Exemple #1
def scanpc(log_file_path):
    Exécute le scan de l'ordinateur en appelant diverses fonctions,
    écrit les logs sur le périphérique qui a lancé l'exécutable,
    Retourne le chemin du log final
    Process the computer scan with several other functions,
    write logs on the device where the app has been launched,
    Return the final log path
    texte = "Computer scanning in progress... Please wait...\n"

    log_file = str(log_file_path) + "FINAL.html"

    # Write first html tags
    elementraw = """<!DOCTYPE html>
            <title>ScanPC result</title>
            <meta charset="utf-8">
            <link rel="stylesheet" type="text/css" href="style.css">
            {1} <br>
    # </body>
    # </html>"""

    # Texte d'intro
    texte = '<h1>Scanning of computer "' + COMPUTERNAME + '"</h1>'
    element2 = '<time>' + datetime.now().strftime(
        "%A %d %B %Y %H:%M:%S") + '</time>\n'
    element = elementraw.format(texte, element2)
    writer.writelog(log_file, element)

    # Scans de base
    services_running_dict = scans.services_info(log_file_path)

    texte4 = "\nBasic scan ended.\n"

    # Scan des logiciels
    software_dict = software_init(log_file_path)

    return log_file, software_dict, services_running_dict
Exemple #2
def services_info(log_file_path):
    ~ wmic service where started=true get name, displayname, processid, startmode, startname, pathname
    Liste les services démarrés sur l'ordinateur
    Retourne le dictionnaire des noms des services démarrés
    List computer started services
    Return the running services names dict
    writer.writer('Getting running services')
    # 1 - Ecriture début de log
    log_file = log_file_path + 'FINAL.html'
    writer.writelog(log_file, '<div><br>\n')
    elem = '<h2>Running services on computer "' + COMPUTERNAME + '"</h2>'
    writer.prepa_log_scan(log_file, elem)

    # 2 - Obtenir la liste des services démarrés
    if detect_os() != 'xp' or psutil.__version__ != '3.4.2':
        services_list = psutil.win_service_iter()
        services_running_dict = {}
        for srv in services_list:
            srvname = re.findall("name='(.*)',", str(srv))[0]
            service_temp = psutil.win_service_get(srvname)
            service = service_temp.as_dict()
            # Keep running services
            if service['status'] == 'running':
                services_running_dict[service['name']] = {'Name':service['name'], 'PID':service['pid'],
                                                          'Display_Name':service['display_name'], 'Start_Type':service['start_type'],
                                                          'Username':service['username'], 'Binpath':service['binpath']}
        import wmi
        wmi_instance = wmi.WMI()
        services_list = wmi_instance.Win32_Service()
        services_running_dict = {}
        for srv in services_list:
            # Keep running services
            if srv.State == 'Running':
                services_running_dict[srv.name] = {'Name':srv.name, 'PID':srv.processid,
                                                   'Display_Name':srv.displayname, 'Start_Type':srv.startmode,
                                                   'Username':srv.startname, 'Binpath':srv.pathname}

    # 3 - Ecriture du fichier CSV
    header = ['Name', 'Display_Name', 'PID', 'Start_Type', 'Username', 'Binpath']
    csv_file = log_file_path + "services.csv"
    writer.write_csv(csv_file, header, services_running_dict)

    # 4 - Transformation du CSV en HTML
    htmltxt = writer.csv2html(csv_file, 'Running services')

    # 5 - Ecriture de la fin du log
    writer.writelog(log_file, str(len(services_running_dict)) + ' running services :<br>\n')
    writer.writelog(log_file, htmltxt)
    writer.writelog(log_file, '\n</div>\n')

    return services_running_dict
Exemple #3
def init():
    Initialisation du programme
    Software initialization
    print('\t\t\t---------- ScanPC ---------')
    print('\t*\t\t    Computer scanning                         *')
    print('\t*\t\t          Disclaimer !                        *')
    print('\t*\t This sofware only scan your computer                 *')
    print('\t*\t for users, various system information and software.  *')
    print('\t*\t No copy of your data will be performed.              *')

    # Begin timer
    begin_scan = time.time()

    # Début du programme
    key = scanpart()
    unique_dir = str(COMPUTERNAME) + '_' + datetime.now().strftime(
    log_file_path = str(key) + "/logScanPC/" + datetime.now().strftime(
        '%Y/%m/%d/') + unique_dir + '/' + unique_dir
    # Appel de scanPC
    log_file, software_dict, services_running_dict = scanpc(log_file_path)
    # Tests complémentaires
    complement_init(log_file_path, software_dict, services_running_dict)
    writer.writelog(log_file, '\n</div>\n')

    # Ending timer
    end_scan = time.time()
    total_time_scan = end_scan - begin_scan
    elem = "----------------------- Scan ended ------------------------"
    writer.prepa_log_scan(log_file, elem)
    total_time = 'Computer analyzed in {} seconds.'.format(
        round(total_time_scan, 2))
    writer.writelog(log_file, total_time)
    writer.writer('Computer analyzed in ' + str(round(total_time_scan, 2)) +
                  ' seconds.\n')

    # Write last html tags
    elementraw = """
    writer.writelog(log_file, elementraw)

    # Copy css file in the log directory
    if os.path.isfile(STYLECSSFILE):
        file_name = os.path.basename(STYLECSSFILE)
        file_to_write = str(key) + "/logScanPC/" + datetime.now().strftime(
            '%Y/%m/%d/') + unique_dir + '/' + file_name
        writer.copy_file(STYLECSSFILE, file_to_write)

    #Fin du programme
Exemple #4
def gen_eicar(log_file_path):
    Génére un fichier Eicar pour tester l'antivirus
    Generate an Eicar file to test antivirus
    # 1 - Création du virus
    msg0 = '\n--Antivirus testing--\nAn Eicar virus test will be generated to test the antivirus.'
    eicar_file = str(log_file_path) + 'eicar_testFile'
    writer.writelog(eicar_file, element)

    # 2 - Demande à l'utilisateur
    msg0 = '\nDid the antivirus alert you ? (y = yes, n = no)\n'
    user_rep = 'FAILED - The antivirus does not alert/detect viruses'
    if verif.reponse() == 'y':
        user_rep = 'OK - The antivirus does alert/detect viruses'
    return user_rep
Exemple #5
def ports_info(log_file_path):
    ~ netstat -a
    Liste les communications réseaux de l'ordinateur
    Retourne le dictionnaire des connexions réseaux
    List computer network connections
    Return the network connections dict
    writer.writer('Getting network connections')
    # 1 - Ecriture début de log
    log_file = log_file_path + "FINAL.html"
    writer.writelog(log_file, '<div><br>\n')
    elem = '<h2>Informations about network connections of computer "' + COMPUTERNAME + '"</h2>'
    writer.prepa_log_scan(log_file, elem)

    # 2 - obtenir la liste des connexions actives
    ports_list = psutil.net_connections()
    ports_dict = {}
    for ports in ports_list:
        if ports.status == 'ESTABLISHED' or ports.status == 'CLOSE_WAIT':
            ports_dict[str(ports.laddr)] = {'Local_addr':str(ports.laddr[0]), 'Local_port':str(ports.laddr[1]),
                                            'Remote_addr':str(ports.raddr[0]), 'Remote_port':str(ports.raddr[1]),
                                            'Status':str(ports.status), 'PID':str(ports.pid)}

        if ports.status == 'LISTEN':
            ports_dict[str(ports.laddr)] = {'Local_addr':str(ports.laddr[0]), 'Local_port':str(ports.laddr[1]),
                                            'Remote_addr':'', 'Remote_port':'',
                                            'Status':str(ports.status), 'PID':str(ports.pid)}

    # 3 - Ecriture du fichier CSV
    header = ['Local_addr', 'Local_port', 'Remote_addr', 'Remote_port', 'Status', 'PID']
    csv_file = log_file_path + "ports.csv"
    writer.write_csv(csv_file, header, ports_dict)

    # 4 - Transformation du CSV en HTML
    htmltxt = writer.csv2html(csv_file, 'Network connections')

    # 5 - Ecriture de la fin du log
    writer.writelog(log_file, str(len(ports_dict)) + ' network connections :<br>\n')
    writer.writelog(log_file, htmltxt)
    writer.writelog(log_file, '\n</div>\n')

    return ports_dict
Exemple #6
def process_info(log_file_path):
    ~ tasklist /SVC
    Liste les processus démarrés sur l'ordinateur
    Retourne le dictionnaire des processus
    List computer running processes
    Retourne the processes dict
    writer.writer('Getting running processes')
    # 1 - Ecriture début de log
    log_file = log_file_path + 'FINAL.html'
    writer.writelog(log_file, '<div><br>\n')
    elem = '<h2>Running processes on computer "' + COMPUTERNAME + '"</h2>'
    writer.prepa_log_scan(log_file, elem)

    # 2 - Obtenir la liste des processus démarrés
    proc_dict = {}
    for proc in psutil.process_iter():
            proc_timestamp = proc.create_time()
            proc_start_date = datetime.fromtimestamp(proc_timestamp)
            proc_dict[str(proc.pid)] = {'Name':str(proc.name()),
                                        'PPID': str(proc.ppid()),
                                        'Start': str(proc_start_date)}
        except (psutil.NoSuchProcess, psutil.AccessDenied, psutil.ZombieProcess):

    # 3 - Ecrire du fichier CSV
    header = ['Name', 'PID', 'PPID', 'Start']
    csv_file = log_file_path + 'processes.csv'
    writer.write_csv(csv_file, header, proc_dict)

    # 4 - Transformation du CSV en HTML
    htmltxt = writer.csv2html(csv_file, 'Running processes')

    # 5 - Ecriture de la fin du log
    writer.writelog(log_file, str(len(proc_dict)) + ' running processes :\n')
    writer.writelog(log_file, htmltxt)
    writer.writelog(log_file, '\n</div>\n')

    return proc_dict
Exemple #7
def hotfixes_info(log_file_path):
    ~ wmic qfe get HotfixID,InstalledOn | more
    Liste les patchs de sécurité Windows installés
    Retourne le log généré
    List Windows security updates installed
    Return generated log
    writer.writer('Getting Windows security updates')
    # 1 - Ecriture début de log
    log_file = log_file_path + "FINAL.html"
    writer.writelog(log_file, '<div><br>\n')
    elem = '<h2>Windows security updates of computer "' + COMPUTERNAME + '"</h2>'
    writer.prepa_log_scan(log_file, elem)

    # 2 - Obtenir la liste des correctifs de l'ordinateur
    str_computer = '.'
    obj_wmi_service = win32com.client.Dispatch('WbemScripting.SWbemLocator')
    obj_sw_bem_services = obj_wmi_service.ConnectServer(str_computer, 'root\\cimv2')
    col_items = obj_sw_bem_services.ExecQuery("SELECT * FROM Win32_QuickFixEngineering WHERE Description='Security Update'")
    hotfix_dict = {}
    for obj_item in col_items:
            hotfix_dict[obj_item.HotFixID] = {'HotFixID':obj_item.HotFixID,
                                              'InstalledOn':str(datetime.strptime(str(obj_item.InstalledOn), "%m/%d/%Y").strftime("%Y-%m-%d"))}
        except ValueError:
            hotfix_dict[obj_item.HotFixID] = {'HotFixID':obj_item.HotFixID,

    # 3 - Ecriture du fichier CSV
    header = ['HotFixID', 'InstalledOn']
    csv_file = log_file_path + "hotfixes.csv"
    writer.write_csv(csv_file, header, hotfix_dict)

    # 4 - Transformation du CSV en HTML
    htmltxt = writer.csv2html(csv_file, 'Hotfixes')

    # 5 - Ecriture fin de log
    writer.writelog(log_file, htmltxt)
    writer.writelog(log_file, '\n</div>\n')

    return hotfix_dict
Exemple #8
def mc_afee(log_file):
    Récupere une information complémentaire sur McAfee
    Get more informations about McAfee
    restemp = 'N/A'
    date_ver = 'Date & version : ' + restemp
    epo_lst = '\n--EPO servers list--<br>' + restemp
        date_ver, epo_lst = get_mc_afee()
    except Exception:
    info_mc_afee = '***** McAfee informations *****<br>'
    writer.writelog(log_file, info_mc_afee)
    writer.writelog(log_file, date_ver + '<br>')
    writer.writelog(log_file, epo_lst + '<br>\n\n')
Exemple #9
def shared_folders_info(log_file_path):
    ~ net share
    Liste les dossiers partagés
    Retourne le log généré
    List shared folders
    Return generated log
    writer.writer('Getting shared folders')
    # 1 - Ecriture début de log
    log_file = log_file_path + "FINAL.html"
    writer.writelog(log_file, '<div><br>\n')
    elem = '<h2>Shared folders of computer "' + COMPUTERNAME + '"</h2>'
    writer.prepa_log_scan(log_file, elem)

    # 2 - Obtenir la liste des dossiers partagés de l'ordinateur
    str_computer = '.'
    obj_wmi_service = win32com.client.Dispatch('WbemScripting.SWbemLocator')
    obj_sw_bem_services = obj_wmi_service.ConnectServer(str_computer, 'root\\cimv2')
    col_items = obj_sw_bem_services.ExecQuery('SELECT * FROM Win32_Share')
    shared_folders_dict = {}
    for obj_item in col_items:
        shared_folders_dict[str(obj_item.Name)] = {'Name':str(obj_item.Name), 'Path':str(obj_item.Path),
                                                   'Caption':str(obj_item.Caption), 'Description':str(obj_item.Description)}

    # 3 - Ecriture du fichier CSV
    header = ['Name', 'Path', 'Caption', 'Description']
    csv_file = log_file_path + "shared_folders_info.csv"
    writer.write_csv(csv_file, header, shared_folders_dict)
    # Transformation du CSV en HTML
    htmltxt = writer.csv2html(csv_file, 'Shared Folders')
    writer.writelog(log_file, htmltxt)

    # 5 - Ecriture de la fin du log
    writer.writelog(log_file, '\n</div>\n')

    return log_file
Exemple #10
def software_init(log_file_path):
    Initialisation et fonction principale de la recherche des logiciels
    Init the main function to search installed software
    texte5 = "Software scanning in progress...\n"

    # 1 - Début de l'analyse des logiciels
    log_file = log_file_path + "final.html"
    writer.writelog(log_file, '<div><br>\n')
    elem = '<h2>Software informations of computer "' + COMPUTERNAME + '"</h2>'
    writer.prepa_log_scan(log_file, elem)

    # 2 - Obtenir la liste des logiels de l'ordinateur
    regkey = r"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"  #32 bits
    regkey2 = r"SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall"  #64 bits
    software_list1 = software_lst(regkey)
    software_dict1 = search_software(software_list1, regkey)
    software_list2 = software_lst(regkey2)
    software_dict2 = search_software(software_list2, regkey2)

    # 3 - Concaténation des deux dictionnaires de valeurs des clés de registre (32b et 64b)
    final_dict = software_dict1
    for item, value in software_dict2.items():
        # print(item, value)
        if item not in final_dict.items():
            # print(item)
            final_dict.update({item: value})

    # 4 - Ecriture du fichier CSV
    header = [
        'Name', 'Version', 'Last Update', 'Last Version', 'Up to date',
        'Publisher', 'Location'
    csv_file = log_file_path + "software.csv"
    writer.write_csv(csv_file, header, final_dict)

    # 5 - Transformation du CSV en HTML
    htmltxt = writer.csv2html(csv_file, 'Installed software')

    # 6 - Placer des id sur certains tags du tableau
    htmltxt = htmltxt.replace('<TD>ko</TD>', '<TD id="ko">ko</TD>')
    htmltxt = htmltxt.replace('<TD>ok</TD>', '<TD id="ok">ok</TD>')

    # 7 - Bilan
    soft_ok = 0
    soft_ko = 0
    others = 0
    for _, value in final_dict.items():
        stat = value['Up to date']
        if stat == 'ok':
            soft_ok += 1
        elif stat == 'ko':
            soft_ko += 1
            others += 1

    soft_summary_dict = {}
    soft_summary_dict[str(len(final_dict))] = {
        'Total Software': str(len(final_dict)),
        'Up to date': str(soft_ok),
        '% up to date': str(round(soft_ok / len(final_dict) * 100)),
        'Outdated': str(soft_ko),
        '% outdated': str(round(soft_ko / len(final_dict) * 100)),
        'others': str(others),
        '% others': str(round(others / len(final_dict) * 100))

    header = [
        'Total Software', 'Up to date', '% up to date', 'Outdated',
        '% outdated', 'others', '% others'
    csv_file = log_file_path + "software_summary.csv"
    writer.write_csv(csv_file, header, soft_summary_dict)
    htmltxt2 = writer.csv2html(csv_file, 'Software summary')
    htmltxt2 = htmltxt2.replace('<TH>Up to date</TH>',
                                '<TH id="ok">Up to date</TH>')
    htmltxt2 = htmltxt2.replace('<TH>% up to date</TH>',
                                '<TH id="ok">% up to date</TH>')
    htmltxt2 = htmltxt2.replace('<TH>Outdated</TH>',
                                '<TH id="ko">Outdated</TH>')
    htmltxt2 = htmltxt2.replace('<TH>% outdated</TH>',
                                '<TH id="ko">% outdated</TH>')

    # 8 - Ecriture fin du log
    writer.writelog(log_file, str(len(final_dict)) + ' software found :\n')
    writer.writelog(log_file, htmltxt)
    writer.writelog(log_file, '<br>Software summary :')
    writer.writelog(log_file, htmltxt2)
    writer.writelog(log_file, '\n</div>\n')
    texte5bis = "Software scanning ended.\n"

    return final_dict
Exemple #11
def complement_init(log_file_path, software_dict, services_running_dict):
    Initialisation de la recherche d'infos complémentaires
    Init search
    # 1 - Ecriture début de log (à la fin du log fourni)
    log_file = log_file_path + 'FINAL.html'
    elem = '<h2>Additional scans</h2>'
    writer.prepa_log_scan(log_file, elem)
    writer.writelog(log_file, '<div>\n')

    # 2 - Obtention des informations complémentaires
    # McAfee

    complement_dict = {}  # Name Result
    info_laps = 'LAPS'
    to_find = 'Local Administrator Password Solution'
    res = elem_in_list(1, list(software_dict.keys()), to_find)
    complement_dict[info_laps] = {
        'Name': info_laps,
        'Description': to_find,
        'Result': res,
        'Type': 'Software test'

    ### Services

    ## BranchCache/WSUS
    # BranchCache
    info_bc = 'BranchCache'
    to_find = 'PeerDistSvcs'
    res = elem_in_list(2, list(services_running_dict.keys()), to_find)
    complement_dict[info_bc] = {
        'Name': info_bc,
        'Description': to_find,
        'Result': res,
        'Type': 'Service test'

    # WSUS
    info_wsus = 'WSUS'
    to_find = 'WSUS server'
    restemp = 'N/A'
    srv_wsus = restemp
        srv_wsus = get_wsus()
    except Exception:
    complement_dict[info_wsus] = {
        'Name': info_wsus,
        'Description': to_find,
        'Result': srv_wsus,
        'Type': 'Service test'

    ## AppLocker
    info_al = 'AppLocker'
    to_find = 'AppIDSvc'
    res = elem_in_list(2, list(services_running_dict.keys()), to_find)
    complement_dict[info_al] = {
        'Name': info_al,
        'Description': to_find,
        'Result': res,
        'Type': 'Service test'

    # TestAV
    msg0 = '\nDo you want to perform an antivirus detection test ? (y = yes, n = no)\n'
    if verif.reponse() == 'y':
        user_rep = gen_eicar(log_file_path)
        av_etat = 'Antivirus status'
        to_find = 'Antivirus alert'
        complement_dict[av_etat] = {
            'Name': av_etat,
            'Description': to_find,
            'Result': user_rep,
            'Type': 'Service test'

    # 3 - Ecrire du fichier CSV
    header = ['Type', 'Name', 'Description', 'Result']
    csv_file = log_file_path + 'additional_scans.csv'
    writer.write_csv(csv_file, header, complement_dict)

    # 4 - Transformation du CSV en HTML
    htmltxt = writer.csv2html(csv_file, 'Additional Scans')

    # 5 - Ecriture de la fin du log
                    str(len(complement_dict)) + ' additional scans :\n')
    writer.writelog(log_file, htmltxt)
    writer.writelog(log_file, '\n</div>\n')
Exemple #12
def persistence_info(log_file_path):
    cf https://www.fuzzysecurity.com/tutorials/19.html
    Chercher les élements persistants dans :
        - les répertoires de démarrage
        - Regedit
    Search for persistent objects in :
        - Startup directories
        - Regedit
    writer.writer('Search for persistent objects')
    # 1 - Ecriture début de log
    log_file = log_file_path + "FINAL.html"
    writer.writelog(log_file, '<div><br>\n')
    elem = '<h2>Informations about persistent objects of computer "' + COMPUTERNAME + '"</h2>'
    writer.prepa_log_scan(log_file, elem)

    # 2 - obtenir les objets persistants
    # 2.1a - startup dirs
    drive = os.environ['SYSTEMDRIVE']
    user = os.environ['USERNAME']
    dir_list = [drive + '/Users/' + user + '/AppData/Roaming/Microsoft/Windows/Start Menu/Programs/Startup',
                drive + '/ProgramData/Microsoft/Windows/Start Menu/Programs/Startup',
                drive + '/Documents and Settings/All Users/Start Menu/Programs/Startup']
    files_list = []
    for dirs in dir_list:
        if os.path.isdir(dirs):
            files_list = get_files(dirs, files_list)

    # 2.1b - Ecriture dans le log
    writer.writelog(log_file, 'Persistent objects in startup dirs :<br>\n')
    for elem in files_list:
        writer.writelog(log_file, elem + '<br>\n')

