microsoft
/
AttackSurfaceAnalyzer
зеркало из https://github.com/microsoft/AttackSurfaceAnalyzer.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Gfs/#579 (#583) 

* Update README.md (#580)

* Update README.md

* Some cleanup

* Update OpenPortCollector.cs

* Update CommandOptions.cs

* Fix Getting Process Names

* Update EventLogCollector.cs

* Update FileSystemMonitor.cs

* Update CollectorTests.cs

* Update CollectorTests.cs

* Update CollectorTests.cs

* Update CollectorTests.cs

* Update version.json

* Update version.json

* Update version.json
This commit is contained in:
Gabe Stocco 2021-05-25 18:31:24 -07:00 коммит произвёл GitHub
Родитель 54af8687bd
Коммит 91b01c43a5
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
10 изменённых файлов: 31 добавлений и 29 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

12
Cli/Components/CollectorOptions/FileCollectorOptions.razor
Просмотреть файл

@ -24,9 +24,9 @@
<div class="form-row">
<div class="col-9 mb-1">
<select class="form-control @directorySelectElementGlowClass.ClassName" id="selectedDirectoriesList" @bind="SelectedDirectoryTop">
@for (var i = 0; i < appData.CollectOptions.SelectedDirectories.Count; i++)
@for (var i = 0; i < appData.CollectOptions.SelectedDirectories.Count(); i++)
{
<option value="@i">@appData.CollectOptions.SelectedDirectories[i]</option>
<option value="@i">@appData.CollectOptions.SelectedDirectories.ToList()[i]</option>
}
</select>
</div>
@ -71,17 +71,17 @@
void RemoveInputFromList()
{
if (appData.CollectOptions.SelectedDirectories.Count > SelectedDirectoryTop)
if (appData.CollectOptions.SelectedDirectories.Count() > SelectedDirectoryTop)
{
appData.CollectOptions.SelectedDirectories.RemoveAt(SelectedDirectoryTop);
appData.CollectOptions.SelectedDirectories = appData.CollectOptions.SelectedDirectories.Except(appData.CollectOptions.SelectedDirectories.Skip(SelectedDirectoryTop-1).Take(1));
Helper.ToggleGlow(() => InvokeAsync(StateHasChanged), directorySelectElementGlowClass, false);
}
}
void PushInputToList()
{
appData.CollectOptions.SelectedDirectories.Add(SelectedDirectoryInput);
SelectedDirectoryTop = appData.CollectOptions.SelectedDirectories.Count - 1;
appData.CollectOptions.SelectedDirectories = appData.CollectOptions.SelectedDirectories.Union(new string[] { SelectedDirectoryInput });
SelectedDirectoryTop = appData.CollectOptions.SelectedDirectories.Count() - 1;
Helper.ToggleGlow(() => InvokeAsync(StateHasChanged), directorySelectElementGlowClass, true);
SelectedDirectoryInput = string.Empty;
}

10
Cli/Components/CollectorOptions/RegistryCollectorOptions.razor
Просмотреть файл

@ -23,9 +23,9 @@
<div class="form-row">
<div class="col-9 mb-1">
<select class="form-control @directorySelectElementGlowClass.ClassName" id="selectedPathsList" @bind="SelectedHiveTop">
@for (var i = 0; i < appData.CollectOptions.SelectedHives.Count; i++)
@for (var i = 0; i < appData.CollectOptions.SelectedHives.Count(); i++)
{
<option value="@i">@appData.CollectOptions.SelectedHives[i]</option>
<option value="@i">@appData.CollectOptions.SelectedHives.ToList()[i]</option>
}
</select>
</div>
@ -44,14 +44,14 @@
void RemoveInputFromList()
{
appData.CollectOptions.SelectedHives.RemoveAt(SelectedHiveTop);
appData.CollectOptions.SelectedHives = appData.CollectOptions.SelectedDirectories.Except(appData.CollectOptions.SelectedDirectories.Skip(SelectedHiveTop-1).Take(1));
Helper.ToggleGlow(() => InvokeAsync(StateHasChanged), directorySelectElementGlowClass, false);
}
void PushInputToList()
{
appData.CollectOptions.SelectedHives.Add(SelectedHiveInput);
SelectedHiveTop = appData.CollectOptions.SelectedHives.Count - 1;
appData.CollectOptions.SelectedHives = appData.CollectOptions.SelectedHives.Union(new string[] { SelectedHiveInput });
SelectedHiveTop = appData.CollectOptions.SelectedHives.Count() - 1;
Helper.ToggleGlow(() => InvokeAsync(StateHasChanged), directorySelectElementGlowClass, true);
SelectedHiveInput = string.Empty;
}

