Skip to content
/ reswmsecanalyzer Public

A simple script to visualize and find bypasses in RES Workspace Manager application restrictions

0 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

maaaaz/reswmsecanalyzer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits

reswmsecanalyzer

reswmsecanalyzer

 
 

README.md

README.md

 
 

requirements.txt

requirements.txt

 
 

Repository files navigation

RES Workspace Manager application security rule analyzer

Description

A simple script to visualize and find bypasses in RES Workspace Manager application restrictions

Features

  • Finding possible paths to reach a targeted resource such as an executable program
  • Visually displaying rules as an oriented graph

Options

$ python reswmsecanalyzer.py -h
Usage: reswmsecanalyzer.py [options]
Version: 1.0

Options:
  -h, --help            show this help message and exit

  Main parameters:
    -i INPUT_FILE, --input-file=INPUT_FILE
                        sec_globauth.xml file containing the security rules
    -t TARGET, --target=TARGET
                        Program or file name you want to reach, globbing
                        format accepted (Ex: cmd.exe, *cmd*)

  Optional parameters:
    -g, --graph         Draw and show the graph with matplot
    -o OUTPUT_GRAPH, --output-graph=OUTPUT_GRAPH
                        Filename to save the png graph (Ex. -o test.png)

Prerequisites

On a protected environment (physical/logical/virtualized workstation):

  • The whole configuration is stored in this directory
    C:\Program Files (x86)\RES Software\Workspace Manager\Data\DBCache\Objects\
  • The application security rules are stored in this file
    C:\Program Files (x86)\RES Software\Workspace Manager\Data\DBCache\Objects\sec_globauth.xml
  • Workspace access control (if implemented) is defined in the following file
    C:\Program Files (x86)\RES Software\Workspace Manager\Data\DBCache\Objects\workspaces.xml

Examples

  • Some example rules and their associated graphs are provided in the reswmsecanalyzer/examples folder. For each example, a pretty-print version _prettyprint.xml is also included
  • For the reswmsecanalyzer/examples/multiple-rules:
    • The policy defined in the RES Console looks like:
    • Searching a path to cmd gives that:
    $ python reswmsecanalyzer.py -i examples/multiple-rules/sec_globauth.xml -t cmd -g
[+] Number of enabled rules: 4
[+] Possible path to 'cmd.exe': ['.', 'calc.exe', 'cmd.exe']
[+] Possible path to 'cmd.exe': ['.', 'notepad.exe', 'cmd.exe']

Dependencies and installation

  • The easiest way: pip install reswmsecanalyzer
  • Or pip install -r requirements.txt
  • Or installing manually each dependency:
    • Python NetworkX: apt-get install python-networkx or pip install networkx
    • Python Matplotlib: apt-get install python-matplotlib or pip install matplotlib

Roadmap

  • Improve the possible path output description
  • Add csv output
  • Take into account edge constraints such as workspace access control
  • Use some dynamic representation, like D3JS

About

A simple script to visualize and find bypasses in RES Workspace Manager application restrictions

Resources

Readme
Activity

Stars

0 stars

Watchers

3 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages