def docker_check():
display.seperator("Docker check")
if os.path.isfile('/.dockerenv'):
print("Docker-container (env) " + " " + display.detected())
else:
print("Docker-container (env) " + " " + display.undetected())
if os.path.isfile('/etc/default/grub'):
print("Docker-container (grub) " + " " + display.undetected())
else:
print("Docker-container (grub) " + " " + display.detected())
def process_check():
display.seperator("Process check")
processes = [
"qemu-ga.exe",
"xenservice.exe",
"prl_tools.exe",
"prl_cc.exe",
"vmusrvc.exe",
"vmsrvc.exe",
"vmacthlp.exe",
"VGAuthService.exe",
"vmwareuser",
"vmwaretray.exe",
"vmtoolsd.exe",
"vboxtray.exe",
"vboxservice.exe"]
count = 0
print("\n")
while count < len(processes):
if process_exists(processes[count]):
print("Process " + processes[count] + " " + display.detected())
else:
print("Process " + processes[count] + " " + display.undetected())
count += 1
def driver_check():
display.seperator("Driver check")
driver_path = r"C:\Windows\System32\drivers"
files = os.listdir(driver_path)
drivers = [
"VBoxMouse.sys",
"VBoxGuest.sys",
"VBoxSF.sys",
"VBoxVideo.sys",
"vboxdisp.dll",
"vboxhook.dll",
"vboxmrxnp.dll",
"vboxogl.dll",
"vboxoglarrayspu.dll",
"vboxoglcrutil.dll",
"vboxoglerrorspu.dll",
"vboxoglfeedbackspu.dll",
"vboxoglpackspu.dll",
"vboxoglpassthroughspu.dll",
"VBoxService.exe",
"VBoxTray.exe",
"VBoxControl.exe",
"vmmouse.sys",
"vmhgfs.sys",
"vm3dmp.sys",
"vmci.sys",
"mhgfs.sys",
"vmmemctl.sys",
"vmmouse.sys",
"vmrawdsk.sys",
"vmusbmouse.sys",]
for f in files:
for dll in drivers:
if f == dll:
print("Driver " + dll + " " + display.detected())
def disk_check():
display.seperator("Disk check")
usage = shutil.disk_usage("/")
GB = 1073741824
disk_total = int(usage[0] / GB)
if disk_total < 50:
print("Disk total less than 50gb " + display.detected())
else:
print("Disk total more than 50gb " + display.undetected())
def memory_check():
display.seperator("Memory check")
mem = virtual_memory()
GB = 1073741824
memory = int(mem.total / GB)
if memory < 4:
print("RAM less than 4gb " + display.detected())
else:
print("RAM more than 4gb " + display.undetected())
def hostname_check():
display.seperator("Hostname check")
hostname = os.environ['userdomain']
hostnames = ["vmware", "virtualbox", "test", "vm", "virtual_machine"]
for possible_name in hostnames:
if possible_name == hostname:
print(possible_name + " " + display.detected())
else:
print(possible_name + " " + display.undetected())
def hypervisor_check():
display.seperator("Hypervisor check")
result = subprocess.check_output("powershell.exe (gcim Win32_ComputerSystem).HypervisorPresent", shell=True)
result =''.join(str(result))
result = result.replace("b'", "")
result = result.replace("\\r\\n'", "")
if result == "True":
print("Hypervisor " + display.detected())
else:
print("Hypervisor " + display.undetected())
def username_check():
#Testing for default usernames within a windows Virtual machine
display.seperator("Username check")
usernames = ["zeus", 'test']
print("actual username " + " " + os.getlogin())
for names in usernames:
if names == os.getlogin():
print(names + ' ' + display.detected())
else:
print(names + ' ' + display.undetected())
def index(registry, string, type):
#accessing registry through init HKEY
access_registry = winreg.ConnectRegistry(None,winreg.HKEY_LOCAL_MACHINE)
#opening registry
for i in range(1028):
try:
#results based on directory names
access_key = winreg.OpenKey(access_registry,registry)
x =winreg.EnumKey(access_key,i)
if x == string:
print(type+ " " + display.detected())
except:
break
def guest_additions_check():
display.seperator("Guest Additions check")
ga_drive = r"D:\\"
guest_additions = [
"VboxDarwinAdditions.pkg", "VboxDarwinAdditionsUninstall.tool",
"VboxLinuxAdditions.run", "VboxSolarisAdditions.pkg",
"VboxWindowsAdditions.exe", "VboxWindowsAdditions-x86.exe",
"VboxWindowsAdditions-amd64.exe"
]
guest_additions_dir = os.listdir(ga_drive)
for guestaddition in guest_additions_dir:
for found_ga in guest_additions:
if guestaddition == found_ga:
print("GuestAddition file " + found_ga + " " +
display.detected())
def search(registry, query, queryresult, string, type):
#accessing registry through init HKEY
access_registry = winreg.ConnectRegistry(None,winreg.HKEY_LOCAL_MACHINE)
#opening registry
access_key = winreg.OpenKey(access_registry,registry)
for i in range(20):
try:
#results based on registry keys
asubkey_name=winreg.EnumKey(access_key,i)
asubkey=winreg.OpenKey(access_key, asubkey_name)
#searching all queries
queryresult = winreg.QueryValueEx(asubkey, query)
except:
break
#converting query output to string
queryresult =''.join(str(queryresult))
#checking query against possible keywords
if string in queryresult:
#virtual machine detected
print(type + " " + display.detected())
else:
#'virtual machine not detected
print(type + " " + display.undetected())