Master main forensic merge (Forensics and Windows modules)

Gemfile

@@ -20,6 +20,7 @@ gem 'nori'
 gem 'programr', :git => "http://github.com/robertjwhitney/programr.git"
 gem 'process_helper'
 gem 'ovirt-engine-sdk'
+gem 'sqlite3'
 
 #development only gems go here
 group :test, :development do

lib/helpers/constants.rb

@@ -15,6 +15,7 @@
 VULNERABILITY_SCHEMA_FILE = "#{ROOT_DIR}/lib/schemas/vulnerability_metadata_schema.xsd"
 SERVICE_SCHEMA_FILE = "#{ROOT_DIR}/lib/schemas/service_metadata_schema.xsd"
 UTILITY_SCHEMA_FILE = "#{ROOT_DIR}/lib/schemas/utility_metadata_schema.xsd"
+FORENSICS_SCHEMA_FILE = "#{ROOT_DIR}/lib/schemas/forensic_metadata_schema.xsd"
 GENERATOR_SCHEMA_FILE = "#{ROOT_DIR}/lib/schemas/generator_metadata_schema.xsd"
 ENCODER_SCHEMA_FILE = "#{ROOT_DIR}/lib/schemas/encoder_metadata_schema.xsd"
 NETWORK_SCHEMA_FILE = "#{ROOT_DIR}/lib/schemas/network_metadata_schema.xsd"
@@ -29,6 +30,7 @@
 VULNERABILITIES_DIR = "#{MODULES_DIR}vulnerabilities/"
 SERVICES_DIR = "#{MODULES_DIR}services/"
 UTILITIES_DIR = "#{MODULES_DIR}utilities/"
+FORENSICS_DIR = "#{MODULES_DIR}forensics/"
 GENERATORS_DIR = "#{MODULES_DIR}generators/"
 ENCODERS_DIR = "#{MODULES_DIR}encoders/"
 NETWORKS_DIR = "#{MODULES_DIR}networks/"
@@ -42,10 +44,16 @@
 # Path to resources
 WORDLISTS_DIR = "#{ROOT_DIR}/lib/resources/wordlists"
 IMAGES_DIR = "#{ROOT_DIR}/lib/resources/images"
+URLLISTS_DIR = "#{ROOT_DIR}/lib/resources/urllists"
+INTERNET_BROWSER_FILES_DIR = "#{ROOT_DIR}/lib/resources/internet_browser_files"
+ILLEGAL_IMAGES_DIR = "#{ROOT_DIR}/lib/resources/illegal_images"
+FORENSIC_ARTEFACTS_DIR = "#{ROOT_DIR}/lib/resources/forensic_artefacts"
 
 # Path to secgen_functions puppet module
 SECGEN_FUNCTIONS_PUPPET_DIR = "#{MODULES_DIR}build/puppet/secgen_functions"
 
+FILE_TRANSFER_STORAGE_MODULE_DIR = "#{ROOT_DIR}/modules/forensics/windows/file_transfer_storage/file_transfer_storage_module"
+
 ## PACKER CONSTANTS ##
 
 # Path to Packerfile.erb file

lib/output/xml_scenario_generator.rb

@@ -70,6 +70,10 @@ def module_element(selected_module, xml)
         xml.utility(selected_module.attributes_for_scenario_output) {
           insert_inputs_and_values(selected_module,xml)
         }
+      when 'forensic'
+        xml.forensic(selected_module.attributes_for_scenario_output) {
+          insert_inputs_and_values(selected_module,xml)
+        }
       when 'network'
         xml.network(selected_module.attributes_for_scenario_output)
       else

lib/readers/module_reader.rb

@@ -31,6 +31,11 @@ def self.read_utilities
     return read_modules('utility', UTILITIES_DIR, UTILITY_SCHEMA_FILE, true)
   end
 
+  # reads in all forensics
+  def self.read_forensics
+    return read_modules('forensic', FORENSICS_DIR, FORENSICS_SCHEMA_FILE, true)
+  end
+
   # reads in all utilities
   def self.read_generators
     return read_modules('generator', GENERATORS_DIR, GENERATOR_SCHEMA_FILE, true)
@@ -147,7 +152,7 @@ def self.read_modules(module_type, modules_dir, schema_file, require_puppet)
 
       # for each default input
       doc.xpath("/#{module_type}/default_input").each do |inputs_doc|
-        inputs_doc.xpath('descendant::vulnerability | descendant::service | descendant::utility | descendant::network | descendant::base | descendant::encoder | descendant::generator').each do |module_node|
+        inputs_doc.xpath('descendant::vulnerability | descendant::service | descendant::utility | descendant::forensic | descendant::network | descendant::base | descendant::encoder | descendant::generator').each do |module_node|
 
