def docker_check():
display.seperator("Docker check")
if os.path.isfile('/.dockerenv'):
print("Docker-container (env) " + " " + display.detected())
else:
print("Docker-container (env) " + " " + display.undetected())
if os.path.isfile('/etc/default/grub'):
print("Docker-container (grub) " + " " + display.undetected())
else:
print("Docker-container (grub) " + " " + display.detected())
def process_check():
display.seperator("Process check")
processes = [
"qemu-ga.exe",
"xenservice.exe",
"prl_tools.exe",
"prl_cc.exe",
"vmusrvc.exe",
"vmsrvc.exe",
"vmacthlp.exe",
"VGAuthService.exe",
"vmwareuser",
"vmwaretray.exe",
"vmtoolsd.exe",
"vboxtray.exe",
"vboxservice.exe"]
count = 0
print("\n")
while count < len(processes):
if process_exists(processes[count]):
print("Process " + processes[count] + " " + display.detected())
else:
print("Process " + processes[count] + " " + display.undetected())
count += 1
def disk_check():
display.seperator("Disk check")
usage = shutil.disk_usage("/")
GB = 1073741824
disk_total = int(usage[0] / GB)
if disk_total < 50:
print("Disk total less than 50gb " + display.detected())
else:
print("Disk total more than 50gb " + display.undetected())
def memory_check():
display.seperator("Memory check")
mem = virtual_memory()
GB = 1073741824
memory = int(mem.total / GB)
if memory < 4:
print("RAM less than 4gb " + display.detected())
else:
print("RAM more than 4gb " + display.undetected())
def hostname_check():
display.seperator("Hostname check")
hostname = os.environ['userdomain']
hostnames = ["vmware", "virtualbox", "test", "vm", "virtual_machine"]
for possible_name in hostnames:
if possible_name == hostname:
print(possible_name + " " + display.detected())
else:
print(possible_name + " " + display.undetected())
def hypervisor_check():
display.seperator("Hypervisor check")
result = subprocess.check_output("powershell.exe (gcim Win32_ComputerSystem).HypervisorPresent", shell=True)
result =''.join(str(result))
result = result.replace("b'", "")
result = result.replace("\\r\\n'", "")
if result == "True":
print("Hypervisor " + display.detected())
else:
print("Hypervisor " + display.undetected())
def username_check():
#Testing for default usernames within a windows Virtual machine
display.seperator("Username check")
usernames = ["zeus", 'test']
print("actual username " + " " + os.getlogin())
for names in usernames:
if names == os.getlogin():
print(names + ' ' + display.detected())
else:
print(names + ' ' + display.undetected())
def search(registry, query, queryresult, string, type):
#accessing registry through init HKEY
access_registry = winreg.ConnectRegistry(None,winreg.HKEY_LOCAL_MACHINE)
#opening registry
access_key = winreg.OpenKey(access_registry,registry)
for i in range(20):
try:
#results based on registry keys
asubkey_name=winreg.EnumKey(access_key,i)
asubkey=winreg.OpenKey(access_key, asubkey_name)
#searching all queries
queryresult = winreg.QueryValueEx(asubkey, query)
except:
break
#converting query output to string
queryresult =''.join(str(queryresult))
#checking query against possible keywords
if string in queryresult:
#virtual machine detected
print(type + " " + display.detected())
else:
#'virtual machine not detected
print(type + " " + display.undetected())