    # 2.2a - regedit
    reg_list = [r'Software\Microsoft\Windows\CurrentVersion\Run',
                r'Software\Microsoft\Windows NT\CurrentVersion\Winlogon']

    per_reg_dict = {}
    for hkeyname, hkeyvalue in hive_list.items():
        for key in reg_list:
            fullhkeyreg = hkeyname + '\\' + key
            tosave_dict = search_reg(hkeyvalue, key)
            if tosave_dict:
                for name, value in tosave_dict.items():
                    per_reg_dict[fullhkeyreg + '_' + name] = {'regkey':fullhkeyreg, 'name':name, 'value':value}

    # 2.2b - Ecriture du fichier CSV
    header = ['regkey', 'name', 'value']
    csv_file = log_file_path + "persistants_reg.csv"
    writer.write_csv(csv_file, header, per_reg_dict)

    # 2.2c - Transformation du CSV en HTML
    htmltxt = writer.csv2html(csv_file, 'Persistent reg objects')

    # 2.2d - Ecriture de la fin du log
    writer.writelog(log_file, '<br>\nPersistent reg objects :<br>\n')
    writer.writelog(log_file, htmltxt)

    # 3 - Ecriture de la fin du log
    writer.writelog(log_file, '\n</div>\n')

    return log_file
Exemple #13
def security_product_info(log_file_path):
    Scan le système pour obtenir la liste et le status des produits de sécurité (antivirus, parefeu, antispyware)
    Retourne le dictionnaire des produits de sécurité
    Scan to get security product in the system with their status (antivirus, firewall, antispyware)
    Return security products dict
    # Determinate what namespace to call
    sec_name_space = 'SecurityCenter'
    if detect_os() != 'xp':
        sec_name_space = 'SecurityCenter2'
    str_computer = '.'
    obj_wmi_service = win32com.client.Dispatch('WbemScripting.SWbemLocator')
    obj_sw_bem_services = obj_wmi_service.ConnectServer(str_computer, 'root\\' + sec_name_space)

    writer.writer('Getting security products')
    # 1 - Ecriture début de log
    log_file = log_file_path + "FINAL.html"
    writer.writelog(log_file, '<div><br>\n')
    elem = '<h2>Security products on computer "' + COMPUTERNAME + '"</h2>'
    writer.prepa_log_scan(log_file, elem)

    # 2 - Obtention des informations
    security_product_dict = {}
    i = 1
    # Antivirus
    col_items = obj_sw_bem_services.ExecQuery("select * from AntivirusProduct")
    i, security_product_dict = security_product_get(i, security_product_dict, col_items, 'Antivirus')

    # Firewalls
    # Windows
    xpfw = win32com.client.gencache.EnsureDispatch('HNetCfg.FwMgr', 0)
    xpfw_policy = xpfw.LocalPolicy.CurrentProfile
    writer.writelog(log_file, 'Windows firewall enabled : ' + str(xpfw_policy.FirewallEnabled) + '<br>\n')
    # Third party firewall
    col_items = obj_sw_bem_services.ExecQuery("select * from FireWallProduct")
    i, security_product_dict = security_product_get(i, security_product_dict, col_items, 'Firewall')

    if detect_os() != 'xp':
        # AntiSpyware
        col_items = obj_sw_bem_services.ExecQuery("select * from AntiSpywareProduct")
        i, security_product_dict = security_product_get(i, security_product_dict, col_items, 'Antispyware')

    # 3 - Ecrire du fichier CSV
    header = ['Type', 'Name', 'GUID', 'pathProduct', 'pathReporting', 'productState', 'rtstatus', 'defstatus']
    csv_file = log_file_path + "security_products.csv"
    writer.write_csv(csv_file, header, security_product_dict)

    # 4 - Transformation du CSV en HTML
    htmltxt = writer.csv2html(csv_file, 'Security Products')
    htmltxt = htmltxt.replace('<TD>Outdated</TD>', '<TD id="ko">Outdated</TD>')
    htmltxt = htmltxt.replace('<TD>Up to date</TD>', '<TD id="ok">Up to date</TD>')
    htmltxt = htmltxt.replace('<TD>Disabled</TD>', '<TD id="ko">Disabled</TD>')
    htmltxt = htmltxt.replace('<TD>Enabled</TD>', '<TD id="ok">Enabled</TD>')

    # 5 - Ecriture de la fin du log
    writer.writelog(log_file, str(len(security_product_dict)) + ' security products :\n')
    writer.writelog(log_file, htmltxt)
    writer.writelog(log_file, '\n</div>\n')

    return security_product_dict
Exemple #14
def system_info(log_file_path):
    ~ systeminfo | find /V /I "hotfix" | find /V "KB"
    ~ wmic logicaldisk get volumename, description, FileSystem, Caption, ProviderName
    Scan le système (os, bios, cpu, ram, cartes réseaux, disques durs, etc)
    Retourne le log généré
    Scan system (os, bios, cpu, ram, network interfaces, drives, etc)
    Return generated log
    writer.writer('Getting system informations')
    delimiter = '*' * 40

    # 1 - Ecriture début de log
    log_file = log_file_path + "FINAL.html"
    writer.writelog(log_file, '<div><br>\n')
    elem = '<h2>System information of computer "' + COMPUTERNAME + '"</h2>'
    writer.prepa_log_scan(log_file, elem)

    # 2 - Get information from regedit
    hive = winreg.HKEY_LOCAL_MACHINE
    key = r"SOFTWARE\Microsoft\Windows NT\CurrentVersion" # W7-64/32
    registry_key = winreg.OpenKey(hive, key, 0, winreg.KEY_READ | winreg.KEY_WOW64_64KEY) # W7-64/32

