# open file share searcher for passwords or restricted documents
import argparse
import os
import re
#definitions
suspiciousFileNames = r'(?i)(\.config|\.txt|\.ini|\.pdf|\.doc|\.xls|\.java|\.sql|\.vbs|\.inf|pwd|password)'
passwordSearchableFileNames = r'(?i)(\.config|\.txt|\.ini|\.java|\.sql|\.vbs|\.inf)'
passwordKeywords = r'(?i)(pwd|password|passwd|getConnection|connectionString)'
falsePositiveFolders = r'(?i)(EPO_REPOSITORY|VSCANDAT|AdaptivaCache|SmsPkg|DriverPkg)'
falsePositiveFileNames = r'(?i)(license|avvdat|uninst)'
suspiciousFiles = []
passwordFiles = []
fileCount = 0
progressInterval = 10000
progressTracker = progressInterval
#arguments
arguments = argparse.ArgumentParser("Search Open File Shares for passwords and restricted documents")
arguments.add_argument("-f", "--folder", type=str, required=True, help="Full UNC path (\\server\share) of open file share to search (note: file:// does not work)")
arguments.add_argument("-d", "--debug", action="store_true", required=False, help="Enable debugging messages")
arguments.add_argument("-p", "--progress", action="store_true", required=False, help="Enable progress tracking")
settings = arguments.parse_args()
#processing
if(settings.debug or settings.progress):
print("starting walk of folder '{0}'".format(settings.folder))
for dname, dirs, files in os.walk(settings.folder):
if(settings.debug):
print("starting walk of sub-folder '{0}'".format(dname))
for fname in files:
fileCount = fileCount + 1
fpath = os.path.join(dname, fname)
if(settings.progress and fileCount >= progressTracker):
print("PROGRESS: {0} files analyzed so far".format(str(fileCount)))
progressTracker = progressTracker + progressInterval
if(settings.debug):
print("analyzing file '{0}'".format(fname))
folderBadMatch = re.search(falsePositiveFolders, fpath)
if(folderBadMatch is None):
match = re.search(suspiciousFileNames, fname)
if(match is not None):
fileBadMatch = re.search(falsePositiveFileNames, fname)
if(fileBadMatch is None):
if(settings.debug):
print("matched file '{0}'".format(fpath))
suspiciousFiles.append(fpath)
if(settings.debug):
print("finished analyzing file '{0}'".format(fname))
if(settings.debug):
print("finished walk of sub-folder '{0}'".format(dname))
if(settings.debug):
print("finished walk of folder '{0}'".format(settings.folder))
if(settings.debug or settings.progress):
print("starting password searching")
for file in suspiciousFiles:
isSearchable = re.search(passwordSearchableFileNames, file)
if(isSearchable is not None):
with open(file) as f:
if(settings.debug):
print("searching for passwords in '{0}'".format(file))
for line in f:
match = re.search(passwordKeywords, line)
if(match is not None):
passwordFiles.append((file, line))
if(settings.debug):
print("finished password searching")
#output
for file in suspiciousFiles:
print(file)
for (file, line) in passwordFiles:
print("POSSIBLE PASSWORD in '{0}' [{1}]".format(file, line))
No comments:
Post a Comment