
562 |
563 | 14. Revised Versions of this License.
564 |
565 | The Free Software Foundation may publish revised and/or new versions of
566 | the GNU General Public License from time to time. Such new versions will
567 | be similar in spirit to the present version, but may differ in detail to
568 | address new problems or concerns.
569 |
570 | Each version is given a distinguishing version number. If the
571 | Program specifies that a certain numbered version of the GNU General
572 | Public License "or any later version" applies to it, you have the
573 | option of following the terms and conditions either of that numbered
574 | version or of any later version published by the Free Software
575 | Foundation. If the Program does not specify a version number of the
576 | GNU General Public License, you may choose any version ever published
577 | by the Free Software Foundation.
578 |
579 | If the Program specifies that a proxy can decide which future
580 | versions of the GNU General Public License can be used, that proxy's
581 | public statement of acceptance of a version permanently authorizes you
582 | to choose that version for the Program.
583 |
584 | Later license versions may give you additional or different
585 | permissions. However, no additional obligations are imposed on any
586 | author or copyright holder as a result of your choosing to follow a
587 | later version.
588 |
589 | 15. Disclaimer of Warranty.
590 |
591 | THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
592 | APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
593 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
594 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
595 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
596 | PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
597 | IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
598 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
599 |
600 | 16. Limitation of Liability.
601 |
602 | IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
603 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
604 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
605 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
606 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
607 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
608 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
609 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
610 | SUCH DAMAGES.
611 |
612 | 17. Interpretation of Sections 15 and 16.
613 |
614 | If the disclaimer of warranty and limitation of liability provided
615 | above cannot be given local legal effect according to their terms,
616 | reviewing courts shall apply local law that most closely approximates
617 | an absolute waiver of all civil liability in connection with the
618 | Program, unless a warranty or assumption of liability accompanies a
619 | copy of the Program in return for a fee.
620 |
621 | END OF TERMS AND CONDITIONS
622 |
623 | How to Apply These Terms to Your New Programs
624 |
625 | If you develop a new program, and you want it to be of the greatest
626 | possible use to the public, the best way to achieve this is to make it
627 | free software which everyone can redistribute and change under these terms.
628 |
629 | To do so, attach the following notices to the program. It is safest
630 | to attach them to the start of each source file to most effectively
631 | state the exclusion of warranty; and each file should have at least
632 | the "copyright" line and a pointer to where the full notice is found.
633 |
634 |
635 | Copyright (C)
636 |
637 | This program is free software: you can redistribute it and/or modify
638 | it under the terms of the GNU General Public License as published by
639 | the Free Software Foundation, either version 3 of the License, or
640 | (at your option) any later version.
641 |
642 | This program is distributed in the hope that it will be useful,
643 | but WITHOUT ANY WARRANTY; without even the implied warranty of
644 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
645 | GNU General Public License for more details.
646 |
647 | You should have received a copy of the GNU General Public License
648 | along with this program. If not, see .
649 |
650 | Also add information on how to contact you by electronic and paper mail.
651 |
652 | If the program does terminal interaction, make it output a short
653 | notice like this when it starts in an interactive mode:
654 |
655 | Copyright (C)
656 | This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
657 | This is free software, and you are welcome to redistribute it
658 | under certain conditions; type `show c' for details.
659 |
660 | The hypothetical commands `show w' and `show c' should show the appropriate
661 | parts of the General Public License. Of course, your program's commands
662 | might be different; for a GUI interface, you would use an "about box".
663 |
664 | You should also get your employer (if you work as a programmer) or school,
665 | if any, to sign a "copyright disclaimer" for the program, if necessary.
666 | For more information on this, and how to apply and follow the GNU GPL, see
667 | .
668 |
669 | The GNU General Public License does not permit incorporating your program
670 | into proprietary programs. If your program is a subroutine library, you
671 | may consider it more useful to permit linking proprietary applications with
672 | the library. If this is what you want to do, use the GNU Lesser General
673 | Public License instead of this License. But first, please read
674 | .
675 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # guestlist
2 | tool for identifying guest relationships between companies
3 |
4 | ```
5 | *********************************************************************************************************
6 |
7 | G U E S T L I S T v1.00
8 |
9 | 2023 @nyxgeek - TrustedSec
10 | *********************************************************************************************************
11 | usage: guestlist.py [-h] [-m] [-d] [-t] [-u] [-U] [-o] [-n] [-v] [-D] [-a] [-s] [-f] [-r] [-c]
12 |
13 | optional arguments:
14 | -h, --help show this help message and exit
15 | -m , --method silent or graph (default:silent)
16 | -d , --domain target domain name
17 | -t , --tenant tenant name if known, otherwise specify domain and will lookup
18 | -u , --username email address to target
19 | -U , --userfile file containing email addresses
20 | -o , --output file to write output to (default: output.log)
21 | -n, --no-db disable logging to db
22 | -v, --verbose enable verbose output
23 | -D, --debug enable debug output
24 | -a , --access fireprox AWS access_key
25 | -s , --secret fireprox AWS secret key
26 | -f , --credfile fireprox - file containing aws_secret and aws_key values
27 | -r , --region fireprox AWS region
28 | -c , --command fireprox command (create, delete, list)
29 | ```
30 |
31 |
32 | ## notes:
33 |
34 | - supply email address, or file of email addresses of potential guest accounts
35 | - supply either a domain name, or tenant name to test against
36 | - (optional) specify silent vs graph-based enum
37 | - (optional) specify aws creds for fireprox (only with silent enum currently)
38 |
39 |
40 | ## usage:
41 |
42 |
43 | ### silent method, no fireprox
44 | ```
45 | ./guestlist.py -d acmecomputercompany.com -U email_addresses.txt
46 | ```
47 |
48 | ### silent method with fireprox, using aws creds on command line
49 | ```
50 | ./guestlist.py -d acmecomputercompany.com -U email_addresses.txt -a "AKIAXXXXXXXXXXXXXXX" -s "xxxxxxxxxxxxxxxxx"
51 | ```
52 |
53 | ### silent method with fireprox, using aws cred file
54 | ```
55 | ./guestlist.py -d acmecomputercompany.com -U email_addresses.txt -f aws_config
56 | ```
57 |
58 | ### graph method, no fireprox
59 | ```
60 | ./guestlist.py -m graph -d acmecomputercompany.com -U email_addresses.txt
61 | ```
62 |
63 | ### graph method with fireprox, using aws cred file
64 | ```
65 | ./guestlist.py -m graph -d acmecomputercompany.com -U email_addresses.txt -f aws_config
66 | ```
67 |
68 |
69 | ## example:
70 |
71 | ```
72 | ./guestlist.py -d acmecomputercompany.com -U email_addresses.txt -f aws_config
73 |
74 | *********************************************************************************************************
75 |
76 | G U E S T L I S T v1.00
77 |
78 | 2023 @nyxgeek - TrustedSec
79 | *********************************************************************************************************
80 |
81 | Tenants Identified:
82 | ---------------------
83 | acmecomputercompany
84 |
85 | OneDrive hosts found:
86 | ---------------------
87 | acmecomputercompany-my.sharepoint.com
88 |
89 |
90 | ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
91 |
92 | firprox is enabled
93 | Creating => https://login.microsoftonline.com/...
