Skip to content

Commit

Permalink
Merge branch 'main' into package-psnotify
Browse files Browse the repository at this point in the history
  • Loading branch information
emtuls authored Oct 21, 2023
2 parents bd6a585 + 1edeac3 commit b692ec2
Show file tree
Hide file tree
Showing 443 changed files with 5,232 additions and 473 deletions.
33 changes: 25 additions & 8 deletions .github/ISSUE_TEMPLATE/bug.yml
Original file line number Diff line number Diff line change
Expand Up @@ -28,16 +28,33 @@ body:
attributes:
label: Environment
description: |
Include details about your environment such as:
**Run `VM-Get-Host-Info` and paste the output (assuming you have installed the `vm.common` package).**
- host OS and virtualization software
- VM OS version and service pack
- VM OS ram and HDD space / usage
- VM PowerShell version
- VM Chocolatey version
- VM Boxstarter version
Include the following details about your environment:
- **Virtualization software**: VMWare, VirtualBox, etc.
- **VM OS version**: run `(Get-CimInstance Win32_OperatingSystem).version` in Powershell
- **VM PowerShell version**: run `$PSVersionTable.PSVersion.ToString()` in Powershell
- **VM Chocolatey version**: run `choco --version`
- **VM Boxstarter version**: run `choco info -l -r "boxstarter"`
- **Output of `VM-Get-Host-Info`** that will be available if the `vm.common` package has been install: run `VM-Get-Host-Info` in PowerShell with admin rights
placeholder: |
- Virtualization software:
- VM OS version:
- VM PowerShell version:
- VM Chocolatey version:
- VM Boxstarter version:
- Output of `VM-Get-Host-Info`:
validations:
required: true
- type: textarea
id: extra-info
attributes:
label: Additional Information
description: |
Any additional information, configuration or data that might be necessary to understand and reproduce the issue. For example:
- Console output
- The log files `C:\ProgramData\_VM\log.txt` and `C:\ProgramData\chocolatey\logs\chocolatey.log`
Text logs are preferred over screenshots.
- type: dropdown
id: ci
attributes:
Expand Down
1 change: 1 addition & 0 deletions .github/ISSUE_TEMPLATE/config.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
blank_issues_enabled: false
17 changes: 17 additions & 0 deletions .github/ISSUE_TEMPLATE/feature.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
name: 💡 Feature proposal
description: Propose a new feature or improvement.
body:
- type: markdown
attributes:
value: |
Thanks for helping improving VM-Packages. Before submitting your issue:
- **If you want to propose a new tool/package, use the [NEW PACKAGE](https://github.com/mandiant/VM-Packages/issues/new?labels=%3Anew%3A+package&template=new_package.yml&title=Package+proposal%3A+%3Cpackage_name%3E.vm) or [NEW METAPACKAGE](https://github.com/mandiant/VM-Packages/issues/new?labels=%3Anew%3A+package&template=new_metapackage.yml&title=Metapackage+proposal%3A+%3Cpackage_name%3E.vm) template instead and provide all the information requested there.** This help us tracking proposals and speeds up the package creation process.
- If you want to report a bug, use the [bug issue type](https://github.com/mandiant/VM-Packages/issues/new?labels=%3Abug%3A+bug&template=bug.yml) instead and provide all the information requested there. Otherwise we won't be able to help.
- Check the [open issues](https://github.com/mandiant/VM-Packages/issues) and ensure there is not already a similar issue. If there is already a similar issue, please add more details there instead of opening a new one.
- type: textarea
id: problem
attributes:
label: Details
description: The more details, the better!
validations:
required: true
23 changes: 15 additions & 8 deletions .github/ISSUE_TEMPLATE/new_metapackage.yml
Original file line number Diff line number Diff line change
Expand Up @@ -50,31 +50,38 @@ body:
label: Category
description: Which category should this tool be installed to?
options:
- Android
- Active Directory
- Cloud
- Command & Control
- Credential Access
- Debuggers
- Delphi
- Disassemblers
