Last active
February 1, 2025 16:46
-
-
Save nikallass/5f563e0b733e9d0393fc840cda81875f to your computer and use it in GitHub Desktop.
Find interesting scripts and extensions in mounted directory (SMB, NFS, SSHFS, FTP shares)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| RED='\033[0;31m' | |
| GREEN='\033[0;32m' | |
| YELLOW='\033[1;33m' | |
| NC='\033[0m' | |
| # Help function | |
| show_help() { | |
| echo -e "${YELLOW}Usage: $0 <path_to_DIRECTORY> [option]${NC}" | |
| echo "Options:" | |
| echo " -h, --help Show this help message" | |
| echo " -a, --all Run all checks (default)" | |
| echo " -t, --tree Show directory tree only" | |
| echo " -k, --keywords Search for keywords only" | |
| echo " -g, --gpo Check GPO files only" | |
| echo " -e, --extensions Search for specific file extensions only" | |
| echo " -s, --scripts Search for scripts only" | |
| echo " -c, --certs Search for certificate files only" | |
| echo " -v, --verbose Show detailed matches output" | |
| exit 1 | |
| } | |
| # Check if path argument is provided | |
| if [ $# -lt 1 ]; then | |
| show_help | |
| fi | |
| DIRECTORY_PATH="$1" | |
| shift # Remove the first argument (path) from the arguments list | |
| # Define arrays for file types and keywords | |
| BINARY_EXTENSIONS=("exe" "dll" "so" "dylib" "bin" "jpg" "jpeg" "png" "gif" "pdf" "zip" "tar" "gz" "7z" "rar" "iso" "doc" "docx" "xls" "xlsx" "ppt" "pptx") | |
| TEXT_EXTENSIONS=("txt" "xml" "conf" "config" "ini" "bat" "ps1" "vbs" "cmd" "json" "pem" "crt" "cer" "key" "log" "cfg" "yml" "yaml" "sh" "bash" "env") | |
| KEYWORDS=("password" "cred" "secret" "admin" "login" "key" "certificate" "encrypted" "pwd" "conf" "cpassword") | |
| # Global verbose flag | |
| VERBOSE=false | |
| # Function to check if file is binary | |
| is_binary() { | |
| local file="$1" | |
| local ext="${file##*.}" | |
| for binary_ext in "${BINARY_EXTENSIONS[@]}"; do | |
| if [ "$ext" = "$binary_ext" ]; then | |
| return 0 | |
| fi | |
| done | |
| for text_ext in "${TEXT_EXTENSIONS[@]}"; do | |
| if [ "$ext" = "$text_ext" ]; then | |
| return 1 | |
| fi | |
| done | |
| if file "$file" | grep -q "text"; then | |
| return 1 | |
| else | |
| return 0 | |
| fi | |
| } | |
| # Function to search for keywords in a file and show context | |
| search_file_with_context() { | |
| local file="$1" | |
| local keyword="$2" | |
| if grep -l -i "$keyword" "$file" >/dev/null 2>&1; then | |
| local match_count=$(grep -i "$keyword" "$file" 2>/dev/null | wc -l) | |
| echo -e "\n${GREEN}[+] Found keyword '$keyword' in: $file (matches: $match_count)${NC}" | |
| if [ "$VERBOSE" = true ]; then | |
| grep -i -C 1 "$keyword" "$file" 2>/dev/null | while IFS= read -r line; do | |
| if echo "$line" | grep -q -i "$keyword"; then | |
| # Очищаем строку и ограничиваем длину вывода | |
| clean_line=$(echo "$line" | tr -cd '[:print:][:space:]') | |
| echo "Context: ...${clean_line:0:100}..." | |
| fi | |
| done | |
| fi | |
| fi | |
| } | |
| # Function to search for sensitive keywords | |
| search_keywords() { | |
| echo -e "${YELLOW}[*] Searching for sensitive keywords...${NC}" | |
| while IFS= read -r file; do | |
| if ! is_binary "$file"; then | |
| for keyword in "${KEYWORDS[@]}"; do | |
| search_file_with_context "$file" "$keyword" | |
| done | |
| fi | |
| done < <(find "$DIRECTORY_PATH" -type f 2>/dev/null) | |
| } | |
| # Function to find interesting file extensions | |
| find_extensions() { | |
| echo -e "\n${YELLOW}[*] Looking for interesting file extensions...${NC}" | |
| extensions=("xml" "conf" "config" "txt" "ini" "bat" "ps1" "vbs" "cmd" "json" "pem" "crt" "cer" "key") | |
