AppLocker Policy parser and emitter for Python
Project description
AppLocker
The applocker module allows you to easily parse and create Windows AppLocker Policy XML files and/or strings in Python.
Installation
To install the applocker module via pip, run the command:
$ pip install applocker
Usage
Start by importing the applocker module.
import applocker
The function applocker.load, loads an AppLocker Policy XML file.
with open('example.xml', 'r') as file:
applocker.load(file)
The function applocker.loads, loads an AppLocker Policy XML string.
applocker.loads('<AppLockerPolicy Version="1" />')
In addition to loading an existing AppLocker Policy, policies created using the relevant Conditions, Rules and Rule Collections can be dumped to an XML file using the applocker.dump function.
with open('example.xml', 'w') as file:
applocker.dump(policy, file)
Or, an XML string using the applocker.dumps function.
applocker.dumps(policy)
FilePublisherRule
To create a file publisher AppLocker rule to allow or deny digitally signed files, a applocker.conditions.FilePublisherCondition must be created optionally specifying a applocker.conditions.BinaryVersionRange.
This condition can then be used to create a applocker.rules.FilePublisherRule.
from applocker.conditions import BinaryVersionRange, FilePublisherCondition
from applocker.rules import FilePublisherRule
binary_version_range = BinaryVersionRange(low_section='10.0.19041.1', high_section='10.0.19041.1')
condition = FilePublisherCondition(
publisher_name='O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US',
product_name='MICROSOFT® WINDOWS® OPERATING SYSTEM',
binary_name='CMD.EXE',
binary_version_range=binary_version_range
)
rule = FilePublisherRule(
id='00000000-0000-0000-0000-000000000000',
name='Deny everyone execution of cmd.exe',
description='',
user_or_group_sid='S-1-1-0',
action='Deny',
conditions=[
condition
]
)
FilePathRule
To create a file path AppLocker rule to allow or deny files based upon their path, a applocker.conditions.FilePathCondition condition must be created.
This condition can then be used to create a applocker.rules.FilePathRule.
from applocker.conditions import FilePathCondition
from applocker.rules import FilePathRule
condition = FilePathCondition(path='C:\Windows\System32\cmd.exe')
rule = FilePathRule(
id='00000000-0000-0000-0000-000000000000',
name='Deny everyone execution of cmd.exe',
description='',
user_or_group_sid='S-1-1-0',
action='Deny',
conditions=[
condition
]
)
FileHashRule
To create a file hash AppLocker rule to allow or deny files based upon their hash, one or more applocker.conditions.FileHash objects and a applocker.conditions.FileHashCondition condition must be created.
This condition can then be used to create a applocker.rules.FileHashRule.
from applocker.conditions import FileHash, FileHashCondition
from applocker.rules import FileHashRule
hash = FileHash(
type='SHA256',
data='0x9BB897814C6E1A2A2701D2ADB59AAC2BCACB9CF265DDF3F61B9056EA6FFE04C7',
source_file_name='cmd.exe',
source_file_length='289792'
)
condition = FileHashCondition(file_hashes=[hash])
rule = FileHashRule(
id='00000000-0000-0000-0000-000000000000',
name='Deny everyone execution of cmd.exe',
description='',
user_or_group_sid='S-1-1-0',
action='Deny',
conditions=[
condition
]
)
RuleCollection
To create a rule collection one or more rules must be created as described above.
These rules can then be used to create a applocker.rules.RuleCollection.
from applocker.rules import RuleCollection
rule_collection = RuleCollection(
type='Exe',
enforcement_mode='Enforcing',
rules=[
rule
]
)
AppLockerPolicy
To create an AppLocker Policy one or more rule collections must be created as described above.
These rule collections can then be used to create an applocker.policy.AppLockerPolicy.
from applocker.policy import AppLockerPolicy
policy = AppLockerPolicy(
version='1',
rule_collections=[
rule_collection
]
)
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file applocker-1.1.2.tar.gz.
File metadata
- Download URL: applocker-1.1.2.tar.gz
- Upload date:
- Size: 11.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.6.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
2976a71ff5d045f0a08e21d0b831c9d2246dd2b607d793513e7bcd24631706ce
|
|
| MD5 |
e65888c2e2a60e3634fce78e0a8df4b5
|
|
| BLAKE2b-256 |
cba0143ae46599eec78308082ae0583f03c1cba7581bd51654c31a722efbf278
|
File details
Details for the file applocker-1.1.2-py3-none-any.whl.
File metadata
- Download URL: applocker-1.1.2-py3-none-any.whl
- Upload date:
- Size: 10.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.6.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
12ea8f5076ac4799aba54cf114a71b0df8c5507b1df6aae31ab90d7af1e5c2c4
|
|
| MD5 |
ecedd3357f904bce03e348d31b727eae
|
|
| BLAKE2b-256 |
65fca85cced1d6273ad899597baedbad4bae21fa6f77512af18fce6956d98525
|
