rusthound-ce 2.4.7

Active Directory data collector for Bloodhound Community Edition written in rust.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121

use std::collections::HashMap;
use std::error::Error;

use log::{info,debug};
use crate::args::Options;
use crate::enums::{ldaptype::*, templates_enabled_change_displayname_to_sid};
use crate::objects::{
    user::User,
    computer::Computer,
    group::Group,
    ou::Ou,
    container::Container,
    gpo::Gpo,
    domain::Domain,
    fsp::Fsp,
    trust::Trust,
    ntauthstore::NtAuthStore,
    aiaca::AIACA,
    rootca::RootCA,
    enterpriseca::EnterpriseCA,
    certtemplate::CertTemplate,
    inssuancepolicie::IssuancePolicie,
};
pub mod common;

/// Functions to replace and add missing values
pub fn check_all_result(
    common_args:             &Options,
    vec_users:               &mut Vec<User>,
    vec_groups:              &mut Vec<Group>,
    vec_computers:           &mut [Computer],
    vec_ous:                 &mut [Ou],
    vec_domains:             &mut Vec<Domain>,
    vec_gpos:                &mut [Gpo],
    _vec_fsps:               &mut [Fsp],
    vec_containers:          &mut [Container],
    vec_trusts:              &mut [Trust],
    vec_ntauthstores:        &mut [NtAuthStore],
    vec_aiacas:              &mut [AIACA],
    vec_rootcas:             &mut [RootCA],
    vec_enterprisecas:       &mut [EnterpriseCA],
    vec_certtemplates:       &mut [CertTemplate],
    vec_issuancepolicies:    &mut [IssuancePolicie],
    dn_sid:                  &HashMap<String, String>,
    sid_type:                &HashMap<String, String>,
    fqdn_sid:                &HashMap<String, String>,
    _fqdn_ip:                &HashMap<String, String>,
) -> Result<(), Box<dyn Error>> {
    let domain = &common_args.domain;
    info!("Starting checker to replace some values...");
    
    debug!("Replace SID with checker.rs started");
    common::replace_fqdn_by_sid(Type::User, vec_users, fqdn_sid)?;
    common::replace_fqdn_by_sid(Type::Computer, vec_computers, fqdn_sid)?;
    templates_enabled_change_displayname_to_sid(vec_certtemplates, vec_enterprisecas)?;
    common::replace_sid_members(vec_groups, dn_sid, sid_type, vec_trusts)?;
    debug!("Replace SID finished!");

    debug!("Adding defaults groups and default users");
    common::add_default_groups(vec_groups, &vec_computers, domain.to_owned())?;
    common::add_default_users(vec_users, domain.to_owned())?;
    debug!("Defaults groups and default users added!");

    debug!("Adding PrincipalType for ACEs started");
    common::add_type_for_ace(vec_users, sid_type)?;
    common::add_type_for_ace(vec_groups, sid_type)?;
    common::add_type_for_ace(vec_computers, sid_type)?;
    common::add_type_for_ace(vec_gpos, sid_type)?;
    common::add_type_for_ace(vec_ous, sid_type)?;
    common::add_type_for_ace(vec_domains, sid_type)?;
    common::add_type_for_ace(vec_containers, sid_type)?;
    common::add_type_for_ace(vec_ntauthstores, sid_type)?;
    common::add_type_for_ace(vec_aiacas, sid_type)?;
    common::add_type_for_ace(vec_rootcas, sid_type)?;
    common::add_type_for_ace(vec_enterprisecas, sid_type)?;
    common::add_type_for_ace(vec_certtemplates, sid_type)?;
    common::add_type_for_ace(vec_issuancepolicies, sid_type)?;

    common::add_type_for_allowtedtoact(vec_computers, sid_type)?;
    debug!("PrincipalType for ACEs added!");

    debug!("Adding ChildObject members started");
    common::add_childobjects_members(vec_ous, dn_sid, sid_type)?;
    common::add_childobjects_members(vec_domains, dn_sid, sid_type)?;
    common::add_childobjects_members(vec_containers, dn_sid, sid_type)?;
    debug!("ChildObject members added!");

    debug!("Adding ContainedBy value started");
    common::add_contained_by_for(vec_users, dn_sid, sid_type)?;
    common::add_contained_by_for(vec_groups, dn_sid, sid_type)?;
    common::add_contained_by_for(vec_computers, dn_sid, sid_type)?;
    common::add_contained_by_for(vec_gpos, dn_sid, sid_type)?;
    common::add_contained_by_for(vec_ous, dn_sid, sid_type)?;
    common::add_contained_by_for(vec_containers, dn_sid, sid_type)?;
    common::add_contained_by_for(vec_ntauthstores, dn_sid, sid_type)?;
    common::add_contained_by_for(vec_aiacas, dn_sid, sid_type)?;
    common::add_contained_by_for(vec_rootcas, dn_sid, sid_type)?;
    common::add_contained_by_for(vec_enterprisecas, dn_sid, sid_type)?;
    common::add_contained_by_for(vec_certtemplates, dn_sid, sid_type)?;
    common::add_contained_by_for(vec_issuancepolicies, dn_sid, sid_type)?;

    debug!("ContainedBy value added!");

    debug!("Adding affected computers in GpoChanges");
    common::add_affected_computers(vec_domains, sid_type)?;
    common::add_affected_computers_for_ou(vec_ous, dn_sid, sid_type)?;
    debug!("Affected computers in GpoChanges added!");

    debug!("Replacing guid for gplinks started");
    common::replace_guid_gplink(vec_ous, dn_sid)?;
    common::replace_guid_gplink(vec_domains, dn_sid)?;
    debug!("guid for gplinks added!");

    if !vec_trusts.is_empty() {
        debug!("Adding trust domain relation");
        common::add_trustdomain(vec_domains, vec_trusts)?;
        debug!("Trust domain relation added!");
    }
    info!("Checking and replacing some values finished!");
    Ok(())
}