94 | [2023-09-04 16:22:58+00:00] (xxxxxxxxx) fireprox_microsoftonline => https://xxxxxxxxx.execute-api.us-east-2.amazonaws.com/fireprox/ (https://login.microsoftonline.com/)
95 | [2023-09-04 16:22:58+00:00] (xxxxxxxxx) fireprox_microsoftonline: https://xxxxxxxxx.execute-api.us-east-2.amazonaws.com/fireprox/ => https://login.microsoftonline.com/
96 | Initial fireprox endpoint has been configured
97 |
98 |
99 | ---------------------------------------------------------------------------------------------------------
100 | amit.kumar@intranet.directory:acmecomputercompany:INVALID
101 | michael.smith@intranet.directory:acmecomputercompany:INVALID
102 | david.smith@intranet.directory:acmecomputercompany:INVALID
103 | michael.johnson@intranet.directory:acmecomputercompany:INVALID
104 | brian.smith@intranet.directory:acmecomputercompany:INVALID
105 | jason.smith@intranet.directory:acmecomputercompany:INVALID
106 | stephen.falken@intranet.directory:acmecomputercompany:VALID USERNAME
107 | jose.garcia@intranet.directory:acmecomputercompany:INVALID
108 | michael.williams@intranet.directory:acmecomputercompany:INVALID
109 | ```
110 |
111 |
112 | The above output displays:
113 |
114 | ```
115 | email_address:target_tenant:status
116 | ```
117 |
118 |
119 |
120 | ## Additional info:
121 |
122 | Please check out the DEFCON 31 slide deck:
123 |
124 | https://github.com/nyxgeek/track_the_planet
125 |
126 | ## Remediation
127 |
128 | For remediation info (how to leave domains as Guests): https://learn.microsoft.com/en-us/azure/active-directory/external-identities/leave-the-organization
129 |
130 |
131 | ## SPECIAL THANKS AND SHOUTOUTS!
132 |
133 | Thanks to @DrAzureAD, @thetechr0mancer, @ustayready !
134 | references:
135 | - https://aadinternals.com/post/desktopsso/ (@DrAzureAD - silent guest enum)
136 | - https://github.com/blacklanternsecurity/TREVORspray (@thetechr0mancer)
137 | - https://github.com/ustayready/fireprox (@ustayready)
138 |
--------------------------------------------------------------------------------
/data/guest_enum.db:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nyxgeek/guestlist/48138045da74a51123923738e7e672f2cf4c5c93/data/guest_enum.db
--------------------------------------------------------------------------------
/fire.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python3
2 | from multiprocessing import Pool
3 | from pathlib import Path
4 | import shutil
5 | import tldextract
6 | import boto3
7 | import os
8 | import sys
9 | import datetime
10 | import tzlocal
11 | import argparse
12 | import json
13 | import configparser
14 | from typing import Tuple, Callable
15 |
16 |
17 | class FireProx(object):
18 | def __init__(self, arguments: argparse.Namespace, help_text: str):
19 | self.profile_name = arguments.profile_name
20 | self.access_key = arguments.access_key
21 | self.secret_access_key = arguments.secret_access_key
22 | self.session_token = arguments.session_token
23 | self.region = arguments.region
24 | self.command = arguments.command
25 | self.api_id = arguments.api_id
26 | self.url = arguments.url
27 | self.api_list = []
28 | self.client = None
29 | self.help = help_text
30 |
31 | if self.access_key and self.secret_access_key:
32 | if not self.region:
33 | self.error('Please provide a region with AWS credentials')
34 |
35 | if not self.load_creds():
36 | self.error('Unable to load AWS credentials')
37 |
38 | if not self.command:
39 | self.error('Please provide a valid command')
40 |
41 | def __str__(self):
42 | return 'FireProx()'
43 |
44 | def _try_instance_profile(self) -> bool:
45 | """Try instance profile credentials
46 |
47 | :return:
48 | """
49 | try:
50 | if not self.region:
51 | self.client = boto3.client('apigateway')
52 | else:
53 | self.client = boto3.client(
54 | 'apigateway',
55 | region_name=self.region
56 | )
57 | self.client.get_account()
58 | self.region = self.client._client_config.region_name
59 | return True
60 | except:
61 | return False
62 |
63 | def load_creds(self) -> bool:
64 | """Load credentials from AWS config and credentials files if present.
65 |
66 | :return:
67 | """
68 | # If no access_key, secret_key, or profile name provided, try instance credentials
69 | if not any([self.access_key, self.secret_access_key, self.profile_name]):
70 | return self._try_instance_profile()
71 | # Read in AWS config/credentials files if they exist
72 | credentials = configparser.ConfigParser()
73 | credentials.read(os.path.expanduser('~/.aws/credentials'))
74 | config = configparser.ConfigParser()
75 | config.read(os.path.expanduser('~/.aws/config'))
76 | # If profile in files, try it, but flow through if it does not work
77 | config_profile_section = f'profile {self.profile_name}'
78 | if self.profile_name in credentials:
79 | if config_profile_section not in config:
80 | print(f'Please create a section for {self.profile_name} in your ~/.aws/config file')
81 | return False
82 | self.region = config[config_profile_section].get('region', 'us-east-1')
83 | try:
84 | self.client = boto3.session.Session(profile_name=self.profile_name,
85 | region_name=self.region).client('apigateway')
86 | self.client.get_account()
87 | return True
88 | except:
89 | pass
90 | # Maybe had profile, maybe didn't
91 | if self.access_key and self.secret_access_key:
92 | try:
93 | self.client = boto3.client(
94 | 'apigateway',
95 | aws_access_key_id=self.access_key,
96 | aws_secret_access_key=self.secret_access_key,
97 | aws_session_token=self.session_token,
98 | region_name=self.region
99 | )
100 | self.client.get_account()
101 | self.region = self.client._client_config.region_name
102 | # Save/overwrite config if profile specified
103 | if self.profile_name:
104 | if config_profile_section not in config:
105 | config.add_section(config_profile_section)
106 | config[config_profile_section]['region'] = self.region
107 | with open(os.path.expanduser('~/.aws/config'), 'w') as file:
108 | config.write(file)
109 | if self.profile_name not in credentials:
110 | credentials.add_section(self.profile_name)
111 | credentials[self.profile_name]['aws_access_key_id'] = self.access_key
112 | credentials[self.profile_name]['aws_secret_access_key'] = self.secret_access_key
113 | if self.session_token:
114 | credentials[self.profile_name]['aws_session_token'] = self.session_token
115 | else:
116 | credentials.remove_option(self.profile_name, 'aws_session_token')
117 | with open(os.path.expanduser('~/.aws/credentials'), 'w') as file:
118 | credentials.write(file)
119 | return True
120 | except:
121 | return False
122 | else:
123 | return False
124 |
125 | def error(self, error):
126 | print(self.help)
127 | sys.exit(error)
128 |
129 | def get_template(self):
130 | url = self.url
131 | if url[-1] == '/':
132 | url = url[:-1]
133 |
134 | title = 'fireprox_{}'.format(
135 | tldextract.extract(url).domain
136 | )
137 | version_date = f'{datetime.datetime.now():%Y-%m-%dT%XZ}'
138 | template = '''
139 | {
140 | "swagger": "2.0",
141 | "info": {
142 | "version": "{{version_date}}",
143 | "title": "{{title}}"
144 | },
145 | "basePath": "/",
146 | "schemes": [
147 | "https"
148 | ],
149 | "paths": {
150 | "/": {
