Master main forensic merge (Forensics and Windows modules) #109
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…tey repository manager.
…structure IN PROGRESS: Creating URL generator and chrome history file generator, added forensic option to xml_report_generator. Need to find a way to efficiently pass history file from chrome_history_file_generator to chrome_history forensic module.
…structure IN PROGRESS: Creating URL generator and chrome history file generator, added forensic option to xml_report_generator. Need to find a way to efficiently pass history file from chrome_history_file_generator to chrome_history forensic module. ERRORING: Recieving error ==> storage_server: Error: Could not find class internet_history_chrome::init for vagrant-2008r2.lan on node vagrant-2008r2.lan Need to look into vagrant/puppet not findign forensics internet history class
icense. Will download ISO from microsoft site, will then build basebox (storing in VAGRANT_BASEBOX_STORAGE) and will then build with vagrant. If Basebox is not present SecGen will prompt whether to use packer (requires download from packer website in README.md and for the binary to be in the system path) to build the Basebox. *** Changes *** constants.rb 51-57: Added the 2 constants PUPPET_VERSION: version of puppet to install on the newly generated system, and VAGRANT_BASEBOX_STORAGE which stores generated baseboxes (currently set to SecGen_root/.generated). project_files_creator.rb 48-80: Added logic to check for existing basebox and to generate new basebox if not present. base_metadata_schema.xsd 11: Added windows to platform options type 45-50: Added extra packer helper tags, packerfile_path (path to packer file in the layout of base_module_name/Packerfile_name) and product_key (will use a trial version if product key is not present) vulnerability_metadata_schema.xsd 32: Added windows value to platformOptions type to allow for windows system implementation. Vagrantfile.erb 21: Changed --hwvirtex to default of on without gui output, problems can occur if this is not set to on. 23,28,31: Removed - tags before ending %>, this was causing an error with the vagrantfile as the options were not being placed on different lines. 48-56: Added the use of winrm instead of the default ssh for the base module if the base module is windows. puppet_install/LICENSE Added Mozilla Public License Version 2.0 (GPL v3 compatable) that came with the puppet_install/windows.ps1 script, the script to install puppet can be rewritten with a more simple implementation, however this script should do error checking to add an extra level of stability to the puppet install. puppet_install/windows.ps1 Will install puppet on the Windows machine. virtualbox_guest_install/windows.bat Will install the virtualbox guest additions on the Windows machine. Autounattend.xml.erb Aurounattend script that allows for setting out the system layout including system information, disk configuration and product keys. Packerfile.erb Packerfile that builds the machine via packer, was going to be fully parameterised with all options being in the SecGen metadata (it still can be converted to this easily) however this lead to a large SecGen_metadata file with multiple tags which were only used if the basebox is not present, therefore only the product_key and packerfile_path keys were added to the SecGen_metadata file. Although the product_key data may be moved to a central product_key file later on. secgen_metadata.xml SecGen metadata file for the new windows basebox. (cherry picked from commit 7960914) # Conflicts: # lib/templates/Vagrantfile.erb # Conflicts: # lib/templates/Vagrantfile.erb
# Conflicts: # secgen.rb
# Conflicts: # Gemfile # Gemfile.lock
Now all timestamp modules have default randomisation. May need to fix specifying values manually.
Created timestamp scenario example for all main timestamp modules
Allows for the placing of cat images (represent illegal images). May have some difficulty with multiple cat images due to framework placing all base64 inputs and outputs into a single hash, this may need to be resolved for multiple modules
Allows for the insertion of the chrome History file with choice of number of generic and cybercrime urls with inputted time range.
…ng process_options and get_options_array methods to the generator modules.
…istory example scenario file.
…t require powershell. Also added manifests directory that was not commited to remote branch with initial module commit.
…GitHub to avoid error.
…not changed to the right type for a calculation in the packerfile (string -> int)
… is synced to GitHub
Also added access data registry viewer install module to view registry, although regedit.exe can be used instead.
Encoding generators for hashes added: String input: MD5, SHA1, SHA256, SHA384, SHA512 File (path) input: MD5, SHA1
… to a faster extent if the host computer is powerful enough.
Need to check that all files are necessary, some may be redundant/unused code.
Install is for windows machines and will automatically also install chocolatey.
# Conflicts: # Gemfile # lib/templates/Vagrantfile.erb # secgen.rb
|
Great! Thanks for the pull request. We will take a closer look after Christmas. |
# Conflicts: # Gemfile # Gemfile.lock # secgen.rb
- Fixes conflicts with the main SecGen branch. - Also adds a fix for the chocolatey module (removes registry value as seems to be incompatable with current registry module function RegistryKeyEx) - Adds notify to show end of install for sqlite browser module Note: - Currently only non user input modules work with the new SecGen code, this seems to be due to a lack of a windows secgen_functions build module (current module only runs for linux) - The user input modules will be addressed in the next commit.
cliffe
added
the
for-reference-not-merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Merge of forensics branch (final year project) into main SecGen repository.
No base coding changes should be present other then the addition of some other commands and the addition of forensic specific and Windows based modules.
After testing the branch, everything seems to be fully working (although more robust testing will need to be done).
This is mostly a direct copy to ensure no hidden bugs are created that will cause large problems to the code base.
Also, during development an older version of puppet was used which did not contain iterative loops, this meant some of the modules could only be applied once, this should be rectified fairly easily in a future update however with an updated puppet version which contains iterative loop functionality.
As always any changes are welcome, plus maintainers should be able to edit the pull request directly (in case I have done anything wrong or if there are any bits of redundant code).