Exemplo n.º 1
0
async def run(args):
    try:
        if args.silent is True:
            print(__banner__)
        if args.verbose == 0:
            logging.basicConfig(level=logging.INFO)
            jdlogger.setLevel(logging.INFO)
            msldaplogger.setLevel(logging.CRITICAL)
            smblogger.setLevel(100)

        elif args.verbose == 1:
            logging.basicConfig(level=logging.DEBUG)
            jdlogger.setLevel(logging.DEBUG)
            msldaplogger.setLevel(logging.WARNING)
            smblogger.setLevel(logging.CRITICAL)

        elif args.verbose > 1:
            logging.basicConfig(level=1)
            msldaplogger.setLevel(logging.DEBUG)
            jdlogger.setLevel(1)
            smblogger.setLevel(1)

        if not args.sql and args.command != 'auto':
            print(
                'SQL connection identification is missing! You need to provide the --sql parameter'
            )
            sys.exit()

        work_dir = './workdir'
        ldap_url = None
        smb_url = None

        if hasattr(args, 'ldap_url'):
            ldap_url = args.ldap_url
        if hasattr(args, 'smb_url'):
            smb_url = args.smb_url

        db_conn = args.sql
        if db_conn is not None:
            os.environ['JACKDAW_SQLITE'] = '0'
            if args.sql.lower().startswith('sqlite'):
                os.environ['JACKDAW_SQLITE'] = '1'
        else:
            os.environ['JACKDAW_SQLITE'] = '1'

        if args.command == 'enum':
            with multiprocessing.Pool() as mp_pool:
                gatherer = Gatherer(db_conn,
                                    work_dir,
                                    ldap_url,
                                    smb_url,
                                    kerb_url=args.kerberoast,
                                    ldap_worker_cnt=args.ldap_workers,
                                    smb_worker_cnt=args.smb_workers,
                                    mp_pool=mp_pool,
                                    smb_gather_types=['all'],
                                    progress_queue=None,
                                    show_progress=args.silent,
                                    calc_edges=True,
                                    ad_id=None,
                                    dns=args.dns,
                                    no_work_dir=args.no_work_dir)
                res, err = await gatherer.run()
                if err is not None:
                    raise err

        elif args.command == 'auto':
            _, err = await run_auto(ldap_worker_cnt=args.ldap_workers,
                                    smb_worker_cnt=args.smb_workers,
                                    dns=args.dns,
                                    work_dir=work_dir,
                                    show_progress=args.silent,
                                    no_work_dir=args.no_work_dir)
            if err is not None:
                print(err)

        elif args.command == 'dbinit':
            create_db(db_conn)

        elif args.command == 'adinfo':
            session = get_session(db_conn)
            from jackdaw.dbmodel.adinfo import ADInfo
            from jackdaw.utils.table import print_table

            rows = [['Ad ID', 'domain name', 'scantime']]
            for did, distinguishedName, creation in session.query(
                    ADInfo).with_entities(ADInfo.id, ADInfo.distinguishedName,
                                          ADInfo.fetched_at).all():
                name = distinguishedName.replace('DC=', '')
                name = name.replace(',', '.')
                rows.append([str(did), name, creation.isoformat()])
            print_table(rows)

        elif args.command == 'ldap':
            with multiprocessing.Pool() as mp_pool:
                gatherer = Gatherer(db_conn,
                                    work_dir,
                                    ldap_url,
                                    smb_url,
                                    ldap_worker_cnt=args.ldap_workers,
                                    smb_worker_cnt=None,
                                    mp_pool=mp_pool,
                                    smb_gather_types=['all'],
                                    progress_queue=None,
                                    show_progress=args.silent,
                                    calc_edges=args.calculate_edges,
                                    ad_id=args.ad_id,
                                    no_work_dir=args.no_work_dir)
                await gatherer.run()

        elif args.command == 'kerberoast':
            gatherer = Gatherer(db_conn,
                                work_dir,
                                None,
                                None,
                                kerb_url=args.kerberos_url,
                                ldap_worker_cnt=None,
                                smb_worker_cnt=None,
                                mp_pool=None,
                                smb_gather_types=[],
                                progress_queue=None,
                                show_progress=False,
                                calc_edges=False,
                                ad_id=args.ad_id)
            await gatherer.run()
            print('Kerberoast Finished!')

        elif args.command in ['shares', 'sessions', 'localgroups', 'smball']:
            if args.command == 'smball':
                args.command = 'all'

            gatherer = Gatherer(
                db_conn,
                work_dir,
                ldap_url,
                smb_url,
                ad_id=args.ad_id,
                ldap_worker_cnt=None,
                smb_worker_cnt=args.smb_workers,
                mp_pool=None,
                smb_gather_types=args.command,
                progress_queue=None,
                show_progress=args.silent,
                calc_edges=False,
                dns=args.dns,
            )
            await gatherer.run()

        elif args.command == 'dns':
            gatherer = Gatherer(
                db_conn,
                work_dir,
                None,
                None,
                ad_id=args.ad_id,
                ldap_worker_cnt=None,
                smb_worker_cnt=None,
                mp_pool=None,
                smb_gather_types=None,
                progress_queue=None,
                show_progress=args.silent,
                calc_edges=False,
                dns=args.dns,
            )
            await gatherer.run()

        elif args.command == 'version':
            print('Jackdaw version: %s' % jdversion)
            print('MSLDAP version : %s' % ldapversion)
            print('AIOSMB version : %s' % smbversion)

        elif args.command == 'files':
            raise Exception('not yet implemented!')
            #if args.src == 'domain':
            #	if not args.ad_id:
            #		raise Exception('ad-id parameter is mandatory in ldap mode')
            #
            #	mgr = SMBConnectionURL(args.smb_url)
            #	settings_base = SMBShareGathererSettings(args.ad_id, mgr, None, None, None)
            #	settings_base.dir_depth = args.smb_folder_depth
            #	settings_base.dir_with_sd = args.with_sid
            #	settings_base.file_with_sd = args.with_sid
            #
            #	mgr = ShareGathererManager(settings_base, db_conn = db_conn, worker_cnt = args.smb_workers)
            #	mgr.run()

        elif args.command == 'creds':
            creds = JackDawCredentials(db_conn, args.domain_id)
            creds.add_credentials_impacket(args.impacket_file)

        elif args.command == 'passwords':
            creds = JackDawCredentials(db_conn)
            creds.add_cracked_passwords(args.potfile, args.disable_usercheck,
                                        args.disable_passwordcheck)

        elif args.command == 'uncracked':
            creds = JackDawCredentials(db_conn, args.domain_id)
            creds.get_uncracked_hashes(args.hash_type, args.history)

        elif args.command == 'cracked':
            creds = JackDawCredentials(db_conn, args.domain_id)
            creds.get_cracked_info()

        elif args.command == 'recalc':
            with multiprocessing.Pool() as mp_pool:
                gatherer = Gatherer(db_conn,
                                    work_dir,
                                    None,
                                    None,
                                    mp_pool=mp_pool,
                                    progress_queue=None,
                                    show_progress=args.silent,
                                    calc_edges=True,
                                    store_to_db=True,
                                    ad_id=None,
                                    graph_id=args.graphid)
                await gatherer.run()

        elif args.command == 'nest':
            from jackdaw.nest.wrapper import NestServer

            debug = bool(args.verbose)

            server = NestServer(
                args.sql,
                bind_ip=args.ip,
                bind_port=args.port,
                debug=debug,
                work_dir=args.work_dir,
                graph_backend=args.backend,
            )
            server.run()

        elif args.command == 'ws':
            from jackdaw.nest.ws.server import NestWebSocketServer
            server = NestWebSocketServer(args.listen_ip,
                                         args.listen_port,
                                         args.sql,
                                         args.work_dir,
                                         args.backend,
                                         ssl_ctx=None)
            await server.run()

        elif args.command == 'bhimport':
            from jackdaw.utils.bhimport import BHImport
            print(
                'DISCLAIMER! This feature is still beta! Bloodhound acquires way less data than Jackdaw therefore not all functionality will work after import. Any errors during import will be silently ignored, use "-vvv" verbosity level to see all errors.'
            )
            bh = BHImport.from_zipfile(args.bhfile)
            bh.db_conn = db_conn
            if args.verbose > 1:
                bh.set_debug(True)
            bh.run()
            print('Import complete!')

    except Exception as e:
        jdlogger.exception('main')
Exemplo n.º 2
0
async def run(args):
    print(__banner__)
    if args.verbose == 0:
        logging.basicConfig(level=logging.INFO)
        jdlogger.setLevel(logging.INFO)
        msldaplogger.setLevel(logging.WARNING)
        smblogger.setLevel(logging.CRITICAL)

    elif args.verbose == 1:
        logging.basicConfig(level=logging.DEBUG)
        jdlogger.setLevel(logging.DEBUG)
        msldaplogger.setLevel(logging.INFO)
        smblogger.setLevel(logging.INFO)

    elif args.verbose > 1:
        logging.basicConfig(level=1)
        msldaplogger.setLevel(logging.DEBUG)
        jdlogger.setLevel(1)
        smblogger.setLevel(1)

    if not args.sql:
        print(
            'SQL connection identification is missing! You need to provide the --sql parameter'
        )
        sys.exit()

    db_conn = args.sql
    if args.sql.lower().startswith('sqlite'):
        os.environ['JACKDAW_SQLITE'] = '1'

    if args.command == 'enum':
        smb_mgr = construct_smbdef(args)
        ldap_mgr = construct_ldapdef(args)

        mgr = LDAPEnumeratorManager(db_conn,
                                    ldap_mgr,
                                    agent_cnt=args.ldap_workers)
        adifo_id = await mgr.run()
        jdlogger.info('ADInfo entry successfully created with ID %s' %
                      adifo_id)

        mgr = SMBGathererManager(smb_mgr,
                                 worker_cnt=args.smb_workers,
                                 queue_size=args.smb_queue_size)
        mgr.gathering_type = ['all']
        mgr.db_conn = db_conn
        mgr.target_ad = adifo_id
        await mgr.run()

        if args.smb_share_enum is True:
            settings_base = SMBShareGathererSettings(adifo_id, smb_mgr, None,
                                                     None, None)
            settings_base.dir_depth = args.smb_folder_depth
            mgr = ShareGathererManager(settings_base,
                                       db_conn=db_conn,
                                       worker_cnt=args.smb_workers)
            mgr.run()

    elif args.command == 'dbinit':
        create_db(db_conn)

    elif args.command == 'adinfo':
        session = get_session(db_conn)
        from jackdaw.dbmodel.adinfo import JackDawADInfo
        from jackdaw.utils.table import print_table

        rows = [['Ad ID', 'domain name', 'scantime']]
        for did, distinguishedName, creation in session.query(
                JackDawADInfo).with_entities(JackDawADInfo.id,
                                             JackDawADInfo.distinguishedName,
                                             JackDawADInfo.fetched_at).all():
            name = distinguishedName.replace('DC=', '')
            name = name.replace(',', '.')
            rows.append([str(did), name, creation.isoformat()])
        print_table(rows)

    elif args.command == 'ldap':
        ldap_mgr = construct_ldapdef(args)
        ldap_conn = ldap_mgr.get_client()

        mgr = LDAPEnumeratorManager(db_conn,
                                    ldap_mgr,
                                    agent_cnt=args.ldap_workers,
                                    queue_size=args.ldap_queue_size,
                                    ad_id=args.ad_id)
        adifo_id = await mgr.run()
        jdlogger.info('ADInfo entry successfully created with ID %s' %
                      adifo_id)

    elif args.command in ['shares', 'sessions', 'localgroups', 'smball']:
        if args.command == 'smball':
            args.command = 'all'
        smb_mgr = construct_smbdef(args)
        mgr = SMBGathererManager(smb_mgr,
                                 worker_cnt=args.smb_workers,
                                 queue_size=args.smb_queue_size)
        mgr.gathering_type = [args.command]
        mgr.db_conn = db_conn
        mgr.lookup_ad = args.lookup_ad

        if args.ldap_url:
            ldap_mgr = construct_ldapdef(args)
            ldap_conn = ldap_mgr.get_client()
            mgr.ldap_conn = ldap_conn

        if args.ad_id:
            mgr.target_ad = args.ad_id

        if args.target_file:
            mgr.targets_file = args.target_file

        await mgr.run()

    elif args.command == 'files':
        if args.src == 'domain':
            if not args.ad_id:
                raise Exception('ad-id parameter is mandatory in ldap mode')

            mgr = SMBConnectionURL(args.smb_url)
            settings_base = SMBShareGathererSettings(args.ad_id, mgr, None,
                                                     None, None)
            settings_base.dir_depth = args.smb_folder_depth
            settings_base.dir_with_sd = args.with_sid
            settings_base.file_with_sd = args.with_sid

            mgr = ShareGathererManager(settings_base,
                                       db_conn=db_conn,
                                       worker_cnt=args.smb_workers)
            mgr.run()

    #	elif args.src == 'file':
    #		if not args.target_file:
    #			raise Exception('target-file parameter is mandatory in file mode')
    #
    #		args.target_file
    #		args.lookup_ad
    #		args.with_sid
    #		args.smb_workers
    #
    #	elif args.src == 'ldap':
    #		if not args.ldap_url:
    #			raise Exception('ldap-url parameter is mandatory in ldap mode')
    #		args.lookup_ad
    #		args.with_sid
    #		args.smb_workers
    #
    #
    #
    #	elif args.src == 'cmd':

    elif args.command == 'creds':
        creds = JackDawCredentials(args.db_conn, args.domain_id)
        creds.add_credentials_impacket(args.impacket_file)

    elif args.command == 'passwords':
        creds = JackDawCredentials(args.db_conn)
        creds.add_cracked_passwords(args.potfile, args.disable_usercheck,
                                    args.disable_passwordcheck)

    elif args.command == 'uncracked':
        creds = JackDawCredentials(args.db_conn, args.domain_id)
        creds.get_uncracked_hashes(args.hash_type, args.history)

    elif args.command == 'cracked':
        creds = JackDawCredentials(args.db_conn, args.domain_id)
        creds.get_cracked_info()

    elif args.command == 'nest':
        from jackdaw.nest.wrapper import NestServer

        debug = bool(args.verbose)

        server = NestServer(args.sql,
                            bind_ip=args.ip,
                            bind_port=args.port,
                            debug=debug)
        server.run()
Exemplo n.º 3
0
def run(args):
    if args.verbose == 0:
        logging.basicConfig(level=logging.INFO)
        jdlogger.setLevel(logging.INFO)
        msldaplogger.setLevel(logging.WARNING)
        smblogger.setLevel(logging.CRITICAL)

    elif args.verbose == 1:
        logging.basicConfig(level=logging.DEBUG)
        jdlogger.setLevel(logging.DEBUG)
        msldaplogger.setLevel(logging.INFO)
        smblogger.setLevel(logging.INFO)

    elif args.verbose > 1:
        logging.basicConfig(level=1)
        msldaplogger.setLevel(logging.DEBUG)
        jdlogger.setLevel(1)
        smblogger.setLevel(1)

    if not args.sql:
        print(
            'SQL connection identification is missing! You need to provide the --sql parameter'
        )
        sys.exit()

    db_conn = args.sql

    if args.command == 'enum':
        smb_mgr = construct_smbdef(args)
        ldap_mgr = construct_ldapdef(args)

        mgr = LDAPEnumeratorManager(db_conn,
                                    ldap_mgr,
                                    agent_cnt=args.ldap_workers)
        adifo_id = mgr.run()
        print('ADInfo entry successfully created with ID %s' % adifo_id)

        mgr = SMBGathererManager(smb_mgr, worker_cnt=args.smb_workers)
        mgr.gathering_type = ['all']
        mgr.db_conn = db_conn
        mgr.target_ad = adifo_id
        mgr.run()

    elif args.command == 'dbinit':
        create_db(db_conn)

    elif args.command == 'adinfo':
        session = get_session(db_conn)
        from jackdaw.dbmodel.adinfo import JackDawADInfo
        from jackdaw.utils.table import print_table

        rows = [['Ad ID', 'domain name', 'scantime']]
        for did, distinguishedName, creation in session.query(
                JackDawADInfo).with_entities(JackDawADInfo.id,
                                             JackDawADInfo.distinguishedName,
                                             JackDawADInfo.fetched_at).all():
            name = distinguishedName.replace('DC=', '')
            name = name.replace(',', '.')
            rows.append([str(did), name, creation.isoformat()])
        print_table(rows)

    elif args.command == 'ldap':
        ldap_mgr = construct_ldapdef(args)
        ldap_conn = ldap_mgr.get_connection()
        ldap_conn.connect()

        mgr = LDAPEnumeratorManager(db_conn,
                                    ldap_mgr,
                                    agent_cnt=args.ldap_workers)
        adifo_id = mgr.run()
        print('ADInfo entry successfully created with ID %s' % adifo_id)

    elif args.command in ['shares', 'sessions', 'localgroups']:
        smb_mgr = construct_smbdef(args)
        mgr = SMBGathererManager(smb_mgr)
        mgr.gathering_type = [args.command]
        mgr.db_conn = db_conn
        mgr.lookup_ad = args.lookup_ad

        if args.ldap_url:
            ldap_mgr = construct_ldapdef(args)
            ldap_conn = ldap_mgr.get_connection()
            ldap_conn.connect()
            mgr.ldap_conn = ldap_conn

        if args.ad_id:
            mgr.target_ad = args.ad_id

        if args.target_file:
            mgr.targets_file = args.target_file

        mgr.run()

    elif args.command == 'creds':
        creds = JackDawCredentials(args.db_conn, args.domain_id)
        creds.add_credentials_impacket(args.impacket_file)

    elif args.command == 'passwords':
        creds = JackDawCredentials(args.db_conn)
        creds.add_cracked_passwords(args.potfile, args.disable_usercheck,
                                    args.disable_passwordcheck)

    elif args.command == 'uncracked':
        creds = JackDawCredentials(args.db_conn, args.domain_id)
        creds.get_uncracked_hashes(args.hash_type, args.history)

    elif args.command == 'cracked':
        creds = JackDawCredentials(args.db_conn, args.domain_id)
        creds.get_cracked_info()

    elif args.command == 'nest':
        from jackdaw.nest.wrapper import NestServer

        debug = bool(args.verbose)

        server = NestServer(args.sql,
                            bind_ip=args.ip,
                            bind_port=args.port,
                            debug=debug)
        server.run()