151 | "get": {
152 | "parameters": [
153 | {
154 | "name": "proxy",
155 | "in": "path",
156 | "required": true,
157 | "type": "string"
158 | },
159 | {
160 | "name": "X-My-X-Forwarded-For",
161 | "in": "header",
162 | "required": false,
163 | "type": "string"
164 | }
165 | ],
166 | "responses": {},
167 | "x-amazon-apigateway-integration": {
168 | "uri": "{{url}}/",
169 | "responses": {
170 | "default": {
171 | "statusCode": "200"
172 | }
173 | },
174 | "requestParameters": {
175 | "integration.request.path.proxy": "method.request.path.proxy",
176 | "integration.request.header.X-Forwarded-For": "method.request.header.X-My-X-Forwarded-For"
177 | },
178 | "passthroughBehavior": "when_no_match",
179 | "httpMethod": "ANY",
180 | "cacheNamespace": "irx7tm",
181 | "cacheKeyParameters": [
182 | "method.request.path.proxy"
183 | ],
184 | "type": "http_proxy"
185 | }
186 | }
187 | },
188 | "/{proxy+}": {
189 | "x-amazon-apigateway-any-method": {
190 | "produces": [
191 | "application/json"
192 | ],
193 | "parameters": [
194 | {
195 | "name": "proxy",
196 | "in": "path",
197 | "required": true,
198 | "type": "string"
199 | },
200 | {
201 | "name": "X-My-X-Forwarded-For",
202 | "in": "header",
203 | "required": false,
204 | "type": "string"
205 | }
206 | ],
207 | "responses": {},
208 | "x-amazon-apigateway-integration": {
209 | "uri": "{{url}}/{proxy}",
210 | "responses": {
211 | "default": {
212 | "statusCode": "200"
213 | }
214 | },
215 | "requestParameters": {
216 | "integration.request.path.proxy": "method.request.path.proxy",
217 | "integration.request.header.X-Forwarded-For": "method.request.header.X-My-X-Forwarded-For"
218 | },
219 | "passthroughBehavior": "when_no_match",
220 | "httpMethod": "ANY",
221 | "cacheNamespace": "irx7tm",
222 | "cacheKeyParameters": [
223 | "method.request.path.proxy"
224 | ],
225 | "type": "http_proxy"
226 | }
227 | }
228 | }
229 | }
230 | }
231 | '''
232 | template = template.replace('{{url}}', url)
233 | template = template.replace('{{title}}', title)
234 | template = template.replace('{{version_date}}', version_date)
235 |
236 | return str.encode(template)
237 |
238 | def create_api(self, url):
239 | if not url:
240 | self.error('Please provide a valid URL end-point')
241 |
242 | print(f'Creating => {url}...')
243 |
244 | template = self.get_template()
245 | response = self.client.import_rest_api(
246 | parameters={
247 | 'endpointConfigurationTypes': 'REGIONAL'
248 | },
249 | body=template
250 | )
251 | resource_id, proxy_url = self.create_deployment(response['id'])
252 | self.store_api(
253 | response['id'],
254 | response['name'],
255 | response['createdDate'],
256 | response['version'],
257 | url,
258 | resource_id,
259 | proxy_url
260 | )
261 |
262 | def update_api(self, api_id, url):
263 | if not any([api_id, url]):
264 | self.error('Please provide a valid API ID and URL end-point')
265 |
266 | if url[-1] == '/':
267 | url = url[:-1]
268 |
269 | resource_id = self.get_resource(api_id)
270 | if resource_id:
271 | print(f'Found resource {resource_id} for {api_id}!')
272 | response = self.client.update_integration(
273 | restApiId=api_id,
274 | resourceId=resource_id,
275 | httpMethod='ANY',
276 | patchOperations=[
277 | {
278 | 'op': 'replace',
279 | 'path': '/uri',
280 | 'value': '{}/{}'.format(url, r'{proxy}'),
281 | },
282 | ]
283 | )
284 | return response['uri'].replace('/{proxy}', '') == url
285 | else:
286 | self.error(f'Unable to update, no valid resource for {api_id}')
287 |
288 | def delete_api(self, api_id):
289 | if not api_id:
290 | self.error('Please provide a valid API ID')
291 | items = self.list_api(api_id)
292 | for item in items:
293 | item_api_id = item['id']
294 | if item_api_id == api_id:
295 | response = self.client.delete_rest_api(
296 | restApiId=api_id
297 | )
298 | return True
299 | return False
300 |
301 | def list_api(self, deleted_api_id=None):
302 | response = self.client.get_rest_apis()
303 | for item in response['items']:
304 | try:
305 | created_dt = item['createdDate']
306 | api_id = item['id']
307 | name = item['name']
308 | proxy_url = self.get_integration(api_id).replace('{proxy}', '')
309 | url = f'https://{api_id}.execute-api.{self.region}.amazonaws.com/fireprox/'
310 | if not api_id == deleted_api_id:
311 | print(f'[{created_dt}] ({api_id}) {name}: {url} => {proxy_url}')
312 | except:
313 | pass
314 |
315 | return response['items']
316 |
317 | def store_api(self, api_id, name, created_dt, version_dt, url,
318 | resource_id, proxy_url):
319 | print(
320 | f'[{created_dt}] ({api_id}) {name} => {proxy_url} ({url})'
321 | )
322 |
323 | def create_deployment(self, api_id):
324 | if not api_id:
325 | self.error('Please provide a valid API ID')
326 |
327 | response = self.client.create_deployment(
328 | restApiId=api_id,
329 | stageName='fireprox',
330 | stageDescription='FireProx Prod',
331 | description='FireProx Production Deployment'
332 | )
333 | resource_id = response['id']
334 | return (resource_id,
335 | f'https://{api_id}.execute-api.{self.region}.amazonaws.com/fireprox/')
336 |
337 | def get_resource(self, api_id):
338 | if not api_id:
339 | self.error('Please provide a valid API ID')
340 | response = self.client.get_resources(restApiId=api_id)
341 | items = response['items']
342 | for item in items:
343 | item_id = item['id']
344 | item_path = item['path']
345 | if item_path == '/{proxy+}':
346 | return item_id
347 | return None
348 |
349 | def get_integration(self, api_id):
350 | if not api_id:
351 | self.error('Please provide a valid API ID')
352 | resource_id = self.get_resource(api_id)
353 | response = self.client.get_integration(
354 | restApiId=api_id,
355 | resourceId=resource_id,
356 | httpMethod='ANY'
357 | )
358 | return response['uri']
359 |
360 |
361 | def parse_arguments() -> Tuple[argparse.Namespace, str]:
362 | """Parse command line arguments and return namespace
363 |
364 | :return: Namespace for arguments and help text as a tuple
365 | """
366 | parser = argparse.ArgumentParser(description='FireProx API Gateway Manager')
367 | parser.add_argument('--profile_name',
368 | help='AWS Profile Name to store/retrieve credentials', type=str, default=None)
369 | parser.add_argument('--access_key',
370 | help='AWS Access Key', type=str, default=None)
371 | parser.add_argument('--secret_access_key',
372 | help='AWS Secret Access Key', type=str, default=None)
373 | parser.add_argument('--session_token',
374 | help='AWS Session Token', type=str, default=None)
375 | parser.add_argument('--region',
376 | help='AWS Region', type=str, default=None)
377 | parser.add_argument('--command',
378 | help='Commands: list, create, delete, update', type=str, default=None)
379 | parser.add_argument('--api_id',
380 | help='API ID', type=str, required=False)
381 | parser.add_argument('--url',
382 | help='URL end-point', type=str, required=False)
383 | return parser.parse_args(), parser.format_help()
384 |
385 |
386 | def main():
387 | """Run the main program
388 |
389 | :return:
390 | """
391 | args, help_text = parse_arguments()
392 | fp = FireProx(args, help_text)
393 | if args.command == 'list':
394 | print(f'Listing API\'s...')
