2017-12-31 19:46:07 +08:00
|
|
|
import logging
|
|
|
|
|
2017-08-16 20:14:26 +08:00
|
|
|
from mimikatz_collector import MimikatzCollector
|
2017-12-31 19:46:07 +08:00
|
|
|
from . import InfoCollector
|
|
|
|
|
|
|
|
LOG = logging.getLogger(__name__)
|
|
|
|
|
2015-11-30 21:29:30 +08:00
|
|
|
__author__ = 'uri'
|
|
|
|
|
|
|
|
|
2015-12-09 22:33:44 +08:00
|
|
|
class WindowsInfoCollector(InfoCollector):
|
2015-11-30 21:29:30 +08:00
|
|
|
"""
|
|
|
|
System information collecting module for Windows operating systems
|
|
|
|
"""
|
|
|
|
|
|
|
|
def __init__(self):
|
2015-12-09 22:33:44 +08:00
|
|
|
super(WindowsInfoCollector, self).__init__()
|
2015-11-30 21:29:30 +08:00
|
|
|
|
|
|
|
def get_info(self):
|
2017-12-31 19:46:07 +08:00
|
|
|
"""
|
|
|
|
Collect Windows system information
|
|
|
|
Hostname, process list and network subnets
|
|
|
|
Tries to read credential secrets using mimikatz
|
|
|
|
:return: Dict of system information
|
|
|
|
"""
|
|
|
|
LOG.debug("Running Windows collector")
|
2015-12-09 22:33:44 +08:00
|
|
|
self.get_hostname()
|
|
|
|
self.get_process_list()
|
2017-09-10 18:11:51 +08:00
|
|
|
self.get_network_info()
|
2018-03-22 22:44:56 +08:00
|
|
|
self.get_azure_info()
|
2017-08-16 20:14:26 +08:00
|
|
|
mimikatz_collector = MimikatzCollector()
|
2018-03-22 22:44:56 +08:00
|
|
|
mimikatz_info = mimikatz_collector.get_logon_info()
|
|
|
|
self.info["credentials"].update(mimikatz_info)
|
2015-11-30 21:29:30 +08:00
|
|
|
return self.info
|