    # 2' - Specific to W10 (ok for 64 bits)
    if detect_os() == '10':
        writer.writer('Perform operations for W10+ OS')
        key = r"SYSTEM\Setup" #\Source OS" #W10
        registry_keys = winreg.OpenKey(hive, key, 0, winreg.KEY_READ)
        i = 0
        while 1:
                name = winreg.EnumKey(registry_keys, i)
                # print(name)
                if 'Source OS' in name:
                    # print(name)
                    key = key + '\\' + name
                    registry_key = winreg.OpenKey(hive, key, 0, winreg.KEY_READ) #W10-64
            except Exception:
            i += 1

    # Continuing
    tosave_dict = {'InstallDate':'N/A', 'SystemRoot':'N/A', 'ProductId':'N/A',
                   'ProductName':'N/A', 'RegisteredOrganization':'N/A', 'RegisteredOwner':'N/A'}
    to_get_list = ['InstallDate', 'SystemRoot', 'ProductId',
                   'ProductName', 'RegisteredOrganization', 'RegisteredOwner']
    i = 0
    while 1:
            name, value, _ = winreg.EnumValue(registry_key, i)
            if name in to_get_list:
                # print(repr(name), value)
                tosave_dict[name] = value
        except Exception:
            # print('error : ' + name)
        i += 1
    # print(tosave_dict)

    # OS
    writer.writelog(log_file, 'Hostname : ' + platform.node() + '<br>\n')
    # print('OS : ' + platform.system() + ' ' + platform.version())
    writer.writelog(log_file, 'OS : ' + tosave_dict.get('ProductName') + '<br>\n')
    writer.writelog(log_file, 'OS type : ' + platform.machine() + '<br>\n')
    writer.writelog(log_file, 'Product Id : ' + tosave_dict.get('ProductId') + '<br>\n')
    writer.writelog(log_file, 'Install Date: ' + str(datetime.fromtimestamp(tosave_dict.get('InstallDate'))) + '<br>\n')
    writer.writelog(log_file, 'System Root: ' + tosave_dict.get('SystemRoot') + '<br>\n')

    # Language (Windows Vista or further)
    if detect_os() != 'xp':
        buf_size = 32
        buf = ctypes.create_unicode_buffer(buf_size)
        dw_flags = 0
        lcid = ctypes.windll.kernel32.GetUserDefaultUILanguage()
        ctypes.windll.kernel32.LCIDToLocaleName(lcid, buf, buf_size, dw_flags)
        writer.writelog(log_file, 'Regional and language options : ' + buf.value + '<br>\n')

    # Time zone
    writer.writelog(log_file, 'Time zone : ' + time.tzname[0] + '<br>\n')
    writer.writelog(log_file, delimiter + '<br>\n')

    # Owner
    writer.writelog(log_file, 'Registered Organization : ' + tosave_dict.get('RegisteredOrganization') + '<br>\n')
    writer.writelog(log_file, 'Registered Owner : ' + tosave_dict.get('RegisteredOwner') + '<br>\n')
    writer.writelog(log_file, delimiter + '<br>\n')

    # Computer model/brand
    str_computer = '.'
    obj_wmi_service = win32com.client.Dispatch('WbemScripting.SWbemLocator')
    obj_sw_bem_services = obj_wmi_service.ConnectServer(str_computer, 'root\\cimv2')
    col_items = obj_sw_bem_services.ExecQuery('SELECT * FROM Win32_ComputerSystem')
    for obj_item in col_items:
        writer.writelog(log_file, 'Manufacturer : ' + obj_item.Manufacturer + '<br>\n')
            writer.writelog(log_file, 'SystemFamily : ' + obj_item.SystemFamily + '<br>\n')
        except AttributeError:
            writer.writelog(log_file, 'SystemFamily : N/A<br>\n')
        writer.writelog(log_file, 'Model : ' + obj_item.Model + '<br>\n')
        writer.writelog(log_file, 'Type : ' + obj_item.SystemType + '<br>\n')
    writer.writelog(log_file, delimiter + '<br>\n')

    # Processor
    col_items = obj_sw_bem_services.ExecQuery('Select * from Win32_Processor')
    for obj_item in col_items:
        writer.writelog(log_file, 'Processor : ' + obj_item.Name + '<br>\n')
        writer.writelog(log_file, 'Core : ' + str(obj_item.NumberOfCores) + '<br>\n')
        writer.writelog(log_file, 'Logical core : ' + str(obj_item.NumberOfLogicalProcessors) + '<br>\n')
            writer.writelog(log_file, 'Virtualization enabled : ' + str(obj_item.VirtualizationFirmwareEnabled) + '<br>\n')
        except AttributeError:
            writer.writelog(log_file, 'Virtualization enabled : N/A<br>\n')
    writer.writelog(log_file, delimiter + '<br>\n')

    # Bios
    col_items = obj_sw_bem_services.ExecQuery("SELECT * FROM Win32_BIOS")
    for obj_item in col_items:
        writer.writelog(log_file, "BIOS Version : " + str(obj_item.BIOSVersion) + '<br>\n')
        writer.writelog(log_file, "Release Date : " + str(datetime.strptime(str(obj_item.ReleaseDate[:8]), "%Y%m%d").strftime("%Y-%m-%d")) + '<br>\n')
    writer.writelog(log_file, delimiter + '<br>\n')

