SCCM Indexing and Filelib Hash Resolution#181
Closed
ZephrFish wants to merge 446 commits intoSnaffCon:masterfrom
Closed
SCCM Indexing and Filelib Hash Resolution#181ZephrFish wants to merge 446 commits intoSnaffCon:masterfrom
ZephrFish wants to merge 446 commits intoSnaffCon:masterfrom
Conversation
fixed up some noisy rules, made Main() public so can load with ps ref…
Fixed false positives stemming from 'net user?' regex
Fixed horrible false-pos rule in ruby code.
…his code because I'm bad at git. Sorry mate.
…nd is accurate and distinguishes between write and modify!
Updated -n flag to take an input file allowing for parsing list of target hosts
Additional detection of unquoted credentials which are used with for example the parameter -password
Changing the rule identifying client secrets to identify unquoted secrets as well.
Change an existing rule to find more candy.
Additional regex in KeepPassOrKeyInCode.toml
…get IPs Reference: SnaffCon#161
Fix: Resolve "Error building UltraSnaffler SnaffCon#157"
…rgetIPList Add ReverseDNSLookup in SnaffCon.cs to fix SnaffCon#161 for named target IPs
added .ucs file extension for F5 appliance backups, cheers plugger!
Update KeepInfraAsCodeConfigByExtension.toml
Impersonation support
… an FQDN instead of an IP
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Fix for passing target Domain without target DC or DC as FQDN instead of IP - also made -i accept comma separated list
ZephrFish
changed the title
Contributor
Author
|
Have pushed changes to fix auto checks with CI build :) |
Add SCCM integration with automatic discovery and content library resolution: - Implement SCCM share discovery (SCCMContentLib$, SCCM$, etc.) - Add content library file hash resolution using DataLib index - Support for INI-based content hash lookups and file mapping - LRU cache for efficient repeated hash resolutions - Detection rules for SCCM deployment packages and content files - Hash resolution logic borrowed from CMLoot for accurate file identification New components: - SCCMDiscovery.cs: Automatic SCCM share enumeration - SCCMContentLibResolver.cs: Content library hash resolution - SCCMFileMapping.cs: File path to content hash mapping - LRUCache.cs: Caching layer for performance - KeepSCCMContentFiles.toml: Detection rule for SCCM content Integration points: - ShareFinder: SCCM share detection and prioritization - TreeWalker: SCCM-aware file enumeration - FileClassifier: SCCM content identification .NET Framework updates: - Update TargetFrameworkVersion from v4.5.1 to v4.8 to match SnaffCore.csproj - Resolves CI build compatibility issues
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
16 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Needs more testing in broader environments HOWEVER this is working in my home lab with 8 machines
Add SCCM integration with automatic discovery and content library resolution:
New components:
Integration points: