def main():
parser = ArgumentParser(prog='paperfind', description='\nProvides grep-like functionality for the \'handles\' command.\n\nRelative paths will (probably) never match. Use absolute or partial\npaths as though you are grepping. For full featured pattern matching,\nconsider the --regex option.\n\nIf the pattern you\'re searching for starts with a "-" character, place\na "-" by itself before beginning the pattern.\n\n e.g. %(prog)s -any - -filethatstartswithadash\n or %(prog)s - -filethatstartswithadash -any\n')
parser.add_argument('pattern', help='Pattern or regular expression.')
parser.add_argument('--regex', dest='regex', action='store_true', help='Treat the input pattern as a user-supplied regular expression instead of a simple string pattern.')
parser.add_argument('--any', dest='any', action='store_true', default=False, help='Search all handle types instead of only file handles.')
parser.add_argument('--data', dest='data_age', metavar='AGE', type=delta, default=datetime.timedelta(minutes=10), help='How old cached data can be before re-querying target. Use #d#h#m#s format. (Default 10m if unspecified).')
handles_group = parser.add_argument_group(title='handles', description='Options that control how the handles command is run.')
handles_group.add_argument('--id', dest='id', type=int10or16, help='Limit returned handle search to a particular process ID.')
handles_group.add_argument('--all', dest='all', action='store_true', default=False, help='Search all available handle information. (Not recommended with this script; provides no benefit)')
handles_group.add_argument('--memory', dest='memory', type=int10or16, help='Number of bytes to use for open handle list (defaults to handles default).')
options = parser.parse_args()
if options.regex:
ops.info(('Searching using regex: %s' % options.pattern))
else:
ops.info(('Searching for "%s"...' % options.pattern))
found = ops.system.handles.grep_handles(pattern=ntpath.normpath(options.pattern), id=options.id, all=options.all, memory=options.memory, regex=options.regex, any=options.any, maxage=options.data_age)
if (int is type(found)):
ops.error(('Error running handles command. Check logs for command ID %d.' % found))
sys.exit((-1))
elif (found is None):
ops.error('Error running handles; command may not have been attempted.')
sys.exit((-1))
elif (not found):
ops.warn('No matches.')
sys.exit((-1))
elif options.any:
pprint(found, header=['PID', 'Handle', 'Type', 'Full Path'], dictorder=['process', 'handle', 'type', 'name'])
else:
pprint(found, header=['PID', 'Handle', 'Full Path'], dictorder=['process', 'handle', 'name'])
def main(args=[]):
flags = dsz.control.Method()
if ((__name__ == '__main__') and (dsz.script.Env['script_parent_echo_disabled'].lower() == 'true')):
dsz.control.quiet.On()
parser = ArgumentParser(prog='prettych', add_help=False)
cmdopts = parser.add_argument_group(title='commands options')
cmdopts.add_argument('--all', action='store_true', help='Also display finished commands')
cmdopts.add_argument('--any', action='store_true', help='Display commands from any address')
locationgrp = cmdopts.add_mutually_exclusive_group()
locationgrp.add_argument('--local', dest='location', default=LOCATION_LOCAL, const=LOCATION_LOCAL, action='store_const', help='List local commands (default)')
locationgrp.add_argument('--remote', dest='location', const=LOCATION_REMOTE, action='store_const', help='List remote commands')
cmdopts.add_argument('--astyped', action='store_true', help='Show commands as typed (rather than displaying expanded aliases)')
cmdopts.add_argument('--verbose', action='store_true', help='Show additional command information')
parser.add_argument('--echo', dest='dszquiet', default=True, action='store_false', help='Echo out the raw DSZ commands output in addition to pretty printing.')
options = parser.parse_args(args)
commands = ops.cmd.getDszCommand('commands', prefixes=['stopaliasing'], all=options.all, any=options.any, astyped=options.astyped, verbose=options.verbose, dszquiet=options.dszquiet)
if (options.location == LOCATION_LOCAL):
header = []
fields = []
if options.all:
header.append('Status')
fields.append('status')
header.extend(['ID', 'Target'])
fields.extend(['id', 'targetaddress'])
if (options.astyped or options.verbose):
header.append('Command (as-typed)')
fields.append('commandastyped')
if ((not options.astyped) or options.verbose):
header.append('Full Command')
fields.append('fullcommand')
header.extend(['Sent', 'Received'])
fields.extend(['bytessent', 'bytesreceived'])
elif (options.location == LOCATION_REMOTE):
commands.remote = True
header = ['ID', 'Command']
fields = ['id', 'name']
else:
print 'You win a prize! Also, you fail.'
sys.exit((-1))
result = commands.execute()
if (__name__ == '__main__'):
ops.data.script_export(result)
if (__name__ == '__main__'):
for i in xrange(len(result.command)):
if (result.command[i].id == int(dsz.script.Env['script_command_id'])):
del result.command[i]
break
pprint(result.command, header=header, dictorder=fields)
del flags
return True
def scansweep_argparser(self):
parser = ArgumentParser(version=self.toolversion, description='scansweep does automated scanning through DSZ')
group_types = parser.add_argument_group('Type flags', 'These flags determine what job types scansweep executes')
group_types.add_argument('--type', action='store', dest='type', nargs='+', help='Type of scan to conduct, or a queue file containing line seperated (job ip,ip,ip,...) entries')
group_types.add_argument('--escalate', action='store', dest='escalate', nargs='*', help='Escalate when a arp/ping is found, [rule] replaces this and can be a list of rules or a file')
group_types.add_argument('--monitor', action='store', dest='monitor', nargs='+', help='Type of monitors to parse, then apply escalation rules, if there are any defined.')
group_target = parser.add_argument_group('Target input flags', 'These flags determine what targets scansweep executes against')
group_target.add_argument('--target', action='store', dest='target', nargs='+', metavar='ip,ip-ip,ip/net,ip/netmask,file,host', help='Specification of targets to scan')
group_target.add_argument('--exclude', action='store', dest='exclude', nargs='+', metavar='ip,ip-ip,ip/net,ip/netmask,file,host', help='Specification of targets NOT to scan')
group_target.add_argument('--cidroverride', action='store_true', dest='cidroverride', default=False, help='Override the safety restriction of maximum of 255 hosts')
group_target.add_argument('--internaloverride', action='store_true', dest='internaloverride', default=False, help='Override the safety restriction for monitor tasking, which by default disallows escalating outside our current subnet')
group_time = parser.add_argument_group('Timing flags', 'These flags adjust how fast or slow scansweep executes')
group_time.add_argument('--period', action='store', dest='period', default='15s-45s', type=ops.timehelper.parse_interval_string, metavar='Xs-Xm', help='Period at which to run the command (ex. 30s 10-20m) (default: 15s-45s)')
group_time.add_argument('--maxtime', action='store', dest='maxtime', default='4h', type=ops.timehelper.parse_interval_string, metavar='Xh', help='Maximum time for the command to run (ex. 30s 10-20m) (default: 4h)')
group_time.add_argument('--nowait', action='store_true', dest='nowait', default=False, help='Toggles counting since beginning of last scan rather then the end of last scan')
group_time.add_argument('--timeout', action='store', dest='timeout', type=int, metavar='XX', help='Sets the timeout in seconds to pass to a command (used in ping, banner, rpctouch, smbtouch, rpc2)')
group_time.add_argument('--override', action='store_true', dest='override', default=False, help='Override the safety restriction of 15s minimum scan range on ping and netbios')
group_database = parser.add_argument_group('Database flags', 'These advanced flags allow you to work with the database')
group_database.add_argument('--database', action='store', dest='database', choices=['sessions', 'jobs', 'results', 'dump', 'reset', 'kill', 'rules', 'excludes', 'create', 'reescalate'], help='Allows dumping of database info')
group_database.add_argument('--session', action='store', dest='session', metavar='scansweep_YYYY_MM_DD_HHhMMmSSs.XXX', help='Allows you to re-use an old incomplete scan or to "join" another scan')
group_database.add_argument('--update', action='store', dest='update', metavar='updatefile.txt', help='Allows updating a currently running session by adding/removing jobs and rules')
group_misc = parser.add_argument_group('Misc flags', 'Flags that have no home')
group_misc.add_argument('--verbose', action='store_true', dest='verbose', default=False, help='Enables output of the commands run to the screen')
return parser
def scansweep_argparser(self):
parser = ArgumentParser(version=self.toolversion, description='scansweep does automated scanning through DSZ')
group_types = parser.add_argument_group('Type flags', 'These flags determine what job types scansweep executes')
group_types.add_argument('--type', action='store', dest='type', nargs='+', help='Type of scan to conduct, or a queue file containing line seperated (job ip,ip,ip,...) entries')
group_types.add_argument('--escalate', action='store', dest='escalate', nargs='*', help='Escalate when a arp/ping is found, [rule] replaces this and can be a list of rules or a file')
group_types.add_argument('--monitor', action='store', dest='monitor', nargs='+', help='Type of monitors to parse, then apply escalation rules, if there are any defined.')
group_target = parser.add_argument_group('Target input flags', 'These flags determine what targets scansweep executes against')
group_target.add_argument('--target', action='store', dest='target', nargs='+', metavar='ip,ip-ip,ip/net,ip/netmask,file,host', help='Specification of targets to scan')
group_target.add_argument('--exclude', action='store', dest='exclude', nargs='+', metavar='ip,ip-ip,ip/net,ip/netmask,file,host', help='Specification of targets NOT to scan')
group_target.add_argument('--cidroverride', action='store_true', dest='cidroverride', default=False, help='Override the safety restriction of maximum of 255 hosts')
group_target.add_argument('--internaloverride', action='store_true', dest='internaloverride', default=False, help='Override the safety restriction for monitor tasking, which by default disallows escalating outside our current subnet')
group_time = parser.add_argument_group('Timing flags', 'These flags adjust how fast or slow scansweep executes')
group_time.add_argument('--period', action='store', dest='period', default='15s-45s', type=ops.timehelper.parse_interval_string, metavar='Xs-Xm', help='Period at which to run the command (ex. 30s 10-20m) (default: 15s-45s)')
group_time.add_argument('--maxtime', action='store', dest='maxtime', default='4h', type=ops.timehelper.parse_interval_string, metavar='Xh', help='Maximum time for the command to run (ex. 30s 10-20m) (default: 4h)')
group_time.add_argument('--nowait', action='store_true', dest='nowait', default=False, help='Toggles counting since beginning of last scan rather then the end of last scan')
group_time.add_argument('--timeout', action='store', dest='timeout', type=int, metavar='XX', help='Sets the timeout in seconds to pass to a command (used in ping, banner, rpctouch, smbtouch, rpc2)')
group_time.add_argument('--override', action='store_true', dest='override', default=False, help='Override the safety restriction of 15s minimum scan range on ping and netbios')
group_database = parser.add_argument_group('Database flags', 'These advanced flags allow you to work with the database')
group_database.add_argument('--database', action='store', dest='database', choices=['sessions', 'jobs', 'results', 'dump', 'reset', 'kill', 'rules', 'excludes', 'create', 'reescalate'], help='Allows dumping of database info')
group_database.add_argument('--session', action='store', dest='session', metavar='scansweep_YYYY_MM_DD_HHhMMmSSs.XXX', help='Allows you to re-use an old incomplete scan or to "join" another scan')
group_database.add_argument('--update', action='store', dest='update', metavar='updatefile.txt', help='Allows updating a currently running session by adding/removing jobs and rules')
group_misc = parser.add_argument_group('Misc flags', 'Flags that have no home')
group_misc.add_argument('--verbose', action='store_true', dest='verbose', default=False, help='Enables output of the commands run to the screen')
return parser
def get_parser():
parser = ArgumentParser(
version='1.0.0',
description=
'usb_monitor.py should be run in the background. It runs the Drives command at a given interval (default = 300) and monitors if removable media is plugged in or removed. It will run until killed.'
)
group_types = parser.add_argument_group('usb_monitor.py Arguments')
group_types.add_argument(
'--interval',
dest='interval',
type=int,
action='store',
nargs=1,
help=
'The interval in SECONDS at which to run the Drives command. Default = 300'
)
return parser
def main(args=[]):
flags = dsz.control.Method()
if ((__name__ == '__main__') and
(dsz.script.Env['script_parent_echo_disabled'].lower() == 'true')):
dsz.control.quiet.On()
parser = ArgumentParser(prog='prettych', add_help=False)
cmdopts = parser.add_argument_group(title='commands options')
cmdopts.add_argument('--all',
action='store_true',
help='Also display finished commands')
cmdopts.add_argument('--any',
action='store_true',
help='Display commands from any address')
locationgrp = cmdopts.add_mutually_exclusive_group()
locationgrp.add_argument('--local',
dest='location',
default=LOCATION_LOCAL,
const=LOCATION_LOCAL,
action='store_const',
help='List local commands (default)')
locationgrp.add_argument('--remote',
dest='location',
const=LOCATION_REMOTE,
action='store_const',
help='List remote commands')
cmdopts.add_argument(
'--astyped',
action='store_true',
help='Show commands as typed (rather than displaying expanded aliases)'
)
cmdopts.add_argument('--verbose',
action='store_true',
help='Show additional command information')
parser.add_argument(
'--echo',
dest='dszquiet',
default=True,
action='store_false',
help=
'Echo out the raw DSZ commands output in addition to pretty printing.')
options = parser.parse_args(args)
commands = ops.cmd.getDszCommand('commands',
prefixes=['stopaliasing'],
all=options.all,
any=options.any,
astyped=options.astyped,
verbose=options.verbose,
dszquiet=options.dszquiet)
if (options.location == LOCATION_LOCAL):
header = []
fields = []
if options.all:
header.append('Status')
fields.append('status')
header.extend(['ID', 'Target'])
fields.extend(['id', 'targetaddress'])
if (options.astyped or options.verbose):
header.append('Command (as-typed)')
fields.append('commandastyped')
if ((not options.astyped) or options.verbose):
header.append('Full Command')
fields.append('fullcommand')
header.extend(['Sent', 'Received'])
fields.extend(['bytessent', 'bytesreceived'])
elif (options.location == LOCATION_REMOTE):
commands.remote = True
header = ['ID', 'Command']
fields = ['id', 'name']
else:
print 'You win a prize! Also, you fail.'
sys.exit((-1))
result = commands.execute()
if (__name__ == '__main__'):
ops.data.script_export(result)
if (__name__ == '__main__'):
for i in xrange(len(result.command)):
if (result.command[i].id == int(
dsz.script.Env['script_command_id'])):
del result.command[i]
break
pprint(result.command, header=header, dictorder=fields)
del flags
return True
def main(args):
parser = ArgumentParser()
group_target = parser.add_argument_group(
'Target', 'Options that describe the event log to query')
group_target.add_argument(
'--log',
action='store',
dest='log',
default='security',
help='The event log to search. Default = Security')
group_target.add_argument('--target',
action='store',
dest='target',
help='Remote machine to query')
group_limiters = parser.add_argument_group(
'Limiters', 'Options that limit the range over which we are searching')
group_limiters.add_argument(
'--num',
action='store',
dest='num',
default=1000,
type=int,
help=
"The number of entries to parse. A value of zero will result in all entries being parsed. Parsing will cease once the first 1000 records are found unless the 'max' keyword is used."
)
group_limiters.add_argument(
'--max',
action='store',
dest='max',
default=100,
type=int,
help=
'Maximum entries returned from the target. Default=1000. A value of 0 will result in all possible entries returned. It is recommended that a value of 0 not be used due to the fact that a large database could result in an excessive number of entries being parsed and cause a slowdown in the speed and memory usage of the LP.'
)
group_limiters.add_argument(
'--startrecord',
action='store',
dest='startrecord',
help=
'Record with which to begin filtering. Default = Most recent record.')
group_filters = parser.add_argument_group(
'Filters', 'Options that describe what we are looking for')
group_filters.add_argument(
'--id',
action='store',
dest='id',
help='The Event ID on which to filter. Default = No filtering.')
group_filters.add_argument(
'--logons',
action='store_true',
dest='logons',
default=False,
help='Eventlogfilter for common authentication logs')
group_filters.add_argument(
'--string',
action='store',
dest='string_opt',
help='String in entry on which to filter. Default = No filtering.')
group_filters.add_argument(
'--sid',
action='store',
dest='sid',
help='Username on which to filter. Default = No filtering.')
group_filters.add_argument('--xpath',
action='store',
dest='xpath',
help='XPath expression for search.')
group_output = parser.add_argument_group('Output',
'Options that change the output')
group_output.add_argument(
'--summary',
action='store_true',
dest='summary',
default=False,
help='Display a list of the strings associated with each event record')
group_monitor = parser.add_argument_group(
'Monitor', 'Options that deal with monitoring')
group_monitor.add_argument(
'--monitor',
action='store_true',
dest='monitor',
default=False,
help=
'Execute the eventlogfilter command at a given interval and display any new results'
)
group_monitor.add_argument('--interval',
action='store',
dest='interval',
default='5m',
type=ops.timehelper.get_seconds_from_age,
help='Interval at which to monitor')
options = parser.parse_args()
last_record = 0
newest_record = 0
querymax = options.max
querynum = options.num
startrecord = options.startrecord
while True:
if options.monitor:
newest_record = getmostrecentrecordnum(eventlog=options.log)
if (not (last_record == 0)):
querynum = (newest_record - last_record)
startrecord = newest_record
querymax = querynum
if (querymax == 0):
dsz.ui.Echo(('[%s] No new records' % ops.timestamp()),
dsz.WARNING)
dsz.Sleep((options.interval * 1000))
continue
dsz.ui.Echo(('=' * 80), dsz.GOOD)
eventlogtime(log=options.log,
max=querymax,
num=querynum,
id_list=options.id,
sid=options.sid,
string_opt_list=options.string_opt,
startrecord=startrecord,
xpath=options.xpath,
target=options.target,
summary=options.summary,
logons=options.logons)
last_record = newest_record
if (not options.monitor):
return
dsz.Sleep((options.interval * 1000))
def main():
parser = ArgumentParser(prog='survey')
actiongrp = parser.add_mutually_exclusive_group(required=True)
actiongrp.add_argument(
'--run',
dest='run',
const=ops.survey.DEFAULT_CONFIG,
nargs='?',
metavar='SURVEY',
help='Run specified survey. Uses default if none specified. (%(const)s)'
)
actiongrp.add_argument('--modify',
dest='modify',
action='store_true',
default=False,
help='Manipulate the settings for default survey.')
parser.add_argument('--sections',
dest='sections',
default=ops.survey.DEFAULT_SECTIONS,
metavar='SECTION',
nargs='+',
help='Sections for --run or --override.')
modgrp = parser.add_argument_group(
title='--modify options',
description='These options are only used with the --modify option.')
modgrp.add_argument('--override',
dest='override',
help='Change the default survey file for all targets.')
modgrp.add_argument(
'--exclude',
dest='exclude',
nargs='+',
metavar='GROUP',
help=
'Adds the specified groups to the list of tasks to exclude when running survey configurations.'
)
modgrp.add_argument(
'--include',
dest='include',
nargs='+',
metavar='GROUP',
help=
'Removes the specified groups from the list of tasks to exclude when running survey configurations.'
)
modgrp.add_argument('--exclusions',
dest='printex',
action='store_true',
default=False,
help='Print out a list of excluded survey groups.')
parser.add_argument(
'--quiet',
dest='quiet',
action='store_true',
default=False,
help=
'Suppress some framework messages, including the running commands list at the end.'
)
options = parser.parse_args()
if ((not options.modify) and
((options.override is not None) or (options.exclude is not None) or
(options.include is not None) or options.printex)):
parser.error('-modify is required for these options')
if options.modify:
if options.override:
ops.survey.override(options.override, options.sections)
if options.exclude:
if ops.survey.exclude(options.exclude):
ops.info(('%s added to exclusion list.' % options.exclude))
ops.survey.print_exclusion_list()
else:
ops.info(('%s already in exclusion list.' % options.exclude))
if options.include:
if ops.survey.include(options.include):
ops.info(('%s removed from exclusion list.' % options.include))
ops.survey.print_exclusion_list()
else:
ops.info(('%s not in exclusion list.' % options.include))
if options.printex:
ops.survey.print_exclusion_list()
else:
execute(options.run, options.sections, options.quiet)
def get_parser():
parser = ArgumentParser(version='1.0.0', description='usb_monitor.py should be run in the background. It runs the Drives command at a given interval (default = 300) and monitors if removable media is plugged in or removed. It will run until killed.')
group_types = parser.add_argument_group('usb_monitor.py Arguments')
group_types.add_argument('--interval', dest='interval', type=int, action='store', nargs=1, help='The interval in SECONDS at which to run the Drives command. Default = 300')
return parser
