NetExec/nxc/modules/get_netconnections.py

#!/usr/bin/env python3
# -*- coding: utf-8 -*-

from datetime import datetime
from nxc.helpers.logger import write_log
import json


class NXCModule:
    """
    Uses WMI to extract network connections, used to find multi-homed hosts.
    Module by @fang0654

    """

    name = "get_netconnections"
    description = "Uses WMI to query network connections."
    supported_protocols = ["smb", "wmi"]
    opsec_safe = True
    multiple_hosts = True

    def options(self, context, module_options):
        """
        No options
        """
        pass

    def on_admin_login(self, context, connection):
        data = []
        cards = connection.wmi(f"select DNSDomainSuffixSearchOrder, IPAddress from win32_networkadapterconfiguration")
        if cards:
            for c in cards:
                if c["IPAddress"].get("value"):
                    context.log.success(f"IP Address: {c['IPAddress']['value']}\tSearch Domain: {c['DNSDomainSuffixSearchOrder']['value']}")

            data.append(cards)

        log_name = "network-connections-{}-{}.log".format(connection.host, datetime.now().strftime("%Y-%m-%d_%H%M%S"))
        write_log(json.dumps(data), log_name)
        context.log.display(f"Saved raw output to ~/.nxc/logs/{log_name}")
Adding shebang and encoding utf-8 for all python files 2022-07-18 23:59:14 +00:00			`#!/usr/bin/env python3`
			`# -- coding: utf-8 --`

Added module for finding other network addresses on a host via WMI 2022-03-11 23:00:25 +00:00			`from datetime import datetime`
rename folders, files, functions, classes, etc to NetExec/nxc 2023-09-14 21:07:15 +00:00			`from nxc.helpers.logger import write_log`
Added module for finding other network addresses on a host via WMI 2022-03-11 23:00:25 +00:00			`import json`

black formating 2023-05-02 15:17:59 +00:00
Rename Module Classname to match python convention 2023-09-17 20:20:40 +00:00			`class NXCModule:`
fix(docs): replace single quote doc strings with double quote 2023-04-07 16:40:48 +00:00			`"""`
black formating 2023-05-02 15:17:59 +00:00			`Uses WMI to extract network connections, used to find multi-homed hosts.`
			`Module by @fang0654`
Added module for finding other network addresses on a host via WMI 2022-03-11 23:00:25 +00:00
fix(docs): replace single quote doc strings with double quote 2023-04-07 16:40:48 +00:00			`"""`
Added module for finding other network addresses on a host via WMI 2022-03-11 23:00:25 +00:00
black formating 2023-05-02 15:17:59 +00:00			`name = "get_netconnections"`
			`description = "Uses WMI to query network connections."`
[wmi] neff review I Signed-off-by: XiaoliChan <2209553467@qq.com> 2023-09-01 13:49:57 +00:00			`supported_protocols = ["smb", "wmi"]`
black formating 2023-05-02 15:17:59 +00:00			`opsec_safe = True`
Added module for finding other network addresses on a host via WMI 2022-03-11 23:00:25 +00:00			`multiple_hosts = True`

			`def options(self, context, module_options):`
fix(docs): replace single quote doc strings with double quote 2023-04-07 16:40:48 +00:00			`"""`
Added module for finding other network addresses on a host via WMI 2022-03-11 23:00:25 +00:00			`No options`
fix(docs): replace single quote doc strings with double quote 2023-04-07 16:40:48 +00:00			`"""`
Added module for finding other network addresses on a host via WMI 2022-03-11 23:00:25 +00:00			`pass`

			`def on_admin_login(self, context, connection):`
			`data = []`
black v2 formating 2023-05-08 18:39:36 +00:00			`cards = connection.wmi(f"select DNSDomainSuffixSearchOrder, IPAddress from win32_networkadapterconfiguration")`
[smb] Firewall checker in wmi query Signed-off-by: XiaoliChan <2209553467@qq.com> 2023-08-23 04:23:28 +00:00			`if cards:`
			`for c in cards:`
			`if c["IPAddress"].get("value"):`
			`context.log.success(f"IP Address: {c['IPAddress']['value']}\tSearch Domain: {c['DNSDomainSuffixSearchOrder']['value']}")`
black formating 2023-05-02 15:17:59 +00:00
[smb] Firewall checker in wmi query Signed-off-by: XiaoliChan <2209553467@qq.com> 2023-08-23 04:23:28 +00:00			`data.append(cards)`
Added module for finding other network addresses on a host via WMI 2022-03-11 23:00:25 +00:00
[wmi] self review: remove useless try in wmi query & bugs fix in modules Signed-off-by: XiaoliChan <2209553467@qq.com> 2023-08-30 03:43:02 +00:00			`log_name = "network-connections-{}-{}.log".format(connection.host, datetime.now().strftime("%Y-%m-%d_%H%M%S"))`
Added module for finding other network addresses on a host via WMI 2022-03-11 23:00:25 +00:00			`write_log(json.dumps(data), log_name)`
rename folders, files, functions, classes, etc to NetExec/nxc 2023-09-14 21:07:15 +00:00			`context.log.display(f"Saved raw output to ~/.nxc/logs/{log_name}")`