-
Notifications
You must be signed in to change notification settings - Fork 13.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add 'PackRat' post exploitation module -- gathers many end user application artefacts #5433
Conversation
This post exploitation module has an extensive list of artefacts that it can gather from applications on end user systems. Artefacts include: chat logins and logs, browser logins and history and cookies, email logins and emails sent and received and deleted, contacts, and many others. These artefacts are collected from applications including: 12 browsers, 13 chat/IM/IRC applications, 6 email clients, and 1 game. The use case for this post-exploitation module is to specify the types of artefacts you are interested in, to gather the relevant files depending on your aims.
Cool stuff! I think you want "artifacts" however vs "artefacts". Additionally, can you confirm or point to any licensing information? Don't want to get in trouble! ;) |
Hi @kernelsmith, The code has been updated to use the US spelling. We can confirm the code is released under the Metasploit Framework License (MSF_LICENSE and/or BSD_LICENSE). Thanks. |
ah, I wasn't sure if it was a regional thing or not because both spellings were used. Thanks! |
@@ -0,0 +1,918 @@ | |||
## | |||
# This module requires Metasploit: http//metasploit.com/download |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
$ tools/msftidy.rb modules/post/windows/gather/enum_application_artifacts_packrat.rb
modules/post/windows/gather/enum_application_artifacts_packrat.rb - [INFO] Invalid URL: # This module requires Metasploit: http//metasploit.com
I honestly feel like this is too verbose:
What about being less verbose by default, for example switching to "vprint". I feel like being less verbose by default and showing just a summary table at the end would look better. |
Since it has been more than a month of the last review and has not been any answer I'm going to move this module to unstable at the moment. @cliffe feel free to reopen if at any moment you would like to finish review in order to merge it into rapid7/master. Thanks! |
* Close #5433 by moving the module to unstable
Thanks for the code review and sorry for the delay. I will get to this in the next couple of weeks and push the changes. @jvazquez-r7, can I push to this branch/pull request, to keep all the comments and review, or do have to start a new pull request (loosing the above context for changes)? |
This post exploitation module has an extensive list of artefacts that it can gather from applications on end user systems.
Artefacts include: chat logins and logs, browser logins and history and cookies, email logins and emails sent and received and deleted, contacts, and many others. These artefacts are collected from applications including: 12 browsers, 13 chat/IM/IRC applications, 6 email clients, and 1 game.
The use case for this post-exploitation module is to specify the types of artefacts you are interested in, to gather the relevant files depending on your aims.
Show options illustrates the many kinds of information that can be selectively gathered.
So for example, to gather all database files from Viber:
Gathering everything is also an option:
...
Loot!:
This module was developed by Barwar Salim M for his final year project at Leeds Beckett University. Guidance, code clean-up and some additions by Z. Cliffe Schreuders.
We believe that this module will substantially increase the post-exploitation information gathering coverage for files of interest on end user systems.