diff --git a/DonPAPI.py b/DonPAPI.py
index bddefb0..3653722 100644
--- a/DonPAPI.py
+++ b/DonPAPI.py
@@ -185,6 +185,8 @@ def main():
#print("ENDING MAIN")
my_report = reporting(sqlite3.connect(options.db_path), logging, options, targets)
my_report.generate_report()
+ my_report.export_credz()
+ my_report.export_cookies()
if options.GetHashes:
my_report.export_MKF_hashes()
my_report.export_dcc2_hashes()
diff --git a/database.py b/database.py
index 9df50f5..beb54e1 100644
--- a/database.py
+++ b/database.py
@@ -164,7 +164,7 @@ class reporting:
cred_id, file_path, username, password, target, type, pillaged_from_computerid, pillaged_from_userid = cred
if type != current_type:
current_type=type
- current_type_count=self.get_credz_count(current_type)[0][0]
+ current_type_count=self.get_credz_count(current_type,'AND username NOT IN ("NL$KM_history") AND target NOT IN ("WindowsLive:target=virtualapp/didlogical","Adobe App Info","Adobe App Prefetched Info","Adobe User Info","Adobe User OS Info","MicrosoftOffice16_Data:ADAL","LegacyGeneric:target=msteams_adalsso/adal_contex")')[0][0]
data += f"""
"""
@@ -251,6 +251,8 @@ class reporting:
data += """
"""
self.add_to_resultpage(data)
###
+
+
##### List cookies
results = self.get_cookies()
@@ -259,12 +261,13 @@ class reporting:
Value |
Until |
Target |
+ Type |
Pillaged_from_computerid |
Pillaged_from_userid | \n"""
#
current_type = 'cookies'
- data += f"""
"""
+ data += f"""
"""
for index, cred in enumerate(results):
name,value,expires_utc,target,type,pillaged_from_computerid,pillaged_from_userid = cred
# Skip infos of
@@ -291,8 +294,11 @@ class reporting:
###Print block
for info in [name,value]:
data += f""" {str(info)[:48]} | """
- for info in [expires_utc]:
- data += f""" {(datetime(1601, 1, 1) + timedelta(microseconds=info)).strftime('%b %d %Y %H:%M:%S')} | """
+ for info in [expires_utc]: #Formule a change si on intègre des cookies venant d'autre chose que chrome
+ if type == "browser-chrome" :
+ data += f""" {(datetime(1601, 1, 1) + timedelta(microseconds=info)).strftime('%b %d %Y %H:%M:%S')} | """
+ else:
+ data += f""" {(datetime.fromtimestamp(info)).strftime('%b %d %Y %H:%M:%S')} | """
# check if info contains a URL
if 'http:' in target or 'https:' in target:
@@ -529,14 +535,48 @@ class reporting:
self.logging.debug(ex)
self.logging.debug(f"Export Done!")
- def get_credz_count(self,current_type):
+ def export_credz(self,distinct=True):
+ user_credz=self.get_credz(distinct=True)
+ filename = os.path.join(self.options.output_directory, 'raw_credz')
+ self.logging.info(f"Exporting {len(user_credz)} credz to {self.options.output_directory}")
+ if os.path.exists(filename):
+ os.remove(filename)
+ for index, cred in enumerate(user_credz):
+ username, password = cred
+ try:
+ f=open(filename,'ab')
+ f.write(f"{username}:{password}\n".encode('utf-8'))
+ f.close()
+ except Exception as ex:
+ self.logging.error(f"Exception in export raw credz to {filename}")
+ self.logging.debug(ex)
+ self.logging.debug(f"Export Done!")
+
+ def export_cookies(self):
+ user_credz=self.get_cookies()
+ filename = os.path.join(self.options.output_directory, 'raw_cookies')
+ self.logging.info(f"Exporting {len(user_credz)} cookies to {self.options.output_directory}")
+ if os.path.exists(filename):
+ os.remove(filename)
+ for index, cred in enumerate(user_credz):
+ name, value, expires_utc, target, type, pillaged_from_computerid, pillaged_from_userid = cred
+ try:
+ f=open(filename,'ab')
+ f.write(f"{target}:{name}:{value}\n".encode('utf-8'))
+ f.close()
+ except Exception as ex:
+ self.logging.error(f"Exception in export raw credz to {filename}")
+ self.logging.debug(ex)
+ self.logging.debug(f"Export Done!")
+
+ def get_credz_count(self,current_type,extra_conditions=''):
with self.conn:
cur = self.conn.cursor()
- cur.execute(f"SELECT count(id) FROM credz WHERE LOWER(type)=LOWER('{current_type}')")
+ cur.execute(f"SELECT count(id) FROM credz WHERE LOWER(type)=LOWER('{current_type}') {extra_conditions}")
results = cur.fetchall()
return results
- def get_credz(self, filterTerm=None, credz_type=None):
+ def get_credz(self, filterTerm=None, credz_type=None,distinct=False):
"""
Return credentials from the database.
"""
@@ -550,7 +590,10 @@ class reporting:
with self.conn:
cur = self.conn.cursor()
cur.execute("SELECT * FROM users WHERE LOWER(username) LIKE LOWER(?)", ['%{}%'.format(filterTerm)])
-
+ elif distinct :
+ with self.conn:
+ cur = self.conn.cursor()
+ cur.execute("SELECT DISTINCT username,password FROM credz WHERE LOWER(type) NOT IN ('sam','lsa','dcc2') AND password NOT IN ('')")
# otherwise return all credentials
else:
with self.conn:
@@ -640,6 +683,7 @@ class reporting:
cur.execute(f"SELECT name,value,expires_utc,target,type,pillaged_from_computerid,pillaged_from_userid FROM cookies ORDER BY pillaged_from_computerid ASC, expires_utc DESC ")
results = cur.fetchall()
return results
+
class database:
def __init__(self, conn,logger):