Merge branch 'main' into presence

Author: NeffIsBack

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,24 +1,20 @@
 ## Description
 
 Please include a summary of the change and which issue is fixed, or what the enhancement does.
-Please also include relevant motivation and context.
 List any dependencies that are required for this change.
 
 ## Type of change
-Please delete options that are not relevant.
 - [ ] Bug fix (non-breaking change which fixes an issue)
 - [ ] New feature (non-breaking change which adds functionality)
 - [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
 - [ ] This change requires a documentation update
 - [ ] This requires a third party update (such as Impacket, Dploot, lsassy, etc)
 
-## How Has This Been Tested?
-Please describe the tests that you ran to verify your changes (e2e, single commands, etc)
-Please also list any relevant details for your test configuration, such as your locally running machine Python version & OS, as well as the target(s) you tested against, including software versions
-
-If you are using poetry, you can easily run tests via:
-`poetry run python tests/e2e_tests.py -t $TARGET -u $USER -p $PASSWORD`
-There are additional options like `--errors` to display ALL errors (some may not be failures), `--poetry` (output will include the poetry run prepended), `--line-num $START-$END $SINGLE` for only running a subset
+## Setup guide for the review
+Please provide guidance on what setup is needed to test the introduced changes, such as your locally running machine Python version & OS, as well as the target(s) you tested against, including software versions.
+In particular:
+- Bug Fix: Please provide a short description on how to trigger the bug, to make the bug reproducable for the reviewer.
+- Added Feature/Enhancement: Please specify what setup is needed in order to test the changes. E.g. is additional software needed? GPO changes required? Specific registry settings that need to be changed?
 
 ## Screenshots (if appropriate):
 Screenshots are always nice to have and can give a visual representation of the change.
@@ -29,8 +25,7 @@ If appropriate include before and after screenshot(s) to show which results are
 - [ ] I have ran Ruff against my changes (via poetry: `poetry run python -m ruff check . --preview`, use `--fix` to automatically fix what it can)
 - [ ] I have added or updated the tests/e2e_commands.txt file if necessary
 - [ ] New and existing e2e tests pass locally with my changes
-- [ ] My code follows the style guidelines of this project (should be covered by Ruff above)
-- [ ] If reliant on third party dependencies, such as Impacket, dploot, lsassy, etc, I have linked the relevant PRs in those projects
+- [ ] If reliant on changes of third party dependencies, such as Impacket, dploot, lsassy, etc, I have linked the relevant PRs in those projects
 - [ ] I have performed a self-review of my own code
 - [ ] I have commented my code, particularly in hard-to-understand areas
 - [ ] I have made corresponding changes to the documentation (PR here: https://github.com/Pennyw0rth/NetExec-Wiki)

nxc/config.py

@@ -18,6 +18,11 @@
 
 # Check if there are any missing options in the config file
 for section in nxc_default_config.sections():
+    if not nxc_config.has_section(section):
+        nxc_logger.display(f"Adding missing section '{section}' to nxc.conf")
+        nxc_config.add_section(section)
+        with open(path_join(NXC_PATH, "nxc.conf"), "w") as config_file:
+            nxc_config.write(config_file)
     for option in nxc_default_config.options(section):
         if not nxc_config.has_option(section, option):
             nxc_logger.display(f"Adding missing option '{option}' in config section '{section}' to nxc.conf")

nxc/connection.py

@@ -275,7 +275,7 @@ def call_modules(self):
                 extra={
                     "module_name": module.name.upper(),
                     "host": self.host,
-                    "port": self.args.port,
+                    "port": self.port,
                     "hostname": self.hostname,
                 },
             )
@@ -293,8 +293,7 @@ def call_modules(self):
                 module.on_admin_login(context, self)
 
     def inc_failed_login(self, username):
-        global global_failed_logins
-        global user_failed_logins
+        global global_failed_logins, user_failed_logins
 
         if username not in user_failed_logins:
             user_failed_logins[username] = 0
@@ -304,16 +303,15 @@ def inc_failed_login(self, username):
         self.failed_logins += 1
 
     def over_fail_limit(self, username):
-        global global_failed_logins
-        global user_failed_logins
+        global global_failed_logins, user_failed_logins
 
         if global_failed_logins == self.args.gfail_limit:
             return True
 
         if self.failed_logins == self.args.fail_limit:
             return True
 
-        if username in user_failed_logins and self.args.ufail_limit == user_failed_logins[username]:
+        if username in user_failed_logins and self.args.ufail_limit == user_failed_logins[username]:  # noqa: SIM103
             return True
 
         return False

nxc/data/nxc.conf

@@ -15,6 +15,9 @@ bh_port = 7687
 bh_user = neo4j
 bh_pass = bloodhoundcommunityedition
 
+[BloodHound-CE]
+bhce_enabled = True
+
 [Empire]
 api_host = 127.0.0.1
 api_port = 1337

nxc/database.py

@@ -111,6 +111,7 @@ def initialize_db():
     # Even if the default workspace exists, we still need to check if every protocol has a database (in case of a new protocol)
     init_protocol_dbs("default")
 
+
 def format_host_query(q, filter_term, HostsTable):
     """One annoying thing is that if you search for an ip such as '10.10.10.5',
     it will return 10.10.10.5 and 10.10.10.52, so we have to check if its an ip address first
@@ -141,6 +142,7 @@ def format_host_query(q, filter_term, HostsTable):
 
     return q
 
+
 class BaseDB:
     def __init__(self, db_engine):
         self.db_engine = db_engine

nxc/helpers/args.py

@@ -1,6 +1,7 @@
 from argparse import ArgumentDefaultsHelpFormatter, SUPPRESS, OPTIONAL, ZERO_OR_MORE
 from argparse import Action
 
+
 class DisplayDefaultsNotNone(ArgumentDefaultsHelpFormatter):
     def _get_help_string(self, action):
         help_string = action.help

nxc/helpers/even6_parser.py

@@ -5,6 +5,7 @@
 
 from datetime import datetime
 
+
 class Substitution:
     def __init__(self, buf, offset):
         (sub_token, sub_id, sub_type) = struct.unpack_from("<BHB", buf, offset)
@@ -46,6 +47,7 @@ def xml(self, template=None):
         else:
             print("Unknown value type", hex(value.type))
 
+
 class Value:
     def __init__(self, buf, offset):
         token, string_type, length = struct.unpack_from("<BBH", buf, offset)
@@ -56,6 +58,7 @@ def __init__(self, buf, offset):
     def xml(self, template=None):
         return self._val
 
+
 class Attribute:
     def __init__(self, buf, offset):
         struct.unpack_from("<B", buf, offset)
@@ -75,13 +78,15 @@ def xml(self, template=None):
         val = self._value.xml(template)
         return None if val is None else f'{self._name.val}="{val}"'
 
+
 class Name:
     def __init__(self, buf, offset):
         hashs, length = struct.unpack_from("<HH", buf, offset)
 
         self.val = buf[offset + 4:offset + 4 + length * 2].decode("utf16")
         self.length = 4 + (length + 1) * 2
 
+
 class Element:
     def __init__(self, buf, offset):
         token, dependency_id, length = struct.unpack_from("<BHI", buf, offset)
@@ -151,6 +156,7 @@ def xml(self, template=None):
             children = (x.xml(template) for x in self._children)
             return "<{}{}>{}</{}>".format(self._name.val, attrs, "".join(children), self._name.val)
 
+
 class ValueSpec:
     def __init__(self, buf, offset, value_offset):
         self.length, self.type, value_eof = struct.unpack_from("<HBB", buf, offset)
@@ -159,6 +165,7 @@ def __init__(self, buf, offset, value_offset):
         if self.type == 0x21:
             self.template = BinXML(buf, value_offset)
 
+
 class TemplateInstance:
     def __init__(self, buf, offset):
         token, unknown0, guid, length, next_token = struct.unpack_from("<BB16sIB", buf, offset)
@@ -179,6 +186,7 @@ def __init__(self, buf, offset):
     def xml(self, template=None):
         return self._xml.xml(self)
 
+
 class BinXML:
     def __init__(self, buf, offset):
         header_token, major_version, minor_version, flags, next_token = struct.unpack_from("<BBBBB", buf, offset)
@@ -195,6 +203,7 @@ def __init__(self, buf, offset):
     def xml(self, template=None):
         return self._element.xml(template)
 
+
 class ResultSet:
     def __init__(self, buf):
         total_size, header_size, event_offset, bookmark_offset, binxml_size = struct.unpack_from("<IIIII", buf)

nxc/helpers/misc.py

@@ -4,6 +4,8 @@
 import inspect
 import os
 
+from ipaddress import ip_address
+
 
 def identify_target_file(target_file):
     with open(target_file) as target_file_handle:
@@ -22,7 +24,7 @@ def gen_random_string(length=10):
 
 
 def validate_ntlm(data):
-    allowed = re.compile("^[0-9a-f]{32}", re.IGNORECASE)
+    allowed = re.compile(r"^[0-9a-f]{32}", re.IGNORECASE)
     return bool(allowed.match(data))
 
 
@@ -40,7 +42,7 @@ def called_from_cmd_args():
 # Stolen from https://github.com/pydanny/whichcraft/
 def which(cmd, mode=os.F_OK | os.X_OK, path=None):
     """Find the path which conforms to the given mode on the PATH for a command.
-    
+
     Given a command, mode, and a PATH string, return the path which conforms to the given mode on the PATH, or None if there is no such file.
     `mode` defaults to os.F_OK | os.X_OK. `path` defaults to the result of os.environ.get("PATH"), or can be overridden with a custom search path.
     Note: This function was backported from the Python 3 source code.
@@ -77,3 +79,70 @@ def _access_check(fn, mode):
                 name = os.path.join(p, thefile)
                 if _access_check(name, mode):
                     return name
+
+
+def get_bloodhound_info():
+    """
+    Detect which BloodHound package is installed (regular or CE) and its version.
+
+    Returns
+    -------
+        tuple: (package_name, version, is_ce)
+            - package_name: Name of the installed package ('bloodhound', 'bloodhound-ce', or None)
+            - version: Version string of the installed package (or None if not installed)
+            - is_ce: Boolean indicating if it's the Community Edition
+    """
+    import importlib.metadata
+    import importlib.util
+
+    # First check if any BloodHound package is available to import
+    if importlib.util.find_spec("bloodhound") is None:
+        return None, None, False
+
+    # Try to get version info from both possible packages
+    version = None
+    package_name = None
+    is_ce = False
+
+    # Check for bloodhound-ce first
+    try:
+        version = importlib.metadata.version("bloodhound-ce")
+        package_name = "bloodhound-ce"
+        is_ce = True
+    except importlib.metadata.PackageNotFoundError:
+        # Check for regular bloodhound
+        try:
+            version = importlib.metadata.version("bloodhound")
+            package_name = "bloodhound"
+
+            # Even when installed as 'bloodhound', check if it's actually the CE version
+            if version and ("ce" in version.lower() or "community" in version.lower()):
+                is_ce = True
+        except importlib.metadata.PackageNotFoundError:
+            # No bloodhound package found via metadata
+            pass
+
+    # In case we can import it but metadata is not working, check the module itself
+    if not version:
+        try:
+            import bloodhound
+            version = getattr(bloodhound, "__version__", "unknown")
+            package_name = "bloodhound"
+
+            # Check if it's CE based on version string
+            if "ce" in version.lower() or "community" in version.lower():
+                is_ce = True
+                package_name = "bloodhound-ce"
+        except ImportError:
+            pass
+
+    return package_name, version, is_ce
+
+
+def detect_if_ip(target):
+    try:
+        ip_address(target)
+        return True
+    except Exception:
+        return False
+