diff --git a/.github/ISSUE_TEMPLATE/bug.yml b/.github/ISSUE_TEMPLATE/bug.yml index 93e83e244..dca6139ab 100644 --- a/.github/ISSUE_TEMPLATE/bug.yml +++ b/.github/ISSUE_TEMPLATE/bug.yml @@ -28,16 +28,33 @@ body: attributes: label: Environment description: | - Include details about your environment such as: - **Run `VM-Get-Host-Info` and paste the output (assuming you have installed the `vm.common` package).** - - host OS and virtualization software - - VM OS version and service pack - - VM OS ram and HDD space / usage - - VM PowerShell version - - VM Chocolatey version - - VM Boxstarter version + Include the following details about your environment: + - **Virtualization software**: VMWare, VirtualBox, etc. + - **VM OS version**: run `(Get-CimInstance Win32_OperatingSystem).version` in Powershell + - **VM PowerShell version**: run `$PSVersionTable.PSVersion.ToString()` in Powershell + - **VM Chocolatey version**: run `choco --version` + - **VM Boxstarter version**: run `choco info -l -r "boxstarter"` + - **Output of `VM-Get-Host-Info`** that will be available if the `vm.common` package has been install: run `VM-Get-Host-Info` in PowerShell with admin rights + placeholder: | + - Virtualization software: + - VM OS version: + - VM PowerShell version: + - VM Chocolatey version: + - VM Boxstarter version: + - Output of `VM-Get-Host-Info`: + validations: required: true + - type: textarea + id: extra-info + attributes: + label: Additional Information + description: | + Any additional information, configuration or data that might be necessary to understand and reproduce the issue. For example: + - Console output + - The log files `C:\ProgramData\_VM\log.txt` and `C:\ProgramData\chocolatey\logs\chocolatey.log` + + Text logs are preferred over screenshots. - type: dropdown id: ci attributes: diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 000000000..3ba13e0ce --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1 @@ +blank_issues_enabled: false diff --git a/.github/ISSUE_TEMPLATE/feature.yml b/.github/ISSUE_TEMPLATE/feature.yml new file mode 100644 index 000000000..548fec0e4 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature.yml @@ -0,0 +1,17 @@ +name: 💡 Feature proposal +description: Propose a new feature or improvement. +body: + - type: markdown + attributes: + value: | + Thanks for helping improving VM-Packages. Before submitting your issue: + - **If you want to propose a new tool/package, use the [NEW PACKAGE](https://github.com/mandiant/VM-Packages/issues/new?labels=%3Anew%3A+package&template=new_package.yml&title=Package+proposal%3A+%3Cpackage_name%3E.vm) or [NEW METAPACKAGE](https://github.com/mandiant/VM-Packages/issues/new?labels=%3Anew%3A+package&template=new_metapackage.yml&title=Metapackage+proposal%3A+%3Cpackage_name%3E.vm) template instead and provide all the information requested there.** This help us tracking proposals and speeds up the package creation process. + - If you want to report a bug, use the [bug issue type](https://github.com/mandiant/VM-Packages/issues/new?labels=%3Abug%3A+bug&template=bug.yml) instead and provide all the information requested there. Otherwise we won't be able to help. + - Check the [open issues](https://github.com/mandiant/VM-Packages/issues) and ensure there is not already a similar issue. If there is already a similar issue, please add more details there instead of opening a new one. + - type: textarea + id: problem + attributes: + label: Details + description: The more details, the better! + validations: + required: true diff --git a/.github/ISSUE_TEMPLATE/new_metapackage.yml b/.github/ISSUE_TEMPLATE/new_metapackage.yml index f0692c4bd..afe91089b 100644 --- a/.github/ISSUE_TEMPLATE/new_metapackage.yml +++ b/.github/ISSUE_TEMPLATE/new_metapackage.yml @@ -50,31 +50,38 @@ body: label: Category description: Which category should this tool be installed to? options: - - Android + - Active Directory - Cloud + - Command & Control + - Credential Access - Debuggers - Delphi - Disassemblers - dotNet + - Evasion + - Exploitation - Forensic - Hex Editors - - Java + - Information Gathering + - InnoSetup + - Java/Android - Javascript + - Lateral Movement - Networking - Office + - Packers + - Password Attacks + - Payload Development - PDF - PE + - Persistence - PowerShell + - Privilege Escalation - Python + - Reconnaissance - Text Editors - Utilities - VB - - Active Directory - - Command & Control - - Evasion - - Exploitation - - Information Gathering - - Password Attacks - Vulnerability Analysis - Web Application - Wordlists diff --git a/.github/ISSUE_TEMPLATE/new_package.yml b/.github/ISSUE_TEMPLATE/new_package.yml index ad7608398..a21eb285f 100644 --- a/.github/ISSUE_TEMPLATE/new_package.yml +++ b/.github/ISSUE_TEMPLATE/new_package.yml @@ -32,16 +32,28 @@ body: label: Package type description: | This is needed to know how to send the automatic PR. - ZIP_EXE - An executable tool distributed in a ZIP file - SINGLE_EXE - An executable tool distributed via direct/raw download - SINGLE_PS1 - A PowerShell script distributed via direct/raw download - GITHUB_REPO - Download a GitHub repository based on a specific commit hash + `ZIP_EXE` - An executable tool distributed in a ZIP file + `SINGLE_EXE` - An executable tool distributed via direct/raw download + `SINGLE_PS1` - A PowerShell script distributed via direct/raw download + `GITHUB_REPO` - Download a GitHub repository based on a specific commit hash options: - ZIP_EXE - SINGLE_EXE - SINGLE_PS1 - GITHUB_REPO - OTHER/UNKNOWN + - type: dropdown + id: console_app + validations: + required: true + attributes: + label: Is the tool a console application? + description: | + The tool is a console application, the shortcut should run it with `cmd /K $toolPath --help` to be able to see the output. + Only supported by package types `ZIP_EXE` and `SINGLE_EXE`. + options: + - 'false' + - 'true' - type: input id: version attributes: @@ -57,31 +69,38 @@ body: label: Category description: Which category should this tool be installed to? options: - - Android + - Active Directory - Cloud + - Command & Control + - Credential Access - Debuggers - Delphi - Disassemblers - dotNet + - Evasion + - Exploitation - Forensic - Hex Editors - - Java + - Information Gathering + - InnoSetup + - Java/Android - Javascript + - Lateral Movement - Networking - Office + - Packers + - Password Attacks + - Payload Development - PDF - PE + - Persistence - PowerShell + - Privilege Escalation - Python + - Reconnaissance - Text Editors - Utilities - VB - - Active Directory - - Command & Control - - Evasion - - Exploitation - - Information Gathering - - Password Attacks - Vulnerability Analysis - Web Application - Wordlists diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 36285bd70..ca23b7dd8 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -54,5 +54,5 @@ jobs: Set-Location built_pkgs foreach ($package in $built_pkgs) { - cpush -s "https://www.myget.org/F/vm-packages/api/v2" -k ${{ secrets.MYGET_TOKEN }} $package + choco push -s "https://www.myget.org/F/vm-packages/api/v2" -k ${{ secrets.MYGET_TOKEN }} $package } diff --git a/.github/workflows/update_package.yml b/.github/workflows/update_package.yml index df8f92a77..656cff2bd 100644 --- a/.github/workflows/update_package.yml +++ b/.github/workflows/update_package.yml @@ -27,7 +27,7 @@ jobs: $package = $packagePath.Name $newVersion = 0 # Test indepdendly every type of update and commit what works - foreach ($UPDATE_TYPE in ('DEPENDENCIES', 'GITHUB_URL')) { + foreach ($UPDATE_TYPE in ('DEPENDENCIES', 'GITHUB_URL', 'VERSION_URL')) { $version = python scripts\utils\update_package.py $package --update_type $UPDATE_TYPE $updated = $? echo "$package $version" @@ -41,6 +41,7 @@ jobs: $newVersion = $version } else { echo "$package $version FAILED" + git diff } } # Clean changes and built packages diff --git a/README.md b/README.md index 873928de3..7a24f22f7 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -[![Packages](https://img.shields.io/badge/packages-66-blue.svg)](packages) +[![Packages](https://img.shields.io/badge/packages->100-blue.svg)](packages) [![CI](https://github.com/mandiant/VM-packages/workflows/CI/badge.svg)](https://github.com/mandiant/VM-packages/actions?query=workflow%3ACI+branch%3Amain) [![Daily run](https://github.com/mandiant/VM-packages/workflows/daily/badge.svg)](https://github.com/mandiant/VM-Packages/wiki/Daily-Failures) @@ -7,7 +7,6 @@ This repository contains the source code for packages supporting the following analysis environment projects: * [FLARE VM](https://github.com/mandiant/flare-vm) * [CommandoVM](https://github.com/mandiant/commando-vm) -* [ThreatPursuit VM](https://github.com/mandiant/ThreatPursuit-VM) > Packages do not contain actual software distributions. Packages are PowerShell scripts that only contain instructions for obtaining and configuring tools. See [Chocolatey legal information](https://docs.chocolatey.org/en-us/information/legal) for more details. @@ -17,7 +16,8 @@ The packages stored in this repository are automatically built and pushed to a p The installation of packages relies on [Chocolatey](https://chocolatey.org/). # Contributing -To report problems or to suggest new tools please open a new [Issue](https://github.com/mandiant/VM-Packages/issues). +To propose new tools, to report problems, and to suggest improvements please open a new [issue](https://github.com/mandiant/VM-Packages/issues). +Ensure you select the correct issue type and provide all the requested information. Please see the [Wiki](https://github.com/mandiant/VM-Packages/wiki) for documentation on how to create a package using our established best practices. @@ -25,4 +25,4 @@ Please see the [Wiki](https://github.com/mandiant/VM-Packages/wiki) for document Open sourcing the installation packages allows the community to not only suggest new tools, improvements, and report bugs, but to help implement them. It's now very transparent how and what gets installed. Moreover, we can use GitHub Actions (free for open-source repositories) for testing and automations. This reduces manual maintenance and simplifies contributions. ## Automation -Once a package is submitted, our pull request automations test the package to see if it builds and installs correctly. Additionally, we use GitHub Actions to build and test each package on a daily basis to check for any errors. Simply being aware of broken packages should quickly solve a lot of problems VM users faced in the past. +Once a package is submitted, our pull request automations test the package to see if it builds and installs correctly. Additionally, we use GitHub Actions to build and test each package on a daily basis to check for any errors (see [Daily Failures Wiki page](https://github.com/mandiant/VM-Packages/wiki/Daily-Failures)). Simply being aware of broken packages should quickly solve a lot of problems VM users faced in the past. diff --git a/categories.txt b/categories.txt index 77c6c0711..32f96279a 100644 --- a/categories.txt +++ b/categories.txt @@ -1,28 +1,35 @@ -Android +Active Directory Cloud +Command & Control +Credential Access Debuggers Delphi Disassemblers dotNet +Evasion +Exploitation Forensic Hex Editors -Java +Information Gathering +InnoSetup +Java/Android Javascript +Lateral Movement Networking Office +Packers +Password Attacks +Payload Development PDF PE +Persistence PowerShell +Privilege Escalation Python +Reconnaissance Text Editors Utilities VB -Active Directory -Command & Control -Evasion -Exploitation -Information Gathering -Password Attacks Vulnerability Analysis Web Application Wordlists diff --git a/packages/010editor.vm/010editor.vm.nuspec b/packages/010editor.vm/010editor.vm.nuspec index 30f500c4f..7bfda8802 100644 --- a/packages/010editor.vm/010editor.vm.nuspec +++ b/packages/010editor.vm/010editor.vm.nuspec @@ -2,7 +2,7 @@ 010editor.vm - 12.0.1 + 14.0 Professional text and hex editor with Binary Templates technology. SweetScape diff --git a/packages/010editor.vm/tools/chocolateyinstall.ps1 b/packages/010editor.vm/tools/chocolateyinstall.ps1 index c97acc6f0..61df41639 100644 --- a/packages/010editor.vm/tools/chocolateyinstall.ps1 +++ b/packages/010editor.vm/tools/chocolateyinstall.ps1 @@ -5,10 +5,10 @@ try { $toolName = '010Editor' $category = 'Hex Editors' - $url = 'https://download.sweetscape.com/010EditorWin32Installer12.0.1.exe' - $checksum = '7790f48716c728e45989375d2b4d2deaa611d39c40e93ba470651bdc44305434' - $url64 = 'https://download.sweetscape.com/010EditorWin64Installer12.0.1.exe' - $checksum64 = '65c2999e430e026a5906b9a7064f8d9a56e798284309efde7140a515237b9dae' + $url = 'https://download.sweetscape.com/010EditorWin32Installer14.0.exe' + $checksum = '11d96fa10df0f8e6add3509e03b963c398a190890f0ea45d8e56c4dd77cbeaa9' + $url64 = 'https://download.sweetscape.com/010EditorWin64Installer14.0.exe' + $checksum64 = '9f926af3bc49df3ab3b2fa8e9cf97caf018081df277c25ee37fab8c2fdd974ba' $packageArgs = @{ packageName = ${Env:ChocolateyPackageName} diff --git a/packages/7zip-15-05.vm/7zip-15-05.vm.nuspec b/packages/7zip-15-05.vm/7zip-15-05.vm.nuspec index 1929cc48e..5ea1943ca 100644 --- a/packages/7zip-15-05.vm/7zip-15-05.vm.nuspec +++ b/packages/7zip-15-05.vm/7zip-15-05.vm.nuspec @@ -2,11 +2,11 @@ 7zip-15-05.vm - 15.05 + 15.05.0.20230926 Igor Pavlov 7-Zip file archiver. This version is able to extract NSIS scripts. - + - \ No newline at end of file + diff --git a/packages/7zip-15-05.vm/tools/chocolateyinstall.ps1 b/packages/7zip-15-05.vm/tools/chocolateyinstall.ps1 index 27bccaec8..50c9f4942 100644 --- a/packages/7zip-15-05.vm/tools/chocolateyinstall.ps1 +++ b/packages/7zip-15-05.vm/tools/chocolateyinstall.ps1 @@ -31,8 +31,15 @@ try { Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $executablePath VM-Assert-Path $shortcut - $executablePath = Join-Path $toolDir "7z.exe" -Resolve - Install-BinFile -Name $toolName -Path $executablePath + $7zExecutablePath = Join-Path $toolDir "7z.exe" -Resolve + Install-BinFile -Name $toolName -Path $7zExecutablePath + + # Add 7z unzip with password "infected" to the right menu for the most common extensions. + # 7z can unzip other file extensions like .docx but these don't likely use the infected password. + $extensions = @(".7z", ".bzip2", ".gzip", ".tar", ".wim", ".xz", ".txz", ".zip", ".rar") + foreach ($extension in $extensions) { + VM-Add-To-Right-Click-Menu $toolName 'unzip "infected"' "`"$7zExecutablePath`" e -pinfected `"%1`"" "$executablePath" -extension $extension + } } catch { VM-Write-Log-Exception $_ -} \ No newline at end of file +} diff --git a/packages/7zip-15-05.vm/tools/chocolateyuninstall.ps1 b/packages/7zip-15-05.vm/tools/chocolateyuninstall.ps1 index 20451faeb..55903ee60 100644 --- a/packages/7zip-15-05.vm/tools/chocolateyuninstall.ps1 +++ b/packages/7zip-15-05.vm/tools/chocolateyuninstall.ps1 @@ -11,4 +11,9 @@ VM-Remove-Tool-Shortcut $toolName $category Uninstall-BinFile -Name $toolName # Manually silently uninstall -VM-Uninstall-With-Uninstaller "7-Zip 15.05*" "EXE" "/S" \ No newline at end of file +VM-Uninstall-With-Uninstaller "7-Zip 15.05*" "EXE" "/S" + +$extensions = @(".7z", ".bzip2", ".gzip", ".tar", ".wim", ".xz", ".txz", ".zip", ".rar") +foreach ($extension in $extensions) { + VM-Remove-From-Right-Click-Menu $toolName -extension $extension +} diff --git a/packages/adconnectdump.vm/adconnectdump.vm.nuspec b/packages/adconnectdump.vm/adconnectdump.vm.nuspec new file mode 100644 index 000000000..89e26d684 --- /dev/null +++ b/packages/adconnectdump.vm/adconnectdump.vm.nuspec @@ -0,0 +1,12 @@ + + + + adconnectdump.vm + 0.0.0.20230710 + fox-it + This toolkit offers several ways to extract and decrypt stored Azure AD and Active Directory credentials from Azure AD Connect servers. + + + + + diff --git a/packages/adconnectdump.vm/tools/chocolateyinstall.ps1 b/packages/adconnectdump.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..3b55e44e8 --- /dev/null +++ b/packages/adconnectdump.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'ADConnectDump' +$category = 'Credential Access' + +$zipUrl = 'https://github.com/fox-it/adconnectdump/archive/3ff6ebe7afac83263dd41857fdec51dcca0012b4.zip' +$zipSha256 = '6f36659f4d0ef7e20ddea0d7c17f36786c2fa8ca0728e6fd790f3234f408e0e9' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/adconnectdump.vm/tools/chocolateyuninstall.ps1 b/packages/adconnectdump.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..ec6f35fc2 --- /dev/null +++ b/packages/adconnectdump.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'ADConnectDump' +$category = 'Credential Access' + +VM-Uninstall $toolName $category diff --git a/packages/apktool.vm/apktool.vm.nuspec b/packages/apktool.vm/apktool.vm.nuspec index bd1b040d2..3117fba52 100644 --- a/packages/apktool.vm/apktool.vm.nuspec +++ b/packages/apktool.vm/apktool.vm.nuspec @@ -2,12 +2,12 @@ apktool.vm - 2.7.0 + 2.9.0 Connor Tumbleson, Ryszard Wisniewski A tool for reverse engineering 3rd party, closed, binary Android apps. - + diff --git a/packages/apktool.vm/tools/chocolateyinstall.ps1 b/packages/apktool.vm/tools/chocolateyinstall.ps1 index 1ebb1745d..f36bc0ac2 100644 --- a/packages/apktool.vm/tools/chocolateyinstall.ps1 +++ b/packages/apktool.vm/tools/chocolateyinstall.ps1 @@ -3,7 +3,7 @@ Import-Module vm.common -Force -DisableNameChecking try { $toolName = 'apktool' - $category = 'Android' + $category = 'Java/Android' $shimPath = 'bin\apktool.exe' $shortcutDir = Join-Path ${Env:TOOL_LIST_DIR} $category diff --git a/packages/apktool.vm/tools/chocolateyuninstall.ps1 b/packages/apktool.vm/tools/chocolateyuninstall.ps1 index 4e92f4503..1d4846a29 100644 --- a/packages/apktool.vm/tools/chocolateyuninstall.ps1 +++ b/packages/apktool.vm/tools/chocolateyuninstall.ps1 @@ -2,6 +2,6 @@ $ErrorActionPreference = 'Continue' Import-Module vm.common -Force -DisableNameChecking $toolName = 'apktool' -$category = 'Android' +$category = 'Java/Android' VM-Remove-Tool-Shortcut $toolName $category diff --git a/packages/asreproast.vm/asreproast.vm.nuspec b/packages/asreproast.vm/asreproast.vm.nuspec index 9ea94a75d..4981d3465 100644 --- a/packages/asreproast.vm/asreproast.vm.nuspec +++ b/packages/asreproast.vm/asreproast.vm.nuspec @@ -2,7 +2,7 @@ asreproast.vm - 0.0.0.20180925 + 0.0.0.20230713 HarmJ0y Project that retrieves crackable hashes from KRB5 AS-REP responses for users without kerberoast preauthentication enabled. diff --git a/packages/asreproast.vm/tools/chocolateyinstall.ps1 b/packages/asreproast.vm/tools/chocolateyinstall.ps1 index bc1f503aa..993009d25 100644 --- a/packages/asreproast.vm/tools/chocolateyinstall.ps1 +++ b/packages/asreproast.vm/tools/chocolateyinstall.ps1 @@ -2,7 +2,7 @@ $ErrorActionPreference = 'Stop' Import-Module vm.common -Force -DisableNameChecking $toolName = 'ASREPRoast' -$category = 'Password Attacks' +$category = 'Credential Access' $zipUrl = 'https://codeload.github.com/HarmJ0y/ASREPRoast/zip/1c94ef12038df1378f5e663fe3b8137e46c60896' $zipSha256 = '3e90bb0755f9076e74ad749a188ad99b9dc11f197d4366a8eaa4f056953e4cab' diff --git a/packages/asreproast.vm/tools/chocolateyuninstall.ps1 b/packages/asreproast.vm/tools/chocolateyuninstall.ps1 index a2c997f3a..320ad8be9 100644 --- a/packages/asreproast.vm/tools/chocolateyuninstall.ps1 +++ b/packages/asreproast.vm/tools/chocolateyuninstall.ps1 @@ -2,6 +2,6 @@ $ErrorActionPreference = 'Continue' Import-Module vm.common -Force -DisableNameChecking $toolName = 'ASREPRoast' -$category = 'Password Attacks' +$category = 'Credential Access' VM-Uninstall $toolName $category \ No newline at end of file diff --git a/packages/azurehound.vm/azurehound.vm.nuspec b/packages/azurehound.vm/azurehound.vm.nuspec index 0b328ccf7..ae56cc2ea 100644 --- a/packages/azurehound.vm/azurehound.vm.nuspec +++ b/packages/azurehound.vm/azurehound.vm.nuspec @@ -2,7 +2,7 @@ azurehound.vm - 2.0.3 + 2.1.3 BloodHoundAD AzureHound is the BloodHound data collector for Microsoft Azure. diff --git a/packages/azurehound.vm/tools/chocolateyinstall.ps1 b/packages/azurehound.vm/tools/chocolateyinstall.ps1 index 0459b337a..d5125c118 100644 --- a/packages/azurehound.vm/tools/chocolateyinstall.ps1 +++ b/packages/azurehound.vm/tools/chocolateyinstall.ps1 @@ -2,9 +2,9 @@ $ErrorActionPreference = 'Stop' Import-Module vm.common -Force -DisableNameChecking $toolName = 'AzureHound' -$category = 'Cloud' +$category = 'Reconnaissance' -$zipUrl = 'https://github.com/BloodHoundAD/AzureHound/releases/download/v2.0.3/azurehound-windows-amd64.zip' -$zipSha256 = 'c75860ece74b95e60f94aec5fd02e78b9579846bc1c35413d37a8344ef081834' +$zipUrl = 'https://github.com/BloodHoundAD/AzureHound/releases/download/v2.1.3/azurehound-windows-amd64.zip' +$zipSha256 = '5cc2668971e79f20065f0e9ebbff2962a35d99e081da9b8cfd75041ec26e6624' VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 diff --git a/packages/azurehound.vm/tools/chocolateyuninstall.ps1 b/packages/azurehound.vm/tools/chocolateyuninstall.ps1 index 5349947ac..8ece807a0 100644 --- a/packages/azurehound.vm/tools/chocolateyuninstall.ps1 +++ b/packages/azurehound.vm/tools/chocolateyuninstall.ps1 @@ -2,6 +2,6 @@ $ErrorActionPreference = 'Continue' Import-Module vm.common -Force -DisableNameChecking $toolName = 'AzureHound' -$category = 'Cloud' +$category = 'Reconnaissance' VM-Uninstall $toolName $category diff --git a/packages/badassmacros.vm/badassmacros.vm.nuspec b/packages/badassmacros.vm/badassmacros.vm.nuspec new file mode 100644 index 000000000..25c3e0cf6 --- /dev/null +++ b/packages/badassmacros.vm/badassmacros.vm.nuspec @@ -0,0 +1,12 @@ + + + + badassmacros.vm + 1.0 + sbasu7241, Inf0secRabbit + Proof of Concept tool to generate malicious macros leveraging techniques like VBA Purging and Shellcode Obfuscation to evade AV engines. + + + + + diff --git a/packages/badassmacros.vm/tools/chocolateyinstall.ps1 b/packages/badassmacros.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..e924759c6 --- /dev/null +++ b/packages/badassmacros.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'BadAssMacros' +$category = 'Payload Development' + +$exeUrl = 'https://github.com/Inf0secRabbit/BadAssMacros/releases/download/v1.0/BadAssMacrosx64.exe' +$exeSha256 = 'aa1efdba79ca36fa9d6d4b64fbe29e2ea7bc8cff1053e21269b8788104d48e83' + +VM-Install-Single-Exe $toolName $category $exeUrl -exeSha256 $exeSha256 -consoleApp $true diff --git a/packages/badassmacros.vm/tools/chocolateyuninstall.ps1 b/packages/badassmacros.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..22d0d89c3 --- /dev/null +++ b/packages/badassmacros.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'BadAssMacros' +$category = 'Payload Development' + +VM-Uninstall $toolName $category diff --git a/packages/bloodhound-custom-queries.vm/bloodhound-custom-queries.vm.nuspec b/packages/bloodhound-custom-queries.vm/bloodhound-custom-queries.vm.nuspec new file mode 100644 index 000000000..6b8694d2f --- /dev/null +++ b/packages/bloodhound-custom-queries.vm/bloodhound-custom-queries.vm.nuspec @@ -0,0 +1,12 @@ + + + + bloodhound-custom-queries.vm + 0.0.0.20230713 + hausec + Custom Query list for the Bloodhound GUI based off my cheatsheet + + + + + diff --git a/packages/bloodhound-custom-queries.vm/tools/chocolateyinstall.ps1 b/packages/bloodhound-custom-queries.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..d2497554f --- /dev/null +++ b/packages/bloodhound-custom-queries.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'BloodHound-Custom-Queries' +$category = 'Reconnaissance' + +$zipUrl = 'https://github.com/hausec/Bloodhound-Custom-Queries/archive/7ef9099665aa82238bfd57d7a11c09cd4dd9381b.zip' +$zipSha256 = '78a71b9797506200b4c86bdad6799ba8c3519171353ce329dff5ff4fc703ddb0' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/bloodhound-custom-queries.vm/tools/chocolateyuninstall.ps1 b/packages/bloodhound-custom-queries.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..3c37dbabc --- /dev/null +++ b/packages/bloodhound-custom-queries.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'BloodHound-Custom-Queries' +$category = 'Reconnaissance' + +VM-Uninstall $toolName $category diff --git a/packages/bloodhound.vm/bloodhound.vm.nuspec b/packages/bloodhound.vm/bloodhound.vm.nuspec index 3b80a4282..3224d0bde 100644 --- a/packages/bloodhound.vm/bloodhound.vm.nuspec +++ b/packages/bloodhound.vm/bloodhound.vm.nuspec @@ -2,7 +2,7 @@ bloodhound.vm - 4.3.0 + 4.3.1.20230713 BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Andrew Robbins, Rohan Vazarkar, Will Schroeder diff --git a/packages/bloodhound.vm/tools/chocolateyinstall.ps1 b/packages/bloodhound.vm/tools/chocolateyinstall.ps1 index 8ece661bb..82faaca17 100644 --- a/packages/bloodhound.vm/tools/chocolateyinstall.ps1 +++ b/packages/bloodhound.vm/tools/chocolateyinstall.ps1 @@ -2,9 +2,9 @@ $ErrorActionPreference = 'Stop' Import-Module vm.common -Force -DisableNameChecking $toolName = 'BloodHound' -$category = 'Information Gathering' +$category = 'Reconnaissance' -$zipUrl = "https://github.com/BloodHoundAD/BloodHound/releases/download/v4.3.0/BloodHound-win32-ia32.zip" -$zipSha256 = "88e13a123b49e19188a4d51b83b060fd5fe0d6b4cdd96e6557792d229d339f64" +$zipUrl = "https://github.com/BloodHoundAD/BloodHound/releases/download/v4.3.1/BloodHound-win32-ia32.zip" +$zipSha256 = "8d2a5cc827299d47424631882399067acf41d040c5b2aacf95092aec22d90c97" VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -innerFolder $true diff --git a/packages/bloodhound.vm/tools/chocolateyuninstall.ps1 b/packages/bloodhound.vm/tools/chocolateyuninstall.ps1 index 49434fd79..f1645c2a4 100644 --- a/packages/bloodhound.vm/tools/chocolateyuninstall.ps1 +++ b/packages/bloodhound.vm/tools/chocolateyuninstall.ps1 @@ -2,7 +2,7 @@ $ErrorActionPreference = 'Continue' Import-Module vm.common -Force -DisableNameChecking $toolName = 'BloodHound' -$category = 'Information Gathering' +$category = 'Reconnaissance' VM-Uninstall $toolName $category diff --git a/packages/burp-free.vm/burp-free.vm.nuspec b/packages/burp-free.vm/burp-free.vm.nuspec new file mode 100644 index 000000000..c711530a9 --- /dev/null +++ b/packages/burp-free.vm/burp-free.vm.nuspec @@ -0,0 +1,13 @@ + + + + burp-free.vm + 0.0.0.20230711 + PortSwigger Ltd. + Burp Suite Community Edition is PortSwigger's free integrated platform for performing security testing of web applications. + + + + + + diff --git a/packages/burp-free.vm/tools/chocolateyinstall.ps1 b/packages/burp-free.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..5f927f3a5 --- /dev/null +++ b/packages/burp-free.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,16 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +try { + $toolName = 'BurpSuiteCommunity' + $category = 'Utilities' + $shimPath = 'BurpSuiteCommunity\BurpSuiteCommunity.exe' + + $shortcutDir = Join-Path ${Env:TOOL_LIST_DIR} $category + $shortcut = Join-Path $shortcutDir "$toolName.lnk" + $executablePath = Join-Path ${Env:ProgramFiles} $shimPath -Resolve + Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $executablePath -RunAsAdmin + VM-Assert-Path $shortcut +} catch { + VM-Write-Log-Exception $_ +} diff --git a/packages/burp-free.vm/tools/chocolateyuninstall.ps1 b/packages/burp-free.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..0e840129e --- /dev/null +++ b/packages/burp-free.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'BurpSuiteCommunity' +$category = 'Utilities' + +VM-Remove-Tool-Shortcut $toolName $category diff --git a/packages/bytecodeviewer.vm/bytecodeviewer.vm.nuspec b/packages/bytecodeviewer.vm/bytecodeviewer.vm.nuspec index bbddbff4f..a905dcbb2 100644 --- a/packages/bytecodeviewer.vm/bytecodeviewer.vm.nuspec +++ b/packages/bytecodeviewer.vm/bytecodeviewer.vm.nuspec @@ -2,7 +2,7 @@ bytecodeviewer.vm - 2.11.2 + 2.11.2.20231006 Konloch A lightweight user-friendly Java/Android Bytecode Viewer, Decompiler and more. diff --git a/packages/bytecodeviewer.vm/tools/chocolateyinstall.ps1 b/packages/bytecodeviewer.vm/tools/chocolateyinstall.ps1 index 0240b4c58..4d55a914c 100644 --- a/packages/bytecodeviewer.vm/tools/chocolateyinstall.ps1 +++ b/packages/bytecodeviewer.vm/tools/chocolateyinstall.ps1 @@ -2,7 +2,7 @@ $ErrorActionPreference = 'Stop' Import-Module vm.common -Force -DisableNameChecking $toolName = 'Bytecode Viewer' -$category = 'Java' +$category = 'Java/Android' $exeUrl = 'https://github.com/Konloch/bytecode-viewer/releases/download/v2.11.2/Bytecode-Viewer-2.11.2.jar' $exeSha256 = '536ad387424106083f76cd0cb7c051a22aff21f08663ba2539c11f1ddef9147f' diff --git a/packages/bytecodeviewer.vm/tools/chocolateyuninstall.ps1 b/packages/bytecodeviewer.vm/tools/chocolateyuninstall.ps1 index 6dc7d3cef..4d2ddca28 100644 --- a/packages/bytecodeviewer.vm/tools/chocolateyuninstall.ps1 +++ b/packages/bytecodeviewer.vm/tools/chocolateyuninstall.ps1 @@ -2,6 +2,6 @@ $ErrorActionPreference = 'Continue' Import-Module vm.common -Force -DisableNameChecking $toolName = 'Bytecode Viewer' -$category = 'Java' +$category = 'Java/Android' VM-Uninstall $toolName $category diff --git a/packages/c3.vm/c3.vm.nuspec b/packages/c3.vm/c3.vm.nuspec new file mode 100644 index 000000000..c89293cc4 --- /dev/null +++ b/packages/c3.vm/c3.vm.nuspec @@ -0,0 +1,12 @@ + + + + c3.vm + 0.0.0.20230711 + WithSecureLabs + C3 (Custom Command and Control) is a tool that allows Red Teams to rapidly develop and utilise esoteric command and control channels (C2). It's a framework that extends other red team tooling, such as the commercial Cobalt Strike (CS) product via ExternalC2. + + + + + diff --git a/packages/c3.vm/tools/chocolateyinstall.ps1 b/packages/c3.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..fc29920db --- /dev/null +++ b/packages/c3.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'C3' +$category = 'Command & Control' + +$zipUrl = 'https://github.com/WithSecureLabs/C3/archive/e1b9922d199e45e222001a3afe47757349f24e7a.zip' +$zipSha256 = '8dd29ed32c2a38312b617c430ff84019da8bd434e3704b778f031aaa859c4e8e' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/c3.vm/tools/chocolateyuninstall.ps1 b/packages/c3.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..b5a99ae45 --- /dev/null +++ b/packages/c3.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'C3' +$category = 'Command & Control' + +VM-Uninstall $toolName $category diff --git a/packages/capa.vm/capa.vm.nuspec b/packages/capa.vm/capa.vm.nuspec index 68ee7dc94..adc685f81 100755 --- a/packages/capa.vm/capa.vm.nuspec +++ b/packages/capa.vm/capa.vm.nuspec @@ -2,7 +2,7 @@ capa.vm - 5.1.0.20230418 + 6.1.0 capa detects capabilities in executable files. You run it against a PE file or shellcode and it tells you what it thinks the program can do. @williballenthin, @mr-tz, @Ana06, @mike-hunhoff, @mwilliams31, @MalwareMechanic diff --git a/packages/capa.vm/tools/chocolateyinstall.ps1 b/packages/capa.vm/tools/chocolateyinstall.ps1 index d70169b4e..e6213f979 100755 --- a/packages/capa.vm/tools/chocolateyinstall.ps1 +++ b/packages/capa.vm/tools/chocolateyinstall.ps1 @@ -4,8 +4,8 @@ Import-Module vm.common -Force -DisableNameChecking $toolName = 'capa' $category = 'Utilities' -$zipUrl = "https://github.com/mandiant/capa/releases/download/v5.1.0/capa-v5.1.0-windows.zip" -$zipSha256 = "80ac9adfd095cb631a6fa39743b37444651e4129b4181fd34c8b8b3e53bc5b06" +$zipUrl = "https://github.com/mandiant/capa/releases/download/v6.1.0/capa-v6.1.0-windows.zip" +$zipSha256 = "070923d5ca225ef29a670af9cc66a8d648fcaaff7e283cb1ddc73de6e3610f0f" VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true diff --git a/packages/certify.vm/certify.vm.nuspec b/packages/certify.vm/certify.vm.nuspec new file mode 100644 index 000000000..5a6c53059 --- /dev/null +++ b/packages/certify.vm/certify.vm.nuspec @@ -0,0 +1,12 @@ + + + + certify.vm + 1.1.0.20230713 + HarmJ0y, leechristensen + Certify is a C# tool to enumerate and abuse misconfigurations in Active Directory Certificate Services (AD CS). + + + + + diff --git a/packages/certify.vm/tools/chocolateyinstall.ps1 b/packages/certify.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..0cb33c645 --- /dev/null +++ b/packages/certify.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Certify' +$category = 'Exploitation' + +$zipUrl = 'https://github.com/GhostPack/Certify/archive/fb297ad30476cfdba745b9062171cd7ac145a16d.zip' +$zipSha256 = '4827485203eb08271e953bbd5816e95bf8b0b897ae0937c798525afe7ed5b9e0' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/certify.vm/tools/chocolateyuninstall.ps1 b/packages/certify.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..3b2f47808 --- /dev/null +++ b/packages/certify.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Certify' +$category = 'Exploitation' + +VM-Uninstall $toolName $category diff --git a/packages/cmder.vm/cmder.vm.nuspec b/packages/cmder.vm/cmder.vm.nuspec index b9583bc04..154bfe878 100644 --- a/packages/cmder.vm/cmder.vm.nuspec +++ b/packages/cmder.vm/cmder.vm.nuspec @@ -2,12 +2,12 @@ cmder.vm - 1.3.21 + 1.3.24 Metapackage for cmder Mandiant, Samuel Vasko - + diff --git a/packages/codetrack.vm/codetrack.vm.nuspec b/packages/codetrack.vm/codetrack.vm.nuspec new file mode 100644 index 000000000..7f5b28184 --- /dev/null +++ b/packages/codetrack.vm/codetrack.vm.nuspec @@ -0,0 +1,13 @@ + + + + codetrack.vm + 1.0.3.20230526 + CodeTrack + A free .NET Performance Profile and Execution Analyzer + + + + + + diff --git a/packages/codetrack.vm/tools/chocolateyinstall.ps1 b/packages/codetrack.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..96d3f798b --- /dev/null +++ b/packages/codetrack.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,16 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +try { + $toolName = 'CodeTrack' + $category = 'dotNet' + $shimPath = '\bin\codetrack.exe' + + $shortcutDir = Join-Path ${Env:TOOL_LIST_DIR} $category + $shortcut = Join-Path $shortcutDir "$toolName.lnk" + $executablePath = Join-Path ${Env:ChocolateyInstall} $shimPath -Resolve + Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $executablePath -RunAsAdmin + VM-Assert-Path $shortcut +} catch { + VM-Write-Log-Exception $_ +} diff --git a/packages/codetrack.vm/tools/chocolateyuninstall.ps1 b/packages/codetrack.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..e1c7fa977 --- /dev/null +++ b/packages/codetrack.