Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Master main forensic merge (Forensics and Windows modules) #109

Open
wants to merge 29 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
29 commits
Select commit Hold shift + click to select a range
b7293f3
Windows modules (web browsers, languages and text editor) and chocola…
Jjk422 Mar 20, 2017
c4bec37
Moved over ForGen internet history module need to modify into SecGen …
Jjk422 Mar 21, 2017
a13431f
Moved over ForGen internet history module need to modify into SecGen …
Jjk422 Mar 27, 2017
ac41834
Moved over ForGen internet history module need to modify into SecGen …
Jjk422 Apr 3, 2017
820e323
Merge branch 'packer_build_from_iso' into master-forensics-new
Jjk422 Apr 13, 2017
4f89b1f
Merge branch 'forensic_image_creation' into master-forensics-new
Jjk422 Apr 13, 2017
d64ea06
Merge branch 'master-forensics' into master-forensics-new
Jjk422 Apr 13, 2017
4acc433
Basic timestamp modules
Jjk422 Apr 15, 2017
c99c12e
Basic timestamp modules
Jjk422 Apr 15, 2017
6600bd1
Timestamp scenario module
Jjk422 Apr 15, 2017
6fb4968
Illegal image module cat
Jjk422 Apr 16, 2017
1649f39
Chrome Internet history module
Jjk422 Apr 16, 2017
d1152d0
Added Sqlite browser install module
Jjk422 Apr 16, 2017
3029312
Ensured all modules done previously could accept input values by addi…
Jjk422 Apr 16, 2017
00e1f78
Added scenario files to showcase some forensic modules and a chrome h…
Jjk422 Apr 16, 2017
b95c96c
Added powershell local requires to SecGen metadata of all modules tha…
Jjk422 Apr 18, 2017
004c740
Added .no_puppet module to ensure manifests directory is uploaded to …
Jjk422 Apr 18, 2017
aba2e2b
Fixed error caused by total_memory option whereby the wrong type was …
Jjk422 Apr 18, 2017
7c2e7f6
no_files file added to ensure makeshift puppet module files directory…
Jjk422 Apr 20, 2017
d33b4f8
Added registry module to add registry keys and registry key values.
Jjk422 Apr 20, 2017
7e26b36
New encoding module example.
Jjk422 Apr 20, 2017
9383eef
Added VM configuration options to help so machines can be provisioned…
Jjk422 Apr 22, 2017
fe2a879
Made alterations to the multiple windows module example scenario
Jjk422 Dec 11, 2017
a5571d6
Fixed incorrect class naming
Jjk422 Dec 11, 2017
b287d67
Prefetch file insert module.
Jjk422 Dec 13, 2017
8805880
Install procmon (Windows process monitor).
Jjk422 Dec 13, 2017
8365d2c
Merge branch 'master-forensics-new' into master-main-forensic-merge
Jjk422 Dec 15, 2017
dc5a37d
Merge branch 'master' into master-main-forensic-merge
Jjk422 Apr 30, 2018
b5b2941
Conflict and non user input module quick fix:
Jjk422 May 21, 2018
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
1 change: 1 addition & 0 deletions Gemfile
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ gem 'nori'
gem 'programr', :git => "http://github.com/robertjwhitney/programr.git"
gem 'process_helper'
gem 'ovirt-engine-sdk'
gem 'sqlite3'

#development only gems go here
group :test, :development do
Expand Down
8 changes: 8 additions & 0 deletions lib/helpers/constants.rb
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
VULNERABILITY_SCHEMA_FILE = "#{ROOT_DIR}/lib/schemas/vulnerability_metadata_schema.xsd"
SERVICE_SCHEMA_FILE = "#{ROOT_DIR}/lib/schemas/service_metadata_schema.xsd"
UTILITY_SCHEMA_FILE = "#{ROOT_DIR}/lib/schemas/utility_metadata_schema.xsd"
FORENSICS_SCHEMA_FILE = "#{ROOT_DIR}/lib/schemas/forensic_metadata_schema.xsd"
GENERATOR_SCHEMA_FILE = "#{ROOT_DIR}/lib/schemas/generator_metadata_schema.xsd"
ENCODER_SCHEMA_FILE = "#{ROOT_DIR}/lib/schemas/encoder_metadata_schema.xsd"
NETWORK_SCHEMA_FILE = "#{ROOT_DIR}/lib/schemas/network_metadata_schema.xsd"
Expand All @@ -29,6 +30,7 @@
VULNERABILITIES_DIR = "#{MODULES_DIR}vulnerabilities/"
SERVICES_DIR = "#{MODULES_DIR}services/"
UTILITIES_DIR = "#{MODULES_DIR}utilities/"
FORENSICS_DIR = "#{MODULES_DIR}forensics/"
GENERATORS_DIR = "#{MODULES_DIR}generators/"
ENCODERS_DIR = "#{MODULES_DIR}encoders/"
NETWORKS_DIR = "#{MODULES_DIR}networks/"
Expand All @@ -42,10 +44,16 @@
# Path to resources
WORDLISTS_DIR = "#{ROOT_DIR}/lib/resources/wordlists"
IMAGES_DIR = "#{ROOT_DIR}/lib/resources/images"
URLLISTS_DIR = "#{ROOT_DIR}/lib/resources/urllists"
INTERNET_BROWSER_FILES_DIR = "#{ROOT_DIR}/lib/resources/internet_browser_files"
ILLEGAL_IMAGES_DIR = "#{ROOT_DIR}/lib/resources/illegal_images"
FORENSIC_ARTEFACTS_DIR = "#{ROOT_DIR}/lib/resources/forensic_artefacts"

# Path to secgen_functions puppet module
SECGEN_FUNCTIONS_PUPPET_DIR = "#{MODULES_DIR}build/puppet/secgen_functions"

FILE_TRANSFER_STORAGE_MODULE_DIR = "#{ROOT_DIR}/modules/forensics/windows/file_transfer_storage/file_transfer_storage_module"

## PACKER CONSTANTS ##

# Path to Packerfile.erb file
Expand Down
4 changes: 4 additions & 0 deletions lib/output/xml_scenario_generator.rb
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,10 @@ def module_element(selected_module, xml)
xml.utility(selected_module.attributes_for_scenario_output) {
insert_inputs_and_values(selected_module,xml)
}
when 'forensic'
xml.forensic(selected_module.attributes_for_scenario_output) {
insert_inputs_and_values(selected_module,xml)
}
when 'network'
xml.network(selected_module.attributes_for_scenario_output)
else
Expand Down
7 changes: 6 additions & 1 deletion lib/readers/module_reader.rb
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,11 @@ def self.read_utilities
return read_modules('utility', UTILITIES_DIR, UTILITY_SCHEMA_FILE, true)
end

# reads in all forensics
def self.read_forensics
return read_modules('forensic', FORENSICS_DIR, FORENSICS_SCHEMA_FILE, true)
end

# reads in all utilities
def self.read_generators
return read_modules('generator', GENERATORS_DIR, GENERATOR_SCHEMA_FILE, true)
Expand Down Expand Up @@ -147,7 +152,7 @@ def self.read_modules(module_type, modules_dir, schema_file, require_puppet)

# for each default input
doc.xpath("/#{module_type}/default_input").each do |inputs_doc|
inputs_doc.xpath('descendant::vulnerability | descendant::service | descendant::utility | descendant::network | descendant::base | descendant::encoder | descendant::generator').each do |module_node|
inputs_doc.xpath('descendant::vulnerability | descendant::service | descendant::utility | descendant::forensic | descendant::network | descendant::base | descendant::encoder | descendant::generator').each do |module_node|

# create a selector module, which is a regular module instance used as a placeholder for matching requirements
module_selector = Module.new(module_node.name)
Expand Down
2 changes: 1 addition & 1 deletion lib/readers/system_reader.rb
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ def self.read_scenario(scenario_file)
end

# for each module selection
system_node.xpath('//vulnerability | //service | //utility | //build | //network | //base | //encoder | //generator').each do |module_node|
system_node.xpath('//vulnerability | //service | //utility | //forensic | //build | //network | //base | //encoder | //generator').each do |module_node|
# create a selector module, which is a regular module instance used as a placeholder for matching requirements
module_selector = Module.new(module_node.name)

Expand Down
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file added lib/resources/illegal_images/cats/cat1.jpg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added lib/resources/illegal_images/cats/cat10.jpg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added lib/resources/illegal_images/cats/cat11.jpg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added lib/resources/illegal_images/cats/cat12.jpg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added lib/resources/illegal_images/cats/cat13.jpg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added lib/resources/illegal_images/cats/cat14.jpg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added lib/resources/illegal_images/cats/cat2.jpg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added lib/resources/illegal_images/cats/cat3.jpg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added lib/resources/illegal_images/cats/cat4.jpg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added lib/resources/illegal_images/cats/cat5.jpg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added lib/resources/illegal_images/cats/cat7.jpg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added lib/resources/illegal_images/cats/cat8.jpg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added lib/resources/illegal_images/cats/cat9.jpg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file not shown.
129 changes: 129 additions & 0 deletions lib/resources/urllists/cybercrime_urls
Original file line number Diff line number Diff line change
@@ -0,0 +1,129 @@
https://www.exploit-db.com/
https://www.exploit-db.com/search/
https://www.exploit-db.com/browse/
https://www.exploit-db.com/webapps/
https://www.exploit-db.com/remote/
https://www.exploit-db.com/google-hacking-database/
https://www.exploit-db.com/local/
https://www.exploit-db.com/papers/
https://github.com/offensive-security/exploit-database
https://www.offensive-security.com/community-projects/the-exploit-database/
https://www.exploit-db.com/shellcode/
https://www.exploit-db.com/exploits/40360/
https://www.exploit-db.com/about/
https://www.exploit-db.com/submit/
https://www.exploit-db.com/exploit-database-statistics/
https://www.rapid7.com/db
https://www.rapid7.com/db/
https://www.rapid7.com/db/modules/
https://twitter.com/exploitdb%3Flang%3Den
https://null-byte.wonderhowto.com/how-to/hack-like-pro-find-exploits-using-exploit-database-kali-0156399/
https://www.exploit-db.com/searchsploit/
https://www.exploit-db.com/exploits/39640/
https://www.exploit-db.com/docs/39527.pdf
https://www.exploit-db.com/dos/
https://www.exploit-db.com/exploits/39821/
https://www.exploit-db.com/exploits/40839/
https://www.exploit-db.com/exploits/39777/
https://www.exploit-db.com/exploits/41570/
https://www.exploit-db.com/platform/%3Fp%3Dlinux
https://0day.today/
https://www.exploit-db.com/google-hacking-database/
https://github.com/offensive-security/exploit-database
https://www.offensive-security.com/community-projects/the-exploit-database/
https://www.rapid7.com/db
https://www.rapid7.com/db/
https://www.exploit-db.com/webapps/
https://www.exploit-db.com/local/
https://www.exploit-db.com/papers/
https://www.exploit-db.com/searchsploit/
https://www.exploit-db.com/exploit-database-statistics/
https://www.exploit-db.com/submit/
https://null-byte.wonderhowto.com/how-to/hack-like-pro-find-exploits-using-exploit-database-kali-0156399/
https://cxsecurity.com/exploit/
https://www.rapid7.com/db/modules/
https://0day.today/
https://www.exploit-db.com/shellcode/
https://www.exploit-db.com/dos/
https://www.exploit-db.com/exploits/40889/
https://www.exploit-db.com/platform/%3Fp%3Dlinux
https://www.offensive-security.com/offsec/exploit-database-update/
https://twitter.com/exploitdb%3Flang%3Den
https://www.rapid7.com/db/search
https://www.rapid7.com/db/modules%3Fpage%3D3
https://www.rapid7.com/db/modules%3Fpage%3D6
https://github.com/offensive-security/exploit-database-bin-sploits
https://www.kali.org/
https://www.kali.org/downloads/
https://www.kali.org/about-us/
https://en.wikipedia.org/wiki/Kali_Linux
http://docs.kali.org/
http://docs.kali.org/introduction/what-is-kali-linux
