def process_check(): display.seperator("Process check") processes = [ "qemu-ga.exe", "xenservice.exe", "prl_tools.exe", "prl_cc.exe", "vmusrvc.exe", "vmsrvc.exe", "vmacthlp.exe", "VGAuthService.exe", "vmwareuser", "vmwaretray.exe", "vmtoolsd.exe", "vboxtray.exe", "vboxservice.exe"] count = 0 print("\n") while count < len(processes): if process_exists(processes[count]): print("Process " + processes[count] + " " + display.detected()) else: print("Process " + processes[count] + " " + display.undetected()) count += 1
def driver_check(): display.seperator("Driver check") driver_path = r"C:\Windows\System32\drivers" files = os.listdir(driver_path) drivers = [ "VBoxMouse.sys", "VBoxGuest.sys", "VBoxSF.sys", "VBoxVideo.sys", "vboxdisp.dll", "vboxhook.dll", "vboxmrxnp.dll", "vboxogl.dll", "vboxoglarrayspu.dll", "vboxoglcrutil.dll", "vboxoglerrorspu.dll", "vboxoglfeedbackspu.dll", "vboxoglpackspu.dll", "vboxoglpassthroughspu.dll", "VBoxService.exe", "VBoxTray.exe", "VBoxControl.exe", "vmmouse.sys", "vmhgfs.sys", "vm3dmp.sys", "vmci.sys", "mhgfs.sys", "vmmemctl.sys", "vmmouse.sys", "vmrawdsk.sys", "vmusbmouse.sys",] for f in files: for dll in drivers: if f == dll: print("Driver " + dll + " " + display.detected())
def disk_check(): display.seperator("Disk check") usage = shutil.disk_usage("/") GB = 1073741824 disk_total = int(usage[0] / GB) if disk_total < 50: print("Disk total less than 50gb " + display.detected()) else: print("Disk total more than 50gb " + display.undetected())
def memory_check(): display.seperator("Memory check") mem = virtual_memory() GB = 1073741824 memory = int(mem.total / GB) if memory < 4: print("RAM less than 4gb " + display.detected()) else: print("RAM more than 4gb " + display.undetected())
def hostname_check(): display.seperator("Hostname check") hostname = os.environ['userdomain'] hostnames = ["vmware", "virtualbox", "test", "vm", "virtual_machine"] for possible_name in hostnames: if possible_name == hostname: print(possible_name + " " + display.detected()) else: print(possible_name + " " + display.undetected())
def docker_check(): display.seperator("Docker check") if os.path.isfile('/.dockerenv'): print("Docker-container (env) " + " " + display.detected()) else: print("Docker-container (env) " + " " + display.undetected()) if os.path.isfile('/etc/default/grub'): print("Docker-container (grub) " + " " + display.undetected()) else: print("Docker-container (grub) " + " " + display.detected())
def hypervisor_check(): display.seperator("Hypervisor check") result = subprocess.check_output("powershell.exe (gcim Win32_ComputerSystem).HypervisorPresent", shell=True) result =''.join(str(result)) result = result.replace("b'", "") result = result.replace("\\r\\n'", "") if result == "True": print("Hypervisor " + display.detected()) else: print("Hypervisor " + display.undetected())
def username_check(): #Testing for default usernames within a windows Virtual machine display.seperator("Username check") usernames = ["zeus", 'test'] print("actual username " + " " + os.getlogin()) for names in usernames: if names == os.getlogin(): print(names + ' ' + display.detected()) else: print(names + ' ' + display.undetected())
def registry_check(): display.seperator("Registry check") a = 'null' registry.search(r"SYSTEM\HardwareConfig", "BIOSVendor", a, "Development Kit", "BIOS Vendor") registry.search(r"SYSTEM\HardwareConfig", "BIOSVendor", a, "OVMF", "OVMF Check") registry.search(r"SYSTEM\HardwareConfig", "SystemProductName", a, "Q35", "SystemProductName") registry.search(r"SYSTEM\HardwareConfig", "SystemVersion", a, "pc-q35", "SystemVersion") registry.search(r"SYSTEM\HardwareConfig", "SystemProductName", a, "VirtualBox", "VirtualBox?") registry.search(r"SYSTEM\HardwareConfig", "SystemFamily", a, "Virtual Machine", "Virtual Machine") registry.search(r"SYSTEM\HardwareConfig", "SystemBiosVersion", a, "VBOX", "VirtualBox?") registry.search(r"SYSTEM\HardwareConfig", "BaseBoardManufacturer", a, "Oracle Corporation", "Oracle check") registry.search(r"SYSTEM\HardwareConfig", "BaseBoardProduct", a, "VirtualBox", "VirtualBox?") registry.index(r"SOFTWARE\WOW6432Node\RedHat", "RHEL", "RedHat check: ") registry.search(r"SYSTEM\DriverDatabase\DriverPackages", "Provider", a, "Red Hat", "RedHat check")
def guest_additions_check(): display.seperator("Guest Additions check") ga_drive = r"D:\\" guest_additions = [ "VboxDarwinAdditions.pkg", "VboxDarwinAdditionsUninstall.tool", "VboxLinuxAdditions.run", "VboxSolarisAdditions.pkg", "VboxWindowsAdditions.exe", "VboxWindowsAdditions-x86.exe", "VboxWindowsAdditions-amd64.exe" ] guest_additions_dir = os.listdir(ga_drive) for guestaddition in guest_additions_dir: for found_ga in guest_additions: if guestaddition == found_ga: print("GuestAddition file " + found_ga + " " + display.detected())
def guest_check(): display.seperator("Guest or Host check") host_system = 0 guest_system = 0 gorh = input("guest or host? (host/guest): ") if gorh == 'host': host_system = 1 patches_y_n = input("apply rdstc patches? (y/n)") if patches_y_n == 'y': apply_patches() return host_system else: print("failed to apply patches") return host_system elif gorh == "guest": guest_system = 1 return guest_system
def apply_patches(): display.seperator("Applying patches...")
def rdstc_check(): display.seperator("RDSTC check") rdtsc_c = CDLL("./rdtsc.so") rdtsc_c.execute()