darnellkeith/PEASS-ng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

impr winpeas

Browse Source
This commit is contained in:
Carlos Polop 2025-03-20 05:02:34 +01:00
parent ce5cb1ad9c
commit 62022abc47
3 changed files with 45 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
parsers/__init__.py Normal file
View File

21
parsers/peas2json.py
View File

@ -144,7 +144,12 @@ def parse_line(line: str):
}) })
def main(): def parse_peass(outputpath: str, jsonpath: str = ""):
global OUTPUT_PATH, JSON_PATH
OUTPUT_PATH = outputpath
JSON_PATH = jsonpath
for line in open(OUTPUT_PATH, 'r', encoding="utf8").readlines(): for line in open(OUTPUT_PATH, 'r', encoding="utf8").readlines():
line = line.strip() line = line.strip()
if not line or not clean_colors(line): #Remove empty lines or lines just with colors hex if not line or not clean_colors(line): #Remove empty lines or lines just with colors hex
@ -152,17 +157,21 @@ def main():
parse_line(line) parse_line(line)
with open(JSON_PATH, "w") as f: if JSON_PATH:
json.dump(FINAL_JSON, f) with open(JSON_PATH, "w") as f:
json.dump(FINAL_JSON, f)
else:
return FINAL_JSON
# Start execution # Start execution
if __name__ == "__main__": if __name__ == "__main__":
try: try:
OUTPUT_PATH = sys.argv[1] outputpath = sys.argv[1]
JSON_PATH = sys.argv[2] jsonpath = sys.argv[2]
parse_peass(outputpath, jsonpath)
except IndexError as err: except IndexError as err:
print("Error: Please pass the peas.out file and the path to save the json\npeas2json.py <output_file> <json_file.json>") print("Error: Please pass the peas.out file and the path to save the json\npeas2json.py <output_file> <json_file.json>")
sys.exit(1) sys.exit(1)
main()

31
winPEAS/winPEASexe/winPEAS/Info/CloudInfo/AzureInfo.cs
View File

@ -28,7 +28,20 @@ namespace winPEAS.Info.CloudInfo
const string API_VERSION = "2021-12-13"; const string API_VERSION = "2021-12-13";
const string CONTAINER_API_VERSION = "2019-08-01"; const string CONTAINER_API_VERSION = "2019-08-01";
// **New helper method to detect if running inside an Azure container** public static bool DoesProcessExist(string processName)
{
// Return false if the process name is null or empty
if (string.IsNullOrEmpty(processName))
{
return false;
}
// Retrieve all processes matching the specified name
Process[] processes = Process.GetProcessesByName(processName);
return processes.Length > 0;
}
// New helper method to detect if running inside an Azure container
private bool IsContainer() private bool IsContainer()
{ {
return !string.IsNullOrEmpty(Environment.GetEnvironmentVariable("IDENTITY_ENDPOINT")) || return !string.IsNullOrEmpty(Environment.GetEnvironmentVariable("IDENTITY_ENDPOINT")) ||
@ -123,6 +136,22 @@ namespace winPEAS.Info.CloudInfo
} }
} }
string hwsRun = DoesProcessExist("HybridWorkerService") ? "Yes" : "No";
_endpointDataList.Add(new EndpointData()
{
EndpointName = "HybridWorkerService.exe Running",
Data = hwsRun,
IsAttackVector = true
});
string OSRun = DoesProcessExist("Orchestrator.Sandbox") ? "Yes" : "No";
_endpointDataList.Add(new EndpointData()
{
EndpointName = "Orchestrator.Sandbox.exe Running",
Data = OSRun,
IsAttackVector = true
});
_endpointData.Add("General", _endpointDataList); _endpointData.Add("General", _endpointDataList);
} }
catch (Exception ex) catch (Exception ex)