コード例 #1
0
        static void Main(string[] args)
        {
            Info.PrintBanner();

            bool   help            = false;
            bool   xmlOutput       = false;
            bool   localPolicy     = false;
            bool   domainPolicy    = false;
            bool   effectivePolicy = false;
            String ldapPath        = "";

            var options = new OptionSet()
            {
                { "h|?|help", "Show Help\n", o => help = true },
                { "l|local", "Queries local applocker config\n", o => localPolicy = true },
                { "d|domain", "Queries domain applocker config (needs an ldap path)\n", o => domainPolicy = true },
                { "e|effective", "Queries the effective applocker config on this computer\n", o => effectivePolicy = true },
                { "x|xml", "Output AppLocker in XML format (default is json) \n", o => xmlOutput = true },
                { "ldap=", "The ldap filter to query the domain policy from\n", o => ldapPath = o }
            };

            try {
                options.Parse(args);
                IEnumerable <bool> modes = new List <bool> {
                    localPolicy, domainPolicy, effectivePolicy
                };

                if (CheckModes(0, modes))
                {
                    ShowHelp(options);
                    return;
                }

                if (!CheckModes(1, modes))
                {
                    Console.WriteLine("You can only select one Policy at the time.");
                    return;
                }

                if (domainPolicy && String.IsNullOrEmpty(ldapPath))
                {
                    Console.WriteLine("You can only query domain AppLocker configuration if you specify an LDAP filter.");
                    return;
                }

                if (help)
                {
                    ShowHelp(options);
                    return;
                }

                if (localPolicy)
                {
                    Console.WriteLine(SharpAppLocker.GetAppLockerPolicy(SharpAppLocker.PolicyType.Local, ldapPath, xmlOutput));
                }
                else if (domainPolicy)
                {
                    Console.WriteLine(SharpAppLocker.GetAppLockerPolicy(SharpAppLocker.PolicyType.Domain, ldapPath, xmlOutput));
                }
                else if (effectivePolicy)
                {
                    Console.WriteLine(SharpAppLocker.GetAppLockerPolicy(SharpAppLocker.PolicyType.Effective, ldapPath, xmlOutput));
                }
                else
                {
                    throw new ArgumentException("mode not found");
                }
            } catch (Exception e) {
                Console.Error.WriteLine(e.Message);
                ShowHelp(options);
                return;
            }
        }
コード例 #2
0
ファイル: Program.cs プロジェクト: slooppe/SharpAppLocker
        static void Main(string[] args)
        {
            Info.PrintBanner();

            bool help            = false;
            bool localPolicy     = false;
            bool domainPolicy    = false;
            bool effectivePolicy = false;
            bool allowOnly       = false;
            bool denyOnly        = false;

            string ldapPath    = "";
            string outFilePath = "";

            string[] ruleTypes = new string[] { "All" };


            var options = new OptionSet()
            {
                { "h|?|help", "Show Help\n", o => help = true },
                { "l|local", "Queries local applocker config\n", o => localPolicy = true },
                { "d|domain", "Queries domain applocker config (needs an ldap path)\n", o => domainPolicy = true },
                { "e|effective", "Queries the effective applocker config on this computer\n", o => effectivePolicy = true },
                { "A|allow", "Only return allowed action rules\n", o => allowOnly = true },
                { "D|deny", "Only return deny action rules\n", o => denyOnly = true },
                { "ldap=", "The ldap filter to query the domain policy from\n", o => ldapPath = o },
                { "rules=", "Comma seperated list of ruleTypes to filter \"FileHashRule, FilePathRule, FilePublisherRule, All\" default: All\n", o => ruleTypes = o.Split(',') },
                { "outfile=", "Filepath to write found rules to disk in JSON format \n", o => outFilePath = o }
            };

            try
            {
                options.Parse(args);

                IEnumerable <bool> policyModes = new List <bool> {
                    localPolicy, domainPolicy, effectivePolicy
                };

                if (help)
                {
                    ShowHelp(options);
                    return;
                }

                if (CheckModes(0, policyModes))
                {
                    ShowHelp(options);
                    return;
                }

                if (!CheckModes(1, policyModes))
                {
                    Console.WriteLine("[!] You can only select one Policy at the time.");
                    return;
                }

                if (domainPolicy && String.IsNullOrEmpty(ldapPath))
                {
                    Console.WriteLine("[!] You can only query domain AppLocker configuration if you specify an LDAP filter.");
                    return;
                }


                string outPutData = "";

                if (localPolicy)
                {
                    outPutData = SharpAppLocker.GetAppLockerPolicy(SharpAppLocker.PolicyType.Local, ruleTypes, ldapPath, allowOnly, denyOnly);
                }
                else if (domainPolicy)
                {
                    outPutData = SharpAppLocker.GetAppLockerPolicy(SharpAppLocker.PolicyType.Domain, ruleTypes, ldapPath, allowOnly, denyOnly);
                }
                else if (effectivePolicy)
                {
                    outPutData = SharpAppLocker.GetAppLockerPolicy(SharpAppLocker.PolicyType.Effective, ruleTypes, ldapPath, allowOnly, denyOnly);
                }
                else
                {
                    throw new ArgumentException("[!] Policy-mode not found");
                }

                if (!string.IsNullOrEmpty(outFilePath))
                {
                    File.WriteAllText(outFilePath, outPutData);
                    Console.WriteLine($"[+] Output written to: {outFilePath} \n");
                }
                else
                {
                    Console.WriteLine(outPutData);
                }
            }
            catch (Exception e)
            {
                Console.Error.WriteLine(e.InnerException);
                ShowHelp(options);
                return;
            }
        }