diff --git a/BruteShark/BruteSharkCli/Single Command Runner/SingleCommandFlags.cs b/BruteShark/BruteSharkCli/Single Command Runner/SingleCommandFlags.cs index 711bd95..7c3f4ad 100644 --- a/BruteShark/BruteSharkCli/Single Command Runner/SingleCommandFlags.cs +++ b/BruteShark/BruteSharkCli/Single Command Runner/SingleCommandFlags.cs @@ -7,10 +7,10 @@ namespace BruteSharkCli { public class SingleCommandFlags { - [Option('d', "input-dir", Required = false, HelpText = "The input directory containing the files to be processed.")] + [Option('d', "input-dir", Required = false, SetName ="dir_input", HelpText = "The input directory containing the files to be processed.")] public string InputDir { get; set; } - [Option('i', "input", Required = false, Separator = ',', HelpText = "The files to be processed seperated by comma")] + [Option('i', "input", Required = false, SetName = "files_input", Separator = ',', HelpText = "The files to be processed seperated by comma")] public IEnumerable InputFiles { get; set; } [Option('m', "modules", Required = false , Separator = ',', HelpText = "The modules to be separterd by comma: Credentials, FileExtracting, NetworkMap")] diff --git a/BruteShark/BruteSharkCli/Single Command Runner/SingleCommandRunner.cs b/BruteShark/BruteSharkCli/Single Command Runner/SingleCommandRunner.cs index d73f1f7..7496b2d 100644 --- a/BruteShark/BruteSharkCli/Single Command Runner/SingleCommandRunner.cs +++ b/BruteShark/BruteSharkCli/Single Command Runner/SingleCommandRunner.cs @@ -74,11 +74,21 @@ private void PrintFileStatusUpdate(object sender, FileProcessingStatusChangedEve private void SetupRun() { + // That can happen when the user enter vesion \ help commad, exit gracefully. + if (_cliFlags is null) + { + Environment.Exit(0); + } + // Load modules. - if (_cliFlags.Modules != null) + if (_cliFlags?.Modules?.Any() == true) { LoadModules(ParseCliModuleNames(_cliFlags.Modules)); } + else + { + throw new Exception("No mudules selected"); + } if (_cliFlags.InputFiles.Count() != 0 && _cliFlags.InputDir != null) { diff --git a/README.md b/README.md index 6629ba3..cf40b7b 100644 --- a/README.md +++ b/README.md @@ -99,6 +99,66 @@ This module tries to extract files from UDP / TCP sessions (Therefore, note that ## BruteSharkDesktop The GUI is pretty self-explanatory, just load the wanted files, configure the wanted modules and press the run button. ## BruteSharkCli +BruteSharkCli has two modes: single command and shell mode. +The single command mode works by geting all the relevant parameters for the processing and then printing the results to stdout or files. +The shell mode allows to perform each step individually. +##### Single Command Mode +Print the help menu: + + C:\Users\King\Desktop\BruteSharkCli>BruteSharkCli.exe --help + BruteSharkCli 1.0.0.0 + Copyright c 2018 + + -d, --input-dir The input directory containing the files to be processed. + + -i, --input The files to be processed seperated by comma + + -m, --modules The modules to be separterd by comma: Credentials, FileExtracting, NetworkMap + + -o, --output Output direcorty for the results files. + + --help Display this help screen. + + --version Display version information. + +Get credentials from all files in a directory (passwords and hashes will be printed to stdout): + + C:\Users\King\Desktop\BruteSharkCli>BruteSharkCli.exe -m Credentials -d "C:\Users\King\Desktop\Pcap Files" + [+] Started analyzing 5 files + File : Ftp.pcap Processing Started + Found: Network Credential: 192.168.0.114=>192.168.0.193(FTP) => csanders:echo + File : Ftp.pcap Processing Finished + File : HTTP - Basic Authentication.pcap Processing Started + Found: Network Credential: 192.168.0.4=>192.254.189.169(HTTP Basic Authentication) => test:fail + Found: Network Credential: 192.168.0.4=>192.254.189.169(HTTP Basic Authentication) => test:fail2 + Found: Network Credential: 192.168.0.4=>192.254.189.169(HTTP Basic Authentication) => test:fail3 + Found: Network Credential: 192.168.0.4=>192.254.189.169(HTTP Basic Authentication) => test:test + File : HTTP - Basic Authentication.pcap Processing Finished + File : IMAP - Authenticate CRAM-MD5.cap Processing Started + Found: Hash: 10.0.2.101=>10.0.1.102:10.0.1.102(IMAP) CRAM-MD5 => aGVtbWluZ3dheSAyOWYyMGI2NjkzNDdhYTA4MTc0OTA2NWQ5MDNhNDllNA== + File : IMAP - Authenticate CRAM-MD5.cap Processing Finished + File : SMB - NTLMSSP (smb3 aes 128 ccm).pcap Processing Started + Found: Hash: 10.160.64.139=>10.160.65.202:10.160.65.202(NTLMSSP) NTLMv2 => 39dbdbeb1bdd29b07a5d20c8f82f2cb701010000000000008a8ce7a9f4ced201e7969a04872c16890000000002000800530055005300450001000c0057005300320030003100360004000e0073007500730065002e006400650003001c005700530032003000310036002e0073007500730065002e006400650005000e0073007500730065002e0064006500070008008a8ce7a9f4ced20100000000 + File : SMB - NTLMSSP (smb3 aes 128 ccm).pcap Processing Finished + File : SMTP - Auth Login.pcap Processing Started + Found: Network Credential: 10.10.1.4=>74.53.140.153(SMTP (Auth Login)) => gurpartap@patriots.in:punjab@123 + File : SMTP - Auth Login.pcap Processing Finished + [X] Bruteshark finished processing + +Get credentials from all files in a directory and also export extracted hashes (if found) to a Hashcat input files. + + BruteSharkCli.exe -m Credentials -d C:\Users\King\Desktop\Pcap_Examples -o C:\Users\King\Desktop\Results + +Run multiple modules on all files in a directory and also export all the results. + + BruteSharkCli.exe -m Credentials,NetworkMap,FileExtracting -d C:\Users\King\Desktop\Pcap_Examples -o C:\Users\King\Desktop\Results + +##### Shell Mode +Just type + + BruteSharkCli.exe + +And then navigate using the following commands. | Keyword | Description | |-------------------|-----------------------------------------------------------------------------------------| | help | Print help menu |