static void Main(string[] args)
{
Info.PrintBanner();
bool help = false;
bool xmlOutput = false;
bool localPolicy = false;
bool domainPolicy = false;
bool effectivePolicy = false;
String ldapPath = "";
var options = new OptionSet()
{
{ "h|?|help", "Show Help\n", o => help = true },
{ "l|local", "Queries local applocker config\n", o => localPolicy = true },
{ "d|domain", "Queries domain applocker config (needs an ldap path)\n", o => domainPolicy = true },
{ "e|effective", "Queries the effective applocker config on this computer\n", o => effectivePolicy = true },
{ "x|xml", "Output AppLocker in XML format (default is json) \n", o => xmlOutput = true },
{ "ldap=", "The ldap filter to query the domain policy from\n", o => ldapPath = o }
};
try {
options.Parse(args);
IEnumerable <bool> modes = new List <bool> {
localPolicy, domainPolicy, effectivePolicy
};
if (CheckModes(0, modes))
{
ShowHelp(options);
return;
}
if (!CheckModes(1, modes))
{
Console.WriteLine("You can only select one Policy at the time.");
return;
}
if (domainPolicy && String.IsNullOrEmpty(ldapPath))
{
Console.WriteLine("You can only query domain AppLocker configuration if you specify an LDAP filter.");
return;
}
if (help)
{
ShowHelp(options);
return;
}
if (localPolicy)
{
Console.WriteLine(SharpAppLocker.GetAppLockerPolicy(SharpAppLocker.PolicyType.Local, ldapPath, xmlOutput));
}
else if (domainPolicy)
{
Console.WriteLine(SharpAppLocker.GetAppLockerPolicy(SharpAppLocker.PolicyType.Domain, ldapPath, xmlOutput));
}
else if (effectivePolicy)
{
Console.WriteLine(SharpAppLocker.GetAppLockerPolicy(SharpAppLocker.PolicyType.Effective, ldapPath, xmlOutput));
}
else
{
throw new ArgumentException("mode not found");
}
} catch (Exception e) {
Console.Error.WriteLine(e.Message);
ShowHelp(options);
return;
}
}
static void Main(string[] args)
{
Info.PrintBanner();
bool help = false;
bool localPolicy = false;
bool domainPolicy = false;
bool effectivePolicy = false;
bool allowOnly = false;
bool denyOnly = false;
string ldapPath = "";
string outFilePath = "";
string[] ruleTypes = new string[] { "All" };
var options = new OptionSet()
{
{ "h|?|help", "Show Help\n", o => help = true },
{ "l|local", "Queries local applocker config\n", o => localPolicy = true },
{ "d|domain", "Queries domain applocker config (needs an ldap path)\n", o => domainPolicy = true },
{ "e|effective", "Queries the effective applocker config on this computer\n", o => effectivePolicy = true },
{ "A|allow", "Only return allowed action rules\n", o => allowOnly = true },
{ "D|deny", "Only return deny action rules\n", o => denyOnly = true },
{ "ldap=", "The ldap filter to query the domain policy from\n", o => ldapPath = o },
{ "rules=", "Comma seperated list of ruleTypes to filter \"FileHashRule, FilePathRule, FilePublisherRule, All\" default: All\n", o => ruleTypes = o.Split(',') },
{ "outfile=", "Filepath to write found rules to disk in JSON format \n", o => outFilePath = o }
};
try
{
options.Parse(args);
IEnumerable <bool> policyModes = new List <bool> {
localPolicy, domainPolicy, effectivePolicy
};
if (help)
{
ShowHelp(options);
return;
}
if (CheckModes(0, policyModes))
{
ShowHelp(options);
return;
}
if (!CheckModes(1, policyModes))
{
Console.WriteLine("[!] You can only select one Policy at the time.");
return;
}
if (domainPolicy && String.IsNullOrEmpty(ldapPath))
{
Console.WriteLine("[!] You can only query domain AppLocker configuration if you specify an LDAP filter.");
return;
}
string outPutData = "";
if (localPolicy)
{
outPutData = SharpAppLocker.GetAppLockerPolicy(SharpAppLocker.PolicyType.Local, ruleTypes, ldapPath, allowOnly, denyOnly);
}
else if (domainPolicy)
{
outPutData = SharpAppLocker.GetAppLockerPolicy(SharpAppLocker.PolicyType.Domain, ruleTypes, ldapPath, allowOnly, denyOnly);
}
else if (effectivePolicy)
{
outPutData = SharpAppLocker.GetAppLockerPolicy(SharpAppLocker.PolicyType.Effective, ruleTypes, ldapPath, allowOnly, denyOnly);
}
else
{
throw new ArgumentException("[!] Policy-mode not found");
}
if (!string.IsNullOrEmpty(outFilePath))
{
File.WriteAllText(outFilePath, outPutData);
Console.WriteLine($"[+] Output written to: {outFilePath} \n");
}
else
{
Console.WriteLine(outPutData);
}
}
catch (Exception e)
{
Console.Error.WriteLine(e.InnerException);
ShowHelp(options);
return;
}
}