infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Wire in support for showing process and file extension exclusions

bug/bundler_fix
Jon Hart 2015-12-04 12:35:42 -08:00
parent 78a303974f
commit e7d2eb6ad9
No known key found for this signature in database
GPG Key ID: 2FA9F0A3AFA8E9D3
1 changed files with 18 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
modules/post/windows/gather/enum_av_excluded.rb
View File

@ -13,8 +13,13 @@ class Metasploit3 < Msf::Post
super( super(
update_info( update_info(
info, info,
'Name' => 'Windows Antivirus Excluded Locations Enumeration', 'Name' => 'Windows Antivirus Exclusions Enumeration',
'Description' => 'This module will enumerate all excluded directories within supported AV products', 'Description' => %q(
This module will enumerate the file, directory, process and
extension-based exclusions from supported AV products, which
currently includes Microsoft Defender, Microsoft Security
Essentials/Antimalware, and Symantec Endpoint Protection.
),
'License' => MSF_LICENSE, 'License' => MSF_LICENSE,
'Author' => [ 'Author' => [
'Andrew Smith', # original metasploit module 'Andrew Smith', # original metasploit module
@ -66,28 +71,32 @@ class Metasploit3 < Msf::Post
paths << registry_getvaldata("#{client_exclusion_key}\\#{key}", 'DirectoryName') + ' (client)' paths << registry_getvaldata("#{client_exclusion_key}\\#{key}", 'DirectoryName') + ' (client)'
end end
end end
print_exclusions_table(SEP, paths) print_exclusions_table(SEP, 'path', paths)
end end
def excluded_defender def excluded_defender
print_exclusions_table(DEFENDER, registry_enumvals("#{DEFENDER_BASE_KEY}\\Exclusions\\Paths")) print_exclusions_table(DEFENDER, 'extension', registry_enumvals("#{DEFENDER_BASE_KEY}\\Exclusions\\Extensions"))
print_exclusions_table(DEFENDER, 'path', registry_enumvals("#{DEFENDER_BASE_KEY}\\Exclusions\\Paths"))
print_exclusions_table(DEFENDER, 'process', registry_enumvals("#{DEFENDER_BASE_KEY}\\Exclusions\\Processes"))
end end
def excluded_mssec def excluded_mssec
print_exclusions_table(ESSENTIALS, registry_enumvals("#{ESSENTIALS_BASE_KEY}\\Exclusions\\Paths")) print_exclusions_table(ESSENTIALS, 'extension', registry_enumvals("#{ESSENTIALS_BASE_KEY}\\Exclusions\\Extensions"))
print_exclusions_table(ESSENTIALS, 'path', registry_enumvals("#{ESSENTIALS_BASE_KEY}\\Exclusions\\Paths"))
print_exclusions_table(ESSENTIALS, 'process', registry_enumvals("#{ESSENTIALS_BASE_KEY}\\Exclusions\\Processes"))
end end
def print_exclusions_table(product, exclusions) def print_exclusions_table(product, exclusion_type, exclusions)
exclusions ||= [] exclusions ||= []
exclusions = exclusions.compact.reject { |e| e.blank? } exclusions = exclusions.compact.reject { |e| e.blank? }
if exclusions.empty? if exclusions.empty?
print_status("No exclusions for #{product}") print_status("No #{exclusion_type} exclusions for #{product}")
return return
end end
table = Rex::Ui::Text::Table.new( table = Rex::Ui::Text::Table.new(
'Header' => "#{product} excluded paths", 'Header' => "#{product} excluded #{exclusion_type.pluralize}",
'Indent' => 1, 'Indent' => 1,
'Columns' => %w(path) 'Columns' => [ exclusion_type.capitalize ]
) )
exclusions.map { |exclusion| table << [exclusion] } exclusions.map { |exclusion| table << [exclusion] }
print_line(table.to_s) print_line(table.to_s)