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'CodeTrack' +$category = 'dotNet' + +VM-Remove-Tool-Shortcut $toolName $category diff --git a/packages/common.vm/README.md b/packages/common.vm/README.md index f674056bd..98de30c3e 100755 --- a/packages/common.vm/README.md +++ b/packages/common.vm/README.md @@ -15,14 +15,9 @@ The environment variables below are configurable by the user: - VM common directory containing anything related to VM-packages (e.g., shared module, log file, saved config file, etc...) - `TOOL_LIST_DIR` - Default Path: - - *`%PROGRAMDATA%`*`\Microsoft\Windows\Start Menu\Programs\Tools` + - *`%USERPROFILE%`*`\Desktop\Tools` - Use: - Path to a directory containing tool shortcuts -- `TOOL_LIST_SHORTCUT` - - Default Path: - - *`%USERPROFILE%`*`\Desktop\Tools.lnk` - - Use: - - Path to a shortcut file (`.lnk`) that points to *`%TOOL_LIST_DIR%`* - `RAW_TOOLS_DIR` - Default Path: - *`%SYSTEMDRIVE%`*`\Tools` diff --git a/packages/common.vm/common.vm.nuspec b/packages/common.vm/common.vm.nuspec index 429b2122b..9325d71e7 100755 --- a/packages/common.vm/common.vm.nuspec +++ b/packages/common.vm/common.vm.nuspec @@ -2,7 +2,7 @@ common.vm - 0.0.0.20221220 + 0.0.0.20231020 Common libraries for VM-packages Mandiant diff --git a/packages/common.vm/tools/chocolateyinstall.ps1 b/packages/common.vm/tools/chocolateyinstall.ps1 index 6d4d62446..996778df6 100755 --- a/packages/common.vm/tools/chocolateyinstall.ps1 +++ b/packages/common.vm/tools/chocolateyinstall.ps1 @@ -89,7 +89,7 @@ Write-Host -ForegroundColor Green "[+] PSModulePath set to:" $prevPath $envVarName = "TOOL_LIST_DIR" $toolListDir = [Environment]::GetEnvironmentVariable($envVarName, 2) if (-Not (Test-Path env:\$envVarName) -Or ($toolListDir -eq $null)) { - $toolListDir = Join-Path ${Env:ProgramData} "Microsoft\Windows\Start Menu\Programs\Tools" + $toolListDir = Join-Path ${Env:USERPROFILE} "Desktop\Tools" if (-Not (Test-Path $toolListDir) ) { New-Item -Path $toolListDir -ItemType directory -Force | Out-Null } @@ -106,31 +106,6 @@ if (-Not (Test-Path $toolListDir)) { Write-Host -ForegroundColor Green "[+] Created folder:" $toolListDir } - -# ################################################################################################ # -# Setup the default tool list directory shortcut and env var if it doesn't exist -# ################################################################################################ # -$envVarName = "TOOL_LIST_SHORTCUT" -$toolListDirShortcut = [Environment]::GetEnvironmentVariable($envVarName, 2) -if ((-Not (Test-Path env:\$envVarName)) -Or ($toolListDirShortcut -eq $null)) { - $toolListDirShortcut = Join-Path ${Env:UserProfile} "Desktop\Tools.lnk" - if (-Not (Test-Path $toolListDirShortcut)) { - Install-ChocolateyShortcut -ShortcutFilePath $toolListDirShortcut -TargetPath $toolListDir - } - - Install-ChocolateyEnvironmentVariable -VariableName $envVarName -VariableValue $toolListDirShortcut -VariableType 'Machine' - Set-Item "Env:$envVarName" $toolListDirShortcut -Force -} -Write-Host -ForegroundColor Green "[+] TOOL_LIST_SHORTCUT set to:" $toolListDirShortcut - -# If the user set the env var but the .lnk file doesn't exist, create it with Choco -$toolListDirShortcut = [Environment]::ExpandEnvironmentVariables("%$envVarName%") -if (-Not (Test-Path $toolListDirShortcut)) { - Install-ChocolateyShortcut -ShortcutFilePath $toolListDirShortcut -TargetPath $toolListDir - Write-Host -ForegroundColor Green "[+] Created shortcut:" $toolListDirShortcut -} - - # ################################################################################################ # # Set up the default raw tools directory and env var if it doesn't exist # ################################################################################################ # diff --git a/packages/common.vm/tools/chocolateyuninstall.ps1 b/packages/common.vm/tools/chocolateyuninstall.ps1 index ec68c4db4..dd63c45d9 100755 --- a/packages/common.vm/tools/chocolateyuninstall.ps1 +++ b/packages/common.vm/tools/chocolateyuninstall.ps1 @@ -17,7 +17,7 @@ Set-Item "Env:$envVarName" $prevPath -Force # Remove the env vars and what they point to # NOTE: Purposefully NOT recursively deleting RAW_TOOLS_DIR as the user may have other items there -$envVarNames = @("VM_CONFIG", "TOOL_LIST_DIR", "TOOL_LIST_SHORTCUT", "VM_COMMON_DIR") +$envVarNames = @("VM_CONFIG", "TOOL_LIST_DIR", "VM_COMMON_DIR") foreach ($envVarName in $envVarNames) { if (Test-Path env:\$envVarName) { $envVarValue = [Environment]::GetEnvironmentVariable($envVarName, 'Machine') diff --git a/packages/common.vm/tools/vm.common/vm.common.psm1 b/packages/common.vm/tools/vm.common/vm.common.psm1 index 8165990d5..31b04f05b 100755 --- a/packages/common.vm/tools/vm.common/vm.common.psm1 +++ b/packages/common.vm/tools/vm.common/vm.common.psm1 @@ -157,7 +157,7 @@ function VM-Check-Reboot { ) try { if (Test-PendingReboot){ - VM-Write-Log "ERROR" "[Err] Host must be rebooted before continuing install of $package.`n" + VM-Write-Log "ERROR" "Host must be rebooted before continuing installation of $package.`n" Invoke-Reboot exit 1 } @@ -181,7 +181,7 @@ function VM-New-Install-Log { return $outputFile } -# This functions returns $executablePath and $toolDir (outputed by Install-ChocolateyZipPackage) +# This functions returns $toolDir function VM-Install-Raw-GitHub-Repo { [CmdletBinding()] Param @@ -265,7 +265,45 @@ function VM-Install-Raw-GitHub-Repo { } } -# This functions returns $executablePath and $toolDir (outputed by Install-ChocolateyZipPackage) +function VM-Install-Shortcut{ + [CmdletBinding()] + Param + ( + [Parameter(Mandatory=$true, Position=0)] + [string] $toolName, + [Parameter(Mandatory=$true, Position=1)] + [string] $category, + [Parameter(Mandatory=$true, Position=2)] + [string] $executablePath, + [Parameter(Mandatory=$false)] + [bool] $consoleApp=$false, + [Parameter(Mandatory=$false)] + [switch] $runAsAdmin=$false, + [Parameter(Mandatory=$false)] + [string] $executableDir, + [Parameter(Mandatory=$false)] + [string] $arguments = "--help" + ) + $shortcutDir = Join-Path ${Env:TOOL_LIST_DIR} $category + $shortcut = Join-Path $shortcutDir "$toolName.lnk" + + if ($consoleApp) { + if (!$executableDir) { + $executableDir = Join-Path ${Env:UserProfile} "Desktop" + } + VM-Assert-Path $executableDir + + $executableCmd = Join-Path ${Env:WinDir} "system32\cmd.exe" -Resolve + # Change to executable dir, print command to execute, and execute command + $executableArgs = "/K `"cd `"$executableDir`" && echo $executableDir^> $executablePath $arguments && `"$executablePath`" $arguments`"" + Install-ChocolateyShortcut -ShortcutFilePath $shortcut -TargetPath $executableCmd -Arguments $executableArgs -WorkingDirectory $executableDir -IconLocation $executablePath -RunAsAdmin $runAsAdmin + } else { + Install-ChocolateyShortcut -ShortcutFilePath $shortcut -TargetPath $executablePath -RunAsAdmin $runAsAdmin + } + VM-Assert-Path $shortcut +} + +# This functions returns $toolDir (outputed by Install-ChocolateyZipPackage) and $executablePath function VM-Install-From-Zip { [CmdletBinding()] Param @@ -285,11 +323,23 @@ function VM-Install-From-Zip { [Parameter(Mandatory=$false)] [bool] $consoleApp=$false, [Parameter(Mandatory=$false)] - [bool] $innerFolder=$false # subfolder in zip with the app files + [bool] $innerFolder=$false, # Subfolder in zip with the app files + [Parameter(Mandatory=$false)] + [string] $arguments = "--help", + [Parameter(Mandatory=$false)] + [string] $executableName, # Executable name, needed if different from "$toolName.exe" + [Parameter(Mandatory=$false)] + [switch] $withoutBinFile, # Tool should not be installed as a bin file + [Parameter(Mandatory=$false)] + [string] $unzipLocation ) try { - $toolDir = Join-Path ${Env:RAW_TOOLS_DIR} $toolName - $shortcutDir = Join-Path ${Env:TOOL_LIST_DIR} $category + if ($unzipLocation) { + $toolDir = Join-Path $unzipLocation $toolName + } else { + $toolDir = Join-Path ${Env:RAW_TOOLS_DIR} $toolName + $unzipLocation = $toolDir + } # Remove files from previous zips for upgrade VM-Remove-PreviousZipPackage ${Env:chocolateyPackageFolder} @@ -303,7 +353,7 @@ function VM-Install-From-Zip { # Download and unzip $packageArgs = @{ packageName = ${Env:ChocolateyPackageName} - unzipLocation = $toolDir + unzipLocation = $unzipLocation url = $zipUrl checksum = $zipSha256 checksumType = 'sha256' @@ -332,20 +382,10 @@ function VM-Install-From-Zip { } } - $executablePath = Join-Path $toolDir "$toolName.exe" -Resolve - $shortcut = Join-Path $shortcutDir "$toolName.lnk" - - if ($consoleApp) { - $executableCmd = Join-Path ${Env:WinDir} "system32\cmd.exe" - $executableDir = Join-Path ${Env:UserProfile} "Desktop" - $executableArgs = "/K `"cd `"$executableDir`" && `"$executablePath`" --help`"" - Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $executableCmd -Arguments $executableArgs -WorkingDirectory $executableDir -IconLocation $executablePath - } else { - Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $executablePath - } - VM-Assert-Path $shortcut - - Install-BinFile -Name $toolName -Path $executablePath + if (-Not $executableName) { $executableName = "$toolName.exe" } + $executablePath = Join-Path $toolDir $executableName -Resolve + VM-Install-Shortcut -toolName $toolName -category $category -executablePath $executablePath -consoleApp $consoleApp -arguments $arguments + if (-Not $withoutBinFile) { Install-BinFile -Name $toolName -Path $executablePath } return $executablePath } catch { VM-Write-Log-Exception $_ @@ -370,11 +410,12 @@ function VM-Install-Single-Exe { [Parameter(Mandatory=$false)] [string] $exeSha256_64, [Parameter(Mandatory=$false)] - [bool] $consoleApp=$false + [bool] $consoleApp=$false, + [Parameter(Mandatory=$false)] + [string] $arguments = "--help" ) try { $toolDir = Join-Path ${Env:RAW_TOOLS_DIR} $toolName - $shortcutDir = Join-Path ${Env:TOOL_LIST_DIR} $category # Get the file extension from the URL $ext = (Split-Path -Path $exeUrl -Leaf).Split(".")[-1] @@ -394,18 +435,7 @@ function VM-Install-Single-Exe { Get-ChocolateyWebFile @packageArgs VM-Assert-Path $executablePath - $shortcut = Join-Path $shortcutDir "$toolName.lnk" - - if ($consoleApp) { - $executableCmd = Join-Path ${Env:WinDir} "system32\cmd.exe" -Resolve - $executableDir = Join-Path ${Env:UserProfile} "Desktop" -Resolve - $executableArgs = "/K `"cd `"$executableDir`" && `"$executablePath`" --help`"" - Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $executableCmd -Arguments $executableArgs -WorkingDirectory $executableDir -IconLocation $executablePath - } else { - Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $executablePath - } - VM-Assert-Path $shortcut - + VM-Install-Shortcut -toolName $toolName -category $category -executableDir $toolDir -executablePath $executablePath -consoleApp $consoleApp -arguments $arguments Install-BinFile -Name $toolName -Path $executablePath return $executablePath } catch { @@ -452,7 +482,7 @@ function VM-Install-Single-Ps1 { Get-ChocolateyWebFile @packageArgs VM-Assert-Path $scriptPath - $shortcut = Join-Path $shortcutDir "$toolName.ps1.lnk" + $shortcut = Join-Path $shortcutDir "$toolName.lnk" $targetCmd = Join-Path ${Env:WinDir} "system32\cmd.exe" -Resolve if ($ps1Cmd) { @@ -536,7 +566,9 @@ function VM-Install-With-Installer { [Parameter(Mandatory=$false)] [array] $validExitCodes= @(0, 3010, 1605, 1614, 1641), [Parameter(Mandatory=$false)] - [bool] $consoleApp=$false + [bool] $consoleApp=$false, + [Parameter(Mandatory=$false)] + [string] $arguments = "--help" ) try { $toolDir = Join-Path ${Env:RAW_TOOLS_DIR} $toolName @@ -589,18 +621,7 @@ function VM-Install-With-Installer { Install-ChocolateyInstallPackage @packageArgs VM-Assert-Path $executablePath - $shortcutDir = Join-Path ${Env:TOOL_LIST_DIR} $category - $shortcut = Join-Path $shortcutDir "$toolName.lnk" - if ($consoleApp) { - $executableCmd = Join-Path ${Env:WinDir} "system32\cmd.exe" - $executableDir = Join-Path ${Env:UserProfile} "Desktop" - $executableArgs = "/K `"cd `"$executableDir`" && `"$executablePath`" --help`"" - Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $executableCmd -Arguments $executableArgs -WorkingDirectory $executableDir -IconLocation $executablePath - } else { - Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $executablePath - } - VM-Assert-Path $shortcut - + VM-Install-Shortcut -toolName $toolName -category $category -executablePath $executablePath -consoleApp $consoleApp -arguments $arguments Install-BinFile -Name $toolName -Path $executablePath } catch { VM-Write-Log-Exception $_ @@ -667,7 +688,7 @@ function VM-Write-Log-Exception { ) $msg = $error_record.Exception.Message $position_msg = $error_record.InvocationInfo.PositionMessage - VM-Write-Log "ERROR" "[ERR] $msg`r`n$position_msg" + VM-Write-Log "ERROR" "$msg`r`n$position_msg" throw $error_record } @@ -680,17 +701,26 @@ function VM-Add-To-Right-Click-Menu { [string] $menuLabel, # value displayed in right-click menu [Parameter(Mandatory=$true, Position=2)] [string] $command, - [Parameter(Mandatory=$true, Position=3)] + [Parameter(Mandatory=$false, Position=3)] + [string] $menuIcon, + [Parameter(Mandatory=$false)] [ValidateSet("file", "directory")] - [string] $type + [string] $type="file", + [Parameter(Mandatory=$false)] + [string] $extension ) try { - # Determine if file or directory should show item in right-click menu - if ($type -eq "file") { - $key = "*" + if ($extension) { + $key = "SystemFileAssociations\$extension" } else { - $key = "directory" + # Determine if file or directory should show item in right-click menu + if ($type -eq "file") { + $key = "*" + } else { + $key = "directory" + } } + $key_path = "HKCR:\$key\shell\$menuKey" # Check and map "HKCR" to correct drive if (-NOT (Test-Path -path 'HKCR:')) { @@ -698,16 +728,19 @@ function VM-Add-To-Right-Click-Menu { } # Add right-click menu display name - if (-NOT (Test-Path -LiteralPath "HKCR:\$key\shell\$menuKey")) { - New-Item -Path "HKCR:\$key\shell\$menuKey" | Out-Null + if (-NOT (Test-Path -LiteralPath $key_path)) { + New-Item -Path $key_path -Force | Out-Null + } + Set-ItemProperty -LiteralPath $key_path -Name '(Default)' -Value "$menuLabel" -Type String + if ($menuIcon) { + Set-ItemProperty -LiteralPath $key_path -Name 'Icon' -Value "$menuIcon" -Type String } - Set-ItemProperty -LiteralPath "HKCR:\$key\shell\$menuKey" -Name '(Default)' -Value "$menuLabel" -Type String # Add command to run when executed from right-click menu - if(-NOT (Test-Path -LiteralPath "HKCR:\$key\shell\$menuKey\command")) { - New-Item -Path "HKCR:\$key\shell\$menuKey\command" | Out-Null + if(-NOT (Test-Path -LiteralPath "$key_path\command")) { + New-Item -Path "$key_path\command" | Out-Null } - Set-ItemProperty -LiteralPath "HKCR:\$key\shell\$menuKey\command" -Name '(Default)' -Value $command -Type String + Set-ItemProperty -LiteralPath "$key_path\command" -Name '(Default)' -Value $command -Type String } catch { VM-Write-Log "ERROR" "Failed to add $menuKey to right-click menu" } @@ -718,17 +751,24 @@ function VM-Remove-From-Right-Click-Menu { ( [Parameter(Mandatory=$true, Position=0)] [String] $menuKey, # name of registry key - [Parameter(Mandatory=$true, Position=1)] + [Parameter(Mandatory=$false)] [ValidateSet("file", "directory")] - [string] $type + [string] $type="file", + [Parameter(Mandatory=$false)] + [string] $extension ) try { - # Determine if file or directory should show item in right-click menu - if ($type -eq "file") { - $key = "*" + if ($extension) { + $key = "SystemFileAssociations\$extension" } else { - $key = "directory" + # Determine if file or directory should show item in right-click menu + if ($type -eq "file") { + $key = "*" + } else { + $key = "directory" + } } + $key_path = "HKCR:\$key\shell\$menuKey" # Check and map "HKCR" to correct drive if (-NOT (Test-Path -path 'HKCR:')) { @@ -736,8 +776,8 @@ function VM-Remove-From-Right-Click-Menu { } # Remove right-click menu settings from registry - if (Test-Path -LiteralPath "HKCR:\$key\shell\$menuKey") { - Remove-Item -LiteralPath "HKCR:\$key\shell\$menuKey" -Recurse + if (Test-Path -LiteralPath $key_path) { + Remove-Item -LiteralPath $key_path -Recurse } } catch { VM-Write-Log "ERROR" "Failed to remove $menuKey from right-click menu" @@ -824,8 +864,8 @@ Common Environment Variables $diskInfo = Get-CimInstance -ClassName Win32_LogicalDisk | Out-String $psInfo = $PSVersionTable.PSVersion $psInfoClr = $PSVersionTable.CLRVersion - $chocoInfo = chocolatey --version - $installedPackages = chocolatey list -l -r -all + $chocoInfo = choco --version + $installedPackages = choco list -r $boxstarerInfo = $installedPackages | Select-String -Pattern "Boxstarter" | Out-String $installedPackages = $installedPackages | Out-String @@ -858,10 +898,397 @@ SignatureStatus: $([SignatureStatus]([UInt32]$avInfo.productState -band [Product $envVars = @" VM_COMMON_DIR: ${Env:VM_COMMON_DIR} TOOL_LIST_DIR: ${Env:TOOL_LIST_DIR} -TOOL_LIST_SHORTCUT: ${Env:TOOL_LIST_SHORTCUT} RAW_TOOLS_DIR: ${Env:RAW_TOOLS_DIR} "@ VM-Write-Log "INFO" "$($survey -f $osInfo, $memInfo, $diskInfo, $avInfoFormatted, $psInfo, $psInfoClr, $chocoInfo, $boxstarerInfo, $installedPackages, $envVars)" } +function VM-Remove-Appx-Package { +# Function for removing Apps + param( + [Parameter(Mandatory=$true)] + [ValidateNotNullOrEmpty()] + [string]$appName + ) + + try { + # Check if the app is installed + $installedPackage = Get-AppxPackage -Name $appName + VM-Write-Log "INFO" "Removing $appName package" + if ($installedPackage) { + try { + $packageFullName = $installedPackage.PackageFullName + Remove-AppxPackage -Package $packageFullName -ErrorAction SilentlyContinue + VM-Write-Log "INFO" "$packageFullName removed" + } + catch { + VM-Write-Log-Exception $_ + } + } else { + VM-Write-Log "WARN" "`tInstalled $appName not found on the system." + } + # Check if the app is provisioned + $provisionedPackage = Get-AppxProvisionedPackage -Online | Where-Object { $_.DisplayName -eq $appName } -ErrorAction SilentlyContinue + if ($provisionedPackage) { + try { + Remove-AppxProvisionedPackage -PackageName $provisionedPackage.PackageName -Online -ErrorAction SilentlyContinue + VM-Write-Log "INFO" $("`tProvisioned package " + $provisionedPackage.PackageName + " removed") + } + catch { + VM-Write-Log-Exception $_ + } + } else { + VM-Write-Log "WARN" "`tProvisioned $appName not found on the system." + } + } catch { + VM-Write-Log "ERROR" "`tAn error occurred while removing the $appName package. Error: $_" + } +} + +function VM-Set-Service-Manual-Start { +# Function for setting Services to manual startup + param( + [Parameter(Mandatory=$true)] + [ValidateNotNullOrEmpty()] + [string]$serviceName + ) + + try { + $service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue + + if ($service) { + Set-Service -Name $service.Name -StartupType Manual + VM-Write-Log "INFO" "Service $serviceName has been disabled." + } else { + VM-Write-Log "WARN" "Service $serviceName not found." + } + } catch { + VM-Write-Log "ERROR" "An error occurred while setting the service startup type. Error: $_" + } +} + +function VM-Disable-Scheduled-Task { +# Function for disabling scheduled tasks + param( + [Parameter(Mandatory=$true)] + [ValidateNotNullOrEmpty()] + [string]$name, + + [Parameter(Mandatory=$true)] + [ValidateNotNullOrEmpty()] + [string]$value + ) + + try { + $output = Disable-ScheduledTask -TaskName $value -ErrorAction SilentlyContinue + if ($output){ + VM-Write-Log "INFO" "Scheduled task '$name' has been disabled." + } else { + VM-Write-Log "ERROR" "Scheduled task '$name' not found." + } + + } catch { + VM-Write-Log "ERROR" "An error occurred while disabling the '$name' scheduled task. Error: $_" + } +} + +function VM-Update-Registry-Value { +# Function for setting Registry items + param( + [Parameter(Mandatory=$true)] + [ValidateNotNullOrEmpty()] + [string] $name, + + [Parameter(Mandatory=$true)] + [ValidateNotNullOrEmpty()] + [string] $path, + + [Parameter(Mandatory=$true)] + [ValidateNotNullOrEmpty()] + [string] $value, + + [Parameter(Mandatory=$true)] + [ValidateSet("String", "ExpandString", "Binary", "DWord", "QWord", "MultiString", "Unknown")] + [string] $type, + + [Parameter(Mandatory=$true)] + [ValidateNotNullOrEmpty()] + [string] $data + ) + + try { + # Validate the value based on the type parameter + if ($type -eq "DWord" -or $type -eq "QWord") { + $validatedData = [int64]::Parse($data) + } elseif ($type -eq "Binary") { + $validatedData = [byte[]]::new(($data -split '(.{2})' | Where-Object { $_ -match '..' } | ForEach-Object { [convert]::ToByte($_, 16) })) + } else { + $validatedData = $data + } + + # check if path exists. If not, create the path for the registry value + if (!(Test-Path -Path $path)) { + # Create the registry key + New-Item -Path $path -Force | Out-Null + VM-Write-Log "INFO" "Registry key created: $path" + } else { + VM-Write-Log "WARN" "Registry key already exists: $path" + } + + Set-ItemProperty -Path $path -Name $value -Value $validatedData -Type $type -Force | Out-Null + VM-Write-Log "INFO" "$name has been successful" + } catch { + VM-Write-Log "ERROR" "Failed to update the registry value. Error: $_" + } +} + +function VM-Remove-Path { +# Function for removing Paths/Programs + param( + [Parameter(Mandatory=$true)] + [ValidateNotNullOrEmpty()] + [string]$name, + + [Parameter(Mandatory=$true)] + [ValidateSet("file", "dir")] + [string]$type, + + [Parameter(Mandatory=$true)] + [ValidateNotNullOrEmpty()] + [string]$path + ) + + try { + if ($type -eq "file") { + if (Test-Path -Path $path -PathType Leaf) { + Remove-Item -Path $path -Force + VM-Write-Log "INFO" "$name has been successfully removed." + } else { + VM-Write-Log "WARN" "$path does not exist." + } + } elseif ($type -eq "dir") { + if (Test-Path -Path $path -PathType Container) { + Remove-Item -Path $path -Recurse -Force + VM-Write-Log "INFO" "$name has been successfully removed." + } else { + VM-Write-Log "WARN" "$path does not exist." + } + } + } catch { + VM-Write-Log "ERROR" "An error occurred while removing the $type $path. Error: $_" + } +} + +function VM-Execute-Custom-Command{ +# Function for removing items in need of custom code. + param( + [Parameter(Mandatory=$true)] + [ValidateNotNullOrEmpty()] + [string]$name, + + [Parameter(Mandatory=$true)] + [ValidateNotNullOrEmpty()] + [string[]]$cmds + ) + + try { + VM-Write-Log "INFO" "Executing commands for '$name':" + foreach ($cmd in $cmds) { + Start-Process powershell -ArgumentList "-WindowStyle","Hidden","-Command",$cmd -Wait + } + VM-Write-Log "INFO" "`tAll commands for '$name' have been executed successfully." + } catch { + VM-Write-Log "ERROR" "`tAn error occurred while executing commands for '$name'. Error: $_" + } +} + +function VM-Configure-Prompts { + # $Env:VMname must be set in the install script + try { + # Set PowerShell prompt + $psprompt = @" + function prompt { + Write-Host (`$Env:VMname + " " + `$(Get-Date)) -ForegroundColor Green + Write-Host ("PS " + `$(Get-Location) + " >") -NoNewLine -ForegroundColor White + return " " + } +"@ + + # Ensure profile file exists and append new content to it, not overwriting old content + if (!(Test-Path $profile)) { + New-Item -ItemType File -Path $profile -Force | Out-Null + } + Add-Content -Path $profile -Value $psprompt + + # Set cmd prompt + ## Configure the command + $VMname = $Env:VMname -replace ' ', '' # setx command cannot have spaces + $command = "cmd /c 'setx PROMPT $VMname`$S`$d`$s`$t`$_`$p$+`$g'" + ## Convert to base64 + $base64 = [Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes($command)) + ## Run command + Invoke-Expression ([System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String($base64))) | Out-Null + + VM-Write-Log "INFO" "Timestamps added to cmd prompt and PowerShell" + } catch { + VM-Write-Log-Exception $_ + } + +} + +function VM-Configure-PS-Logging { + if ($PSVersionTable -And $PSVersionTable.PSVersion.Major -ge 5) { + try { + VM-Write-Log "INFO" "Enabling PowerShell Script Block Logging" + + $psLoggingPath = 'HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell' + if (-Not (Test-Path $psLoggingPath)) { + New-Item -Path $psLoggingPath -Force | Out-Null + } + + $psLoggingPath = 'HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\Transcription' + if (-Not (Test-Path $psLoggingPath)) { + New-Item -Path $psLoggingPath -Force | Out-Null + } + New-ItemProperty -Path $psLoggingPath -Name "EnableInvocationHeader" -Value 1 -PropertyType DWORD -Force | Out-Null + New-ItemProperty -Path $psLoggingPath -Name "EnableTranscripting" -Value 1 -PropertyType DWORD -Force | Out-Null + New-ItemProperty -Path $psLoggingPath -Name "OutputDirectory" -Value (Join-Path ${Env:UserProfile} "Desktop\PS_Transcripts") -PropertyType String -Force | Out-Null + + $psLoggingPath = 'HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging' + if (-Not (Test-Path $psLoggingPath)) { + New-Item -Path $psLoggingPath -Force | Out-Null + } + New-ItemProperty -Path $psLoggingPath -Name "EnableScriptBlockLogging" -Value 1 -PropertyType DWORD -Force | Out-Null + VM-Write-Log "INFO" "PowerShell transcripts will be saved to the desktop." + } catch { + VM-Write-Log-Exception $_ + } + } +} + +# Main function for debloater and configuration changes +# Expects an XML file +function VM-Apply-Configurations { + param( + [Parameter(Position = 0)] + [string]$configFile + ) + + try { + # Load and parse the XML config file + VM-Assert-Path $configFile + $config = [xml](Get-Content $configFile) + + # Process the apps + if ($config.config.apps.app) { + $config.config.apps.app | ForEach-Object { + $appName = $_.name + VM-Remove-Appx-Package -appName $appName + } + } + + # Process the services + if ($config.config.services.service) { + $config.config.services.service | ForEach-Object { + $serviceName = $_.name + VM-Set-Service-Manual-Start -serviceName $serviceName + } + } + + # Process the tasks + if ($config.config.tasks.task) { + $config.config.tasks.task | ForEach-Object { + $descName = $_.name + $taskName = $_.value + VM-Disable-Scheduled-Task -name $descName -value $taskName + } + } + + # Process the registry items + if ($config.config."registry-items"."registry-item") { + $config.config."registry-items"."registry-item" | ForEach-Object { + $name = $_.name + $path = $_.path + $value = $_.value + $type = $_.type + $data = $_.data + VM-Update-Registry-Value -name $name -path $path -value $value -type $type -data $data + } + } + + # Process the path items + if ($config.config."path-items"."path-item") { + $config.config."path-items"."path-item" | ForEach-Object { + $name = $_.name + $type = $_.type + $path = $_.path + VM-Remove-Path -name $name -type $type -path $path + } + } + + # Process the custom items + if ($config.config."custom-items"."custom-item") { + $config.config."custom-items"."custom-item" | ForEach-Object { + $name = $_.name + $cmds = @($_.cmd | ForEach-Object { $_.value }) + VM-Execute-Custom-Command -name $name -cmds $cmds + } + } + } catch { + VM-Write-Log "ERROR" "An error occurred while applying config. Error: $_" + } +} + +# This function returns a string of "Win10", "Win11", or "Win11ARM" +function VM-Get-WindowsVersion { + $osInfo = Get-ComputerInfo + + # Extract the version number and other details + $version = $osInfo.OsName + $osArchitecture = $osInfo.OSArchitecture + + if ($version -match "10") { + return "Win10" + } + elseif ($version -match "11" -and $osArchitecture -eq "64-bit") { + return "Win11" + } + elseif ($version -match "11" -and $osArchitecture -match "ARM") { + return "Win11ARM" + } + else { + return "Unknown" + } +} + +function VM-Get-InstalledPackages { + if (Get-Command choco -ErrorAction:SilentlyContinue) { + powershell.exe "choco list -r" | ForEach-Object { + $Name, $Version = $_ -split '\|' + New-Object -TypeName psobject -Property @{ + 'Name' = $Name + 'Version' = $Version + } + } + } +} + +function VM-Refresh-Desktop { + try { + Add-Type -TypeDefinition @" +using System; +using System.Runtime.InteropServices; + +public class Shell { + [DllImport("Shell32.dll")] + public static extern int SHChangeNotify(int eventId, int flags, IntPtr item1, IntPtr item2); +} +"@ + $SHCNE_ASSOCCHANGED = 0x08000000 + $SHCNF_IDLIST = 0 + [void][Shell]::SHChangeNotify($SHCNE_ASSOCCHANGED, $SHCNF_IDLIST, [IntPtr]::Zero, [IntPtr]::Zero) + } catch { + VM-Write-Log-Exception $_ + } +} diff --git a/packages/confuserex.vm/confuserex.vm.nuspec b/packages/confuserex.vm/confuserex.vm.nuspec new file mode 100644 index 000000000..2315016ab --- /dev/null +++ b/packages/confuserex.vm/confuserex.vm.nuspec @@ -0,0 +1,13 @@ + + + + confuserex.vm + 1.6.0.20230713 + mkaring + ConfuserEx is a open-source protector for .NET applications. It is the successor of Confuser project. + + + + + + diff --git a/packages/confuserex.vm/tools/chocolateyinstall.ps1 b/packages/confuserex.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..892208a46 --- /dev/null +++ b/packages/confuserex.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,16 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +try { + $toolName = 'ConfuserEx' + $category = 'Payload Development' + $shimPath = 'bin\ConfuserEx.exe' + + $shortcutDir = Join-Path ${Env:TOOL_LIST_DIR} $category + $shortcut = Join-Path $shortcutDir "$toolName.lnk" + $executablePath = Join-Path ${Env:ChocolateyInstall} $shimPath -Resolve + Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $executablePath -RunAsAdmin + VM-Assert-Path $shortcut +} catch { + VM-Write-Log-Exception $_ +} diff --git a/packages/confuserex.vm/tools/chocolateyuninstall.ps1 b/packages/confuserex.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..73db7c9ab --- /dev/null +++ b/packages/confuserex.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'ConfuserEx' +$category = 'Payload Development' + +VM-Remove-Tool-Shortcut $toolName $category diff --git a/packages/covenant.vm/covenant.vm.nuspec b/packages/covenant.vm/covenant.vm.nuspec new file mode 100644 index 000000000..0da5df902 --- /dev/null +++ b/packages/covenant.vm/covenant.vm.nuspec @@ -0,0 +1,12 @@ + + + + covenant.vm + 0.0.0.20230711 + cobbr + Covenant is a .NET command and control framework that aims to highlight the attack surface of .NET, make the use of offensive .NET tradecraft easier, and serve as a collaborative command and control platform for red teamers. + + + + + diff --git a/packages/covenant.vm/tools/chocolateyinstall.ps1 b/packages/covenant.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..8fc160b64 --- /dev/null +++ b/packages/covenant.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Covenant' +$category = 'Command & Control' + +$zipUrl = 'https://github.com/cobbr/Covenant/archive/5decc3ccfab04e6e881ed00c9de649740dac8ad1.zip' +$zipSha256 = '53f532e350b7a43b0dab8e21a5298587b9a2f498c46bed77d443dea32525b525' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/covenant.vm/tools/chocolateyuninstall.ps1 b/packages/covenant.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..0a33a8391 --- /dev/null +++ b/packages/covenant.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Covenant' +$category = 'Command & Control' + +VM-Uninstall $toolName $category diff --git a/packages/credninja.vm/credninja.vm.nuspec b/packages/credninja.vm/credninja.vm.nuspec new file mode 100644 index 000000000..2fdf08b86 --- /dev/null +++ b/packages/credninja.vm/credninja.vm.nuspec @@ -0,0 +1,12 @@ + + + + credninja.vm + 2.3 + raikiasec + This tool will tell you if the credentials you dumped are valid on the domain, and if you have local administrator access to a host. + + + + + diff --git a/packages/credninja.vm/tools/chocolateyinstall.ps1 b/packages/credninja.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..16f989030 --- /dev/null +++ b/packages/credninja.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'CredNinja' +$category = 'Credential Access' + +$zipUrl = 'https://github.com/Raikia/CredNinja/archive/4a13f297851cd6fe88017288e6850ad276078071.zip' +$zipSha256 = '35b7dfae877c08bd9e50a5b9406eead0687b460db9428b9fe22130cc47b1ec10' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/credninja.vm/tools/chocolateyuninstall.ps1 b/packages/credninja.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..637d77d13 --- /dev/null +++ b/packages/credninja.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'CredNinja' +$category = 'Credential Access' + +VM-Uninstall $toolName $category diff --git a/packages/cryptotester.vm/cryptotester.vm.nuspec b/packages/cryptotester.vm/cryptotester.vm.nuspec new file mode 100644 index 000000000..700abd873 --- /dev/null +++ b/packages/cryptotester.vm/cryptotester.vm.nuspec @@ -0,0 +1,12 @@ + + + + cryptotester.vm + 1.7.0.20230907 + Michael Gillespie (@demonslay335) + Utility tool for performing cryptanalysis with a focus on ransomware cryptography + + + + + diff --git a/packages/cryptotester.vm/tools/chocolateyinstall.ps1 b/packages/cryptotester.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..3accb0920 --- /dev/null +++ b/packages/cryptotester.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'CryptoTester' +$category = 'Utilities' + +$zipUrl = 'https://github.com/Demonslay335/CryptoTester/releases/download/v1.7.0.0/CryptoTester.zip' +$zipSha256 = 'f1f6fe584fe697e3ec414854600781ae1906e7d28d9f370662a144821694539c' + +VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $false diff --git a/packages/cryptotester.vm/tools/chocolateyuninstall.ps1 b/packages/cryptotester.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..08b71ba66 --- /dev/null +++ b/packages/cryptotester.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'CryptoTester' +$category = 'Utilities' + +VM-Uninstall $toolName $category diff --git a/packages/cutter.vm/cutter.vm.nuspec b/packages/cutter.vm/cutter.vm.nuspec index fc345a6e5..73bd5b7b2 100644 --- a/packages/cutter.vm/cutter.vm.nuspec +++ b/packages/cutter.vm/cutter.vm.nuspec @@ -2,7 +2,7 @@ cutter.vm - 2.2.1 + 2.3.2 Rizin Cutter is a FOSS dissassembler/decompiler diff --git a/packages/cutter.vm/tools/chocolateyinstall.ps1 b/packages/cutter.vm/tools/chocolateyinstall.ps1 index 39e7cb1b2..e0c635556 100644 --- a/packages/cutter.vm/tools/chocolateyinstall.ps1 +++ b/packages/cutter.vm/tools/chocolateyinstall.ps1 @@ -4,7 +4,7 @@ Import-Module vm.common -Force -DisableNameChecking $toolName = 'Cutter' $category = 'Disassemblers' -$zipUrl = 'https://github.com/rizinorg/cutter/releases/download/v2.2.1/Cutter-v2.2.1-Windows-x86_64.zip' -$zipSha256 = '2871e93e01881ba31e1c3fbdc7e4ccfb3114b3d95cad64a93fefa933846cadb4' +$zipUrl = 'https://github.com/rizinorg/cutter/releases/download/v2.3.2/Cutter-v2.3.2-Windows-x86_64.zip' +$zipSha256 = 'e53a137809a610f939ce13744640f0da67369e87fdb1b2545be3e417c7781c8e' VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -innerFolder $true diff --git a/packages/cyberchef.vm/cyberchef.vm.nuspec b/packages/cyberchef.vm/cyberchef.vm.nuspec index 7aadc8713..895580585 100644 --- a/packages/cyberchef.vm/cyberchef.vm.nuspec +++ b/packages/cyberchef.vm/cyberchef.vm.nuspec @@ -2,12 +2,11 @@ cyberchef.vm - 10.4.0.20230517 + 10.5.2.20230823 GCHQ The Cyber Swiss Army Knife - a web app for encryption, encoding, compression, data analysis, and more. - diff --git a/packages/cyberchef.vm/tools/chocolateyinstall.ps1 b/packages/cyberchef.vm/tools/chocolateyinstall.ps1 index d0495a75a..9c0d9c0cd 100644 --- a/packages/cyberchef.vm/tools/chocolateyinstall.ps1 +++ b/packages/cyberchef.vm/tools/chocolateyinstall.ps1 @@ -11,14 +11,14 @@ try { $packageArgs = @{ packageName = ${Env:ChocolateyPackageName} unzipLocation = $toolDir - url = 'https://github.com/gchq/CyberChef/releases/download/v10.4.0/CyberChef_v10.4.0.zip' - checksum = '8485713baeed5fced47e2543b3072032bc9e541d1962b9ee8356b615efa074a2' + url = 'https://github.com/gchq/CyberChef/releases/download/v10.5.2/CyberChef_v10.5.2.zip' + checksum = 'a4d47a313d9e79d08775abfde18a08c32b50b4db8fa52261bfddbb785910d0ef' checksumType = 'sha256' } Install-ChocolateyZipPackage @packageArgs VM-Assert-Path $toolDir - $htmlPath = Join-Path $toolDir "CyberChef_v10.4.0.html" -Resolve + $htmlPath = Join-Path $toolDir "CyberChef_v10.5.2.html" -Resolve $shortcut = Join-Path $shortcutDir "CyberChef.lnk" Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $htmlPath VM-Assert-Path $shortcut diff --git a/packages/cygwin.vm/cygwin.vm.nuspec b/packages/cygwin.vm/cygwin.vm.nuspec index 9b964716d..02eaee9e4 100644 --- a/packages/cygwin.vm/cygwin.vm.nuspec +++ b/packages/cygwin.vm/cygwin.vm.nuspec @@ -2,12 +2,12 @@ cygwin.vm - 3.4.6 + 3.4.9 Wrapper for cygwin and useful cygwin packages Red Hat Inc. - + diff --git a/packages/de4dot-cex.vm/de4dot-cex.vm.nuspec b/packages/de4dot-cex.vm/de4dot-cex.vm.nuspec new file mode 100644 index 000000000..b1acfaa0e --- /dev/null +++ b/packages/de4dot-cex.vm/de4dot-cex.vm.nuspec @@ -0,0 +1,12 @@ + + + + de4dot-cex.vm + 4.0.0.20230526 + ViRb3 + A de4dot fork with full support for vanilla ConfuserEx + + + + + diff --git a/packages/de4dot-cex.vm/tools/chocolateyinstall.ps1 b/packages/de4dot-cex.