public void PrintInfo(bool isDebug)
{
Beaprint.GreatPrint("Interesting files and registry");
new List <Action>
{
Putty.PrintInfo,
SuperPutty.PrintInfo,
PrintOffice365EndpointsSyncedByOneDrive,
PrintCloudCreds,
PrintUnattendFiles,
PrintSAMBackups,
PrintMcAffeSitelistFiles,
PrintCachedGPPPassword,
PrintPossCredsRegs,
PrintUserCredsFiles,
PrintOracleSQLDeveloperConfigFiles,
Slack.PrintInfo,
PrintLOLBAS,
PrintOutlookDownloads,
PrintMachineAndUserCertificateFiles,
PrintUsersInterestingFiles,
PrintUsersDocsKeys,
PrintOfficeMostRecentFiles,
PrintRecentFiles,
PrintRecycleBin,
PrintHiddenFilesAndFolders,
PrintOtherUsersInterestingFiles,
PrintExecutablesInNonDefaultFoldersWithWritePermissions,
PrintWSLDistributions
}.ForEach(action => CheckRunner.Run(action, isDebug));
}
public void PrintInfo(bool isDebug)
{
Beaprint.GreatPrint("Services Information");
/// Start finding Modifiable services so any function could use them
try
{
CheckRunner.Run(() =>
{
modifiableServices = ServicesInfoHelper.GetModifiableServices(winPEAS.Checks.Checks.CurrentUserSiDs);
}, isDebug);
}
catch (Exception ex)
{
Beaprint.PrintException(ex.Message);
}
new List <Action>
{
PrintInterestingServices,
PrintModifiableServices,
PrintWritableRegServices,
PrintPathDllHijacking,
}.ForEach(action => CheckRunner.Run(action, isDebug));
}
public void PrintInfo(bool isDebug)
{
Beaprint.GreatPrint("Processes Information");
new List <Action>
{
PrintInterestingProcesses,
}.ForEach(action => CheckRunner.Run(action, isDebug));
}
public void PrintInfo(bool isDebug)
{
Beaprint.GreatPrint("File Analysis");
new List <Action>
{
PrintYAMLSearchFiles
}.ForEach(action => CheckRunner.Run(action, isDebug));
}
public void PrintInfo(bool isDebug)
{
Beaprint.GreatPrint("Interesting Events information");
new List <Action>
{
PrintExplicitLogonEvents,
PrintLogonEvents,
PrintProcessCreationEvents,
PrintPowerShellEvents,
PowerOnEvents,
}.ForEach(action => CheckRunner.Run(action, isDebug));
}
public void PrintInfo(bool isDebug)
{
Beaprint.GreatPrint("Applications Information");
new List <Action>
{
PrintActiveWindow,
PrintInstalledApps,
PrintAutoRuns,
PrintScheduled,
PrintDeviceDrivers,
}.ForEach(action => CheckRunner.Run(action, isDebug));
}
public void PrintInfo(bool isDebug)
{
Beaprint.GreatPrint("Browsers Information");
new List <IBrowser>
{
new Firefox(),
new Chrome(),
new Opera(),
new Brave(),
new InternetExplorer(),
}.ForEach(browser => CheckRunner.Run(browser.PrintInfo, isDebug));
}
public void PrintInfo(bool isDebug)
{
Beaprint.GreatPrint("Network Information");
new List <Action>
{
PrintNetShares,
PrintMappedDrivesWMI,
PrintHostsFile,
PrintNetworkIfaces,
PrintListeningPorts,
PrintFirewallRules,
PrintDNSCache,
PrintInternetSettings,
}.ForEach(action => CheckRunner.Run(action, isDebug));
}
public void PrintInfo(bool isDebug)
{
Beaprint.GreatPrint("Users Information");
new List <Action>
{
PrintCU,
PrintCurrentUserIdleTime,
PrintCurrentTenantInfo,
PrintTokenP,
PrintClipboardText,
PrintLoggedUsers,
PrintLocalUsers,
PrintRdpSessions,
PrintEverLoggedUsers,
PrintHomeFolders,
PrintAutoLogin,
PrintPasswordPolicies,
PrintLogonSessions
}.ForEach(action => CheckRunner.Run(action, isDebug));
}
public void PrintInfo(bool isDebug)
{
Beaprint.GreatPrint("System Information");
new List <Action>
{
PrintBasicSystemInfo,
PrintMicrosoftUpdatesCOM,
PrintSystemLastShutdownTime,
PrintUserEV,
PrintSystemEV,
PrintAuditInfo,
PrintAuditPoliciesInfo,
PrintWEFInfo,
PrintLAPSInfo,
PrintWdigest,
PrintLSAProtection,
PrintCredentialGuard,
PrintCachedCreds,
PrintAVInfo,
PrintWindowsDefenderInfo,
PrintUACInfo,
PrintPSInfo,
PrintPowerShellSessionSettings,
PrintTranscriptPS,
PrintInetInfo,
PrintDrivesInfo,
PrintWSUS,
PrintAlwaysInstallElevated,
PrintLSAInfo,
PrintNtlmSettings,
PrintLocalGroupPolicy,
AppLockerHelper.PrintAppLockerPolicy,
PrintPrintersWMIInfo,
PrintNamedPipes,
PrintAMSIProviders,
PrintSysmon,
PrintDotNetVersions
}.ForEach(action => CheckRunner.Run(action, isDebug));
}
public void PrintInfo(bool isDebug)
{
Beaprint.GreatPrint("Windows Credentials");
new List <Action>
{
PrintVaultCreds,
PrintCredentialManager,
PrintSavedRDPInfo,
PrintRDPSettings,
PrintRecentRunCommands,
PrintDPAPIMasterKeys,
PrintDpapiCredFiles,
PrintRCManFiles,
PrintKerberosTickets,
//PrintKerberosTGTTickets, #Not working
PrintWifi,
PrintAppCmd,
PrintSCClient,
PrintSCCM,
PrintSecurityPackagesCredentials,
}.ForEach(action => CheckRunner.Run(action, isDebug));
}
