Merge branch 'dev' of https://github.com/bneg/Empire into bneg-dev

2018-02-10 22:44:04 -05:00 · 2018-02-10 22:44:04 -05:00 · d65badfd16
parent eb11c50691 7388fed540
commit d65badfd16
1 changed files with 67 additions and 0 deletions
--- a/lib/common/empire.py
+++ b/lib/common/empire.py
@ -850,6 +850,73 @@ class MainMenu(cmd.Cmd):
                    print helpers.color("[*] " + os.path.basename(file) + " was already obfuscated. Not reobfuscating.")
                helpers.obfuscate_module(file, self.obfuscateCommand, reobfuscate)

+    def do_report(self, line):
+        "Produce report CSV and log files: sessions.csv, credentials.csv, master.log"
+
+        self.conn = sqlite3.connect("data/empire.db")
+
+        # Agents CSV
+        cur = self.conn.cursor()
+        cur.execute('select session_id, hostname, username, checkin_time from agents')
+
+        rows = cur.fetchall()
+        print helpers.color("[*] Writing data/sessions.csv")
+        f = open('data/sessions.csv','w')
+        f.write("SessionID, Hostname, User Name, First Check-in\n")
+        for row in rows:
+            f.write(row[0]+ ','+ row[1]+ ','+ row[2]+ ','+ row[3]+'\n')
+        f.close()
+
+        # Credentials CSV
+        cur.execute("""
+        SELECT
+            domain
+            ,username
+            ,host
+            ,credtype
+            ,password
+        FROM
+            credentials
+        ORDER BY
+            domain
+            ,credtype
+            ,host
+        """)
+
+        rows = cur.fetchall()
+        print helpers.color("[*] Writing data/credentials.csv")
+        f = open('data/credentials.csv','w')
+        f.write('Domain, Username, Host, Cred Type, Password\n')
+        for row in rows:
+            f.write(row[0]+ ','+ row[1]+ ','+ row[2]+ ','+ row[3]+ ','+ row[4]+'\n')
+        f.close()
+
+        # Empire Log
+        cur.execute("""
+        SELECT
+            reporting.time_stamp
+            ,reporting.event_type
+            ,reporting.name as "AGENT_ID"
+            ,a.hostname
+            ,reporting.taskID
+            ,t.data AS "Task"
+            ,r.data AS "Results"
+        FROM
+            reporting
+            JOIN agents a on reporting.name = a.session_id
+            LEFT OUTER JOIN taskings t on (reporting.taskID = t.id) AND (reporting.name = t.agent)
+            LEFT OUTER JOIN results r on (reporting.taskID = r.id) AND (reporting.name = r.agent)
+        WHERE
+            reporting.event_type == 'task' OR reporting.event_type == 'checkin'
+        """)
+        rows = cur.fetchall()
+        print helpers.color("[*] Writing data/master.log")
+        f = open('data/master.log', 'w')
+        f.write('Empire Master Taskings & Results Log by timestamp\n')
+        f.write('='*50 + '\n\n')
+        for row in rows:
+            f.write('\n' + row[0] + ' - ' + row[3] + ' (' + row[2] + ')> ' + unicode(row[5]) + '\n' + unicode(row[6]) + '\n')
+        f.close()

    def complete_usemodule(self, text, line, begidx, endidx, language=None):
        "Tab-complete an Empire module path."