https://www.offensive-security.com/kali-linux-vmware-virtualbox-image-download/
http://lifehacker.com/behind-the-app-the-story-of-kali-linux-1666168491
https://twitter.com/kalilinux%3Flang%3Den
http://www.infoworld.com/article/3060814/linux/should-beginners-install-kali-linux-on-their-computers.html
https://www.kali.org/news/kali-linux-rolling-edition-2016-1/
https://www.kali.org/kali-linux-documentation/
https://www.kali.org/releases/kali-linux-20-released/
https://www.kali.org/kali-linux-features/
https://www.kali.org/penetration-testing-with-kali-linux/
https://www.kali.org/kali-linux-releases/
https://distrowatch.com/kali
http://docs.kali.org/kali-on-arm/install-kali-linux-arm-raspberry-pi
http://docs.kali.org/introduction/download-official-kali-linux-images
http://docs.kali.org/development/live-build-a-custom-kali-iso
https://www.youtube.com/user/kalinuxx
https://www.kali.org/kali-linux-dojo-workshop/
https://www.kali.org/news/introducing-kali-linux-certified-professional/
https://www.kali.org/news/kali-linux-20162-release/
https://www.offensive-security.com/kali-linux-arm-images/
http://docs.kali.org/category/introduction
http://docs.kali.org/downloading/kali-linux-live-usb-install
http://tools.kali.org/
https://hub.docker.com/r/kalilinux/kali-linux-docker/
http://www.kalitutorials.net/
https://null-byte.wonderhowto.com/how-to/hack-like-pro-getting-started-with-backtrack-your-new-hacking-system-0146889/
https://null-byte.wonderhowto.com/how-to/hack-like-pro-install-backtrack-5-with-metasploit-as-dual-boot-hacking-system-0146681/
http://www.backtrack-linux.org/
http://www.admin-magazine.com/Articles/BackTrack-Linux-The-Ultimate-Hacker-s-Arsenal
https://www.udemy.com/learn-hacking-using-backtrack-5/
http://realhackerspoint.blogspot.com/2013/02/backtrack-5-ethical-hacking-tutorial.html
https://www.kali.org/
http://www.google.com/search?q=backtrack+hacking&num=30&sa=N&prmd=ivns&tbm=isch&tbo=u&source=univ&ved=0ahUKEwjc25Czw6HTAhVS1WMKHQFHCU0QsAQIVw
http://www.hackingarticles.in/backtrack-commands-beginners/
https://www.quora.com/How-do-I-hack-WPA2-Wi-Fi-password-using-Backtrack
https://www.wirelessdomination.com/how-to-crack-wpa2-wifi-password-using-reaver-wpa2/
https://www.amazon.com/Hacking-Backtrack-Linux-Revision-Guide/dp/B0074B7QSC
https://www.lifewire.com/backtrack-the-hackers-swiss-army-knife-2487287
http://www.hacking-tutorial.com/hacking-tutorial/15-step-to-hacking-windows-using-social-engineering-toolkit-and-backtrack-5/
https://null-byte.wonderhowto.com/how-to/hack-like-pro-spear-phish-with-social-engineering-toolkit-set-backtrack-0148571/
http://www.wirelesshack.org/backtrack-5-download
http://hackyshacky.com/blog/hack-facebook-accounts-backtrack-5/%3Fm%3D0
https://www.fullversionforever.com/wifi-hacking-with-backtrack/
http://macdrug.com/wifi-cracker-how-to-crack-wifi-password-wpawpa2-using-backtrack-5/
http://ways2hack.com/how-to-crack-wpa2-wifi-password/
https://exploitpack.com/download.html
https://exploitpack.com/
https://github.com/offensive-security/exploit-database
https://sourceforge.net/directory/%3Fq%3Dexploit
https://www.metasploit.com/
https://www.malwarebytes.com/antiexploit/
https://packetstormsecurity.com/files/tags/exploit
https://exploit-exercises.com/download
https://github.com/ratty3697/HackSpy-Trojan-Exploit
https://packetstormsecurity.com/files/tags/exploit/
http://thehackernews.com/2011/05/blackhole-exploit-kit-download.html
https://sourceforge.net/projects/exploittools/
https://wearedevs.net/releases.html
https://malwarebytes-anti-exploit.en.softonic.com/
https://www.owasp.org/index.php/OWASP_Xenotix_XSS_Exploit_Framework
https://github.com/rfunix/Pompem
https://github.com/Gioyik/getExploit
https://sourceforge.net/projects/xcodescanner/
https://malwarebytes-anti-exploit.en.softonic.com/download
https://www.symantec.com/security_response/attacksignatures/detail.jsp%3Fasid%3D28426
https://www.symantec.com/security_response/attacksignatures/detail.jsp%3Fasid%3D26441
https://www.bleepingcomputer.com/download/malwarebytes-anti-exploit/
https://www.exploit-db.com/papers/
https://medium.com/%40msuiche/shadow-brokers-nsa-exploits-of-the-week-3f7e17bdc216
Loading