private void PrintFirewallRules() { try { Beaprint.MainPrint("Firewall Rules"); Beaprint.LinkPrint("", "Showing only DENY rules (too many ALLOW rules always)"); Dictionary <string, string> colorsN = new Dictionary <string, string>() { { Globals.StrFalse, Beaprint.ansi_color_bad }, { Globals.StrTrue, Beaprint.ansi_color_good }, }; Beaprint.AnsiPrint(" Current Profiles: " + Firewall.GetFirewallProfiles(), colorsN); foreach (KeyValuePair <string, string> entry in Firewall.GetFirewallBooleans()) { Beaprint.AnsiPrint(string.Format(" {0,-23}: {1}", entry.Key, entry.Value), colorsN); } Beaprint.GrayPrint(" DENY rules:"); foreach (Dictionary <string, string> rule in Firewall.GetFirewallRules()) { string filePerms = string.Join(", ", PermissionsHelper.GetPermissionsFile(rule["AppName"], winPEAS.Checks.Checks.CurrentUserSiDs)); string folderPerms = string.Join(", ", PermissionsHelper.GetPermissionsFolder(rule["AppName"], winPEAS.Checks.Checks.CurrentUserSiDs)); string formString = " ({0}){1}[{2}]: {3} {4} {5} from {6} --> {7}"; if (filePerms.Length > 0) { formString += "\n File Permissions: {8}"; } if (folderPerms.Length > 0) { formString += "\n Folder Permissions: {9}"; } formString += "\n {10}"; colorsN = new Dictionary <string, string> { { Globals.StrFalse, Beaprint.ansi_color_bad }, { Globals.StrTrue, Beaprint.ansi_color_good }, { "File Permissions.*|Folder Permissions.*", Beaprint.ansi_color_bad }, { rule["AppName"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)").Replace("]", "\\]").Replace("[", "\\[").Replace("?", "\\?").Replace("+", "\\+"), (filePerms.Length > 0 || folderPerms.Length > 0) ? Beaprint.ansi_color_bad : Beaprint.ansi_color_good }, }; Beaprint.AnsiPrint(string.Format(formString, rule["Profiles"], rule["Name"], rule["AppName"], rule["Action"], rule["Protocol"], rule["Direction"], rule["Direction"] == "IN" ? rule["Local"] : rule["Remote"], rule["Direction"] == "IN" ? rule["Remote"] : rule["Local"], filePerms, folderPerms, rule["Description"]), colorsN); } } catch (Exception ex) { Beaprint.PrintException(ex.Message); } }