Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added PII Parser Module #4

Closed
wants to merge 1 commit into from
Closed

Added PII Parser Module #4

wants to merge 1 commit into from

Conversation

@utkusen
Copy link

@utkusen utkusen commented Oct 23, 2019

This pull request includes my PIIParser module which helps to identify PII data located inside Word and Excel files. The PII regexes can be changed inside Get-PII.ps1 file. Currently it detects: All types of credit card numbers, SSN, Passport number, Birthday, Ip Address, Turkish Identification Number

To use the module inside Empire, navigate to powershell/modules/collection/PIIParser. You need to set FilePath value which represents fullpath of target document. For example: C:\Users\utku\document.docx. It returns first few characters of detected data, rest is remain masked.

@vinnybod
Copy link

@vinnybod vinnybod commented Oct 24, 2019

Thank you for your pull request!

We're working on bringing in Python3 compatability at the moment and don't want to introduce any new complexities during that transition. I expect that we'll be ready to merge in a change like this in the next couple weeks.

I'll be updating the readme with more information in the future, but all pull requests coming in will need to be compliant with both Python 2.7 and Python 3

Copy link

@Cx01N Cx01N left a comment

Will merge into version 3.0 (#3) if formatting can be updated to be Python 2.X and 3.X compatible.

Copy link

@Cx01N Cx01N left a comment

image

Thank you for your submission. A few updates were required to allow for Python 2.x/3.x compatibility. Please make the following updates to the module. Also, when running the .ps1 reported back a failure error that the script could not call a null-valued expression. It seems there may be a problem in the Powershell module itself.

Is this something you saw in the past?

@@ -0,0 +1,93 @@
from lib.common import helpers
Copy link

@Cx01N Cx01N Nov 24, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add from __future__ import print_function and from builtins import str

try:
f = open(moduleSource, 'r')
except:
print helpers.color("[!] Could not read module source path at: " + str(moduleSource))
Copy link

@Cx01N Cx01N Nov 24, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Update to print (helpers.color("[!] Could not read module source path at: " + str(moduleSource)))


scriptEnd = '$global:FilePath = '

for option,values in self.options.iteritems():
Copy link

@Cx01N Cx01N Nov 24, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

iteritems should be replaced with items

@Cx01N
Copy link

@Cx01N Cx01N commented Feb 3, 2020

Closing due to inactivity. Please reopen if you are able to resolve the conflicts.

@Cx01N Cx01N closed this Feb 3, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants