Thursday, December 20, 2018

# open file share searcher for passwords or restricted documents
import argparse
import os
import re

suspiciousFileNames = r'(?i)(\.config|\.txt|\.ini|\.pdf|\.doc|\.xls|\.java|\.sql|\.vbs|\.inf|pwd|password)'
passwordSearchableFileNames = r'(?i)(\.config|\.txt|\.ini|\.java|\.sql|\.vbs|\.inf)'
passwordKeywords = r'(?i)(pwd|password|passwd|getConnection|connectionString)'
falsePositiveFolders = r'(?i)(EPO_REPOSITORY|VSCANDAT|AdaptivaCache|SmsPkg|DriverPkg)'
falsePositiveFileNames = r'(?i)(license|avvdat|uninst)'
suspiciousFiles = []
passwordFiles = []
fileCount = 0
progressInterval = 10000
progressTracker = progressInterval

arguments = argparse.ArgumentParser("Search Open File Shares for passwords and restricted documents")
arguments.add_argument("-f", "--folder", type=str, required=True, help="Full UNC path (\\server\share) of open file share to search (note: file:// does not work)")
arguments.add_argument("-d", "--debug", action="store_true", required=False, help="Enable debugging messages")
arguments.add_argument("-p", "--progress", action="store_true", required=False, help="Enable progress tracking")
settings = arguments.parse_args()

if(settings.debug or settings.progress):
 print("starting walk of folder '{0}'".format(settings.folder))
for dname, dirs, files in os.walk(settings.folder):
  print("starting walk of sub-folder '{0}'".format(dname))
 for fname in files:
  fileCount = fileCount + 1
  fpath = os.path.join(dname, fname)
  if(settings.progress and fileCount >= progressTracker):
   print("PROGRESS: {0} files analyzed so far".format(str(fileCount)))
   progressTracker = progressTracker + progressInterval
   print("analyzing file '{0}'".format(fname))
  folderBadMatch =, fpath)
  if(folderBadMatch is None):
   match =, fname)
   if(match is not None):
    fileBadMatch =, fname)
    if(fileBadMatch is None):
      print("matched file '{0}'".format(fpath))
   print("finished analyzing file '{0}'".format(fname))
  print("finished walk of sub-folder '{0}'".format(dname))
 print("finished walk of folder '{0}'".format(settings.folder))
if(settings.debug or settings.progress):
 print("starting password searching")
for file in suspiciousFiles:
 isSearchable =, file)
 if(isSearchable is not None):
  with open(file) as f:
    print("searching for passwords in '{0}'".format(file))
   for line in f:
    match =, line)
    if(match is not None):
     passwordFiles.append((file, line))
 print("finished password searching")

for file in suspiciousFiles:
for (file, line) in passwordFiles:
 print("POSSIBLE PASSWORD in '{0}' [{1}]".format(file, line))

No comments:

Post a Comment