public void PrepDomainUserRules()
{
try
{
if (MyOptions.DomainUsersWordlistRules.Count >= 1)
{
foreach (string ruleName in MyOptions.DomainUsersWordlistRules)
{
ClassifierRule configClassifierRule =
MyOptions.ClassifierRules.First(thing => thing.RuleName == ruleName);
foreach (string user in MyOptions.DomainUsersToMatch)
{
string pattern = "( |'|\")" + Regex.Escape(user) + "( |'|\")";
Regex regex = new Regex(pattern,
RegexOptions.Compiled | RegexOptions.IgnoreCase | RegexOptions.CultureInvariant);
configClassifierRule.Regexes.Add(regex);
}
}
}
}
catch (Exception)
{
Mq.Error("Something went wrong adding domain users to rules.");
}
}
public void PrepDomainUserRules()
{
try
{
if (MyOptions.DomainUsersWordlistRules.Count >= 1)
{
foreach (string ruleName in MyOptions.DomainUsersWordlistRules)
{
ClassifierRule configClassifierRule =
MyOptions.ClassifierRules.First(thing => thing.RuleName == ruleName);
foreach (string user in MyOptions.DomainUsersToMatch)
{
if (user.Length < MyOptions.DomainUserMinLen)
{
Mq.Trace(String.Format("Skipping regex for \"{0}\". Shorter than minimum chars: {1}", user, MyOptions.DomainUserMinLen));
continue;
}
// Use the null character to match begin and end of line
string pattern = "(| |'|\")" + Regex.Escape(user) + "(| |'|\")";
Regex regex = new Regex(pattern,
RegexOptions.Compiled | RegexOptions.IgnoreCase | RegexOptions.Singleline | RegexOptions.CultureInvariant);
configClassifierRule.Regexes.Add(regex);
Mq.Trace(String.Format("Adding regex {0} to rule {1}", regex, ruleName));
}
}
}
}
catch (Exception)
{
Mq.Error("Something went wrong adding domain users to rules.");
}
}
private bool IsInterest(ClassifierRule classifier)
{
/*
* Keep all discard & archive parsing rules.
* Else, if rule (or child rule, recursive) interest level is lower than provided (0 default), then discard
*/
try
{
if (classifier.RelayTargets != null)
{
int max = 0;
foreach (string relayTarget in classifier.RelayTargets)
{
try
{
ClassifierRule relayRule = ClassifierRules.First(thing => thing.RuleName == relayTarget);
if (
(relayRule.Triage == Triage.Black && InterestLevel > 3) ||
(relayRule.Triage == Triage.Red && InterestLevel > 2) ||
(relayRule.Triage == Triage.Yellow && InterestLevel > 1) ||
(relayRule.Triage == Triage.Green && InterestLevel > 0))
{
return(true);
}
}
catch (Exception e)
{
throw new Exception("You have a misconfigured rule trying to relay to " + relayTarget + " and no such rule exists by that name.");
}
}
}
bool actualThing = !(
(
classifier.MatchAction == MatchAction.Snaffle ||
classifier.MatchAction == MatchAction.CheckForKeys
) &&
(
(classifier.Triage == Triage.Black && InterestLevel > 3) ||
(classifier.Triage == Triage.Red && InterestLevel > 2) ||
(classifier.Triage == Triage.Yellow && InterestLevel > 1) ||
(classifier.Triage == Triage.Green && InterestLevel > 0)
)
);
return(actualThing);
}
catch (Exception e)
{
Console.WriteLine(classifier.RuleName);
Console.WriteLine(e.ToString());
}
return(true);
}
private bool IsInterest(ClassifierRule classifier)
{
/*
* Keep all discard & archive parsing rules.
* Else, if rule (or child rule, recursive) interest level is lower than provided (0 default), then discard
*/
if (!String.IsNullOrEmpty(classifier.RelayTarget))
{
return(IsInterest(ClassifierRules.First(thing => thing.RuleName == classifier.RelayTarget)));
}
return(!(
(
classifier.MatchAction == MatchAction.Snaffle ||
classifier.MatchAction == MatchAction.CheckForKeys
) &&
(
(classifier.Triage == Triage.Red && InterestLevel > 2) ||
(classifier.Triage == Triage.Yellow && InterestLevel > 1) ||
(classifier.Triage == Triage.Green && InterestLevel > 0)
)
));
}
