Thursday, December 20, 2018

openFileShareWalker.py

# open file share searcher for passwords or restricted documents
import argparse
import os
import re

#definitions
suspiciousFileNames = r'(?i)(\.config|\.txt|\.ini|\.pdf|\.doc|\.xls|\.java|\.sql|\.vbs|\.inf|pwd|password)'
passwordSearchableFileNames = r'(?i)(\.config|\.txt|\.ini|\.java|\.sql|\.vbs|\.inf)'
passwordKeywords = r'(?i)(pwd|password|passwd|getConnection|connectionString)'
falsePositiveFolders = r'(?i)(EPO_REPOSITORY|VSCANDAT|AdaptivaCache|SmsPkg|DriverPkg)'
falsePositiveFileNames = r'(?i)(license|avvdat|uninst)'
suspiciousFiles = []
passwordFiles = []
fileCount = 0
progressInterval = 10000
progressTracker = progressInterval

#arguments
arguments = argparse.ArgumentParser("Search Open File Shares for passwords and restricted documents")
arguments.add_argument("-f", "--folder", type=str, required=True, help="Full UNC path (\\server\share) of open file share to search (note: file:// does not work)")
arguments.add_argument("-d", "--debug", action="store_true", required=False, help="Enable debugging messages")
arguments.add_argument("-p", "--progress", action="store_true", required=False, help="Enable progress tracking")
settings = arguments.parse_args()

#processing
if(settings.debug or settings.progress):
 print("starting walk of folder '{0}'".format(settings.folder))
for dname, dirs, files in os.walk(settings.folder):
 if(settings.debug):
  print("starting walk of sub-folder '{0}'".format(dname))
 for fname in files:
  fileCount = fileCount + 1
  fpath = os.path.join(dname, fname)
  if(settings.progress and fileCount >= progressTracker):
   print("PROGRESS: {0} files analyzed so far".format(str(fileCount)))
   progressTracker = progressTracker + progressInterval
  if(settings.debug):
   print("analyzing file '{0}'".format(fname))
  folderBadMatch = re.search(falsePositiveFolders, fpath)
  if(folderBadMatch is None):
   match = re.search(suspiciousFileNames, fname)
   if(match is not None):
    fileBadMatch = re.search(falsePositiveFileNames, fname)
    if(fileBadMatch is None):
     if(settings.debug):
      print("matched file '{0}'".format(fpath))
     suspiciousFiles.append(fpath)
  if(settings.debug):
   print("finished analyzing file '{0}'".format(fname))
 if(settings.debug):
  print("finished walk of sub-folder '{0}'".format(dname))
if(settings.debug):
 print("finished walk of folder '{0}'".format(settings.folder))
if(settings.debug or settings.progress):
 print("starting password searching")
for file in suspiciousFiles:
 isSearchable = re.search(passwordSearchableFileNames, file)
 if(isSearchable is not None):
  with open(file) as f:
   if(settings.debug):
    print("searching for passwords in '{0}'".format(file))
   for line in f:
    match = re.search(passwordKeywords, line)
    if(match is not None):
     passwordFiles.append((file, line))
if(settings.debug):
 print("finished password searching")

#output
for file in suspiciousFiles:
 print(file)
for (file, line) in passwordFiles:
 print("POSSIBLE PASSWORD in '{0}' [{1}]".format(file, line))

No comments:

Post a Comment