- dotNet
- Evasion
- Exploitation
- Forensic
- Hex Editors
- Java
- Information Gathering
- InnoSetup
- Java/Android
- Javascript
- Lateral Movement
- Networking
- Office
- Packers
- Password Attacks
- Payload Development
- PDF
- PE
- Persistence
- PowerShell
- Privilege Escalation
- Python
- Reconnaissance
- Text Editors
- Utilities
- VB
- Active Directory
- Command & Control
- Evasion
- Exploitation
- Information Gathering
- Password Attacks
- Vulnerability Analysis
- Web Application
- Wordlists
Expand Down
43 changes: 31 additions & 12 deletions .github/ISSUE_TEMPLATE/new_package.yml
Original file line number Diff line number Diff line change
Expand Up @@ -32,16 +32,28 @@ body:
label: Package type
description: |
This is needed to know how to send the automatic PR.
ZIP_EXE - An executable tool distributed in a ZIP file
SINGLE_EXE - An executable tool distributed via direct/raw download
SINGLE_PS1 - A PowerShell script distributed via direct/raw download
GITHUB_REPO - Download a GitHub repository based on a specific commit hash
`ZIP_EXE` - An executable tool distributed in a ZIP file
`SINGLE_EXE` - An executable tool distributed via direct/raw download
`SINGLE_PS1` - A PowerShell script distributed via direct/raw download
`GITHUB_REPO` - Download a GitHub repository based on a specific commit hash
options:
- ZIP_EXE
- SINGLE_EXE
- SINGLE_PS1
- GITHUB_REPO
- OTHER/UNKNOWN
- type: dropdown
id: console_app
validations:
required: true
attributes:
label: Is the tool a console application?
description: |
The tool is a console application, the shortcut should run it with `cmd /K $toolPath --help` to be able to see the output.
Only supported by package types `ZIP_EXE` and `SINGLE_EXE`.
options:
- 'false'
- 'true'
- type: input
id: version
attributes:
Expand All @@ -57,31 +69,38 @@ body:
label: Category
description: Which category should this tool be installed to?
options:
- Android
- Active Directory
- Cloud
- Command & Control
- Credential Access
- Debuggers
- Delphi
- Disassemblers
- dotNet
- Evasion
- Exploitation
- Forensic
- Hex Editors
- Java
- Information Gathering
- InnoSetup
- Java/Android
- Javascript
- Lateral Movement
- Networking
- Office
- Packers
- Password Attacks
- Payload Development
- PDF
- PE
- Persistence
- PowerShell
- Privilege Escalation
- Python
- Reconnaissance
- Text Editors
- Utilities
- VB
- Active Directory
- Command & Control
- Evasion
- Exploitation
- Information Gathering
- Password Attacks
- Vulnerability Analysis
- Web Application
- Wordlists
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -54,5 +54,5 @@ jobs:
Set-Location built_pkgs
foreach ($package in $built_pkgs) {
cpush -s "https://www.myget.org/F/vm-packages/api/v2" -k ${{ secrets.MYGET_TOKEN }} $package
choco push -s "https://www.myget.org/F/vm-packages/api/v2" -k ${{ secrets.MYGET_TOKEN }} $package
}
3 changes: 2 additions & 1 deletion .github/workflows/update_package.yml
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ jobs:
$package = $packagePath.Name
$newVersion = 0
# Test indepdendly every type of update and commit what works
foreach ($UPDATE_TYPE in ('DEPENDENCIES', 'GITHUB_URL')) {
foreach ($UPDATE_TYPE in ('DEPENDENCIES', 'GITHUB_URL', 'VERSION_URL')) {
$version = python scripts\utils\update_package.py $package --update_type $UPDATE_TYPE
$updated = $?
echo "$package $version"
Expand All @@ -41,6 +41,7 @@ jobs:
$newVersion = $version
} else {
echo "$package $version FAILED"
git diff
}
}
# Clean changes and built packages
Expand Down
8 changes: 4 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
[![Packages](https://img.shields.io/badge/packages-66-blue.svg)](packages)
[![Packages](https://img.shields.io/badge/packages->100-blue.svg)](packages)
[![CI](https://github.com/mandiant/VM-packages/workflows/CI/badge.svg)](https://github.com/mandiant/VM-packages/actions?query=workflow%3ACI+branch%3Amain)
[![Daily run](https://github.com/mandiant/VM-packages/workflows/daily/badge.svg)](https://github.com/mandiant/VM-Packages/wiki/Daily-Failures)

Expand All @@ -7,7 +7,6 @@
This repository contains the source code for packages supporting the following analysis environment projects:
* [FLARE VM](https://github.com/mandiant/flare-vm)
* [CommandoVM](https://github.com/mandiant/commando-vm)
* [ThreatPursuit VM](https://github.com/mandiant/ThreatPursuit-VM)

> Packages do not contain actual software distributions. Packages are PowerShell scripts that only contain instructions for obtaining and configuring tools. See [Chocolatey legal information](https://docs.chocolatey.org/en-us/information/legal) for more details.
Expand All @@ -17,12 +16,13 @@ The packages stored in this repository are automatically built and pushed to a p
The installation of packages relies on [Chocolatey](https://chocolatey.org/).

# Contributing
To report problems or to suggest new tools please open a new [Issue](https://github.com/mandiant/VM-Packages/issues).
To propose new tools, to report problems, and to suggest improvements please open a new [issue](https://github.com/mandiant/VM-Packages/issues).
Ensure you select the correct issue type and provide all the requested information.

Please see the [Wiki](https://github.com/mandiant/VM-Packages/wiki) for documentation on how to create a package using our established best practices.

# Open Source Packages
Open sourcing the installation packages allows the community to not only suggest new tools, improvements, and report bugs, but to help implement them. It's now very transparent how and what gets installed. Moreover, we can use GitHub Actions (free for open-source repositories) for testing and automations. This reduces manual maintenance and simplifies contributions.

## Automation
Once a package is submitted, our pull request automations test the package to see if it builds and installs correctly. Additionally, we use GitHub Actions to build and test each package on a daily basis to check for any errors. Simply being aware of broken packages should quickly solve a lot of problems VM users faced in the past.
Once a package is submitted, our pull request automations test the package to see if it builds and installs correctly. Additionally, we use GitHub Actions to build and test each package on a daily basis to check for any errors (see [Daily Failures Wiki page](https://github.com/mandiant/VM-Packages/wiki/Daily-Failures)). Simply being aware of broken packages should quickly solve a lot of problems VM users faced in the past.
23 changes: 15 additions & 8 deletions categories.txt
Original file line number Diff line number Diff line change
@@ -1,28 +1,35 @@
Android
Active Directory
Cloud
Command & Control
Credential Access
Debuggers
Delphi
Disassemblers
dotNet
Evasion
Exploitation
Forensic
Hex Editors
Java
Information Gathering
InnoSetup
Java/Android
Javascript
Lateral Movement
Networking
Office
Packers
Password Attacks
Payload Development
PDF
PE
Persistence
PowerShell
Privilege Escalation
Python
Reconnaissance
Text Editors
Utilities
VB
Active Directory
Command & Control
Evasion
Exploitation
Information Gathering
Password Attacks
Vulnerability Analysis
Web Application
Wordlists
2 changes: 1 addition & 1 deletion packages/010editor.vm/010editor.vm.nuspec
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
<package xmlns="http://schemas.microsoft.com/packaging/2011/08/nuspec.xsd">
<metadata>
<id>010editor.vm</id>
<version>12.0.1</version>
<version>14.0</version>
<description>Professional text and hex editor with Binary Templates technology.</description>
<authors>SweetScape</authors>
<dependencies>
Expand Down
8 changes: 4 additions & 4 deletions packages/010editor.vm/tools/chocolateyinstall.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,10 @@ try {
$toolName = '010Editor'
$category = 'Hex Editors'

$url = 'https://download.sweetscape.com/010EditorWin32Installer12.0.1.exe'
$checksum = '7790f48716c728e45989375d2b4d2deaa611d39c40e93ba470651bdc44305434'
$url64 = 'https://download.sweetscape.com/010EditorWin64Installer12.0.1.exe'
$checksum64 = '65c2999e430e026a5906b9a7064f8d9a56e798284309efde7140a515237b9dae'
$url = 'https://download.sweetscape.com/010EditorWin32Installer14.0.exe'
$checksum = '11d96fa10df0f8e6add3509e03b963c398a190890f0ea45d8e56c4dd77cbeaa9'
$url64 = 'https://download.sweetscape.com/010EditorWin64Installer14.0.exe'
$checksum64 = '9f926af3bc49df3ab3b2fa8e9cf97caf018081df277c25ee37fab8c2fdd974ba'

$packageArgs = @{
packageName = ${Env:ChocolateyPackageName}
Expand Down
6 changes: 3 additions & 3 deletions packages/7zip-15-05.vm/7zip-15-05.vm.nuspec
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,11 @@
<package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
<metadata>
<id>7zip-15-05.vm</id>
<version>15.05</version>
<version>15.05.0.20230926</version>
<authors>Igor Pavlov</authors>
<description>7-Zip file archiver. This version is able to extract NSIS scripts.</description>
<dependencies>
<dependency id="common.vm" />
<dependency id="common.vm" version="0.0.0.20230926" />
</dependencies>
</metadata>
</package>
</package>
13 changes: 10 additions & 3 deletions packages/7zip-15-05.vm/tools/chocolateyinstall.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -31,8 +31,15 @@ try {
Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $executablePath
VM-Assert-Path $shortcut

$executablePath = Join-Path $toolDir "7z.exe" -Resolve
Install-BinFile -Name $toolName -Path $executablePath
$7zExecutablePath = Join-Path $toolDir "7z.exe" -Resolve
Install-BinFile -Name $toolName -Path $7zExecutablePath

# Add 7z unzip with password "infected" to the right menu for the most common extensions.
# 7z can unzip other file extensions like .docx but these don't likely use the infected password.
$extensions = @(".7z", ".bzip2", ".gzip", ".tar", ".wim", ".xz", ".txz", ".zip", ".rar")
foreach ($extension in $extensions) {
VM-Add-To-Right-Click-Menu $toolName 'unzip "infected"' "`"$7zExecutablePath`" e -pinfected `"%1`"" "$executablePath" -extension $extension
}
} catch {
VM-Write-Log-Exception $_
}
}
7 changes: 6 additions & 1 deletion packages/7zip-15-05.vm/tools/chocolateyuninstall.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -11,4 +11,9 @@ VM-Remove-Tool-Shortcut $toolName $category
Uninstall-BinFile -Name $toolName

# Manually silently uninstall
VM-Uninstall-With-Uninstaller "7-Zip 15.05*" "EXE" "/S"
VM-Uninstall-With-Uninstaller "7-Zip 15.05*" "EXE" "/S"

$extensions = @(".7z", ".bzip2", ".gzip", ".tar", ".wim", ".xz", ".txz", ".zip", ".rar")
foreach ($extension in $extensions) {
VM-Remove-From-Right-Click-Menu $toolName -extension $extension
}
12 changes: 12 additions & 0 deletions packages/adconnectdump.vm/adconnectdump.vm.nuspec
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
<?xml version="1.0" encoding="utf-8"?>
<package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
<metadata>
<id>adconnectdump.vm</id>
<version>0.0.0.20230710</version>
<authors>fox-it</authors>
<description>This toolkit offers several ways to extract and decrypt stored Azure AD and Active Directory credentials from Azure AD Connect servers.</description>
<dependencies>
<dependency id="common.vm" />
</dependencies>
</metadata>
</package>
10 changes: 10 additions & 0 deletions packages/adconnectdump.vm/tools/chocolateyinstall.ps1
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
$ErrorActionPreference = 'Stop'
Import-Module vm.common -Force -DisableNameChecking

$toolName = 'ADConnectDump'
$category = 'Credential Access'

$zipUrl = 'https://github.com/fox-it/adconnectdump/archive/3ff6ebe7afac83263dd41857fdec51dcca0012b4.zip'
$zipSha256 = '6f36659f4d0ef7e20ddea0d7c17f36786c2fa8ca0728e6fd790f3234f408e0e9'

VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256
7 changes: 7 additions & 0 deletions packages/adconnectdump.vm/tools/chocolateyuninstall.ps1
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
$ErrorActionPreference = 'Continue'
Import-Module vm.common -Force -DisableNameChecking

$toolName = 'ADConnectDump'
$category = 'Credential Access'

VM-Uninstall $toolName $category
Loading

0 comments on commit b692ec2

Please sign in to comment.