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..3ae70fa45 --- /dev/null +++ b/packages/de4dot-cex.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,18 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +try { + $toolName = 'de4dot' + $category = 'dotNet' + + $zipUrl = 'https://github.com/ViRb3/de4dot-cex/releases/download/v4.0.0/de4dot-cex.zip' + $zipSha256 = 'C726CBD18B894CA63B7F6A565C6C86EF512B96E68119C6502CDF64A51F6A1C78' + + VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true + + # Add link for de4dot-x64.exe + $executablePath = Join-Path ${Env:RAW_TOOLS_DIR} "de4dot\$toolName-x64.exe" -Resolve + VM-Install-Shortcut "$toolName-x64" $category $executablePath -consoleApp $true +} catch { + VM-Write-Log-Exception $_ +} diff --git a/packages/de4dot-cex.vm/tools/chocolateyuninstall.ps1 b/packages/de4dot-cex.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..58558b818 --- /dev/null +++ b/packages/de4dot-cex.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,8 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'de4dot' +$category = 'dotNet' + +VM-Uninstall $toolName $category +VM-Remove-Tool-Shortcut "$toolName-x64" $category diff --git a/packages/debloat.vm/debloat.vm.nuspec b/packages/debloat.vm/debloat.vm.nuspec new file mode 100644 index 000000000..9bb56794d --- /dev/null +++ b/packages/debloat.vm/debloat.vm.nuspec @@ -0,0 +1,12 @@ + + + + debloat.vm + 0.0.0.20230904 + Debloat and performance configurations for Windows OS + Mandiant + + + + + diff --git a/packages/debloat.vm/tools/chocolateyinstall.ps1 b/packages/debloat.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..8d2419b1d --- /dev/null +++ b/packages/debloat.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,26 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$packageToolsDir = "$(Split-Path -parent $MyInvocation.MyCommand.Definition)" + +try { + # Determine OS Version + $osVersion = VM-Get-WindowsVersion + + switch ($osVersion) { + "Win10" { $config = Join-Path $packageToolsDir "win10.xml" } + "Win11" { $config = Join-Path $packageToolsDir "win11.xml" } + "Win11ARM" { $config = Join-Path $packageToolsDir "win11arm.xml"} + default { + VM-Write-Log "WARN" "Debloater unable to determine debloat config, applying win10.xml" + $config = Join-Path $packageToolsDir "win10.xml" + } + } + + VM-Apply-Configurations $config + VM-Write-Log "INFO" "Debloating and performance modifications for $osVersion done" + +} catch { + VM-Write-Log-Exception $_ +} + diff --git a/packages/debloat.vm/tools/win10.xml b/packages/debloat.vm/tools/win10.xml new file mode 100644 index 000000000..5eba06e19 --- /dev/null +++ b/packages/debloat.vm/tools/win10.xml @@ -0,0 +1,182 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/packages/debloat.vm/tools/win11.xml b/packages/debloat.vm/tools/win11.xml new file mode 100644 index 000000000..1f052867b --- /dev/null +++ b/packages/debloat.vm/tools/win11.xml @@ -0,0 +1,57 @@ + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/packages/debloat.vm/tools/win11arm.xml b/packages/debloat.vm/tools/win11arm.xml new file mode 100644 index 000000000..1f052867b --- /dev/null +++ b/packages/debloat.vm/tools/win11arm.xml @@ -0,0 +1,57 @@ + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/packages/dex2jar.vm/dex2jar.vm.nuspec b/packages/dex2jar.vm/dex2jar.vm.nuspec new file mode 100644 index 000000000..41b85b7a4 --- /dev/null +++ b/packages/dex2jar.vm/dex2jar.vm.nuspec @@ -0,0 +1,13 @@ + + + + dex2jar.vm + 2.3.0.20231006 + @pxb1988 + Tools to work with android .dex and java .class files. + + + + + + diff --git a/packages/dex2jar.vm/tools/chocolateyinstall.ps1 b/packages/dex2jar.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..b196b342e --- /dev/null +++ b/packages/dex2jar.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'd2j-dex2jar' +$category = 'Java/Android' + +$zipUrl = 'https://github.com/pxb1988/dex2jar/releases/download/v2.3/dex2jar-v2.zip' +$zipSha256 = 'd0507b6277193476ae29351905b5fa9b20d1a9a5ce119b46d87e5b188edf859e' + +VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true -executableName "$toolName.bat" -innerFolder $true diff --git a/packages/dex2jar.vm/tools/chocolateyuninstall.ps1 b/packages/dex2jar.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..0624d2fdc --- /dev/null +++ b/packages/dex2jar.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'd2j-dex2jar' +$category = 'Java/Android' + +VM-Uninstall $toolName $category diff --git a/packages/didier-stevens-suite.vm/didier-stevens-suite.vm.nuspec b/packages/didier-stevens-suite.vm/didier-stevens-suite.vm.nuspec new file mode 100644 index 000000000..583920a18 --- /dev/null +++ b/packages/didier-stevens-suite.vm/didier-stevens-suite.vm.nuspec @@ -0,0 +1,13 @@ + + + + didier-stevens-suite.vm + 0.0.0.20231019 + Didier Stevens + Tools collection by Didier Stevens + + + + + + diff --git a/packages/didier-stevens-suite.vm/tools/chocolateyinstall.ps1 b/packages/didier-stevens-suite.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..89c95e1db --- /dev/null +++ b/packages/didier-stevens-suite.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,27 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +try { + $category = 'PDF' + $zipUrl = 'https://github.com/DidierStevens/DidierStevensSuite/archive/8190354314d6f42c9ddc477a795029dc446176c5.zip' + $zipSha256 = 'fe37ef5b81810af99820a7360aa26e7fec669432875dd29e38f307880bb53c37' + + $packageArgs = @{ + packageName = ${Env:ChocolateyPackageName} + unzipLocation = ${Env:RAW_TOOLS_DIR} + url = $zipUrl + checksum = $zipSha256 + checksumType = 'sha256' + } + Install-ChocolateyZipPackage @packageArgs + $toolDir = Get-Item "${Env:RAW_TOOLS_DIR}\DidierStevensSuite-*" + VM-Assert-Path $toolDir + + # Add shortcut for commonly used PDF tools + ForEach ($toolName in @('pdfid', 'pdf-parser')) { + $executablePath = Join-Path $toolDir "$toolName.py" + VM-Install-Shortcut $toolName $category $executablePath -consoleApp $true + } +} catch { + VM-Write-Log-Exception $_ +} diff --git a/packages/didier-stevens-suite.vm/tools/chocolateyuninstall.ps1 b/packages/didier-stevens-suite.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..e784769de --- /dev/null +++ b/packages/didier-stevens-suite.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,12 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +# Remove shortcuts +$category = 'PDF' +ForEach ($toolName in @('pdfid', 'pdf-parser')) { + VM-Remove-Tool-Shortcut $toolName $category +} + +# Remove tool directory +$toolDir = Get-Item "${Env:RAW_TOOLS_DIR}\DidierStevensSuite-*" +Remove-Item $toolDir -Recurse -Force -ea 0 diff --git a/packages/die.vm/die.vm.nuspec b/packages/die.vm/die.vm.nuspec index 6f46f64cb..5c7175f2c 100644 --- a/packages/die.vm/die.vm.nuspec +++ b/packages/die.vm/die.vm.nuspec @@ -2,11 +2,11 @@ die.vm - 3.07 + 3.07.20230925 Hellsp@wn, horsicq Detect It Easy, or abbreviated "DIE" is a program for determining types of files. - + diff --git a/packages/die.vm/tools/chocolateyinstall.ps1 b/packages/die.vm/tools/chocolateyinstall.ps1 index cd601802a..90723fd49 100644 --- a/packages/die.vm/tools/chocolateyinstall.ps1 +++ b/packages/die.vm/tools/chocolateyinstall.ps1 @@ -11,7 +11,7 @@ try { $zipSha256_64 = '3450169643be76484ac4bd5e1473f6f4745d9825c8a07255a3925a4a6e8bad7e' $executablePath = (VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -zipUrl_64 $zipUrl_64 -zipSha256_64 $zipSha256_64)[-1] - VM-Add-To-Right-Click-Menu $toolName "detect it easy (DIE)" "`"$executablePath`" `"%1`"" "file" + VM-Add-To-Right-Click-Menu $toolName "detect it easy (DIE)" "`"$executablePath`" `"%1`"" "$executablePath" } catch { VM-Write-Log-Exception $_ } diff --git a/packages/die.vm/tools/chocolateyuninstall.ps1 b/packages/die.vm/tools/chocolateyuninstall.ps1 index eb06df9ef..6030b3492 100644 --- a/packages/die.vm/tools/chocolateyuninstall.ps1 +++ b/packages/die.vm/tools/chocolateyuninstall.ps1 @@ -5,4 +5,4 @@ $toolName = 'die' $category = 'Utilities' VM-Uninstall $toolName $category -VM-Remove-From-Right-Click-Menu $toolName "file" +VM-Remove-From-Right-Click-Menu $toolName diff --git a/packages/dll-to-exe.vm/dll-to-exe.vm.nuspec b/packages/dll-to-exe.vm/dll-to-exe.vm.nuspec new file mode 100644 index 000000000..d5ceeec97 --- /dev/null +++ b/packages/dll-to-exe.vm/dll-to-exe.vm.nuspec @@ -0,0 +1,12 @@ + + + + dll-to-exe.vm + 1.1 + hasherezade + Converts a DLL into a ready-to-use EXE + + + + + diff --git a/packages/dll-to-exe.vm/tools/chocolateyinstall.ps1 b/packages/dll-to-exe.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..6edb1737b --- /dev/null +++ b/packages/dll-to-exe.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'dll_to_exe' +$category = 'PE' + +$exeUrl = 'https://github.com/hasherezade/dll_to_exe/releases/download/v1.1/dll_to_exe.exe' +$exeSha256 = '930c29f3f36443d6e3ecf3fa2e9c39251f0e66a1e1c0e290ed8c1cf0cc7789f8' + +VM-Install-Single-Exe $toolName $category $exeUrl -exeSha256 $exeSha256 -consoleApp $true diff --git a/packages/dll-to-exe.vm/tools/chocolateyuninstall.ps1 b/packages/dll-to-exe.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..0849bae40 --- /dev/null +++ b/packages/dll-to-exe.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'dll_to_exe' +$category = 'PE' + +VM-Uninstall $toolName $category diff --git a/packages/dnlib.vm/dnlib.vm.nuspec b/packages/dnlib.vm/dnlib.vm.nuspec new file mode 100644 index 000000000..7cc0e2b02 --- /dev/null +++ b/packages/dnlib.vm/dnlib.vm.nuspec @@ -0,0 +1,12 @@ + + + + dnlib.vm + 4.0.0 + 0xd4d + .NET module/assembly reader/writer library + + + + + diff --git a/packages/dnlib.vm/tools/chocolateyinstall.ps1 b/packages/dnlib.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..935c6a833 --- /dev/null +++ b/packages/dnlib.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,29 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +try { + $toolName = 'dnlib' + $category = 'dotNet' + + $zipUrl = 'https://www.nuget.org/api/v2/package/dnlib/4.0.0' + $zipSha256 = 'adee956696461c9146da3ba220a1a3e6f553a8ba26f2664b1d8507a35976961e' + $toolDir = Join-Path ${Env:RAW_TOOLS_DIR} $toolName + + # Download and unzip + $packageArgs = @{ + packageName = ${Env:ChocolateyPackageName} + unzipLocation = $toolDir + url = $zipUrl + checksum = $zipSha256 + checksumType = 'sha256' + SpecificFolder = "lib" + } + Install-ChocolateyZipPackage @packageArgs + VM-Assert-Path $toolDir + + $executablePath = Join-Path $toolDir "lib" + VM-Install-Shortcut -toolName $toolName -category $category -executablePath $executablePath + +} catch { + VM-Write-Log-Exception $_ +} diff --git a/packages/dnlib.vm/tools/chocolateyuninstall.ps1 b/packages/dnlib.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..3884aa82b --- /dev/null +++ b/packages/dnlib.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,12 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'dnlib' +$category = 'dotNet' +$toolDir = Join-Path ${Env:RAW_TOOLS_DIR} $toolName + +# Remove tool files +Remove-Item $toolDir -Recurse -Force -ea 0 | Out-Null + +# Remove tool shortcut +VM-Remove-Tool-Shortcut $toolName $category diff --git a/packages/dnspyex.vm/dnspyex.vm.nuspec b/packages/dnspyex.vm/dnspyex.vm.nuspec index c67d1fa81..d78717951 100644 --- a/packages/dnspyex.vm/dnspyex.vm.nuspec +++ b/packages/dnspyex.vm/dnspyex.vm.nuspec @@ -2,12 +2,11 @@ dnspyex.vm - 6.3.0 + 6.4.1 0xd4d, ElektroKill dnSpyEx is a unofficial continuation of the dnSpy project which is a debugger and .NET assembly editor. You can use it to edit and debug assemblies even if you don't have any source code available. - diff --git a/packages/dnspyex.vm/tools/chocolateyinstall.ps1 b/packages/dnspyex.vm/tools/chocolateyinstall.ps1 index 3f151dece..6deba42f8 100644 --- a/packages/dnspyex.vm/tools/chocolateyinstall.ps1 +++ b/packages/dnspyex.vm/tools/chocolateyinstall.ps1 @@ -2,15 +2,22 @@ $ErrorActionPreference = 'Stop' Import-Module vm.common -Force -DisableNameChecking try { - $toolName = 'dnSpyEx' + $toolName = 'dnSpy' $category = 'dotNet' - $shimPath = 'bin\dnSpy.Console.exe' - $shortcutDir = Join-Path ${Env:TOOL_LIST_DIR} $category - $shortcut = Join-Path $shortcutDir "$toolName.lnk" - $executablePath = Join-Path ${Env:ChocolateyInstall} $shimPath -Resolve - Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $executablePath -RunAsAdmin - VM-Assert-Path $shortcut + $zipUrl = "https://github.com/dnSpyEx/dnSpy/releases/download/v6.4.1/dnSpy-netframework.zip" + $zipSha256 = "d3d8aefb7c5c4ef15d077c13f88c13b0f1403fb71e73610dc68975a62e4230cb" + $toolDir = (VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256)[0] + + $toolNameX86 = "$toolName-x86" + $executablePathX86 = Join-Path $toolDir "$toolNameX86.exe" -Resolve + VM-Install-Shortcut $toolNameX86 $category $executablePathX86 + Install-BinFile -Name $toolNameX86 -Path $executablePathX86 + + $toolNameConsole = "$toolName.Console" + $executablePathConsole = Join-Path $toolDir "$toolNameConsole.exe" -Resolve + VM-Install-Shortcut $toolNameConsole $category $executablePathConsole -consoleApp $true -arguments $null + Install-BinFile -Name $toolNameConsole -Path $executablePathConsole } catch { VM-Write-Log-Exception $_ } diff --git a/packages/dnspyex.vm/tools/chocolateyuninstall.ps1 b/packages/dnspyex.vm/tools/chocolateyuninstall.ps1 index 603675ac6..783985d3c 100644 --- a/packages/dnspyex.vm/tools/chocolateyuninstall.ps1 +++ b/packages/dnspyex.vm/tools/chocolateyuninstall.ps1 @@ -1,7 +1,15 @@ $ErrorActionPreference = 'Continue' Import-Module vm.common -Force -DisableNameChecking -$toolName = 'dnSpyEx' +$toolName = 'dnSpy' $category = 'dotNet' -VM-Remove-Tool-Shortcut $toolName $category +VM-Uninstall $toolName $category + +$toolNameX86 = "$toolName-x86" +VM-Remove-Tool-Shortcut $toolNameX86 $category +Uninstall-BinFile -Name $toolNameX86 + +$toolNameConsole = "$toolName.Console" +VM-Remove-Tool-Shortcut $toolNameConsole $category +Uninstall-BinFile -Name $toolNameConsole diff --git a/packages/dotdumper.vm/dotdumper.vm.nuspec b/packages/dotdumper.vm/dotdumper.vm.nuspec new file mode 100644 index 000000000..52297f4ab --- /dev/null +++ b/packages/dotdumper.vm/dotdumper.vm.nuspec @@ -0,0 +1,12 @@ + + + + dotdumper.vm + 1.1 + ThisIsLibra + An automatic unpacker and logger for DotNet Framework targeting files + + + + + diff --git a/packages/dotdumper.vm/tools/chocolateyinstall.ps1 b/packages/dotdumper.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..67787b7c9 --- /dev/null +++ b/packages/dotdumper.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'DotDumper' +$category = 'dotNet' + +$zipUrl = 'https://github.com/advanced-threat-research/DotDumper/releases/download/1.1/DotDumper.zip' +$zipSha256 = '504bce7018041dfc1a7c3ecc28443a3b7648a25e9d1430b5875c11a39b686a98' + +VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true diff --git a/packages/dotdumper.vm/tools/chocolateyuninstall.ps1 b/packages/dotdumper.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..64f369ecd --- /dev/null +++ b/packages/dotdumper.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'DotDumper' +$category = 'dotNet' + +VM-Uninstall $toolName $category diff --git a/packages/dotnettojscript.vm/dotnettojscript.vm.nuspec b/packages/dotnettojscript.vm/dotnettojscript.vm.nuspec new file mode 100644 index 000000000..63b9537a2 --- /dev/null +++ b/packages/dotnettojscript.vm/dotnettojscript.vm.nuspec @@ -0,0 +1,12 @@ + + + + dotnettojscript.vm + 0.0.0.20230713 + James Forshaw + A tool to generate a JScript which bootstraps an arbitrary .NET Assembly and class. + + + + + diff --git a/packages/dotnettojscript.vm/tools/chocolateyinstall.ps1 b/packages/dotnettojscript.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..ace89062c --- /dev/null +++ b/packages/dotnettojscript.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'DotNetToJScript' +$category = 'Payload Development' + +$zipUrl = 'https://github.com/tyranid/DotNetToJScript/archive/4dbe155912186f9574cb1889386540ba0e80c316.zip' +$zipSha256 = '12566bdfced108fafba97548c59c07be55988beb1c1e970e62bf40ddaebc4a0a' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/dotnettojscript.vm/tools/chocolateyuninstall.ps1 b/packages/dotnettojscript.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..4ec850a4d --- /dev/null +++ b/packages/dotnettojscript.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'DotNetToJScript' +$category = 'Payload Development' + +VM-Uninstall $toolName $category diff --git a/packages/dumpert.vm/dumpert.vm.nuspec b/packages/dumpert.vm/dumpert.vm.nuspec new file mode 100644 index 000000000..1b5f0eb93 --- /dev/null +++ b/packages/dumpert.vm/dumpert.vm.nuspec @@ -0,0 +1,12 @@ + + + + dumpert.vm + 0.0.0.20230711 + outflank + This tool demonstrates the use of direct System Calls and API unhooking and combines these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. + + + + + diff --git a/packages/dumpert.vm/tools/chocolateyinstall.ps1 b/packages/dumpert.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..b40b3ce06 --- /dev/null +++ b/packages/dumpert.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Dumpert' +$category = 'Credential Access' + +$zipUrl = 'https://github.com/outflanknl/Dumpert/archive/8000ca4c585b0fc317cee69504be22d1ac2ed779.zip' +$zipSha256 = '1ffbf3332db29e834c779008586c386ebbf1ca21e5c081ae6bba1a033d937bec' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/dumpert.vm/tools/chocolateyuninstall.ps1 b/packages/dumpert.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..aa96ccb94 --- /dev/null +++ b/packages/dumpert.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Dumpert' +$category = 'Credential Access' + +VM-Uninstall $toolName $category diff --git a/packages/evilclippy.vm/evilclippy.vm.nuspec b/packages/evilclippy.vm/evilclippy.vm.nuspec new file mode 100644 index 000000000..7bff2df60 --- /dev/null +++ b/packages/evilclippy.vm/evilclippy.vm.nuspec @@ -0,0 +1,12 @@ + + + + evilclippy.vm + 1.3 + outflank + A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. + + + + + diff --git a/packages/evilclippy.vm/tools/chocolateyinstall.ps1 b/packages/evilclippy.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..8b078f2a1 --- /dev/null +++ b/packages/evilclippy.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'EvilClippy' +$category = 'Payload Development' + +$zipUrl = 'https://github.com/outflanknl/EvilClippy/archive/refs/tags/v1.3.zip' +$zipSha256 = '6ff1633de0ce8b99d5cf59a3e3cddf1960d4e7410d1441fd86940db42a7785a7' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/evilclippy.vm/tools/chocolateyuninstall.ps1 b/packages/evilclippy.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..dc8694c1a --- /dev/null +++ b/packages/evilclippy.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'EvilClippy' +$category = 'Payload Development' + +VM-Uninstall $toolName $category diff --git a/packages/exiftool.vm/exiftool.vm.nuspec b/packages/exiftool.vm/exiftool.vm.nuspec index 884d43444..03e7f9bff 100644 --- a/packages/exiftool.vm/exiftool.vm.nuspec +++ b/packages/exiftool.vm/exiftool.vm.nuspec @@ -2,12 +2,12 @@ exiftool.vm - 12.62 + 12.68.0 Phil Harvey A tool for reeding and writing file metadata - + diff --git a/packages/explorersuite.vm/explorersuite.vm.nuspec b/packages/explorersuite.vm/explorersuite.vm.nuspec index 6228958d0..a31783c94 100644 --- a/packages/explorersuite.vm/explorersuite.vm.nuspec +++ b/packages/explorersuite.vm/explorersuite.vm.nuspec @@ -2,11 +2,11 @@ explorersuite.vm - 0.0.0.20221115 + 0.0.0.20230925 Erik Pistelli A suite of tools including CFF Explorer and a process viewer. - + diff --git a/packages/explorersuite.vm/tools/chocolateyinstall.ps1 b/packages/explorersuite.vm/tools/chocolateyinstall.ps1 index a4d6ebd00..aa53ce53d 100644 --- a/packages/explorersuite.vm/tools/chocolateyinstall.ps1 +++ b/packages/explorersuite.vm/tools/chocolateyinstall.ps1 @@ -26,7 +26,12 @@ try { VM-Assert-Path $shortcut } - Install-BinFile -Name 'CFFExplorer' -Path (Join-Path $toolDir 'CFF Explorer.exe') + $cffExplorerExecutablePath = Join-Path $toolDir 'CFF Explorer.exe' -Resolve + Install-BinFile -Name 'CFFExplorer' -Path $cffExplorerExecutablePath + # "Open with CFF Explorer" is added to the registry for several extensions, + # add it for all extension with same key to avoid duplication. + # Use same label and no icon to make it look the same for all extensions. + VM-Add-To-Right-Click-Menu 'Open with CFF Explorer' 'Open with CFF Explorer' "`"$cffExplorerExecutablePath`" %1" } catch { VM-Write-Log-Exception $_ -} \ No newline at end of file +} diff --git a/packages/explorersuite.vm/tools/chocolateyuninstall.ps1 b/packages/explorersuite.vm/tools/chocolateyuninstall.ps1 index c36d56a4c..d27127a3b 100644 --- a/packages/explorersuite.vm/tools/chocolateyuninstall.ps1 +++ b/packages/explorersuite.vm/tools/chocolateyuninstall.ps1 @@ -7,4 +7,6 @@ foreach ($subtoolName in $subtoolNames) { VM-Remove-Tool-Shortcut $subtoolName $category } -VM-Uninstall-With-Uninstaller "Explorer Suite IV" "EXE" "/VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP-" \ No newline at end of file +VM-Remove-From-Right-Click-Menu 'CFF explorer' + +VM-Uninstall-With-Uninstaller "Explorer Suite IV" "EXE" "/VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP-" diff --git a/packages/file.vm/file.vm.nuspec b/packages/file.vm/file.vm.nuspec index ed3317c9c..edcc1c917 100644 --- a/packages/file.vm/file.vm.nuspec +++ b/packages/file.vm/file.vm.nuspec @@ -2,11 +2,11 @@ file.vm - 0.0.0.20170108 + 0.0.0.20230925 A Windows port of the Linux `file` utility for checking header magics Nolen Scaiffe - + diff --git a/packages/file.vm/tools/chocolateyinstall.ps1 b/packages/file.vm/tools/chocolateyinstall.ps1 index 8687bca84..8d21ed280 100644 --- a/packages/file.vm/tools/chocolateyinstall.ps1 +++ b/packages/file.vm/tools/chocolateyinstall.ps1 @@ -13,7 +13,7 @@ try { $scriptPath = Join-Path $executableDir "leave_file_open.bat" [IO.File]::WriteAllLines($scriptPath, $("`"$executablePath`" %1", "PAUSE")) - VM-Add-To-Right-Click-Menu $toolName "file type" "`"$scriptPath`" `"%1`"" "file" + VM-Add-To-Right-Click-Menu $toolName "file type" "`"$scriptPath`" `"%1`"" } catch { VM-Write-Log-Exception $_ } diff --git a/packages/file.vm/tools/chocolateyuninstall.ps1 b/packages/file.vm/tools/chocolateyuninstall.ps1 index 28509ccd8..20ecaf21b 100644 --- a/packages/file.vm/tools/chocolateyuninstall.ps1 +++ b/packages/file.vm/tools/chocolateyuninstall.ps1 @@ -5,4 +5,4 @@ $toolName = 'file' $category = 'Utilities' VM-Uninstall $toolName $category -VM-Remove-From-Right-Click-Menu $toolName "file" +VM-Remove-From-Right-Click-Menu $toolName diff --git a/packages/flarevm.installer.vm/flarevm.installer.vm.nuspec b/packages/flarevm.installer.vm/flarevm.installer.vm.nuspec index 71e3b5038..9aee17118 100644 --- a/packages/flarevm.installer.vm/flarevm.installer.vm.nuspec +++ b/packages/flarevm.installer.vm/flarevm.installer.vm.nuspec @@ -2,7 +2,7 @@ flarevm.installer.vm - 0.0.0.20221201 + 0.0.0.20230626 FLARE VM Installer FLARE Generic installer for Mandiant's custom virtual machines. Originally created by FLARE for FLARE VM, a malware analysis environment. diff --git a/packages/flarevm.installer.vm/tools/chocolateyinstall.ps1 b/packages/flarevm.installer.vm/tools/chocolateyinstall.ps1 index 6985d2fcd..0257bdbbb 100644 --- a/packages/flarevm.installer.vm/tools/chocolateyinstall.ps1 +++ b/packages/flarevm.installer.vm/tools/chocolateyinstall.ps1 @@ -3,8 +3,8 @@ $global:VerbosePreference = "SilentlyContinue" Import-Module vm.common -Force -DisableNameChecking function Get-InstalledPackages { - if (Get-Command clist -ErrorAction:SilentlyContinue) { - chocolatey list -l -r -all | ForEach-Object { + if (Get-Command choco -ErrorAction:SilentlyContinue) { + powershell.exe "choco list -r" | ForEach-Object { $Name, $Version = $_ -split '\|' New-Object -TypeName psobject -Property @{ 'Name' = $Name @@ -60,7 +60,7 @@ try { } } - $installedPackages = chocolatey list -l -r -all | Out-String + $installedPackages = choco list -r | Out-String VM-Write-Log "INFO" "Packages installed:`n$installedPackages" # Write each failed package to failure file diff --git a/packages/flare-floss.vm/flare-floss.vm.nuspec b/packages/floss.vm/floss.vm.nuspec similarity index 94% rename from packages/flare-floss.vm/flare-floss.vm.nuspec rename to packages/floss.vm/floss.vm.nuspec index 9ef552cd9..febb53e25 100755 --- a/packages/flare-floss.vm/flare-floss.vm.nuspec +++ b/packages/floss.vm/floss.vm.nuspec @@ -2,7 +2,7 @@ floss.vm - 2.2.0 + 2.3.0 FLOSS uses advanced static analysis techniques to automatically deobfuscate strings from malware binaries. You can use it just like strings.exe to enhance basic static analysis of unknown binaries. @williballenthin, @mr-tz diff --git a/packages/flare-floss.vm/tools/chocolateyinstall.ps1 b/packages/floss.vm/tools/chocolateyinstall.ps1 similarity index 70% rename from packages/flare-floss.vm/tools/chocolateyinstall.ps1 rename to packages/floss.vm/tools/chocolateyinstall.ps1 index 3fa374681..ab2f222fe 100755 --- a/packages/flare-floss.vm/tools/chocolateyinstall.ps1 +++ b/packages/floss.vm/tools/chocolateyinstall.ps1 @@ -4,8 +4,8 @@ Import-Module vm.common -Force -DisableNameChecking $toolName = 'FLOSS' $category = 'Utilities' -$zipUrl = "https://github.com/mandiant/flare-floss/releases/download/v2.2.0/floss-v2.2.0-windows.zip" -$zipSha256 = "edc206110a62bba4c27ff245d93e66d237c74c27f98ae05b9478151fbaed8aee" +$zipUrl = "https://github.com/mandiant/flare-floss/releases/download/v2.3.0/floss-v2.3.0-windows.zip" +$zipSha256 = "30afca951815545e68c76feae0675127fe742e5b3b16f75ba751aef3985ab053" VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true diff --git a/packages/flare-floss.vm/tools/chocolateyuninstall.ps1 b/packages/floss.vm/tools/chocolateyuninstall.ps1 similarity index 100% rename from packages/flare-floss.vm/tools/chocolateyuninstall.ps1 rename to packages/floss.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/flare-floss.vm/tools/icon.ico b/packages/floss.vm/tools/icon.ico similarity index 100% rename from packages/flare-floss.vm/tools/icon.ico rename to packages/floss.vm/tools/icon.ico diff --git a/packages/flare-floss.vm/tools/icon_white.ico b/packages/floss.vm/tools/icon_white.ico similarity index 100% rename from packages/flare-floss.vm/tools/icon_white.ico rename to packages/floss.vm/tools/icon_white.ico diff --git a/packages/fuzzdb.vm/fuzzdb.vm.nuspec b/packages/fuzzdb.vm/fuzzdb.vm.nuspec new file mode 100644 index 000000000..75bc8527f --- /dev/null +++ b/packages/fuzzdb.vm/fuzzdb.vm.nuspec @@ -0,0 +1,12 @@ + + + + fuzzdb.vm + 0.0.0.20230711 + fuzzdb-project + FuzzDB is the most comprehensive open dictionary of fault injection patterns, predictable resource locations, and regex for matching server responses. + + + + + diff --git a/packages/fuzzdb.vm/tools/chocolateyinstall.ps1 b/packages/fuzzdb.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..c9e609eeb --- /dev/null +++ b/packages/fuzzdb.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'FuzzDB' +$category = 'Wordlists' + +$zipUrl = 'https://github.com/fuzzdb-project/fuzzdb/archive/5656ab25dc6bb43bae32236fab775658a90d7380.zip' +$zipSha256 = 'b732136975be06f71e8c8cfa6923a6dfba028b7f8c4cfa21c6280ef5b74aa1fa' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/fuzzdb.vm/tools/chocolateyuninstall.ps1 b/packages/fuzzdb.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..6de2bba12 --- /dev/null +++ b/packages/fuzzdb.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'FuzzDB' +$category = 'Wordlists' + +VM-Uninstall $toolName $category diff --git a/packages/gadgettojscript.vm/gadgettojscript.vm.nuspec b/packages/gadgettojscript.vm/gadgettojscript.vm.nuspec new file mode 100644 index 000000000..bdb81c345 --- /dev/null +++ b/packages/gadgettojscript.vm/gadgettojscript.vm.nuspec @@ -0,0 +1,12 @@ + + + + gadgettojscript.vm + 2.0.0.20230713 + med0x2e + A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA scripts. + + + + + diff --git a/packages/gadgettojscript.vm/tools/chocolateyinstall.ps1 b/packages/gadgettojscript.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..24cc3e9e3 --- /dev/null +++ b/packages/gadgettojscript.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'GadgetToJScript' +$category = 'Payload Development' + +$zipUrl = 'https://github.com/med0x2e/GadgetToJScript/archive/98f50984015c29eecb11c6c4ddc3c2cc3a6669da.zip' +$zipSha256 = '093451115744beec90e7de4efc61857361b56d16a3a31d78182a8c7ef675938b' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/gadgettojscript.vm/tools/chocolateyuninstall.ps1 b/packages/gadgettojscript.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..c96e2f164 --- /dev/null +++ b/packages/gadgettojscript.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'GadgetToJScript' +$category = 'Payload Development' + +VM-Uninstall $toolName $category diff --git a/packages/garbageman.vm/garbageman.vm.nuspec b/packages/garbageman.vm/garbageman.vm.nuspec new file mode 100644 index 000000000..f5f68648b --- /dev/null +++ b/packages/garbageman.vm/garbageman.vm.nuspec @@ -0,0 +1,13 @@ + + + + garbageman.vm + 0.2.4 + alphillips-lab + A set of tools designed for .NET heap analysis. + + + + + + diff --git a/packages/garbageman.vm/tools/chocolateyinstall.ps1 b/packages/garbageman.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..a4c40bb87 --- /dev/null +++ b/packages/garbageman.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,69 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +#VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -innerFolder $true + +try { + $toolName = 'GarbageMan' + $category = 'dotNet' + + $zipUrl = 'https://github.com/WithSecureLabs/GarbageMan/releases/download/v0.2.4/GarbageMan-0.2.4.zip' + $zipSha256 = '84007e73a21c491e9517ff70955fc8ff02b0a4a0d562d3e21521b6169b21004e' + + $toolDir = Join-Path ${Env:RAW_TOOLS_DIR} $toolName + $unzipLocation = $toolDir + $shortcutDir = Join-Path ${Env:TOOL_LIST_DIR} $category + + $innerFolder = $true + + # Remove files from previous zips for upgrade + VM-Remove-PreviousZipPackage ${Env:chocolateyPackageFolder} + + $oldDirList = @() + if (Test-Path $toolDir) { + $oldDirList = @(Get-ChildItem $toolDir | Where-Object {$_.PSIsContainer}) + } + + # Download and unzip + $packageArgs = @{ + packageName = ${Env:ChocolateyPackageName} + unzipLocation = $unzipLocation + url = $zipUrl + checksum = $zipSha256 + checksumType = 'sha256' + url64bit = $zipUrl_64 + checksum64 = $zipSha256_64 + } + Install-ChocolateyZipPackage @packageArgs + VM-Assert-Path $toolDir + + # Diff and find new folders in $toolDir + $newDirList = @(Get-ChildItem $toolDir | Where-Object {$_.PSIsContainer}) + $diffDirs = Compare-Object -ReferenceObject $oldDirList -DifferenceObject $newDirList -PassThru + + # If $innerFolder is set to $true, after unzipping only a single folder should be new. + # GitHub ZIP files typically unzip to a single folder that contains the tools. + if ($innerFolder) { + # First time install, use the single resulting folder name from Install-ChocolateyZipPackage. + if ($diffDirs.Count -eq 1) { + # Save the "new tool directory" to assist with upgrading. + $newToolDir = Join-Path $toolDir $diffDirs[0].Name -Resolve + Set-Content (Join-Path ${Env:chocolateyPackageFolder} "innerFolder.txt") $newToolDir + $toolDir = $newToolDir + } else { + # On upgrade there may be no new directory, in this case retrieve previous "new tool directory" from saved file. + $toolDir = Get-Content (Join-Path ${Env:chocolateyPackageFolder} "innerFolder.txt") + } + } + + $executablePath = Join-Path $toolDir "$toolName.exe" -Resolve + $shortcut = Join-Path $shortcutDir "$toolName.lnk" + + $executableDir = $toolDir + Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $executablePath -WorkingDirectory $executableDir + VM-Assert-Path $shortcut + + return $executablePath +} catch { + VM-Write-Log-Exception $_ +} \ No newline at end of file diff --git a/packages/garbageman.vm/tools/chocolateyuninstall.ps1 b/packages/garbageman.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..0551202aa --- /dev/null +++ b/packages/garbageman.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'GarbageMan' +$category = 'dotNet' + +VM-Uninstall $toolName $category diff --git a/packages/getlapspasswords.vm/getlapspasswords.vm.nuspec b/packages/getlapspasswords.vm/getlapspasswords.vm.nuspec new file mode 100644 index 000000000..c8f882e06 --- /dev/null +++ b/packages/getlapspasswords.vm/getlapspasswords.vm.nuspec @@ -0,0 +1,12 @@ + + + + getlapspasswords.vm + 0.0.0.20230713 + kfosaaen + PowerShell function to pull the local admin passwords from LDAP, stored there by LAPS. + + + + + diff --git a/packages/getlapspasswords.vm/tools/chocolateyinstall.ps1 b/packages/getlapspasswords.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..f6e9fe69c --- /dev/null +++ b/packages/getlapspasswords.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,12 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Get-LAPSPasswords' +$category = 'Credential Access' + +$ps1Url = 'https://raw.githubusercontent.com/kfosaaen/Get-LAPSPasswords/2aeffed5dc16c0d7be91ba67b79cfaaf1da1eecd/Get-LAPSPasswords.ps1' +$ps1Sha256 = '2256ef01ad1a82633abc376246f0d05784a26f16fc99f1b66e6d42a3fafa2eb4' + +$ps1Cmd = 'Import-Module; Get-Help Get-LAPSPasswords' + +VM-Install-Single-Ps1 $toolName $category $ps1Url -ps1Sha256 $ps1Sha256 -ps1Cmd $ps1Cmd diff --git a/packages/getlapspasswords.vm/tools/chocolateyuninstall.ps1 b/packages/getlapspasswords.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..25e2748fb --- /dev/null +++ b/packages/getlapspasswords.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Get-LAPSPasswords' +$category = 'Credential Access' + +VM-Uninstall $toolName $category diff --git a/packages/ghidra.vm/ghidra.vm.nuspec b/packages/ghidra.vm/ghidra.vm.nuspec index 0e8c61f73..b4a3a5c8d 100644 --- a/packages/ghidra.vm/ghidra.vm.nuspec +++ b/packages/ghidra.vm/ghidra.vm.nuspec @@ -2,13 +2,13 @@ ghidra.vm - 10.3 + 10.3.3.20230920 National Security Agency A software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission. - - + + diff --git a/packages/gobuster.vm/gobuster.vm.nuspec b/packages/gobuster.vm/gobuster.vm.nuspec index 267a544fe..e6129c87d 100644 --- a/packages/gobuster.vm/gobuster.vm.nuspec +++ b/packages/gobuster.vm/gobuster.vm.nuspec @@ -2,7 +2,7 @@ gobuster.vm - 3.5.0 + 3.5.0.20230713 Directory/file and DNS busting tool written in Go OJ Reeves diff --git a/packages/gobuster.vm/tools/chocolateyinstall.ps1 b/packages/gobuster.vm/tools/chocolateyinstall.ps1 index a65ee169c..1ebb4cf5f 100644 --- a/packages/gobuster.vm/tools/chocolateyinstall.ps1 +++ b/packages/gobuster.vm/tools/chocolateyinstall.ps1 @@ -2,7 +2,7 @@ $ErrorActionPreference = 'Stop' Import-Module vm.common -Force -DisableNameChecking $toolName = 'GoBuster' -$category = 'Information Gathering' +$category = 'Reconnaissance' $zipUrl = "https://github.com/OJ/gobuster/releases/download/v3.5.0/gobuster_3.5.0_Windows_x86_64.zip" $zipSha256 = "6b2df88eb8fc3046f54116992e9a924284d2ebb228c810eb8e799a18181e2ec8" diff --git a/packages/gobuster.vm/tools/chocolateyuninstall.ps1 b/packages/gobuster.vm/tools/chocolateyuninstall.ps1 index b355f3920..b1d94111d 100644 --- a/packages/gobuster.vm/tools/chocolateyuninstall.ps1 +++ b/packages/gobuster.vm/tools/chocolateyuninstall.ps1 @@ -2,6 +2,6 @@ $ErrorActionPreference = 'Continue' Import-Module vm.common -Force -DisableNameChecking $toolName = 'GoBuster' -$category = 'Information Gathering' +$category = 'Reconnaissance' VM-Uninstall $toolName $category diff --git a/packages/goresym.vm/goresym.vm.nuspec b/packages/goresym.vm/goresym.vm.nuspec new file mode 100644 index 000000000..27df62062 --- /dev/null +++ b/packages/goresym.vm/goresym.vm.nuspec @@ -0,0 +1,12 @@ + + + + goresym.vm + 2.4 + stevemk14ebr + Go symbol recovery tool + + + + + diff --git a/packages/goresym.vm/tools/chocolateyinstall.ps1 b/packages/goresym.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..ce68dbb69 --- /dev/null +++ b/packages/goresym.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'GoReSym' +$category = 'Utilities' + +$zipUrl = 'https://github.com/mandiant/GoReSym/releases/download/v2.4/GoReSym-windows.zip' +$zipSha256 = '6d253e98fce443b5c818e0ae0c0f0a4e3587e0f0f7baf150383ead242e01babd' + +VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true diff --git a/packages/goresym.vm/tools/chocolateyuninstall.ps1 b/packages/goresym.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..f0c4d1e33 --- /dev/null +++ b/packages/goresym.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'GoReSym' +$category = 'Utilities' + +VM-Uninstall $toolName $category diff --git a/packages/gowitness.vm/gowitness.vm.nuspec b/packages/gowitness.vm/gowitness.vm.nuspec new file mode 100644 index 000000000..124ec6dff --- /dev/null +++ b/packages/gowitness.vm/gowitness.vm.nuspec @@ -0,0 +1,13 @@ + + + + gowitness.vm + 2.5.0 + sensepost + Website screenshot utility written in Golang, that uses Chrome Headless to generate screenshots of web interfaces using the command line, with a handy report viewer to process results. + + + + + + diff --git a/packages/gowitness.vm/tools/chocolateyinstall.ps1 b/packages/gowitness.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..eef1c2f0f --- /dev/null +++ b/packages/gowitness.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'GoWitness' +$category = 'Reconnaissance' + +$exeUrl = 'https://github.com/sensepost/gowitness/releases/download/2.5.0/gowitness-2.5.0-windows-amd64.exe' +$exeSha256 = '6b563d157e5b6a0ffd7a360d97a00d55ea579ca6c7146c88f65e1de820e14097' + +VM-Install-Single-Exe $toolName $category $exeUrl -exeSha256 $exeSha256 -consoleApp $true diff --git a/packages/gowitness.vm/tools/chocolateyuninstall.ps1 b/packages/gowitness.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..e230db1e0 --- /dev/null +++ b/packages/gowitness.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'GoWitness' +$category = 'Reconnaissance' + +VM-Uninstall $toolName $category diff --git a/packages/group3r.vm/group3r.vm.nuspec b/packages/group3r.vm/group3r.vm.nuspec new file mode 100644 index 000000000..b9bf3bd1c --- /dev/null +++ b/packages/group3r.vm/group3r.vm.nuspec @@ -0,0 +1,12 @@ + + + + group3r.vm + 1.0.59 + l0ss + Group3r is a tool for pentesters and red teamers to rapidly enumerate relevant settings in AD Group Policy, and to identify exploitable misconfigurations. + + + + + diff --git a/packages/group3r.vm/tools/chocolateyinstall.ps1 b/packages/group3r.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..8bddbc699 --- /dev/null +++ b/packages/group3r.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Group3r' +$category = 'Reconnaissance' + +$exeUrl = 'https://github.com/Group3r/Group3r/releases/download/1.0.59/Group3r.exe' +$exeSha256 = '427a990d8ee64c640faa8e1be48637ef64ec300615686d4bf212503c7926e2d4' + +VM-Install-Single-Exe $toolName $category $exeUrl -exeSha256 $exeSha256 -consoleApp $true diff --git a/packages/group3r.vm/tools/chocolateyuninstall.ps1 b/packages/group3r.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..5ebe60daa --- /dev/null +++ b/packages/group3r.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Group3r' +$category = 'Reconnaissance' + +VM-Uninstall $toolName $category diff --git a/packages/hashcat.vm/hashcat.vm.nuspec b/packages/hashcat.vm/hashcat.vm.nuspec new file mode 100644 index 000000000..2a5c4eb48 --- /dev/null +++ b/packages/hashcat.vm/hashcat.vm.nuspec @@ -0,0 +1,13 @@ + + + + hashcat.vm + 6.2.6 + Jens Steube (jsteube) + Hashcat is a fast password recovery utility. + + + + + + diff --git a/packages/hashcat.vm/tools/chocolateyinstall.ps1 b/packages/hashcat.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..2717cdf32 --- /dev/null +++ b/packages/hashcat.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,47 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + + +$toolName = 'hashcat' +$category = 'Credential Access' + +$zipUrl = 'https://github.com/hashcat/hashcat/releases/download/v6.2.6/hashcat-6.2.6.7z' +$zipSha256 = '96697e9ef6a795d45863c91d61be85a9f138596e3151e7c2cd63ccf48aaa8783' +$zipName = 'hashcat-6.2.6' +$toolDir = Join-Path ${Env:RAW_TOOLS_DIR} "$toolName" +$workingDir = Join-Path "$toolDir" "$zipname" + +try { + + # Get the processor information + $processor = Get-CimInstance Win32_Processor + + + # Check if the manufacturer is Intel + if ($processor.Manufacturer -eq "GenuineIntel") { + Write-Output "Intel processor detected for hashcat." + } else { + Write-Output "Non-Intel processor detected. Hashcat will not work" + throw "Non-Intel processor detected." + } + + + # Download the zip file + $packageArgs = @{ + packageName = ${Env:ChocolateyPackageName} + url = $zipUrl + checksum = $zipSha256 + checksumType = "sha256" + fileFullPath = Join-Path "${Env:USERPROFILE}\AppData\Local\Temp" ("$zipName.7z") + } + Get-ChocolateyWebFile @packageArgs + $zipPath = $packageArgs.fileFullPath + VM-Assert-Path $zipPath + + 7zip x $zipPath -o"$toolDir" -y + # Create a shortcut + $executablePath = Join-Path "$workingDir" "$toolName.exe" -Resolve + VM-Install-Shortcut $toolName $category $executablePath -consoleApp $true -executableDir $workingDir +} catch { + VM-Write-Log-Exception $_ +} \ No newline at end of file diff --git a/packages/hashcat.vm/tools/chocolateyuninstall.ps1 b/packages/hashcat.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..392b88d88 --- /dev/null +++ b/packages/hashcat.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'hashcat' +$category = 'Credential Access' + +VM-Uninstall $toolName $category diff --git a/packages/hashmyfiles.vm/hashmyfiles.vm.nuspec b/packages/hashmyfiles.vm/hashmyfiles.vm.nuspec index fabe554b4..ca26a9ee6 100644 --- a/packages/hashmyfiles.vm/hashmyfiles.vm.nuspec +++ b/packages/hashmyfiles.vm/hashmyfiles.vm.nuspec @@ -2,11 +2,11 @@ hashmyfiles.vm - 0.0.0.20220113 + 0.0.0.20230925 HashMyFiles is small utility that allows you to calculate the MD5 and SHA1 hashes of one or more files in your system. You can easily copy the MD5/SHA1 hashes list into the clipboard, or save them into text/html/xml file. Nir Sofer - + diff --git a/packages/hashmyfiles.vm/tools/chocolateyinstall.ps1 b/packages/hashmyfiles.vm/tools/chocolateyinstall.ps1 index dc10cc13d..dcf2be6e4 100644 --- a/packages/hashmyfiles.vm/tools/chocolateyinstall.ps1 +++ b/packages/hashmyfiles.vm/tools/chocolateyinstall.ps1 @@ -9,8 +9,8 @@ try { $zipUrl_64 = "https://www.nirsoft.net/utils/hashmyfiles-x64.zip" $executablePath = (VM-Install-From-Zip $toolName $category $zipUrl -zipUrl_64 $zipUrl_64)[-1] - VM-Add-To-Right-Click-Menu $toolName "HashMyFiles" "`"$executablePath`" `"%1`"" "file" - VM-Add-To-Right-Click-Menu $toolName "HashMyFiles" "`"$executablePath`" `"%1`"" "directory" + VM-Add-To-Right-Click-Menu $toolName "HashMyFiles" "`"$executablePath`" /file `"%1`"" "$executablePath" + VM-Add-To-Right-Click-Menu $toolName "HashMyFiles" "`"$executablePath`" /file `"%1`"" "$executablePath" -type "directory" } catch { VM-Write-Log-Exception $_ } diff --git a/packages/hashmyfiles.vm/tools/chocolateyuninstall.ps1 b/packages/hashmyfiles.vm/tools/chocolateyuninstall.ps1 index 0520dd23a..c6ba4f8dc 100644 --- a/packages/hashmyfiles.vm/tools/chocolateyuninstall.ps1 +++ b/packages/hashmyfiles.vm/tools/chocolateyuninstall.ps1 @@ -5,5 +5,5 @@ $toolName = 'hashmyfiles' $category = 'Utilities' VM-Uninstall $toolName $category -VM-Remove-From-Right-Click-Menu $toolName "file" -VM-Remove-From-Right-Click-Menu $toolName "directory" \ No newline at end of file +VM-Remove-From-Right-Click-Menu $toolName +VM-Remove-From-Right-Click-Menu $toolName -type "directory" diff --git a/packages/hxd.vm/hxd.vm.nuspec b/packages/hxd.vm/hxd.vm.nuspec index 30379c813..b52c701eb 100644 --- a/packages/hxd.vm/hxd.vm.nuspec +++ b/packages/hxd.vm/hxd.vm.nuspec @@ -2,11 +2,11 @@ hxd.vm - 2.5.0.20230425 + 2.5.0.20230925 Maël Hörz Freeware hex editor - + diff --git a/packages/hxd.vm/tools/chocolateyinstall.ps1 b/packages/hxd.vm/tools/chocolateyinstall.ps1 index 18d91df35..ea8b50a59 100644 --- a/packages/hxd.vm/tools/chocolateyinstall.ps1 +++ b/packages/hxd.vm/tools/chocolateyinstall.ps1 @@ -12,6 +12,8 @@ try { VM-Assert-Path $shortcut Install-BinFile -Name $toolName -Path $executablePath + + VM-Add-To-Right-Click-Menu $toolName $toolName "`"$executablePath`" `"%1`"" "$executablePath" } catch { VM-Write-Log-Exception $_ } diff --git a/packages/hxd.vm/tools/chocolateyuninstall.ps1 b/packages/hxd.vm/tools/chocolateyuninstall.ps1 index 18bf47a42..67282eab3 100644 --- a/packages/hxd.vm/tools/chocolateyuninstall.ps1 +++ b/packages/hxd.vm/tools/chocolateyuninstall.ps1 @@ -5,5 +5,5 @@ $toolName = 'HxD' $category = 'Hex Editors' VM-Remove-Tool-Shortcut $toolName $category +VM-Remove-From-Right-Click-Menu $toolName Uninstall-BinFile -Name $toolName - diff --git a/packages/ida.diaphora.vm/ida.diaphora.vm.nuspec b/packages/ida.diaphora.vm/ida.diaphora.vm.nuspec new file mode 100644 index 000000000..2c741b6f2 --- /dev/null +++ b/packages/ida.diaphora.vm/ida.diaphora.vm.nuspec @@ -0,0 +1,13 @@ + + + + ida.diaphora.vm + 3.1 + joxeankoret + Diaphora is a program diffing tool that works as an IDA plugin. + + + + + + diff --git a/packages/ida.diaphora.vm/tools/chocolateyinstall.ps1 b/packages/ida.diaphora.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..6b391a5dd --- /dev/null +++ b/packages/ida.diaphora.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,12 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'diaphora' +$category = 'Utilities' +$executableName = "diaphora.py" + +$zipUrl = 'https://github.com/joxeankoret/diaphora/archive/refs/tags/3.1.zip' +$zipSha256 = '5802ebca119d2af4bb99434ce575dc4299396e95c7c6b01895d4a34c8d9d559d' + +# Diaphora needs to be executed from IDA, do not install bin file +VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -executableName $executableName -innerFolder $true -withoutBinFile diff --git a/packages/ida.diaphora.vm/tools/chocolateyuninstall.ps1 b/packages/ida.diaphora.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..43f920eb4 --- /dev/null +++ b/packages/ida.diaphora.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'diaphora' +$category = 'Utilities' + +VM-Uninstall $toolName $category diff --git a/packages/ida.plugin.capa.vm/ida.plugin.capa.vm.nuspec b/packages/ida.plugin.capa.vm/ida.plugin.capa.vm.nuspec new file mode 100755 index 000000000..b22a4e0e5 --- /dev/null +++ b/packages/ida.plugin.capa.vm/ida.plugin.capa.vm.nuspec @@ -0,0 +1,13 @@ + + + + ida.plugin.capa.vm + 6.1.0 + capa explorer is an IDAPython plugin that integrates capa with IDA Pro. + @mike-hunhoff, @williballenthin, @mr-tz + + + + + + diff --git a/packages/ida.plugin.capa.vm/tools/chocolateyinstall.ps1 b/packages/ida.plugin.capa.vm/tools/chocolateyinstall.ps1 new file mode 100755 index 000000000..e2d8964e8 --- /dev/null +++ b/packages/ida.plugin.capa.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,43 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +try { + # Install plugin + $pluginUrl = "https://raw.githubusercontent.com/mandiant/capa/v6.1.0/capa/ida/plugin/capa_explorer.py" + $pluginSha256 = "a9a60d9066c170c4e18366eb442f215009433bcfe277d3c6d0c4c9860824a7d3" + $pluginsDir = New-Item "$Env:APPDATA\Hex-Rays\IDA Pro\plugins" -ItemType "directory" -Force + $pluginPath = Join-Path $pluginsDir "capa_explorer.py" + $packageArgs = @{ + packageName = ${Env:ChocolateyPackageName} + url = $pluginUrl + checksum = $pluginSha256 + checksumType = "sha256" + fileFullPath = $pluginPath + forceDownload = $true + } + Get-ChocolateyWebFile @packageArgs + VM-Assert-Path $pluginPath + + # Download capa rules + $rulesUrl = "https://github.com/mandiant/capa-rules/archive/refs/tags/v6.1.0.zip" + $rulesSha256 = "d87240475b2989e919f65381556f28b455a2f7d6cd35d95acdbbbe9f04f86c84" + $packageArgs = @{ + packageName = ${Env:ChocolateyPackageName} + unzipLocation = $pluginsDir + url = $rulesUrl + checksum = $rulesSha256 + checksumType = 'sha256' + } + Install-ChocolateyZipPackage @packageArgs + $rulesDir = Join-Path $pluginsDir "capa-rules-6.1.0" -Resolve + + # Set capa rules in the capa plugin + $registryPath = 'HKCU:\SOFTWARE\IDAPython\IDA-Settings\capa' + New-Item $registryPath -Force | Out-Null + # ida_settings expects '/' in the rule path + $value = $rulesDir.replace("\", "/") + Set-ItemProperty $registryPath -Name "rule_path" -Value "`"$value`"" -Force | Out-Null +} catch { + VM-Write-Log-Exception $_ +} + diff --git a/packages/ida.plugin.capa.vm/tools/chocolateyuninstall.ps1 b/packages/ida.plugin.capa.vm/tools/chocolateyuninstall.ps1 new file mode 100755 index 000000000..7e1619123 --- /dev/null +++ b/packages/ida.plugin.capa.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,15 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$pluginsDir = "$Env:APPDATA\Hex-Rays\IDA Pro\plugins" + +# Uninstall plugin +$pluginPath = Join-Path $pluginsDir "capa_explorer.py" +Remove-Item $pluginPath + +# Delete capa rules +$rulesDir = Join-Path $pluginsDir "capa-rules-6.1.0" +Remove-Item $rulesDir + +# Delete registry information +Remove-Item 'HKCU:\SOFTWARE\IDAPython\IDA-Settings\capa' diff --git a/packages/idafree.vm/idafree.vm.nuspec b/packages/idafree.vm/idafree.vm.nuspec index 20a4fa94b..ee3bca528 100644 --- a/packages/idafree.vm/idafree.vm.nuspec +++ b/packages/idafree.vm/idafree.vm.nuspec @@ -2,11 +2,11 @@ idafree.vm - 7.6.20230418 + 8.3 hex-rays Free version of IDA, a powerful Interactive DisAssembler and debugger - + diff --git a/packages/idafree.vm/tools/chocolateyinstall.ps1 b/packages/idafree.vm/tools/chocolateyinstall.ps1 index 562a20db3..946ebbb5e 100644 --- a/packages/idafree.vm/tools/chocolateyinstall.ps1 +++ b/packages/idafree.vm/tools/chocolateyinstall.ps1 @@ -10,13 +10,13 @@ try { packageName = ${Env:ChocolateyPackageName} fileType = 'exe' silentArgs = '--mode unattended' - url = 'https://out7.hex-rays.com/files/idafree76_windows.exe' - checksum = '2ecc5b2f5329c4e7a4243634801180be38a397c31a330324c8abc605f5dffb9e' + url = 'https://out7.hex-rays.com/files/idafree83_windows.exe' + checksum = '10080a057704630578e697c6bb0b09968a54138075cacab175f62d60c71d0a1f' checksumType = 'sha256' } Install-ChocolateyPackage @packageArgs - $toolDir = Join-Path ${Env:ProgramFiles} "IDA Freeware 7.6" -Resolve + $toolDir = Join-Path ${Env:ProgramFiles} "IDA Freeware 8.3" -Resolve $executablePath = Join-Path $toolDir "ida64.exe" -Resolve $shortcut = Join-Path $shortcutDir "$toolname.lnk" Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $executablePath @@ -25,10 +25,21 @@ try { Install-BinFile -Name $toolname -Path $executablePath # Delete Desktop shortcut - $desktopShortcut = Join-Path ${Env:Public} "Desktop\IDA Freeware 7.6.lnk" + $desktopShortcut = Join-Path ${Env:Public} "Desktop\IDA Freeware 8.3.lnk" if (Test-Path $desktopShortcut) { Remove-Item $desktopShortcut -Force -ea 0 } + + $menuIcon = Join-Path $toolDir "ida.ico" -Resolve + # Run a Powershell script to open with last IDA Pro version which is likely installed after the IDA free package. + # It takes slightly longer than using an static path but it works after installing IDA Pro and every time you update it. + # The "-WindowStyle hidden" still shows the Powershell Window briefly: https://github.com/PowerShell/PowerShell/issues/3028 + # We could use the run-hidden wrapper, which won't display the Window but is likely slightly slower. + $script = "`$idaExecutable = Get-Item '$Env:programfiles\IDA Pro *\ida.exe' | Select-Object -Last 1; if (!`$idaExecutable) { `$idaExecutable = '$executablePath' }; & `$idaExecutable '%1'" + VM-Add-To-Right-Click-Menu $toolName 'Open with IDA' "powershell.exe -WindowStyle hidden `"$script`"" "$menuIcon" + # Repeat for x64 + $script = "`$idaExecutable = Get-Item '$Env:programfiles\IDA Pro *\ida64.exe' | Select-Object -Last 1; if (!`$idaExecutable) { `$idaExecutable = '$executablePath' }; & `$idaExecutable '%1'" + VM-Add-To-Right-Click-Menu $toolName-64 'Open with IDA (x64)' "powershell.exe -WindowStyle hidden `"$script`"" "$executablePath" } catch { VM-Write-Log-Exception $_ } diff --git a/packages/idafree.vm/tools/chocolateyuninstall.ps1 b/packages/idafree.vm/tools/chocolateyuninstall.ps1 index 34663e3b8..a93c42ec3 100644 --- a/packages/idafree.vm/tools/chocolateyuninstall.ps1 +++ b/packages/idafree.vm/tools/chocolateyuninstall.ps1 @@ -11,4 +11,7 @@ VM-Remove-Tool-Shortcut $toolName $category Uninstall-BinFile -Name $toolName # Manually silently uninstall -VM-Uninstall-With-Uninstaller "IDA Freeware*?7.6" "EXE" "--mode unattended" \ No newline at end of file +VM-Uninstall-With-Uninstaller "IDA Freeware*?8.3" "EXE" "--mode unattended" + +VM-Remove-From-Right-Click-Menu $toolName +VM-Remove-From-Right-Click-Menu $toolName-64 diff --git a/packages/idr.vm/idr.vm.nuspec b/packages/idr.vm/idr.vm.nuspec new file mode 100644 index 000000000..8d66cd093 --- /dev/null +++ b/packages/idr.vm/idr.vm.nuspec @@ -0,0 +1,12 @@ + + + + idr.vm + 0.0.0.20230627 + crypto + Interactive Delphi Reconstructor + + + + + diff --git a/packages/idr.vm/tools/chocolateyinstall.ps1 b/packages/idr.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..02dbb1df1 --- /dev/null +++ b/packages/idr.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,51 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +try { + # The way of distributing this tool is unusual, so we can't use the helper functions + $toolName = 'idr' + $category = 'Delphi' + + $zipUrl = 'https://github.com/crypto2011/IDR/archive/da98ef6871b75303bcf1a5acc692e38178c7833e.zip' + $zipSha256 = 'ea779489a868deb811e403398ec3c1b65484f60811f5fff95a0ae42563b68caf' + + $toolDir = Join-Path ${Env:RAW_TOOLS_DIR} $toolName + + # Create a temp directory to download zip + $tempDownloadDir = Join-Path ${Env:chocolateyPackageFolder} "temp_$([guid]::NewGuid())" + + # Download and unzip + $packageArgs = @{ + packageName = ${Env:ChocolateyPackageName} + unzipLocation = $tempDownloadDir + url = $zipUrl + checksum = $zipSha256 + checksumType = 'sha256' + } + Install-ChocolateyZipPackage @packageArgs | Out-Null + VM-Assert-Path $tempDownloadDir + + # Get the unzipped directory + $unzippedDir = (Get-ChildItem -Directory $tempDownloadDir | Where-Object {$_.PSIsContainer} | Select-Object -f 1).FullName + + # Create tool directory and copy needed files to it + New-Item -Path $toolDir -ItemType Directory -Force | Out-Null + Move-Item "$unzippedDir\bin\idr.exe" $toolDir -Force + Move-Item "$unzippedDir\bin\dis.dll" $toolDir -Force + Move-Item "$unzippedDir\bin\Icons.dll" $toolDir -Force + Move-Item "$unzippedDir\*.bin" $toolDir -Force + # Copy all knowledge bases + $zippedBases = Get-ChildItem -Path $unzippedDir -Recurse -Filter "kb*.7z" | ForEach-Object { $_.FullName } + foreach ($zippedBase in $zippedBases) { + Get-ChocolateyUnzip -FileFullPath $zippedBase -Destination $toolDir + } + + # Attempt to remove temporary directory + Remove-Item $tempDownloadDir -Recurse -Force -ea 0 + + $executablePath = Join-Path $toolDir "$toolName.exe" -Resolve + VM-Install-Shortcut -toolName $toolName -category $category -executablePath $executablePath +} catch { + VM-Write-Log-Exception $_ +} + diff --git a/packages/idr.vm/tools/chocolateyuninstall.ps1 b/packages/idr.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..4677a2edb --- /dev/null +++ b/packages/idr.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'idr' +$category = 'Delphi' + +VM-Uninstall $toolName $category diff --git a/packages/ifpstools.vm/ifpstools.vm.nuspec b/packages/ifpstools.vm/ifpstools.vm.nuspec new file mode 100644 index 000000000..4e9ca7884 --- /dev/null +++ b/packages/ifpstools.vm/ifpstools.vm.nuspec @@ -0,0 +1,12 @@ + + + + ifpstools.vm + 2.0.2 + Wack0, Jonson Tan + IFPSTools.NET: tools for working with RemObject PascalScript compiled bytecode files + + + + + diff --git a/packages/ifpstools.vm/tools/chocolateyinstall.ps1 b/packages/ifpstools.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..f877e8520 --- /dev/null +++ b/packages/ifpstools.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,11 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +# IFPSTools.NET includes several tools, but we only create a shortcut for ifpsdasm (and add it to path) +$toolName = 'ifpsdasm' +$category = 'InnoSetup' + +$zipUrl = 'https://github.com/Wack0/IFPSTools.NET/releases/download/v2.0.2/ifpstools-net_v2.0.2.zip' +$zipSha256 = 'bf5242e1b950055b496a5e42a828c687681aee5f259ed262236b0bc52e02e5b8' + +VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true -arguments $null diff --git a/packages/ifpstools.vm/tools/chocolateyuninstall.ps1 b/packages/ifpstools.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..0aea33156 --- /dev/null +++ b/packages/ifpstools.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'ifpsdasm' +$category = 'InnoSetup' + +VM-Uninstall $toolName $category diff --git a/packages/ilspy.vm/ilspy.vm.nuspec b/packages/ilspy.vm/ilspy.vm.nuspec new file mode 100644 index 000000000..3ed7936b7 --- /dev/null +++ b/packages/ilspy.vm/ilspy.vm.nuspec @@ -0,0 +1,13 @@ + + + + ilspy.vm + 8.1.1 + SharpDevelop Team + The open-source .NET assembly browser and decompiler. + + + + + + diff --git a/packages/ilspy.vm/tools/chocolateyinstall.ps1 b/packages/ilspy.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..6850b8234 --- /dev/null +++ b/packages/ilspy.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,16 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +try { + $toolName = 'ILSpy' + $category = 'dotNet' + $shimPath = 'bin\ilspy.exe' + + $shortcutDir = Join-Path ${Env:TOOL_LIST_DIR} $category + $shortcut = Join-Path $shortcutDir "$toolName.lnk" + $executablePath = Join-Path ${Env:ChocolateyInstall} $shimPath -Resolve + Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $executablePath -RunAsAdmin + VM-Assert-Path $shortcut +} catch { + VM-Write-Log-Exception $_ +} diff --git a/packages/ilspy.vm/tools/chocolateyuninstall.ps1 b/packages/ilspy.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..9322e67c4 --- /dev/null +++ b/packages/ilspy.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'ILSpy' +$category = 'dotNet' + +VM-Remove-Tool-Shortcut $toolName $category diff --git a/packages/imhex.vm/imhex.vm.nuspec b/packages/imhex.vm/imhex.vm.nuspec new file mode 100644 index 000000000..8283426ae --- /dev/null +++ b/packages/imhex.vm/imhex.vm.nuspec @@ -0,0 +1,13 @@ + + + + imhex.vm + 1.31.0 + WerWolv + A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM. + + + + + + \ No newline at end of file diff --git a/packages/imhex.vm/tools/chocolateyinstall.ps1 b/packages/imhex.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..765f1abca --- /dev/null +++ b/packages/imhex.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,17 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +try { + $toolName = 'ImHex' + $category = 'Hex Editors' + + $shortcutDir = Join-Path ${Env:TOOL_LIST_DIR} $category + $shortcut = Join-Path $shortcutDir "$toolName.lnk" + $executablePath = Join-Path ${Env:ChocolateyInstall} "bin\imhex.exe" -Resolve + Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $executablePath + VM-Assert-Path $shortcut + + VM-Add-To-Right-Click-Menu $toolName $toolName "`"$executablePath`" `"%1`"" "$executablePath" +} catch { + VM-Write-Log-Exception $_ +} \ No newline at end of file diff --git a/packages/imhex.vm/tools/chocolateyuninstall.ps1 b/packages/imhex.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..499e5cf17 --- /dev/null +++ b/packages/imhex.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,8 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'ImHex' +$category = 'Hex Editors' + +VM-Remove-Tool-Shortcut $toolName $category +VM-Remove-From-Right-Click-Menu $toolName \ No newline at end of file diff --git a/packages/innoextract.vm/innoextract.vm.nuspec b/packages/innoextract.vm/innoextract.vm.nuspec new file mode 100644 index 000000000..2b49e5ec8 --- /dev/null +++ b/packages/innoextract.vm/innoextract.vm.nuspec @@ -0,0 +1,12 @@ + + + + innoextract.vm + 1.9.0.20230710 + Daniel Scharrer + A tool to extract Inno Setup installers. + + + + + diff --git a/packages/innoextract.vm/tools/chocolateyinstall.ps1 b/packages/innoextract.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..6d977ae1f --- /dev/null +++ b/packages/innoextract.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'innoextract' +$category = 'InnoSetup' + +$zipUrl = 'https://constexpr.org/innoextract/files/innoextract-1.9/innoextract-1.9-windows.zip' +$zipSha256 = '6989342c9b026a00a72a38f23b62a8e6a22cc5de69805cf47d68ac2fec993065' + +VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true diff --git a/packages/innoextract.vm/tools/chocolateyuninstall.ps1 b/packages/innoextract.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..cd62be8cf --- /dev/null +++ b/packages/innoextract.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'innoextract' +$category = 'InnoSetup' + +VM-Uninstall $toolName $category diff --git a/packages/innounp.vm/innounp.vm.nuspec b/packages/innounp.vm/innounp.vm.nuspec new file mode 100644 index 000000000..d562d3ea9 --- /dev/null +++ b/packages/innounp.vm/innounp.vm.nuspec @@ -0,0 +1,12 @@ + + + + innounp.vm + 0.50.0.20230710 + QuickeneR, Ariman + Unpacker for Inno Setup installers. + + + + + diff --git a/packages/innounp.vm/tools/chocolateyinstall.ps1 b/packages/innounp.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..51c309b75 --- /dev/null +++ b/packages/innounp.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'innounp' +$category = 'InnoSetup' + +$exeUrl = 'https://github.com/WhatTheBlock/innounp/releases/download/v0.50/innounp.exe' +$exeSha256 = '9b72ad9f93d167652a0e2bf3921abdfd3e6747c5e718461a2e58b9dfacd31f4c' + +VM-Install-Single-Exe $toolName $category $exeUrl -exeSha256 $exeSha256 -consoleApp $true diff --git a/packages/innounp.vm/tools/chocolateyuninstall.ps1 b/packages/innounp.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..59d89a272 --- /dev/null +++ b/packages/innounp.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'innounp' +$category = 'InnoSetup' + +VM-Uninstall $toolName $category diff --git a/packages/installer.vm/installer.vm.nuspec b/packages/installer.vm/installer.vm.nuspec new file mode 100644 index 000000000..0df338642 --- /dev/null +++ b/packages/installer.vm/installer.vm.nuspec @@ -0,0 +1,13 @@ + + + + installer.vm + 0.0.0.20231018 + Mandiant + Generic installer for custom virtual machines. + + + + + + diff --git a/packages/installer.vm/tools/chocolateyinstall.ps1 b/packages/installer.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..cd8687720 --- /dev/null +++ b/packages/installer.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,229 @@ +$ErrorActionPreference = 'Continue' +$global:VerbosePreference = "SilentlyContinue" +Import-Module vm.common -Force -DisableNameChecking + +try { + # Gather packages to install + $installedPackages = (VM-Get-InstalledPackages).Name + $configPath = Join-Path ${Env:VM_COMMON_DIR} "packages.xml" -Resolve + $configXml = [xml](Get-Content $configPath) + $packagesToInstall = $configXml.config.packages.package.name | Where-Object { $installedPackages -notcontains $_ } + + # List packages to install + Write-Host "[+] Packages to install:" + foreach ($package in $packagesToInstall) { + Write-Host "`t[+] $package" + } + Start-Sleep 1 + + # Install the packages + try { + foreach ($package in $packagesToInstall) { + VM-Write-Log "INFO" "Installing: $package" + choco install "$package" -y + if ($LASTEXITCODE) { + VM-Write-Log "INFO" "`t$package has been installed" + } else { + VM-Write-Log "ERROR" "`t$package has not been installed" + } + } + } catch { + VM-Write-Log-Exception $_ + } + VM-Write-Log "INFO" "Packages installation complete" + + # Set Profile/Version specific configurations + VM-Write-Log "INFO" "Beginning Windows OS VM profile configuration changes" + $configPath = Join-Path $Env:VM_COMMON_DIR "config.xml" -Resolve + VM-Apply-Configurations $configPath + + # Configure PowerShell and cmd prompts + VM-Configure-Prompts + + # Configure PowerShell Logging + VM-Configure-PS-Logging + + # Configure Desktop\Tools folder with a custom icon if it exists + $iconPath = Join-Path $Env:VM_COMMON_DIR "vm.ico" + if (Test-Path $iconPath) { + $folderPath = $Env:TOOL_LIST_DIR + # Set the icon + if (Test-Path -Path $folderPath -PathType Container) { + # Full path to the desktop.ini file inside the folder + $desktopIniPath = Join-Path -Path $folderPath -ChildPath 'desktop.ini' + + # Check if desktop.ini already exists + if (-Not (Test-Path -Path $desktopIniPath)) { + # Create an empty desktop.ini if it doesn't exist + Set-Content -Path $desktopIniPath -Value '' + } + + # Make the folder "system" to enable custom settings like icon change + Start-Process "attrib" -ArgumentList "+s $folderPath" -Wait + + # Write the needed settings into desktop.ini + Add-Content -Path $desktopIniPath -Value "[.ShellClassInfo]" + Add-Content -Path $desktopIniPath -Value ("IconResource=$iconPath,0") + + # Make the desktop.ini file hidden and system + Start-Process "attrib" -ArgumentList " +h +s $desktopIniPath" -Wait + } + } + # Refresh the desktop + VM-Refresh-Desktop + + # Remove Chocolatey cache + $cache = "${Env:LocalAppData}\ChocoCache" + Remove-Item $cache -Recurse -Force + + # Construct failed packages file path + $failedPackages = Join-Path $Env:VM_COMMON_DIR "failed_packages.txt" + $failures = @{} + + # Check and list failed packages from "lib-bad" + $chocoLibBad = Join-Path ${Env:ProgramData} "chocolatey\lib-bad" + if ((Test-Path $chocoLibBad) -and (Get-ChildItem -Path $chocoLibBad | Measure-Object).Count -gt 0) { + Get-ChildItem -Path $chocoLibBad | Foreach-Object { + $failures[$_.Name] = $true + } + } + + # Cross-compare packages to install versus installed packages to find failed packages + $installedPackages = VM-Get-InstalledPackages + foreach ($package in $packagesToInstall) { + if ($installedPackages.Name -notcontains $package) { + $failures[$package] = $true + } + } + + # Write installed packages to log file + foreach ($package in $installedPackages){ + VM-Write-Log "INFO" "Packages installed: $($package.Name) | $($package.Version)" + } + + # Write each failed package to failure file + foreach ($package in $failures.Keys) { + VM-Write-Log "ERROR" "Failed to install: $package" + Add-Content $failedPackages $package + } + + # Log additional info if we found failed packages + $logPath = Join-Path ${Env:VM_COMMON_DIR} "log.txt" + if ((Test-Path $failedPackages)) { + VM-Write-Log "ERROR" "For each failed package, you may attempt a manual install via: choco install -y " + VM-Write-Log "ERROR" "Failed package list saved to: $failedPackages" + VM-Write-Log "ERROR" "Please check the following logs for additional errors:" + VM-Write-Log "ERROR" "`t$logPath (this file)" + VM-Write-Log "ERROR" "`t%PROGRAMDATA%\chocolatey\logs\chocolatey.log" + VM-Write-Log "ERROR" "`t%LOCALAPPDATA%\Boxstarter\boxstarter.log" + } + + # Display installer log if available + if ((Test-Path $logPath)) { + Write-Host "[-] Please check the following logs for any errors:" -ForegroundColor Yellow + Write-Host "`t[-] $logPath" -ForegroundColor Yellow + Write-Host "`t[-] %PROGRAMDATA%\chocolatey\logs\chocolatey.log" -ForegroundColor Yellow + Write-Host "`t[-] %LOCALAPPDATA%\Boxstarter\boxstarter.log" -ForegroundColor Yellow + Start-Sleep 5 + & notepad.exe $logPath + } + + # Let users know installation is complete by setting lock screen & wallpaper background, playing win sound, and display message box + + # Set lock screen image + $lockScreenImage = "${Env:VM_COMMON_DIR}\lockscreen.png" + if ((Test-Path $lockScreenImage)) { + New-Item "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\PersonalizationCSP" -Force | Out-Null + New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\PersonalizationCSP" -Name LockScreenImagePath -PropertyType String -Value $lockScreenImage -Force | Out-Null + New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\PersonalizationCSP" -Name LockScreenImageStatus -PropertyType DWord -Value 1 -Force | Out-Null + } + + # Set wallpaper + Set-ItemProperty 'HKCU:\Control Panel\Colors' -Name Background -Value "0 0 0" -Force | Out-Null + $backgroundImage = "${Env:VM_COMMON_DIR}\background.png" + if ((Test-Path $backgroundImage)) { + # WallpaperStyle - Center: 0, Stretch: 2, Fit:6, Fill: 10, Span: 22 + Add-Type -AssemblyName System.Drawing + $img = [System.Drawing.Image]::FromFile($backgroundImage); + $wallpaperStyle = if ($img.Width/$img.Height -ge 16/9) { 6 } else { 0 } + New-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name WallpaperStyle -PropertyType String -Value $wallpaperStyle -Force | Out-Null + New-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name TileWallpaper -PropertyType String -Value 0 -Force | Out-Null + Add-Type -TypeDefinition @" +using System; +using System.Runtime.InteropServices; + +public class VMBackground +{ + [DllImport("User32.dll",CharSet=CharSet.Unicode)] + public static extern int SystemParametersInfo (Int32 uAction, Int32 uParam, String lpvParam, Int32 fuWinIni); + [DllImport("User32.dll",CharSet=CharSet.Unicode)] + public static extern bool SetSysColors(int cElements, int[] lpaElements, int[] lpaRgbValues); +} +"@ + [VMBackground]::SystemParametersInfo(20, 0, $backgroundImage, 3) + [VMBackground]::SetSysColors(1, @(1), @(0x000000)) + } + + # Play sound + try { + $playWav = New-Object System.Media.SoundPlayer + $playWav.SoundLocation = 'https://www.winhistory.de/more/winstart/down/owin31.wav' + $playWav.PlaySync() + } catch { + VM-Write-Log-Exception $_ + } + + # Show dialog that install has been complete + Add-Type -AssemblyName System.Windows.Forms + Add-Type -AssemblyName System.Drawing + # Create form + $form = New-Object System.Windows.Forms.Form + $form.Text = "$Env:VMname Installation Complete" + $form.TopMost = $true + $form.StartPosition = [System.Windows.Forms.FormStartPosition]::CenterScreen + $iconPath = Join-Path $Env:VM_COMMON_DIR "vm.ico" + if (Test-Path $iconPath) { + $form.Icon = New-Object System.Drawing.Icon($iconPath) + } + # Create a FlowLayoutPanel + $flowLayout = New-Object System.Windows.Forms.FlowLayoutPanel + $flowLayout.FlowDirection = [System.Windows.Forms.FlowDirection]::TopDown + $flowLayout.Dock = [System.Windows.Forms.DockStyle]::Fill + $flowLayout.AutoSize = $true + # Create label + $label = New-Object System.Windows.Forms.Label + $label.Text = @" +Install Complete! + +Please review %VM_COMMON_DIR%\log.txt for any errors. + +For any package related issues, please submit to github.com/mandiant/vm-packages + +For any install related issues, please submit to the VM repo + +Thank you! +"@ + $label.AutoSize = $true + $label.Font = New-Object System.Drawing.Font("Microsoft Sans Serif", 10, [System.Drawing.FontStyle]::Regular) + # Create button + $button = New-Object System.Windows.Forms.Button + $button.Text = "Finish" + $button.DialogResult = [System.Windows.Forms.DialogResult]::OK + $button.AutoSize = $true + $button.Font = New-Object System.Drawing.Font("Microsoft Sans Serif", 10, [System.Drawing.FontStyle]::Regular) + $button.Anchor = [System.Windows.Forms.AnchorStyles]::None + # Add controls to the FlowLayoutPanel + $flowLayout.Controls.Add($label) + $flowLayout.Controls.Add($button) + # Add the FlowLayoutPanel to the form + $form.Controls.Add($flowLayout) + # Auto-size form to fit content + $form.AutoSize = $true + $form.AutoSizeMode = [System.Windows.Forms.AutoSizeMode]::GrowAndShrink + # Show dialog + $form.ShowDialog() + +} catch { + VM-Write-Log-Exception $_ +} + diff --git a/packages/inveigh.vm/inveigh.vm.nuspec b/packages/inveigh.vm/inveigh.vm.nuspec new file mode 100644 index 000000000..e5e044332 --- /dev/null +++ b/packages/inveigh.vm/inveigh.vm.nuspec @@ -0,0 +1,12 @@ + + + + inveigh.vm + 2.0.10 + Kevin-Robertson, joncave, kant2002 + Inveigh is a cross-platform .NET IPv4/IPv6 machine-in-the-middle tool for penetration testers. + + + + + diff --git a/packages/inveigh.vm/tools/chocolateyinstall.ps1 b/packages/inveigh.