From b76f165e4b6fe1bfa8f9b12f0a48756dd4e221f4 Mon Sep 17 00:00:00 2001 From: unknown Date: Thu, 21 Jan 2021 23:42:27 +0200 Subject: [PATCH 1/7] WIP --- BruteShark/PcapAnalyzer/Modules/DnsModule/DnsModule.cs | 1 - 1 file changed, 1 deletion(-) diff --git a/BruteShark/PcapAnalyzer/Modules/DnsModule/DnsModule.cs b/BruteShark/PcapAnalyzer/Modules/DnsModule/DnsModule.cs index e5031c7..025979a 100644 --- a/BruteShark/PcapAnalyzer/Modules/DnsModule/DnsModule.cs +++ b/BruteShark/PcapAnalyzer/Modules/DnsModule/DnsModule.cs @@ -12,7 +12,6 @@ namespace PcapAnalyzer public class DnsModule : IModule { public string Name => "DNS"; - public string CliName => "DNS"; public event EventHandler ParsedItemDetected; From b22b38fd9169d87c85895ee35365264ad8eb6cc5 Mon Sep 17 00:00:00 2001 From: unknown Date: Sat, 23 Jan 2021 00:01:29 +0200 Subject: [PATCH 2/7] fix exception on help command --- .../Single Command Runner/SingleCommandRunner.cs | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/BruteShark/BruteSharkCli/Single Command Runner/SingleCommandRunner.cs b/BruteShark/BruteSharkCli/Single Command Runner/SingleCommandRunner.cs index d73f1f7..43fab4b 100644 --- a/BruteShark/BruteSharkCli/Single Command Runner/SingleCommandRunner.cs +++ b/BruteShark/BruteSharkCli/Single Command Runner/SingleCommandRunner.cs @@ -74,8 +74,14 @@ private void PrintFileStatusUpdate(object sender, FileProcessingStatusChangedEve private void SetupRun() { + // That can happen when the user enter vesion \ help commad, exit gracefully. + if (_cliFlags is null) + { + Environment.Exit(0); + } + // Load modules. - if (_cliFlags.Modules != null) + if (_cliFlags?.Modules != null) { LoadModules(ParseCliModuleNames(_cliFlags.Modules)); } From 6cf8c064b757104b008b14403b9a85282a482190 Mon Sep 17 00:00:00 2001 From: unknown Date: Sat, 23 Jan 2021 00:20:09 +0200 Subject: [PATCH 3/7] verify modules list and enforce consrtraint between -d and -i --- .../Single Command Runner/SingleCommandFlags.cs | 4 ++-- .../Single Command Runner/SingleCommandRunner.cs | 6 +++++- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/BruteShark/BruteSharkCli/Single Command Runner/SingleCommandFlags.cs b/BruteShark/BruteSharkCli/Single Command Runner/SingleCommandFlags.cs index 711bd95..7c3f4ad 100644 --- a/BruteShark/BruteSharkCli/Single Command Runner/SingleCommandFlags.cs +++ b/BruteShark/BruteSharkCli/Single Command Runner/SingleCommandFlags.cs @@ -7,10 +7,10 @@ namespace BruteSharkCli { public class SingleCommandFlags { - [Option('d', "input-dir", Required = false, HelpText = "The input directory containing the files to be processed.")] + [Option('d', "input-dir", Required = false, SetName ="dir_input", HelpText = "The input directory containing the files to be processed.")] public string InputDir { get; set; } - [Option('i', "input", Required = false, Separator = ',', HelpText = "The files to be processed seperated by comma")] + [Option('i', "input", Required = false, SetName = "files_input", Separator = ',', HelpText = "The files to be processed seperated by comma")] public IEnumerable InputFiles { get; set; } [Option('m', "modules", Required = false , Separator = ',', HelpText = "The modules to be separterd by comma: Credentials, FileExtracting, NetworkMap")] diff --git a/BruteShark/BruteSharkCli/Single Command Runner/SingleCommandRunner.cs b/BruteShark/BruteSharkCli/Single Command Runner/SingleCommandRunner.cs index 43fab4b..7496b2d 100644 --- a/BruteShark/BruteSharkCli/Single Command Runner/SingleCommandRunner.cs +++ b/BruteShark/BruteSharkCli/Single Command Runner/SingleCommandRunner.cs @@ -81,10 +81,14 @@ private void SetupRun() } // Load modules. - if (_cliFlags?.Modules != null) + if (_cliFlags?.Modules?.Any() == true) { LoadModules(ParseCliModuleNames(_cliFlags.Modules)); } + else + { + throw new Exception("No mudules selected"); + } if (_cliFlags.InputFiles.Count() != 0 && _cliFlags.InputDir != null) { From 7e68a5abc788addd4a3864702a850155dbe81175 Mon Sep 17 00:00:00 2001 From: unknown Date: Sat, 23 Jan 2021 00:49:56 +0200 Subject: [PATCH 4/7] update readme --- README.md | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/README.md b/README.md index 6629ba3..18e6fc6 100644 --- a/README.md +++ b/README.md @@ -99,6 +99,32 @@ This module tries to extract files from UDP / TCP sessions (Therefore, note that ## BruteSharkDesktop The GUI is pretty self-explanatory, just load the wanted files, configure the wanted modules and press the run button. ## BruteSharkCli +BruteSharkCli has two modes: single command and shell mode. +The single command mode works by geting all the relevant parameters for the processing and then printing the results to stdout or files. +The shell mode allows to perform each step individually. +##### Single Command Mode +Print the help menu. + ```bash + BruteSharkCli.exe --help + ``` +Get credentials from all files in a directory (passwords and hashes will be printed to stdout). + ```bash + BruteSharkCli.exe -m Credentials -d C:\Users\King\Desktop\Pcap_Examples + ``` +Get credentials from all files in a directory and also export extracted hashes (if found) to a Hashcat input files. + ```bash + BruteSharkCli.exe -m Credentials -d C:\Users\King\Desktop\Pcap_Examples -o C:\Users\King\Desktop\Results + ``` +Run multiple modules on all files in a directory and also export all the results. + ```bash + BruteSharkCli.exe -m Credentials,NetworkMap,FileExtracting -d C:\Users\King\Desktop\Pcap_Examples -o C:\Users\King\Desktop\Results + ``` +##### Shell Mode +Just type + ```bash + BruteSharkCli.exe + ``` +And then navigate using the following commands. | Keyword | Description | |-------------------|-----------------------------------------------------------------------------------------| | help | Print help menu | From 065024d0514666cc5e576043c22d93ac14d7ab2c Mon Sep 17 00:00:00 2001 From: unknown Date: Sat, 23 Jan 2021 00:53:22 +0200 Subject: [PATCH 5/7] update readme --- README.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 18e6fc6..1c74ba2 100644 --- a/README.md +++ b/README.md @@ -107,23 +107,28 @@ Print the help menu. ```bash BruteSharkCli.exe --help ``` + Get credentials from all files in a directory (passwords and hashes will be printed to stdout). ```bash BruteSharkCli.exe -m Credentials -d C:\Users\King\Desktop\Pcap_Examples ``` + Get credentials from all files in a directory and also export extracted hashes (if found) to a Hashcat input files. ```bash BruteSharkCli.exe -m Credentials -d C:\Users\King\Desktop\Pcap_Examples -o C:\Users\King\Desktop\Results ``` + Run multiple modules on all files in a directory and also export all the results. ```bash BruteSharkCli.exe -m Credentials,NetworkMap,FileExtracting -d C:\Users\King\Desktop\Pcap_Examples -o C:\Users\King\Desktop\Results ``` + ##### Shell Mode -Just type +Just type ```bash BruteSharkCli.exe ``` + And then navigate using the following commands. | Keyword | Description | |-------------------|-----------------------------------------------------------------------------------------| From 9a7cd032dee2d0af819986f68d463d698b77a0bc Mon Sep 17 00:00:00 2001 From: unknown Date: Sat, 23 Jan 2021 00:57:24 +0200 Subject: [PATCH 6/7] update readme --- README.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 1c74ba2..bcad005 100644 --- a/README.md +++ b/README.md @@ -104,31 +104,31 @@ The single command mode works by geting all the relevant parameters for the proc The shell mode allows to perform each step individually. ##### Single Command Mode Print the help menu. - ```bash + ``` BruteSharkCli.exe --help ``` Get credentials from all files in a directory (passwords and hashes will be printed to stdout). - ```bash - BruteSharkCli.exe -m Credentials -d C:\Users\King\Desktop\Pcap_Examples + ```console + foo@bar:~$BruteSharkCli -m Credentials -d C:\Users\King\Desktop\Pcap_Examples ``` Get credentials from all files in a directory and also export extracted hashes (if found) to a Hashcat input files. - ```bash + ``` BruteSharkCli.exe -m Credentials -d C:\Users\King\Desktop\Pcap_Examples -o C:\Users\King\Desktop\Results ``` Run multiple modules on all files in a directory and also export all the results. - ```bash + ``` BruteSharkCli.exe -m Credentials,NetworkMap,FileExtracting -d C:\Users\King\Desktop\Pcap_Examples -o C:\Users\King\Desktop\Results ``` ##### Shell Mode Just type - ```bash + ``` BruteSharkCli.exe ``` - + And then navigate using the following commands. | Keyword | Description | |-------------------|-----------------------------------------------------------------------------------------| From 41b33c5de189026e0199007aadc97ee2b91db561 