| for ext in "${extensions[@]}"; do | |
| echo -e "\n${GREEN}[+] Finding *.$ext files:${NC}" | |
| find "$DIRECTORY_PATH" -type f -name "*.$ext" 2>/dev/null | |
| done | |
| } | |
| # Function to check Group Policy files | |
| check_gpo() { | |
| echo -e "\n${YELLOW}[*] Analyzing Group Policy files...${NC}" | |
| local gpo_files=$(find "$DIRECTORY_PATH" -type f -name "Groups.xml" -o -name "Services.xml" -o -name "ScheduledTasks.xml" -o -name "DataSources.xml" -o -name "Printers.xml" -o -name "Drives.xml" 2>/dev/null) | |
| if [ -n "$gpo_files" ]; then | |
| echo -e "${GREEN}[+] Found GPO files:${NC}" | |
| echo "$gpo_files" | |
| # Search for keywords in GPO files | |
| echo -e "\n${YELLOW}[*] Searching for sensitive information in GPO files...${NC}" | |
| while IFS= read -r file; do | |
| for keyword in "${KEYWORDS[@]}"; do | |
| search_file_with_context "$file" "$keyword" | |
| done | |
| done <<< "$gpo_files" | |
| fi | |
| } | |
| # Main execution function | |
| run_checks() { | |
| local mode="$1" | |
| # Check if DIRECTORY is mounted | |
| if [ ! -d "$DIRECTORY_PATH" ]; then | |
| echo -e "${RED}[-] DIRECTORY is not mounted at $DIRECTORY_PATH${NC}" | |
| exit 1 | |
| fi | |
| case "$mode" in | |
| "all"|"") | |
| echo -e "${GREEN}[+] Starting full DIRECTORY enumeration...${NC}" | |
| echo -e "${YELLOW}[*] DIRECTORY Path: $DIRECTORY_PATH${NC}\n" | |
| echo -e "${YELLOW}[*] Directory structure:${NC}" | |
| tree "$DIRECTORY_PATH" 2>/dev/null | |
| search_keywords | |
| find_extensions | |
| check_gpo | |
| echo -e "\n${YELLOW}[*] Looking for scripts in DIRECTORY:${NC}" | |
| find "$DIRECTORY_PATH" -type f -name "*.bat" -o -name "*.ps1" -o -name "*.vbs" -o -name "*.cmd" 2>/dev/null | |
| echo -e "\n${YELLOW}[*] Looking for certificate related files:${NC}" | |
| find "$DIRECTORY_PATH" -type f -name "*.cer" -o -name "*.pem" -o -name "*.crt" -o -name "*.p12" -o -name "*.pfx" 2>/dev/null | |
| ;; | |
| "tree") | |
| echo -e "${YELLOW}[*] Directory structure:${NC}" | |
| tree "$DIRECTORY_PATH" 2>/dev/null | |
| ;; | |
| "keywords") | |
| echo -e "${GREEN}[+] Starting keyword search...${NC}" | |
| search_keywords | |
| ;; | |
| "gpo") | |
| echo -e "${GREEN}[+] Starting GPO analysis...${NC}" | |
| check_gpo | |
| ;; | |
| "extensions") | |
| echo -e "${GREEN}[+] Starting file extension search...${NC}" | |
| find_extensions | |
| ;; | |
| "scripts") | |
| echo -e "${GREEN}[+] Looking for scripts...${NC}" | |
| find "$DIRECTORY_PATH" -type f -name "*.bat" -o -name "*.ps1" -o -name "*.vbs" -o -name "*.cmd" 2>/dev/null | |
| ;; | |
| "certs") | |
| echo -e "${GREEN}[+] Looking for certificate files...${NC}" | |
| find "$DIRECTORY_PATH" -type f -name "*.cer" -o -name "*.pem" -o -name "*.crt" -o -name "*.p12" -o -name "*.pfx" 2>/dev/null | |
| ;; | |
| *) | |
| show_help | |
| ;; | |
| esac | |
| echo -e "\n${GREEN}[+] Enumeration complete${NC}" | |
| } | |
| # Parse command line arguments | |
| MODE="all" | |
| while [ "$1" != "" ]; do | |
| case $1 in | |
| -h | --help) | |
| show_help | |
| ;; | |
| -a | --all) | |
| MODE="all" | |
| ;; | |
| -t | --tree) | |
| MODE="tree" | |
| ;; | |
| -k | --keywords) | |
| MODE="keywords" | |
| ;; | |
| -g | --gpo) | |
| MODE="gpo" | |
| ;; | |
| -e | --extensions) | |
| MODE="extensions" | |
| ;; | |
| -s | --scripts) | |
| MODE="scripts" | |
| ;; | |
| -c | --certs) | |
| MODE="certs" | |
| ;; | |
| -v | --verbose) | |
| VERBOSE=true | |
| shift | |
| continue | |
| ;; | |
| *) | |
| show_help | |
| ;; | |
| esac | |
| shift | |
| done | |
| # Run the selected mode | |
| run_checks "$MODE" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment