예제 #1
0
파일: main.py 프로젝트: alevoski/ScanPC
def scanpc(log_file_path):
    '''
    **FR**
    Exécute le scan de l'ordinateur en appelant diverses fonctions,
    écrit les logs sur le périphérique qui a lancé l'exécutable,
    Retourne le chemin du log final
    **EN**
    Process the computer scan with several other functions,
    write logs on the device where the app has been launched,
    Return the final log path
    '''
    texte = "Computer scanning in progress... Please wait...\n"
    writer.writer(texte)

    log_file = str(log_file_path) + "FINAL.html"

    # Write first html tags
    elementraw = """<!DOCTYPE html>
    <html>
        <head>
            <title>ScanPC result</title>
            <meta charset="utf-8">
            <link rel="stylesheet" type="text/css" href="style.css">
        </head>
        <body>
            <p>
            {0}
            {1} <br>
            </p>"""
    # </body>
    # </html>"""

    # Texte d'intro
    texte = '<h1>Scanning of computer "' + COMPUTERNAME + '"</h1>'
    element2 = '<time>' + datetime.now().strftime(
        "%A %d %B %Y %H:%M:%S") + '</time>\n'
    element = elementraw.format(texte, element2)
    writer.writelog(log_file, element)

    # Scans de base
    scans.user_info(log_file_path)
    scans.shared_folders_info(log_file_path)
    scans.hotfixes_info(log_file_path)
    scans.system_info(log_file_path)
    scans.security_product_info(log_file_path)
    scans.process_info(log_file_path)
    services_running_dict = scans.services_info(log_file_path)
    scans.ports_info(log_file_path)
    scans.persistence_info(log_file_path)

    texte4 = "\nBasic scan ended.\n"
    writer.writer(texte4)

    # Scan des logiciels
    software_dict = software_init(log_file_path)

    return log_file, software_dict, services_running_dict
예제 #2
0
def services_info(log_file_path):
    '''
    ~ wmic service where started=true get name, displayname, processid, startmode, startname, pathname
    **FR**
    Liste les services démarrés sur l'ordinateur
    Retourne le dictionnaire des noms des services démarrés
    **EN**
    List computer started services
    Return the running services names dict
    '''
    writer.writer('Getting running services')
    # 1 - Ecriture début de log
    log_file = log_file_path + 'FINAL.html'
    writer.writelog(log_file, '<div><br>\n')
    elem = '<h2>Running services on computer "' + COMPUTERNAME + '"</h2>'
    writer.prepa_log_scan(log_file, elem)

    # 2 - Obtenir la liste des services démarrés
    if detect_os() != 'xp' or psutil.__version__ != '3.4.2':
        services_list = psutil.win_service_iter()
        services_running_dict = {}
        for srv in services_list:
            srvname = re.findall("name='(.*)',", str(srv))[0]
            service_temp = psutil.win_service_get(srvname)
            service = service_temp.as_dict()
            # Keep running services
            if service['status'] == 'running':
                services_running_dict[service['name']] = {'Name':service['name'], 'PID':service['pid'],
                                                          'Display_Name':service['display_name'], 'Start_Type':service['start_type'],
                                                          'Username':service['username'], 'Binpath':service['binpath']}
    else:
        import wmi
        wmi_instance = wmi.WMI()
        services_list = wmi_instance.Win32_Service()
        services_running_dict = {}
        for srv in services_list:
            # Keep running services
            if srv.State == 'Running':
                services_running_dict[srv.name] = {'Name':srv.name, 'PID':srv.processid,
                                                   'Display_Name':srv.displayname, 'Start_Type':srv.startmode,
                                                   'Username':srv.startname, 'Binpath':srv.pathname}

    # 3 - Ecriture du fichier CSV
    header = ['Name', 'Display_Name', 'PID', 'Start_Type', 'Username', 'Binpath']
    csv_file = log_file_path + "services.csv"
    writer.write_csv(csv_file, header, services_running_dict)

    # 4 - Transformation du CSV en HTML
    htmltxt = writer.csv2html(csv_file, 'Running services')

    # 5 - Ecriture de la fin du log
    writer.writelog(log_file, str(len(services_running_dict)) + ' running services :<br>\n')
    writer.writelog(log_file, htmltxt)
    writer.writelog(log_file, '\n</div>\n')

    return services_running_dict
예제 #3
0
파일: main.py 프로젝트: alevoski/ScanPC
def init():
    '''
    **FR**
    Initialisation du programme
    **EN**
    Software initialization
    '''
    print('\t\t\t---------- ScanPC ---------')
    print('\t***************************************************************')
    print('\t*\t\t    Computer scanning                         *')
    print('\t*\t\t          Disclaimer !                        *')
    print('\t*\t This sofware only scan your computer                 *')
    print('\t*\t for users, various system information and software.  *')
    print('\t*\t No copy of your data will be performed.              *')
    print('\t***************************************************************')
    print()

    # Begin timer
    begin_scan = time.time()

    # Début du programme
    key = scanpart()
    unique_dir = str(COMPUTERNAME) + '_' + datetime.now().strftime(
        '%d%m%y%H%M%S')
    log_file_path = str(key) + "/logScanPC/" + datetime.now().strftime(
        '%Y/%m/%d/') + unique_dir + '/' + unique_dir
    # Appel de scanPC
    log_file, software_dict, services_running_dict = scanpc(log_file_path)
    # Tests complémentaires
    complement_init(log_file_path, software_dict, services_running_dict)
    writer.writelog(log_file, '\n</div>\n')

    # Ending timer
    end_scan = time.time()
    total_time_scan = end_scan - begin_scan
    elem = "----------------------- Scan ended ------------------------"
    writer.prepa_log_scan(log_file, elem)
    total_time = 'Computer analyzed in {} seconds.'.format(
        round(total_time_scan, 2))
    writer.writelog(log_file, total_time)
    writer.writer('Computer analyzed in ' + str(round(total_time_scan, 2)) +
                  ' seconds.\n')

    # Write last html tags
    elementraw = """
        </body>
    </html>"""
    writer.writelog(log_file, elementraw)

    # Copy css file in the log directory
    if os.path.isfile(STYLECSSFILE):
        file_name = os.path.basename(STYLECSSFILE)
        file_to_write = str(key) + "/logScanPC/" + datetime.now().strftime(
            '%Y/%m/%d/') + unique_dir + '/' + file_name
        writer.copy_file(STYLECSSFILE, file_to_write)

    #Fin du programme
    readandcopy(log_file)
    fin(key)
예제 #4
0
def gen_eicar(log_file_path):
    '''
    **FR**
    Génére un fichier Eicar pour tester l'antivirus
    **EN**
    Generate an Eicar file to test antivirus
    '''
    # 1 - Création du virus
    msg0 = '\n--Antivirus testing--\nAn Eicar virus test will be generated to test the antivirus.'
    writer.writer(msg0)
    eicar_file = str(log_file_path) + 'eicar_testFile'
    element = r'X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*'
    writer.writelog(eicar_file, element)
    time.sleep(3)

    # 2 - Demande à l'utilisateur
    msg0 = '\nDid the antivirus alert you ? (y = yes, n = no)\n'
    writer.writer(msg0)
    user_rep = 'FAILED - The antivirus does not alert/detect viruses'
    if verif.reponse() == 'y':
        user_rep = 'OK - The antivirus does alert/detect viruses'
    return user_rep
예제 #5
0
def ports_info(log_file_path):
    '''
    ~ netstat -a
    **FR**
    Liste les communications réseaux de l'ordinateur
    Retourne le dictionnaire des connexions réseaux
    **EN**
    List computer network connections
    Return the network connections dict
    '''
    writer.writer('Getting network connections')
    # 1 - Ecriture début de log
    log_file = log_file_path + "FINAL.html"
    writer.writelog(log_file, '<div><br>\n')
    elem = '<h2>Informations about network connections of computer "' + COMPUTERNAME + '"</h2>'
    writer.prepa_log_scan(log_file, elem)

    # 2 - obtenir la liste des connexions actives
    ports_list = psutil.net_connections()
    ports_dict = {}
    for ports in ports_list:
        if ports.status == 'ESTABLISHED' or ports.status == 'CLOSE_WAIT':
            ports_dict[str(ports.laddr)] = {'Local_addr':str(ports.laddr[0]), 'Local_port':str(ports.laddr[1]),
                                            'Remote_addr':str(ports.raddr[0]), 'Remote_port':str(ports.raddr[1]),
                                            'Status':str(ports.status), 'PID':str(ports.pid)}

        if ports.status == 'LISTEN':
            ports_dict[str(ports.laddr)] = {'Local_addr':str(ports.laddr[0]), 'Local_port':str(ports.laddr[1]),
                                            'Remote_addr':'', 'Remote_port':'',
                                            'Status':str(ports.status), 'PID':str(ports.pid)}

    # 3 - Ecriture du fichier CSV
    header = ['Local_addr', 'Local_port', 'Remote_addr', 'Remote_port', 'Status', 'PID']
    csv_file = log_file_path + "ports.csv"
    writer.write_csv(csv_file, header, ports_dict)

    # 4 - Transformation du CSV en HTML
    htmltxt = writer.csv2html(csv_file, 'Network connections')

    # 5 - Ecriture de la fin du log
    writer.writelog(log_file, str(len(ports_dict)) + ' network connections :<br>\n')
    writer.writelog(log_file, htmltxt)
    writer.writelog(log_file, '\n</div>\n')

    return ports_dict
예제 #6
0
def process_info(log_file_path):
    '''
    ~ tasklist /SVC
    ***FR**
    Liste les processus démarrés sur l'ordinateur
    Retourne le dictionnaire des processus
    **EN**
    List computer running processes
    Retourne the processes dict
    '''
    writer.writer('Getting running processes')
    # 1 - Ecriture début de log
    log_file = log_file_path + 'FINAL.html'
    writer.writelog(log_file, '<div><br>\n')
    elem = '<h2>Running processes on computer "' + COMPUTERNAME + '"</h2>'
    writer.prepa_log_scan(log_file, elem)

    # 2 - Obtenir la liste des processus démarrés
    proc_dict = {}
    for proc in psutil.process_iter():
        try:
            proc_timestamp = proc.create_time()
            proc_start_date = datetime.fromtimestamp(proc_timestamp)
            proc_dict[str(proc.pid)] = {'Name':str(proc.name()),
                                        'PID':str(proc.pid),
                                        'PPID': str(proc.ppid()),
                                        'Start': str(proc_start_date)}
        except (psutil.NoSuchProcess, psutil.AccessDenied, psutil.ZombieProcess):
            pass

    # 3 - Ecrire du fichier CSV
    header = ['Name', 'PID', 'PPID', 'Start']
    csv_file = log_file_path + 'processes.csv'
    writer.write_csv(csv_file, header, proc_dict)

    # 4 - Transformation du CSV en HTML
    htmltxt = writer.csv2html(csv_file, 'Running processes')

    # 5 - Ecriture de la fin du log
    writer.writelog(log_file, str(len(proc_dict)) + ' running processes :\n')
    writer.writelog(log_file, htmltxt)
    writer.writelog(log_file, '\n</div>\n')

    return proc_dict
예제 #7
0
def hotfixes_info(log_file_path):
    '''
    https://www.activexperts.com/admin/scripts/wmi/python/0417/
    ~ wmic qfe get HotfixID,InstalledOn | more
    **FR**
    Liste les patchs de sécurité Windows installés
    Retourne le log généré
    **EN**
    List Windows security updates installed
    Return generated log
    '''
    writer.writer('Getting Windows security updates')
    # 1 - Ecriture début de log
    log_file = log_file_path + "FINAL.html"
    writer.writelog(log_file, '<div><br>\n')
    elem = '<h2>Windows security updates of computer "' + COMPUTERNAME + '"</h2>'
    writer.prepa_log_scan(log_file, elem)

    # 2 - Obtenir la liste des correctifs de l'ordinateur
    str_computer = '.'
    obj_wmi_service = win32com.client.Dispatch('WbemScripting.SWbemLocator')
    obj_sw_bem_services = obj_wmi_service.ConnectServer(str_computer, 'root\\cimv2')
    col_items = obj_sw_bem_services.ExecQuery("SELECT * FROM Win32_QuickFixEngineering WHERE Description='Security Update'")
    hotfix_dict = {}
    for obj_item in col_items:
        try:
            hotfix_dict[obj_item.HotFixID] = {'HotFixID':obj_item.HotFixID,
                                              'InstalledOn':str(datetime.strptime(str(obj_item.InstalledOn), "%m/%d/%Y").strftime("%Y-%m-%d"))}
        except ValueError:
            hotfix_dict[obj_item.HotFixID] = {'HotFixID':obj_item.HotFixID,
                                              'InstalledOn':str(obj_item.InstalledOn)}

    # 3 - Ecriture du fichier CSV
    header = ['HotFixID', 'InstalledOn']
    csv_file = log_file_path + "hotfixes.csv"
    writer.write_csv(csv_file, header, hotfix_dict)

    # 4 - Transformation du CSV en HTML
    htmltxt = writer.csv2html(csv_file, 'Hotfixes')

    # 5 - Ecriture fin de log
    writer.writelog(log_file, htmltxt)
    writer.writelog(log_file, '\n</div>\n')

    return hotfix_dict
예제 #8
0
def mc_afee(log_file):
    '''
    **FR**
    Récupere une information complémentaire sur McAfee
    **EN**
    Get more informations about McAfee
    '''
    restemp = 'N/A'
    date_ver = 'Date & version : ' + restemp
    epo_lst = '\n--EPO servers list--<br>' + restemp
    try:
        date_ver, epo_lst = get_mc_afee()
    except Exception:
        pass
    info_mc_afee = '***** McAfee informations *****<br>'
    writer.writelog(log_file, info_mc_afee)
    writer.writelog(log_file, date_ver + '<br>')
    writer.writelog(log_file, epo_lst + '<br>\n\n')
예제 #9
0
def shared_folders_info(log_file_path):
    '''
    ~ net share
    **FR**
    Liste les dossiers partagés
    Retourne le log généré
    **EN**
    List shared folders
    Return generated log
    '''
    writer.writer('Getting shared folders')
    # 1 - Ecriture début de log
    log_file = log_file_path + "FINAL.html"
    writer.writelog(log_file, '<div><br>\n')
    elem = '<h2>Shared folders of computer "' + COMPUTERNAME + '"</h2>'
    writer.prepa_log_scan(log_file, elem)

    # 2 - Obtenir la liste des dossiers partagés de l'ordinateur
    str_computer = '.'
    obj_wmi_service = win32com.client.Dispatch('WbemScripting.SWbemLocator')
    obj_sw_bem_services = obj_wmi_service.ConnectServer(str_computer, 'root\\cimv2')
    col_items = obj_sw_bem_services.ExecQuery('SELECT * FROM Win32_Share')
    shared_folders_dict = {}
    for obj_item in col_items:
        shared_folders_dict[str(obj_item.Name)] = {'Name':str(obj_item.Name), 'Path':str(obj_item.Path),
                                                   'Caption':str(obj_item.Caption), 'Description':str(obj_item.Description)}

    # 3 - Ecriture du fichier CSV
    header = ['Name', 'Path', 'Caption', 'Description']
    csv_file = log_file_path + "shared_folders_info.csv"
    writer.write_csv(csv_file, header, shared_folders_dict)
    # Transformation du CSV en HTML
    htmltxt = writer.csv2html(csv_file, 'Shared Folders')
    writer.writelog(log_file, htmltxt)

    # 5 - Ecriture de la fin du log
    writer.writelog(log_file, '\n</div>\n')

    return log_file
예제 #10
0
def software_init(log_file_path):
    '''
    **FR**
    Initialisation et fonction principale de la recherche des logiciels
    **EN**
    Init the main function to search installed software
    '''
    texte5 = "Software scanning in progress...\n"
    writer.writer(texte5)

    # 1 - Début de l'analyse des logiciels
    log_file = log_file_path + "final.html"
    writer.writelog(log_file, '<div><br>\n')
    elem = '<h2>Software informations of computer "' + COMPUTERNAME + '"</h2>'
    writer.prepa_log_scan(log_file, elem)

    # 2 - Obtenir la liste des logiels de l'ordinateur
    regkey = r"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"  #32 bits
    regkey2 = r"SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall"  #64 bits
    software_list1 = software_lst(regkey)
    software_dict1 = search_software(software_list1, regkey)
    software_list2 = software_lst(regkey2)
    software_dict2 = search_software(software_list2, regkey2)

    # 3 - Concaténation des deux dictionnaires de valeurs des clés de registre (32b et 64b)
    final_dict = software_dict1
    for item, value in software_dict2.items():
        # print(item, value)
        if item not in final_dict.items():
            # print(item)
            final_dict.update({item: value})

    # 4 - Ecriture du fichier CSV
    header = [
        'Name', 'Version', 'Last Update', 'Last Version', 'Up to date',
        'Publisher', 'Location'
    ]
    csv_file = log_file_path + "software.csv"
    writer.write_csv(csv_file, header, final_dict)

    # 5 - Transformation du CSV en HTML
    htmltxt = writer.csv2html(csv_file, 'Installed software')

    # 6 - Placer des id sur certains tags du tableau
    htmltxt = htmltxt.replace('<TD>ko</TD>', '<TD id="ko">ko</TD>')
    htmltxt = htmltxt.replace('<TD>ok</TD>', '<TD id="ok">ok</TD>')

    # 7 - Bilan
    soft_ok = 0
    soft_ko = 0
    others = 0
    for _, value in final_dict.items():
        stat = value['Up to date']
        if stat == 'ok':
            soft_ok += 1
        elif stat == 'ko':
            soft_ko += 1
        else:
            others += 1

    soft_summary_dict = {}
    soft_summary_dict[str(len(final_dict))] = {
        'Total Software': str(len(final_dict)),
        'Up to date': str(soft_ok),
        '% up to date': str(round(soft_ok / len(final_dict) * 100)),
        'Outdated': str(soft_ko),
        '% outdated': str(round(soft_ko / len(final_dict) * 100)),
        'others': str(others),
        '% others': str(round(others / len(final_dict) * 100))
    }

    header = [
        'Total Software', 'Up to date', '% up to date', 'Outdated',
        '% outdated', 'others', '% others'
    ]
    csv_file = log_file_path + "software_summary.csv"
    writer.write_csv(csv_file, header, soft_summary_dict)
    htmltxt2 = writer.csv2html(csv_file, 'Software summary')
    htmltxt2 = htmltxt2.replace('<TH>Up to date</TH>',
                                '<TH id="ok">Up to date</TH>')
    htmltxt2 = htmltxt2.replace('<TH>% up to date</TH>',
                                '<TH id="ok">% up to date</TH>')
    htmltxt2 = htmltxt2.replace('<TH>Outdated</TH>',
                                '<TH id="ko">Outdated</TH>')
    htmltxt2 = htmltxt2.replace('<TH>% outdated</TH>',
                                '<TH id="ko">% outdated</TH>')

    # 8 - Ecriture fin du log
    writer.writelog(log_file, str(len(final_dict)) + ' software found :\n')
    writer.writelog(log_file, htmltxt)
    writer.writelog(log_file, '<br>Software summary :')
    writer.writelog(log_file, htmltxt2)
    writer.writelog(log_file, '\n</div>\n')
    texte5bis = "Software scanning ended.\n"
    writer.writer(texte5bis)

    return final_dict
예제 #11
0
def complement_init(log_file_path, software_dict, services_running_dict):
    '''
    **FR**
    Initialisation de la recherche d'infos complémentaires
    **EN**
    Init search
    '''
    # 1 - Ecriture début de log (à la fin du log fourni)
    log_file = log_file_path + 'FINAL.html'
    elem = '<h2>Additional scans</h2>'
    writer.prepa_log_scan(log_file, elem)
    writer.writelog(log_file, '<div>\n')

    # 2 - Obtention des informations complémentaires
    # McAfee
    mc_afee(log_file)

    complement_dict = {}  # Name Result
    #LAPS
    info_laps = 'LAPS'
    to_find = 'Local Administrator Password Solution'
    res = elem_in_list(1, list(software_dict.keys()), to_find)
    complement_dict[info_laps] = {
        'Name': info_laps,
        'Description': to_find,
        'Result': res,
        'Type': 'Software test'
    }

    ### Services

    ## BranchCache/WSUS
    # BranchCache
    info_bc = 'BranchCache'
    to_find = 'PeerDistSvcs'
    res = elem_in_list(2, list(services_running_dict.keys()), to_find)
    complement_dict[info_bc] = {
        'Name': info_bc,
        'Description': to_find,
        'Result': res,
        'Type': 'Service test'
    }

    # WSUS
    info_wsus = 'WSUS'
    to_find = 'WSUS server'
    restemp = 'N/A'
    srv_wsus = restemp
    try:
        srv_wsus = get_wsus()
    except Exception:
        pass
    complement_dict[info_wsus] = {
        'Name': info_wsus,
        'Description': to_find,
        'Result': srv_wsus,
        'Type': 'Service test'
    }

    ## AppLocker
    info_al = 'AppLocker'
    to_find = 'AppIDSvc'
    res = elem_in_list(2, list(services_running_dict.keys()), to_find)
    complement_dict[info_al] = {
        'Name': info_al,
        'Description': to_find,
        'Result': res,
        'Type': 'Service test'
    }

    # TestAV
    msg0 = '\nDo you want to perform an antivirus detection test ? (y = yes, n = no)\n'
    writer.writer(msg0)
    if verif.reponse() == 'y':
        user_rep = gen_eicar(log_file_path)
        av_etat = 'Antivirus status'
        to_find = 'Antivirus alert'
        complement_dict[av_etat] = {
            'Name': av_etat,
            'Description': to_find,
            'Result': user_rep,
            'Type': 'Service test'
        }

    # 3 - Ecrire du fichier CSV
    header = ['Type', 'Name', 'Description', 'Result']
    csv_file = log_file_path + 'additional_scans.csv'
    writer.write_csv(csv_file, header, complement_dict)

    # 4 - Transformation du CSV en HTML
    htmltxt = writer.csv2html(csv_file, 'Additional Scans')

    # 5 - Ecriture de la fin du log
    writer.writelog(log_file,
                    str(len(complement_dict)) + ' additional scans :\n')
    writer.writelog(log_file, htmltxt)
    writer.writelog(log_file, '\n</div>\n')
예제 #12
0
def persistence_info(log_file_path):
    '''
    cf https://www.fuzzysecurity.com/tutorials/19.html
    **FR**
    Chercher les élements persistants dans :
        - les répertoires de démarrage
        - Regedit
    **EN**
    Search for persistent objects in :
        - Startup directories
        - Regedit
    '''
    writer.writer('Search for persistent objects')
    # 1 - Ecriture début de log
    log_file = log_file_path + "FINAL.html"
    writer.writelog(log_file, '<div><br>\n')
    elem = '<h2>Informations about persistent objects of computer "' + COMPUTERNAME + '"</h2>'
    writer.prepa_log_scan(log_file, elem)

    # 2 - obtenir les objets persistants
    # 2.1a - startup dirs
    drive = os.environ['SYSTEMDRIVE']
    user = os.environ['USERNAME']
    dir_list = [drive + '/Users/' + user + '/AppData/Roaming/Microsoft/Windows/Start Menu/Programs/Startup',
                drive + '/ProgramData/Microsoft/Windows/Start Menu/Programs/Startup',
                drive + '/Documents and Settings/All Users/Start Menu/Programs/Startup']
    files_list = []
    for dirs in dir_list:
        if os.path.isdir(dirs):
            files_list = get_files(dirs, files_list)

    # 2.1b - Ecriture dans le log
    writer.writelog(log_file, 'Persistent objects in startup dirs :<br>\n')
    for elem in files_list:
        writer.writelog(log_file, elem + '<br>\n')

    # 2.2a - regedit
    hive_list = {'HKEY_LOCAL_MACHINE': winreg.HKEY_LOCAL_MACHINE, 'HKEY_CURRENT_USER':winreg.HKEY_CURRENT_USER}
    reg_list = [r'Software\Microsoft\Windows\CurrentVersion\Run',
                r'Software\Microsoft\Windows\CurrentVersion\RunOnce',
                r'Software\Microsoft\Windows\CurrentVersion\RunServices',
                r'Software\Microsoft\Windows\CurrentVersion\RunServicesOnce',
                r'Software\Microsoft\Windows NT\CurrentVersion\Winlogon']

    per_reg_dict = {}
    for hkeyname, hkeyvalue in hive_list.items():
        for key in reg_list:
            fullhkeyreg = hkeyname + '\\' + key
            tosave_dict = search_reg(hkeyvalue, key)
            if tosave_dict:
                for name, value in tosave_dict.items():
                    per_reg_dict[fullhkeyreg + '_' + name] = {'regkey':fullhkeyreg, 'name':name, 'value':value}

    # 2.2b - Ecriture du fichier CSV
    header = ['regkey', 'name', 'value']
    csv_file = log_file_path + "persistants_reg.csv"
    writer.write_csv(csv_file, header, per_reg_dict)

    # 2.2c - Transformation du CSV en HTML
    htmltxt = writer.csv2html(csv_file, 'Persistent reg objects')

    # 2.2d - Ecriture de la fin du log
    writer.writelog(log_file, '<br>\nPersistent reg objects :<br>\n')
    writer.writelog(log_file, htmltxt)

    # 3 - Ecriture de la fin du log
    writer.writelog(log_file, '\n</div>\n')

    return log_file
예제 #13
0
def security_product_info(log_file_path):
    '''
    http://neophob.com/2010/03/wmi-query-windows-securitycenter2/
    **FR**
    Scan le système pour obtenir la liste et le status des produits de sécurité (antivirus, parefeu, antispyware)
    Retourne le dictionnaire des produits de sécurité
    **EN**
    Scan to get security product in the system with their status (antivirus, firewall, antispyware)
    Return security products dict
    '''
    # Determinate what namespace to call
    sec_name_space = 'SecurityCenter'
    if detect_os() != 'xp':
        sec_name_space = 'SecurityCenter2'
    str_computer = '.'
    obj_wmi_service = win32com.client.Dispatch('WbemScripting.SWbemLocator')
    obj_sw_bem_services = obj_wmi_service.ConnectServer(str_computer, 'root\\' + sec_name_space)

    writer.writer('Getting security products')
    # 1 - Ecriture début de log
    log_file = log_file_path + "FINAL.html"
    writer.writelog(log_file, '<div><br>\n')
    elem = '<h2>Security products on computer "' + COMPUTERNAME + '"</h2>'
    writer.prepa_log_scan(log_file, elem)

    # 2 - Obtention des informations
    security_product_dict = {}
    i = 1
    # Antivirus
    col_items = obj_sw_bem_services.ExecQuery("select * from AntivirusProduct")
    i, security_product_dict = security_product_get(i, security_product_dict, col_items, 'Antivirus')

    # Firewalls
    # Windows
    xpfw = win32com.client.gencache.EnsureDispatch('HNetCfg.FwMgr', 0)
    xpfw_policy = xpfw.LocalPolicy.CurrentProfile
    writer.writelog(log_file, 'Windows firewall enabled : ' + str(xpfw_policy.FirewallEnabled) + '<br>\n')
    # Third party firewall
    col_items = obj_sw_bem_services.ExecQuery("select * from FireWallProduct")
    i, security_product_dict = security_product_get(i, security_product_dict, col_items, 'Firewall')

    if detect_os() != 'xp':
        # AntiSpyware
        col_items = obj_sw_bem_services.ExecQuery("select * from AntiSpywareProduct")
        i, security_product_dict = security_product_get(i, security_product_dict, col_items, 'Antispyware')

    # 3 - Ecrire du fichier CSV
    header = ['Type', 'Name', 'GUID', 'pathProduct', 'pathReporting', 'productState', 'rtstatus', 'defstatus']
    csv_file = log_file_path + "security_products.csv"
    writer.write_csv(csv_file, header, security_product_dict)

    # 4 - Transformation du CSV en HTML
    htmltxt = writer.csv2html(csv_file, 'Security Products')
    htmltxt = htmltxt.replace('<TD>Outdated</TD>', '<TD id="ko">Outdated</TD>')
    htmltxt = htmltxt.replace('<TD>Up to date</TD>', '<TD id="ok">Up to date</TD>')
    htmltxt = htmltxt.replace('<TD>Disabled</TD>', '<TD id="ko">Disabled</TD>')
    htmltxt = htmltxt.replace('<TD>Enabled</TD>', '<TD id="ok">Enabled</TD>')

    # 5 - Ecriture de la fin du log
    writer.writelog(log_file, str(len(security_product_dict)) + ' security products :\n')
    writer.writelog(log_file, htmltxt)
    writer.writelog(log_file, '\n</div>\n')

    return security_product_dict
예제 #14
0
def system_info(log_file_path):
    '''
    ~ systeminfo | find /V /I "hotfix" | find /V "KB"
    ~ wmic logicaldisk get volumename, description, FileSystem, Caption, ProviderName
    **FR**
    Scan le système (os, bios, cpu, ram, cartes réseaux, disques durs, etc)
    Retourne le log généré
    **EN**
    Scan system (os, bios, cpu, ram, network interfaces, drives, etc)
    Return generated log
    '''
    writer.writer('Getting system informations')
    delimiter = '*' * 40

    # 1 - Ecriture début de log
    log_file = log_file_path + "FINAL.html"
    writer.writelog(log_file, '<div><br>\n')
    elem = '<h2>System information of computer "' + COMPUTERNAME + '"</h2>'
    writer.prepa_log_scan(log_file, elem)

    # 2 - Get information from regedit
    hive = winreg.HKEY_LOCAL_MACHINE
    key = r"SOFTWARE\Microsoft\Windows NT\CurrentVersion" # W7-64/32
    registry_key = winreg.OpenKey(hive, key, 0, winreg.KEY_READ | winreg.KEY_WOW64_64KEY) # W7-64/32

    # 2' - Specific to W10 (ok for 64 bits)
    if detect_os() == '10':
        writer.writer('Perform operations for W10+ OS')
        key = r"SYSTEM\Setup" #\Source OS" #W10
        registry_keys = winreg.OpenKey(hive, key, 0, winreg.KEY_READ)
        i = 0
        while 1:
            try:
                name = winreg.EnumKey(registry_keys, i)
                # print(name)
                if 'Source OS' in name:
                    # print(name)
                    key = key + '\\' + name
                    registry_key = winreg.OpenKey(hive, key, 0, winreg.KEY_READ) #W10-64
                    break
            except Exception:
                break
            i += 1

    # Continuing
    tosave_dict = {'InstallDate':'N/A', 'SystemRoot':'N/A', 'ProductId':'N/A',
                   'ProductName':'N/A', 'RegisteredOrganization':'N/A', 'RegisteredOwner':'N/A'}
    to_get_list = ['InstallDate', 'SystemRoot', 'ProductId',
                   'ProductName', 'RegisteredOrganization', 'RegisteredOwner']
    i = 0
    while 1:
        try:
            name, value, _ = winreg.EnumValue(registry_key, i)
            if name in to_get_list:
                # print(repr(name), value)
                tosave_dict[name] = value
        except Exception:
            # print('error : ' + name)
            break
        i += 1
    # print(tosave_dict)

    # OS
    writer.writelog(log_file, 'Hostname : ' + platform.node() + '<br>\n')
    # print('OS : ' + platform.system() + ' ' + platform.version())
    writer.writelog(log_file, 'OS : ' + tosave_dict.get('ProductName') + '<br>\n')
    writer.writelog(log_file, 'OS type : ' + platform.machine() + '<br>\n')
    writer.writelog(log_file, 'Product Id : ' + tosave_dict.get('ProductId') + '<br>\n')
    writer.writelog(log_file, 'Install Date: ' + str(datetime.fromtimestamp(tosave_dict.get('InstallDate'))) + '<br>\n')
    writer.writelog(log_file, 'System Root: ' + tosave_dict.get('SystemRoot') + '<br>\n')

    # Language (Windows Vista or further)
    if detect_os() != 'xp':
        buf_size = 32
        buf = ctypes.create_unicode_buffer(buf_size)
        dw_flags = 0
        lcid = ctypes.windll.kernel32.GetUserDefaultUILanguage()
        ctypes.windll.kernel32.LCIDToLocaleName(lcid, buf, buf_size, dw_flags)
        writer.writelog(log_file, 'Regional and language options : ' + buf.value + '<br>\n')

    # Time zone
    writer.writelog(log_file, 'Time zone : ' + time.tzname[0] + '<br>\n')
    writer.writelog(log_file, delimiter + '<br>\n')

    # Owner
    writer.writelog(log_file, 'Registered Organization : ' + tosave_dict.get('RegisteredOrganization') + '<br>\n')
    writer.writelog(log_file, 'Registered Owner : ' + tosave_dict.get('RegisteredOwner') + '<br>\n')
    writer.writelog(log_file, delimiter + '<br>\n')

    # Computer model/brand
    str_computer = '.'
    obj_wmi_service = win32com.client.Dispatch('WbemScripting.SWbemLocator')
    obj_sw_bem_services = obj_wmi_service.ConnectServer(str_computer, 'root\\cimv2')
    col_items = obj_sw_bem_services.ExecQuery('SELECT * FROM Win32_ComputerSystem')
    for obj_item in col_items:
        writer.writelog(log_file, 'Manufacturer : ' + obj_item.Manufacturer + '<br>\n')
        try:
            writer.writelog(log_file, 'SystemFamily : ' + obj_item.SystemFamily + '<br>\n')
        except AttributeError:
            writer.writelog(log_file, 'SystemFamily : N/A<br>\n')
        writer.writelog(log_file, 'Model : ' + obj_item.Model + '<br>\n')
        writer.writelog(log_file, 'Type : ' + obj_item.SystemType + '<br>\n')
    writer.writelog(log_file, delimiter + '<br>\n')

    # Processor
    col_items = obj_sw_bem_services.ExecQuery('Select * from Win32_Processor')
    for obj_item in col_items:
        writer.writelog(log_file, 'Processor : ' + obj_item.Name + '<br>\n')
        writer.writelog(log_file, 'Core : ' + str(obj_item.NumberOfCores) + '<br>\n')
        writer.writelog(log_file, 'Logical core : ' + str(obj_item.NumberOfLogicalProcessors) + '<br>\n')
        try:
            writer.writelog(log_file, 'Virtualization enabled : ' + str(obj_item.VirtualizationFirmwareEnabled) + '<br>\n')
        except AttributeError:
            writer.writelog(log_file, 'Virtualization enabled : N/A<br>\n')
    writer.writelog(log_file, delimiter + '<br>\n')

    # Bios
    col_items = obj_sw_bem_services.ExecQuery("SELECT * FROM Win32_BIOS")
    for obj_item in col_items:
        writer.writelog(log_file, "BIOS Version : " + str(obj_item.BIOSVersion) + '<br>\n')
        writer.writelog(log_file, "Release Date : " + str(datetime.strptime(str(obj_item.ReleaseDate[:8]), "%Y%m%d").strftime("%Y-%m-%d")) + '<br>\n')
    writer.writelog(log_file, delimiter + '<br>\n')

    # Memory
    mem = psutil.virtual_memory()
    writer.writelog(log_file, 'Total memory : ' + str(mem.total >> 20) + ' Mo<br>\n')
    writer.writelog(log_file, 'Available memory : ' + str(mem.available >> 20) + ' Mo<br>\n')
    writer.writelog(log_file, 'Used memory : ' + str(mem.used >> 20) + ' Mo (' + str(mem.percent) + ' %)<br>\n')
    writer.writelog(log_file, 'Free memory : ' + str(mem.free >> 20) + ' Mo<br>\n')
    writer.writelog(log_file, delimiter + '<br>\n')

    # Domaine
    writer.writelog(log_file, 'Domain : ' + os.environ['userdomain'] + '<br>\n')
    writer.writelog(log_file, delimiter + '<br>\n')

    # Network interfaces
    str_computer = '.'
    obj_wmi_service = win32com.client.Dispatch('WbemScripting.SWbemLocator')
    obj_sw_bem_services = obj_wmi_service.ConnectServer(str_computer, 'root\\cimv2')
    col_items = obj_sw_bem_services.ExecQuery('select * from Win32_NetworkAdapterConfiguration')
    network_dict = {}
    for obj_item in col_items:
        if obj_item.MACAddress is not None:
            net_caption = re.findall("] (.*)", obj_item.Caption)[0]
            # print(net_caption, obj_item.IPAddress)
            try:
                dns_srv = '<br>'.join(obj_item.DNSServerSearchOrder)
            except TypeError:
                dns_srv = obj_item.DNSServerSearchOrder
            try:
                ipv4 = obj_item.IPAddress[0]
            except IndexError:
                ipv4 = ''
            except TypeError:
                ipv4 = ''
            try:
                ipv6 = obj_item.IPAddress[1]
            except IndexError:
                ipv6 = ''
            except TypeError:
                ipv6 = ''
            try:
                dgw = ''.join(obj_item.DefaultIPGateway)
            except TypeError:
                dgw = obj_item.DefaultIPGateway
            try:
                dhcp_srv = ''.join(obj_item.DHCPServer)
            except TypeError:
                dhcp_srv = obj_item.DHCPServer
            network_dict[net_caption] = {'Name':net_caption,
                                         'MAC':obj_item.MACAddress,
                                         'Enabled':obj_item.IPEnabled,
                                         'IpV4':ipv4,
                                         'IpV6':ipv6,
                                         'Default Gateway':dgw,
                                         'DHCP Enabled':obj_item.DHCPEnabled,
                                         'DHCP Server':dhcp_srv,
                                         'WINS Primary Server':obj_item.WINSPrimaryServer,
                                         'WINS Secondary Server':obj_item.WINSSecondaryServer,
                                         'DNS Domain':obj_item.DNSDomain,
                                         'DNS Servers':dns_srv}
    writer.writelog(log_file, str(len(network_dict)) + ' network interfaces found :<br>\n')
    # Ecriture du fichier CSV
    header = ['Name', 'MAC', 'Enabled', 'IpV4', 'IpV6', 'Default Gateway',
              'DHCP Enabled', 'DHCP Server', 'WINS Primary Server',
              'WINS Secondary Server', 'DNS Domain', 'DNS Servers']
    csv_file = log_file_path + "networkInterfaces.csv"
    writer.write_csv(csv_file, header, network_dict)
    # Transformation du CSV en HTML
    htmltxt = writer.csv2html(csv_file, 'Network Interfaces')
    # Ecriture sur le log
    writer.writelog(log_file, htmltxt)
    writer.writelog(log_file, delimiter + '<br>\n')

    # Drives
    drives = psutil.disk_partitions()
    drives_dict = {}
    for drive in drives:
        drive_path = re.findall("device='(.*?)'", str(drive))[0]
        if drive.opts != 'cdrom':
            try:
                disk_usage = psutil.disk_usage(drive_path)
                drives_dict[str(drive_path)] = {'Path':str(drive_path),
                                                'Total_Space (Go)':str(disk_usage.total >> 30),
                                                'Free_Space (Go)':str(disk_usage.free >> 30),
                                                'Used_space (Go)':str(disk_usage.used >> 30),
                                                'Used_space (%)':str(disk_usage.percent)}
            except Exception:
                pass
    # Ecriture du fichier CSV
    header = ['Path', 'Total_Space (Go)', 'Free_Space (Go)', 'Used_space (Go)', 'Used_space (%)']
    csv_file = log_file_path + "drives.csv"
    writer.write_csv(csv_file, header, drives_dict)
    # Transformation du CSV en HTML
    htmltxt = writer.csv2html(csv_file, 'Drives')
    # Ecriture sur le log
    writer.writelog(log_file, str(len(drives_dict)) + ' drive(s) found :<br>\n')
    writer.writelog(log_file, htmltxt)
    writer.writelog(log_file, delimiter + '<br>\n')

    # 3 - Ecriture fin de log
    writer.writelog(log_file, '\n</div>\n')

    return log_file
예제 #15
0
def user_info(log_file_path):
    '''
    ~ net user <username> /domain    &    net user <username>
    **FR**
    Obtient la liste des utilisateurs AD et locaux de l'ordinateur avec la base de registre et WinNT
    Retourne le log généré
    **EN**
    Get AD and local users list of the computer with regedit and WinNT
    Return generated log
    '''
    writer.writer('Getting computer users')
    hive = winreg.HKEY_LOCAL_MACHINE
    key_user = r"SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" # AD users
    registry_key = None
    temp_user_list = []
    temp2_user_list = []
    profil_path = "ProfileImagePath"

    # 1 - Liste tous les profils
    try:
        registry_key = winreg.OpenKey(hive, key_user, 0, winreg.KEY_READ)
        # print("ok")
    except FileNotFoundError:
        # print("oups")
        pass
    # print(registry_key)
    if registry_key is not None:
        i = 0
        while True:
            try:
                temp_user_list.append(winreg.EnumKey(registry_key, i)) # ok pour 1 clé
                i += 1
                # print("value :", str(registry_key))
            except Exception:
                # print(Exception)
                winreg.CloseKey(registry_key)
                break

    # 2 - Tri de la liste pour ne garder que les SID commençant par "1-5-21" et récupérer le nom des utilisateurs
    for item in temp_user_list:
        if "1-5-21" in item:
            # print(item)
            key = key_user + '\\' + item
            # print(key)
            try:
                registry_key = winreg.OpenKey(hive, key, 0, winreg.KEY_READ)
                value, _ = winreg.QueryValueEx(registry_key, profil_path)
                winreg.CloseKey(registry_key)
                # print(value)
                value_mod = re.findall(r'[^\\]+\s*$', value)
                # print(type(value_mod[0]))
                temp2_user_list.append(value_mod[0])
            except FileNotFoundError:
                # print("oups")
                pass

    domain = os.environ['userdomain']
    # 3 - Ecriture début de log
    log_file = log_file_path + "FINAL.html"
    writer.writelog(log_file, '<div><br>\n')
    elem = '<h2>Getting details about the ' + str(len(temp2_user_list)) + ' user(s) of computer "' + COMPUTERNAME + '"</h2>'
    elem2 = "<br>Domain : " + str(domain) + '\n'
    writer.prepa_log_scan(log_file, elem)
    writer.writelog(log_file, elem2)

    # 4 - Détails sur les utilisateurs
    user_dict = {}
    for user in temp2_user_list:
        try:
            obj_ou = win32com.client.GetObject("WinNT://" + domain + "/" + user + ",user")
            #User account
            fullname = str(obj_ou.Get('fullname'))
            # print(fullname)
            try:
                expiration_date = str(obj_ou.Get('AccountExpirationDate'))
            except Exception:
                expiration_date = 'N/A'
            profile = str(obj_ou.Get('Profile'))
            login_script = str(obj_ou.Get('LoginScript'))
            try:
                last_login = str(obj_ou.Get('lastlogin'))
            except com_error:
                last_login = '******'
            primary_gid = str(obj_ou.Get('PrimaryGroupID'))
            auto_unlock_interval = str(obj_ou.Get('AutoUnlockInterval'))
            lockout_observation_interval = str(obj_ou.Get('LockoutObservationInterval'))
            homedir = str(obj_ou.Get('HomeDirectory'))
            homedir_drive = str(obj_ou.Get('HomeDirDrive'))

            #Password
            pwd_age = str(round(obj_ou.Get('PasswordAge')/3600/24))
            pwd_min_age = str(round(obj_ou.Get('MinPasswordAge')/3600/24))
            pwd_max_age = str(round(obj_ou.Get('MaxPasswordAge')/3600/24))
            pwd_expired = str(obj_ou.Get('PasswordExpired'))
            pwd_max_bad_pwd_allowed = str(obj_ou.Get('MaxBadPasswordsAllowed'))
            pwd_min_length = str(obj_ou.Get('MinPasswordLength'))
            pwd_history_length = str(obj_ou.Get('PasswordHistoryLength'))

            #Groups
            groups_list = []
            for grp in obj_ou.Groups():
                groups_list.append(grp.Name + '<br>')

            #Flag
            flag_final_list = []
            flag = obj_ou.Get('UserFlags')
            #Get flags with user flag (user flag = sum(flags))
            flag_list = []
            mini, flag_to_save = calc_flag(flag)
            flag_list.append(flag_to_save)
            while mini != 0:
                mini, flag_to_save = calc_flag(mini)
                flag_list.append(flag_to_save)
            #Verify if flag = sum(flag_list)
            if flag == sum(flag_list):
                flag_final_list.append(str(flag) + ' => ' + str(flag_list) + '<br>')
                #Get flags description with flag nums saved
                flag_final_list.append('Flag properties :')
                for k, value in USER_FLAGS_DICT.items():
                    if value in flag_list:
                        flag_final_list.append('<br>' + str(value) + ' : ' + str(k))
            user_dict[user] = {'User':user, 'Fullname':fullname, 'Expiration_Date':expiration_date,
                               'Profile':profile, 'Login_Script':login_script, 'Last_Login':last_login,
                               'Primary_Group_ID':primary_gid, 'Auto_Unlock_Interval (secs)': auto_unlock_interval,
                               'Lockout_Observation_Interval (secs)':lockout_observation_interval,
                               'HomeDir':homedir, 'HomeDirDrive':homedir_drive,
                               'pwd_age (days)':pwd_age, 'pwd_min_age (days)':pwd_min_age, 'pwd_max_age (days)':pwd_max_age,
                               'pwd_expired':pwd_expired, 'pwd_max_bad_pwd_allowed':pwd_max_bad_pwd_allowed,
                               'pwd_min_length':pwd_min_length, 'pwd_history_length':pwd_history_length,
                               'Groups':(''.join(groups_list)), 'Flag':(''.join(flag_final_list))}

        except Exception:
            pass
        i += 1

    if user_dict != '':
        # Ecriture du fichier CSV
        header = ['User', 'Fullname', 'Expiration_Date', 'Profile', 'Login_Script', 'Last_Login',
                  'Primary_Group_ID', 'Auto_Unlock_Interval (secs)', 'Lockout_Observation_Interval (secs)',
                  'HomeDir', 'HomeDirDrive', 'pwd_age (days)', 'pwd_min_age (days)', 'pwd_max_age (days)',
                  'pwd_expired', 'pwd_max_bad_pwd_allowed', 'pwd_min_length', 'pwd_history_length', 'Groups', 'Flag']
        csv_file = log_file_path + "users.csv"
        writer.write_csv(csv_file, header, user_dict)
        # Transformation du CSV en HTML
        htmltxt = writer.csv2html(csv_file, 'Users details')
        writer.writelog(log_file, htmltxt)

    # 5 - Ecriture de la fin du log
    writer.writelog(log_file, '\n</div>\n')

    return log_file