Exemplo n.º 1
0
def get_modules():
    moduleNames = [
        ApacheDirectoryStudio(),
        Autologon(),
        Dbvisualizer(),
        Chrome(),
        CSE(),
        CoreFTP(),
        Cyberduck(),
        Filezilla(),
        FtpNavigator(),
        GalconFusion(),
        GitForWindows(),
        IE(),
        Jitsi(),
        KalypsoMedia(),
        MavenRepositories(),
        MemoryDump(),  # retrieve browers and keepass passwords
        Keepass(),  # should be launched after memory dump
        Mozilla(),
        Composer(),
        Credman(),
        OpenSSHForWindows(),
        Opera(),
        Outlook(),
        Pidgin(),
        Puttycm(),
        RDPManager(),
        Robomongo(),
        RoguesTale(),
        Tortoise(),
        Skype(),
        SQLDeveloper(),
        Squirrel(),
        Turba(),
        Unattended(),
        Vault(),
        Wifi(),
        WinSCP(),
        Cachedump(),
        Hashdump(),
        LSASecrets()
    ]
    return moduleNames
Exemplo n.º 2
0
def get_modules():
	moduleNames = [
		# Browser
		Chrome(), 
		Mozilla(),
		Opera(),
		CocCoc(),

		# Chats
		Pidgin(),	

		# Databases
		Dbvisualizer(), 
		Robomongo(),
		SQLDeveloper(),
		Squirrel(),

		# SVN
		Tortoise(),

		# Sysadmin
		ApacheDirectoryStudio(),
		Filezilla(),
		FtpNavigator(), 
		Unattended(),

		# Wifi
		Wifi(),

		# Windows
		DPAPIHash(),
		Cachedump(),
		Credman(),
		Vault(),
		Hashdump(),
		LSASecrets(), 
		Sysvault()
	]
	return moduleNames
Exemplo n.º 3
0
def get_modules():
    module_names = [

        # Browser
        IE(),
        UCBrowser(),

        # Chats
        Pidgin(),
        Skype(),
        PSI(),

        # Databases
        Dbvisualizer(),
        Squirrel(),
        SQLDeveloper(),
        Robomongo(),
        PostgreSQL(),

        # games
        KalypsoMedia(),
        GalconFusion(),
        RoguesTale(),
        Turba(),

        # Git
        GitForWindows(),

        # Mails
        Outlook(),
        Thunderbird(),

        # Maven
        MavenRepositories(),

        # Memory
        MemoryDump(),  # retrieve browsers and keepass passwords
        Keepass(),  # should be launched after memory dump

        # Php
        Composer(),

        # SVN
        Tortoise(),

        # Sysadmin
        ApacheDirectoryStudio(),
        CoreFTP(),
        Cyberduck(),
        Filezilla(),
        FtpNavigator(),
        Puttycm(),
        OpenSSHForWindows(),
        RDPManager(),
        Unattended(),
        WinSCP(),

        # Wifi
        Wifi(),

        # Windows
        Autologon(),
        Cachedump(),
        Credman(),
        Hashdump(),
        LSASecrets(),
        Vault(),
        WindowsPassword(),
        CredFiles(),
    ]
    return module_names + chromium_browsers + firefox_browsers
    def _export_credentials(self, db_path, is_yandex=False, master_key=None):
        """
        Export credentials from the given database

        :param unicode db_path: database path
        :return: list of credentials
        :rtype: tuple
        """
        credentials = []
        yandex_enckey = None

        if is_yandex:
            try:
                credman_passwords = Credman().run()
                for credman_password in credman_passwords:
                    if b'Yandex' in credman_password.get('URL', b''):
                        if credman_password.get('Password'):
                            yandex_enckey = credman_password.get('Password')
                            self.info('EncKey found: {encKey}'.format(
                                encKey=repr(yandex_enckey)))
            except Exception:
                self.debug(traceback.format_exc())
                # Passwords could not be decrypted without encKey
                self.info('EncKey has not been retrieved')
                return []

        try:
            conn = sqlite3.connect(db_path)
            cursor = conn.cursor()
            cursor.execute(self.database_query)
        except Exception:
            self.debug(traceback.format_exc())
            return credentials

        for url, login, password in cursor.fetchall():
            try:
                # Yandex passwords use a masterkey stored on windows credential manager
                # https://yandex.com/support/browser-passwords-crypto/without-master.html
                if is_yandex and yandex_enckey:
                    try:
                        try:
                            p = json.loads(str(password))
                        except Exception:
                            p = json.loads(password)

                        password = base64.b64decode(p['p'])
                    except Exception:
                        # New version does not use json format
                        pass

                    # Passwords are stored using AES-256-GCM algorithm
                    # The key used to encrypt is stored on the credential manager

                    # yandex_enckey:
                    #   - 4 bytes should be removed to be 256 bits
                    #   - these 4 bytes correspond to the nonce ?

                    # cipher = AES.new(yandex_enckey, AES.MODE_GCM)
                    # plaintext = cipher.decrypt(password)
                    # Failed...
                else:
                    # Decrypt the Password
                    try:
                        password_bytes = Win32CryptUnprotectData(
                            password,
                            is_current_user=constant.is_current_user,
                            user_dpapi=constant.user_dpapi)
                    except AttributeError:
                        try:
                            password_bytes = Win32CryptUnprotectData(
                                password,
                                is_current_user=constant.is_current_user,
                                user_dpapi=constant.user_dpapi)
                        except:
                            password_bytes = None

                    if password_bytes is not None:
                        password = password_bytes.decode("utf-8")
                    elif master_key:
                        password = self._decrypt_v80(password, master_key)

                if not url and not login and not password:
                    continue

                credentials.append((url, login, password))
            except Exception:
                self.debug(traceback.format_exc())

        conn.close()
        return credentials
    def _export_credentials(self, db_path, is_yandex=False):
        """
        Export credentials from the given database

        :param unicode db_path: database path
        :return: list of credentials
        :rtype: tuple
        """
        credentials = []
        yandex_enckey = None

        if is_yandex:
            try:
                credman_passwords = Credman().run()
                for credman_password in credman_passwords:
                    if b'Yandex' in credman_password.get('URL', b''):
                        if credman_password.get('Password'):
                            yandex_enckey = credman_password.get('Password')
                            self.info('EncKey found: {encKey}'.format(
                                encKey=repr(yandex_enckey)))
            except Exception:
                self.debug(traceback.format_exc())
                # Passwords could not be decrypted without encKey
                self.info('EncKey has not been retrieved')
                return []

        try:
            conn = sqlite3.connect(db_path)
            cursor = conn.cursor()
            cursor.execute(self.database_query)
        except Exception:
            self.debug(traceback.format_exc())
            return credentials

        for url, login, password in cursor.fetchall():
            try:
                # Yandex passwords use a masterkey stored on windows credential manager
                # https://yandex.com/support/browser-passwords-crypto/without-master.html
                if is_yandex and yandex_enckey:
                    try:
                        p = json.loads(str(password))
                    except Exception:
                        p = json.loads(password)

                    password = base64.b64decode(p['p'])

                    # Passwords are stored using AES-256-GCM algorithm
                    # The key used to encrypt is stored on the credential manager

                    # from cryptography.hazmat.primitives.ciphers.aead import AESGCM
                    # aesgcm = AESGCM(yandex_enckey)
                    # Failed...
                else:
                    # Decrypt the Password
                    password = Win32CryptUnprotectData(
                        password,
                        is_current_user=constant.is_current_user,
                        user_dpapi=constant.user_dpapi)

                if not url and not login and not password:
                    continue

                credentials.append((url, login, password))
            except Exception:
                self.debug(traceback.format_exc())

        conn.close()
        return credentials