GitLocker: The Coding Marketplace

Description:

reswmsecanalyzer 1.1

RES Workspace Manager application security rule analyzer
Description
A simple script to visualize and find bypasses in RES Workspace Manager application restrictions
Features

Finding possible paths to reach a targeted resource such as an executable program
Visually displaying rules as an oriented graph

Options
$ python reswmsecanalyzer.py -h
Usage: reswmsecanalyzer.py [options]
Version: 1.0

Options:
-h, --help show this help message and exit

Main parameters:
-i INPUT_FILE, --input-file=INPUT_FILE
sec_globauth.xml file containing the security rules
-t TARGET, --target=TARGET
Program or file name you want to reach, globbing
format accepted (Ex: cmd.exe, *cmd*)

Optional parameters:
-g, --graph Draw and show the graph with matplot
-o OUTPUT_GRAPH, --output-graph=OUTPUT_GRAPH
Filename to save the png graph (Ex. -o test.png)

Prerequisites
On a protected environment (physical/logical/virtualized workstation):

The whole configuration is stored in this directory
C:\Program Files (x86)\RES Software\Workspace Manager\Data\DBCache\Objects\
The application security rules are stored in this file
C:\Program Files (x86)\RES Software\Workspace Manager\Data\DBCache\Objects\sec_globauth.xml
Workspace access control (if implemented) is defined in the following file
C:\Program Files (x86)\RES Software\Workspace Manager\Data\DBCache\Objects\workspaces.xml

Examples

Some example rules and their associated graphs are provided in the reswmsecanalyzer/examples folder. For each example, a pretty-print version _prettyprint.xml is also included
For the reswmsecanalyzer/examples/multiple-rules:

The policy defined in the RES Console looks like:

Searching a path to cmd gives that:

$ python reswmsecanalyzer.py -i examples/multiple-rules/sec_globauth.xml -t cmd -g
[+] Number of enabled rules: 4
[+] Possible path to 'cmd.exe': ['.', 'calc.exe', 'cmd.exe']
[+] Possible path to 'cmd.exe': ['.', 'notepad.exe', 'cmd.exe']

Dependencies and installation

The easiest way: pip install reswmsecanalyzer
Or pip install -r requirements.txt
Or installing manually each dependency:

Python NetworkX: apt-get install python-networkx or pip install networkx
Python Matplotlib: apt-get install python-matplotlib or pip install matplotlib

Roadmap

Improve the possible path output description
Add csv output
Take into account edge constraints such as workspace access control
Use some dynamic representation, like D3JS