Mon Sep 17 00:00:00 2001 From: unknown Date: Sat, 23 Jan 2021 01:15:33 +0200 Subject: [PATCH 7/7] update readme --- README.md | 65 ++++++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 47 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index bcad005..cf40b7b 100644 --- a/README.md +++ b/README.md @@ -103,31 +103,60 @@ BruteSharkCli has two modes: single command and shell mode. The single command mode works by geting all the relevant parameters for the processing and then printing the results to stdout or files. The shell mode allows to perform each step individually. ##### Single Command Mode -Print the help menu. - ``` - BruteSharkCli.exe --help - ``` +Print the help menu: -Get credentials from all files in a directory (passwords and hashes will be printed to stdout). - ```console - foo@bar:~$BruteSharkCli -m Credentials -d C:\Users\King\Desktop\Pcap_Examples - ``` + C:\Users\King\Desktop\BruteSharkCli>BruteSharkCli.exe --help + BruteSharkCli 1.0.0.0 + Copyright c 2018 + + -d, --input-dir The input directory containing the files to be processed. + + -i, --input The files to be processed seperated by comma + + -m, --modules The modules to be separterd by comma: Credentials, FileExtracting, NetworkMap + + -o, --output Output direcorty for the results files. + + --help Display this help screen. + + --version Display version information. -Get credentials from all files in a directory and also export extracted hashes (if found) to a Hashcat input files. - ``` - BruteSharkCli.exe -m Credentials -d C:\Users\King\Desktop\Pcap_Examples -o C:\Users\King\Desktop\Results - ``` +Get credentials from all files in a directory (passwords and hashes will be printed to stdout): + + C:\Users\King\Desktop\BruteSharkCli>BruteSharkCli.exe -m Credentials -d "C:\Users\King\Desktop\Pcap Files" + [+] Started analyzing 5 files + File : Ftp.pcap Processing Started + Found: Network Credential: 192.168.0.114=>192.168.0.193(FTP) => csanders:echo + File : Ftp.pcap Processing Finished + File : HTTP - Basic Authentication.pcap Processing Started + Found: Network Credential: 192.168.0.4=>192.254.189.169(HTTP Basic Authentication) => test:fail + Found: Network Credential: 192.168.0.4=>192.254.189.169(HTTP Basic Authentication) => test:fail2 + Found: Network Credential: 192.168.0.4=>192.254.189.169(HTTP Basic Authentication) => test:fail3 + Found: Network Credential: 192.168.0.4=>192.254.189.169(HTTP Basic Authentication) => test:test + File : HTTP - Basic Authentication.pcap Processing Finished + File : IMAP - Authenticate CRAM-MD5.cap Processing Started + Found: Hash: 10.0.2.101=>10.0.1.102:10.0.1.102(IMAP) CRAM-MD5 => aGVtbWluZ3dheSAyOWYyMGI2NjkzNDdhYTA4MTc0OTA2NWQ5MDNhNDllNA== + File : IMAP - Authenticate CRAM-MD5.cap Processing Finished + File : SMB - NTLMSSP (smb3 aes 128 ccm).pcap Processing Started + Found: Hash: 10.160.64.139=>10.160.65.202:10.160.65.202(NTLMSSP) NTLMv2 => 39dbdbeb1bdd29b07a5d20c8f82f2cb701010000000000008a8ce7a9f4ced201e7969a04872c16890000000002000800530055005300450001000c0057005300320030003100360004000e0073007500730065002e006400650003001c005700530032003000310036002e0073007500730065002e006400650005000e0073007500730065002e0064006500070008008a8ce7a9f4ced20100000000 + File : SMB - NTLMSSP (smb3 aes 128 ccm).pcap Processing Finished + File : SMTP - Auth Login.pcap Processing Started + Found: Network Credential: 10.10.1.4=>74.53.140.153(SMTP (Auth Login)) => gurpartap@patriots.in:punjab@123 + File : SMTP - Auth Login.pcap Processing Finished + [X] Bruteshark finished processing +Get credentials from all files in a directory and also export extracted hashes (if found) to a Hashcat input files. + + BruteSharkCli.exe -m Credentials -d C:\Users\King\Desktop\Pcap_Examples -o C:\Users\King\Desktop\Results + Run multiple modules on all files in a directory and also export all the results. - ``` - BruteSharkCli.exe -m Credentials,NetworkMap,FileExtracting -d C:\Users\King\Desktop\Pcap_Examples -o C:\Users\King\Desktop\Results - ``` + + BruteSharkCli.exe -m Credentials,NetworkMap,FileExtracting -d C:\Users\King\Desktop\Pcap_Examples -o C:\Users\King\Desktop\Results ##### Shell Mode Just type - ``` - BruteSharkCli.exe - ``` + + BruteSharkCli.exe And then navigate using the following commands. | Keyword | Description |