           # create a selector module, which is a regular module instance used as a placeholder for matching requirements
           module_selector = Module.new(module_node.name)

lib/readers/system_reader.rb

@@ -64,7 +64,7 @@ def self.read_scenario(scenario_file)
       end
 
       # for each module selection
-      system_node.xpath('//vulnerability | //service | //utility | //build | //network | //base | //encoder | //generator').each do |module_node|
+      system_node.xpath('//vulnerability | //service | //utility | //forensic | //build | //network | //base | //encoder | //generator').each do |module_node|
         # create a selector module, which is a regular module instance used as a placeholder for matching requirements
         module_selector = Module.new(module_node.name)
 

lib/resources/urllists/cybercrime_urls

@@ -0,0 +1,129 @@
+https://www.exploit-db.com/
+https://www.exploit-db.com/search/
+https://www.exploit-db.com/browse/
+https://www.exploit-db.com/webapps/
+https://www.exploit-db.com/remote/
+https://www.exploit-db.com/google-hacking-database/
+https://www.exploit-db.com/local/
+https://www.exploit-db.com/papers/
+https://github.com/offensive-security/exploit-database
+https://www.offensive-security.com/community-projects/the-exploit-database/
+https://www.exploit-db.com/shellcode/
+https://www.exploit-db.com/exploits/40360/
+https://www.exploit-db.com/about/
+https://www.exploit-db.com/submit/
+https://www.exploit-db.com/exploit-database-statistics/
+https://www.rapid7.com/db
+https://www.rapid7.com/db/
+https://www.rapid7.com/db/modules/
+https://twitter.com/exploitdb%3Flang%3Den
+https://null-byte.wonderhowto.com/how-to/hack-like-pro-find-exploits-using-exploit-database-kali-0156399/
+https://www.exploit-db.com/searchsploit/
+https://www.exploit-db.com/exploits/39640/
+https://www.exploit-db.com/docs/39527.pdf
+https://www.exploit-db.com/dos/
+https://www.exploit-db.com/exploits/39821/
+https://www.exploit-db.com/exploits/40839/
+https://www.exploit-db.com/exploits/39777/
+https://www.exploit-db.com/exploits/41570/
+https://www.exploit-db.com/platform/%3Fp%3Dlinux
+https://0day.today/
+https://www.exploit-db.com/google-hacking-database/
+https://github.com/offensive-security/exploit-database
+https://www.offensive-security.com/community-projects/the-exploit-database/
+https://www.rapid7.com/db
+https://www.rapid7.com/db/
+https://www.exploit-db.com/webapps/
+https://www.exploit-db.com/local/
+https://www.exploit-db.com/papers/
+https://www.exploit-db.com/searchsploit/
+https://www.exploit-db.com/exploit-database-statistics/
+https://www.exploit-db.com/submit/
+https://null-byte.wonderhowto.com/how-to/hack-like-pro-find-exploits-using-exploit-database-kali-0156399/
+https://cxsecurity.com/exploit/
+https://www.rapid7.com/db/modules/
+https://0day.today/
+https://www.exploit-db.com/shellcode/
+https://www.exploit-db.com/dos/
+https://www.exploit-db.com/exploits/40889/
+https://www.exploit-db.com/platform/%3Fp%3Dlinux
+https://www.offensive-security.com/offsec/exploit-database-update/
+https://twitter.com/exploitdb%3Flang%3Den
+https://www.rapid7.com/db/search
+https://www.rapid7.com/db/modules%3Fpage%3D3
+https://www.rapid7.com/db/modules%3Fpage%3D6
+https://github.com/offensive-security/exploit-database-bin-sploits
+https://www.kali.org/
+https://www.kali.org/downloads/
+https://www.kali.org/about-us/
+https://en.wikipedia.org/wiki/Kali_Linux
+http://docs.kali.org/
+http://docs.kali.org/introduction/what-is-kali-linux
+https://www.offensive-security.com/kali-linux-vmware-virtualbox-image-download/
+http://lifehacker.com/behind-the-app-the-story-of-kali-linux-1666168491
+https://twitter.com/kalilinux%3Flang%3Den
+http://www.infoworld.com/article/3060814/linux/should-beginners-install-kali-linux-on-their-computers.html
+https://www.kali.org/news/kali-linux-rolling-edition-2016-1/
+https://www.kali.org/kali-linux-documentation/
+https://www.kali.org/releases/kali-linux-20-released/
+https://www.kali.org/kali-linux-features/
+https://www.kali.org/penetration-testing-with-kali-linux/
+https://www.kali.org/kali-linux-releases/
+https://distrowatch.com/kali
+http://docs.kali.org/kali-on-arm/install-kali-linux-arm-raspberry-pi
+http://docs.kali.org/introduction/download-official-kali-linux-images
+http://docs.kali.org/development/live-build-a-custom-kali-iso
+https://www.youtube.com/user/kalinuxx
+https://www.kali.org/kali-linux-dojo-workshop/
+https://www.kali.org/news/introducing-kali-linux-certified-professional/
+https://www.kali.org/news/kali-linux-20162-release/
+https://www.offensive-security.com/kali-linux-arm-images/
+http://docs.kali.org/category/introduction
+http://docs.kali.org/downloading/kali-linux-live-usb-install
+http://tools.kali.org/
+https://hub.docker.com/r/kalilinux/kali-linux-docker/
+http://www.kalitutorials.net/
+https://null-byte.wonderhowto.com/how-to/hack-like-pro-getting-started-with-backtrack-your-new-hacking-system-0146889/
+https://null-byte.wonderhowto.com/how-to/hack-like-pro-install-backtrack-5-with-metasploit-as-dual-boot-hacking-system-0146681/
+http://www.backtrack-linux.org/
+http://www.admin-magazine.com/Articles/BackTrack-Linux-The-Ultimate-Hacker-s-Arsenal
+https://www.udemy.com/learn-hacking-using-backtrack-5/
+http://realhackerspoint.blogspot.com/2013/02/backtrack-5-ethical-hacking-tutorial.html
+https://www.kali.org/
+http://www.google.com/search?q=backtrack+hacking&num=30&sa=N&prmd=ivns&tbm=isch&tbo=u&source=univ&ved=0ahUKEwjc25Czw6HTAhVS1WMKHQFHCU0QsAQIVw
+http://www.hackingarticles.in/backtrack-commands-beginners/
+https://www.quora.com/How-do-I-hack-WPA2-Wi-Fi-password-using-Backtrack
+https://www.wirelessdomination.com/how-to-crack-wpa2-wifi-password-using-reaver-wpa2/
+https://www.amazon.com/Hacking-Backtrack-Linux-Revision-Guide/dp/B0074B7QSC
+https://www.lifewire.com/backtrack-the-hackers-swiss-army-knife-2487287
+http://www.hacking-tutorial.com/hacking-tutorial/15-step-to-hacking-windows-using-social-engineering-toolkit-and-backtrack-5/
+https://null-byte.wonderhowto.com/how-to/hack-like-pro-spear-phish-with-social-engineering-toolkit-set-backtrack-0148571/
+http://www.wirelesshack.org/backtrack-5-download
+http://hackyshacky.com/blog/hack-facebook-accounts-backtrack-5/%3Fm%3D0
+https://www.fullversionforever.com/wifi-hacking-with-backtrack/
+http://macdrug.com/wifi-cracker-how-to-crack-wifi-password-wpawpa2-using-backtrack-5/
+http://ways2hack.com/how-to-crack-wpa2-wifi-password/
+https://exploitpack.com/download.html
+https://exploitpack.com/
+https://github.com/offensive-security/exploit-database
+https://sourceforge.net/directory/%3Fq%3Dexploit
+https://www.metasploit.com/
+https://www.malwarebytes.com/antiexploit/
+https://packetstormsecurity.com/files/tags/exploit
+https://exploit-exercises.com/download
+https://github.com/ratty3697/HackSpy-Trojan-Exploit
+https://packetstormsecurity.com/files/tags/exploit/
+http://thehackernews.com/2011/05/blackhole-exploit-kit-download.html
+https://sourceforge.net/projects/exploittools/
+https://wearedevs.net/releases.html
+https://malwarebytes-anti-exploit.en.softonic.com/
+https://www.owasp.org/index.php/OWASP_Xenotix_XSS_Exploit_Framework
+https://github.com/rfunix/Pompem
+https://github.com/Gioyik/getExploit
+https://sourceforge.net/projects/xcodescanner/
+https://malwarebytes-anti-exploit.en.softonic.com/download
+https://www.symantec.com/security_response/attacksignatures/detail.jsp%3Fasid%3D28426
+https://www.symantec.com/security_response/attacksignatures/detail.jsp%3Fasid%3D26441
+https://www.bleepingcomputer.com/download/malwarebytes-anti-exploit/
+https://www.exploit-db.com/papers/
+https://medium.com/%40msuiche/shadow-brokers-nsa-exploits-of-the-week-3f7e17bdc216