From c4b4e9471a4cb108a8e561d32e2e530433afede7 Mon Sep 17 00:00:00 2001
From: Scott Sutherland <nullbind@users.noreply.github.com>
Date: Thu, 12 Sep 2024 16:21:40 -0500
Subject: [PATCH] Update Analyze-HuntSMBShares.ps1

Added sankey chart.
---
 Scripts/Analyze-HuntSMBShares.ps1 | 163 +++++++++++++++++++++++++++++-
 1 file changed, 162 insertions(+), 1 deletion(-)

diff --git a/Scripts/Analyze-HuntSMBShares.ps1 b/Scripts/Analyze-HuntSMBShares.ps1
index 25777fd..e77c800 100644
--- a/Scripts/Analyze-HuntSMBShares.ps1
+++ b/Scripts/Analyze-HuntSMBShares.ps1
@@ -5,7 +5,7 @@
 #--------------------------------------
 # Author: Scott Sutherland, 2024 NetSPI
 # License: 3-clause BSD
-# Version: v1.85
+# Version: v1.86
 # References: This script includes custom code and code taken and modified from the open source projects PowerView, Invoke-Ping, and Invoke-Parrell. 
 function Analyze-HuntSMBShares
 {    
@@ -2079,6 +2079,67 @@ function Analyze-HuntSMBShares
         }else{
             $RemediationSavings = $RemediationSaveSnP
         }
+
+        # ----------------------------------------------------------------------
+        # Generate Sankey Summary C H M L
+        # ----------------------------------------------------------------------
+
+        # Create critical edge
+        if($RiskLevelCountCritical -gt 0){
+            $SanKeyCritical = @"
+                                {
+                                  source: 'ACEs ($ExcessiveSharePrivsCount)',
+                                  target: 'Critical ($RiskLevelCountCritical)',
+                                  value: $RiskLevelCountCritical,
+                                  color: '#93E6C4', // Custom color for this edge
+                                },
+"@
+        }else{
+          $SanKeyCrtiical = ""
+        }
+
+        # Create high edge
+        if($RiskLevelCountHigh -gt 0){
+            $SanKeyHigh = @"
+                                {
+                                  source: 'ACEs ($ExcessiveSharePrivsCount)',
+                                  target: 'High ($RiskLevelCountHigh)',
+                                  value: $RiskLevelCountHigh,
+                                  color: '#FB897C', // Custom color for this edge
+                                },
+"@
+        }else{
+          $SanKeyHigh = ""
+        }
+
+        # Create medium edge
+        if($RiskLevelCountMedium -gt 0){
+            $SanKeyMedium = @"
+                                {
+                                  source: 'ACEs ($ExcessiveSharePrivsCount)',
+                                  target: 'Medium ($RiskLevelCountMedium)',
+                                  value: $RiskLevelCountMedium,
+                                  color: '#FDAC70', // Custom color for this edge
+                                },
+"@
+        }else{
+          $SanKeyMedium = ""
+        }
+
+        # Create low edge
+        if($RiskLevelCountLow -gt 0){
+            $SanKeyLow = @"
+                                {
+                                  source: 'ACEs ($ExcessiveSharePrivsCount)',
+                                  target: 'Low ($RiskLevelCountLow)',
+                                  value: $RiskLevelCountLow,
+                                  color: '#FEDA94', // Custom color for this edge
+                                },
+"@
+        }else{
+          $SanKeyLow = ""
+        }
+
    
         # ----------------------------------------------------------------------
         # Create ShareGraph Nodes and Edges
@@ -3522,6 +3583,7 @@ $NewHtmlReport = @"
   <script src="https://unpkg.com/cytoscape-euler/cytoscape-euler.js"></script>
   <script src="https://unpkg.com/klayjs/klay.js"></script>
   <script src="https://unpkg.com/cytoscape-klay/cytoscape-klay.js"></script>  
+  <script src="https://cdn.jsdelivr.net/npm/apexsankey"></script>
   <title>Report</title>
   <style>    
      .modern-input {
@@ -5104,6 +5166,16 @@ input[type="checkbox"]:checked::before {
 							
 					</div>
 
+					 <div style="margin-left: 10px; width: 90%; margin-bottom: 10px;">
+					 The chart below illustrates the relationship between networks, computers, shares, and the ACEs configured with excessive privileges. Each network contains computers with assigned IP addresses. Each computer may host multiple shares and each share is configured with ACEs that allow remote access. As a result, ACEs represent the individual points of remediation that will need to be addressed to reduce exposure and risk.
+					 </div>
+					
+					<div class="LargeCard" style="width: 90%;">	
+						<a href="#" id="DashLink" style="text-decoration:none;">
+						</a>															
+						<div style="width: 100%; height: 200px;" id="svg-sankey"></div>								
+					</div>	
+
 <!--  
 |||||||||| CARD: Remediation Recommendations
 -->
@@ -8593,6 +8665,95 @@ Invoke-HuntSMBShares -Threads 20 -RunSpaceTimeOut 10 -OutputDirectory c:\folder\
 <br>
 <script>
 
+// --------------------------
+// Dashboard Page: Sankey Chart
+// --------------------------
+
+
+  const SankeyData = {
+  nodes: [
+    {
+      id: 'Networks ($SubnetsCount)',
+      title: 'Networks ($SubnetsCount)',
+      color: '#0c8b99',
+    },
+    {
+      id: 'Computers ($ComputerWithExcessive)',
+      title: 'Computers ($ComputerWithExcessive)',
+      color: '#04B9CD',
+    },
+    {
+      id: 'Shares ($ExcessiveSharesCount)',
+      title: 'Shares ($ExcessiveSharesCount)',
+      color: '#45D1C8', 
+    },
+    {
+      id: 'ACEs ($ExcessiveSharePrivsCount)',
+      title: 'ACEs ($ExcessiveSharePrivsCount)',
+      color: '#93E6C4', 
+    },
+    {
+      id: 'Critical ($RiskLevelCountCritical)',
+      title: 'Critical ($RiskLevelCountCritical)',
+      color: '#FF6A6A', 
+    },
+    {
+      id: 'High ($RiskLevelCountHigh)',
+      title: 'High ($RiskLevelCountHigh)',
+      color: '#FB897C', 
+    },
+    {
+      id: 'Medium ($RiskLevelCountMedium)',
+      title: 'Medium ($RiskLevelCountMedium)',
+      color: '#FDAC70', 
+    },
+    {
+      id: 'Low ($RiskLevelCountLow)',
+      title: 'Low ($RiskLevelCountLow)',
+      color: '#FEDA94', 
+    },
+  ],
+  edges: [
+      {
+      source: 'Networks ($SubnetsCount)',
+      target: 'Computers ($ComputerWithExcessive)',
+      value: $ComputerWithExcessive,
+      color: '#0c8b99', // Custom color for this edge 
+    },
+    {
+      source: 'Computers ($ComputerWithExcessive)',
+      target: 'Shares ($ExcessiveSharesCount)',
+      value: $ExcessiveSharesCount,
+      color: '#04B9CD', // Custom color for this edge
+    },
+    {
+      source: 'Shares ($ExcessiveSharesCount)',
+      target: 'ACEs ($ExcessiveSharePrivsCount)',
+      value: $ExcessiveSharePrivsCount,
+      color: '#45D1C8', // Custom color for this edge
+    },    
+    $SanKeyCritical
+    $SanKeyHigh
+    $SanKeyMedium
+    $SanKeyLow
+  ],
+};
+
+const graphOptions = {
+  nodeWidth: 10,
+  fontFamily: 'Quicksand, sans-serif', 
+  fontSize: '14px',  
+  fontWeight: 400,
+  fontColor: '#07142A',
+  height: 200,
+  width: 1200,
+  spacing: 10, // margin
+  enableTooltip: true,
+  canvasStyle: 'border: 0px solid #caced0;',
+};
+const s = new ApexSankey(document.getElementById('svg-sankey'), graphOptions);
+s.render(SankeyData);
+
 
 // --------------------------
 // side menu collapse function