Skip to main content

A simple script to visualize and find bypasses in RES Workspace Manager application restrictions

Project description

RES Workspace Manager application security rule analyzer

Description

A simple script to visualize and find bypasses in RES Workspace Manager application restrictions

Features

  • Finding possible paths to reach a targeted resource such as an executable program
  • Visually displaying rules as an oriented graph

Options

$ python reswmsecanalyzer.py -h
Usage: reswmsecanalyzer.py [options]
Version: 1.0

Options:
  -h, --help            show this help message and exit

  Main parameters:
    -i INPUT_FILE, --input-file=INPUT_FILE
                        sec_globauth.xml file containing the security rules
    -t TARGET, --target=TARGET
                        Program or file name you want to reach, globbing
                        format accepted (Ex: cmd.exe, *cmd*)

  Optional parameters:
    -g, --graph         Draw and show the graph with matplot
    -o OUTPUT_GRAPH, --output-graph=OUTPUT_GRAPH
                        Filename to save the png graph (Ex. -o test.png)

Prerequisites

On a protected environment (physical/logical/virtualized workstation):

  • The whole configuration is stored in this directory
    C:\Program Files (x86)\RES Software\Workspace Manager\Data\DBCache\Objects\
  • The application security rules are stored in this file
    C:\Program Files (x86)\RES Software\Workspace Manager\Data\DBCache\Objects\sec_globauth.xml
  • Workspace access control (if implemented) is defined in the following file
    C:\Program Files (x86)\RES Software\Workspace Manager\Data\DBCache\Objects\workspaces.xml

Examples

  • Some example rules and their associated graphs are provided in the reswmsecanalyzer/examples folder. For each example, a pretty-print version _prettyprint.xml is also included
  • For the reswmsecanalyzer/examples/multiple-rules:
    • The policy defined in the RES Console looks like:
    • Searching a path to cmd gives that:
    $ python reswmsecanalyzer.py -i examples/multiple-rules/sec_globauth.xml -t cmd -g
    [+] Number of enabled rules: 4
    [+] Possible path to 'cmd.exe': ['.', 'calc.exe', 'cmd.exe']
    [+] Possible path to 'cmd.exe': ['.', 'notepad.exe', 'cmd.exe']
    

Dependencies and installation

  • The easiest way: pip install reswmsecanalyzer
  • Or pip install -r requirements.txt
  • Or installing manually each dependency:
    • Python NetworkX: apt-get install python-networkx or pip install networkx
    • Python Matplotlib: apt-get install python-matplotlib or pip install matplotlib

Roadmap

  • Improve the possible path output description
  • Add csv output
  • Take into account edge constraints such as workspace access control
  • Use some dynamic representation, like D3JS

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

reswmsecanalyzer-1.1.tar.gz (65.9 kB view hashes)

Uploaded Source

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page