Tips-Of-Mine/PowerHuntShares
Tips-Of-Mine/PowerHuntShares
2
0
Fork 0
mirror of https://github.com/NetSPI/PowerHuntShares.git synced 2025-05-05 03:38:42 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

Added support for the nova file format.

Browse Source 
Added support for the nova file format.
This commit is contained in:
Scott Sutherland 2024-07-23 17:14:02 -05:00 committed by GitHub
parent 4ddc28df72
commit 624e697bfe
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 74 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

92
PowerHuntShares.psm1
View File

@ -4,7 +4,7 @@
#-------------------------------------- #--------------------------------------
# Author: Scott Sutherland, 2024 NetSPI # Author: Scott Sutherland, 2024 NetSPI
# License: 3-clause BSD # License: 3-clause BSD
# Version: v1.85 # Version: v1.86
# References: This script includes custom code and code taken and modified from the open source projects PowerView, Invoke-Ping, and Invoke-Parrell. # References: This script includes custom code and code taken and modified from the open source projects PowerView, Invoke-Ping, and Invoke-Parrell.
function Invoke-HuntSMBShares function Invoke-HuntSMBShares
{ {
@ -156,9 +156,13 @@ function Invoke-HuntSMBShares
[string]$OutputDirectory, [string]$OutputDirectory,
[Parameter(Mandatory = $false, [Parameter(Mandatory = $false,
HelpMessage = 'Creat exported csv for import into other tools.')] HelpMessage = 'Export to CSV file format to support importing into other tools.')]
[switch]$ExportFindings, [switch]$ExportFindings,
[Parameter(Mandatory = $false,
HelpMessage = 'Convert the export to the NOVA file format.')]
[switch]$ExportNova,
[Parameter(Mandatory = $false, [Parameter(Mandatory = $false,
HelpMessage = 'This is the path to a host list. One per line.')] HelpMessage = 'This is the path to a host list. One per line.')]
[string] $HostList, [string] $HostList,
@ -240,6 +244,18 @@ function Invoke-HuntSMBShares
$Time = Get-Date -UFormat "%m/%d/%Y %R" $Time = Get-Date -UFormat "%m/%d/%Y %R"
Write-Output " [*][$Time] Scan Start" Write-Output " [*][$Time] Scan Start"
# Nova format
If ($Nova) {
Write-Verbose " [*][$Time] The results will be export to the NOVA format as well."
$rMasterFindingId = "FindingTemplateSourceIdentifier"
$rFindingName = "FindingName"
$rAssetName = "AssetName" # This could eventually be updated to reflect a different Nova asset, e.g. 'AD Domain'.
}else{
$rMasterFindingId = "MasterFindingSourceIdentifier"
$rFindingName = "InstanceName"
$rAssetName = "AssetName" # R7 only has one option.
}
# ---------------------------------------------------------------------- # ----------------------------------------------------------------------
# Create output directory # Create output directory
@ -6447,10 +6463,10 @@ Write-Output ""
# Create new finding object # Create new finding object
$object = New-Object psobject $object = New-Object psobject
$object | add-member noteproperty MasterFindingSourceIdentifier $ExcessivePrivID $object | add-member noteproperty $rMasterFindingId $ExcessivePrivID
$object | add-member noteproperty InstanceName "Excessive Share ACL" $object | add-member noteproperty $rFindingName "Excessive Share ACL"
$object | add-member noteproperty AssetName $ComputerName $object | add-member noteproperty $rAssetName $ComputerName
$object | add-member noteproperty IssueFirstFoundDate $EndTime if(-not $Nova){$object | add-member noteproperty IssueFirstFoundDate $EndTime}
$object | add-member noteproperty VerificationCaption01 "$IdentityReference has $FileSystemRights privileges on $SharePath." $object | add-member noteproperty VerificationCaption01 "$IdentityReference has $FileSystemRights privileges on $SharePath."
$ShareDetails = @" $ShareDetails = @"
Computer Name: $ComputerName Computer Name: $ComputerName
@ -6470,13 +6486,17 @@ File Count: $FileCount
File List Sample: File List Sample:
$FileList $FileList
"@ "@
if($Nova){
$object | add-member noteproperty VerificationText01 "<pre><code>$ShareDetails</code></pre>"
}else{
$object | add-member noteproperty VerificationText01 $ShareDetails $object | add-member noteproperty VerificationText01 $ShareDetails
}
$object | add-member noteproperty VerificationCaption02 "caption 2" $object | add-member noteproperty VerificationCaption02 "caption 2"
$object | add-member noteproperty VerificationText02 "text 2" $object | add-member noteproperty VerificationText02 ""
$object | add-member noteproperty VerificationCaption03 "caption 3" $object | add-member noteproperty VerificationCaption03 "caption 3"
$object | add-member noteproperty VerificationText03 "text 3" $object | add-member noteproperty VerificationText03 ""
$object | add-member noteproperty VerificationCaption04 "caption 4" $object | add-member noteproperty VerificationCaption04 "caption 4"
$object | add-member noteproperty VerificationText04 "text 4" $object | add-member noteproperty VerificationText04 ""
$object $object
} }
@ -6485,13 +6505,19 @@ $FileList
# Create record containing verification summary for domain # Create record containing verification summary for domain
$object = New-Object psobject $object = New-Object psobject
$object | add-member noteproperty MasterFindingSourceIdentifier $ExcessivePrivID $object | add-member noteproperty $rMasterFindingId $ExcessivePrivID
$object | add-member noteproperty InstanceName "Domain ACL Summary" $object | add-member noteproperty $rFindingName "Domain ACL Summary"
$object | add-member noteproperty AssetName $TargetDomain $object | add-member noteproperty $rAssetName $TargetDomain
if(-not $Nova){
$object | add-member noteproperty IssueFirstFoundDate $EndTime $object | add-member noteproperty IssueFirstFoundDate $EndTime
}
$object | add-member noteproperty VerificationCaption01 "$ExcessiveSharesCount shares across $ComputerWithExcessive systems are configured with $ExcessiveSharePrivsCount potentially excessive ACLs." $object | add-member noteproperty VerificationCaption01 "$ExcessiveSharesCount shares across $ComputerWithExcessive systems are configured with $ExcessiveSharePrivsCount potentially excessive ACLs."
$ShareDetails = $ExcessiveSharePrivs | Select-Object SharePath -Unique -ExpandProperty SharePath | Out-String $ShareDetails = $ExcessiveSharePrivs | Select-Object SharePath -Unique -ExpandProperty SharePath | Out-String
if($Nova){
$object | add-member noteproperty VerificationText01 "<pre><code>$ShareDetails</code></pre>"
}else{
$object | add-member noteproperty VerificationText01 $ShareDetails $object | add-member noteproperty VerificationText01 $ShareDetails
}
$object | add-member noteproperty VerificationCaption02 "$TargetDomain SMB Share Scan Summary" $object | add-member noteproperty VerificationCaption02 "$TargetDomain SMB Share Scan Summary"
$Summary1 = @" $Summary1 = @"
Target Domain: $TargetDomain Target Domain: $TargetDomain
@ -6509,7 +6535,7 @@ $Computers445OpenCount domain computers had TCP port 445 accessible
Share Summary Share Summary
$AllSMBSharesCount shares were found. $AllSMBSharesCount shares were found.
$ExcessiveSharesCount shares across $ComputerWithExcessive systems are configured with $ExcessiveSharePrivsCount potentially excessive ACLs. $ExcessiveSharesCount shares across $ComputerWithExcessive systems are configured with $ExcessiveSharePrivsCount potentially excessive ACLs.
$SharesWithWriteCount shares across $ComputerWithWriteCount systems can be written to.</li> $SharesWithWriteCount shares across $ComputerWithWriteCount systems can be written to.
$SharesHighRiskCount shares across $ComputerwithHighRisk systems are considered high risk. $SharesHighRiskCount shares across $ComputerwithHighRisk systems are considered high risk.
$Top5ShareCountTotal of $AllAccessibleSharesCount ($DupPercent) shares are associated with the top 5 share names. $Top5ShareCountTotal of $AllAccessibleSharesCount ($DupPercent) shares are associated with the top 5 share names.
@ -6526,11 +6552,15 @@ The 5 most common share names are:
$SummaryFinal = $Summary1 + $Summary2 $SummaryFinal = $Summary1 + $Summary2
$object | add-member noteproperty VerificationText02 "$SummaryFinal" if($Nova){
$object | add-member noteproperty VerificationText02 "<pre><code>$SummaryFinal</code></pre>"
}else{
$object | add-member noteproperty VerificationText02 $SummaryFinal
}
$object | add-member noteproperty VerificationCaption03 "caption 3" $object | add-member noteproperty VerificationCaption03 "caption 3"
$object | add-member noteproperty VerificationText03 "text 3" $object | add-member noteproperty VerificationText03 ""
$object | add-member noteproperty VerificationCaption04 "caption 4" $object | add-member noteproperty VerificationCaption04 "caption 4"
$object | add-member noteproperty VerificationText04 "text 4" $object | add-member noteproperty VerificationText04 ""
# Write record to file # Write record to file
$object | Export-Csv -NoTypeInformation "$OutputDirectory\$TargetDomain-Excessive-Privileges-EXPORT.csv" -Append $object | Export-Csv -NoTypeInformation "$OutputDirectory\$TargetDomain-Excessive-Privileges-EXPORT.csv" -Append
@ -6574,10 +6604,12 @@ The 5 most common share names are:
# Create new finding object # Create new finding object
$object = New-Object psobject $object = New-Object psobject
$object | add-member noteproperty MasterFindingSourceIdentifier $ExcessivehighRiskID $object | add-member noteproperty $rMasterFindingId $ExcessivehighRiskID
$object | add-member noteproperty InstanceName "Excessive Share ACL" $object | add-member noteproperty $rFindingName "Excessive Share ACL"
$object | add-member noteproperty AssetName $ComputerName $object | add-member noteproperty $rAssetName $ComputerName
if(-not $Nova){
$object | add-member noteproperty IssueFirstFoundDate $EndTime $object | add-member noteproperty IssueFirstFoundDate $EndTime
}
$object | add-member noteproperty VerificationCaption01 "$IdentityReference has $FileSystemRights privileges on $SharePath." $object | add-member noteproperty VerificationCaption01 "$IdentityReference has $FileSystemRights privileges on $SharePath."
$ShareDetails = @" $ShareDetails = @"
Computer Name: $ComputerName Computer Name: $ComputerName
@ -6613,13 +6645,19 @@ $FileList
# Create record containing verification summary for domain # Create record containing verification summary for domain
$object = New-Object psobject $object = New-Object psobject
$object | add-member noteproperty MasterFindingSourceIdentifier $ExcessivehighRiskID $object | add-member noteproperty $rMasterFindingId $ExcessivehighRiskID
$object | add-member noteproperty InstanceName "Domain ACL Summary" $object | add-member noteproperty $rFindingName "Domain ACL Summary"
$object | add-member noteproperty AssetName $TargetDomain $object | add-member noteproperty $rAssetName $TargetDomain
if(-not $Nova){
$object | add-member noteproperty IssueFirstFoundDate $EndTime $object | add-member noteproperty IssueFirstFoundDate $EndTime
}
$object | add-member noteproperty VerificationCaption01 "$SharesHighRiskCount shares across $ComputerwithHighRisk systems are considered high risk." $object | add-member noteproperty VerificationCaption01 "$SharesHighRiskCount shares across $ComputerwithHighRisk systems are considered high risk."
$ShareDetails = $SharesHighRisk | Select-Object SharePath -Unique -ExpandProperty SharePath | Out-String $ShareDetails = $SharesHighRisk | Select-Object SharePath -Unique -ExpandProperty SharePath | Out-String
if($Nova){
$object | add-member noteproperty VerificationText01 "<pre><code>$ShareDetails</code></pre>"
}else{
$object | add-member noteproperty VerificationText01 $ShareDetails $object | add-member noteproperty VerificationText01 $ShareDetails
}
$object | add-member noteproperty VerificationCaption02 "$TargetDomain SMB Share Scan Summary" $object | add-member noteproperty VerificationCaption02 "$TargetDomain SMB Share Scan Summary"
$Summary1 = @" $Summary1 = @"
Target Domain: $TargetDomain Target Domain: $TargetDomain
@ -6654,11 +6692,15 @@ The 5 most common share names are:
$SummaryFinal = $Summary1 + $Summary2 $SummaryFinal = $Summary1 + $Summary2
$object | add-member noteproperty VerificationText02 "$SummaryFinal" if($Nova){
$object | add-member noteproperty VerificationText02 "<pre><code>$SummaryFinal</code></pre>"
}else{
$object | add-member noteproperty VerificationText02 $SummaryFinal
}
$object | add-member noteproperty VerificationCaption03 "caption 3" $object | add-member noteproperty VerificationCaption03 "caption 3"
$object | add-member noteproperty VerificationText03 "text 3" $object | add-member noteproperty VerificationText03 ""
$object | add-member noteproperty VerificationCaption04 "caption 4" $object | add-member noteproperty VerificationCaption04 "caption 4"
$object | add-member noteproperty VerificationText04 "text 4" $object | add-member noteproperty VerificationText04 ""
# Write record to file # Write record to file
$object | Export-Csv -NoTypeInformation "$OutputDirectory\$TargetDomain-Excessive-Privileges-EXPORT.csv" -Append $object | Export-Csv -NoTypeInformation "$OutputDirectory\$TargetDomain-Excessive-Privileges-EXPORT.csv" -Append