def main(): parser = ArgumentParser(prog='paperfind', description='\nProvides grep-like functionality for the \'handles\' command.\n\nRelative paths will (probably) never match. Use absolute or partial\npaths as though you are grepping. For full featured pattern matching,\nconsider the --regex option.\n\nIf the pattern you\'re searching for starts with a "-" character, place\na "-" by itself before beginning the pattern.\n\n e.g. %(prog)s -any - -filethatstartswithadash\n or %(prog)s - -filethatstartswithadash -any\n') parser.add_argument('pattern', help='Pattern or regular expression.') parser.add_argument('--regex', dest='regex', action='store_true', help='Treat the input pattern as a user-supplied regular expression instead of a simple string pattern.') parser.add_argument('--any', dest='any', action='store_true', default=False, help='Search all handle types instead of only file handles.') parser.add_argument('--data', dest='data_age', metavar='AGE', type=delta, default=datetime.timedelta(minutes=10), help='How old cached data can be before re-querying target. Use #d#h#m#s format. (Default 10m if unspecified).') handles_group = parser.add_argument_group(title='handles', description='Options that control how the handles command is run.') handles_group.add_argument('--id', dest='id', type=int10or16, help='Limit returned handle search to a particular process ID.') handles_group.add_argument('--all', dest='all', action='store_true', default=False, help='Search all available handle information. (Not recommended with this script; provides no benefit)') handles_group.add_argument('--memory', dest='memory', type=int10or16, help='Number of bytes to use for open handle list (defaults to handles default).') options = parser.parse_args() if options.regex: ops.info(('Searching using regex: %s' % options.pattern)) else: ops.info(('Searching for "%s"...' % options.pattern)) found = ops.system.handles.grep_handles(pattern=ntpath.normpath(options.pattern), id=options.id, all=options.all, memory=options.memory, regex=options.regex, any=options.any, maxage=options.data_age) if (int is type(found)): ops.error(('Error running handles command. Check logs for command ID %d.' % found)) sys.exit((-1)) elif (found is None): ops.error('Error running handles; command may not have been attempted.') sys.exit((-1)) elif (not found): ops.warn('No matches.') sys.exit((-1)) elif options.any: pprint(found, header=['PID', 'Handle', 'Type', 'Full Path'], dictorder=['process', 'handle', 'type', 'name']) else: pprint(found, header=['PID', 'Handle', 'Full Path'], dictorder=['process', 'handle', 'name'])
def main(args=[]): flags = dsz.control.Method() if ((__name__ == '__main__') and (dsz.script.Env['script_parent_echo_disabled'].lower() == 'true')): dsz.control.quiet.On() parser = ArgumentParser(prog='prettych', add_help=False) cmdopts = parser.add_argument_group(title='commands options') cmdopts.add_argument('--all', action='store_true', help='Also display finished commands') cmdopts.add_argument('--any', action='store_true', help='Display commands from any address') locationgrp = cmdopts.add_mutually_exclusive_group() locationgrp.add_argument('--local', dest='location', default=LOCATION_LOCAL, const=LOCATION_LOCAL, action='store_const', help='List local commands (default)') locationgrp.add_argument('--remote', dest='location', const=LOCATION_REMOTE, action='store_const', help='List remote commands') cmdopts.add_argument('--astyped', action='store_true', help='Show commands as typed (rather than displaying expanded aliases)') cmdopts.add_argument('--verbose', action='store_true', help='Show additional command information') parser.add_argument('--echo', dest='dszquiet', default=True, action='store_false', help='Echo out the raw DSZ commands output in addition to pretty printing.') options = parser.parse_args(args) commands = ops.cmd.getDszCommand('commands', prefixes=['stopaliasing'], all=options.all, any=options.any, astyped=options.astyped, verbose=options.verbose, dszquiet=options.dszquiet) if (options.location == LOCATION_LOCAL): header = [] fields = [] if options.all: header.append('Status') fields.append('status') header.extend(['ID', 'Target']) fields.extend(['id', 'targetaddress']) if (options.astyped or options.verbose): header.append('Command (as-typed)') fields.append('commandastyped') if ((not options.astyped) or options.verbose): header.append('Full Command') fields.append('fullcommand') header.extend(['Sent', 'Received']) fields.extend(['bytessent', 'bytesreceived']) elif (options.location == LOCATION_REMOTE): commands.remote = True header = ['ID', 'Command'] fields = ['id', 'name'] else: print 'You win a prize! Also, you fail.' sys.exit((-1)) result = commands.execute() if (__name__ == '__main__'): ops.data.script_export(result) if (__name__ == '__main__'): for i in xrange(len(result.command)): if (result.command[i].id == int(dsz.script.Env['script_command_id'])): del result.command[i] break pprint(result.command, header=header, dictorder=fields) del flags return True
def scansweep_argparser(self): parser = ArgumentParser(version=self.toolversion, description='scansweep does automated scanning through DSZ') group_types = parser.add_argument_group('Type flags', 'These flags determine what job types scansweep executes') group_types.add_argument('--type', action='store', dest='type', nargs='+', help='Type of scan to conduct, or a queue file containing line seperated (job ip,ip,ip,...) entries') group_types.add_argument('--escalate', action='store', dest='escalate', nargs='*', help='Escalate when a arp/ping is found, [rule] replaces this and can be a list of rules or a file') group_types.add_argument('--monitor', action='store', dest='monitor', nargs='+', help='Type of monitors to parse, then apply escalation rules, if there are any defined.') group_target = parser.add_argument_group('Target input flags', 'These flags determine what targets scansweep executes against') group_target.add_argument('--target', action='store', dest='target', nargs='+', metavar='ip,ip-ip,ip/net,ip/netmask,file,host', help='Specification of targets to scan') group_target.add_argument('--exclude', action='store', dest='exclude', nargs='+', metavar='ip,ip-ip,ip/net,ip/netmask,file,host', help='Specification of targets NOT to scan') group_target.add_argument('--cidroverride', action='store_true', dest='cidroverride', default=False, help='Override the safety restriction of maximum of 255 hosts') group_target.add_argument('--internaloverride', action='store_true', dest='internaloverride', default=False, help='Override the safety restriction for monitor tasking, which by default disallows escalating outside our current subnet') group_time = parser.add_argument_group('Timing flags', 'These flags adjust how fast or slow scansweep executes') group_time.add_argument('--period', action='store', dest='period', default='15s-45s', type=ops.timehelper.parse_interval_string, metavar='Xs-Xm', help='Period at which to run the command (ex. 30s 10-20m) (default: 15s-45s)') group_time.add_argument('--maxtime', action='store', dest='maxtime', default='4h', type=ops.timehelper.parse_interval_string, metavar='Xh', help='Maximum time for the command to run (ex. 30s 10-20m) (default: 4h)') group_time.add_argument('--nowait', action='store_true', dest='nowait', default=False, help='Toggles counting since beginning of last scan rather then the end of last scan') group_time.add_argument('--timeout', action='store', dest='timeout', type=int, metavar='XX', help='Sets the timeout in seconds to pass to a command (used in ping, banner, rpctouch, smbtouch, rpc2)') group_time.add_argument('--override', action='store_true', dest='override', default=False, help='Override the safety restriction of 15s minimum scan range on ping and netbios') group_database = parser.add_argument_group('Database flags', 'These advanced flags allow you to work with the database') group_database.add_argument('--database', action='store', dest='database', choices=['sessions', 'jobs', 'results', 'dump', 'reset', 'kill', 'rules', 'excludes', 'create', 'reescalate'], help='Allows dumping of database info') group_database.add_argument('--session', action='store', dest='session', metavar='scansweep_YYYY_MM_DD_HHhMMmSSs.XXX', help='Allows you to re-use an old incomplete scan or to "join" another scan') group_database.add_argument('--update', action='store', dest='update', metavar='updatefile.txt', help='Allows updating a currently running session by adding/removing jobs and rules') group_misc = parser.add_argument_group('Misc flags', 'Flags that have no home') group_misc.add_argument('--verbose', action='store_true', dest='verbose', default=False, help='Enables output of the commands run to the screen') return parser
