Skip to main content
Donate to the Python Software Foundation or Purchase a PyCharm License to Benefit the PSF! Donate Now

A simple script to visualize and find bypasses in RES Workspace Manager application restrictions

Project description

RES Workspace Manager application security rule analyzer

Description

A simple script to visualize and find bypasses in RES Workspace Manager application restrictions

Features

  • Finding possible paths to reach a targeted resource such as an executable program
  • Visually displaying rules as an oriented graph

Options

$ python reswmsecanalyzer.py -h
Usage: reswmsecanalyzer.py [options]
Version: 1.0

Options:
  -h, --help            show this help message and exit

  Main parameters:
    -i INPUT_FILE, --input-file=INPUT_FILE
                        sec_globauth.xml file containing the security rules
    -t TARGET, --target=TARGET
                        Program or file name you want to reach, globbing
                        format accepted (Ex: cmd.exe, *cmd*)

  Optional parameters:
    -g, --graph         Draw and show the graph with matplot
    -o OUTPUT_GRAPH, --output-graph=OUTPUT_GRAPH
                        Filename to save the png graph (Ex. -o test.png)

Prerequisites

On a protected environment (physical/logical/virtualized workstation):

  • The whole configuration is stored in this directory
    C:\Program Files (x86)\RES Software\Workspace Manager\Data\DBCache\Objects\
  • The application security rules are stored in this file
    C:\Program Files (x86)\RES Software\Workspace Manager\Data\DBCache\Objects\sec_globauth.xml
  • Workspace access control (if implemented) is defined in the following file
    C:\Program Files (x86)\RES Software\Workspace Manager\Data\DBCache\Objects\workspaces.xml

Examples

  • Some example rules and their associated graphs are provided in the reswmsecanalyzer/examples folder. For each example, a pretty-print version _prettyprint.xml is also included
  • For the reswmsecanalyzer/examples/multiple-rules:
    • The policy defined in the RES Console looks like:
    • Searching a path to cmd gives that:
    $ python reswmsecanalyzer.py -i examples/multiple-rules/sec_globauth.xml -t cmd -g
    [+] Number of enabled rules: 4
    [+] Possible path to 'cmd.exe': ['.', 'calc.exe', 'cmd.exe']
    [+] Possible path to 'cmd.exe': ['.', 'notepad.exe', 'cmd.exe']
    

Dependencies and installation

  • The easiest way: pip install reswmsecanalyzer
  • Or pip install -r requirements.txt
  • Or installing manually each dependency:
    • Python NetworkX: apt-get install python-networkx or pip install networkx
    • Python Matplotlib: apt-get install python-matplotlib or pip install matplotlib

Roadmap

  • Improve the possible path output description
  • Add csv output
  • Take into account edge constraints such as workspace access control
  • Use some dynamic representation, like D3JS

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Filename, size & hash SHA256 hash help File type Python version Upload date
reswmsecanalyzer-1.1.tar.gz (65.9 kB) Copy SHA256 hash SHA256 Source None

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN SignalFx SignalFx Supporter DigiCert DigiCert EV certificate StatusPage StatusPage Status page