def docker_check(): display.seperator("Docker check") if os.path.isfile('/.dockerenv'): print("Docker-container (env) " + " " + display.detected()) else: print("Docker-container (env) " + " " + display.undetected()) if os.path.isfile('/etc/default/grub'): print("Docker-container (grub) " + " " + display.undetected()) else: print("Docker-container (grub) " + " " + display.detected())
def process_check(): display.seperator("Process check") processes = [ "qemu-ga.exe", "xenservice.exe", "prl_tools.exe", "prl_cc.exe", "vmusrvc.exe", "vmsrvc.exe", "vmacthlp.exe", "VGAuthService.exe", "vmwareuser", "vmwaretray.exe", "vmtoolsd.exe", "vboxtray.exe", "vboxservice.exe"] count = 0 print("\n") while count < len(processes): if process_exists(processes[count]): print("Process " + processes[count] + " " + display.detected()) else: print("Process " + processes[count] + " " + display.undetected()) count += 1
def driver_check(): display.seperator("Driver check") driver_path = r"C:\Windows\System32\drivers" files = os.listdir(driver_path) drivers = [ "VBoxMouse.sys", "VBoxGuest.sys", "VBoxSF.sys", "VBoxVideo.sys", "vboxdisp.dll", "vboxhook.dll", "vboxmrxnp.dll", "vboxogl.dll", "vboxoglarrayspu.dll", "vboxoglcrutil.dll", "vboxoglerrorspu.dll", "vboxoglfeedbackspu.dll", "vboxoglpackspu.dll", "vboxoglpassthroughspu.dll", "VBoxService.exe", "VBoxTray.exe", "VBoxControl.exe", "vmmouse.sys", "vmhgfs.sys", "vm3dmp.sys", "vmci.sys", "mhgfs.sys", "vmmemctl.sys", "vmmouse.sys", "vmrawdsk.sys", "vmusbmouse.sys",] for f in files: for dll in drivers: if f == dll: print("Driver " + dll + " " + display.detected())
def disk_check(): display.seperator("Disk check") usage = shutil.disk_usage("/") GB = 1073741824 disk_total = int(usage[0] / GB) if disk_total < 50: print("Disk total less than 50gb " + display.detected()) else: print("Disk total more than 50gb " + display.undetected())
def memory_check(): display.seperator("Memory check") mem = virtual_memory() GB = 1073741824 memory = int(mem.total / GB) if memory < 4: print("RAM less than 4gb " + display.detected()) else: print("RAM more than 4gb " + display.undetected())
def hostname_check(): display.seperator("Hostname check") hostname = os.environ['userdomain'] hostnames = ["vmware", "virtualbox", "test", "vm", "virtual_machine"] for possible_name in hostnames: if possible_name == hostname: print(possible_name + " " + display.detected()) else: print(possible_name + " " + display.undetected())
def hypervisor_check(): display.seperator("Hypervisor check") result = subprocess.check_output("powershell.exe (gcim Win32_ComputerSystem).HypervisorPresent", shell=True) result =''.join(str(result)) result = result.replace("b'", "") result = result.replace("\\r\\n'", "") if result == "True": print("Hypervisor " + display.detected()) else: print("Hypervisor " + display.undetected())
def username_check(): #Testing for default usernames within a windows Virtual machine display.seperator("Username check") usernames = ["zeus", 'test'] print("actual username " + " " + os.getlogin()) for names in usernames: if names == os.getlogin(): print(names + ' ' + display.detected()) else: print(names + ' ' + display.undetected())
def index(registry, string, type): #accessing registry through init HKEY access_registry = winreg.ConnectRegistry(None,winreg.HKEY_LOCAL_MACHINE) #opening registry for i in range(1028): try: #results based on directory names access_key = winreg.OpenKey(access_registry,registry) x =winreg.EnumKey(access_key,i) if x == string: print(type+ " " + display.detected()) except: break
def guest_additions_check(): display.seperator("Guest Additions check") ga_drive = r"D:\\" guest_additions = [ "VboxDarwinAdditions.pkg", "VboxDarwinAdditionsUninstall.tool", "VboxLinuxAdditions.run", "VboxSolarisAdditions.pkg", "VboxWindowsAdditions.exe", "VboxWindowsAdditions-x86.exe", "VboxWindowsAdditions-amd64.exe" ] guest_additions_dir = os.listdir(ga_drive) for guestaddition in guest_additions_dir: for found_ga in guest_additions: if guestaddition == found_ga: print("GuestAddition file " + found_ga + " " + display.detected())
def search(registry, query, queryresult, string, type): #accessing registry through init HKEY access_registry = winreg.ConnectRegistry(None,winreg.HKEY_LOCAL_MACHINE) #opening registry access_key = winreg.OpenKey(access_registry,registry) for i in range(20): try: #results based on registry keys asubkey_name=winreg.EnumKey(access_key,i) asubkey=winreg.OpenKey(access_key, asubkey_name) #searching all queries queryresult = winreg.QueryValueEx(asubkey, query) except: break #converting query output to string queryresult =''.join(str(queryresult)) #checking query against possible keywords if string in queryresult: #virtual machine detected print(type + " " + display.detected()) else: #'virtual machine not detected print(type + " " + display.undetected())