def scansweep_argparser(self): parser = ArgumentParser(version=self.toolversion, description='scansweep does automated scanning through DSZ') group_types = parser.add_argument_group('Type flags', 'These flags determine what job types scansweep executes') group_types.add_argument('--type', action='store', dest='type', nargs='+', help='Type of scan to conduct, or a queue file containing line seperated (job ip,ip,ip,...) entries') group_types.add_argument('--escalate', action='store', dest='escalate', nargs='*', help='Escalate when a arp/ping is found, [rule] replaces this and can be a list of rules or a file') group_types.add_argument('--monitor', action='store', dest='monitor', nargs='+', help='Type of monitors to parse, then apply escalation rules, if there are any defined.') group_target = parser.add_argument_group('Target input flags', 'These flags determine what targets scansweep executes against') group_target.add_argument('--target', action='store', dest='target', nargs='+', metavar='ip,ip-ip,ip/net,ip/netmask,file,host', help='Specification of targets to scan') group_target.add_argument('--exclude', action='store', dest='exclude', nargs='+', metavar='ip,ip-ip,ip/net,ip/netmask,file,host', help='Specification of targets NOT to scan') group_target.add_argument('--cidroverride', action='store_true', dest='cidroverride', default=False, help='Override the safety restriction of maximum of 255 hosts') group_target.add_argument('--internaloverride', action='store_true', dest='internaloverride', default=False, help='Override the safety restriction for monitor tasking, which by default disallows escalating outside our current subnet') group_time = parser.add_argument_group('Timing flags', 'These flags adjust how fast or slow scansweep executes') group_time.add_argument('--period', action='store', dest='period', default='15s-45s', type=ops.timehelper.parse_interval_string, metavar='Xs-Xm', help='Period at which to run the command (ex. 30s 10-20m) (default: 15s-45s)') group_time.add_argument('--maxtime', action='store', dest='maxtime', default='4h', type=ops.timehelper.parse_interval_string, metavar='Xh', help='Maximum time for the command to run (ex. 30s 10-20m) (default: 4h)') group_time.add_argument('--nowait', action='store_true', dest='nowait', default=False, help='Toggles counting since beginning of last scan rather then the end of last scan') group_time.add_argument('--timeout', action='store', dest='timeout', type=int, metavar='XX', help='Sets the timeout in seconds to pass to a command (used in ping, banner, rpctouch, smbtouch, rpc2)') group_time.add_argument('--override', action='store_true', dest='override', default=False, help='Override the safety restriction of 15s minimum scan range on ping and netbios') group_database = parser.add_argument_group('Database flags', 'These advanced flags allow you to work with the database') group_database.add_argument('--database', action='store', dest='database', choices=['sessions', 'jobs', 'results', 'dump', 'reset', 'kill', 'rules', 'excludes', 'create', 'reescalate'], help='Allows dumping of database info') group_database.add_argument('--session', action='store', dest='session', metavar='scansweep_YYYY_MM_DD_HHhMMmSSs.XXX', help='Allows you to re-use an old incomplete scan or to "join" another scan') group_database.add_argument('--update', action='store', dest='update', metavar='updatefile.txt', help='Allows updating a currently running session by adding/removing jobs and rules') group_misc = parser.add_argument_group('Misc flags', 'Flags that have no home') group_misc.add_argument('--verbose', action='store_true', dest='verbose', default=False, help='Enables output of the commands run to the screen') return parser
def get_parser(): parser = ArgumentParser( version='1.0.0', description= 'usb_monitor.py should be run in the background. It runs the Drives command at a given interval (default = 300) and monitors if removable media is plugged in or removed. It will run until killed.' ) group_types = parser.add_argument_group('usb_monitor.py Arguments') group_types.add_argument( '--interval', dest='interval', type=int, action='store', nargs=1, help= 'The interval in SECONDS at which to run the Drives command. Default = 300' ) return parser
def main(args=[]): flags = dsz.control.Method() if ((__name__ == '__main__') and (dsz.script.Env['script_parent_echo_disabled'].lower() == 'true')): dsz.control.quiet.On() parser = ArgumentParser(prog='prettych', add_help=False) cmdopts = parser.add_argument_group(title='commands options') cmdopts.add_argument('--all', action='store_true', help='Also display finished commands') cmdopts.add_argument('--any', action='store_true', help='Display commands from any address') locationgrp = cmdopts.add_mutually_exclusive_group() locationgrp.add_argument('--local', dest='location', default=LOCATION_LOCAL, const=LOCATION_LOCAL, action='store_const', help='List local commands (default)') locationgrp.add_argument('--remote', dest='location', const=LOCATION_REMOTE, action='store_const', help='List remote commands') cmdopts.add_argument( '--astyped', action='store_true', help='Show commands as typed (rather than displaying expanded aliases)' ) cmdopts.add_argument('--verbose', action='store_true', help='Show additional command information') parser.add_argument( '--echo', dest='dszquiet', default=True, action='store_false', help= 'Echo out the raw DSZ commands output in addition to pretty printing.') options = parser.parse_args(args) commands = ops.cmd.getDszCommand('commands', prefixes=['stopaliasing'], all=options.all, any=options.any, astyped=options.astyped, verbose=options.verbose, dszquiet=options.dszquiet) if (options.location == LOCATION_LOCAL): header = [] fields = [] if options.all: header.append('Status') fields.append('status') header.extend(['ID', 'Target']) fields.extend(['id', 'targetaddress']) if (options.astyped or options.verbose): header.append('Command (as-typed)') fields.append('commandastyped') if ((not options.astyped) or options.verbose): header.append('Full Command') fields.append('fullcommand') header.extend(['Sent', 'Received']) fields.extend(['bytessent', 'bytesreceived']) elif (options.location == LOCATION_REMOTE): commands.remote = True header = ['ID', 'Command'] fields = ['id', 'name'] else: print 'You win a prize! Also, you fail.' sys.exit((-1)) result = commands.execute() if (__name__ == '__main__'): ops.data.script_export(result) if (__name__ == '__main__'): for i in xrange(len(result.command)): if (result.command[i].id == int( dsz.script.Env['script_command_id'])): del result.command[i] break pprint(result.command, header=header, dictorder=fields) del flags return True
def main(args): parser = ArgumentParser() group_target = parser.add_argument_group( 'Target', 'Options that describe the event log to query') group_target.add_argument( '--log', action='store', dest='log', default='security', help='The event log to search. Default = Security') group_target.add_argument('--target', action='store', dest='target', help='Remote machine to query') group_limiters = parser.add_argument_group( 'Limiters', 'Options that limit the range over which we are searching') group_limiters.add_argument( '--num', action='store', dest='num', default=1000, type=int, help= "The number of entries to parse. A value of zero will result in all entries being parsed. Parsing will cease once the first 1000 records are found unless the 'max' keyword is used." ) group_limiters.add_argument( '--max', action='store', dest='max', default=100, type=int, help= 'Maximum entries returned from the target. Default=1000. A value of 0 will result in all possible entries returned. It is recommended that a value of 0 not be used due to the fact that a large database could result in an excessive number of entries being parsed and cause a slowdown in the speed and memory usage of the LP.' ) group_limiters.add_argument( '--startrecord', action='store', dest='startrecord', help= 'Record with which to begin filtering. Default = Most recent record.') group_filters = parser.add_argument_group( 'Filters', 'Options that describe what we are looking for') group_filters.add_argument( '--id', action='store', dest='id', help='The Event ID on which to filter. Default = No filtering.') group_filters.add_argument( '--logons', action='store_true', dest='logons', default=False, help='Eventlogfilter for common authentication logs') group_filters.add_argument( '--string', action='store', dest='string_opt', help='String in entry on which to filter. Default = No filtering.') group_filters.add_argument( '--sid', action='store', dest='sid', help='Username on which to filter. Default = No filtering.') group_filters.add_argument('--xpath', action='store', dest='xpath', help='XPath expression for search.') group_output = parser.add_argument_group('Output', 'Options that change the output') group_output.add_argument( '--summary', action='store_true', dest='summary', default=False, help='Display a list of the strings associated with each event record') group_monitor = parser.add_argument_group( 'Monitor', 'Options that deal with monitoring') group_monitor.add_argument( '--monitor', action='store_true', dest='monitor', default=False, help= 'Execute the eventlogfilter command at a given interval and display any new results' ) group_monitor.add_argument('--interval', action='store', dest='interval', default='5m', type=ops.timehelper.get_seconds_from_age, help='Interval at which to monitor') options = parser.parse_args() last_record = 0 newest_record = 0 querymax = options.max querynum = options.num startrecord = options.startrecord while True: if options.monitor: newest_record = getmostrecentrecordnum(eventlog=options.log) if (not (last_record == 0)): querynum = (newest_record - last_record) startrecord = newest_record querymax = querynum if (querymax == 0): dsz.ui.Echo(('[%s] No new records' % ops.timestamp()), dsz.WARNING) dsz.Sleep((options.interval * 1000)) continue dsz.ui.Echo(('=' * 80), dsz.GOOD) eventlogtime(log=options.log, max=querymax, num=querynum, id_list=options.id, sid=options.sid, string_opt_list=options.string_opt, startrecord=startrecord, xpath=options.xpath, target=options.target, summary=options.summary, logons=options.logons) last_record = newest_record if (not options.monitor): return dsz.Sleep((options.interval * 1000))
def main(): parser = ArgumentParser(prog='survey') actiongrp = parser.add_mutually_exclusive_group(required=True) actiongrp.add_argument( '--run', dest='run', const=ops.survey.DEFAULT_CONFIG, nargs='?', metavar='SURVEY', help='Run specified survey. Uses default if none specified. (%(const)s)' ) actiongrp.add_argument('--modify', dest='modify', action='store_true', default=False, help='Manipulate the settings for default survey.') parser.add_argument('--sections', dest='sections', default=ops.survey.DEFAULT_SECTIONS, metavar='SECTION', nargs='+', help='Sections for --run or --override.') modgrp = parser.add_argument_group( title='--modify options', description='These options are only used with the --modify option.') modgrp.add_argument('--override', dest='override', help='Change the default survey file for all targets.') modgrp.add_argument( '--exclude', dest='exclude', nargs='+', metavar='GROUP', help= 'Adds the specified groups to the list of tasks to exclude when running survey configurations.' ) modgrp.add_argument( '--include', dest='include', nargs='+', metavar='GROUP', help= 'Removes the specified groups from the list of tasks to exclude when running survey configurations.' ) modgrp.add_argument('--exclusions', dest='printex', action='store_true', default=False, help='Print out a list of excluded survey groups.') parser.add_argument( '--quiet', dest='quiet', action='store_true', default=False, help= 'Suppress some framework messages, including the running commands list at the end.' ) options = parser.parse_args() if ((not options.modify) and ((options.override is not None) or (options.exclude is not None) or (options.include is not None) or options.printex)): parser.error('-modify is required for these options') if options.modify: if options.override: ops.survey.override(options.override, options.sections) if options.exclude: if ops.survey.exclude(options.exclude): ops.info(('%s added to exclusion list.' % options.exclude)) ops.survey.print_exclusion_list() else: ops.info(('%s already in exclusion list.' % options.exclude)) if options.include: if ops.survey.include(options.include): ops.info(('%s removed from exclusion list.' % options.include)) ops.survey.print_exclusion_list() else: ops.info(('%s not in exclusion list.' % options.include)) if options.printex: ops.survey.print_exclusion_list() else: execute(options.run, options.sections, options.quiet)
def get_parser(): parser = ArgumentParser(version='1.0.0', description='usb_monitor.py should be run in the background. It runs the Drives command at a given interval (default = 300) and monitors if removable media is plugged in or removed. It will run until killed.') group_types = parser.add_argument_group('usb_monitor.py Arguments') group_types.add_argument('--interval', dest='interval', type=int, action='store', nargs=1, help='The interval in SECONDS at which to run the Drives command. Default = 300') return parser