diff --git a/Automation-Scripts/hashfile_validator.py b/Automation-Scripts/hashfile_validator.py index c48ae9b..1c63643 100644 --- a/Automation-Scripts/hashfile_validator.py +++ b/Automation-Scripts/hashfile_validator.py @@ -5,7 +5,7 @@ Filename: hashfile_validator.py Author: Daethyra Carino <109057945+Daethyra@users.noreply.github.com> Date: 2024-09-29 -Version: v0.1.0 +Version: v0.1.1 License: GNU Affero General Public License v3.0 Description: A CLI program that uses Certutil to quickly validate whether a cryptographic hash checksum matches the expected string. The program detects the hash algorithm based on the length of the user-provided provided checksum, and calculates the checksum before finally comparing the two strings. """ @@ -29,7 +29,6 @@ 128: ("SHA512", ["SHA512"]), } - def color_text(text: str, color_code: int) -> str: """ Add color to text if the terminal supports it. @@ -43,7 +42,6 @@ def color_text(text: str, color_code: int) -> str: """ return f"\033[3{color_code}m{text}\033[0m" if sys.stdout.isatty() else text - def validate_hash(hash_value: str) -> Tuple[Optional[str], List[str]]: """ Validate the hash format and suggest possible algorithms. @@ -55,15 +53,22 @@ def validate_hash(hash_value: str) -> Tuple[Optional[str], List[str]]: A tuple of the default algorithm and list of possible algorithms. Raises: - ValueError: If the hash contains non-hexadecimal characters. + ValueError: If the hash contains non-hexadecimal characters or has an unsupported length. """ if not set(hash_value).issubset("0123456789abcdefABCDEF"): raise ValueError( "Invalid hash format. Hash should only contain hexadecimal characters." ) - return HASH_ALGORITHMS.get(len(hash_value), (None, [])) - + hash_info = HASH_ALGORITHMS.get(len(hash_value)) + if hash_info is None: + valid_lengths = sorted(HASH_ALGORITHMS.keys()) + raise ValueError( + f"Unsupported hash length: {len(hash_value)}. " + f"Valid hash lengths are: {', '.join(map(str, valid_lengths))}." + ) + + return hash_info def run_certutil( file_path: str, algorithm: str, expected_hash: str, json_output: bool @@ -78,8 +83,13 @@ def run_certutil( json_output: Whether to return results in JSON format. Returns: - Results of the hash check. + Results of the hash check as a dictionary. """ + if algorithm is None: + error_msg = "Error: Unable to determine hash algorithm" + print(color_text(error_msg, RED)) + return {"error": error_msg} + try: result = subprocess.run( ["certutil", "-hashfile", file_path, algorithm], @@ -122,7 +132,6 @@ def run_certutil( return {"error": error_msg} - def get_file_info(file_path: str) -> Dict[str, Any]: """ Get file information. @@ -131,7 +140,7 @@ def get_file_info(file_path: str) -> Dict[str, Any]: file_path: Path to the file. Returns: - File information. + File information as a dictionary. """ try: file_stats = os.stat(file_path) @@ -144,7 +153,6 @@ def get_file_info(file_path: str) -> Dict[str, Any]: print(color_text(f"Warning: Unable to retrieve file information. {e}", YELLOW)) return {} - def process_files( files: List[str], algorithm: str, @@ -168,19 +176,28 @@ def process_files( results = [] for file_path in files: if not os.path.exists(file_path): - print(color_text(f"Error: The file '{file_path}' does not exist.", RED)) + error_result = { + "file": file_path, + "error": f"The file '{file_path}' does not exist." + } + results.append(error_result) + if not json_output: + print(color_text(error_result["error"], RED)) continue result = run_certutil(file_path, algorithm, expected_hash, json_output) - if include_info: + if include_info and "error" not in result: result["file_info"] = get_file_info(file_path) results.append(result) return results - def main(): + """ + Main function to run the hash validation program. + Parses command line arguments and orchestrates the hash checking process. + """ parser = argparse.ArgumentParser(description="Check file hash using certutil.") parser.add_argument("file", nargs="+", help="Path to the file(s) to check") parser.add_argument("hash", help="Expected hash value") @@ -197,10 +214,13 @@ def main(): args = parser.parse_args() try: - # Validate the hash default_algorithm, possible_algorithms = validate_hash(args.hash) - + algorithm = args.algorithm if args.algorithm else default_algorithm + + if algorithm is None: + raise ValueError("Could not determine hash algorithm and none was specified.") + if len(possible_algorithms) > 1 and not args.json: print( color_text( @@ -212,24 +232,18 @@ def main(): f"To use a different algorithm, specify with -a. Possibilities: {', '.join(possible_algorithms)}" ) - if algorithm not in possible_algorithms: - print( - color_text( - f"Warning: {algorithm} is not a typical algorithm for this hash length.", - YELLOW, - ) - ) - - # Process the files results = process_files(args.file, algorithm, args.hash, args.info, args.json) if args.json: print(json.dumps(results, indent=2)) except ValueError as e: - print(color_text(f"Error: {e}", RED)) + error_msg = f"Error: {e}" + if args.json: + print(json.dumps({"error": str(e)})) + else: + print(color_text(error_msg, RED)) sys.exit(1) - if __name__ == "__main__": - main() + main() \ No newline at end of file diff --git a/README.md b/README.md index bc26360..f39b2a3 100644 --- a/README.md +++ b/README.md @@ -8,11 +8,13 @@ Welcome to my personal collection of cybersecurity resources, tools, and referen
Personal automation scripts +[`extract_video_audio.py`](./Automation-Scripts/extract_video_audio.py): CLI tool that creates an MP3 audio file from a MP4 file, or files in a directory. + [`firewall_rules.py`](./Automation-Scripts/firewall_rules.py): takes in the URL of a CSV file to block known problematic IP addresses. > The default URL downloads the "Botnet C2 Indicators of Compromise (IOCs)" from FEODOtracker, which contains "information on tracked botnet c2s but also IP addresses that were acting as a botnet C2 within the **past 30 days**." -[`extract_video_audio.py`](./Automation-Scripts/extract_video_audio.py): CLI tool that creates an MP3 audio file from a MP4 file, or files in a directory. +[`hashfile_validator.py`](./Automation-Scripts/hashfile_validator.py): A CLI tool that automatically detects and validates cryptographic hash checksums against files. It supports MD5, SHA1, SHA256, SHA384, and SHA512, with optional JSON output and additional file information. The tool uses Windows' built-in Certutil for hash calculation. [`Reset-DockerWslIntergration.ps1`](./Automation-Scripts/Reset-DockerWslIntegration.ps1): PowerShell script that stops Docker Desktop, Stops WSL, and Unregisters the Docker Destop data. diff --git a/Useful-Repositories/README.md b/Useful-Repositories/README.md index 3ed7535..0e37e0e 100644 --- a/Useful-Repositories/README.md +++ b/Useful-Repositories/README.md @@ -25,12 +25,18 @@ #### [find-you](https://github.com/positive-security/find-you) - **Description**: Find You is a modified version of OpenHaystack that showcases the possibility of building a stealth AirTag clone that bypasses all of Apple's tracking protection features. +#### [HackTricks](https://book.hacktricks.xyz/) +- **Description**: HackTricks is an extensive resource containing cutting-edge hacking techniques, maintained by security researcher Carlos Polop. It covers a vast array of topics including pentesting methodologies, privilege escalation guides for multiple operating systems, network protocols exploitation, web vulnerabilities, wireless hacking techniques, and more. The repository is regularly updated with new attack vectors and is complemented by an online version (book.hacktricks.xyz) for easier navigation. It's particularly valuable for both beginner and experienced pentesters, offering practical examples, commands, and detailed explanations for various attack scenarios. + #### [NBP](https://github.com/NeverWonderLand/NBP) - **Description**: The New Blood Project (NBP) is a comprehensive resource for learning about hacktivism. It contains various files and documents that cover a wide range of topics including terminal basics, types of penetration testing, tips for penetration testing, file uploads, and more. Additionally, the repository provides links to other resources and channels where users can learn and contribute to the community. #### [OWASP Web Security Testing Guide](https://github.com/OWASP/wstg) - **Description**: The WSTG is a "comprehensive Open Source guide to testing the security of web applications and web services." It contains documents for testing in various scenarios, and these documents are easily downloaded if one knows the uniform identifiers. It also has a web security testing checklist in both excel and markdown formats. +#### [PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings) +- **Description**: An extensive and constantly updated repository of payloads, tricks, and techniques useful for exploiting a wide range of vulnerabilities and bypassing security controls. It contains payloads for attacks such as injections (SQL, NoSQL, XPath), XXE, Command Injection, XSS, SSRF, and many others. The repository also offers methods for privilege escalation, post-exploitation, and data exfiltration on various platforms (Windows, Linux, macOS) + #### [ProcessHacker](https://github.com/PKRoma/ProcessHacker) - **Description**: Process Hacker is a free and open-source process viewer and memory editor with unique features such as powerful process termination and a Regex memory searcher. @@ -81,6 +87,9 @@ python shadowclone.py -i assets-online --split 40 -o matched-vulns -c "/go/bin/h #### [awesome-cybersecurity-blueteam](https://github.com/fabacab/awesome-cybersecurity-blueteam) - **Description**: A curated collection of awesome resources, tools, and other shiny things for cybersecurity blue teams. +#### [Pestudio](https://www.winitor.com/) +- **Description**: A tool designed to detect suspicious artifacts within executable files to identify potentially malicious applications. It's particularly useful for initial assessment of suspicious files and malware analysis. + #### [PersistenceSniper](https://github.com/last-byte/PersistenceSniper) - **Description**: PersistenceSniper is a Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. It is also available on Powershell Gallery and it is digitally signed with a valid code signing certificate. @@ -101,6 +110,9 @@ python shadowclone.py -i assets-online --split 40 -o matched-vulns -c "/go/bin/h ### Multi-Purpose Tools +#### [Autoruns](https://learn.microsoft.com/en-us/sysinternals/downloads/autoruns) +- **Description**: Part of the Sysinternals suite, Autoruns shows what programs are configured to start up automatically when your system boots. It can be used both defensively to identify malicious persistence and offensively to understand potential persistence locations. + #### [The Book of Secret Knowledge](https://github.com/trimstray/the-book-of-secret-knowledge) - **Description**: This repository is a collection of various materials and tools that I use every day in my work. It contains a lot of useful information gathered in one piece. It is an invaluable source of knowledge for me that I often look back on. For everyone, really. Here everyone can find their favourite tastes. But to be perfectly honest, it is aimed towards System and Network administrators, DevOps, Pentesters, and Security Researchers.