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..015959bbc --- /dev/null +++ b/packages/inveigh.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,12 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Inveigh' +$category = 'Credential Access' + +$zipUrl = 'https://github.com/Kevin-Robertson/Inveigh/releases/download/v2.0.10/Inveigh-net7.0-v2.0.10.zip' +$zipSha256 = '8c61ccdccc84f2223c5c3da2014deb79cf807c26db0b018373e776baa26537bc' + +$arguments = '-?' + +VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true -arguments $arguments diff --git a/packages/inveigh.vm/tools/chocolateyuninstall.ps1 b/packages/inveigh.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..88de8fb18 --- /dev/null +++ b/packages/inveigh.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Inveigh' +$category = 'Credential Access' + +VM-Uninstall $toolName $category diff --git a/packages/invokedosfuscation.vm/invokedosfuscation.vm.nuspec b/packages/invokedosfuscation.vm/invokedosfuscation.vm.nuspec new file mode 100644 index 000000000..04a00209e --- /dev/null +++ b/packages/invokedosfuscation.vm/invokedosfuscation.vm.nuspec @@ -0,0 +1,12 @@ + + + + invokedosfuscation.vm + 1.0 + danielbohannon + Invoke-DOSfuscation is a PowerShell v2.0+ compatible cmd.exe command obfuscation framework. + + + + + diff --git a/packages/invokedosfuscation.vm/tools/chocolateyinstall.ps1 b/packages/invokedosfuscation.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..f50310540 --- /dev/null +++ b/packages/invokedosfuscation.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,12 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Invoke-DOSfuscation' +$category = 'Payload Development' + +$zipUrl = 'https://github.com/danielbohannon/Invoke-DOSfuscation/archive/6260f5b5848b967446371ee7800aaa0409ea23cc.zip' +$zipSha256 = '60b78094731fc8f54333193e840cb847ac4018c6ca1ccc36c107cda533016791' + +$powershellCommand = 'Import-Module .\Invoke-DOSfuscation.psd1; Invoke-DOSfuscation' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 -powershellCommand $powershellCommand diff --git a/packages/invokedosfuscation.vm/tools/chocolateyuninstall.ps1 b/packages/invokedosfuscation.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..3db4a6666 --- /dev/null +++ b/packages/invokedosfuscation.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Invoke-DOSfuscation' +$category = 'Payload Development' + +VM-Uninstall $toolName $category diff --git a/packages/invokeobfuscation.vm/invokeobfuscation.vm.nuspec b/packages/invokeobfuscation.vm/invokeobfuscation.vm.nuspec new file mode 100644 index 000000000..576c6c3f0 --- /dev/null +++ b/packages/invokeobfuscation.vm/invokeobfuscation.vm.nuspec @@ -0,0 +1,12 @@ + + + + invokeobfuscation.vm + 1.8.2 + cobbr, 4d4c, mvle, danielbohannon + Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator. + + + + + diff --git a/packages/invokeobfuscation.vm/tools/chocolateyinstall.ps1 b/packages/invokeobfuscation.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..4262908cb --- /dev/null +++ b/packages/invokeobfuscation.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,12 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Invoke-Obfuscation' +$category = 'Payload Development' + +$zipUrl = 'https://github.com/danielbohannon/Invoke-Obfuscation/archive/f20e7f843edd0a3a7716736e9eddfa423395dd26.zip' +$zipSha256 = '24149efe341b4bfc216dea22ece4918abcbe0655d3d1f3c07d1965fac5b4478e' + +$powershellCommand = 'Import-Module ./Invoke-Obfuscation.psd1; Invoke-Obfuscation' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 -powershellCommand $powershellCommand diff --git a/packages/invokeobfuscation.vm/tools/chocolateyuninstall.ps1 b/packages/invokeobfuscation.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..61ddd71c8 --- /dev/null +++ b/packages/invokeobfuscation.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Invoke-Obfuscation' +$category = 'Payload Development' + +VM-Uninstall $toolName $category diff --git a/packages/isd.vm/isd.vm.nuspec b/packages/isd.vm/isd.vm.nuspec new file mode 100644 index 000000000..b55d9f9a3 --- /dev/null +++ b/packages/isd.vm/isd.vm.nuspec @@ -0,0 +1,12 @@ + + + + isd.vm + 1.5 + VDisAsm + Inno Setup Decompiler + + + + + diff --git a/packages/isd.vm/tools/chocolateyinstall.ps1 b/packages/isd.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..91eccefb7 --- /dev/null +++ b/packages/isd.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,19 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +try { + $toolName = 'Inno Setup Decompiler' + $category = 'InnoSetup' + + $zipUrl = 'https://github.com/dscharrer/innoextract/files/5507287/isdsetup.1.5.exe.zip' + $zipSha256 = '8fe99b5a989066131b6553394c2c93eed5adbd9430494ab921aafd74d2c818dc' + + $toolDir = Join-Path ${Env:RAW_TOOLS_DIR} $toolName + $executablePath = (Join-Path $toolDir "PSUI.exe") + VM-Install-With-Installer $toolName $category "EXE" "/VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP- /Dir=`"$($toolDir)`"" $executablePath $zipUrl -sha256 $zipSha256 + + $desktopShortcut = Join-Path "C:\Users\Public\Desktop" "$toolName.lnk" + Remove-Item $desktopShortcut -Force -ea 0 +} catch { + VM-Write-Log-Exception $_ +} diff --git a/packages/isd.vm/tools/chocolateyuninstall.ps1 b/packages/isd.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..6c46b5a35 --- /dev/null +++ b/packages/isd.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Inno Setup Decompiler' +$category = 'Utilities' + +VM-Uninstall $toolName $category diff --git a/packages/juicypotato.vm/juicypotato.vm.nuspec b/packages/juicypotato.vm/juicypotato.vm.nuspec new file mode 100644 index 000000000..c4c58f50c --- /dev/null +++ b/packages/juicypotato.vm/juicypotato.vm.nuspec @@ -0,0 +1,12 @@ + + + + juicypotato.vm + 0.1 + ohpe + Local Privilege Escalation tool that abuses the SeImpersonatePrivilege to go from a Windows Service Account to NT AUTHORITY\SYSTEM + + + + + diff --git a/packages/juicypotato.vm/tools/chocolateyinstall.ps1 b/packages/juicypotato.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..e91764ca9 --- /dev/null +++ b/packages/juicypotato.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'JuicyPotato' +$category = 'Privilege Escalation' + +$exeUrl = 'https://github.com/ohpe/juicy-potato/releases/download/v0.1/JuicyPotato.exe' +$exeSha256 = '0f56c703e9b7ddeb90646927bac05a5c6d95308c8e13b88e5d4f4b572423e036' + +VM-Install-Single-Exe $toolName $category $exeUrl -exeSha256 $exeSha256 -consoleApp $true diff --git a/packages/juicypotato.vm/tools/chocolateyuninstall.ps1 b/packages/juicypotato.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..081b52491 --- /dev/null +++ b/packages/juicypotato.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'JuicyPotato' +$category = 'Privilege Escalation' + +VM-Uninstall $toolName $category diff --git a/packages/keethief.vm/keethief.vm.nuspec b/packages/keethief.vm/keethief.vm.nuspec new file mode 100644 index 000000000..a5096a9e0 --- /dev/null +++ b/packages/keethief.vm/keethief.vm.nuspec @@ -0,0 +1,12 @@ + + + + keethief.vm + 0.0.0.20230713 + tifkin_, harmj0y + Allows for the extraction of KeePass 2.X key material from memory, as well as the backdooring and enumeration of the KeePass trigger system. + + + + + diff --git a/packages/keethief.vm/tools/chocolateyinstall.ps1 b/packages/keethief.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..2de1891d9 --- /dev/null +++ b/packages/keethief.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'KeeThief' +$category = 'Credential Access' + +$zipUrl = 'https://github.com/GhostPack/KeeThief/archive/04f3fbc0ba87dbcd9011ad40a1382169dc5afd59.zip' +$zipSha256 = '2fe020645855564ce1d0236c3e83e8d66a09c91c00d95a40b88cbe9ffd5ca204' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/keethief.vm/tools/chocolateyuninstall.ps1 b/packages/keethief.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..25a351810 --- /dev/null +++ b/packages/keethief.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'KeeThief' +$category = 'Credential Access' + +VM-Uninstall $toolName $category diff --git a/packages/kerbrute.vm/kerbrute.vm.nuspec b/packages/kerbrute.vm/kerbrute.vm.nuspec new file mode 100644 index 000000000..9d4849f75 --- /dev/null +++ b/packages/kerbrute.vm/kerbrute.vm.nuspec @@ -0,0 +1,12 @@ + + + + kerbrute.vm + 1.0.3 + ropnop + A tool to quickly bruteforce and enumerate valid Active Directory accounts through Kerberos Pre-Authentication + + + + + diff --git a/packages/kerbrute.vm/tools/chocolateyinstall.ps1 b/packages/kerbrute.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..2fdcb8179 --- /dev/null +++ b/packages/kerbrute.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Kerbrute' +$category = 'Credential Access' + +$exeUrl = 'https://github.com/ropnop/kerbrute/releases/download/v1.0.3/kerbrute_windows_amd64.exe' +$exeSha256 = 'd18aa84b7bf0efde9c6b5db2a38ab1ec9484c59c5284c0bd080f5197bf9388b0' + +VM-Install-Single-Exe $toolName $category $exeUrl -exeSha256 $exeSha256 -consoleApp $true diff --git a/packages/kerbrute.vm/tools/chocolateyuninstall.ps1 b/packages/kerbrute.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..4c73672d9 --- /dev/null +++ b/packages/kerbrute.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Kerbrute' +$category = 'Credential Access' + +VM-Uninstall $toolName $category diff --git a/packages/ldapnomnom.vm/ldapnomnom.vm.nuspec b/packages/ldapnomnom.vm/ldapnomnom.vm.nuspec new file mode 100644 index 000000000..1ba2d936c --- /dev/null +++ b/packages/ldapnomnom.vm/ldapnomnom.vm.nuspec @@ -0,0 +1,12 @@ + + + + ldapnomnom.vm + 1.1.0 + lkarlslund + Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP) + + + + + diff --git a/packages/ldapnomnom.vm/tools/chocolateyinstall.ps1 b/packages/ldapnomnom.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..bbf87e367 --- /dev/null +++ b/packages/ldapnomnom.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'LDAPNomNom' +$category = 'Reconnaissance' + +$exeUrl = 'https://github.com/lkarlslund/ldapnomnom/releases/download/v1.1.0/ldapnomnom-windows-amd64.exe' +$exeSha256 = '5e8d04c49ec9bac3e5269c5054dab440fd521a3840b9c8702e8ecadc01d392a6' + +VM-Install-Single-Exe $toolName $category $exeUrl -exeSha256 $exeSha256 -consoleApp $true diff --git a/packages/ldapnomnom.vm/tools/chocolateyuninstall.ps1 b/packages/ldapnomnom.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..72b238ffa --- /dev/null +++ b/packages/ldapnomnom.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'LDAPNomNom' +$category = 'Reconnaissance' + +VM-Uninstall $toolName $category diff --git a/packages/libraries.python2.vm/libraries.python2.vm.nuspec b/packages/libraries.python2.vm/libraries.python2.vm.nuspec deleted file mode 100644 index fa1e82d24..000000000 --- a/packages/libraries.python2.vm/libraries.python2.vm.nuspec +++ /dev/null @@ -1,17 +0,0 @@ - - - - libraries.python2.vm - 0.0.0.20221203 - Metapackage to install common Python2 libraries - Mandiant, Microsoft, Python Software Foundation - - - - - - - - - - diff --git a/packages/libraries.python2.vm/tools/chocolateyinstall.ps1 b/packages/libraries.python2.vm/tools/chocolateyinstall.ps1 deleted file mode 100644 index b3f4c667f..000000000 --- a/packages/libraries.python2.vm/tools/chocolateyinstall.ps1 +++ /dev/null @@ -1,45 +0,0 @@ -$ErrorActionPreference = 'Continue' -Import-Module vm.common -Force -DisableNameChecking - -try { - $toolDir = "$(Split-Path -parent $MyInvocation.MyCommand.Definition)" - $modulesPath = Join-Path $toolDir "modules.xml" -Resolve - $modulesXml = [xml](Get-Content $modulesPath) - - # Create output file to log python module installation details - $outputFile = VM-New-Install-Log $toolDir - - # Upgrade pip - Invoke-Expression "py -2 -m pip install -qq --no-cache-dir --upgrade pip 2>&1 >> $outputFile" - - $failures = @{} - $modules = $modulesXml.modules.module - foreach ($module in $modules) { - Write-Host "[+] Attempting to install Python2 module: $($module.name)" - $intallValue = $module.name - if ($module.url) { - $intallValue = $module.url - } - - Invoke-Expression "py -2 -m pip install $intallValue 2>&1 >> $outputFile" - - if ($LastExitCode -eq 0) { - Write-Host "`t[+] Installed Python2 module: $($module.name)" -ForegroundColor Green - } else { - Write-Host "`t[!] Failed to install Python2 module: $($module.name)" -ForegroundColor Red - $failures[$module.Name] = $true - } - } - - if ($failures.Keys.Count -gt 0) { - foreach ($module in $failures.Keys) { - VM-Write-Log "ERROR" "Failed to install Python2 module: $module" - } - $outputFile = $outputFile.replace('lib\', 'lib-bad\') - VM-Write-Log "ERROR" "Check $outputFile for more information" - exit 1 - } -} catch { - VM-Write-Log-Exception $_ -} - diff --git a/packages/libraries.python2.vm/tools/chocolateyuninstall.ps1 b/packages/libraries.python2.vm/tools/chocolateyuninstall.ps1 deleted file mode 100644 index 83aa2ba7f..000000000 --- a/packages/libraries.python2.vm/tools/chocolateyuninstall.ps1 +++ /dev/null @@ -1,39 +0,0 @@ -$ErrorActionPreference = 'Continue' -Import-Module vm.common -Force -DisableNameChecking - -try { - $toolDir = "$(Split-Path -parent $MyInvocation.MyCommand.Definition)" - $modulesPath = Join-Path $toolDir "modules.xml" -Resolve - $modulesXml = [xml](Get-Content $modulesPath) - - # Create output file to log python module uninstallation details - $outputFile = VM-New-Install-Log $toolDir - - # Upgrade pip - Invoke-Expression "py -2 -m pip install -qq --no-cache-dir --upgrade pip 2>&1 >> $outputFile" - - $success = $true - $modules = $modulesXml.modules.module - foreach ($module in $modules) { - VM-Write-Log "INFO" "Attempting to uninstall Python2 module: $($module.name)" - - Invoke-Expression "py -2 -m pip uninstall -y $($module.name) 2>&1 >> $outputFile" - - if ($LastExitCode -eq 0) { - VM-Write-Log "INFO" "Uninstalled Python2 module: $($module.name)" - } else { - VM-Write-Log "ERROR" "Failed to uninstall Python2 module: $($module.name)" - $success = $false - } - } - - if ($success -eq $false) { - VM-Write-Log "ERROR" "Failed to uninstall at least one Python2 module" - $outputFile = $outputFile.replace('lib\', 'lib-bad\') - VM-Write-Log "ERROR" "Check $outputFile for more information" - VM-Write-Log "ERROR" "Please manually uninstall the remaining Python2 modules via:`n`tpy -2 -m pip uninstall -y " - } -} catch { - VM-Write-Log-Exception $_ -} - diff --git a/packages/libraries.python2.vm/tools/modules.xml b/packages/libraries.python2.vm/tools/modules.xml deleted file mode 100644 index b0412db5a..000000000 --- a/packages/libraries.python2.vm/tools/modules.xml +++ /dev/null @@ -1,21 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/packages/libraries.python3.vm/libraries.python3.vm.nuspec b/packages/libraries.python3.vm/libraries.python3.vm.nuspec index e3274e326..52412356d 100644 --- a/packages/libraries.python3.vm/libraries.python3.vm.nuspec +++ b/packages/libraries.python3.vm/libraries.python3.vm.nuspec @@ -2,13 +2,13 @@ libraries.python3.vm - 0.0.0.20230517 - Metapackage to install common Python 3.9 libraries + 0.0.0.20231019 + Metapackage to install common Python libraries Several, check in pypi.org for every of the libraries - + diff --git a/packages/libraries.python3.vm/tools/chocolateyinstall.ps1 b/packages/libraries.python3.vm/tools/chocolateyinstall.ps1 index 9b1844e67..573d733dd 100644 --- a/packages/libraries.python3.vm/tools/chocolateyinstall.ps1 +++ b/packages/libraries.python3.vm/tools/chocolateyinstall.ps1 @@ -9,36 +9,38 @@ try { # Create output file to log python module installation details $outputFile = VM-New-Install-Log $toolDir - # Upgrade pip - Invoke-Expression "py -3.9 -m pip install -qq --no-cache-dir --upgrade pip 2>&1 >> $outputFile" + # Fix pip version + Invoke-Expression "py -3.10 -m pip install pip~=23.2.1 >> $outputFile" - $failures = @{} + $failures = @() $modules = $modulesXml.modules.module foreach ($module in $modules) { Write-Host "[+] Attempting to install Python3 module: $($module.name)" - $intallValue = $module.name + $installValue = $module.name if ($module.url) { - $intallValue = $module.url + $installValue = $module.url } - Invoke-Expression "py -3.9 -m pip install $intallValue 2>&1 >> $outputFile" + Invoke-Expression "py -3.10 -m pip install $installValue 2>&1 >> $outputFile" if ($LastExitCode -eq 0) { - Write-Host "`t[+] Installed Python 3.9 module: $($module.name)" -ForegroundColor Green + Write-Host "`t[+] Installed Python 3.10 module: $($module.name)" -ForegroundColor Green } else { - Write-Host "`t[!] Failed to install Python 3.9 module: $($module.name)" -ForegroundColor Red - $failures[$module.Name] = $true + Write-Host "`t[!] Failed to install Python 3.10 module: $($module.name)" -ForegroundColor Red + $failures += $module.Name } } - if ($failures.Keys.Count -gt 0) { - foreach ($module in $failures.Keys) { - VM-Write-Log "ERROR" "Failed to install Python 3.9 module: $module" + if ($failures.Count -gt 0) { + foreach ($module in $failures) { + VM-Write-Log "ERROR" "Failed to install Python 3.10 module: $module" } $outputFile = $outputFile.replace('lib\', 'lib-bad\') VM-Write-Log "ERROR" "Check $outputFile for more information" exit 1 } + # Avoid WARNINGs to fail the package install + exit 0 } catch { VM-Write-Log-Exception $_ } diff --git a/packages/libraries.python3.vm/tools/modules.xml b/packages/libraries.python3.vm/tools/modules.xml index 1a7c6a4b6..158cd77c7 100644 --- a/packages/libraries.python3.vm/tools/modules.xml +++ b/packages/libraries.python3.vm/tools/modules.xml @@ -3,8 +3,11 @@ + + + @@ -16,11 +19,11 @@ + - - + diff --git a/packages/mailsniper.vm/mailsniper.vm.nuspec b/packages/mailsniper.vm/mailsniper.vm.nuspec new file mode 100644 index 000000000..2515bc8ed --- /dev/null +++ b/packages/mailsniper.vm/mailsniper.vm.nuspec @@ -0,0 +1,12 @@ + + + + mailsniper.vm + 0.0.0.20230712 + dafthack + MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms and performing password spraying. + + + + + diff --git a/packages/mailsniper.vm/tools/chocolateyinstall.ps1 b/packages/mailsniper.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..0754cd725 --- /dev/null +++ b/packages/mailsniper.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,12 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'MailSniper' +$category = 'Credential Access' + +$ps1Url = 'https://raw.githubusercontent.com/dafthack/MailSniper/f6fd1441feb246ba0d1c6d47f7f3a6dcbe3d2b92/MailSniper.ps1' +$ps1Sha256 = '353eec8f77c54fc914168bbdc111f0766421aaf8d7e4314036e79bf1b08060c6' + +$ps1Cmd = 'Import-Module .\MailSniper.ps1; Get-Help MailSniper' + +VM-Install-Single-Ps1 $toolName $category $ps1Url -ps1Sha256 $ps1Sha256 -ps1Cmd $ps1Cmd diff --git a/packages/mailsniper.vm/tools/chocolateyuninstall.ps1 b/packages/mailsniper.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..17a6dd3aa --- /dev/null +++ b/packages/mailsniper.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'MailSniper' +$category = 'Credential Access' + +VM-Uninstall $toolName $category diff --git a/packages/malware-jail.vm/malware-jail.vm.nuspec b/packages/malware-jail.vm/malware-jail.vm.nuspec new file mode 100644 index 000000000..6ad350f94 --- /dev/null +++ b/packages/malware-jail.vm/malware-jail.vm.nuspec @@ -0,0 +1,13 @@ + + + + malware-jail.vm + 0.0.0.20231020 + Hynek Petrak + Sandbox for semi-automatic Javascript malware analysis, deobfuscation and payload extraction. + + + + + + diff --git a/packages/malware-jail.vm/tools/chocolateyinstall.ps1 b/packages/malware-jail.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..78a02c187 --- /dev/null +++ b/packages/malware-jail.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,24 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +try { + $toolName = 'malware-jail' + $category = 'Javascript' + + $zipUrl = 'https://github.com/HynekPetrak/malware-jail/archive/ec370f1433652fdd346995f1d6f00b26368aa611.zip' + $zipSha256 = '027b59bdb5c0b8b20ae348269b320b924be34c4cb4ae708704290e67c23e8d4d' + # Install dependencies with npm when running shortcut as we ignore errors below + $powershellCommand = "npm install; node jailme.js -h -b list" + + $toolDir = VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 -powershellCommand $powershellCommand + +} catch { + VM-Write-Log-Exception $_ +} + +# Prevent the following warning from failing the package: "npm WARN deprecated request@2.79.0" +$ErrorActionPreference = 'Continue' +# Get absolute path as npm is not in path until Powershell is restarted +$npmPath = Join-Path ${Env:ProgramFiles} "\nodejs\npm.cmd" -Resolve +# Install tool dependencies with npm +Set-Location $toolDir; & "$npmPath" install | Out-Null diff --git a/packages/malware-jail.vm/tools/chocolateyuninstall.ps1 b/packages/malware-jail.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..3f5dedaf3 --- /dev/null +++ b/packages/malware-jail.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'malware-jail' +$category = 'Javascript' + +VM-Uninstall $toolName $category diff --git a/packages/map.vm/map.vm.nuspec b/packages/map.vm/map.vm.nuspec index 224fc8b26..f78b2948e 100644 --- a/packages/map.vm/map.vm.nuspec +++ b/packages/map.vm/map.vm.nuspec @@ -2,7 +2,7 @@ map.vm - 12.20.21 + 0.0.0.20230723 David Zimmer Handful of small utility type applications useful for analyzing malicious code. diff --git a/packages/map.vm/tools/chocolateyinstall.ps1 b/packages/map.vm/tools/chocolateyinstall.ps1 index fb77fdcd5..9b5898989 100644 --- a/packages/map.vm/tools/chocolateyinstall.ps1 +++ b/packages/map.vm/tools/chocolateyinstall.ps1 @@ -5,8 +5,8 @@ try { $toolName = 'Malcode Analyst Pack' $category = 'Utilities' - $url = 'https://github.com/dzzie/MAP/releases/download/current/map_setup.exe' - $checksum = '421872a1846ec421d3b414ba1af70b1d929082f5903bdb363d1c7172488c69e9' + $url = 'http://sandsprite.com/flare_vm/map_setup_7.26.23__A2A58AF886B9BF4DC6DB5CFDFF9B7E2300F0D0C491CD07DAC871DF60DAA370C4.exe' + $checksum = 'A2A58AF886B9BF4DC6DB5CFDFF9B7E2300F0D0C491CD07DAC871DF60DAA370C4' $toolDir = Join-Path ${Env:RAW_TOOLS_DIR} $toolName $shortcutDir = Join-Path ${Env:TOOL_LIST_DIR} $category diff --git a/packages/merlin.vm/merlin.vm.nuspec b/packages/merlin.vm/merlin.vm.nuspec new file mode 100644 index 000000000..a900475b9 --- /dev/null +++ b/packages/merlin.vm/merlin.vm.nuspec @@ -0,0 +1,13 @@ + + + + merlin.vm + 1.5.1 + Ne0nd0g + Merlin is a cross-platform post-exploitation Command and Control server and agent written in Go. + + + + + + diff --git a/packages/merlin.vm/tools/chocolateyinstall.ps1 b/packages/merlin.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..77eac6f33 --- /dev/null +++ b/packages/merlin.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,34 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Merlin' +$category = 'Command & Control' +$toolDir = Join-Path ${Env:RAW_TOOLS_DIR} $toolName + +$zipUrl = 'https://github.com/Ne0nd0g/merlin/releases/download/v1.5.1/merlinServer-Windows-x64.7z' +$zipSha256 = 'e3c6ee205a46c9619dbe12bb4d487b7bcc802113658f29397b5f550295fc76fc' +$zipPassword = 'merlin' +$fileName = 'merlinServer-Windows-x64' + +try { + # Download the zip file + $packageArgs = @{ + packageName = ${Env:ChocolateyPackageName} + url = $zipUrl + checksum = $zipSha256 + checksumType = "sha256" + fileFullPath = Join-Path "${Env:USERPROFILE}\AppData\Local\Temp" ("$fileName.7z") + } + Get-ChocolateyWebFile @packageArgs + $zipPath = $packageArgs.fileFullPath + VM-Assert-Path $zipPath + + # Unzip with a password + 7z x -p"$zipPassword" "$zipPath" -o"$toolDir" -y + + # Create a shortcut + $executablePath = Join-Path ${Env:RAW_TOOLS_DIR} "Merlin\$fileName.exe" -Resolve + VM-Install-Shortcut $toolName $category $executablePath +} catch { + VM-Write-Log-Exception $_ +} diff --git a/packages/merlin.vm/tools/chocolateyuninstall.ps1 b/packages/merlin.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..3fcc24d39 --- /dev/null +++ b/packages/merlin.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Merlin' +$category = 'Command & Control' + +VM-Uninstall $toolName $category diff --git a/packages/metasploit.vm/metasploit.vm.nuspec b/packages/metasploit.vm/metasploit.vm.nuspec new file mode 100644 index 000000000..3b9d97862 --- /dev/null +++ b/packages/metasploit.vm/metasploit.vm.nuspec @@ -0,0 +1,12 @@ + + + + metasploit.vm + 6.3.30.20230811 + Rapid7 + A computer security project that provides information about security vulnerabilities, aids in penetration testing, and IDS signature development. + + + + + diff --git a/packages/metasploit.vm/tools/chocolateyinstall.ps1 b/packages/metasploit.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..2391c754c --- /dev/null +++ b/packages/metasploit.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,18 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +try { + $toolName = 'Metasploit' + $category = 'Command & Control' + + $exeUrl = 'https://windows.metasploit.com/metasploitframework-latest.msi' + $exeSha256 = '470039711E182C4551169A776AFC8C10B4BAEA1600334449998894B2D725D49A' + # can't install to specified path. + $toolDir = Join-Path ${Env:SystemDrive} "metasploit-framework" + $binDir = Join-Path $toolDir "bin" + $executablePath = (Join-Path $binDir "msfconsole.bat") + VM-Install-With-Installer $toolName $category "MSI" "/q /norestart" $executablePath $exeUrl -sha256 $exeSha256 + +} catch { + VM-Write-Log-Exception $_ +} diff --git a/packages/metasploit.vm/tools/chocolateyuninstall.ps1 b/packages/metasploit.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..fe77a7b00 --- /dev/null +++ b/packages/metasploit.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,13 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Metasploit' +$category = 'Command & Control' + +VM-Uninstall $toolName $category + +# Silently uninstall +VM-Uninstall-With-Uninstaller $toolName "MSI" "/q /norestart" + +# Remove directory, shortcut, shim +VM-Uninstall $toolName $category \ No newline at end of file diff --git a/packages/mfasweep.vm/mfasweep.vm.nuspec b/packages/mfasweep.vm/mfasweep.vm.nuspec new file mode 100644 index 000000000..baef41e0c --- /dev/null +++ b/packages/mfasweep.vm/mfasweep.vm.nuspec @@ -0,0 +1,12 @@ + + + + mfasweep.vm + 0.0.0.20230710 + dafthack + MFASweep is a PowerShell script that attempts to log in to various Microsoft services using a provided set of credentials and will attempt to identify if MFA is enabled. + + + + + diff --git a/packages/mfasweep.vm/tools/chocolateyinstall.ps1 b/packages/mfasweep.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..9d961345f --- /dev/null +++ b/packages/mfasweep.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,12 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'MFASweep' +$category = 'Reconnaissance' + +$ps1Url = 'https://raw.githubusercontent.com/dafthack/MFASweep/d624cdedb3eaa40518990b234b308c1ec8f6bbc7/MFASweep.ps1' +$ps1Sha256 = 'e5df6d6914a197455d4779c50863f86c5086abbcb6638a4d9ea50598313c1481' + +$ps1Cmd = 'Import-Module .\MFASweep.ps1; Get-Help Invoke-MFASweep' + +VM-Install-Single-Ps1 $toolName $category $ps1Url -ps1Sha256 $ps1Sha256 -ps1Cmd $ps1Cmd diff --git a/packages/mfasweep.vm/tools/chocolateyuninstall.ps1 b/packages/mfasweep.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..fa3963d4f --- /dev/null +++ b/packages/mfasweep.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'MFASweep' +$category = 'Reconnaissance' + +VM-Uninstall $toolName $category diff --git a/packages/microburst.vm/microburst.vm.nuspec b/packages/microburst.vm/microburst.vm.nuspec new file mode 100644 index 000000000..9c8a5098e --- /dev/null +++ b/packages/microburst.vm/microburst.vm.nuspec @@ -0,0 +1,13 @@ + + + + microburst.vm + 0.0.0.20230320 + NetSPI + MicroBurst includes functions and scripts that support Azure Services discovery, weak configuration auditing, and post exploitation actions such as credential dumping. + + + + + + diff --git a/packages/microburst.vm/tools/chocolateyinstall.ps1 b/packages/microburst.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..d8f8b7051 --- /dev/null +++ b/packages/microburst.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,12 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'MicroBurst' +$category = 'Exploitation' + +$zipUrl = 'https://github.com/NetSPI/MicroBurst/archive/10a4f9579de3fe687208f7a3d3d1120fbba408cc.zip' +$zipSha256 = '72700519c40fac2b01e5362e4d3d1e171e73910f8e9e9859753f26c64f0529d0' + +$powershellCommand = 'Import-Module Az, .\Az\MicroBurst-Az.psm1, .\Misc\MicroBurst-Misc.psm1, .\REST\MicroBurst-AzureREST.psm1; Get-Command -Module MicroBurst-Az' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 -powershellCommand $powershellCommand \ No newline at end of file diff --git a/packages/microburst.vm/tools/chocolateyuninstall.ps1 b/packages/microburst.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..658475cbc --- /dev/null +++ b/packages/microburst.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'MicroBurst' +$category = 'Exploitation' + +VM-Uninstall $toolName $category diff --git a/packages/mimikatz.vm/mimikatz.vm.nuspec b/packages/mimikatz.vm/mimikatz.vm.nuspec new file mode 100644 index 000000000..f33f2bc57 --- /dev/null +++ b/packages/mimikatz.vm/mimikatz.vm.nuspec @@ -0,0 +1,12 @@ + + + + mimikatz.vm + 2.2.0 + Benjamin Delpy, gentilkiwi + Mimikatz is an open-source application that allows users to view and save authentication credentials such as Kerberos tickets + + + + + diff --git a/packages/mimikatz.vm/tools/chocolateyinstall.ps1 b/packages/mimikatz.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..db2974298 --- /dev/null +++ b/packages/mimikatz.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,54 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking +$category = 'Credential Access' + +try { + + $ErrorActionPreference = 'Stop' + Import-Module vm.common -Force -DisableNameChecking + $name = "Mimikatz" + $path = Join-Path ${Env:TOOL_LIST_DIR} $category + + # Remove files from previous zips for upgrade + VM-Remove-PreviousZipPackage ${Env:chocolateyPackageFolder} + + $toolsDir = Join-Path "${Env:RAW_TOOLS_DIR}" $name + if (-Not (Test-Path $toolsDir)) { + New-Item -Path $toolsDir -ItemType Directory -Force | Out-Null + } + + $url = "https://github.com/gentilkiwi/mimikatz/releases/download/2.2.0-20220919/mimikatz_trunk.7z" + $checksum = "1F2338D7B628374139D373AF383A1BDEC1A16B43CED015849C6BE4E4D90CC2C3" + + $packageArgs = @{ + packageName = ${Env:ChocolateyPackageName} + unzipLocation = $toolsDir + url = $url + checksum = $checksum + checksumType = 'sha256' + } + + Install-ChocolateyZipPackage @packageArgs + + $shortcut = Join-Path $path "mimikatz.x86.lnk" + $target = Join-Path (Join-Path $toolsDir "Win32") "mimikatz.exe" + $target_cmd = Join-Path ${Env:WinDir} "system32\cmd.exe" + $target_args = '/K "' + $target + '"' + $target_icon = $target_cmd + $target_dir = $toolsDir + Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $target_cmd -Arguments $target_args -WorkingDirectory $target_dir -IconLocation $target_icon + Install-BinFile -Name "mimikatz.x86" -Path $target + + $shortcut = Join-Path $path "mimikatz.x64.lnk" + $target = Join-Path (Join-Path $toolsDir "x64") "mimikatz.exe" + $target_cmd = Join-Path ${Env:WinDir} "system32\cmd.exe" + $target_args = '/K "' + $target + '"' + $target_icon = $target_cmd + $target_dir = $toolsDir + Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $target_cmd -Arguments $target_args -WorkingDirectory $target_dir -IconLocation $target_icon + Install-BinFile -Name "mimikatz.x64" -Path $target +} +catch{ + Write-Host "Mimikatz failed to install:" + Write-Host $_ +} diff --git a/packages/mimikatz.vm/tools/chocolateyuninstall.ps1 b/packages/mimikatz.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..817952655 --- /dev/null +++ b/packages/mimikatz.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,23 @@ +$ErrorActionPreference = 'Stop' +$category = 'Credential Access' + +try { + $name = "Mimikatz" + $path = Join-Path ${Env:TOOL_LIST_DIR} $category + + $toolsDir = Join-Path "${Env:RAW_TOOLS_DIR}" $name + Remove-Item -Path $toolsDir -ErrorAction SilentlyContinue -Recurse -Force + + $shortcut = Join-Path $path "mimikatz.x86.lnk" + Remove-Item -Force $shortcut + Uninstall-BinFile -Name "mimikatz.x86" + + + $shortcut = Join-Path $path "mimikatz.x64.lnk" + Remove-Item -Force $shortcut + Uninstall-BinFile -Name "mimikatz.x64" +} +catch{ + Write-Host "Mimikatz failed to uninstall:" + Write-Host $_ +} diff --git a/packages/minidump.vm/minidump.vm.nuspec b/packages/minidump.vm/minidump.vm.nuspec new file mode 100644 index 000000000..a718a422c --- /dev/null +++ b/packages/minidump.vm/minidump.vm.nuspec @@ -0,0 +1,12 @@ + + + + minidump.vm + 0.0.0.20230711 + Mr.Un1k0d3r + Alternative to procdump written in C# (perfect for execute-assembly) and C. + + + + + diff --git a/packages/minidump.vm/tools/chocolateyinstall.ps1 b/packages/minidump.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..5ae7e3944 --- /dev/null +++ b/packages/minidump.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'MiniDump' +$category = 'Credential Access' + +$zipUrl = 'https://github.com/Mr-Un1k0d3r/MiniDump/archive/98a21941831b90b203fdbfb253cd0b3dc27a0475.zip' +$zipSha256 = '975d43c2aa7a2a84ecdd925db1fd39fec4aa610b99da45d5661979c120261b82' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/minidump.vm/tools/chocolateyuninstall.ps1 b/packages/minidump.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..1f4f9300f --- /dev/null +++ b/packages/minidump.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'MiniDump' +$category = 'Credential Access' + +VM-Uninstall $toolName $category diff --git a/packages/nanodump.vm/nanodump.vm.nuspec b/packages/nanodump.vm/nanodump.vm.nuspec new file mode 100644 index 000000000..373ae7d39 --- /dev/null +++ b/packages/nanodump.vm/nanodump.vm.nuspec @@ -0,0 +1,12 @@ + + + + nanodump.vm + 0.0.0.20230713 + fortra + A Beacon Object File that creates a minidump of the LSASS process. + + + + + diff --git a/packages/nanodump.vm/tools/chocolateyinstall.ps1 b/packages/nanodump.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..7dcadbfba --- /dev/null +++ b/packages/nanodump.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'NanoDump' +$category = 'Credential Access' + +$zipUrl = 'https://github.com/fortra/nanodump/archive/c211c5f72b2438afb09d0eb917fe32150be91344.zip' +$zipSha256 = '461a16ae517aebb65adc37a0da8f8c04fa4836da35a69239dc2f90f8098b5da0' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/nanodump.vm/tools/chocolateyuninstall.ps1 b/packages/nanodump.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..5916a4220 --- /dev/null +++ b/packages/nanodump.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'NanoDump' +$category = 'Credential Access' + +VM-Uninstall $toolName $category diff --git a/packages/nasm.vm/nasm.vm.nuspec b/packages/nasm.vm/nasm.vm.nuspec new file mode 100644 index 000000000..bc7223af5 --- /dev/null +++ b/packages/nasm.vm/nasm.vm.nuspec @@ -0,0 +1,13 @@ + + + + nasm.vm + 2.16.1 + NASM Authors + Netwide Assembler + + + + + + diff --git a/packages/nasm.vm/tools/chocolateyinstall.ps1 b/packages/nasm.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..452ce199c --- /dev/null +++ b/packages/nasm.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,27 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +try { + $toolName = 'nasm' + $category = 'Utilities' + + # Delete Desktop shortcut + $desktopShortcut = Join-Path ${Env:Public} "Desktop\$toolName.lnk" + if (Test-Path $desktopShortcut) { + Remove-Item $desktopShortcut -Force -ea 0 + } + + $shortcutDir = Join-Path ${Env:TOOL_LIST_DIR} $category + $shortcut = Join-Path $shortcutDir "$toolName.lnk" + $executableDir = Join-Path ${Env:ProgramFiles} 'NASM' -Resolve + $batPath = Join-Path $executableDir 'nasmpath.bat' -Resolve + $iconPath = Join-Path $executableDir 'nasm.ico' -Resolve + # Create shortcut in a similar way than the deleted Desktop shortcut + Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $batPath -WorkingDirectory $executableDir -IconLocation $iconPath + VM-Assert-Path $shortcut + + $executablePath = Join-Path $executableDir 'nasm.exe' -Resolve + Install-BinFile -Name $toolName -Path $executablePath +} catch { + VM-Write-Log-Exception $_ +} diff --git a/packages/nasm.vm/tools/chocolateyuninstall.ps1 b/packages/nasm.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..df1681c33 --- /dev/null +++ b/packages/nasm.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,8 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'nasm' +$category = 'Utilities' + +VM-Remove-Tool-Shortcut $toolName $category +Uninstall-BinFile -Name $toolName diff --git a/packages/net-reactor-slayer.vm/net-reactor-slayer.vm.nuspec b/packages/net-reactor-slayer.vm/net-reactor-slayer.vm.nuspec new file mode 100644 index 000000000..c324abf69 --- /dev/null +++ b/packages/net-reactor-slayer.vm/net-reactor-slayer.vm.nuspec @@ -0,0 +1,13 @@ + + + + net-reactor-slayer.vm + 6.4.0.20230621 + SychicBoy + NETReactorSlayer is an open source (GPLv3) deobfuscator and unpacker for Eziriz .NET Reactor. + + + + + + diff --git a/packages/net-reactor-slayer.vm/tools/chocolateyinstall.ps1 b/packages/net-reactor-slayer.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..ca1ad73ec --- /dev/null +++ b/packages/net-reactor-slayer.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,16 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +try { + $toolName = 'NETReactorSlayer' + $category = 'dotNet' + $shimPath = 'bin\NETReactorSlayer.exe' + + $shortcutDir = Join-Path ${Env:TOOL_LIST_DIR} $category + $shortcut = Join-Path $shortcutDir "$toolName.lnk" + $executablePath = Join-Path ${Env:ChocolateyInstall} $shimPath -Resolve + Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $executablePath -RunAsAdmin + VM-Assert-Path $shortcut +} catch { + VM-Write-Log-Exception $_ +} diff --git a/packages/net-reactor-slayer.vm/tools/chocolateyuninstall.ps1 b/packages/net-reactor-slayer.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..7c1afe58e --- /dev/null +++ b/packages/net-reactor-slayer.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'NETReactorSlayer' +$category = 'dotNet' + +VM-Remove-Tool-Shortcut $toolName $category diff --git a/packages/netgpppassword.vm/netgpppassword.vm.nuspec b/packages/netgpppassword.vm/netgpppassword.vm.nuspec new file mode 100644 index 000000000..c9c43b5ce --- /dev/null +++ b/packages/netgpppassword.vm/netgpppassword.vm.nuspec @@ -0,0 +1,12 @@ + + + + netgpppassword.vm + 1.0 + outflank + .NET/C# implementation of Get-GPPPassword. Retrieves the plaintext password and other information for accounts pushed through Group Policy Preferences. + + + + + diff --git a/packages/netgpppassword.vm/tools/chocolateyinstall.ps1 b/packages/netgpppassword.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..f125868e8 --- /dev/null +++ b/packages/netgpppassword.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Net-GPPPassword' +$category = 'Reconnaissance' + +$exeUrl = 'https://github.com/outflanknl/Net-GPPPassword/releases/download/v1/Net-GPPPassword_dotNET_v4.exe' +$exeSha256 = '899c51f6a9ffdbf6228f0c4e22f90c5119dc5fbe0417ce1d346783c13f247e08' + +VM-Install-Single-Exe $toolName $category $exeUrl -exeSha256 $exeSha256 -consoleApp $true diff --git a/packages/netgpppassword.vm/tools/chocolateyuninstall.ps1 b/packages/netgpppassword.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..3f0a419c0 --- /dev/null +++ b/packages/netgpppassword.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Net-GPPPassword' +$category = 'Reconnaissance' + +VM-Uninstall $toolName $category diff --git a/packages/networkminer.vm/networkminer.vm.nuspec b/packages/networkminer.vm/networkminer.vm.nuspec index ce4116306..033c7e476 100644 --- a/packages/networkminer.vm/networkminer.vm.nuspec +++ b/packages/networkminer.vm/networkminer.vm.nuspec @@ -2,7 +2,7 @@ networkminer.vm - 2.8 + 2.8.1 Netresec NetworkMiner is an open source Network Forensic Analysis Tool for Windows, but also works in Linux or Mac OS X. NetworkMiner can be used as a passive network sniffer in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis and to reassemble transmitted files and certificates from PCAP files. diff --git a/packages/networkminer.vm/tools/chocolateyinstall.ps1 b/packages/networkminer.vm/tools/chocolateyinstall.ps1 index e426efb34..9970de96e 100644 --- a/packages/networkminer.vm/tools/chocolateyinstall.ps1 +++ b/packages/networkminer.vm/tools/chocolateyinstall.ps1 @@ -5,6 +5,6 @@ $toolName = 'NetworkMiner' $category = 'Networking' $zipUrl = 'https://www.netresec.com/?download=NetworkMiner' -$zipSha256 = '13dc519e24a44485554be6e3651bf9381b9ea13a0376cdf958508c75e3b1bb7a' +$zipSha256 = '34e8ba09d6bb47463c0e154b7a8eef26922b8dd61000e95d1880aa8c175507e1' VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -innerFolder $true diff --git a/packages/nmap.vm/nmap.vm.nuspec b/packages/nmap.vm/nmap.vm.nuspec index 89a90dd6d..352bef9e0 100644 --- a/packages/nmap.vm/nmap.vm.nuspec +++ b/packages/nmap.vm/nmap.vm.nuspec @@ -2,13 +2,13 @@ nmap.vm - 7.93.20230418.20230517 + 7.93.20230418.20230614 Fyodor, Nmap Project Port scanning utility and nc replacement with extended features - + diff --git a/packages/nodejs.vm/nodejs.vm.nuspec b/packages/nodejs.vm/nodejs.vm.nuspec new file mode 100644 index 000000000..a600c1532 --- /dev/null +++ b/packages/nodejs.vm/nodejs.vm.nuspec @@ -0,0 +1,13 @@ + + + + nodejs.vm + 0.0.0.20231020 + Node.js Foundation + Metapackage for Node.js to ensure all packages use the same Node.js version. + + + + + + diff --git a/packages/notepadplusplus.vm/notepadplusplus.vm.nuspec b/packages/notepadplusplus.vm/notepadplusplus.vm.nuspec index ec3a34af2..0316f2b6d 100644 --- a/packages/notepadplusplus.vm/notepadplusplus.vm.nuspec +++ b/packages/notepadplusplus.vm/notepadplusplus.vm.nuspec @@ -2,12 +2,12 @@ notepadplusplus.vm - 8.5.3 + 8.5.8 Wrapper for Notepad++ Don Ho - + diff --git a/packages/notepadpp.plugin.compare.vm/notepadpp.plugin.compare.vm.nuspec b/packages/notepadpp.plugin.compare.vm/notepadpp.plugin.compare.vm.nuspec index 85171b729..ddff370ac 100644 --- a/packages/notepadpp.plugin.compare.vm/notepadpp.plugin.compare.vm.nuspec +++ b/packages/notepadpp.plugin.compare.vm/notepadpp.plugin.compare.vm.nuspec @@ -2,7 +2,7 @@ notepadpp.plugin.compare.vm - 2.0.1.20211225 + 2.0.2 ComparePlus plugin for Notepad++ Pavel Nedev diff --git a/packages/notepadpp.plugin.compare.vm/tools/chocolateyinstall.ps1 b/packages/notepadpp.plugin.compare.vm/tools/chocolateyinstall.ps1 index bf9a5a6a0..125cc0da7 100644 --- a/packages/notepadpp.plugin.compare.vm/tools/chocolateyinstall.ps1 +++ b/packages/notepadpp.plugin.compare.vm/tools/chocolateyinstall.ps1 @@ -7,10 +7,10 @@ try { $toolDir = New-Item (Join-Path $pluginsDir $toolName) -itemtype directory VM-Assert-Path $toolDir - $zipUrl= "https://github.com/pnedev/compare-plugin/releases/download/v2.0.1/ComparePlugin_v2.0.1_x86.zip" - $zipSha256 ="07972c1c7e3012a46ac6ef133a6500ca851bddc9c83471df2f118519a0241ed5" - $zipUrl_64 = "https://github.com/pnedev/compare-plugin/releases/download/v2.0.1/ComparePlugin_v2.0.1_X64.zip" - $zipSha256_64 ="77dedf98ea2280528d726c0053db2001e90da7588e14ee01a98933f121bb15cb" + $zipUrl= "https://github.com/pnedev/compare-plugin/releases/download/v2.0.2/ComparePlugin_v2.0.2_x86.zip" + $zipSha256 ="ea2f4cd6627c1b902f700a43b03b38f725e67136c8ce00ac3620ecc03417332a" + $zipUrl_64 = "https://github.com/pnedev/compare-plugin/releases/download/v2.0.2/ComparePlugin_v2.0.2_X64.zip" + $zipSha256_64 ="4151fbc9778047991cf4b900363d846bda5b0d1783e5fed9eb77e4c8253ba315" # Remove files from previous zips for upgrade VM-Remove-PreviousZipPackage ${Env:chocolateyPackageFolder} diff --git a/packages/npcap.vm/npcap.vm.nuspec b/packages/npcap.vm/npcap.vm.nuspec index b54eac7f8..b88e7b962 100644 --- a/packages/npcap.vm/npcap.vm.nuspec +++ b/packages/npcap.vm/npcap.vm.nuspec @@ -2,12 +2,12 @@ npcap.vm - 1.72 + 1.72.20230614 Nmap Project Npcap is an architecture for packet capture and network analysis for Windows operating systems, consisting of a software library and a network driver. - + diff --git a/packages/openvpn.vm/openvpn.vm.nuspec b/packages/openvpn.vm/openvpn.vm.nuspec new file mode 100644 index 000000000..5a04500cd --- /dev/null +++ b/packages/openvpn.vm/openvpn.vm.nuspec @@ -0,0 +1,13 @@ + + + + openvpn.vm + 2.6.6 + OpenVPN Technologies Inc + OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide range of configurations. + + + + + + diff --git a/packages/openvpn.vm/tools/chocolateyinstall.ps1 b/packages/openvpn.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..6cea3e2be --- /dev/null +++ b/packages/openvpn.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,27 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +try { + $toolName = 'OpenVPN GUI' + $category = 'Networking' + + $shortcutDir = Join-Path ${Env:TOOL_LIST_DIR} $category + $shortcut = Join-Path $shortcutDir "$toolName.lnk" + $executablePath = Join-Path ${Env:ProgramFiles} '\OpenVPN\bin\openvpn-gui.exe' -Resolve + Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $executablePath -RunAsAdmin + VM-Assert-Path $shortcut + + # Removing the shortcut + $desktopShortcut = Join-Path ${Env:Public} "Desktop\$toolName.lnk" + Remove-Item $desktopShortcut -Force -ea 0 + + # Delete start menu shortcut + $startShortcut = Join-Path ${Env:ProgramData} "Microsoft\Windows\Start Menu\Programs\OpenVPN\" + Remove-Item $startShortcut -Force -Recurse -ea 0 + + # Removing OpenVPN from startup + Remove-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Run' -Name 'OpenVPN-GUI' -ErrorAction SilentlyContinue + +} catch { + VM-Write-Log-Exception $_ +} diff --git a/packages/openvpn.vm/tools/chocolateyuninstall.ps1 b/packages/openvpn.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..2be8b497b --- /dev/null +++ b/packages/openvpn.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'OpenVPN' +$category = 'Networking' + +VM-Remove-Tool-Shortcut $toolName $category diff --git a/packages/outflank-c2-tool-collection.vm/outflank-c2-tool-collection.vm.nuspec b/packages/outflank-c2-tool-collection.vm/outflank-c2-tool-collection.vm.nuspec new file mode 100644 index 000000000..a0b55713d --- /dev/null +++ b/packages/outflank-c2-tool-collection.vm/outflank-c2-tool-collection.vm.nuspec @@ -0,0 +1,12 @@ + + + + outflank-c2-tool-collection.vm + 0.0.0.20230713 + outflank + Contains a collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques. + + + + + diff --git a/packages/outflank-c2-tool-collection.vm/tools/chocolateyinstall.ps1 b/packages/outflank-c2-tool-collection.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..e46a821de --- /dev/null +++ b/packages/outflank-c2-tool-collection.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Outflank C2 Tool Collection' +$category = 'Reconnaissance' + +$zipUrl = 'https://github.com/outflanknl/C2-Tool-Collection/archive/f02df22a206ee329bc582a8427d1aa1e54309d9a.zip' +$zipSha256 = '825e3372f6caf540ecbc20f31af6f4b9e711bd6ce64fb09d7d151cf4224de3d8' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/outflank-c2-tool-collection.vm/tools/chocolateyuninstall.ps1 b/packages/outflank-c2-tool-collection.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..1f1825524 --- /dev/null +++ b/packages/outflank-c2-tool-collection.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Outflank C2 Tool Collection' +$category = 'Reconnaissance' + +VM-Uninstall $toolName $category diff --git a/packages/payloadsallthethings.vm/payloadsallthethings.vm.nuspec b/packages/payloadsallthethings.vm/payloadsallthethings.vm.nuspec new file mode 100644 index 000000000..1b9e62546 --- /dev/null +++ b/packages/payloadsallthethings.vm/payloadsallthethings.vm.nuspec @@ -0,0 +1,12 @@ + + + + payloadsallthethings.vm + 0.0.0.20230711 + swisskyrepo + A list of useful payloads and bypasses for Web Application Security. + + + + + diff --git a/packages/payloadsallthethings.vm/tools/chocolateyinstall.ps1 b/packages/payloadsallthethings.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..cf04233a3 --- /dev/null +++ b/packages/payloadsallthethings.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'PayloadsAllTheThings' +$category = 'Wordlists' + +$zipUrl = 'https://github.com/swisskyrepo/PayloadsAllTheThings/archive/cd19bb94096a61ef22d0c9668bc29674fce53fa0.zip' +$zipSha256 = 'c2adbecb78e01e5d8987ab42b40a30b4a104ee6c2886d8143395645408f9f361' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/payloadsallthethings.vm/tools/chocolateyuninstall.ps1 b/packages/payloadsallthethings.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..da49e2b89 --- /dev/null +++ b/packages/payloadsallthethings.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'PayloadsAllTheThings' +$category = 'Wordlists' + +VM-Uninstall $toolName $category diff --git a/packages/peanatomist.vm/peanatomist.vm.nuspec b/packages/peanatomist.vm/peanatomist.vm.nuspec new file mode 100644 index 000000000..d14076cba --- /dev/null +++ b/packages/peanatomist.vm/peanatomist.vm.nuspec @@ -0,0 +1,12 @@ + + + + peanatomist.vm + 0.2.11931.20230824 + RamMerLabs + PE Analysis tool providing detailed information + + + + + diff --git a/packages/peanatomist.vm/tools/chocolateyinstall.ps1 b/packages/peanatomist.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..231489a2b --- /dev/null +++ b/packages/peanatomist.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'PEAnatomist' +$category = 'PE' + +$zipUrl = 'https://rammerlabs.alidml.ru/files/0000-0002-29CD-0000/PEAnatomist-0.2.zip' +$zipSha256 = '8265abffa0f9e7ad4c3e2293b708c4cfda475407309e97b2437ec7121cd8668d' + +VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $false diff --git a/packages/peanatomist.vm/tools/chocolateyuninstall.ps1 b/packages/peanatomist.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..8be304ada --- /dev/null +++ b/packages/peanatomist.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'PEAnatomist' +$category = 'PE' + +VM-Uninstall $toolName $category diff --git a/packages/pestudio.vm/pestudio.vm.nuspec b/packages/pestudio.vm/pestudio.vm.nuspec index e98e91c7f..15ece23bd 100644 --- a/packages/pestudio.vm/pestudio.vm.nuspec +++ b/packages/pestudio.vm/pestudio.vm.nuspec @@ -2,7 +2,7 @@ pestudio.vm - 9.51 + 9.55 Marc Ochsenmeier The goal of pestudio is to spot artifacts of executable files in order to ease and accelerate Malware Initial Assessment. diff --git a/packages/pestudio.vm/tools/chocolateyinstall.ps1 b/packages/pestudio.vm/tools/chocolateyinstall.ps1 index cbc776fd9..06322bacc 100644 --- a/packages/pestudio.vm/tools/chocolateyinstall.ps1 +++ b/packages/pestudio.vm/tools/chocolateyinstall.ps1 @@ -4,7 +4,7 @@ Import-Module vm.common -Force -DisableNameChecking $toolName = 'pestudio' $category = 'PE' -$zipUrl = 'https://www.winitor.com/tools/pestudio/current/pestudio.zip' -$zipSha256 = '338DEF87BBAEBAC4D18B8A4B74A8445E3F8FE21E741F92701F705A9749250818' +$zipUrl = 'https://www.winitor.com/tools/pestudio/current/pestudio-9.55.zip' +$zipSha256 = '16c80b5afdeafec3120c9bcf93014dc08291d0840069a926f2728e1881674ca1' VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -innerFolder $true diff --git a/packages/petitpotam.vm/petitpotam.vm.nuspec b/packages/petitpotam.vm/petitpotam.vm.nuspec new file mode 100644 index 000000000..f5bf39d1c --- /dev/null +++ b/packages/petitpotam.vm/petitpotam.vm.nuspec @@ -0,0 +1,12 @@ + + + + petitpotam.vm + 0.0.0.20230710 + topotam + PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions + + + + + diff --git a/packages/petitpotam.vm/tools/chocolateyinstall.ps1 b/packages/petitpotam.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..c946faf73 --- /dev/null +++ b/packages/petitpotam.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,12 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'PetitPotam' +$category = 'Exploitation' + +$zipUrl = 'https://github.com/topotam/PetitPotam/archive/d83ac8f2dd34654628c17490f99106eb128e7d1e.zip' +$zipSha256 = '5429479879877c2a6263d79c1a83fbcbd0f9f37bf9870c155358d9dc25662862' + +$powershellCommand = '.\PetitPotam.exe' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 -powershellCommand $powershellCommand diff --git a/packages/petitpotam.vm/tools/chocolateyuninstall.ps1 b/packages/petitpotam.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..5d8f7bc3e --- /dev/null +++ b/packages/petitpotam.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'PetitPotam' +$category = 'Exploitation' + +VM-Uninstall $toolName $category diff --git a/packages/pkg-unpacker.vm/pkg-unpacker.vm.nuspec b/packages/pkg-unpacker.vm/pkg-unpacker.vm.nuspec new file mode 100644 index 000000000..294c53bd1 --- /dev/null +++ b/packages/pkg-unpacker.vm/pkg-unpacker.vm.nuspec @@ -0,0 +1,13 @@ + + + + pkg-unpacker.vm + 1.0.0.20231020 + LockBlock-dev + Unpacker for pkg applications. + + + + + + diff --git a/packages/pkg-unpacker.vm/tools/chocolateyinstall.ps1 b/packages/pkg-unpacker.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..2cc736110 --- /dev/null +++ b/packages/pkg-unpacker.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,19 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +try { + $toolName = 'pkg-unpacker' + $category = 'Packers' + $zipUrl = 'https://github.com/LockBlock-dev/pkg-unpacker/archive/b1fd5200e1bf656dedef6817c177c8bb2dc38028.zip' + $zipSha256 = '6eed1d492d37ca3934a3bc838c2256719a3e78ccf72ce1b1ca07684519ace16c' + $powershellCommand = "Write-Output '> node unpack.js'; node unpack.js" + + $toolDir = VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 -powershellCommand $powershellCommand + + # Get absolute path as npm is not in path until Powershell is restarted + $npmPath = Join-Path ${Env:ProgramFiles} "\nodejs\npm.cmd" -Resolve + # Install tool dependencies with npm + Set-Location $toolDir; & "$npmPath" install | Out-Null +} catch { + VM-Write-Log-Exception $_ +} diff --git a/packages/pkg-unpacker.vm/tools/chocolateyuninstall.ps1 b/packages/pkg-unpacker.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..6bb7b577f --- /dev/null +++ b/packages/pkg-unpacker.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'pkg-unpacker' +$category = 'Packers' + +VM-Uninstall $toolName $category diff --git a/packages/pma-labs.vm/pma-labs.vm.nuspec b/packages/pma-labs.vm/pma-labs.vm.nuspec new file mode 100644 index 000000000..4b5029b7e --- /dev/null +++ b/packages/pma-labs.vm/pma-labs.vm.nuspec @@ -0,0 +1,12 @@ + + + + pma-labs.vm + 0.0.0.20230626 + Michael Sikorski + Binaries for the book Practical Malware Analysis + + + + + diff --git a/packages/pma-labs.vm/tools/chocolateyinstall.ps1 b/packages/pma-labs.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..0fe24ea98 --- /dev/null +++ b/packages/pma-labs.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'PMA-labs' +$category = 'Utilities' + +$zipUrl = 'https://raw.githubusercontent.com/mikesiko/PracticalMalwareAnalysis-Labs/5f55de02a10748247f7511dafaaf18a37d332ff5/PracticalMalwareAnalysis-Labs.exe' +$zipSha256 = '704138bec89cf9e7f00fbce100dbc09cf133d16dc0203806392f0e153c43c68c' + +VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -executableName "Practical Malware Analysis Labs\BinaryCollection" -withoutBinFile diff --git a/packages/pma-labs.vm/tools/chocolateyuninstall.ps1 b/packages/pma-labs.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..4130a8f97 --- /dev/null +++ b/packages/pma-labs.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'PMA-labs' +$category = 'Utilities' + +VM-Uninstall $toolName $category diff --git a/packages/powercat.vm/powercat.vm.nuspec b/packages/powercat.vm/powercat.vm.nuspec new file mode 100644 index 000000000..47a8ef431 --- /dev/null +++ b/packages/powercat.vm/powercat.vm.nuspec @@ -0,0 +1,12 @@ + + + + powercat.vm + 0.0.0.20230710 + lukebaggett, besimorhino, nnamon, kjacobsen + PowerShell implementation of netcat functionality + + + + + diff --git a/packages/powercat.vm/tools/chocolateyinstall.ps1 b/packages/powercat.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..59b42423d --- /dev/null +++ b/packages/powercat.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,12 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'PowerCat' +$category = 'Utilities' + +$ps1Url = 'https://raw.githubusercontent.com/besimorhino/powercat/4bea00079084c7dbc52105ce5b5988b036821c92/powercat.ps1' +$ps1Sha256 = 'c55672b5d2963969abe045fe75db52069d0300691d4f1f5923afeadf5353b9d2' + +$ps1Cmd = 'Import-Module .\powercat.ps1; powercat -h' + +VM-Install-Single-Ps1 $toolName $category $ps1Url -ps1Sha256 $ps1Sha256 -ps1Cmd $ps1Cmd diff --git a/packages/powercat.vm/tools/chocolateyuninstall.ps1 b/packages/powercat.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..21462fd3e --- /dev/null +++ b/packages/powercat.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'PowerCat' +$category = 'Utilities' + +VM-Uninstall $toolName $category diff --git a/packages/powermad.vm/powermad.vm.nuspec b/packages/powermad.vm/powermad.vm.nuspec new file mode 100644 index 000000000..7bf6e06c8 --- /dev/null +++ b/packages/powermad.vm/powermad.vm.nuspec @@ -0,0 +1,12 @@ + + + + powermad.vm + 0.0.0.20230711 + Kevin-Robertson + Powermad includes a set of functions for exploiting ms-DS-MachineAccountQuota without attaching an actual system to AD + + + + + diff --git a/packages/powermad.vm/tools/chocolateyinstall.ps1 b/packages/powermad.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..7e8755472 --- /dev/null +++ b/packages/powermad.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,12 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'PowerMad' +$category = 'Exploitation' + +$zipUrl = 'https://github.com/Kevin-Robertson/Powermad/archive/3ad36e655d0dbe89941515cdb67a3fd518133dcb.zip' +$zipSha256 = 'e01cfdb69f938ecd8c707e81dce2832935bb26e368405f2180b6858bce5b4d73' + +$powershellCommand = 'Import-Module .\Powermad.psd1; Get-Command -Module Powermad' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 -powershellCommand $powershellCommand diff --git a/packages/powermad.vm/tools/chocolateyuninstall.ps1 b/packages/powermad.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..19291b3fe --- /dev/null +++ b/packages/powermad.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'PowerMad' +$category = 'Exploitation' + +VM-Uninstall $toolName $category diff --git a/packages/powersploit.vm/powersploit.vm.nuspec b/packages/powersploit.vm/powersploit.vm.nuspec new file mode 100644 index 000000000..8be707c54 --- /dev/null +++ b/packages/powersploit.vm/powersploit.vm.nuspec @@ -0,0 +1,12 @@ + + + + powersploit.vm + 0.0.0.20230713 + HarmJ0y, 0xe7 + PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. + + + + + diff --git a/packages/powersploit.vm/tools/chocolateyinstall.ps1 b/packages/powersploit.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..bf326dbe1 --- /dev/null +++ b/packages/powersploit.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,24 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +#vars for powersploit +$toolName = 'PowerSploit' +$category = 'Exploitation' + +# install powersploit, import module, and list available powersploit modules +$zipUrl = 'https://github.com/ZeroDayLab/PowerSploit/archive/72a88240ed0c6527f3880a1fb15ea7a19589c2d8.zip' +$zipSha256 = '4a86b4b92e97fe6f1d76d8d93d9e481c007809db803cc82f4f0ec86ff7186bcf' +$powershellCommand = 'Import-Module $Env:RAW_TOOLS_DIR\PowerSploit\PowerSploit.psd1; Get-Command -Module PowerSploit' +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 -powershellCommand $powershellCommand + +# vars for powerview +$toolName2 = 'PowerView' +$category2 = 'Reconnaissance' +$shortcutDir = Join-Path ${Env:TOOL_LIST_DIR} $category2 +$shortcut = Join-Path $shortcutDir "$toolName2.lnk" +$targetCmd = Join-Path ${Env:WinDir} "system32\WindowsPowerShell\v1.0\powershell.exe" -Resolve +$executableArgs = '-NoExit Import-Module $Env:RAW_TOOLS_DIR\PowerSploit\Recon\Recon.psd1; Get-Command -Module Recon' + +# install powerview shortcut and list available powerview modules +Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $targetCmd -Arguments $executableArgs +VM-Assert-Path $shortcut diff --git a/packages/powersploit.vm/tools/chocolateyuninstall.ps1 b/packages/powersploit.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..d4fee3801 --- /dev/null +++ b/packages/powersploit.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'PowerSploit' +$category = 'Exploitation' + +VM-Uninstall $toolName $category diff --git a/packages/powerupsql.vm/powerupsql.vm.nuspec b/packages/powerupsql.vm/powerupsql.vm.nuspec new file mode 100644 index 000000000..74f4500f0 --- /dev/null +++ b/packages/powerupsql.vm/powerupsql.vm.nuspec @@ -0,0 +1,12 @@ + + + + powerupsql.vm + 0.0.0.20230710 + NetSPI + PowerUpSQL includes functions that support SQL Server discovery, weak configuration auditing, privilege escalation on scale, and post exploitation actions such as OS command execution. + + + + + diff --git a/packages/powerupsql.vm/tools/chocolateyinstall.ps1 b/packages/powerupsql.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..05ba752d8 --- /dev/null +++ b/packages/powerupsql.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,12 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'PowerUpSQL' +$category = 'Exploitation' + +$zipUrl = 'https://github.com/NetSPI/PowerUpSQL/archive/2837c7bdda47a07703b7841080024f30a73a7743.zip' +$zipSha256 = 'fffed1c3f480b40616070e7ebb5bf7e8093e0bb483ce1ef2400f586018439c85' + +$powershellCommand = 'Import-Module PowerUpSQL.psd1; Get-Command -Module PowerUpSQL' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 -powershellCommand $powershellCommand diff --git a/packages/powerupsql.vm/tools/chocolateyuninstall.ps1 b/packages/powerupsql.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..134c093ed --- /dev/null +++ b/packages/powerupsql.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'PowerUpSQL' +$category = 'Exploitation' + +VM-Uninstall $toolName $category diff --git a/packages/powerzure.vm/powerzure.vm.nuspec b/packages/powerzure.vm/powerzure.vm.nuspec new file mode 100644 index 000000000..35f4d6c20 --- /dev/null +++ b/packages/powerzure.vm/powerzure.vm.nuspec @@ -0,0 +1,13 @@ + + + + powerzure.vm + 0.0.0.20230320 + hausec + PowerZure is a PowerShell project created to assess and exploit resources within Microsoft’s cloud platform, Azure. + + + + + + diff --git a/packages/powerzure.vm/tools/chocolateyinstall.ps1 b/packages/powerzure.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..4075d476b --- /dev/null +++ b/packages/powerzure.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,12 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'PowerZure' +$category = 'Exploitation' + +$zipUrl = 'https://github.com/hausec/PowerZure/archive/093d4a3267ab514656759d7b2a6a91ac521b449b.zip' +$zipSha256 = '76e82df57013980cd6f3dd5b125e405e4ab3308368f2372121581a6a1e4a5a22' + +$powershellCommand = 'Import-Module Az, .\PowerZure.psm1; Invoke-PowerZure -h' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 -powershellCommand $powershellCommand \ No newline at end of file diff --git a/packages/powerzure.vm/tools/chocolateyuninstall.ps1 b/packages/powerzure.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..250259660 --- /dev/null +++ b/packages/powerzure.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'PowerZure' +$category = 'Exploitation' + +VM-Uninstall $toolName $category diff --git a/packages/putty.vm/putty.vm.nuspec b/packages/putty.vm/putty.vm.nuspec index 5d4f24e7e..83942ce6b 100644 --- a/packages/putty.vm/putty.vm.nuspec +++ b/packages/putty.vm/putty.vm.nuspec @@ -2,12 +2,12 @@ putty.vm - 0.78 + 0.79.0 Simon Tatham PuTTY is a free implementation of SSH and Telnet for Windows and Unix platforms, along with an xterm terminal emulator. - + diff --git a/packages/python3.vm/python3.vm.nuspec b/packages/python3.vm/python3.vm.nuspec index a1df8a2e7..3dc670e67 100644 --- a/packages/python3.vm/python3.vm.nuspec +++ b/packages/python3.vm/python3.vm.nuspec @@ -2,12 +2,12 @@ python3.vm - 3.11.3 - Metapackage to install Python3 - Python Software Foundation + 0.0.0.20231019 + Metapackage for Python 3 to ensure all packages use the same Python version. + Mandiant - + diff --git a/packages/python3.vm/tools/chocolateyinstall.ps1 b/packages/python3.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..44a926c40 --- /dev/null +++ b/packages/python3.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,11 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +try { + # Re-add shim path to the top of the path to ensure it is found before Python libraries + $shimPath = Join-Path $Env:ChocolateyInstall "bin" -Resolve + [Environment]::SetEnvironmentVariable("Path", "$shimPath;$Env:Path", "Machine") +} catch { + VM-Write-Log-Exception $_ +} + diff --git a/packages/reg_export.vm/reg_export.vm.nuspec b/packages/reg_export.vm/reg_export.vm.nuspec new file mode 100644 index 000000000..1cdd81ff1 --- /dev/null +++ b/packages/reg_export.vm/reg_export.vm.nuspec @@ -0,0 +1,12 @@ + + + + reg_export.vm + 1.3 + Adam Kramer + A CLI that exports the raw content of a registry value to a file + + + + + diff --git a/packages/reg_export.vm/tools/chocolateyinstall.ps1 b/packages/reg_export.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..79e76a85d --- /dev/null +++ b/packages/reg_export.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'reg_export' +$category = 'Utilities' + +$exeUrl = 'https://github.com/adamkramer/reg_export/releases/download/v1.3/reg_export.exe' +$exeSha256 = '0786cf26a63a059986fa7c568c1833825104e52565c17ff777f45d3118a8b274' + +VM-Install-Single-Exe $toolName $category $exeUrl -exeSha256 $exeSha256 -consoleApp $true diff --git a/packages/reg_export.vm/tools/chocolateyuninstall.ps1 b/packages/reg_export.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..e6af9a144 --- /dev/null +++ b/packages/reg_export.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'reg_export' +$category = 'Utilities' + +VM-Uninstall $toolName $category diff --git a/packages/resourcehacker.vm/resourcehacker.vm.nuspec b/packages/resourcehacker.vm/resourcehacker.vm.nuspec new file mode 100644 index 000000000..182f25354 --- /dev/null +++ b/packages/resourcehacker.vm/resourcehacker.vm.nuspec @@ -0,0 +1,13 @@ + + + + resourcehacker.vm + 5.1.8 + Angus Johnson + Resource Hacker is a resource editor for 32bit and 64bit Windows applications. + + + + + + diff --git a/packages/resourcehacker.vm/tools/chocolateyinstall.ps1 b/packages/resourcehacker.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..0ad10dd6c --- /dev/null +++ b/packages/resourcehacker.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,17 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +try { + $toolName = 'Resource Hacker' + $category = 'Utilities' + $shimPath = '\lib\resourcehacker.portable\v5.1.8\ResourceHacker.exe' + + $shortcutDir = Join-Path ${Env:TOOL_LIST_DIR} $category + $shortcut = Join-Path $shortcutDir "$toolName.lnk" + $executablePath = Join-Path ${Env:ChocolateyInstall} $shimPath -Resolve + Install-BinFile -Name $toolName -Path $executablePath + Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $executablePath -RunAsAdmin + VM-Assert-Path $shortcut +} catch { + VM-Write-Log-Exception $_ +} diff --git a/packages/resourcehacker.vm/tools/chocolateyuninstall.ps1 b/packages/resourcehacker.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..981a55799 --- /dev/null +++ b/packages/resourcehacker.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Resource Hacker' +$category = 'Utilities' + +VM-Remove-Tool-Shortcut $toolName $category diff --git a/packages/routesixtysink.vm/routesixtysink.vm.nuspec b/packages/routesixtysink.vm/routesixtysink.vm.nuspec new file mode 100644 index 000000000..99acb79fa --- /dev/null +++ b/packages/routesixtysink.vm/routesixtysink.vm.nuspec @@ -0,0 +1,12 @@ + + + + routesixtysink.vm + 0.0.0.20230714 + Dillon Franke, Michael Maturi + Route Sixty-Sink is an open source tool that enables defenders and security researchers alike to quickly identify vulnerabilities in any .NET assembly using automated source-to-sink analysis. + + + + + diff --git a/packages/routesixtysink.vm/tools/chocolateyinstall.ps1 b/packages/routesixtysink.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..b40948af3 --- /dev/null +++ b/packages/routesixtysink.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'RouteSixtySink' +$category = 'Reconnaissance' + +$zipUrl = 'https://github.com/mandiant/route-sixty-sink/archive/59195003c84d75fabf6cc573c233dfb60d631f8a.zip' +$zipSha256 = '860df7a6f8b8b135e27e731d1cc11a61837a390fc7da46652f82920040802f15' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/routesixtysink.vm/tools/chocolateyuninstall.ps1 b/packages/routesixtysink.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..3da70e540 --- /dev/null +++ b/packages/routesixtysink.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'RouteSixtySink' +$category = 'Reconnaissance' + +VM-Uninstall $toolName $category diff --git a/packages/rubeus.vm/rubeus.vm.nuspec b/packages/rubeus.vm/rubeus.vm.nuspec new file mode 100644 index 000000000..0bf50823c --- /dev/null +++ b/packages/rubeus.vm/rubeus.vm.nuspec @@ -0,0 +1,12 @@ + + + + rubeus.vm + 2.2.3 + harmj0y + Rubeus is a C# toolset for raw Kerberos interaction and abuses. + + + + + diff --git a/packages/rubeus.vm/tools/chocolateyinstall.ps1 b/packages/rubeus.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..0fbb140c8 --- /dev/null +++ b/packages/rubeus.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Rubeus' +$category = 'Credential Access' + +$zipUrl = 'https://github.com/GhostPack/Rubeus/archive/refs/heads/master.zip' +$zipSha256 = 'DC61768AF588A5FCC1CEDC491E8DF81BC652A96A1A032741034E40B75EC404F2' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/rubeus.vm/tools/chocolateyuninstall.ps1 b/packages/rubeus.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..f684162c1 --- /dev/null +++ b/packages/rubeus.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Rubeus' +$category = 'Credential Access' + +VM-Uninstall $toolName $category diff --git a/packages/rundotnetdll.vm/rundotnetdll.vm.nuspec b/packages/rundotnetdll.vm/rundotnetdll.vm.nuspec index 54e90f050..5c3cf29a2 100644 --- a/packages/rundotnetdll.vm/rundotnetdll.vm.nuspec +++ b/packages/rundotnetdll.vm/rundotnetdll.vm.nuspec @@ -2,7 +2,7 @@ rundotnetdll.vm - 2.2 + 2.2.0.20230526 A simple utility to list all methods of a given .NET Assembly and to invoke them. Antonio Parata diff --git a/packages/rundotnetdll.vm/tools/chocolateyinstall.ps1 b/packages/rundotnetdll.vm/tools/chocolateyinstall.ps1 index 475b39394..f32794c23 100644 --- a/packages/rundotnetdll.vm/tools/chocolateyinstall.ps1 +++ b/packages/rundotnetdll.vm/tools/chocolateyinstall.ps1 @@ -7,5 +7,5 @@ $category = 'dotNet' $zipUrl = 'https://github.com/enkomio/RunDotNetDll/releases/download/2.2/RunDotNetDll.zip' $zipSha256 = '27B922861DD27C8DC484524EB7B3AE8F2FB6CA44C1C7086D9ED529A7B4E7CC1D' -VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true +VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true -arguments $null diff --git a/packages/safetykatz.vm/safetykatz.vm.nuspec b/packages/safetykatz.vm/safetykatz.vm.nuspec new file mode 100644 index 000000000..bf27c58a4 --- /dev/null +++ b/packages/safetykatz.vm/safetykatz.vm.nuspec @@ -0,0 +1,12 @@ + + + + safetykatz.vm + 0.0.0.20230713 + HarmJ0y + SafetyKatz is a combination of slightly modified version of @gentilkiwi's Mimikatz project and @subtee's .NET PE Loader. + + + + + diff --git a/packages/safetykatz.vm/tools/chocolateyinstall.ps1 b/packages/safetykatz.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..c9d09728b --- /dev/null +++ b/packages/safetykatz.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SafetyKatz' +$category = 'Credential Access' + +$zipUrl = 'https://github.com/GhostPack/SafetyKatz/archive/715b311f76eb3a4c8d00a1bd29c6cd1899e450b7.zip' +$zipSha256 = '97ed587a816ef87a310d43dba7b0370ab4cbc1756dbed102e38662abce84a81d' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/safetykatz.vm/tools/chocolateyuninstall.ps1 b/packages/safetykatz.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..d94045e67 --- /dev/null +++ b/packages/safetykatz.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SafetyKatz' +$category = 'Credential Access' + +VM-Uninstall $toolName $category diff --git a/packages/scdbg.vm/scdbg.vm.nuspec b/packages/scdbg.vm/scdbg.vm.nuspec index c13a3238c..6a96e573f 100644 --- a/packages/scdbg.vm/scdbg.vm.nuspec +++ b/packages/scdbg.vm/scdbg.vm.nuspec @@ -2,7 +2,7 @@ scdbg.vm - 12.7.22 + 0.0.0.20230723 Paul Baecher, Markus Koetter, David Zimmer scdbg is an emulation based shellcode API logger and debugger diff --git a/packages/scdbg.vm/tools/chocolateyinstall.ps1 b/packages/scdbg.vm/tools/chocolateyinstall.ps1 index a1c67fbab..d9cad5cf4 100644 --- a/packages/scdbg.vm/tools/chocolateyinstall.ps1 +++ b/packages/scdbg.vm/tools/chocolateyinstall.ps1 @@ -5,8 +5,8 @@ try { $toolName = 'scdbg' $category = 'Debuggers' - $zipUrl = 'https://github.com/dzzie/VS_LIBEMU/releases/download/12.7.22/VS_LIBEMU_12_7_22.zip' - $zipSha256 = '521130E34CC0A30587FF99D030633B9D124CCAC779A213E15025535171B4113D' + $zipUrl = 'http://sandsprite.com/flare_vm/VS_LIBEMU_7.26.23__D7A7B407A0FB2288655247FF3EDD361E767075B15D2F0554EB9C87BC4476D996.zip' + $zipSha256 = 'D7A7B407A0FB2288655247FF3EDD361E767075B15D2F0554EB9C87BC4476D996' VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true diff --git a/packages/seatbelt.vm/seatbelt.vm.nuspec b/packages/seatbelt.vm/seatbelt.vm.nuspec new file mode 100644 index 000000000..35d74d48c --- /dev/null +++ b/packages/seatbelt.vm/seatbelt.vm.nuspec @@ -0,0 +1,12 @@ + + + + seatbelt.vm + 1.2.0.20230713 + harmj0y, tifkin_ + Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives. + + + + + diff --git a/packages/seatbelt.vm/tools/chocolateyinstall.ps1 b/packages/seatbelt.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..801620fd5 --- /dev/null +++ b/packages/seatbelt.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SeatBelt' +$category = 'Reconnaissance' + +$zipUrl = 'https://github.com/GhostPack/Seatbelt/archive/96bd958cf45e3d877d842ce20906e1aa5fdc91c8.zip' +$zipSha256 = '05f6da0d0b77adfae105f2030862882fc8790cf47d98ec053762b9ac99250184' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/seatbelt.vm/tools/chocolateyuninstall.ps1 b/packages/seatbelt.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..8babbb033 --- /dev/null +++ b/packages/seatbelt.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SeatBelt' +$category = 'Reconnaissance' + +VM-Uninstall $toolName $category diff --git a/packages/seclists.vm/seclists.vm.nuspec b/packages/seclists.vm/seclists.vm.nuspec new file mode 100644 index 000000000..0305385ac --- /dev/null +++ b/packages/seclists.vm/seclists.vm.nuspec @@ -0,0 +1,12 @@ + + + + seclists.vm + 2023.2 + danielmiessler + SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. + + + + + diff --git a/packages/seclists.vm/tools/chocolateyinstall.ps1 b/packages/seclists.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..477395270 --- /dev/null +++ b/packages/seclists.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SecLists' +$category = 'Wordlists' + +$zipUrl = 'https://github.com/danielmiessler/SecLists/archive/refs/tags/2023.2.zip' +$zipSha256 = 'ecb58f0a4a311b152c6debbd0d699a14e42ea9b6d1964ef8fc06151b26c435a8' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/seclists.vm/tools/chocolateyuninstall.ps1 b/packages/seclists.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..0ece0c264 --- /dev/null +++ b/packages/seclists.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SecLists' +$category = 'Wordlists' + +VM-Uninstall $toolName $category diff --git a/packages/sfextract.vm/sfextract.vm.nuspec b/packages/sfextract.vm/sfextract.vm.nuspec new file mode 100644 index 000000000..d5e880583 --- /dev/null +++ b/packages/sfextract.vm/sfextract.vm.nuspec @@ -0,0 +1,13 @@ + + + + sfextract.vm + 2.1.0 + Joery Droppers + command-line utility to extract files from single file bundles in .NET + + + + + + diff --git a/packages/sfextract.vm/tools/chocolateyinstall.ps1 b/packages/sfextract.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..4336c2521 --- /dev/null +++ b/packages/sfextract.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'sfextract' +$category = 'dotNet' + +dotnet tool update --global sfextract --version 2.1.0 + +$executablePath = Join-Path "${Env:UserProfile}\.dotnet\tools" "$toolName.exe" -Resolve +VM-Install-Shortcut -toolName $toolName -category $category -executablePath $executablePath -consoleApp $true diff --git a/packages/sfextract.vm/tools/chocolateyuninstall.ps1 b/packages/sfextract.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..77888cd24 --- /dev/null +++ b/packages/sfextract.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,9 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'sfextract' +$category = 'dotNet' + +dotnet tool uninstall --global sfextract + +VM-Remove-Tool-Shortcut $toolName $category diff --git a/packages/sharpcliphistory.vm/sharpcliphistory.vm.nuspec b/packages/sharpcliphistory.vm/sharpcliphistory.vm.nuspec new file mode 100644 index 000000000..4d891c8f1 --- /dev/null +++ b/packages/sharpcliphistory.vm/sharpcliphistory.vm.nuspec @@ -0,0 +1,12 @@ + + + + sharpcliphistory.vm + 1.0 + F-Secure LABS + SharpClipHistory is a .NET 4.5 application written in C# that can be used to read the contents of a user's clipboard history in Windows 10 starting from the 1809 Build. + + + + + diff --git a/packages/sharpcliphistory.vm/tools/chocolateyinstall.ps1 b/packages/sharpcliphistory.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..479773f2f --- /dev/null +++ b/packages/sharpcliphistory.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SharpClipHistory' +$category = 'Credential Access' + +$exeUrl = 'https://github.com/FSecureLABS/SharpClipHistory/releases/download/v1.0/SharpClipHistory.exe' +$exeSha256 = '4527b53e515c275e572f307246614ba4fc9152a25dfd2fd712246b321626bac6' + +VM-Install-Single-Exe $toolName $category $exeUrl -exeSha256 $exeSha256 -consoleApp $true diff --git a/packages/sharpcliphistory.vm/tools/chocolateyuninstall.ps1 b/packages/sharpcliphistory.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..8ded4010e --- /dev/null +++ b/packages/sharpcliphistory.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SharpClipHistory' +$category = 'Credential Access' + +VM-Uninstall $toolName $category diff --git a/packages/sharpdpapi.vm/sharpdpapi.vm.nuspec b/packages/sharpdpapi.vm/sharpdpapi.vm.nuspec new file mode 100644 index 000000000..04b4255d7 --- /dev/null +++ b/packages/sharpdpapi.vm/sharpdpapi.vm.nuspec @@ -0,0 +1,12 @@ + + + + sharpdpapi.vm + 1.11.3 + harmj0y + SharpDPAPI is a C# port of some DPAPI functionality from @gentilkiwi's Mimikatz project. + + + + + diff --git a/packages/sharpdpapi.vm/tools/chocolateyinstall.ps1 b/packages/sharpdpapi.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..6e339e373 --- /dev/null +++ b/packages/sharpdpapi.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SharpDPAPI' +$category = 'Exploitation' + +$zipUrl = 'https://github.com/GhostPack/SharpDPAPI/archive/02992ff2c5c48f38602b096367c6107857dae8e9.zip' +$zipSha256 = 'dd0bd7ceedf87a6952c1e6d8c1865f434f316b187c3f783fe176ad323e7b0f81' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/sharpdpapi.vm/tools/chocolateyuninstall.ps1 b/packages/sharpdpapi.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..a6efa6580 --- /dev/null +++ b/packages/sharpdpapi.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SharpDPAPI' +$category = 'Exploitation' + +VM-Uninstall $toolName $category diff --git a/packages/sharpdump.vm/sharpdump.vm.nuspec b/packages/sharpdump.vm/sharpdump.vm.nuspec new file mode 100644 index 000000000..1cde1fee9 --- /dev/null +++ b/packages/sharpdump.vm/sharpdump.vm.nuspec @@ -0,0 +1,12 @@ + + + + sharpdump.vm + 0.0.0.20230713 + HarmJ0y + SharpDump is a C# port of PowerSploit's Out-Minidump.ps1 functionality. + + + + + diff --git a/packages/sharpdump.vm/tools/chocolateyinstall.ps1 b/packages/sharpdump.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..e6c809107 --- /dev/null +++ b/packages/sharpdump.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SharpDump' +$category = 'Credential Access' + +$zipUrl = 'https://github.com/GhostPack/SharpDump/archive/41cfcf9b1abed2da79a93c201cbd38fbbe31684c.zip' +$zipSha256 = 'c7ddbf34fc9546638d05344727c7a07bbdf492f4f2313456ee5097a5dbea942a' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/sharpdump.vm/tools/chocolateyuninstall.ps1 b/packages/sharpdump.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..bd6d1c784 --- /dev/null +++ b/packages/sharpdump.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SharpDump' +$category = 'Credential Access' + +VM-Uninstall $toolName $category diff --git a/packages/sharpexec.vm/sharpexec.vm.nuspec b/packages/sharpexec.vm/sharpexec.vm.nuspec new file mode 100644 index 000000000..00aac4630 --- /dev/null +++ b/packages/sharpexec.vm/sharpexec.vm.nuspec @@ -0,0 +1,12 @@ + + + + sharpexec.vm + 0.0.0.20230713 + anthemtotheego + SharpExec is an offensive security C# tool designed to aid with lateral movement. + + + + + diff --git a/packages/sharpexec.vm/tools/chocolateyinstall.ps1 b/packages/sharpexec.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..d2ebfb184 --- /dev/null +++ b/packages/sharpexec.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SharpExec' +$category = 'Lateral Movement' + +$zipUrl = 'https://github.com/anthemtotheego/SharpExec/archive/852384499de1ab7b56ee93203b31638138a1d313.zip' +$zipSha256 = 'd032aa7772d8c0d47f30a77381c372cf5d181fea2836c9c85d65eb052785d2df' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/sharpexec.vm/tools/chocolateyuninstall.ps1 b/packages/sharpexec.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..12f418f39 --- /dev/null +++ b/packages/sharpexec.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SharpExec' +$category = 'Lateral Movement' + +VM-Uninstall $toolName $category diff --git a/packages/sharphound.vm/sharphound.vm.nuspec b/packages/sharphound.vm/sharphound.vm.nuspec new file mode 100644 index 000000000..bc41a21f8 --- /dev/null +++ b/packages/sharphound.vm/sharphound.vm.nuspec @@ -0,0 +1,12 @@ + + + + sharphound.vm + 2.0.1 + specterops + SharpHound is an Active Directory ingester tool for BloodHound. + + + + + diff --git a/packages/sharphound.vm/tools/chocolateyinstall.ps1 b/packages/sharphound.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..e0fc8336e --- /dev/null +++ b/packages/sharphound.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SharpHound' +$category = 'Reconnaissance' + +$zipUrl = 'https://github.com/BloodHoundAD/SharpHound/releases/download/v2.0.1/SharpHound-v2.0.1.zip' +$zipSha256 = 'a6f73c1a75d14322aa4993fe498299ab55866ba74440f8a52d4dffe85594de2f' + +VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 diff --git a/packages/sharphound.vm/tools/chocolateyuninstall.ps1 b/packages/sharphound.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..188469b48 --- /dev/null +++ b/packages/sharphound.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SharpHound' +$category = 'Reconnaissance' + +VM-Uninstall $toolName $category diff --git a/packages/sharplaps.vm/sharplaps.vm.nuspec b/packages/sharplaps.vm/sharplaps.vm.nuspec new file mode 100644 index 000000000..4b1e460d9 --- /dev/null +++ b/packages/sharplaps.vm/sharplaps.vm.nuspec @@ -0,0 +1,12 @@ + + + + sharplaps.vm + 1.1 + swisskyrepo + This executable is made to be executed within Cobalt Strike session using execute-assembly. It will retrieve the LAPS password from the Active Directory. + + + + + diff --git a/packages/sharplaps.vm/tools/chocolateyinstall.ps1 b/packages/sharplaps.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..58b6d9da0 --- /dev/null +++ b/packages/sharplaps.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SharpLAPS' +$category = 'Credential Access' + +$exeUrl = 'https://github.com/swisskyrepo/SharpLAPS/releases/download/latest-SharpLAPS/SharpLAPS.exe' +$exeSha256 = 'ef0d508b3051fe6f99ba55202a17237f29fdbc0085e3f5c99b1aef52c8ebe425' + +VM-Install-Single-Exe $toolName $category $exeUrl -exeSha256 $exeSha256 -consoleApp $true diff --git a/packages/sharplaps.vm/tools/chocolateyuninstall.ps1 b/packages/sharplaps.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..c2eadddf0 --- /dev/null +++ b/packages/sharplaps.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SharpLAPS' +$category = 'Credential Access' + +VM-Uninstall $toolName $category diff --git a/packages/sharpsecdump.vm/sharpsecdump.vm.nuspec b/packages/sharpsecdump.vm/sharpsecdump.vm.nuspec new file mode 100644 index 000000000..6cfcedc33 --- /dev/null +++ b/packages/sharpsecdump.vm/sharpsecdump.vm.nuspec @@ -0,0 +1,12 @@ + + + + sharpsecdump.vm + 0.0.0.20230711 + G0ldenGunSec + .Net port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py + + + + + diff --git a/packages/sharpsecdump.vm/tools/chocolateyinstall.ps1 b/packages/sharpsecdump.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..e6bc06427 --- /dev/null +++ b/packages/sharpsecdump.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SharpSecDump' +$category = 'Credential Access' + +$zipUrl = 'https://github.com/G0ldenGunSec/SharpSecDump/archive/ef2463688e405fad0fabb001b3d8869db51da0e0.zip' +$zipSha256 = '10108c1817d21f747e10317ccca14b58d3e060c7c3fe268eccf81ef58e448ae4' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/sharpsecdump.vm/tools/chocolateyuninstall.ps1 b/packages/sharpsecdump.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..817ae7934 --- /dev/null +++ b/packages/sharpsecdump.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SharpSecDump' +$category = 'Credential Access' + +VM-Uninstall $toolName $category diff --git a/packages/sharpup.vm/sharpup.vm.nuspec b/packages/sharpup.vm/sharpup.vm.nuspec new file mode 100644 index 000000000..1802dbdfe --- /dev/null +++ b/packages/sharpup.vm/sharpup.vm.nuspec @@ -0,0 +1,12 @@ + + + + sharpup.vm + 0.0.0.20230602 + harmj0y + SharpUp is a C# port of various PowerUp functionality for auditing potential privilege escalation paths. + + + + + diff --git a/packages/sharpup.vm/tools/chocolateyinstall.ps1 b/packages/sharpup.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..462d8ab07 --- /dev/null +++ b/packages/sharpup.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SharpUp' +$category = 'Exploitation' + +$zipUrl = 'https://github.com/GhostPack/SharpUp/archive/7e172961002125417a0f8a8447de0cb579f7d0e8.zip' +$zipSha256 = '6bf0c25dcd322f3f058d474f827ab3b772cbd7e8ad1a0010a0b8fda3d2a0a761' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/sharpup.vm/tools/chocolateyuninstall.ps1 b/packages/sharpup.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..916c541df --- /dev/null +++ b/packages/sharpup.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SharpUp' +$category = 'Exploitation' + +VM-Uninstall $toolName $category diff --git a/packages/sharpview.vm/sharpview.vm.nuspec b/packages/sharpview.vm/sharpview.vm.nuspec new file mode 100644 index 000000000..152da9c42 --- /dev/null +++ b/packages/sharpview.vm/sharpview.vm.nuspec @@ -0,0 +1,12 @@ + + + + sharpview.vm + 0.0.0.20230713 + tevora + .NET port of PowerView used for information gathering within Active Directory + + + + + diff --git a/packages/sharpview.vm/tools/chocolateyinstall.ps1 b/packages/sharpview.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..b814c4f24 --- /dev/null +++ b/packages/sharpview.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SharpView' +$category = 'Reconnaissance' + +$zipUrl = 'https://github.com/tevora-threat/SharpView/archive/b60456286b41bb055ee7bc2a14d645410cca9b74.zip' +$zipSha256 = 'b5b2dd91fe22f56fb846d849052fc3205f177cbd067069e6d829e38eea0aca49' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/sharpview.vm/tools/chocolateyuninstall.ps1 b/packages/sharpview.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..d37bb8235 --- /dev/null +++ b/packages/sharpview.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SharpView' +$category = 'Reconnaissance' + +VM-Uninstall $toolName $category diff --git a/packages/sharpwmi.vm/sharpwmi.vm.nuspec b/packages/sharpwmi.vm/sharpwmi.vm.nuspec new file mode 100644 index 000000000..6b8274e5d --- /dev/null +++ b/packages/sharpwmi.vm/sharpwmi.vm.nuspec @@ -0,0 +1,12 @@ + + + + sharpwmi.vm + 0.0.0.20230713 + HarmJ0y + SharpWMI is a C# implementation of various WMI functionality. + + + + + diff --git a/packages/sharpwmi.vm/tools/chocolateyinstall.ps1 b/packages/sharpwmi.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..9433c664b --- /dev/null +++ b/packages/sharpwmi.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SharpWMI' +$category = 'Reconnaissance' + +$zipUrl = 'https://github.com/GhostPack/SharpWMI/archive/0600f57aeb4733ba6fec585388af2f1ac4483b58.zip' +$zipSha256 = '0dbdd04a8a62e16de40373ae416b732cd48fb642ac7b3ff243bb9580249058f5' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/sharpwmi.vm/tools/chocolateyuninstall.ps1 b/packages/sharpwmi.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..21d4d19f4 --- /dev/null +++ b/packages/sharpwmi.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SharpWMI' +$category = 'Reconnaissance' + +VM-Uninstall $toolName $category diff --git a/packages/situational-awareness-bof.vm/situational-awareness-bof.vm.nuspec b/packages/situational-awareness-bof.vm/situational-awareness-bof.vm.nuspec new file mode 100644 index 000000000..15d12a246 --- /dev/null +++ b/packages/situational-awareness-bof.vm/situational-awareness-bof.vm.nuspec @@ -0,0 +1,12 @@ + + + + situational-awareness-bof.vm + 0.0.0.20230713 + trustedsec + Provides a set of basic situational awareness commands implemented in a Beacon Object File (BOF). This allows you to perform some checks on a host before you begin executing commands that may be more invasive. + + + + + diff --git a/packages/situational-awareness-bof.vm/tools/chocolateyinstall.ps1 b/packages/situational-awareness-bof.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..59945b655 --- /dev/null +++ b/packages/situational-awareness-bof.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Situational Awareness BOF' +$category = 'Reconnaissance' + +$zipUrl = 'https://github.com/trustedsec/CS-Situational-Awareness-BOF/archive/refs/heads/master.zip' +$zipSha256 = 'e3673d7e41ad6d36ca7d6d44821f68238aae9968e062acb6d96fc7663c87bbdb' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/situational-awareness-bof.vm/tools/chocolateyuninstall.ps1 b/packages/situational-awareness-bof.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..212787207 --- /dev/null +++ b/packages/situational-awareness-bof.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Situational Awareness BOF' +$category = 'Reconnaissance' + +VM-Uninstall $toolName $category diff --git a/packages/sliver.vm/sliver.vm.nuspec b/packages/sliver.vm/sliver.vm.nuspec new file mode 100644 index 000000000..1ab9cad98 --- /dev/null +++ b/packages/sliver.vm/sliver.vm.nuspec @@ -0,0 +1,12 @@ + + + + sliver.vm + 1.5.41 + bishopfox + Sliver is an open source cross-platform adversary emulation/red team framework. + + + + + diff --git a/packages/sliver.vm/tools/chocolateyinstall.ps1 b/packages/sliver.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..ed3367d26 --- /dev/null +++ b/packages/sliver.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Sliver' +$category = 'Command & Control' + +$exeUrl = 'https://github.com/BishopFox/sliver/releases/download/v1.5.41/sliver-client_windows.exe' +$exeSha256 = '85474d2a885a2dbe2dfd334d9d25fbf1079c1d88c857428e2e1cf3e59f2c0a9b' + +VM-Install-Single-Exe $toolName $category $exeUrl -exeSha256 $exeSha256 -consoleApp $true diff --git a/packages/sliver.vm/tools/chocolateyuninstall.ps1 b/packages/sliver.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..bd1f1f601 --- /dev/null +++ b/packages/sliver.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Sliver' +$category = 'Command & Control' + +VM-Uninstall $toolName $category diff --git a/packages/snaffler.vm/snaffler.vm.nuspec b/packages/snaffler.vm/snaffler.vm.nuspec new file mode 100644 index 000000000..51149c7de --- /dev/null +++ b/packages/snaffler.vm/snaffler.vm.nuspec @@ -0,0 +1,12 @@ + + + + snaffler.vm + 1.0.135 + l0ss, Sh3r4 + Snaffler is a tool for enumerating accessible SMB shares in an Active Directory environment. + + + + + diff --git a/packages/snaffler.vm/tools/chocolateyinstall.ps1 b/packages/snaffler.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..589c361e1 --- /dev/null +++ b/packages/snaffler.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Snaffler' +$category = 'Reconnaissance' + +$exeUrl = 'https://github.com/SnaffCon/Snaffler/releases/download/1.0.135/Snaffler.exe' +$exeSha256 = 'c3777df8af97479419aaff9bbb113ddeb1aef7515a91fc683f8c62133466a137' + +VM-Install-Single-Exe $toolName $category $exeUrl -exeSha256 $exeSha256 -consoleApp $true diff --git a/packages/snaffler.vm/tools/chocolateyuninstall.ps1 b/packages/snaffler.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..0bcd51976 --- /dev/null +++ b/packages/snaffler.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Snaffler' +$category = 'Reconnaissance' + +VM-Uninstall $toolName $category diff --git a/packages/spoolsample.vm/spoolsample.vm.nuspec b/packages/spoolsample.vm/spoolsample.vm.nuspec new file mode 100644 index 000000000..508324c6f --- /dev/null +++ b/packages/spoolsample.vm/spoolsample.vm.nuspec @@ -0,0 +1,12 @@ + + + + spoolsample.vm + 0.0.0.20230602 + tifkin_, harmj0y, enigma0x3 + PoC tool to coerce Windows hosts authenticate to other machines via the MS-RPRN RPC interface. + + + + + diff --git a/packages/spoolsample.vm/tools/chocolateyinstall.ps1 b/packages/spoolsample.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..dac0b5460 --- /dev/null +++ b/packages/spoolsample.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SpoolSample' +$category = 'Exploitation' + +$zipUrl = 'https://github.com/leechristensen/SpoolSample/archive/688971e69cbe9240ea84bdd38f732dd9817110f8.zip' +$zipSha256 = '1e5f54b9317ac053fe51e373b3e3b830573e2d14612bf4a038750a6c6284fb3d' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/spoolsample.vm/tools/chocolateyuninstall.ps1 b/packages/spoolsample.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..4c4531c41 --- /dev/null +++ b/packages/spoolsample.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SpoolSample' +$category = 'Exploitation' + +VM-Uninstall $toolName $category diff --git a/packages/sqlitebrowser.vm/sqlitebrowser.vm.nuspec b/packages/sqlitebrowser.vm/sqlitebrowser.vm.nuspec new file mode 100644 index 000000000..c2f532150 --- /dev/null +++ b/packages/sqlitebrowser.vm/sqlitebrowser.vm.nuspec @@ -0,0 +1,13 @@ + + + + sqlitebrowser.vm + 0.0.0.20230714 + René Peinthor, Martin Kleusberg, Mauricio Piacentini, Justin Clift + DB Browser for SQLite is a high quality, visual, open source tool to create, design, and edit database files compatible with SQLite. + + + + + + diff --git a/packages/sqlitebrowser.vm/tools/chocolateyinstall.ps1 b/packages/sqlitebrowser.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..16e3f40d0 --- /dev/null +++ b/packages/sqlitebrowser.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,16 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +try { + $toolName = 'DB Browser for SQLite' + $category = 'Utilities' + $shimPath = '\bin\DB Browser for SQLite.exe' + + $shortcutDir = Join-Path ${Env:TOOL_LIST_DIR} $category + $shortcut = Join-Path $shortcutDir "$toolName.lnk" + $executablePath = Join-Path ${Env:ChocolateyInstall} $shimPath -Resolve + Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $executablePath -RunAsAdmin + VM-Assert-Path $shortcut +} catch { + VM-Write-Log-Exception $_ +} diff --git a/packages/sqlitebrowser.vm/tools/chocolateyuninstall.ps1 b/packages/sqlitebrowser.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..9bac1e407 --- /dev/null +++ b/packages/sqlitebrowser.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'DB Browser for SQLite' +$category = 'Utilities' + +VM-Remove-Tool-Shortcut $toolName $category diff --git a/packages/sqlrecon.vm/sqlrecon.vm.nuspec b/packages/sqlrecon.vm/sqlrecon.vm.nuspec index 1df889f1e..0b4e51ec4 100644 --- a/packages/sqlrecon.vm/sqlrecon.vm.nuspec +++ b/packages/sqlrecon.vm/sqlrecon.vm.nuspec @@ -2,7 +2,7 @@ sqlrecon.vm - 2.2.2.20230418 + 3.3 Sanjiv Kawa, Rasta Mouse MSSQL toolkit for reconnaissance and post-exploitation diff --git a/packages/sqlrecon.vm/tools/chocolateyinstall.ps1 b/packages/sqlrecon.vm/tools/chocolateyinstall.ps1 index 69c3b3568..8051dfa91 100644 --- a/packages/sqlrecon.vm/tools/chocolateyinstall.ps1 +++ b/packages/sqlrecon.vm/tools/chocolateyinstall.ps1 @@ -4,7 +4,7 @@ Import-Module vm.common -Force -DisableNameChecking $toolName = 'SQLRecon' $category = 'Exploitation' -$exeUrl = 'https://github.com/skahwah/SQLRecon/releases/download/v2.2.2/SQLRecon.exe' -$exeSha256 = '36efd1025ff8379d5b85904160e7dba7c59f4b180f1b03de2a72531c1e9b82cf' +$exeUrl = 'https://github.com/skahwah/SQLRecon/releases/download/v3.3/SQLRecon.exe' +$exeSha256 = '934b069bb6d8e7b03747dc90a00c94df491d8e7b2d8955793c317ce9361b8e19' VM-Install-Single-Exe $toolName $category $exeUrl -exeSha256 $exeSha256 diff --git a/packages/statistically-likely-usernames.vm/statistically-likely-usernames.vm.nuspec b/packages/statistically-likely-usernames.vm/statistically-likely-usernames.vm.nuspec new file mode 100644 index 000000000..cb2fd0cbd --- /dev/null +++ b/packages/statistically-likely-usernames.vm/statistically-likely-usernames.vm.nuspec @@ -0,0 +1,12 @@ + + + + statistically-likely-usernames.vm + 0.0.0.20230711 + insidetrust + This resource contains wordlists for creating statistically likely usernames for use in username-enumeration, simulated password-attacks and other security testing tasks. + + + + + diff --git a/packages/statistically-likely-usernames.vm/tools/chocolateyinstall.ps1 b/packages/statistically-likely-usernames.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..63666d47d --- /dev/null +++ b/packages/statistically-likely-usernames.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Statistically-Likely-Usernames' +$category = 'Wordlists' + +$zipUrl = 'https://github.com/insidetrust/statistically-likely-usernames/archive/fc2321c65a1327a1db363764979e7c23d84dfd37.zip' +$zipSha256 = 'f52a84310e098d662ae212eccc979cefc1d061aa06aca765a8e0f98a4ece3c0c' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/statistically-likely-usernames.vm/tools/chocolateyuninstall.ps1 b/packages/statistically-likely-usernames.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..477c4a2b4 --- /dev/null +++ b/packages/statistically-likely-usernames.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Statistically-Likely-Usernames' +$category = 'Wordlists' + +VM-Uninstall $toolName $category diff --git a/packages/stracciatella.vm/stracciatella.vm.nuspec b/packages/stracciatella.vm/stracciatella.vm.nuspec new file mode 100644 index 000000000..d2d420ef0 --- /dev/null +++ b/packages/stracciatella.vm/stracciatella.vm.nuspec @@ -0,0 +1,12 @@ + + + + stracciatella.vm + 0.7.0.20230713 + mgeeky + Powershell runspace from within C# (aka SharpPick technique) with AMSI, ETW and Script Block Logging disabled. + + + + + diff --git a/packages/stracciatella.vm/tools/chocolateyinstall.ps1 b/packages/stracciatella.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..ec0c2e474 --- /dev/null +++ b/packages/stracciatella.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Stracciatella' +$category = 'Payload Development' + +$zipUrl = 'https://github.com/mgeeky/Stracciatella/archive/acc83e21951049ab4998ecd18f5e4fa01e1527da.zip' +$zipSha256 = 'd9299fca780945becf9907b052112e7149fb2a2d51e28f0e73e8326455f47a82' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/stracciatella.vm/tools/chocolateyuninstall.ps1 b/packages/stracciatella.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..24bf16b93 --- /dev/null +++ b/packages/stracciatella.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Stracciatella' +$category = 'Payload Development' + +VM-Uninstall $toolName $category diff --git a/packages/streamdivert.vm/streamdivert.vm.nuspec b/packages/streamdivert.vm/streamdivert.vm.nuspec new file mode 100644 index 000000000..83a8baedb --- /dev/null +++ b/packages/streamdivert.vm/streamdivert.vm.nuspec @@ -0,0 +1,12 @@ + + + + streamdivert.vm + 1.1 + jellever + StreamDivert has the ability to relay all incoming SMB connections to port 445 to another server, or only relay specific incoming SMB connections from a specific set of source IP's to another server. + + + + + diff --git a/packages/streamdivert.vm/tools/chocolateyinstall.ps1 b/packages/streamdivert.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..1504b5a72 --- /dev/null +++ b/packages/streamdivert.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'StreamDivert' +$category = 'Networking' + +$zipUrl = 'https://github.com/jellever/StreamDivert/releases/download/v1.1/StreamDivert.x64.zip' +$zipSha256 = '88df0ee37e817555fa24520a421f1c122a67349a20f8bbde0c027f3e6fdf54b1' + +VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 diff --git a/packages/streamdivert.vm/tools/chocolateyuninstall.ps1 b/packages/streamdivert.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..d5f690ba6 --- /dev/null +++ b/packages/streamdivert.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'StreamDivert' +$category = 'Networking' + +VM-Uninstall $toolName $category diff --git a/packages/sysinternals.vm/sysinternals.vm.nuspec b/packages/sysinternals.vm/sysinternals.vm.nuspec index 851040a58..544836971 100644 --- a/packages/sysinternals.vm/sysinternals.vm.nuspec +++ b/packages/sysinternals.vm/sysinternals.vm.nuspec @@ -2,12 +2,12 @@ sysinternals.vm - 2023.4.12 + 2023.10.18 Mark Russinovich, Bryce Cogswell Sysinternals suite of troubleshooting tools. - + \ No newline at end of file diff --git a/packages/sysinternals.vm/tools/chocolateyinstall.ps1 b/packages/sysinternals.vm/tools/chocolateyinstall.ps1 index 9746629f2..b45ba3c04 100644 --- a/packages/sysinternals.vm/tools/chocolateyinstall.ps1 +++ b/packages/sysinternals.vm/tools/chocolateyinstall.ps1 @@ -48,7 +48,7 @@ try { ### # Second category - $category = 'Information Gathering' + $category = 'Reconnaissance' $shortcutDir = Join-Path ${Env:TOOL_LIST_DIR} $category $executablePath = Join-Path $toolDir 'ADExplorer.exe' -Resolve diff --git a/packages/sysinternals.vm/tools/chocolateyuninstall.ps1 b/packages/sysinternals.vm/tools/chocolateyuninstall.ps1 index 2d28cd8ef..65f9bbd97 100644 --- a/packages/sysinternals.vm/tools/chocolateyuninstall.ps1 +++ b/packages/sysinternals.vm/tools/chocolateyuninstall.ps1 @@ -15,7 +15,7 @@ VM-Remove-Tool-Shortcut 'procmon' $category ### # Second category -$category = 'Information Gathering' +$category = 'Reconnaissance' VM-Remove-Tool-Shortcut 'ADExplorer' $category ### diff --git a/packages/syswhispers2.vm/syswhispers2.vm.nuspec b/packages/syswhispers2.vm/syswhispers2.vm.nuspec new file mode 100644 index 000000000..991066152 --- /dev/null +++ b/packages/syswhispers2.vm/syswhispers2.vm.nuspec @@ -0,0 +1,12 @@ + + + + syswhispers2.vm + 0.0.0.20230712 + jthuraisamy + SysWhispers helps with evasion by generating header/ASM files implants can use to make direct system calls. + + + + + diff --git a/packages/syswhispers2.vm/tools/chocolateyinstall.ps1 b/packages/syswhispers2.