def scanpc(log_file_path):
'''
**FR**
Exécute le scan de l'ordinateur en appelant diverses fonctions,
écrit les logs sur le périphérique qui a lancé l'exécutable,
Retourne le chemin du log final
**EN**
Process the computer scan with several other functions,
write logs on the device where the app has been launched,
Return the final log path
'''
texte = "Computer scanning in progress... Please wait...\n"
writer.writer(texte)
log_file = str(log_file_path) + "FINAL.html"
# Write first html tags
elementraw = """<!DOCTYPE html>
<html>
<head>
<title>ScanPC result</title>
<meta charset="utf-8">
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<p>
{0}
{1} <br>
</p>"""
# </body>
# </html>"""
# Texte d'intro
texte = '<h1>Scanning of computer "' + COMPUTERNAME + '"</h1>'
element2 = '<time>' + datetime.now().strftime(
"%A %d %B %Y %H:%M:%S") + '</time>\n'
element = elementraw.format(texte, element2)
writer.writelog(log_file, element)
# Scans de base
scans.user_info(log_file_path)
scans.shared_folders_info(log_file_path)
scans.hotfixes_info(log_file_path)
scans.system_info(log_file_path)
scans.security_product_info(log_file_path)
scans.process_info(log_file_path)
services_running_dict = scans.services_info(log_file_path)
scans.ports_info(log_file_path)
scans.persistence_info(log_file_path)
texte4 = "\nBasic scan ended.\n"
writer.writer(texte4)
# Scan des logiciels
software_dict = software_init(log_file_path)
return log_file, software_dict, services_running_dict
def services_info(log_file_path):
'''
~ wmic service where started=true get name, displayname, processid, startmode, startname, pathname
**FR**
Liste les services démarrés sur l'ordinateur
Retourne le dictionnaire des noms des services démarrés
**EN**
List computer started services
Return the running services names dict
'''
writer.writer('Getting running services')
# 1 - Ecriture début de log
log_file = log_file_path + 'FINAL.html'
writer.writelog(log_file, '<div><br>\n')
elem = '<h2>Running services on computer "' + COMPUTERNAME + '"</h2>'
writer.prepa_log_scan(log_file, elem)
# 2 - Obtenir la liste des services démarrés
if detect_os() != 'xp' or psutil.__version__ != '3.4.2':
services_list = psutil.win_service_iter()
services_running_dict = {}
for srv in services_list:
srvname = re.findall("name='(.*)',", str(srv))[0]
service_temp = psutil.win_service_get(srvname)
service = service_temp.as_dict()
# Keep running services
if service['status'] == 'running':
services_running_dict[service['name']] = {'Name':service['name'], 'PID':service['pid'],
'Display_Name':service['display_name'], 'Start_Type':service['start_type'],
'Username':service['username'], 'Binpath':service['binpath']}
else:
import wmi
wmi_instance = wmi.WMI()
services_list = wmi_instance.Win32_Service()
services_running_dict = {}
for srv in services_list:
# Keep running services
if srv.State == 'Running':
services_running_dict[srv.name] = {'Name':srv.name, 'PID':srv.processid,
'Display_Name':srv.displayname, 'Start_Type':srv.startmode,
'Username':srv.startname, 'Binpath':srv.pathname}
# 3 - Ecriture du fichier CSV
header = ['Name', 'Display_Name', 'PID', 'Start_Type', 'Username', 'Binpath']
csv_file = log_file_path + "services.csv"
writer.write_csv(csv_file, header, services_running_dict)
# 4 - Transformation du CSV en HTML
htmltxt = writer.csv2html(csv_file, 'Running services')
# 5 - Ecriture de la fin du log
writer.writelog(log_file, str(len(services_running_dict)) + ' running services :<br>\n')
writer.writelog(log_file, htmltxt)
writer.writelog(log_file, '\n</div>\n')
return services_running_dict
def init():
'''
**FR**
Initialisation du programme
**EN**
Software initialization
'''
print('\t\t\t---------- ScanPC ---------')
print('\t***************************************************************')
print('\t*\t\t Computer scanning *')
print('\t*\t\t Disclaimer ! *')
print('\t*\t This sofware only scan your computer *')
print('\t*\t for users, various system information and software. *')
print('\t*\t No copy of your data will be performed. *')
print('\t***************************************************************')
print()
# Begin timer
begin_scan = time.time()
# Début du programme
key = scanpart()
unique_dir = str(COMPUTERNAME) + '_' + datetime.now().strftime(
'%d%m%y%H%M%S')
log_file_path = str(key) + "/logScanPC/" + datetime.now().strftime(
'%Y/%m/%d/') + unique_dir + '/' + unique_dir
# Appel de scanPC
log_file, software_dict, services_running_dict = scanpc(log_file_path)
# Tests complémentaires
complement_init(log_file_path, software_dict, services_running_dict)
writer.writelog(log_file, '\n</div>\n')
# Ending timer
end_scan = time.time()
total_time_scan = end_scan - begin_scan
elem = "----------------------- Scan ended ------------------------"
writer.prepa_log_scan(log_file, elem)
total_time = 'Computer analyzed in {} seconds.'.format(
round(total_time_scan, 2))
writer.writelog(log_file, total_time)
writer.writer('Computer analyzed in ' + str(round(total_time_scan, 2)) +
' seconds.\n')
# Write last html tags
elementraw = """
</body>
</html>"""
writer.writelog(log_file, elementraw)
# Copy css file in the log directory
if os.path.isfile(STYLECSSFILE):
file_name = os.path.basename(STYLECSSFILE)
file_to_write = str(key) + "/logScanPC/" + datetime.now().strftime(
'%Y/%m/%d/') + unique_dir + '/' + file_name
writer.copy_file(STYLECSSFILE, file_to_write)
#Fin du programme
readandcopy(log_file)
fin(key)
def gen_eicar(log_file_path):
'''
**FR**
Génére un fichier Eicar pour tester l'antivirus
**EN**
Generate an Eicar file to test antivirus
'''
# 1 - Création du virus
msg0 = '\n--Antivirus testing--\nAn Eicar virus test will be generated to test the antivirus.'
writer.writer(msg0)
eicar_file = str(log_file_path) + 'eicar_testFile'
element = r'X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*'
writer.writelog(eicar_file, element)
time.sleep(3)
# 2 - Demande à l'utilisateur
msg0 = '\nDid the antivirus alert you ? (y = yes, n = no)\n'
writer.writer(msg0)
user_rep = 'FAILED - The antivirus does not alert/detect viruses'
if verif.reponse() == 'y':
user_rep = 'OK - The antivirus does alert/detect viruses'
return user_rep
def ports_info(log_file_path):
'''
~ netstat -a
**FR**
Liste les communications réseaux de l'ordinateur
Retourne le dictionnaire des connexions réseaux
**EN**
List computer network connections
Return the network connections dict
'''
writer.writer('Getting network connections')
# 1 - Ecriture début de log
log_file = log_file_path + "FINAL.html"
writer.writelog(log_file, '<div><br>\n')
elem = '<h2>Informations about network connections of computer "' + COMPUTERNAME + '"</h2>'
writer.prepa_log_scan(log_file, elem)
# 2 - obtenir la liste des connexions actives
ports_list = psutil.net_connections()
ports_dict = {}
for ports in ports_list:
if ports.status == 'ESTABLISHED' or ports.status == 'CLOSE_WAIT':
ports_dict[str(ports.laddr)] = {'Local_addr':str(ports.laddr[0]), 'Local_port':str(ports.laddr[1]),
'Remote_addr':str(ports.raddr[0]), 'Remote_port':str(ports.raddr[1]),
'Status':str(ports.status), 'PID':str(ports.pid)}
if ports.status == 'LISTEN':
ports_dict[str(ports.laddr)] = {'Local_addr':str(ports.laddr[0]), 'Local_port':str(ports.laddr[1]),
'Remote_addr':'', 'Remote_port':'',
'Status':str(ports.status), 'PID':str(ports.pid)}
# 3 - Ecriture du fichier CSV
header = ['Local_addr', 'Local_port', 'Remote_addr', 'Remote_port', 'Status', 'PID']
csv_file = log_file_path + "ports.csv"
writer.write_csv(csv_file, header, ports_dict)
# 4 - Transformation du CSV en HTML
htmltxt = writer.csv2html(csv_file, 'Network connections')
# 5 - Ecriture de la fin du log
writer.writelog(log_file, str(len(ports_dict)) + ' network connections :<br>\n')
writer.writelog(log_file, htmltxt)
writer.writelog(log_file, '\n</div>\n')
return ports_dict
def process_info(log_file_path):
'''
~ tasklist /SVC
***FR**
Liste les processus démarrés sur l'ordinateur
Retourne le dictionnaire des processus
**EN**
List computer running processes
Retourne the processes dict
'''
writer.writer('Getting running processes')
# 1 - Ecriture début de log
log_file = log_file_path + 'FINAL.html'
writer.writelog(log_file, '<div><br>\n')
elem = '<h2>Running processes on computer "' + COMPUTERNAME + '"</h2>'
writer.prepa_log_scan(log_file, elem)
# 2 - Obtenir la liste des processus démarrés
proc_dict = {}
for proc in psutil.process_iter():
try:
proc_timestamp = proc.create_time()
proc_start_date = datetime.fromtimestamp(proc_timestamp)
proc_dict[str(proc.pid)] = {'Name':str(proc.name()),
'PID':str(proc.pid),
'PPID': str(proc.ppid()),
'Start': str(proc_start_date)}
except (psutil.NoSuchProcess, psutil.AccessDenied, psutil.ZombieProcess):
pass
# 3 - Ecrire du fichier CSV
header = ['Name', 'PID', 'PPID', 'Start']
csv_file = log_file_path + 'processes.csv'
writer.write_csv(csv_file, header, proc_dict)
# 4 - Transformation du CSV en HTML
htmltxt = writer.csv2html(csv_file, 'Running processes')
# 5 - Ecriture de la fin du log
writer.writelog(log_file, str(len(proc_dict)) + ' running processes :\n')
writer.writelog(log_file, htmltxt)
writer.writelog(log_file, '\n</div>\n')
return proc_dict
def hotfixes_info(log_file_path):
'''
https://www.activexperts.com/admin/scripts/wmi/python/0417/
~ wmic qfe get HotfixID,InstalledOn | more
**FR**
Liste les patchs de sécurité Windows installés
Retourne le log généré
**EN**
List Windows security updates installed
Return generated log
'''
writer.writer('Getting Windows security updates')
# 1 - Ecriture début de log
log_file = log_file_path + "FINAL.html"
writer.writelog(log_file, '<div><br>\n')
elem = '<h2>Windows security updates of computer "' + COMPUTERNAME + '"</h2>'
writer.prepa_log_scan(log_file, elem)
# 2 - Obtenir la liste des correctifs de l'ordinateur
str_computer = '.'
obj_wmi_service = win32com.client.Dispatch('WbemScripting.SWbemLocator')
obj_sw_bem_services = obj_wmi_service.ConnectServer(str_computer, 'root\\cimv2')
col_items = obj_sw_bem_services.ExecQuery("SELECT * FROM Win32_QuickFixEngineering WHERE Description='Security Update'")
hotfix_dict = {}
for obj_item in col_items:
try:
hotfix_dict[obj_item.HotFixID] = {'HotFixID':obj_item.HotFixID,
'InstalledOn':str(datetime.strptime(str(obj_item.InstalledOn), "%m/%d/%Y").strftime("%Y-%m-%d"))}
except ValueError:
hotfix_dict[obj_item.HotFixID] = {'HotFixID':obj_item.HotFixID,
'InstalledOn':str(obj_item.InstalledOn)}
# 3 - Ecriture du fichier CSV
header = ['HotFixID', 'InstalledOn']
csv_file = log_file_path + "hotfixes.csv"
writer.write_csv(csv_file, header, hotfix_dict)
# 4 - Transformation du CSV en HTML
htmltxt = writer.csv2html(csv_file, 'Hotfixes')
# 5 - Ecriture fin de log
writer.writelog(log_file, htmltxt)
writer.writelog(log_file, '\n</div>\n')
return hotfix_dict
def mc_afee(log_file):
'''
**FR**
Récupere une information complémentaire sur McAfee
**EN**
Get more informations about McAfee
'''
restemp = 'N/A'
date_ver = 'Date & version : ' + restemp
epo_lst = '\n--EPO servers list--<br>' + restemp
try:
date_ver, epo_lst = get_mc_afee()
except Exception:
pass
info_mc_afee = '***** McAfee informations *****<br>'
writer.writelog(log_file, info_mc_afee)
writer.writelog(log_file, date_ver + '<br>')
writer.writelog(log_file, epo_lst + '<br>\n\n')
def shared_folders_info(log_file_path):
'''
~ net share
**FR**
Liste les dossiers partagés
Retourne le log généré
**EN**
List shared folders
Return generated log
'''
writer.writer('Getting shared folders')
# 1 - Ecriture début de log
log_file = log_file_path + "FINAL.html"
writer.writelog(log_file, '<div><br>\n')
elem = '<h2>Shared folders of computer "' + COMPUTERNAME + '"</h2>'
writer.prepa_log_scan(log_file, elem)
# 2 - Obtenir la liste des dossiers partagés de l'ordinateur
str_computer = '.'
obj_wmi_service = win32com.client.Dispatch('WbemScripting.SWbemLocator')
obj_sw_bem_services = obj_wmi_service.ConnectServer(str_computer, 'root\\cimv2')
col_items = obj_sw_bem_services.ExecQuery('SELECT * FROM Win32_Share')
shared_folders_dict = {}
for obj_item in col_items:
shared_folders_dict[str(obj_item.Name)] = {'Name':str(obj_item.Name), 'Path':str(obj_item.Path),
'Caption':str(obj_item.Caption), 'Description':str(obj_item.Description)}
# 3 - Ecriture du fichier CSV
header = ['Name', 'Path', 'Caption', 'Description']
csv_file = log_file_path + "shared_folders_info.csv"
writer.write_csv(csv_file, header, shared_folders_dict)
# Transformation du CSV en HTML
htmltxt = writer.csv2html(csv_file, 'Shared Folders')
writer.writelog(log_file, htmltxt)
# 5 - Ecriture de la fin du log
writer.writelog(log_file, '\n</div>\n')
return log_file
def software_init(log_file_path):
'''
**FR**
Initialisation et fonction principale de la recherche des logiciels
**EN**
Init the main function to search installed software
'''
texte5 = "Software scanning in progress...\n"
writer.writer(texte5)
# 1 - Début de l'analyse des logiciels
log_file = log_file_path + "final.html"
writer.writelog(log_file, '<div><br>\n')
elem = '<h2>Software informations of computer "' + COMPUTERNAME + '"</h2>'
writer.prepa_log_scan(log_file, elem)
# 2 - Obtenir la liste des logiels de l'ordinateur
regkey = r"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" #32 bits
regkey2 = r"SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall" #64 bits
software_list1 = software_lst(regkey)
software_dict1 = search_software(software_list1, regkey)
software_list2 = software_lst(regkey2)
software_dict2 = search_software(software_list2, regkey2)
# 3 - Concaténation des deux dictionnaires de valeurs des clés de registre (32b et 64b)
final_dict = software_dict1
for item, value in software_dict2.items():
# print(item, value)
if item not in final_dict.items():
# print(item)
final_dict.update({item: value})
# 4 - Ecriture du fichier CSV
header = [
'Name', 'Version', 'Last Update', 'Last Version', 'Up to date',
'Publisher', 'Location'
]
csv_file = log_file_path + "software.csv"
writer.write_csv(csv_file, header, final_dict)
# 5 - Transformation du CSV en HTML
htmltxt = writer.csv2html(csv_file, 'Installed software')
# 6 - Placer des id sur certains tags du tableau
htmltxt = htmltxt.replace('<TD>ko</TD>', '<TD id="ko">ko</TD>')
htmltxt = htmltxt.replace('<TD>ok</TD>', '<TD id="ok">ok</TD>')
# 7 - Bilan
soft_ok = 0
soft_ko = 0
others = 0
for _, value in final_dict.items():
stat = value['Up to date']
if stat == 'ok':
soft_ok += 1
elif stat == 'ko':
soft_ko += 1
else:
others += 1
soft_summary_dict = {}
soft_summary_dict[str(len(final_dict))] = {
'Total Software': str(len(final_dict)),
'Up to date': str(soft_ok),
'% up to date': str(round(soft_ok / len(final_dict) * 100)),
'Outdated': str(soft_ko),
'% outdated': str(round(soft_ko / len(final_dict) * 100)),
'others': str(others),
'% others': str(round(others / len(final_dict) * 100))
}
header = [
'Total Software', 'Up to date', '% up to date', 'Outdated',
'% outdated', 'others', '% others'
]
csv_file = log_file_path + "software_summary.csv"
writer.write_csv(csv_file, header, soft_summary_dict)
htmltxt2 = writer.csv2html(csv_file, 'Software summary')
htmltxt2 = htmltxt2.replace('<TH>Up to date</TH>',
'<TH id="ok">Up to date</TH>')
htmltxt2 = htmltxt2.replace('<TH>% up to date</TH>',
'<TH id="ok">% up to date</TH>')
htmltxt2 = htmltxt2.replace('<TH>Outdated</TH>',
'<TH id="ko">Outdated</TH>')
htmltxt2 = htmltxt2.replace('<TH>% outdated</TH>',
'<TH id="ko">% outdated</TH>')
# 8 - Ecriture fin du log
writer.writelog(log_file, str(len(final_dict)) + ' software found :\n')
writer.writelog(log_file, htmltxt)
writer.writelog(log_file, '<br>Software summary :')
writer.writelog(log_file, htmltxt2)
writer.writelog(log_file, '\n</div>\n')
texte5bis = "Software scanning ended.\n"
writer.writer(texte5bis)
return final_dict
def complement_init(log_file_path, software_dict, services_running_dict):
'''
**FR**
Initialisation de la recherche d'infos complémentaires
**EN**
Init search
'''
# 1 - Ecriture début de log (à la fin du log fourni)
log_file = log_file_path + 'FINAL.html'
elem = '<h2>Additional scans</h2>'
writer.prepa_log_scan(log_file, elem)
writer.writelog(log_file, '<div>\n')
# 2 - Obtention des informations complémentaires
# McAfee
mc_afee(log_file)
complement_dict = {} # Name Result
#LAPS
info_laps = 'LAPS'
to_find = 'Local Administrator Password Solution'
res = elem_in_list(1, list(software_dict.keys()), to_find)
complement_dict[info_laps] = {
'Name': info_laps,
'Description': to_find,
'Result': res,
'Type': 'Software test'
}
### Services
## BranchCache/WSUS
# BranchCache
info_bc = 'BranchCache'
to_find = 'PeerDistSvcs'
res = elem_in_list(2, list(services_running_dict.keys()), to_find)
complement_dict[info_bc] = {
'Name': info_bc,
'Description': to_find,
'Result': res,
'Type': 'Service test'
}
# WSUS
info_wsus = 'WSUS'
to_find = 'WSUS server'
restemp = 'N/A'
srv_wsus = restemp
try:
srv_wsus = get_wsus()
except Exception:
pass
complement_dict[info_wsus] = {
'Name': info_wsus,
'Description': to_find,
'Result': srv_wsus,
'Type': 'Service test'
}
## AppLocker
info_al = 'AppLocker'
to_find = 'AppIDSvc'
res = elem_in_list(2, list(services_running_dict.keys()), to_find)
complement_dict[info_al] = {
'Name': info_al,
'Description': to_find,
'Result': res,
'Type': 'Service test'
}
# TestAV
msg0 = '\nDo you want to perform an antivirus detection test ? (y = yes, n = no)\n'
writer.writer(msg0)
if verif.reponse() == 'y':
user_rep = gen_eicar(log_file_path)
av_etat = 'Antivirus status'
to_find = 'Antivirus alert'
complement_dict[av_etat] = {
'Name': av_etat,
'Description': to_find,
'Result': user_rep,
'Type': 'Service test'
}
# 3 - Ecrire du fichier CSV
header = ['Type', 'Name', 'Description', 'Result']
csv_file = log_file_path + 'additional_scans.csv'
writer.write_csv(csv_file, header, complement_dict)
# 4 - Transformation du CSV en HTML
htmltxt = writer.csv2html(csv_file, 'Additional Scans')
# 5 - Ecriture de la fin du log
writer.writelog(log_file,
str(len(complement_dict)) + ' additional scans :\n')
writer.writelog(log_file, htmltxt)
writer.writelog(log_file, '\n</div>\n')
def persistence_info(log_file_path):
'''
cf https://www.fuzzysecurity.com/tutorials/19.html
**FR**
Chercher les élements persistants dans :
- les répertoires de démarrage
- Regedit
**EN**
Search for persistent objects in :
- Startup directories
- Regedit
'''
writer.writer('Search for persistent objects')
# 1 - Ecriture début de log
log_file = log_file_path + "FINAL.html"
writer.writelog(log_file, '<div><br>\n')
elem = '<h2>Informations about persistent objects of computer "' + COMPUTERNAME + '"</h2>'
writer.prepa_log_scan(log_file, elem)
# 2 - obtenir les objets persistants
# 2.1a - startup dirs
drive = os.environ['SYSTEMDRIVE']
user = os.environ['USERNAME']
dir_list = [drive + '/Users/' + user + '/AppData/Roaming/Microsoft/Windows/Start Menu/Programs/Startup',
drive + '/ProgramData/Microsoft/Windows/Start Menu/Programs/Startup',
drive + '/Documents and Settings/All Users/Start Menu/Programs/Startup']
files_list = []
for dirs in dir_list:
if os.path.isdir(dirs):
files_list = get_files(dirs, files_list)
# 2.1b - Ecriture dans le log
writer.writelog(log_file, 'Persistent objects in startup dirs :<br>\n')
for elem in files_list:
writer.writelog(log_file, elem + '<br>\n')
# 2.2a - regedit
hive_list = {'HKEY_LOCAL_MACHINE': winreg.HKEY_LOCAL_MACHINE, 'HKEY_CURRENT_USER':winreg.HKEY_CURRENT_USER}
reg_list = [r'Software\Microsoft\Windows\CurrentVersion\Run',
r'Software\Microsoft\Windows\CurrentVersion\RunOnce',
r'Software\Microsoft\Windows\CurrentVersion\RunServices',
r'Software\Microsoft\Windows\CurrentVersion\RunServicesOnce',
r'Software\Microsoft\Windows NT\CurrentVersion\Winlogon']
per_reg_dict = {}
for hkeyname, hkeyvalue in hive_list.items():
for key in reg_list:
fullhkeyreg = hkeyname + '\\' + key
tosave_dict = search_reg(hkeyvalue, key)
if tosave_dict:
for name, value in tosave_dict.items():
per_reg_dict[fullhkeyreg + '_' + name] = {'regkey':fullhkeyreg, 'name':name, 'value':value}
# 2.2b - Ecriture du fichier CSV
header = ['regkey', 'name', 'value']
csv_file = log_file_path + "persistants_reg.csv"
writer.write_csv(csv_file, header, per_reg_dict)
# 2.2c - Transformation du CSV en HTML
htmltxt = writer.csv2html(csv_file, 'Persistent reg objects')
# 2.2d - Ecriture de la fin du log
writer.writelog(log_file, '<br>\nPersistent reg objects :<br>\n')
writer.writelog(log_file, htmltxt)
# 3 - Ecriture de la fin du log
writer.writelog(log_file, '\n</div>\n')
return log_file
def security_product_info(log_file_path):
'''
http://neophob.com/2010/03/wmi-query-windows-securitycenter2/
**FR**
Scan le système pour obtenir la liste et le status des produits de sécurité (antivirus, parefeu, antispyware)
Retourne le dictionnaire des produits de sécurité
**EN**
Scan to get security product in the system with their status (antivirus, firewall, antispyware)
Return security products dict
'''
# Determinate what namespace to call
sec_name_space = 'SecurityCenter'
if detect_os() != 'xp':
sec_name_space = 'SecurityCenter2'
str_computer = '.'
obj_wmi_service = win32com.client.Dispatch('WbemScripting.SWbemLocator')
obj_sw_bem_services = obj_wmi_service.ConnectServer(str_computer, 'root\\' + sec_name_space)
writer.writer('Getting security products')
# 1 - Ecriture début de log
log_file = log_file_path + "FINAL.html"
writer.writelog(log_file, '<div><br>\n')
elem = '<h2>Security products on computer "' + COMPUTERNAME + '"</h2>'
writer.prepa_log_scan(log_file, elem)
# 2 - Obtention des informations
security_product_dict = {}
i = 1
# Antivirus
col_items = obj_sw_bem_services.ExecQuery("select * from AntivirusProduct")
i, security_product_dict = security_product_get(i, security_product_dict, col_items, 'Antivirus')
# Firewalls
# Windows
xpfw = win32com.client.gencache.EnsureDispatch('HNetCfg.FwMgr', 0)
xpfw_policy = xpfw.LocalPolicy.CurrentProfile
writer.writelog(log_file, 'Windows firewall enabled : ' + str(xpfw_policy.FirewallEnabled) + '<br>\n')
# Third party firewall
col_items = obj_sw_bem_services.ExecQuery("select * from FireWallProduct")
i, security_product_dict = security_product_get(i, security_product_dict, col_items, 'Firewall')
if detect_os() != 'xp':
# AntiSpyware
col_items = obj_sw_bem_services.ExecQuery("select * from AntiSpywareProduct")
i, security_product_dict = security_product_get(i, security_product_dict, col_items, 'Antispyware')
# 3 - Ecrire du fichier CSV
header = ['Type', 'Name', 'GUID', 'pathProduct', 'pathReporting', 'productState', 'rtstatus', 'defstatus']
csv_file = log_file_path + "security_products.csv"
writer.write_csv(csv_file, header, security_product_dict)
# 4 - Transformation du CSV en HTML
htmltxt = writer.csv2html(csv_file, 'Security Products')
htmltxt = htmltxt.replace('<TD>Outdated</TD>', '<TD id="ko">Outdated</TD>')
htmltxt = htmltxt.replace('<TD>Up to date</TD>', '<TD id="ok">Up to date</TD>')
htmltxt = htmltxt.replace('<TD>Disabled</TD>', '<TD id="ko">Disabled</TD>')
htmltxt = htmltxt.replace('<TD>Enabled</TD>', '<TD id="ok">Enabled</TD>')
# 5 - Ecriture de la fin du log
writer.writelog(log_file, str(len(security_product_dict)) + ' security products :\n')
writer.writelog(log_file, htmltxt)
writer.writelog(log_file, '\n</div>\n')
return security_product_dict
def system_info(log_file_path):
'''
~ systeminfo | find /V /I "hotfix" | find /V "KB"
~ wmic logicaldisk get volumename, description, FileSystem, Caption, ProviderName
**FR**
Scan le système (os, bios, cpu, ram, cartes réseaux, disques durs, etc)
Retourne le log généré
**EN**
Scan system (os, bios, cpu, ram, network interfaces, drives, etc)
Return generated log
'''
writer.writer('Getting system informations')
delimiter = '*' * 40
# 1 - Ecriture début de log
log_file = log_file_path + "FINAL.html"
writer.writelog(log_file, '<div><br>\n')
elem = '<h2>System information of computer "' + COMPUTERNAME + '"</h2>'
writer.prepa_log_scan(log_file, elem)
# 2 - Get information from regedit
hive = winreg.HKEY_LOCAL_MACHINE
key = r"SOFTWARE\Microsoft\Windows NT\CurrentVersion" # W7-64/32
registry_key = winreg.OpenKey(hive, key, 0, winreg.KEY_READ | winreg.KEY_WOW64_64KEY) # W7-64/32
# 2' - Specific to W10 (ok for 64 bits)
if detect_os() == '10':
writer.writer('Perform operations for W10+ OS')
key = r"SYSTEM\Setup" #\Source OS" #W10
registry_keys = winreg.OpenKey(hive, key, 0, winreg.KEY_READ)
i = 0
while 1:
try:
name = winreg.EnumKey(registry_keys, i)
# print(name)
if 'Source OS' in name:
# print(name)
key = key + '\\' + name
registry_key = winreg.OpenKey(hive, key, 0, winreg.KEY_READ) #W10-64
break
except Exception:
break
i += 1
# Continuing
tosave_dict = {'InstallDate':'N/A', 'SystemRoot':'N/A', 'ProductId':'N/A',
'ProductName':'N/A', 'RegisteredOrganization':'N/A', 'RegisteredOwner':'N/A'}
to_get_list = ['InstallDate', 'SystemRoot', 'ProductId',
'ProductName', 'RegisteredOrganization', 'RegisteredOwner']
i = 0
while 1:
try:
name, value, _ = winreg.EnumValue(registry_key, i)
if name in to_get_list:
# print(repr(name), value)
tosave_dict[name] = value
except Exception:
# print('error : ' + name)
break
i += 1
# print(tosave_dict)
# OS
writer.writelog(log_file, 'Hostname : ' + platform.node() + '<br>\n')
# print('OS : ' + platform.system() + ' ' + platform.version())
writer.writelog(log_file, 'OS : ' + tosave_dict.get('ProductName') + '<br>\n')
writer.writelog(log_file, 'OS type : ' + platform.machine() + '<br>\n')
writer.writelog(log_file, 'Product Id : ' + tosave_dict.get('ProductId') + '<br>\n')
writer.writelog(log_file, 'Install Date: ' + str(datetime.fromtimestamp(tosave_dict.get('InstallDate'))) + '<br>\n')
writer.writelog(log_file, 'System Root: ' + tosave_dict.get('SystemRoot') + '<br>\n')
# Language (Windows Vista or further)
if detect_os() != 'xp':
buf_size = 32
buf = ctypes.create_unicode_buffer(buf_size)
dw_flags = 0
lcid = ctypes.windll.kernel32.GetUserDefaultUILanguage()
ctypes.windll.kernel32.LCIDToLocaleName(lcid, buf, buf_size, dw_flags)
writer.writelog(log_file, 'Regional and language options : ' + buf.value + '<br>\n')
# Time zone
writer.writelog(log_file, 'Time zone : ' + time.tzname[0] + '<br>\n')
writer.writelog(log_file, delimiter + '<br>\n')
# Owner
writer.writelog(log_file, 'Registered Organization : ' + tosave_dict.get('RegisteredOrganization') + '<br>\n')
writer.writelog(log_file, 'Registered Owner : ' + tosave_dict.get('RegisteredOwner') + '<br>\n')
writer.writelog(log_file, delimiter + '<br>\n')
# Computer model/brand
str_computer = '.'
obj_wmi_service = win32com.client.Dispatch('WbemScripting.SWbemLocator')
obj_sw_bem_services = obj_wmi_service.ConnectServer(str_computer, 'root\\cimv2')
col_items = obj_sw_bem_services.ExecQuery('SELECT * FROM Win32_ComputerSystem')
for obj_item in col_items:
writer.writelog(log_file, 'Manufacturer : ' + obj_item.Manufacturer + '<br>\n')
try:
writer.writelog(log_file, 'SystemFamily : ' + obj_item.SystemFamily + '<br>\n')
except AttributeError:
writer.writelog(log_file, 'SystemFamily : N/A<br>\n')
writer.writelog(log_file, 'Model : ' + obj_item.Model + '<br>\n')
writer.writelog(log_file, 'Type : ' + obj_item.SystemType + '<br>\n')
writer.writelog(log_file, delimiter + '<br>\n')
# Processor
col_items = obj_sw_bem_services.ExecQuery('Select * from Win32_Processor')
for obj_item in col_items:
writer.writelog(log_file, 'Processor : ' + obj_item.Name + '<br>\n')
writer.writelog(log_file, 'Core : ' + str(obj_item.NumberOfCores) + '<br>\n')
writer.writelog(log_file, 'Logical core : ' + str(obj_item.NumberOfLogicalProcessors) + '<br>\n')
try:
writer.writelog(log_file, 'Virtualization enabled : ' + str(obj_item.VirtualizationFirmwareEnabled) + '<br>\n')
except AttributeError:
writer.writelog(log_file, 'Virtualization enabled : N/A<br>\n')
writer.writelog(log_file, delimiter + '<br>\n')
# Bios
col_items = obj_sw_bem_services.ExecQuery("SELECT * FROM Win32_BIOS")
for obj_item in col_items:
writer.writelog(log_file, "BIOS Version : " + str(obj_item.BIOSVersion) + '<br>\n')
writer.writelog(log_file, "Release Date : " + str(datetime.strptime(str(obj_item.ReleaseDate[:8]), "%Y%m%d").strftime("%Y-%m-%d")) + '<br>\n')
writer.writelog(log_file, delimiter + '<br>\n')
# Memory
mem = psutil.virtual_memory()
writer.writelog(log_file, 'Total memory : ' + str(mem.total >> 20) + ' Mo<br>\n')
writer.writelog(log_file, 'Available memory : ' + str(mem.available >> 20) + ' Mo<br>\n')
writer.writelog(log_file, 'Used memory : ' + str(mem.used >> 20) + ' Mo (' + str(mem.percent) + ' %)<br>\n')
writer.writelog(log_file, 'Free memory : ' + str(mem.free >> 20) + ' Mo<br>\n')
writer.writelog(log_file, delimiter + '<br>\n')
# Domaine
writer.writelog(log_file, 'Domain : ' + os.environ['userdomain'] + '<br>\n')
writer.writelog(log_file, delimiter + '<br>\n')
# Network interfaces
str_computer = '.'
obj_wmi_service = win32com.client.Dispatch('WbemScripting.SWbemLocator')
obj_sw_bem_services = obj_wmi_service.ConnectServer(str_computer, 'root\\cimv2')
col_items = obj_sw_bem_services.ExecQuery('select * from Win32_NetworkAdapterConfiguration')
network_dict = {}
for obj_item in col_items:
if obj_item.MACAddress is not None:
net_caption = re.findall("] (.*)", obj_item.Caption)[0]
# print(net_caption, obj_item.IPAddress)
try:
dns_srv = '<br>'.join(obj_item.DNSServerSearchOrder)
except TypeError:
dns_srv = obj_item.DNSServerSearchOrder
try:
ipv4 = obj_item.IPAddress[0]
except IndexError:
ipv4 = ''
except TypeError:
ipv4 = ''
try:
ipv6 = obj_item.IPAddress[1]
except IndexError:
ipv6 = ''
except TypeError:
ipv6 = ''
try:
dgw = ''.join(obj_item.DefaultIPGateway)
except TypeError:
dgw = obj_item.DefaultIPGateway
try:
dhcp_srv = ''.join(obj_item.DHCPServer)
except TypeError:
dhcp_srv = obj_item.DHCPServer
network_dict[net_caption] = {'Name':net_caption,
'MAC':obj_item.MACAddress,
'Enabled':obj_item.IPEnabled,
'IpV4':ipv4,
'IpV6':ipv6,
'Default Gateway':dgw,
'DHCP Enabled':obj_item.DHCPEnabled,
'DHCP Server':dhcp_srv,
'WINS Primary Server':obj_item.WINSPrimaryServer,
'WINS Secondary Server':obj_item.WINSSecondaryServer,
'DNS Domain':obj_item.DNSDomain,
'DNS Servers':dns_srv}
writer.writelog(log_file, str(len(network_dict)) + ' network interfaces found :<br>\n')
# Ecriture du fichier CSV
header = ['Name', 'MAC', 'Enabled', 'IpV4', 'IpV6', 'Default Gateway',
'DHCP Enabled', 'DHCP Server', 'WINS Primary Server',
'WINS Secondary Server', 'DNS Domain', 'DNS Servers']
csv_file = log_file_path + "networkInterfaces.csv"
writer.write_csv(csv_file, header, network_dict)
# Transformation du CSV en HTML
htmltxt = writer.csv2html(csv_file, 'Network Interfaces')
# Ecriture sur le log
writer.writelog(log_file, htmltxt)
writer.writelog(log_file, delimiter + '<br>\n')
# Drives
drives = psutil.disk_partitions()
drives_dict = {}
for drive in drives:
drive_path = re.findall("device='(.*?)'", str(drive))[0]
if drive.opts != 'cdrom':
try:
disk_usage = psutil.disk_usage(drive_path)
drives_dict[str(drive_path)] = {'Path':str(drive_path),
'Total_Space (Go)':str(disk_usage.total >> 30),
'Free_Space (Go)':str(disk_usage.free >> 30),
'Used_space (Go)':str(disk_usage.used >> 30),
'Used_space (%)':str(disk_usage.percent)}
except Exception:
pass
# Ecriture du fichier CSV
header = ['Path', 'Total_Space (Go)', 'Free_Space (Go)', 'Used_space (Go)', 'Used_space (%)']
csv_file = log_file_path + "drives.csv"
writer.write_csv(csv_file, header, drives_dict)
# Transformation du CSV en HTML
htmltxt = writer.csv2html(csv_file, 'Drives')
# Ecriture sur le log
writer.writelog(log_file, str(len(drives_dict)) + ' drive(s) found :<br>\n')
writer.writelog(log_file, htmltxt)
writer.writelog(log_file, delimiter + '<br>\n')
# 3 - Ecriture fin de log
writer.writelog(log_file, '\n</div>\n')
return log_file
def user_info(log_file_path):
'''
~ net user <username> /domain & net user <username>
**FR**
Obtient la liste des utilisateurs AD et locaux de l'ordinateur avec la base de registre et WinNT
Retourne le log généré
**EN**
Get AD and local users list of the computer with regedit and WinNT
Return generated log
'''
writer.writer('Getting computer users')
hive = winreg.HKEY_LOCAL_MACHINE
key_user = r"SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" # AD users
registry_key = None
temp_user_list = []
temp2_user_list = []
profil_path = "ProfileImagePath"
# 1 - Liste tous les profils
try:
registry_key = winreg.OpenKey(hive, key_user, 0, winreg.KEY_READ)
# print("ok")
except FileNotFoundError:
# print("oups")
pass
# print(registry_key)
if registry_key is not None:
i = 0
while True:
try:
temp_user_list.append(winreg.EnumKey(registry_key, i)) # ok pour 1 clé
i += 1
# print("value :", str(registry_key))
except Exception:
# print(Exception)
winreg.CloseKey(registry_key)
break
# 2 - Tri de la liste pour ne garder que les SID commençant par "1-5-21" et récupérer le nom des utilisateurs
for item in temp_user_list:
if "1-5-21" in item:
# print(item)
key = key_user + '\\' + item
# print(key)
try:
registry_key = winreg.OpenKey(hive, key, 0, winreg.KEY_READ)
value, _ = winreg.QueryValueEx(registry_key, profil_path)
winreg.CloseKey(registry_key)
# print(value)
value_mod = re.findall(r'[^\\]+\s*$', value)
# print(type(value_mod[0]))
temp2_user_list.append(value_mod[0])
except FileNotFoundError:
# print("oups")
pass
domain = os.environ['userdomain']
# 3 - Ecriture début de log
log_file = log_file_path + "FINAL.html"
writer.writelog(log_file, '<div><br>\n')
elem = '<h2>Getting details about the ' + str(len(temp2_user_list)) + ' user(s) of computer "' + COMPUTERNAME + '"</h2>'
elem2 = "<br>Domain : " + str(domain) + '\n'
writer.prepa_log_scan(log_file, elem)
writer.writelog(log_file, elem2)
# 4 - Détails sur les utilisateurs
user_dict = {}
for user in temp2_user_list:
try:
obj_ou = win32com.client.GetObject("WinNT://" + domain + "/" + user + ",user")
#User account
fullname = str(obj_ou.Get('fullname'))
# print(fullname)
try:
expiration_date = str(obj_ou.Get('AccountExpirationDate'))
except Exception:
expiration_date = 'N/A'
profile = str(obj_ou.Get('Profile'))
login_script = str(obj_ou.Get('LoginScript'))
try:
last_login = str(obj_ou.Get('lastlogin'))
except com_error:
last_login = '******'
primary_gid = str(obj_ou.Get('PrimaryGroupID'))
auto_unlock_interval = str(obj_ou.Get('AutoUnlockInterval'))
lockout_observation_interval = str(obj_ou.Get('LockoutObservationInterval'))
homedir = str(obj_ou.Get('HomeDirectory'))
homedir_drive = str(obj_ou.Get('HomeDirDrive'))
#Password
pwd_age = str(round(obj_ou.Get('PasswordAge')/3600/24))
pwd_min_age = str(round(obj_ou.Get('MinPasswordAge')/3600/24))
pwd_max_age = str(round(obj_ou.Get('MaxPasswordAge')/3600/24))
pwd_expired = str(obj_ou.Get('PasswordExpired'))
pwd_max_bad_pwd_allowed = str(obj_ou.Get('MaxBadPasswordsAllowed'))
pwd_min_length = str(obj_ou.Get('MinPasswordLength'))
pwd_history_length = str(obj_ou.Get('PasswordHistoryLength'))
#Groups
groups_list = []
for grp in obj_ou.Groups():
groups_list.append(grp.Name + '<br>')
#Flag
flag_final_list = []
flag = obj_ou.Get('UserFlags')
#Get flags with user flag (user flag = sum(flags))
flag_list = []
mini, flag_to_save = calc_flag(flag)
flag_list.append(flag_to_save)
while mini != 0:
mini, flag_to_save = calc_flag(mini)
flag_list.append(flag_to_save)
#Verify if flag = sum(flag_list)
if flag == sum(flag_list):
flag_final_list.append(str(flag) + ' => ' + str(flag_list) + '<br>')
#Get flags description with flag nums saved
flag_final_list.append('Flag properties :')
for k, value in USER_FLAGS_DICT.items():
if value in flag_list:
flag_final_list.append('<br>' + str(value) + ' : ' + str(k))
user_dict[user] = {'User':user, 'Fullname':fullname, 'Expiration_Date':expiration_date,
'Profile':profile, 'Login_Script':login_script, 'Last_Login':last_login,
'Primary_Group_ID':primary_gid, 'Auto_Unlock_Interval (secs)': auto_unlock_interval,
'Lockout_Observation_Interval (secs)':lockout_observation_interval,
'HomeDir':homedir, 'HomeDirDrive':homedir_drive,
'pwd_age (days)':pwd_age, 'pwd_min_age (days)':pwd_min_age, 'pwd_max_age (days)':pwd_max_age,
'pwd_expired':pwd_expired, 'pwd_max_bad_pwd_allowed':pwd_max_bad_pwd_allowed,
'pwd_min_length':pwd_min_length, 'pwd_history_length':pwd_history_length,
'Groups':(''.join(groups_list)), 'Flag':(''.join(flag_final_list))}
except Exception:
pass
i += 1
if user_dict != '':
# Ecriture du fichier CSV
header = ['User', 'Fullname', 'Expiration_Date', 'Profile', 'Login_Script', 'Last_Login',
'Primary_Group_ID', 'Auto_Unlock_Interval (secs)', 'Lockout_Observation_Interval (secs)',
'HomeDir', 'HomeDirDrive', 'pwd_age (days)', 'pwd_min_age (days)', 'pwd_max_age (days)',
'pwd_expired', 'pwd_max_bad_pwd_allowed', 'pwd_min_length', 'pwd_history_length', 'Groups', 'Flag']
csv_file = log_file_path + "users.csv"
writer.write_csv(csv_file, header, user_dict)
# Transformation du CSV en HTML
htmltxt = writer.csv2html(csv_file, 'Users details')
writer.writelog(log_file, htmltxt)
# 5 - Ecriture de la fin du log
writer.writelog(log_file, '\n</div>\n')
return log_file