    # Memory
    mem = psutil.virtual_memory()
    writer.writelog(log_file, 'Total memory : ' + str(mem.total >> 20) + ' Mo<br>\n')
    writer.writelog(log_file, 'Available memory : ' + str(mem.available >> 20) + ' Mo<br>\n')
    writer.writelog(log_file, 'Used memory : ' + str(mem.used >> 20) + ' Mo (' + str(mem.percent) + ' %)<br>\n')
    writer.writelog(log_file, 'Free memory : ' + str(mem.free >> 20) + ' Mo<br>\n')
    writer.writelog(log_file, delimiter + '<br>\n')

    # Domaine
    writer.writelog(log_file, 'Domain : ' + os.environ['userdomain'] + '<br>\n')
    writer.writelog(log_file, delimiter + '<br>\n')

    # Network interfaces
    str_computer = '.'
    obj_wmi_service = win32com.client.Dispatch('WbemScripting.SWbemLocator')
    obj_sw_bem_services = obj_wmi_service.ConnectServer(str_computer, 'root\\cimv2')
    col_items = obj_sw_bem_services.ExecQuery('select * from Win32_NetworkAdapterConfiguration')
    network_dict = {}
    for obj_item in col_items:
        if obj_item.MACAddress is not None:
            net_caption = re.findall("] (.*)", obj_item.Caption)[0]
            # print(net_caption, obj_item.IPAddress)
                dns_srv = '<br>'.join(obj_item.DNSServerSearchOrder)
            except TypeError:
                dns_srv = obj_item.DNSServerSearchOrder
                ipv4 = obj_item.IPAddress[0]
            except IndexError:
                ipv4 = ''
            except TypeError:
                ipv4 = ''
                ipv6 = obj_item.IPAddress[1]
            except IndexError:
                ipv6 = ''
            except TypeError:
                ipv6 = ''
                dgw = ''.join(obj_item.DefaultIPGateway)
            except TypeError:
                dgw = obj_item.DefaultIPGateway
                dhcp_srv = ''.join(obj_item.DHCPServer)
            except TypeError:
                dhcp_srv = obj_item.DHCPServer
            network_dict[net_caption] = {'Name':net_caption,
                                         'Default Gateway':dgw,
                                         'DHCP Enabled':obj_item.DHCPEnabled,
                                         'DHCP Server':dhcp_srv,
                                         'WINS Primary Server':obj_item.WINSPrimaryServer,
                                         'WINS Secondary Server':obj_item.WINSSecondaryServer,
                                         'DNS Domain':obj_item.DNSDomain,
                                         'DNS Servers':dns_srv}
    writer.writelog(log_file, str(len(network_dict)) + ' network interfaces found :<br>\n')
    # Ecriture du fichier CSV
    header = ['Name', 'MAC', 'Enabled', 'IpV4', 'IpV6', 'Default Gateway',
              'DHCP Enabled', 'DHCP Server', 'WINS Primary Server',
              'WINS Secondary Server', 'DNS Domain', 'DNS Servers']
    csv_file = log_file_path + "networkInterfaces.csv"
    writer.write_csv(csv_file, header, network_dict)
    # Transformation du CSV en HTML
    htmltxt = writer.csv2html(csv_file, 'Network Interfaces')
    # Ecriture sur le log
    writer.writelog(log_file, htmltxt)
    writer.writelog(log_file, delimiter + '<br>\n')

    # Drives
    drives = psutil.disk_partitions()
    drives_dict = {}
    for drive in drives:
        drive_path = re.findall("device='(.*?)'", str(drive))[0]
        if drive.opts != 'cdrom':
                disk_usage = psutil.disk_usage(drive_path)
                drives_dict[str(drive_path)] = {'Path':str(drive_path),
                                                'Total_Space (Go)':str(disk_usage.total >> 30),
                                                'Free_Space (Go)':str(disk_usage.free >> 30),
                                                'Used_space (Go)':str(disk_usage.used >> 30),
                                                'Used_space (%)':str(disk_usage.percent)}
            except Exception:
    # Ecriture du fichier CSV
    header = ['Path', 'Total_Space (Go)', 'Free_Space (Go)', 'Used_space (Go)', 'Used_space (%)']
    csv_file = log_file_path + "drives.csv"
    writer.write_csv(csv_file, header, drives_dict)
    # Transformation du CSV en HTML
    htmltxt = writer.csv2html(csv_file, 'Drives')
    # Ecriture sur le log
    writer.writelog(log_file, str(len(drives_dict)) + ' drive(s) found :<br>\n')
    writer.writelog(log_file, htmltxt)
    writer.writelog(log_file, delimiter + '<br>\n')

    # 3 - Ecriture fin de log
    writer.writelog(log_file, '\n</div>\n')

    return log_file
Exemple #15
def user_info(log_file_path):
    ~ net user <username> /domain    &    net user <username>
    Obtient la liste des utilisateurs AD et locaux de l'ordinateur avec la base de registre et WinNT
    Retourne le log généré
    Get AD and local users list of the computer with regedit and WinNT
    Return generated log
    writer.writer('Getting computer users')
    hive = winreg.HKEY_LOCAL_MACHINE
    key_user = r"SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" # AD users
    registry_key = None
    temp_user_list = []
    temp2_user_list = []
    profil_path = "ProfileImagePath"

    # 1 - Liste tous les profils
        registry_key = winreg.OpenKey(hive, key_user, 0, winreg.KEY_READ)
        # print("ok")
    except FileNotFoundError:
        # print("oups")
    # print(registry_key)
    if registry_key is not None:
        i = 0
        while True:
                temp_user_list.append(winreg.EnumKey(registry_key, i)) # ok pour 1 clé
                i += 1
                # print("value :", str(registry_key))
            except Exception:
                # print(Exception)

    # 2 - Tri de la liste pour ne garder que les SID commençant par "1-5-21" et récupérer le nom des utilisateurs
    for item in temp_user_list:
        if "1-5-21" in item:
            # print(item)
            key = key_user + '\\' + item
            # print(key)
                registry_key = winreg.OpenKey(hive, key, 0, winreg.KEY_READ)
                value, _ = winreg.QueryValueEx(registry_key, profil_path)
                # print(value)
                value_mod = re.findall(r'[^\\]+\s*$', value)
                # print(type(value_mod[0]))
            except FileNotFoundError:
                # print("oups")

    domain = os.environ['userdomain']
    # 3 - Ecriture début de log
    log_file = log_file_path + "FINAL.html"
    writer.writelog(log_file, '<div><br>\n')
    elem = '<h2>Getting details about the ' + str(len(temp2_user_list)) + ' user(s) of computer "' + COMPUTERNAME + '"</h2>'
    elem2 = "<br>Domain : " + str(domain) + '\n'
    writer.prepa_log_scan(log_file, elem)
    writer.writelog(log_file, elem2)

    # 4 - Détails sur les utilisateurs
    user_dict = {}
    for user in temp2_user_list:
            obj_ou = win32com.client.GetObject("WinNT://" + domain + "/" + user + ",user")
            #User account
            fullname = str(obj_ou.Get('fullname'))
            # print(fullname)
                expiration_date = str(obj_ou.Get('AccountExpirationDate'))
            except Exception:
                expiration_date = 'N/A'
            profile = str(obj_ou.Get('Profile'))
            login_script = str(obj_ou.Get('LoginScript'))
                last_login = str(obj_ou.Get('lastlogin'))
            except com_error:
                last_login = '******'
            primary_gid = str(obj_ou.Get('PrimaryGroupID'))
            auto_unlock_interval = str(obj_ou.Get('AutoUnlockInterval'))
            lockout_observation_interval = str(obj_ou.Get('LockoutObservationInterval'))
            homedir = str(obj_ou.Get('HomeDirectory'))
            homedir_drive = str(obj_ou.Get('HomeDirDrive'))

            pwd_age = str(round(obj_ou.Get('PasswordAge')/3600/24))
            pwd_min_age = str(round(obj_ou.Get('MinPasswordAge')/3600/24))
            pwd_max_age = str(round(obj_ou.Get('MaxPasswordAge')/3600/24))
            pwd_expired = str(obj_ou.Get('PasswordExpired'))
            pwd_max_bad_pwd_allowed = str(obj_ou.Get('MaxBadPasswordsAllowed'))
            pwd_min_length = str(obj_ou.Get('MinPasswordLength'))
            pwd_history_length = str(obj_ou.Get('PasswordHistoryLength'))

            groups_list = []
            for grp in obj_ou.Groups():
                groups_list.append(grp.Name + '<br>')

            flag_final_list = []
            flag = obj_ou.Get('UserFlags')
            #Get flags with user flag (user flag = sum(flags))
            flag_list = []
            mini, flag_to_save = calc_flag(flag)
            while mini != 0:
                mini, flag_to_save = calc_flag(mini)
            #Verify if flag = sum(flag_list)
            if flag == sum(flag_list):
                flag_final_list.append(str(flag) + ' => ' + str(flag_list) + '<br>')
                #Get flags description with flag nums saved
                flag_final_list.append('Flag properties :')
                for k, value in USER_FLAGS_DICT.items():
                    if value in flag_list:
                        flag_final_list.append('<br>' + str(value) + ' : ' + str(k))
            user_dict[user] = {'User':user, 'Fullname':fullname, 'Expiration_Date':expiration_date,
                               'Profile':profile, 'Login_Script':login_script, 'Last_Login':last_login,
                               'Primary_Group_ID':primary_gid, 'Auto_Unlock_Interval (secs)': auto_unlock_interval,
                               'Lockout_Observation_Interval (secs)':lockout_observation_interval,
                               'HomeDir':homedir, 'HomeDirDrive':homedir_drive,
                               'pwd_age (days)':pwd_age, 'pwd_min_age (days)':pwd_min_age, 'pwd_max_age (days)':pwd_max_age,
                               'pwd_expired':pwd_expired, 'pwd_max_bad_pwd_allowed':pwd_max_bad_pwd_allowed,
                               'pwd_min_length':pwd_min_length, 'pwd_history_length':pwd_history_length,
                               'Groups':(''.join(groups_list)), 'Flag':(''.join(flag_final_list))}

        except Exception:
        i += 1

    if user_dict != '':
        # Ecriture du fichier CSV
        header = ['User', 'Fullname', 'Expiration_Date', 'Profile', 'Login_Script', 'Last_Login',
                  'Primary_Group_ID', 'Auto_Unlock_Interval (secs)', 'Lockout_Observation_Interval (secs)',
                  'HomeDir', 'HomeDirDrive', 'pwd_age (days)', 'pwd_min_age (days)', 'pwd_max_age (days)',
                  'pwd_expired', 'pwd_max_bad_pwd_allowed', 'pwd_min_length', 'pwd_history_length', 'Groups', 'Flag']
        csv_file = log_file_path + "users.csv"
        writer.write_csv(csv_file, header, user_dict)
        # Transformation du CSV en HTML
        htmltxt = writer.csv2html(csv_file, 'Users details')
        writer.writelog(log_file, htmltxt)

    # 5 - Ecriture de la fin du log
    writer.writelog(log_file, '\n</div>\n')

    return log_file