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..00d751f51 --- /dev/null +++ b/packages/syswhispers2.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SysWhispers2' +$category = 'Payload Development' + +$zipUrl = 'https://github.com/jthuraisamy/SysWhispers2/archive/05ad0d9ec769fac2776c992d2cb55b09bd604f9a.zip' +$zipSha256 = '4741ad22fe05a9dc8e89885b37a458c12b286a9de2e3f306b57c7a5ef5f7596e' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/syswhispers2.vm/tools/chocolateyuninstall.ps1 b/packages/syswhispers2.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..9ca420bae --- /dev/null +++ b/packages/syswhispers2.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SysWhispers2' +$category = 'Payload Development' + +VM-Uninstall $toolName $category diff --git a/packages/syswhispers3.vm/syswhispers3.vm.nuspec b/packages/syswhispers3.vm/syswhispers3.vm.nuspec new file mode 100644 index 000000000..6f011312e --- /dev/null +++ b/packages/syswhispers3.vm/syswhispers3.vm.nuspec @@ -0,0 +1,12 @@ + + + + syswhispers3.vm + 0.0.0.20230713 + klezVirus + SysWhispers helps with evasion by generating header/ASM files implants can use to make direct system calls. + + + + + diff --git a/packages/syswhispers3.vm/tools/chocolateyinstall.ps1 b/packages/syswhispers3.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..c12f05167 --- /dev/null +++ b/packages/syswhispers3.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SysWhispers3' +$category = 'Payload Development' + +$zipUrl = 'https://github.com/klezVirus/SysWhispers3/archive/e3d5fc744c2e5c0ae952be0f7dcf498c5a68be4b.zip' +$zipSha256 = '987d04d404ee86536e04c488037fa9c9caa12d35fefdf9c0bc193d1bfed4c96a' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/syswhispers3.vm/tools/chocolateyuninstall.ps1 b/packages/syswhispers3.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..4536c93df --- /dev/null +++ b/packages/syswhispers3.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SysWhispers3' +$category = 'Payload Development' + +VM-Uninstall $toolName $category diff --git a/packages/teamfiltration.vm/teamfiltration.vm.nuspec b/packages/teamfiltration.vm/teamfiltration.vm.nuspec index cf5e5742c..ee77acba8 100644 --- a/packages/teamfiltration.vm/teamfiltration.vm.nuspec +++ b/packages/teamfiltration.vm/teamfiltration.vm.nuspec @@ -2,7 +2,7 @@ teamfiltration.vm - 3.5.0 + 3.5.0.20230713 Flangvik TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts. diff --git a/packages/teamfiltration.vm/tools/chocolateyinstall.ps1 b/packages/teamfiltration.vm/tools/chocolateyinstall.ps1 index 21eb9fee2..e19c5aaf8 100644 --- a/packages/teamfiltration.vm/tools/chocolateyinstall.ps1 +++ b/packages/teamfiltration.vm/tools/chocolateyinstall.ps1 @@ -2,7 +2,7 @@ $ErrorActionPreference = 'Stop' Import-Module vm.common -Force -DisableNameChecking $toolName = 'TeamFiltration' -$category = 'Cloud' +$category = 'Exploitation' $zipUrl = 'https://github.com/Flangvik/TeamFiltration/releases/download/v3.5.0/TeamFiltration-Win-v3.5.0.zip' $zipSha256 = 'c91362172789aa47f45200fac925c5c8ade35cd9a8863f154d27dc5e0a2ed916' diff --git a/packages/teamfiltration.vm/tools/chocolateyuninstall.ps1 b/packages/teamfiltration.vm/tools/chocolateyuninstall.ps1 index 386fa2ec6..96d616e37 100644 --- a/packages/teamfiltration.vm/tools/chocolateyuninstall.ps1 +++ b/packages/teamfiltration.vm/tools/chocolateyuninstall.ps1 @@ -2,6 +2,6 @@ $ErrorActionPreference = 'Continue' Import-Module vm.common -Force -DisableNameChecking $toolName = 'TeamFiltration' -$category = 'Cloud' +$category = 'Exploitation' VM-Uninstall $toolName $category diff --git a/packages/tor-browser.vm/tools/chocolateyinstall.ps1 b/packages/tor-browser.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..f0f2b0433 --- /dev/null +++ b/packages/tor-browser.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,22 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +try { + $toolName = 'Tor Browser' + $category = 'Utilities' + $shimPath = '\lib\tor-browser\tools\tor-browser\Browser\firefox.exe' + + $shortcutDir = Join-Path ${Env:TOOL_LIST_DIR} $category + $shortcut = Join-Path $shortcutDir "$toolName.lnk" + $executablePath = Join-Path ${Env:ChocolateyInstall} $shimPath -Resolve + Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $executablePath -RunAsAdmin + VM-Assert-Path $shortcut + + # Delete Desktop shortcut + $desktopShortcut = Join-Path ${Env:Public} "Desktop\$toolName.lnk" + if (Test-Path $desktopShortcut) { + Remove-Item $desktopShortcut -Force -ea 0 + } +} catch { + VM-Write-Log-Exception $_ +} diff --git a/packages/tor-browser.vm/tools/chocolateyuninstall.ps1 b/packages/tor-browser.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..9f1ff5500 --- /dev/null +++ b/packages/tor-browser.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Tor Browser' +$category = 'Utilities' + +VM-Remove-Tool-Shortcut $toolName $category diff --git a/packages/tor-browser.vm/tor-browser.vm.nuspec b/packages/tor-browser.vm/tor-browser.vm.nuspec new file mode 100644 index 000000000..d127aac1b --- /dev/null +++ b/packages/tor-browser.vm/tor-browser.vm.nuspec @@ -0,0 +1,13 @@ + + + + tor-browser.vm + 12.5.6 + Tor Project + The Tor software protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world. + + + + + + diff --git a/packages/trustedsec-remote-ops-bof.vm/tools/chocolateyinstall.ps1 b/packages/trustedsec-remote-ops-bof.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..fa81d78e2 --- /dev/null +++ b/packages/trustedsec-remote-ops-bof.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Remote Operations BOF' +$category = 'Reconnaissance' + +$zipUrl = 'https://github.com/trustedsec/CS-Remote-OPs-BOF/archive/a7ef2b8551568778c2603a15ea83220188009a79.zip' +$zipSha256 = '61bf693272484d9f9ea25871ea57489cb24248c014782cacad1c1bb80e90962b' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/trustedsec-remote-ops-bof.vm/tools/chocolateyuninstall.ps1 b/packages/trustedsec-remote-ops-bof.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..8015b8bab --- /dev/null +++ b/packages/trustedsec-remote-ops-bof.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Remote Operations BOF' +$category = 'Reconnaissance' + +VM-Uninstall $toolName $category diff --git a/packages/trustedsec-remote-ops-bof.vm/trustedsec-remote-ops-bof.vm.nuspec b/packages/trustedsec-remote-ops-bof.vm/trustedsec-remote-ops-bof.vm.nuspec new file mode 100644 index 000000000..bd981526b --- /dev/null +++ b/packages/trustedsec-remote-ops-bof.vm/trustedsec-remote-ops-bof.vm.nuspec @@ -0,0 +1,12 @@ + + + + truestedsec-remote-ops-bof.vm + 0.0.0.20230713 + trustedsec + Addition to Situational Awareness BOFs intended for single task Windows primitives such as creating a task, stopping a service, etc. + + + + + diff --git a/packages/unhook-bof.vm/tools/chocolateyinstall.ps1 b/packages/unhook-bof.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..4dbc88278 --- /dev/null +++ b/packages/unhook-bof.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Unhook BOF' +$category = 'Payload Development' + +$zipUrl = 'https://github.com/rsmudge/unhook-bof/archive/fa3c8d8a397719c5f2310334e6549bea541b209c.zip' +$zipSha256 = '086f7ded18af7b397be78f63a7b4879bb1a6722f4b192d0139a02863332089ef' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/unhook-bof.vm/tools/chocolateyuninstall.ps1 b/packages/unhook-bof.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..7e2b11899 --- /dev/null +++ b/packages/unhook-bof.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Unhook BOF' +$category = 'Payload Development' + +VM-Uninstall $toolName $category diff --git a/packages/unhook-bof.vm/unhook-bof.vm.nuspec b/packages/unhook-bof.vm/unhook-bof.vm.nuspec new file mode 100644 index 000000000..84affd560 --- /dev/null +++ b/packages/unhook-bof.vm/unhook-bof.vm.nuspec @@ -0,0 +1,12 @@ + + + + unhook-bof.vm + 0.0.0.20230713 + rsmudge, physics-sec + This is a Beacon Object File to refresh DLLs and remove their hooks. The code is from Cylance's Universal Unhooking research. + + + + + diff --git a/packages/upx.vm/tools/chocolateyinstall.ps1 b/packages/upx.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..508fc5f81 --- /dev/null +++ b/packages/upx.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,12 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'upx' +$category = 'Packers' + +$zipUrl = "https://github.com/upx/upx/releases/download/v4.1.0/upx-4.1.0-win32.zip" +$zipSha256 = "066c62993ce904f9f377ce849e85b77d1e2cf477d554c36c5ff89f6d3f0fa072" +$zipUrl_64 = 'https://github.com/upx/upx/releases/download/v4.1.0/upx-4.1.0-win64.zip' +$zipSha256_64 = '382cee168d6261a76c3b6a98b3ca2de44930bf5faa5f2dc2ced4fa3850fe8ff6' + +VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -zipUrl_64 $zipUrl_64 -zipSha256_64 $zipSha256_64 -consoleApp $true -innerFolder $true diff --git a/packages/upx.vm/tools/chocolateyuninstall.ps1 b/packages/upx.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..472237d25 --- /dev/null +++ b/packages/upx.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'upx' +$category = 'Packers' + +VM-Uninstall $toolName $category diff --git a/packages/upx.vm/upx.vm.nuspec b/packages/upx.vm/upx.vm.nuspec new file mode 100644 index 000000000..cfd18f4dc --- /dev/null +++ b/packages/upx.vm/upx.vm.nuspec @@ -0,0 +1,12 @@ + + + + upx.vm + 4.1.0.20230929 + markus-oberhumer + UPX is a free, secure, portable, extendable, high-performance executable packer for several executable formats. + + + + + diff --git a/packages/vbdec.vm/tools/chocolateyinstall.ps1 b/packages/vbdec.vm/tools/chocolateyinstall.ps1 index a7a0dd1fe..9af368ce7 100644 --- a/packages/vbdec.vm/tools/chocolateyinstall.ps1 +++ b/packages/vbdec.vm/tools/chocolateyinstall.ps1 @@ -5,8 +5,8 @@ try { $toolName = 'vbdec' $category = 'VB' - $exeUrl = 'https://github.com/dzzie/pdfstreamdumper/releases/download/vbdec_12.7.22/VBDEC_Setup_SnapShot_12.8.22.exe' - $exeSha256 = 'baed0da101d1c5d5a326d5c6d004c811c9d23cb76638f79eaffa9150db7e8535' + $exeUrl = 'http://sandsprite.com/flare_vm/VBDEC_Setup_983E127DB204A3E50723E4A30D80EF8C.exe' + $exeSha256 = 'E6FA33F1D8C51214B1B6E49665F1EDBCBF05399D57CC2A04CED0A74A194ADA63' $toolDir = Join-Path ${Env:RAW_TOOLS_DIR} $toolName $executablePath = (Join-Path $toolDir "vbdec.exe") diff --git a/packages/vbdec.vm/vbdec.vm.nuspec b/packages/vbdec.vm/vbdec.vm.nuspec index 1c1b9b757..020533169 100644 --- a/packages/vbdec.vm/vbdec.vm.nuspec +++ b/packages/vbdec.vm/vbdec.vm.nuspec @@ -2,9 +2,9 @@ vbdec.vm - 12.7.22 + 1.0.917 vbGamer45, David Zimmer - VBDec is a VB6 disassembler and PCode debugger + VBDec works as a VB6 disassembler, PCode debugger, structure viewer for all vb6 executables, and can generate IDA scripts to integrate structures and named function offsets. diff --git a/packages/vcbuildtools.vm/vcbuildtools.vm.nuspec b/packages/vcbuildtools.vm/vcbuildtools.vm.nuspec index 61b64cab0..7e2ac8a46 100644 --- a/packages/vcbuildtools.vm/vcbuildtools.vm.nuspec +++ b/packages/vcbuildtools.vm/vcbuildtools.vm.nuspec @@ -2,7 +2,7 @@ vcbuildtools.vm - 0.0.0.20230426 + 0.0.0.20231020 Metapackage that requires the dependencies below: - visualstudio2017buildtools - visualstudio2017-workload-vctools @@ -10,7 +10,7 @@ Mandiant, Microsoft - + diff --git a/packages/visualstudio.vm/tools/chocolateyinstall.ps1 b/packages/visualstudio.vm/tools/chocolateyinstall.ps1 new file mode 100755 index 000000000..97e346fcd --- /dev/null +++ b/packages/visualstudio.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,21 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +try { + $toolName = 'VisualStudio' + $category = 'Utilities' + + # Install with choco instead as dependency to provide params to add common components + # The community package chocolatey-visualstudio.extension 1.11 includes a -DefaultParameterValues parameter + # that would be a better solution (as it would allow to change the parameters when installing the package), + # but only a preview is available at the moment. + choco install visualstudio2022community --params "--add Microsoft.VisualStudio.Component.CoreEditor --add Microsoft.VisualStudio.Workload.NativeDesktop --add Microsoft.VisualStudio.Workload.ManagedDesktop --includeRecommended" + + $executablePath = Join-Path ${Env:ProgramFiles} "Microsoft Visual Studio\2022\Community\Common7\IDE\devenv.exe" -Resolve + $shortcutDir = Join-Path ${Env:TOOL_LIST_DIR} $category + $shortcut = Join-Path $shortcutDir "$toolName.lnk" + Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $executablePath + VM-Assert-Path $shortcut +} catch { + VM-Write-Log-Exception $_ +} diff --git a/packages/visualstudio.vm/tools/chocolateyuninstall.ps1 b/packages/visualstudio.vm/tools/chocolateyuninstall.ps1 new file mode 100755 index 000000000..1ea237d17 --- /dev/null +++ b/packages/visualstudio.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,9 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'VisualStudio' +$category = 'Utilities' + +VM-Remove-Tool-Shortcut $toolName $category + +choco uninstall visualstudio2022community --removedependencies diff --git a/packages/visualstudio.vm/visualstudio.vm.nuspec b/packages/visualstudio.vm/visualstudio.vm.nuspec new file mode 100755 index 000000000..f8b60d6ba --- /dev/null +++ b/packages/visualstudio.vm/visualstudio.vm.nuspec @@ -0,0 +1,12 @@ + + + + visualstudio.vm + 17.6.1.20230703 + IDE. + Microsoft + + + + + diff --git a/packages/vnc-viewer.vm/tools/chocolateyinstall.ps1 b/packages/vnc-viewer.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..3dec0eaf9 --- /dev/null +++ b/packages/vnc-viewer.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,16 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +try { + $toolName = 'VNC-Viewer' + $category = 'Utilities' + + $shortcutDir = Join-Path ${Env:TOOL_LIST_DIR} $category + $shortcut = Join-Path $shortcutDir "$toolName.lnk" + $executablePath = Join-Path ${Env:ProgramFiles} 'RealVNC\VNC Viewer\vncviewer.exe' -Resolve + Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $executablePath -RunAsAdmin + Install-BinFile -Name $toolName -Path $executablePath + VM-Assert-Path $shortcut +} catch { + VM-Write-Log-Exception $_ +} diff --git a/packages/vnc-viewer.vm/tools/chocolateyuninstall.ps1 b/packages/vnc-viewer.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..5e5a538c5 --- /dev/null +++ b/packages/vnc-viewer.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'VNC-Viewer' +$category = 'Utilities' + +VM-Remove-Tool-Shortcut $toolName $category diff --git a/packages/vnc-viewer.vm/vnc-viewer.vm.nuspec b/packages/vnc-viewer.vm/vnc-viewer.vm.nuspec new file mode 100644 index 000000000..ccbbf27a4 --- /dev/null +++ b/packages/vnc-viewer.vm/vnc-viewer.vm.nuspec @@ -0,0 +1,13 @@ + + + + vnc-viewer.vm + 7.6.1 + RealVNC + Tool for connecting to and interacting with VNC servers. + + + + + + diff --git a/packages/whisker.vm/tools/chocolateyinstall.ps1 b/packages/whisker.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..e729d6096 --- /dev/null +++ b/packages/whisker.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Whisker' +$category = 'Exploitation' + +$zipUrl = 'https://github.com/eladshamir/Whisker/archive/0bc2a0acc4a92b49c69d873f7ac565340a5f3291.zip' +$zipSha256 = 'b181b639f2d18fb37e045d27cbe522e7b97aaa85c30dc0cb9bc75eaf6b939f9a' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/whisker.vm/tools/chocolateyuninstall.ps1 b/packages/whisker.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..a9548c787 --- /dev/null +++ b/packages/whisker.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Whisker' +$category = 'Exploitation' + +VM-Uninstall $toolName $category diff --git a/packages/whisker.vm/whisker.vm.nuspec b/packages/whisker.vm/whisker.vm.nuspec new file mode 100644 index 000000000..46b1e0be1 --- /dev/null +++ b/packages/whisker.vm/whisker.vm.nuspec @@ -0,0 +1,12 @@ + + + + whisker.vm + 0.0.0.20230714 + Elad Shamir + Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, effectively adding "Shadow Credentials" to the target account. + + + + + diff --git a/packages/windbg.vm/tools/chocolateyinstall.ps1 b/packages/windbg.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..e4aa27ad5 --- /dev/null +++ b/packages/windbg.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,21 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +try { + $toolName = 'WinDbg' + $category = 'Debuggers' + + # It seems WinDbg is now distributed as an .appinstaller and we need to install it using Add-AppxPackage + Add-AppxPackage -AppInstallerFile 'https://windbg.download.prss.microsoft.com/dbazure/prod/1-0-0/windbg.appinstaller' + + $shortcutDir = Join-Path ${Env:TOOL_LIST_DIR} $category + $shortcut = Join-Path $shortcutDir "$toolName.lnk" + $executableCmd = Join-Path ${Env:WinDir} "system32\cmd.exe" + # Use `start` to close the open console + $executableArgs = "/C start WinDbgX.exe" + $executableDir = Join-Path ${Env:UserProfile} "Desktop" + Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $executableCmd -Arguments $executableArgs -WorkingDirectory $executableDir -RunAsAdmin +} catch { + VM-Write-Log-Exception $_ +} + diff --git a/packages/windbg.vm/tools/chocolateyuninstall.ps1 b/packages/windbg.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..eee1d07cf --- /dev/null +++ b/packages/windbg.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,9 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'WinDbg' +$category = 'Debuggers' + +VM-Remove-Tool-Shortcut $toolName $category + +Get-AppxPackage *WinDbg* | Remove-AppxPackage diff --git a/packages/windbg.vm/windbg.vm.nuspec b/packages/windbg.vm/windbg.vm.nuspec new file mode 100644 index 000000000..cef8d9838 --- /dev/null +++ b/packages/windbg.vm/windbg.vm.nuspec @@ -0,0 +1,13 @@ + + + + windbg.vm + 0.0.0 + Microsoft + WinDbg is a debugger that can be used to analyze crash dumps, debug live user-mode and kernel-mode code, and examine CPU registers and memory. + + + + + + diff --git a/packages/winscp.vm/tools/chocolateyinstall.ps1 b/packages/winscp.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..e16b9ab8d --- /dev/null +++ b/packages/winscp.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,22 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +try { + $toolName = 'WinSCP' + $category = 'Utilities' + $shimPath = '\bin\winscp.exe' + + $shortcutDir = Join-Path ${Env:TOOL_LIST_DIR} $category + $shortcut = Join-Path $shortcutDir "$toolName.lnk" + $executablePath = Join-Path ${Env:ChocolateyInstall} $shimPath -Resolve + Install-BinFile -Name $toolName -Path $executablePath + + Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $executablePath -RunAsAdmin + VM-Assert-Path $shortcut + + # Delete Desktop shortcut + $desktopShortcut = Join-Path ${Env:Public} "Desktop\$toolName.lnk" + Remove-Item $desktopShortcut -Force -ea 0 +} catch { + VM-Write-Log-Exception $_ +} diff --git a/packages/winscp.vm/tools/chocolateyuninstall.ps1 b/packages/winscp.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..484c6530b --- /dev/null +++ b/packages/winscp.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'WinSCP' +$category = 'Utilities' + +VM-Remove-Tool-Shortcut $toolName $category diff --git a/packages/winscp.vm/winscp.vm.nuspec b/packages/winscp.vm/winscp.vm.nuspec new file mode 100644 index 000000000..5511e9ddd --- /dev/null +++ b/packages/winscp.vm/winscp.vm.nuspec @@ -0,0 +1,13 @@ + + + + winscp.vm + 6.1.1 + Martin Přikryl + WinSCP is an open source free SFTP client, SCP client, FTPS client and FTP client for Windows. Its main function is file transfer between a local and a remote computer. + + + + + + diff --git a/packages/wireshark.vm/wireshark.vm.nuspec b/packages/wireshark.vm/wireshark.vm.nuspec index d8fe3322a..9e96078da 100644 --- a/packages/wireshark.vm/wireshark.vm.nuspec +++ b/packages/wireshark.vm/wireshark.vm.nuspec @@ -2,13 +2,13 @@ wireshark.vm - 4.0.5 + 4.0.10 Wireshark lets you capture and interactively browse the traffic running on a computer network. Gerald Combs, Wireshark team - + diff --git a/packages/wmimplant.vm/tools/chocolateyinstall.ps1 b/packages/wmimplant.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..52d780beb --- /dev/null +++ b/packages/wmimplant.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'WMImplant' +$category = 'Command & Control' + +$ps1Url = 'https://raw.githubusercontent.com/RedSiege/WMImplant/0ed3c3cba9c5e96d0947c3e73288d450ac8d8702/WMImplant.ps1' +$ps1Sha256 = '4226f7d50145fadce8b564b5dadfa38d067e155173af1dba4d41afb4a2d5b2ab' + +VM-Install-Single-Ps1 $toolName $category $ps1Url -ps1Sha256 $ps1Sha256 diff --git a/packages/wmimplant.vm/tools/chocolateyuninstall.ps1 b/packages/wmimplant.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..000af87f3 --- /dev/null +++ b/packages/wmimplant.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'WMImplant' +$category = 'Command & Control' + +VM-Uninstall $toolName $category diff --git a/packages/wmimplant.vm/wmimplant.vm.nuspec b/packages/wmimplant.vm/wmimplant.vm.nuspec new file mode 100644 index 000000000..1f76467e8 --- /dev/null +++ b/packages/wmimplant.vm/wmimplant.vm.nuspec @@ -0,0 +1,12 @@ + + + + wmimplant.vm + 0.0.0.20230713 + RedSiege + WMImplant is a PowerShell based tool that leverages WMI to both perform actions against targeted machines, but also as the C2 channel for issuing commands and receiving results. + + + + + diff --git a/packages/yara.vm/yara.vm.nuspec b/packages/yara.vm/yara.vm.nuspec index 8a42fef8c..85527efeb 100644 --- a/packages/yara.vm/yara.vm.nuspec +++ b/packages/yara.vm/yara.vm.nuspec @@ -2,12 +2,12 @@ yara.vm - 4.3.1 + 4.3.2 Victor M. Alvarez, others The pattern matching swiss knife - + diff --git a/scripts/test/lint.py b/scripts/test/lint.py index 20c8ea52f..82c2286c8 100644 --- a/scripts/test/lint.py +++ b/scripts/test/lint.py @@ -287,7 +287,7 @@ def check(self, path): class FirstLineDoesNotSetErrorAction(Lint): - EXCLUSIONS = ["libraries.python2.vm", "libraries.python3.vm", "flarevm.installer.vm"] + EXCLUSIONS = ["libraries.python2.vm", "libraries.python3.vm", "flarevm.installer.vm", "installer.vm"] FIRST_LINE = "$ErrorActionPreference = 'Stop'" name = "first line must set error handling to stop" recommendation = f"add `{FIRST_LINE}` to the file" @@ -306,20 +306,24 @@ def check(self, path): class UsesInvalidCategory(Lint): # Some packages don't have a category (we don't create a link in the tools directory) EXCLUSIONS = [ + ".ollydumpex.vm", + ".scyllahide.vm", "common.vm", + "debloat.vm", "flarevm.installer.vm", + "ida.plugin.capa.vm", + "installer.vm", "libraries.python2.vm", "libraries.python3.vm", "notepadplusplus.vm", "notepadpp.plugin.", "npcap.vm", - ".ollydumpex.vm", - ".scyllahide.vm", + "python3.vm", "x64dbgpy.vm", ] root_path = os.path.abspath(os.path.join(__file__, "../../..")) - categories_txt = f"{root_path}/categories.txt" + categories_txt = os.path.join(root_path, "categories.txt") with open(categories_txt) as file: CATEGORIES = [line.rstrip() for line in file] logger.debug(CATEGORIES) @@ -334,7 +338,7 @@ def check(self, path): # utf-8-sig ignores BOM file_content = open(path, "r", encoding="utf-8-sig").read() - match = re.search("\$category = ['\"](?P[\w ]+)['\"]", file_content) + match = re.search("\$category = ['\"](?P[\w &/]+)['\"]", file_content) if not match or match.group("category") not in self.CATEGORIES: return True return False diff --git a/scripts/test/test_install.ps1 b/scripts/test/test_install.ps1 index a19d0e648..5d60189ef 100644 --- a/scripts/test/test_install.ps1 +++ b/scripts/test/test_install.ps1 @@ -39,7 +39,7 @@ foreach ($package in $packages) { } -$exclude_tests = @("flarevm.installer.vm", "python3.vm") +$exclude_tests = @("flarevm.installer.vm", "installer.vm") $failures = New-Object Collections.Generic.List[string] $failed = 0 diff --git a/scripts/utils/create_package_template.py b/scripts/utils/create_package_template.py index 45f53d243..31c2c48b4 100755 --- a/scripts/utils/create_package_template.py +++ b/scripts/utils/create_package_template.py @@ -3,6 +3,7 @@ import logging import argparse import textwrap +import time # Set up logger logging.basicConfig( @@ -18,6 +19,15 @@ with open(f"{root_path}/categories.txt") as file: CATEGORIES = [line.rstrip() for line in file] +# If the dependency/tool's version uses the 4th segment, update the package's +# version to use the current date (YYYYMMDD) in the 4th segment +def package_version(dependency_version): + version_segments = dependency_version.split(".") + if len(version_segments) < 4: + return dependency_version + version_segments[3] = time.strftime("%Y%m%d") + return ".".join(version_segments[:4]) + UNINSTALL_TEMPLATE_NAME = "chocolateyuninstall.ps1" INSTALL_TEMPLATE_NAME = "chocolateyinstall.ps1" @@ -42,7 +52,7 @@ """ Needs the following format strings: - pkg_name="...", version="...", authors="...", description="...", dependency="..." + pkg_name="...", version="...", authors="...", description="...", dependency="...", dependency_version="..." """ NUSPEC_TEMPLATE_METAPACKAGE = r""" @@ -53,7 +63,7 @@ {description} - + @@ -61,7 +71,7 @@ """ Needs the following format strings: - tool_name="...", category="...", target_url="...", target_hash="..." + tool_name="...", category="...", target_url="...", target_hash="...", console_app="..." """ ZIP_EXE_TEMPLATE = r"""$ErrorActionPreference = 'Stop' Import-Module vm.common -Force -DisableNameChecking @@ -72,7 +82,7 @@ $zipUrl = '{target_url}' $zipSha256 = '{target_hash}' -VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 +VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp ${console_app} """ """ @@ -115,7 +125,7 @@ """ Needs the following format strings: - tool_name="...", category="...", target_url="...", target_hash="..." + tool_name="...", category="...", target_url="...", target_hash="...", console_app="..." """ SINGLE_EXE_TEMPLATE = r"""$ErrorActionPreference = 'Stop' Import-Module vm.common -Force -DisableNameChecking @@ -126,7 +136,7 @@ $exeUrl = '{target_url}' $exeSha256 = '{target_hash}' -VM-Install-Single-Exe $toolName $category $exeUrl -exeSha256 $exeSha256 +VM-Install-Single-Exe $toolName $category $exeUrl -exeSha256 $exeSha256 -consoleApp ${console_app} """ """ @@ -199,6 +209,7 @@ def create_zip_exe_template(packages_path, **kwargs): category=kwargs.get("category"), target_url=kwargs.get("target_url"), target_hash=kwargs.get("target_hash"), + console_app=kwargs.get("console_app"), ) @@ -231,6 +242,7 @@ def create_single_exe_template(packages_path, **kwargs): category=kwargs.get("category"), target_url=kwargs.get("target_url"), target_hash=kwargs.get("target_hash"), + console_app=kwargs.get("console_app"), ) @@ -264,6 +276,7 @@ def create_template( target_hash="", shim_path="", dependency="", + console_app="", ): pkg_path = os.path.join(packages_path, f"{pkg_name}.vm") try: @@ -281,10 +294,11 @@ def create_template( f.write( nuspec_template.format( pkg_name=pkg_name, - version=version or "0.0.0", + version=package_version(version) or "0.0.0", authors=authors, description=description, dependency=dependency, + dependency_version = version, ) ) @@ -296,6 +310,7 @@ def create_template( target_url=target_url, target_hash=target_hash, shim_path=shim_path, + console_app=console_app, ) ) @@ -341,6 +356,7 @@ def get_script_directory(): "category", "target_url", "target_hash", + "console_app", ], }, "SINGLE_PS1": { @@ -456,6 +472,7 @@ def main(argv=None): parser.add_argument("--target_url", type=str, default="", help="URL to target file (zip or executable)") parser.add_argument("--target_hash", type=str, default="", help="SHA256 hash of target file (zip or executable)") parser.add_argument("--shim_path", type=str, default="", help="Metapackage shim path") + parser.add_argument("--console_app", type=str, default="false", choices=["false", "true"], help="The tool is a console application, the shortcut should run it with `cmd /K $toolPath --help` to be able to see the output.") args = parser.parse_args(args=argv) if args.type is None: diff --git a/scripts/utils/update_package.py b/scripts/utils/update_package.py index dede2b034..07c49a017 100755 --- a/scripts/utils/update_package.py +++ b/scripts/utils/update_package.py @@ -30,6 +30,7 @@ def replace_version(latest_version, nuspec_content): return latest_version, re.sub("[^<]+", f"{latest_version}", nuspec_content) +# Get latest version from GitHub releases def get_latest_version(org, project, version): response = requests.get(f"https://api.github.com/repos/{org}/{project}/releases/latest") if not response.ok: @@ -39,38 +40,63 @@ def get_latest_version(org, project, version): return latest_version +# Get url response's content hash (SHA256) def get_sha256(url): - return hashlib.sha256(requests.get(url).content).hexdigest() + response = requests.get(url) + if not response.ok: + return None + return hashlib.sha256(response.content).hexdigest() +# Get first three segments of version (which can be preceded by `v`) +# For example: +# v1.2.3 -> 1.2.3 +# 1.2.3-p353 -> 1.2.3 +# 1.2.3.4 -> 1.2.3 +# v1.2 -> 1.2 +# 1 -> 1 def format_version(version): - # Get first three segments of version (which can be preceded by `v`) - # For example: - # v1.2.3 -> 1.2.3 - # 1.2.3-p353 -> 1.2.3 - # 1.2.3.4 -> 1.2.3 - # v1.2 -> 1.2 - # 1 -> 1 match = re.match("v?(?P\d+(.\d+){0,2})", version) if not match: raise ValueError(f"wrong version: {version}") return match.group("version") -def update_github_url(package): - chocolateyinstall_path = f"packages/{package}/tools/chocolateyinstall.ps1" +# Replace version in the package's nuspec file +def update_nuspec_version(package, latest_version): + nuspec_path = f"packages/{package}/{package}.nuspec" + with open(nuspec_path, "r") as file: + content = file.read() + latest_version, content = replace_version(latest_version, content) + with open(nuspec_path, "w") as file: + file.write(content) + + +# read the chocolateyinstall.ps1 package file +def get_install_script(package): + install_script_path = f"packages/{package}/tools/chocolateyinstall.ps1" try: - file = open(chocolateyinstall_path, "r") + file = open(install_script_path, "r") except FileNotFoundError: # chocolateyinstall.ps1 may not exist for metapackages - return None - content = file.read() + return (None, None) + return (install_script_path, file.read()) + + +# Update package using GitHub releases +def update_github_url(package): + install_script_path, content = get_install_script(package) # Use findall as some packages have two urls (for 32 and 64 bits), we need to update both # Match urls like https://github.com/mandiant/capa/releases/download/v4.0.1/capa-v4.0.1-windows.zip matches = re.findall( "[\"'](?Phttps://github.com/(?P[^/]+)/(?P[^/]+)/releases/download/(?P[^/]+)/[^\"']+)[\"']", content, ) + # Match also urls like https://github.com/joxeankoret/diaphora/archive/refs/tags/3.0.zip + matches += re.findall( + "[\"'](?Phttps://github.com/(?P[^/]+)/(?P[^/]+)/archive/refs/tags/(?P[^/]+).zip)[\"']", + content, + ) # It is not a GitHub release if not matches: @@ -90,18 +116,76 @@ def update_github_url(package): sha256 = get_sha256(url) latest_sha256 = get_sha256(latest_url) # Hash can be uppercase or downcase + if not latest_sha256: + return None content = content.replace(sha256, latest_sha256).replace(sha256.upper(), latest_sha256) content = content.replace(version, latest_version) - with open(chocolateyinstall_path, "w") as file: + with open(install_script_path, "w") as file: file.write(content) - nuspec_path = f"packages/{package}/{package}.nuspec" - with open(nuspec_path, "r") as file: - content = file.read() - latest_version, content = replace_version(latest_version, content) - with open(nuspec_path, "w") as file: + update_nuspec_version(package, latest_version) + + return latest_version + + +def get_increased_version(url, version): + version_list_original = version.split(".") + # Try all possible increased versions, for example for 12.0.1 + # ['12.0.1.1', '13', '13.0', '13.0.0', '13.0.0.0', '12.1', '12.1.0', '12.0.2'] + # New possible segment + versions = [ version + ".1"] + for i in range(len(version_list_original)): + version_list = version_list_original.copy() + version_list[i] = str(int(version_list[i]) + 1) + version_i = ".".join(version_list[:i+1]) + versions.append(version_i) + # Try max of 4 segments + for j in range(i, 3-i): + version_i += ".0" + versions.append(version_i) + for latest_version in versions: + latest_url = url.replace(version, latest_version) + latest_sha256 = get_sha256(latest_url) + if latest_sha256: + return (latest_version, latest_sha256) + return (None, None) + + +# Update package which uses a generic url that includes the version +def update_version_url(package): + install_script_path, content = get_install_script(package) + # Use findall as some packages have two urls (for 32 and 64 bits), we need to update both + # Match urls like: + # - https://download.sweetscape.com/010EditorWin32Installer12.0.1.exe + # - https://www.winitor.com/tools/pestudio/current/pestudio-9.53.zip + matches = re.findall("[\"'](https{0,1}://.+?[A-Za-z\-_]((?:\d{1,4}\.){1,3}\d{1,4})[\w\.\-]+)[\"']", content) + + # It doesn't include a download url with the version + if not matches: + return None + + latest_version = None + for url, version in matches: + latest_version_match, latest_sha256 = get_increased_version(url, version) + # No newer version available + if (not latest_version_match) or (latest_version_match == version): + return None + # The version of the 32 and 64 bit downloads need to be the same, we only have one nuspec + if latest_version and latest_version_match != latest_version: + return None + latest_version = latest_version_match + latest_url = url.replace(version, latest_version) + sha256 = get_sha256(url) + # Hash can be uppercase or downcase + content = content.replace(sha256, latest_sha256).replace(sha256.upper(), latest_sha256) + + content = content.replace(version, latest_version) + with open(install_script_path, "w") as file: file.write(content) + + update_nuspec_version(package, latest_version) + return latest_version @@ -146,7 +230,8 @@ def update_dependencies(package): class UpdateType(IntEnum): DEPENDENCIES = 1 GITHUB_URL = 2 - ALL = DEPENDENCIES | GITHUB_URL + VERSION_URL = 4 + ALL = DEPENDENCIES | GITHUB_URL | VERSION_URL def __str__(self): return self.name @@ -176,6 +261,11 @@ def from_str(string): if latest_version2: latest_version = latest_version2 + if args.update_type & UpdateType.VERSION_URL: + latest_version2 = update_version_url(args.package_name) + if latest_version2: + latest_version = latest_version2 + if not latest_version: exit(1) print(latest_version)