Skip to main content

A simple script to visualize and find bypasses in RES Workspace Manager application restrictions

Project description

RES Workspace Manager application security rule analyzer

Description

A simple script to visualize and find bypasses in RES Workspace Manager application restrictions

Features

  • Finding possible paths to reach a targeted resource such as an executable program
  • Visually displaying rules as an oriented graph

Options

$ python reswmsecanalyzer.py -h
Usage: reswmsecanalyzer.py [options]
Version: 1.0

Options:
  -h, --help            show this help message and exit

  Main parameters:
    -i INPUT_FILE, --input-file=INPUT_FILE
                        sec_globauth.xml file containing the security rules
    -t TARGET, --target=TARGET
                        Program or file name you want to reach, globbing
                        format accepted (Ex: cmd.exe, *cmd*)

  Optional parameters:
    -g, --graph         Draw and show the graph with matplot
    -o OUTPUT_GRAPH, --output-graph=OUTPUT_GRAPH
                        Filename to save the png graph (Ex. -o test.png)

Prerequisites

On a protected environment (physical/logical/virtualized workstation):

  • The whole configuration is stored in this directory
    C:\Program Files (x86)\RES Software\Workspace Manager\Data\DBCache\Objects\
  • The application security rules are stored in this file
    C:\Program Files (x86)\RES Software\Workspace Manager\Data\DBCache\Objects\sec_globauth.xml
  • Workspace access control (if implemented) is defined in the following file
    C:\Program Files (x86)\RES Software\Workspace Manager\Data\DBCache\Objects\workspaces.xml

Examples

  • Some example rules and their associated graphs are provided in the reswmsecanalyzer/examples folder. For each example, a pretty-print version _prettyprint.xml is also included
  • For the reswmsecanalyzer/examples/multiple-rules:
    • The policy defined in the RES Console looks like:
    • Searching a path to cmd gives that:
    $ python reswmsecanalyzer.py -i examples/multiple-rules/sec_globauth.xml -t cmd -g
    [+] Number of enabled rules: 4
    [+] Possible path to 'cmd.exe': ['.', 'calc.exe', 'cmd.exe']
    [+] Possible path to 'cmd.exe': ['.', 'notepad.exe', 'cmd.exe']
    

Dependencies and installation

  • The easiest way: pip install reswmsecanalyzer
  • Or pip install -r requirements.txt
  • Or installing manually each dependency:
    • Python NetworkX: apt-get install python-networkx or pip install networkx
    • Python Matplotlib: apt-get install python-matplotlib or pip install matplotlib

Roadmap

  • Improve the possible path output description
  • Add csv output
  • Take into account edge constraints such as workspace access control
  • Use some dynamic representation, like D3JS

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

reswmsecanalyzer-1.1.tar.gz (65.9 kB view details)

Uploaded Source

File details

Details for the file reswmsecanalyzer-1.1.tar.gz.

File metadata

  • Download URL: reswmsecanalyzer-1.1.tar.gz
  • Upload date:
  • Size: 65.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/1.11.0 pkginfo/1.4.2 requests/2.19.1 setuptools/40.0.0 requests-toolbelt/0.8.0 tqdm/4.24.0 CPython/2.7.15

File hashes

Hashes for reswmsecanalyzer-1.1.tar.gz
Algorithm Hash digest
SHA256 130d1d20476b2ca809a5cacd363160784e5a02210d3fc0bfbc40fbc1f57c4600
MD5 28d9e5412f528ea151d457bee1d9a2f2
BLAKE2b-256 11e86dc00724e98468c6c86ea8db13c3cdad7ccfcc50fc9c7bd09a27fce4e714

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page