public bool AnalysisTask <T>(string server) where T : IPingCastleReport { Trace.WriteLine("Working on " + server); if (server == "*" && InteractiveMode) { Trace.WriteLine("Setting reachable domains to on because interactive + server = *"); AnalyzeReachableDomains = true; } if (server.Contains("*")) { List <string> domains = GetListOfDomainToExploreFromGenericName(server); int i = 1; foreach (var domain in domains) { Console.ForegroundColor = ConsoleColor.Yellow; Console.WriteLine(""); string display = "Starting the report for " + domain + " (" + i++ + "/" + domains.Count + ")"; Console.WriteLine(display); Console.WriteLine(new String('=', display.Length)); Console.ResetColor(); PerformTheAnalysis <T>(domain); } } else { var data = PerformTheAnalysis <T>(server); var hcData = data as HealthcheckData; // do additional exploration based on trust results ? if (hcData != null && (ExploreTerminalDomains || ExploreForestTrust)) { if (hcData.Trusts != null) { List <string> domainToExamine = new List <string>(); foreach (var trust in hcData.Trusts) { string attributes = TrustAnalyzer.GetTrustAttribute(trust.TrustAttributes); string direction = TrustAnalyzer.GetTrustDirection(trust.TrustDirection); if (direction.Contains("Inbound") || direction.Contains("Disabled")) { continue; } if (attributes.Contains("Intra-Forest")) { continue; } // explore forest trust only if explore forest trust is set if (attributes.Contains("Forest Trust")) { if (ExploreForestTrust) { if (!ShouldTheDomainBeNotExplored(trust.TrustPartner)) { domainToExamine.Add(trust.TrustPartner); } if (trust.KnownDomains != null) { foreach (var di in trust.KnownDomains) { if (!ShouldTheDomainBeNotExplored(di.DnsName)) { domainToExamine.Add(di.DnsName); } } } } } else { if (ExploreTerminalDomains) { if (!ShouldTheDomainBeNotExplored(trust.TrustPartner)) { domainToExamine.Add(trust.TrustPartner); } } } } Console.ForegroundColor = ConsoleColor.Yellow; Console.WriteLine("List of domains that will be queried"); Console.ResetColor(); foreach (var domain in domainToExamine) { Console.WriteLine(domain); } foreach (string domain in domainToExamine) { PerformTheAnalysis <T>(domain); } } } return(hcData != null); } return(true); }
private void GenerateTrustInformation() { List <string> knowndomains = new List <string>(); GenerateSubSection("Discovered domains"); Add(@" <div class=""row""> <div class=""col-md-12 table-responsive""> <table class=""table table-striped table-bordered""> <thead><tr> <th>Domain</th> <th>Trust Partner</th> <th>Type</th> <th>Attribut</th> <th>Direction</th> <th>SID Filtering active</th> <th>TGT Delegation</th> <th>Creation</th> <th>Is Active ?</th> </tr> </thead> <tbody> "); foreach (HealthcheckData data in Report) { if (!knowndomains.Contains(data.DomainFQDN)) { knowndomains.Add(data.DomainFQDN); } data.Trusts.Sort( (HealthCheckTrustData a, HealthCheckTrustData b) => { return(String.Compare(a.TrustPartner, b.TrustPartner)); } ); foreach (HealthCheckTrustData trust in data.Trusts) { if (!knowndomains.Contains(trust.TrustPartner)) { knowndomains.Add(trust.TrustPartner); } Add(@" <tr> <td class='text'>" + PrintDomain(data.Domain) + @"</td> <td class='text'>" + PrintDomain(trust.Domain) + @"</td> <td class='text'>" + TrustAnalyzer.GetTrustType(trust.TrustType) + @"</td> <td class='text'>" + TrustAnalyzer.GetTrustAttribute(trust.TrustAttributes) + @"</td> <td