10
Cli/Components/MonitorOptions/FileMonitorOptions.razor
Просмотреть файл

@ -30,9 +30,9 @@
<div class="form-row">
<div class="col-9 mb-1">
<select class="form-control @directorySelectElementGlowClass.ClassName" id="selectedDirectoriesList" @bind="SelectedDirectoryTop">
@for (var i = 0; i < appData.MonitorOptions.MonitoredDirectories.Count; i++)
@for (var i = 0; i < appData.MonitorOptions.MonitoredDirectories.Count(); i++)
{
<option value="@i">@appData.MonitorOptions.MonitoredDirectories[i]</option>
<option value="@i">@appData.MonitorOptions.MonitoredDirectories.ToList()[i]</option>
}
</select>
</div>
@ -51,14 +51,14 @@
void RemoveInputFromList()
{
appData.MonitorOptions.MonitoredDirectories.RemoveAt(SelectedDirectoryTop);
appData.MonitorOptions.MonitoredDirectories = appData.MonitorOptions.MonitoredDirectories.Except(appData.MonitorOptions.MonitoredDirectories.Skip(SelectedDirectoryTop-1).Take(1));
Helper.ToggleGlow(() => InvokeAsync(StateHasChanged), directorySelectElementGlowClass, false);
}
void PushInputToList()
{
appData.MonitorOptions.MonitoredDirectories.Add(SelectedDirectoryInput);
SelectedDirectoryTop = appData.MonitorOptions.MonitoredDirectories.Count - 1;
appData.MonitorOptions.MonitoredDirectories = appData.MonitorOptions.MonitoredDirectories.Union(new string[] { SelectedDirectoryInput });
SelectedDirectoryTop = appData.MonitorOptions.MonitoredDirectories.Count() - 1;
Helper.ToggleGlow(() => InvokeAsync(StateHasChanged), directorySelectElementGlowClass, true);
SelectedDirectoryInput = string.Empty;
}

4
Lib/Collectors/EventLogCollector.cs
Просмотреть файл

@ -189,6 +189,10 @@ namespace Microsoft.CST.AttackSurfaceAnalyzer.Collectors
[System.Diagnostics.CodeAnalysis.SuppressMessage("Design", "CA1031:Do not catch general exception types", Justification = "Official documentation for this functionality does not specify what exceptions it throws. https://docs.microsoft.com/en-us/dotnet/api/system.diagnostics.eventlogentrycollection?view=netcore-3.0")]
public void ExecuteWindows(CancellationToken cancellationToken)
{
if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
{
return;
}
void ParseWindowsLog(EventLogEntry entry)
{
if (opts.GatherVerboseLogs || entry.EntryType.ToString() == "Warning" || entry.EntryType.ToString() == "Error")

2
Lib/Collectors/FileSystemMonitor.cs
Просмотреть файл

@ -83,7 +83,7 @@ namespace Microsoft.CST.AttackSurfaceAnalyzer.Collectors
GatherHashes = options.GatherHashes,
});
foreach (var dir in options.MonitoredDirectories.Count > 0 ? options.MonitoredDirectories : fsc.Roots.ToList())
foreach (var dir in (options?.MonitoredDirectories.Any() is true) ? options.MonitoredDirectories : fsc.Roots.ToList())
{
foreach (var filter in defaultFiltersList)
{

6
Lib/Collectors/OpenPortCollector.cs
Просмотреть файл

@ -191,10 +191,8 @@ namespace Microsoft.CST.AttackSurfaceAnalyzer.Collectors
{
Address = endpoint.Address.ToString(),
};
foreach (ProcessPort p in Win32ProcessPorts.ProcessPortMap.FindAll(x => x.PortNumber == endpoint.Port))
{
obj.ProcessName = p.ProcessName;
}
obj.ProcessName = Win32ProcessPorts.ProcessPortMap.Find(x => x.PortNumber == endpoint.Port)?.ProcessName;
HandleChange(obj);
}

10
Lib/Objects/CommandOptions.cs
Просмотреть файл

@ -119,13 +119,13 @@ namespace Microsoft.CST.AttackSurfaceAnalyzer
public string? RunId { get; set; }
[Option("directories", Required = false, HelpText = "comma separated list of paths to scan with FileSystemCollector", Separator = ',')]
public List<string> SelectedDirectories { get; set; } = new List<string>();
public IEnumerable<string> SelectedDirectories { get; set; } = new List<string>();
[Option("skip-directories", Required = false, HelpText = "comma separated list of paths to skip with FileSystemCollector", Separator = ',')]
public List<string> SkipDirectories { get; set; } = new List<string>();
public IEnumerable<string> SkipDirectories { get; set; } = new List<string>();
[Option("hives", Required = false, HelpText = "comma separated list of hives and subkeys to search.", Separator = ',')]
public List<string> SelectedHives { get; set; } = new List<string>();
public IEnumerable<string> SelectedHives { get; set; } = new List<string>();
[Option(HelpText = "Force singlethreaded collectors.")]
public bool SingleThread { get; set; }
@ -276,7 +276,7 @@ namespace Microsoft.CST.AttackSurfaceAnalyzer
public bool FileNamesOnly { get; set; }
[Option(HelpText = "Comma-separated list of directories to monitor.", Separator = ',')]
public List<string> MonitoredDirectories { get; set; } = new List<string>();
public IEnumerable<string> MonitoredDirectories { get; set; } = new List<string>();
[Option(HelpText = "Directory to output to.")]
public string? OutputPath { get; set; }
@ -304,7 +304,7 @@ namespace Microsoft.CST.AttackSurfaceAnalyzer
public bool GatherHashes { get; set; }
[Option('d', "directories", Required = false, HelpText = "Comma-separated list of directories to monitor.", Separator = ',')]
public List<string> MonitoredDirectories { get; set; } = new List<string>();
public IEnumerable<string> MonitoredDirectories { get; set; } = new List<string>();
//[Option('r', "registry", Required = false, HelpText = "Monitor the registry for changes. (Windows Only)")]
//public bool EnableRegistryMonitor { get; set; }

2
Lib/Utils/Win32OpenPortListenerHelper.cs
Просмотреть файл

@ -29,7 +29,7 @@ namespace Microsoft.CST.AttackSurfaceAnalyzer.Utils
}
}
private static List<ProcessPort> CachedProcessPortMap = new List<ProcessPort>();
private static List<ProcessPort>? CachedProcessPortMap = null;
/// <summary>
/// This method distills the output from netstat -a -n -o into a list of ProcessPorts that provide

2
Tests/CollectorTests.cs
Просмотреть файл

@ -507,7 +507,7 @@ namespace Microsoft.CST.AttackSurfaceAnalyzer.Tests
{
Assert.IsTrue(AsaHelpers.IsAdmin());
var user = System.Guid.NewGuid().ToString().Substring(0, 10);
var password = "$" + CryptoHelpers.GetRandomString(13);
var password = $"$A4%b^6a_";
var cmd = string.Format("user /add {0} {1}", user, password);
ExternalCommandRunner.RunExternalCommand("net", cmd);