395 | result = fp.list_api()
396 |
397 | elif args.command == 'create':
398 | result = fp.create_api(fp.url)
399 |
400 | elif args.command == 'delete':
401 | result = fp.delete_api(fp.api_id)
402 | success = 'Success!' if result else 'Failed!'
403 | print(f'Deleting {fp.api_id} => {success}')
404 |
405 | elif args.command == 'update':
406 | print(f'Updating {fp.api_id} => {fp.url}...')
407 | result = fp.update_api(fp.api_id, fp.url)
408 | success = 'Success!' if result else 'Failed!'
409 | print(f'API Update Complete: {success}')
410 |
411 | else:
412 | print(f'[ERROR] Unsupported command: {args.command}\n')
413 | print(help_text)
414 | sys.exit(1)
415 |
416 |
417 | if __name__ == '__main__':
418 | main()
419 |
--------------------------------------------------------------------------------
/guestlist.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python3
2 | #
3 | # GUESTLIST
4 | # 2023 @nyxgeek - TrustedSec
5 | # check for guest users either silently or via Graph
6 | # silent - performed via web request, use fireprox to avoid false-positives
7 | # graph - performed via logon attempt (cannot actually be used to auth or identify password), shows up in logs
8 | #
9 | #
10 | # Thanks to @DrAzureAD, @thetechr0mancer, @ustayready !
11 | # references:
12 | # https://aadinternals.com/post/desktopsso/ (@DrAzureAD - silent guest enum)
13 | # https://github.com/blacklanternsecurity/TREVORspray (@thetechr0mancer)
14 | # https://github.com/ustayready/fireprox (@ustayready)
15 | #
16 | # Update Log
17 | # 23.09.04 1.00 - initial release
18 |
19 |
20 |
21 | import requests
22 | from requests.exceptions import ConnectionError, ReadTimeout, Timeout
23 | from requests.adapters import HTTPAdapter
24 | from requests.packages.urllib3.util.retry import Retry
25 | import sqlite3
26 | #import datetime
27 | from datetime import datetime
28 | import os
29 | import sys
30 | import time
31 | import re
32 | import socket
33 | import json
34 | import signal
35 | import argparse
36 | import configparser
37 | #import subprocess
38 | from fire import FireProx
39 |
40 | ############ OUR CONSTANTS HERE:'
41 | sqldb_location = 'data/guest_enum.db'
42 | outputfilename = "output.log"
43 | hostname = socket.gethostname()
44 | fakeuser = "bingbangbong202320232023@notafakedomain.com"
45 | silent_url = "https://login.microsoftonline.com/common/GetCredentialType"
46 | logon_base = "https://login.microsoftonline.com/"
47 | graph_url = "https://login.microsoftonline.com/common/oauth2/token"
48 |
49 | ############ NEW GLOBAL VARIABLES HERE:
50 | enable_db = True
51 | exitRequested = False
52 | verbose = False
53 | debug = False
54 | halt_logging = False
55 | isPaused = False
56 | fireprox_threshold = 500
57 | fireprox_enabled = False
58 | fireprox_key = ""
59 | fireprox_secret = ""
60 | fireprox_region = ""
61 | fireprox_command = ""
62 | fireprox_region = "us-east-2" # at some point update this to grab random
63 |
64 |
65 |
66 | print("")
67 | print("*********************************************************************************************************")
68 | print("")
69 | print(" G U E S T L I S T v1.00 ")
70 | print(" ")
71 | print(" 2023 @nyxgeek - TrustedSec ")
72 | print("*********************************************************************************************************")
73 |
74 |
75 |
76 | class UrlChecker:
77 | """Check URLs and handle associated operations."""
78 | def __init__(self, tenant_name, userdata, enum_method):
79 | self.tenant_name = tenant_name.rstrip().lower()
80 | self.userdata = userdata
81 | self.original_userdata = userdata
82 | self.enum_method = enum_method
83 | self.verbose = verbose
84 | self.debug = debug
85 | self.errorcount = 0
86 | self.validcount = 0
87 | self.currentcount = 0
88 | self.totalcount = 0
89 | self.sanitycount = 0
90 | self.sanitylimit = 100 #this is how many users to try before performing a sanitycheck
91 | self.start_unix_time = 0
92 | self.status = '0'
93 | self.last_5_response_results = []
94 | self.retest_users_list = []
95 | #self.current_endpoint = ""
96 | if enum_method == "graph":
97 | self.current_endpoint = graph_url
98 | if fireprox_enabled:
99 | # do this immediately
100 | print("firprox is enabled")
101 |
102 | if fireprox_command != "":
103 | print("firefox command detected. running now")
104 | self.control_fireprox_endpoint("graph", fireprox_command)
105 | exit()
106 | else:
107 | self.control_fireprox_endpoint("graph", "create")
108 | print("Initial fireprox endpoint has been configured")
109 | else:
110 | self.current_endpoint = silent_url
111 | if fireprox_enabled:
112 | # do this immediately
113 | print("firprox is enabled")
114 |
115 | if fireprox_command != "":
116 | print("firefox command detected. running now")
117 | self.control_fireprox_endpoint("silent", fireprox_command)
118 | exit()
119 | else:
120 | self.control_fireprox_endpoint("silent", "create")
121 | print("Initial fireprox endpoint has been configured")
122 |
123 | def __delete__(self, instance):
124 | print("deleted in descriptor object")
125 | self.control_fireprox_endpoint(self.enum_method,"delete")
126 | del self.value
127 |
128 |
129 | # FireProx connector
130 | def control_fireprox_endpoint(self, method, command):
131 | class Object(object):
132 | pass
133 |
134 | fakeargs = Object()
135 | fakeargs.access_key = fireprox_key
136 | fakeargs.secret_access_key = fireprox_secret
137 | fakeargs.region = fireprox_region
138 | if method == "graph":
139 | fakeargs.url = logon_base
140 | else:
141 | fakeargs.url = logon_base
142 | if command == "create":
143 | fakeargs.command = "create"
144 | elif command == "delete":
145 | fakeargs.command = "delete"
146 | elif command == "list":
147 | fakeargs.command = "list"
148 | elif command == "renew":
149 | fakeargs.command = "renew"
150 | fakeargs.help_text = None
151 | fakeargs.profile_name = None
152 | fakeargs.session_token = None
153 | fakeargs.api_id = None
154 |
155 | if verbose:
156 | print(f"Command is: {command}, method is {method}")
157 | fp = FireProx(fakeargs, fakeargs.help_text)
158 |
159 |
160 | if command == "create":
161 | result = fp.list_api()
162 | if debug:
163 | print(f"{result}")
164 | if result:
165 | print("Hold up - we have an old one in here. Removing first. Waiting 30s")
166 | extracted_id = result[0].get('id', 'N/A')
167 | result = fp.delete_api(extracted_id)
168 |
169 | result = fp.create_api(fp.url)
170 | if debug:
171 | print(f"{result}")
172 |
173 | result = fp.list_api()
174 | if debug:
175 | print(f"{result}")
176 |
177 | extracted_id = result[0].get('id', 'N/A')
178 | if verbose:
179 | print(f"Endpoint ID: {extracted_id}")
180 | print(f"https://{extracted_id}.execute-api.{fireprox_region}.amazonaws.com/fireprox/")
181 |
182 | if method == "silent":
183 | self.current_endpoint = f"https://{extracted_id}.execute-api.{fireprox_region}.amazonaws.com/fireprox/common/GetCredentialType"
184 | if verbose:
185 | print(f"Current endpoint: {self.current_endpoint}")
186 |
187 | else: # then it is graph
188 | self.current_endpoint = f"https://{extracted_id}.execute-api.{fireprox_region}.amazonaws.com/fireprox/common/oauth2/token"
189 |
190 |
191 |
192 | elif command == "list":
193 | result = fp.list_api()
194 | if debug:
195 | print(f"{result}")
196 | if result:
197 | extracted_id = result[0].get('id', 'N/A')
198 | if verbose:
199 | print(f"Extracted ID: {extracted_id}")
200 | else:
201 | print("No endpoints found.")
202 |
203 | elif command == "delete":
204 | print("Deleting endpoints, please wait...")
205 | # if we delete too fast we get an error
206 | time.sleep(5)
207 | result = fp.list_api()
208 | if result:
209 | if verbose:
210 | print(f"list result:\n{result}")
211 | extracted_id = result[0].get('id', 'N/A')
212 | if verbose:
213 | print(f"Extracted ID: {extracted_id}")
214 | time.sleep(5)
215 | result = fp.delete_api(extracted_id)
216 | if debug:
217 | print(f"{result}")
218 | if result:
219 | print("SUCCESS - deleted endpoint")
220 | else:
221 | print("FAIL -- did not remove endpoint")
222 | else:
223 | if verbose:
224 | print("No endpoints to delete")
225 |
226 |
227 | elif command == "renew":
228 | print("Renewing endpoints. This will take some time (60s). Pauses built in to handle rate limiting max of 2 api calls/minute")
229 | result = fp.list_api()
230 | if debug:
231 | print(f"{result}")
232 | extracted_id = result[0].get('id', 'N/A')
233 | if verbose:
234 | print(f"Extracted ID: {extracted_id}")
235 | print("Deleting endpoint...")
236 | time.sleep(31)
237 | result = fp.delete_api(extracted_id)
238 | if debug:
239 | print(f"{result}")
240 | if result:
241 | print("SUCCESS - deleted endpoint")
242 | else:
243 | print("FAIL - did not delete endpoint")
244 | print("creating new endpoint...")
245 | time.sleep(31)
246 | result = fp.create_api(fp.url)
247 | if debug:
248 | print(f"{result}")
249 |
250 | result = fp.list_api()
251 | if debug:
252 | print(f"{result}")
253 | extracted_id = result[0].get('id', 'N/A')
254 | if verbose:
255 | print(f"Extracted ID: {extracted_id}")
256 | print(f"https://{extracted_id}.execute-api.{fireprox_region}.amazonaws.com/fireprox/")
257 |
258 | if method == "silent":
259 | self.current_endpoint = f"https://{extracted_id}.execute-api.{fireprox_region}.amazonaws.com/fireprox/common/GetCredentialType"
260 | if verbose:
261 | print(f"Current endpoint: {self.current_endpoint}")
262 |
263 | else: # then it is graph
264 | self.current_endpoint = f"https://{extracted_id}.execute-api.{fireprox_region}.amazonaws.com/fireprox/common/oauth2/token"
265 |
266 |
267 | #>>>>> Database Functions
268 |
269 | def sql_create_table(self):
270 | #if table does not exist
271 | #create_onedrive_enum = f"create table guestlist_enum(email_address text, username text, domain text, tenant text, scrape_date_unix int, environment text);"
272 | create_onedrive_enum = f"create table guestlist_enum(email_address text, source_domain text, target_tenant text, scrape_date_unix int, hostname text, UNIQUE(email_address,target_tenant));"
273 |
274 |
275 | def sql_insert_user(self, email_address, source_domain, target_tenant, scrape_date_unix, hostname):
276 | if not halt_logging:
277 | try:
278 | conn = sqlite3.connect(sqldb_location)
279 | sql_query = f"INSERT OR IGNORE INTO guestlist_enum (email_address, source_domain, target_tenant, scrape_date_unix, hostname) VALUES ('{email_address}', '{source_domain}','{target_tenant}','{scrape_date_unix}','{hostname}');"
280 |
281 | if debug:
282 | print(sql_query)
283 | conn.execute(sql_query)
284 | conn.commit()
285 | conn.close()
286 | except:
287 | print("Some SQLite error in sql_insert_user! Maybe write some better logging next time.")
288 |
289 |
290 | #>>>>> requests special function
291 | def requests_retry_session(self,
292 | retries=4,
293 | backoff_factor=1.5,
294 | status_forcelist=(500, 502, 504),
295 | session=None,
296 | ):
297 | session = session or requests.Session()
298 | retry = Retry(
299 | total=retries,
300 | read=retries,
301 | connect=retries,
302 | backoff_factor=backoff_factor,
303 | status_forcelist=status_forcelist,
304 | )
305 | adapter = HTTPAdapter(max_retries=retry)
306 | session.mount('http://', adapter)
307 | session.mount('https://', adapter)
308 | return session
309 |
310 |
311 |
312 | #>>>>> Guest Lookup Functions
313 |
314 | # try a random username and if it is false postivie, stop, or do something
315 | def sanityCheck(self):
316 | #test for a fake user
317 | self.nestoriLookup(fakeuser)
318 |
319 |
320 | # method courtesy of @DrAzureAD - https://aadinternals.com/post/desktopsso/
321 | def nestoriLookup(self,username):
322 | global halt_logging, isPaused
323 |
324 |
325 |
326 | #now convert email address to guest account format
327 | guest_username = f"{username.replace('@','_')}#EXT#@{self.tenant_name}.onmicrosoft.com"
328 |
329 | if debug:
330 | print(f"Guest Username: {guest_username}")
331 |
332 | headers = {
333 | "User-Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.141 Safari/537.36",
334 | "Content-Type":"application/json; charset=UTF-8",
335 | "Accept-Encoding":"gzip, deflate",
336 | "Accept-Language":"en-US,en;q=0.9",
337 | "Connection": "close"
338 | }
339 | body = {
340 | "username":f"{guest_username}",
341 | "isOtherIdpSupported":"True"
342 | }
343 |
344 | if debug:
345 | print(f"DEBUG: {body}")
346 |
347 |
348 | try:
349 | #response = self.requests_retry_session().post(f"https://login.microsoftonline.com/common/GetCredentialType", headers=headers, json=body, timeout=10.0)
350 | response = self.requests_retry_session().post(f"{self.current_endpoint}", headers=headers, json=body, timeout=10.0)
351 | if debug:
352 | print(f"Endpoint: {self.current_endpoint}")
353 | print(f"Response: {response.content}")
354 |
355 |
356 | # Get JSON data from response
357 | response_data = response.json()
358 |
359 | # Access the value of 'IfExistsResult'
360 | if_exists_result = response_data.get('IfExistsResult')
361 | throttle_status = response_data.get('ThrottleStatus')
362 |
363 | if throttle_status == 1:
364 | # WE ARE THROTTLED!!! STOP - valid results will not show up at this point
365 | print("ENCOUNTERED THROTTLING!")
366 | halt_logging = True
367 | isPaused = True
368 |
369 | #update the if_exists_result value to 1
370 | if_exists_result = 1
371 |
372 | #append result to our last_5_response_results array
373 | self.last_5_response_results.append(if_exists_result)
374 |
375 | #trim the array down, fifo style
376 | if len(self.last_5_response_results) > 5:
377 | self.last_5_response_results.pop(0)
378 |
379 | num_0_responses = self.last_5_response_results.count(0)
380 | if debug:
381 | print(f"Number of '0' responses in queue is {num_0_responses}")
382 |
383 | # If 4 or more of the last 5 were 200, stop
384 | if num_0_responses >= 3:
385 | halt_logging = True
386 | isPaused = True
387 | print("Stopping because 3 or more of the last 5 responses were showing valid (false positives).")
388 |
389 |
390 |
391 |
392 | # a 1 denotes it does not exist
393 | if if_exists_result == 1:
394 | english_status = "INVALID"
395 |
396 | elif if_exists_result == 0:
397 | english_status = "VALID USERNAME"
398 | source_domain = username.split("@")[1]
399 | currenttime = str(int(time.time()))
400 | try:
401 | self.sql_insert_user(username, source_domain, self.tenant_name, currenttime, hostname)
402 | except:
403 | print("Error running SQL query!")
404 |
405 | # see if it's our fake user that is returning positive
406 | if username == fakeuser:
407 | print(f"DETECTED FALSE POSITIVE at COUNT {self.currentcount}!")
408 | halt_logging = True
409 | isPaused = True
410 |
411 | else:
412 | english_status = f"UNKNOWN RESPONSE ({response.status_code})\n{response_data}\n"
413 |
414 |
415 |
416 |
417 | if verbose:
418 | if username != fakeuser:
419 | print(f'{username}:{guest_username}:{self.tenant_name}.onmicrosoft.com:{english_status}')
420 |
421 | else:
422 | if username != fakeuser:
423 | print(f'{username}:{self.tenant_name}:{english_status}')
424 |
425 |
426 |
427 | except Exception as e:
428 | print("Well, I'm not sure what just happened. Onward we go...")
429 | print(e)
430 |
431 |
432 |
433 | def graphLookup(self,username):
434 |
435 | #now convert email address to guest account format
436 | guest_username = f"{username.replace('@','_')}#EXT#@{self.tenant_name}.onmicrosoft.com"
437 |
438 | if debug:
439 | print(f"Guest Username: {guest_username}")
440 |
441 | headers = {
442 | "User-Agent": "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.12026; Pro",
443 | "Accept": "application/json",
444 | }
445 | body = {
446 | "resource": "https://graph.windows.net",
447 | "client_id": "72f988bf-86f1-41af-91ab-2d7cd011db42",
448 | "client_info": '1',
449 | "grant_type": "password",
450 | "username": guest_username,
451 | "password": "FAKEPASS_72f988bf-86f1-41af-91ab-2d7cd011db42_NOT_REAL_CANT_LOGIN_THIS_WAY",
452 | "scope": "openid"
453 | }
454 | codes = {
455 | 0: ['AADSTS50034'], # INVALID USERNAME
456 | 1: ['AADSTS50126'], # VALID USERNAME, INVALID PASSWORD
457 | 3: ['AADSTS50079', 'AADSTS50076'], # MICROSOFT MFA
458 | 4: ['AADSTS50158'], # OTHER MFA
459 | 5: ['AADSTS50053'], # SMART LOCKOUT
460 | 6: ['AADSTS50057'], # DISABLED
461 | 7: ['AADSTS50055'], # EXPIRED
462 | 8: ['AADSTS50128', 'AADSTS50059'], # INVALID TENANT
463 | 9: ['AADSTS700016'] # VALID USER/PASS
464 | }
465 |
466 | state = -1
467 |
468 | try:
469 | #response = self.requests_retry_session().post(f"https://login.microsoftonline.com/common/oauth2/token", headers=headers, data=body, timeout=10.0)
470 | response = self.requests_retry_session().post(f"{self.current_endpoint}", headers=headers, data=body, timeout=10.0)
471 |
472 | if response.status_code == 200:
473 | state = 2
474 | else:
475 | respErr = response.json()['error_description']
476 | for k, v in codes.items():
477 | if any(e in respErr for e in v):
478 | state = k
479 | break
480 | if state == -1:
481 | #logging.info(f"UNKERR: {respErr}")
482 | print(f"UNKERR: {respErr}")
483 |
484 | # Call the login function
485 | status = state
486 | if status == 9:
487 | english_status = "VALID ACCOUNT CREDS"
488 | elif status == 1:
489 | english_status = "VALID USERNAME"
490 | elif status == 5:
491 | english_status = "SMART LOCKOUT"
492 | elif status == 6:
493 | english_status = "DISABLED"
494 | elif status == 7:
495 | english_status = "EXPIRED - UPDATE PASSWORD"
496 | else:
497 | english_status = "INVALID"
498 |
499 | if verbose:
500 | print(f'{username}:{guest_username}:{self.tenant_name}.onmicrosoft.com:{english_status}')
501 |
502 | else:
503 | print(f'{username}:{self.tenant_name}:{english_status}')
504 |
505 |
506 |
507 | if status == 1:
508 | #print("WE HAVE A STATUS 1")
509 | currenttime = str(int(time.time()))
510 | source_domain = username.split("@")[1]
511 | sql_query=f"{username}, {source_domain}, {self.tenant_name}, {currenttime}, {hostname}"
512 | if verbose:
513 | print(sql_query)
514 | try:
515 | self.sql_insert_user(username, source_domain, self.tenant_name, currenttime,hostname)
516 | except:
517 | print("Error running SQL query!")
518 |
519 |
520 | if status == 5:
521 | #global tenant_endpoint
522 | tenant_endpoint = random.choice(tenant_array)
523 |
524 | except Exception as e:
525 | print("Well, I'm not sure what just happened. Onward we go...")
526 | print(e)
527 |
528 |
529 |
530 |
531 | def check_url(self, username):
532 | """Check a URL and handle associated operations."""
533 |
534 |
535 | #increment our number
536 | self.currentcount+=1
537 |
538 | if fireprox_enabled:
539 | # see if we are at our fireprox_threshold yet - and if so, renew IP
540 | if self.currentcount % fireprox_threshold == 0:
541 | print(f"Currently at {self.currentcount} / {fireprox_threshold}")
542 | print("DING DING - triggered our fireprox renewal")
543 | self.control_fireprox_endpoint(self.enum_method, "renew")
544 |
545 |
546 | if debug:
547 | print(f"Our CURRENT COUNT IS {self.currentcount} and the sanitylimit is {self.sanitylimit}")
548 |
549 | #remove any return char and lowercase the username
550 | username = (username.rstrip()).lower()
551 | if not ( "@" in username ):
552 | if verbose:
553 | print("Username is not in email address format")
554 | pass
555 | else:
556 | # HERE WE WILL THEN CALL EITHER OUR SILENT OR GRAPH LOOKUP
557 | if self.enum_method == "graph":
558 | self.graphLookup(username)
559 | exit
560 | if self.enum_method == "silent":
561 | # see if we are divisible by our sanitylimit - if so, do sanitycheck
562 | if self.currentcount % self.sanitylimit == 0:
563 | self.sanityCheck()
564 |
565 | self.nestoriLookup(username)
566 | exit
567 |
568 |
569 |
570 |
571 | def check_user(self):
572 | """Check a specific user."""
573 | print("In check_user")
574 | self.check_url(self.userdata)
575 |
576 | def check_user_file(self):
577 | global isPaused
578 | """Check all users from a file."""
579 | if verbose:
580 | print("Our file is {}".format(self.userdata))
581 |
582 | if verbose:
583 | print(f"\nENUM METHOD: {self.enum_method}")
584 |
585 | print(f"\n")
586 | print("---------------------------------------------------------------------------------------------------------")
587 |
588 |
589 |
590 | f = open(self.userdata)
591 | for userline in f:
592 | if exitRequested:
593 | print("\nOkay, exiting now\n")
594 | sys.exit(0)
595 |
596 | if isPaused and fireprox_enabled:
597 | #get new fireprox if possible
598 | print("getting new fireprox... stand by")
599 | isPaused = False
600 | self.control_fireprox_endpoint(self.enum_method, "renew")
601 | print("Pausing for 15 seconds before resuming")
602 | time.sleep(15)
603 | print("okay go")
604 |
605 | self.check_url(userline,)
606 |
607 |
608 | f.close()
609 | if fireprox_enabled:
610 | try:
611 | self.control_fireprox_endpoint(self.enum_method, "delete")
612 | except:
613 | pass
614 | print("\n\nGuest Enumeration Complete\n")
615 |
616 |
617 |
618 |
619 |
620 | # look up tenant if it's missing
621 | def lookup_tenant(domain):
622 | #identify primary tenant(s)
623 | # will always display list of alternate tenants
624 | # this will pick one based on mail.onmicrosoft.com record, or failing that, matching domain that was given.
625 |
626 | if verbose:
627 | print(f"Performing lookup for {domain}")
628 |
629 | def resolve_hostname(hostname):
630 | try:
631 | return socket.gethostbyname(hostname)
632 | except socket.gaierror:
633 | return None
634 |
635 | # this lookup trick is from AADInternals and TREVORspray
636 | url = f'https://autodiscover-s.outlook.com/autodiscover/autodiscover.svc'
637 | headers = { 'Content-Type': 'text/xml; charset=utf-8',
638 | 'SOAPAction': '"http://schemas.microsoft.com/exchange/2010/Autodiscover/Autodiscover/GetFederationInformation"',
639 | 'User-Agent' : 'AutodiscoverClient',
640 | 'Accept-Encoding' : 'identity'
641 | }
642 | xml = f'http://schemas.microsoft.com/exchange/2010/Autodiscover/Autodiscover/GetFederationInformationhttps://autodiscover-s.outlook.com/autodiscover/autodiscover.svchttp://www.w3.org/2005/08/addressing/anonymous{domain}'
643 | #print(xml)
644 |
645 | tenant_list = []
646 | mail_list = []
647 | onedrive_list = []
648 |
649 | try:
650 | r = requests.post(url, data=xml, headers=headers, timeout=8.0)
651 | domain_extract = re.findall('(.*?)<\/Domain>', r.content.decode('utf-8'))
652 | tenant_extract = [i for i, x in enumerate(domain_extract) if ".onmicrosoft.com" in x and ".mail.onmicrosoft.com" not in x] # this line gets the matching list item numbers only
653 | if ( len(tenant_extract) > 0):
654 | print(f"\nTenants Identified:\n---------------------")
655 | for found_tenant in tenant_extract:
656 | cleaned_tenant = (domain_extract[found_tenant]).replace('.onmicrosoft.com','').lower()
657 | print(f'{cleaned_tenant}')
658 | tenant_list.append(cleaned_tenant)
659 | print("")
660 | else:
661 | print("No tenants found. Exiting.")
662 | exit()
663 |
664 | mail_extract = [i for i, x in enumerate(domain_extract) if ".mail.onmicrosoft.com" in x] # this line gets the matching list item numbers only
665 | if ( len(mail_extract) > 0):
666 | if verbose:
667 | print(f"\nMail records identified:\n---------------------")
668 | for found_tenant in mail_extract:
669 | cleaned_mail = (domain_extract[found_tenant]).replace('.mail.onmicrosoft.com','').lower()
670 | if verbose:
671 | print(f'{cleaned_mail}')
672 | mail_list.append(cleaned_mail)
673 |
674 | for test_tenant in tenant_list:
675 | test_hostname = f'{test_tenant}-my.sharepoint.com'
676 | if verbose:
677 | print(f"Testing {test_hostname}")
678 | if resolve_hostname(test_hostname):
679 | onedrive_list.append(test_tenant)
680 | #print(onedrive_list)
681 | if ( len(onedrive_list) > 0 ):
682 | print(f"OneDrive hosts found:\n---------------------")
683 | for onedrive_host in onedrive_list:
684 | print(f"{onedrive_host}-my.sharepoint.com")
685 | print("\n")
686 | if len(onedrive_list) == 1:
687 | tenantname = onedrive_list[0]
688 | else: #list is longer than 1, so iterated
689 | # we want to see if any of our onedrive URLs match the mail server address
690 | #matching_mail = (any(item in onedrive_list for item in mail_list)):
691 | matching_mail = list(set(onedrive_list) & set(mail_list))
692 | if matching_mail:
693 | if verbose:
694 | print("INFO: Found matching mail record shared with onedrive URL. This is probably it. If you do not get results, re-run and manually choose a different tenant")
695 | #print(matching_mail)
696 | tenantname = matching_mail[0]
697 | else:
698 | print("Could not reliably determine the primary domain. Try specifying different ones using the '-t' flag until you find it.")
699 | for tenant in tenant_list:
700 | print(f"{tenant}")
701 | #print("--------------------------------------------------------------------------------------------------------")
702 | print(f"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\n")
703 |
704 | if verbose:
705 | print(f"INFO: Tenant name has been set to: {tenantname}")
706 | return tenantname
707 |
708 | else:
709 | print(f"ERROR: NO ONEDRIVE DETECTED!")
710 | exit()
711 | except requests.exceptions.HTTPError as errh:
712 | print ("Http Error:",errh)
713 | except requests.exceptions.ConnectionError as errc:
714 | print ("Error Connecting:",errc)
715 | except requests.exceptions.Timeout as errt:
716 | print ("Timeout Error:",errt)
717 | except requests.exceptions.RequestException as err:
718 | print ("OOps: Something Else",err)
719 |
720 | # handle ctrl-c with log file
721 | # stole from https://stackoverflow.com/questions/1112343/how-do-i-capture-sigint-in-python
722 | def signal_handler(sig, frame):
723 | global exitRequested
724 | print("\nCTRL-C Detected.")
725 | # see if this is our first or if we already tried quitting
726 | # if it's our second time hitting ctrl-c, then close immediately, otherwise wait for graceful
727 | #print("\nExit status is: {0}\n".format(exitRequested))
728 | if exitRequested:
729 |
730 | sys.exit(1)
731 | else:
732 | #global exitRequested
733 | exitRequested = True
734 |
735 |
736 | def export_sql_users():
737 | if enable_db:
738 | if verbose:
739 | print("Exporting users")
740 | try:
741 | conn = sqlite3.connect(sqldb_location)
742 |
743 |
744 | ##### FIX THIS
745 | getUsersQuery = f"SELECT * FROM guestlist_enum;"
746 | #print(getUsersQuery)
747 | result = conn.execute(getUsersQuery)
748 | #resultcount = len(result.fetchall())
749 | export_results = result.fetchall()
750 | resultcount = len(export_results)
751 | conn.commit()
752 | #print(result.fetchall())
753 | now = datetime.now()
754 | formatted_date = now.strftime("%Y%m%d")
755 | output_filename = f'export_guestlist_{formatted_date}.txt'
756 | with open(output_filename, 'w') as f: # 'w' means write mode which overwrites existing contents
757 | for user in export_results:
758 | f.write(user[0] + '\n') # write each email on a new line
759 | conn.close()
760 | print(f"{resultcount} guestlist lines have been written to {output_filename}")
761 | except sqlite3.Error as er:
762 | print("Some SQLite error in export_sql_users()! Maybe write some better logging next time.")
763 | print('SQLite error: %s' % (' '.join(er.args)))
764 | print("Exception class is: ", er.__class__)
765 | print('SQLite traceback: ')
766 | exc_type, exc_value, exc_tb = sys.exc_info()
767 | print(traceback.format_exception(exc_type, exc_value, exc_tb))
768 |
769 | def main():
770 | global enable_db, verbose, debug, fireprox_enabled, fireprox_key, fireprox_secret, fireprox_region, fireprox_command
771 |
772 | #set up our ctrl-c checker
773 | signal.signal(signal.SIGINT, signal_handler)
774 |
775 | # define our variables
776 | exitRequested = False
777 |
778 |
779 | # initiate the parser
780 | parser = argparse.ArgumentParser()
781 | parser.add_argument("-m", "--method", help="silent or interactive (default:silent)", required=False, metavar='')
782 | parser.add_argument("-d", "--domain", help="target domain name (required)", required=False, metavar='')
783 | parser.add_argument("-t", "--tenant", help="tenant name if known, otherwise specify domain and will lookup", metavar='')
784 | parser.add_argument("-u", "--username", help="email address to target", metavar='')
785 | parser.add_argument("-U", "--userfile", help="file containing usernames (wordlists) -- will also take a directory", metavar='')
786 | parser.add_argument("-o", "--output", help="file to write output to (default: output.log)", default="output.log", metavar='')
787 | parser.add_argument("-n", "--no-db", help="disable logging to db", action='store_true', default=False)
788 | parser.add_argument("-v", "--verbose", help="enable verbose output", action='store_true', default=False)
789 | parser.add_argument("-D", "--debug", help="enable debug output", action='store_true', default=False)
790 | parser.add_argument("-a", "--access", help="fireprox AWS access_key", metavar='')
791 | parser.add_argument("-s", "--secret", help="fireprox AWS secret key", metavar='')
792 | parser.add_argument("-f", "--credfile", help="fireprox - file containing aws_secret and aws_key values", metavar='')
793 | parser.add_argument("-r", "--region", help="fireprox AWS region", metavar='')
794 | parser.add_argument("-c", "--command", help="fireprox command (create, delete, list)", metavar='')
795 |
796 |
797 | # read arguments from the command line
798 | args = parser.parse_args()
799 |
800 | verbose = args.verbose
801 | debug = args.debug
802 | isUser = False
803 | isUserFile = False
804 | enum_method = "silent"
805 |
806 | if verbose:
807 | print("Verbose is ON")
808 |
809 | if debug:
810 | print("Debug is ON")
811 |
812 | if (args.access and args.secret):
813 | fireprox_enabled = True
814 | fireprox_key = args.access.rstrip()
815 | fireprox_secret = args.secret.rstrip()
816 | elif (args.access or args.secret or args.region):
817 | print("You have not specified all required values for fireprox: --access, --secret, and --region")
818 | print(" **** WARNING: FIREPROX IS NOT ENABLED. Waiting for 10 seconds before continuing ... ****")
819 | time.sleep(10)
820 |
821 | if args.command:
822 | fireprox_command = args.command.rstrip()
823 |
824 | if args.method:
825 | if args.method == "silent":
826 | enum_method = "silent"
827 | elif args.method == "interactive":
828 | enum_method = "graph"
829 | elif args.method == "graph":
830 | enum_method = "graph"
831 | elif args.method == "nestori":
832 | enum_method = "silent"
833 | else:
834 | print("Please select either silent or interactive")
835 | exit
836 | if verbose:
837 | print(f"Method is: {enum_method}")
838 |
839 |
840 | if args.domain:
841 | tenantname = (lookup_tenant(args.domain)).lower()
842 | if verbose:
843 | print(f"Tenant name for {args.domain} is {tenantname}")
844 |
845 |
846 | if args.tenant:
847 | tenantname = (args.tenant).lower()
848 | if verbose:
849 | print("Tenant is: %s" % args.tenant)
850 |
851 |
852 | if args.username:
853 | print("Checking username: %s" % args.username)
854 | isUser = True
855 |
856 | if args.userfile:
857 | if verbose:
858 | print("Checking file: %s" % args.userfile)
859 | userfile = args.userfile
860 | isUserFile = True
861 |
862 | if args.credfile:
863 | credfile = args.credfile
864 | if verbose:
865 | print(f"Cred file: {credfile}")
866 |
867 | config = configparser.ConfigParser()
868 |
869 | # check if file exists
870 | try:
871 | with open(credfile) as f:
872 | config.read_file(f)
873 | except IOError:
874 | raise MyError()
875 |
876 |
877 | # parse for key
878 | fireprox_key = config.get('default', 'aws_access_key_id')
879 | # then parse for aws_secret
880 | fireprox_secret = config.get('default', 'aws_secret_access_key')
881 | if verbose:
882 | print(f"key: {fireprox_key}")
883 | print(f"secret: {fireprox_secret}")
884 | fireprox_enabled = True
885 |
886 |
887 | outputfilename = args.output
888 | if verbose:
889 | print(f"Output file: {outputfilename}")
890 |
891 | if args.no_db:
892 | enable_db = False
893 | else:
894 | enable_db = True
895 |
896 | if verbose:
897 | print(f"Enable DB is: {enable_db}")
898 |
899 |
900 |
901 | # Here we see what type of input it is: username, userfile, user directory, playlist -- and process accordingly
902 | if isUser:
903 | if verbose:
904 | print("We are checking on a username")
905 | userdata = args.username
906 | try:
907 | url_checker = UrlChecker(tenantname, userdata, enum_method)
908 | url_checker.check_user()
909 | except:
910 | if verbose:
911 | print("Error with username")
912 | pass
913 | finally:
914 | if fireprox_enabled:
915 | print("Attempting to delete endpoints")
916 | try:
917 | result = url_checker.control_fireprox_endpoint(enum_method,"delete")
918 | except:
919 | pass
920 | try:
921 | del url_checker
922 | except:
923 | pass
924 |
925 |
926 |
927 |
928 |
929 | if isUserFile:
930 | userdata = userfile
931 | #first check for file or folder status
932 | if os.path.exists(userfile): #first see if it exists
933 | if os.path.isfile(userfile): #then see if it's a file
934 | try:
935 | url_checker = UrlChecker(tenantname, userdata, enum_method)
936 | url_checker.check_user_file()
937 | except Exception as userfileerror:
938 | print(userfileerror)
939 | if verbose:
940 | print("Whoops something happened there with a userfile")
941 | pass
942 | finally:
943 | if fireprox_enabled:
944 | #do a final cleanup
945 | try:
946 | if verbose:
947 | print("Attempting to delete endpoints")
948 | result = url_checker.control_fireprox_endpoint(enum_method,"delete")
949 | except:
950 | pass
951 | try:
952 | del url_checker
953 | except:
954 | pass
955 | #print("Completed")
956 |
957 | # do our export now
958 | export_sql_users()
959 |
960 |
961 | else:
962 | print(f"ERROR: {userfile} does not exist.")
963 | exit()
964 |
965 |
966 |
967 | if __name__ == "__main__":
968 | main()
--------------------------------------------------------------------------------
/requirements.txt:
--------------------------------------------------------------------------------
1 | boto3
2 | tldextract
3 | tzlocal
4 | bs4
5 | lxml
6 |
--------------------------------------------------------------------------------