class='text'>" + TrustAnalyzer.GetTrustDirection(trust.TrustDirection) + @"</td> <td class='text'>" + TrustAnalyzer.GetSIDFiltering(trust) + @"</td> <td class='text'>" + TrustAnalyzer.GetTGTDelegation(trust) + @"</td> <td class='text'>" + trust.CreationDate.ToString("u") + @"</td> <td class='text'>" + trust.IsActive + @"</td> </tr> "); } } Add(@" </tbody> </table> </div> </div> "); GenerateSubSection("Other discovered domains"); Add(@" <div class=""row""> <div class=""col-md-12 table-responsive""> <table class=""table table-striped table-bordered""> <thead><tr> <th>From</th> <th>Reachable domain</th> <th>Via</th> <th>Netbios</th> <th>Creation date</th> </tr> </thead> <tbody> "); foreach (HealthcheckData data in Report) { foreach (HealthCheckTrustData trust in data.Trusts) { if (trust.KnownDomains == null) { continue; } trust.KnownDomains.Sort((HealthCheckTrustDomainInfoData a, HealthCheckTrustDomainInfoData b) => { return(String.Compare(a.DnsName, b.DnsName)); } ); foreach (HealthCheckTrustDomainInfoData di in trust.KnownDomains) { if (knowndomains.Contains(di.DnsName)) { continue; } knowndomains.Add(di.DnsName); Add(@" <tr> <td class='text'>" ); Add(PrintDomain(data.Domain)); Add(@"</td> <td class='text'>" ); AddEncoded(di.DnsName); Add(@"</td> <td class='text'>" ); AddEncoded(trust.TrustPartner); Add(@"</td> <td class='text'>" ); AddEncoded(di.NetbiosName); Add(@"</td> <td class='text'>" ); Add(di.CreationDate); Add(@"</td> </tr> "); } } } foreach (HealthcheckData data in Report) { if (data.ReachableDomains != null) { foreach (HealthCheckTrustDomainInfoData di in data.ReachableDomains) { if (knowndomains.Contains(di.DnsName)) { continue; } knowndomains.Add(di.DnsName); Add(@" <tr> <td class='text'>" ); Add(PrintDomain(data.Domain)); Add(@"</td> <td class='text'>" ); AddEncoded(di.DnsName); Add(@"</td> <td class='text'>Unknown</td> <td class='text'>" ); AddEncoded(di.NetbiosName); Add(@"</td> <td class='text'>Unknown</td> </tr> "); } } } Add(@" </tbody> </table> </div> </div> "); // prepare a SID map to locate unknown account SortedDictionary <string, string> sidmap = new SortedDictionary <string, string>(); GenerateSubSection("SID Map"); Add(@" <div class=""row""> <div class=""col-md-12 table-responsive""> <table class=""table table-striped table-bordered""> <thead><tr> <th>Domain</th> <th>Domain SID</th> </tr> </thead> <tbody> "); foreach (HealthcheckData data in Report) { if (!sidmap.ContainsKey(data.DomainFQDN) && !String.IsNullOrEmpty(data.DomainSid)) { sidmap.Add(data.DomainFQDN, data.DomainSid); } foreach (HealthCheckTrustData trust in data.Trusts) { if (!sidmap.ContainsKey(trust.TrustPartner) && !String.IsNullOrEmpty(trust.SID)) { sidmap.Add(trust.TrustPartner, trust.SID); } foreach (HealthCheckTrustDomainInfoData di in trust.KnownDomains) { if (!sidmap.ContainsKey(di.DnsName) && !String.IsNullOrEmpty(di.Sid)) { sidmap.Add(di.DnsName, di.Sid); } } } } foreach (HealthcheckData data in Report) { if (data.ReachableDomains != null) { foreach (HealthCheckTrustDomainInfoData di in data.ReachableDomains) { if (!sidmap.ContainsKey(di.DnsName) && !String.IsNullOrEmpty(di.Sid)) { sidmap.Add(di.DnsName, di.Sid); } } } } foreach (string domain in sidmap.Keys) { Add(@" <tr> <td class='text'>" ); AddEncoded(domain); Add(@"</td> <td class='text'>" ); Add(sidmap[domain]); Add(@"</td> </tr> "); } Add(@" </tbody> </table> </div> </div> "); }