rusthound_ce/json/parser/
mod.rs1use std::collections::HashMap;
2use std::error::Error;
3use ldap3::SearchEntry;
4use indicatif::ProgressBar;
5use crate::objects::common::parse_unknown;
6use crate::objects::{
7 user::User,
8 computer::Computer,
9 group::Group,
10 ou::Ou,
11 container::Container,
12 gpo::Gpo,
13 domain::Domain,
14 fsp::Fsp,
15 trust::Trust,
16 ntauthstore::NtAuthStore,
17 aiaca::AIACA,
18 rootca::RootCA,
19 enterpriseca::EnterpriseCA,
20 certtemplate::CertTemplate,
21 inssuancepolicie::IssuancePolicie,
22};
23use std::convert::TryInto;
24
25use log::info;
26use crate::args::Options;
27use crate::banner::progress_bar;
28use crate::enums::ldaptype::*;
29use crate::enums::regex::{PARSER_MOD_RE1,PARSER_MOD_RE2};
30
31pub fn parse_result_type(
35 common_args: &Options,
36 result: Vec<SearchEntry>,
37 vec_users: &mut Vec<User>,
38 vec_groups: &mut Vec<Group>,
39 vec_computers: &mut Vec<Computer>,
40 vec_ous: &mut Vec<Ou>,
41 vec_domains: &mut Vec<Domain>,
42 vec_gpos: &mut Vec<Gpo>,
43 vec_fsps: &mut Vec<Fsp>,
44 vec_containers: &mut Vec<Container>,
45 vec_trusts: &mut Vec<Trust>,
46 vec_ntauthstore: &mut Vec<NtAuthStore>,
47 vec_aiacas: &mut Vec<AIACA>,
48 vec_rootcas: &mut Vec<RootCA>,
49 vec_enterprisecas: &mut Vec<EnterpriseCA>,
50 vec_certtemplates: &mut Vec<CertTemplate>,
51 vec_issuancepolicies: &mut Vec<IssuancePolicie>,
52
53 dn_sid: &mut HashMap<String, String>,
54 sid_type: &mut HashMap<String, String>,
55 fqdn_sid: &mut HashMap<String, String>,
56 fqdn_ip: &mut HashMap<String, String>,
57 ) -> Result<(), Box<dyn Error>> {
59 let domain = &common_args.domain;
61
62 let pb = ProgressBar::new(1);
64 let mut count = 0;
65 let total = result.len();
66 let mut domain_sid: String = "DOMAIN_SID".to_owned();
67
68 info!("Starting the LDAP objects parsing...");
69 for entry in result {
70 let cloneresult = entry.clone();
72 let atype = get_type(entry).unwrap_or(Type::Unknown);
74 match atype {
75 Type::User => {
76 let mut user: User = User::new();
77 user.parse(
78 cloneresult,
79 domain,
80 dn_sid,
81 sid_type,
82 &domain_sid
83 )?;
84 vec_users.push(user);
85 }
86 Type::Group => {
87 let mut group = Group::new();
88 group.parse(
89 cloneresult,
90 domain,
91 dn_sid,
92 sid_type,
93 &domain_sid
94 )?;
95 vec_groups.push(group);
96 }
97 Type::Computer => {
98 let mut computer = Computer::new();
99 computer.parse(
100 cloneresult,
101 domain,
102 dn_sid,
103 sid_type,
104 fqdn_sid,
105 fqdn_ip,
106 &domain_sid
107 )?;
108 vec_computers.push(computer);
109 }
110 Type::Ou => {
111 let mut ou = Ou::new();
112 ou.parse(
113 cloneresult,
114 domain,
115 dn_sid,
116 sid_type,
117 &domain_sid
118 )?;
119 vec_ous.push(ou);
120 }
121 Type::Domain => {
122 let mut domain_object = Domain::new();
123 let domain_sid_from_domain = domain_object.parse(
124 cloneresult,
125 domain,
126 dn_sid,
127 sid_type,
128 )?;
129 domain_sid = domain_sid_from_domain;
130 vec_domains.push(domain_object);
131 }
132 Type::Gpo => {
133 let mut gpo = Gpo::new();
134 gpo.parse(
135 cloneresult,
136 domain,
137 dn_sid,
138 sid_type,
139 &domain_sid
140 )?;
141 vec_gpos.push(gpo);
142 }
143 Type::ForeignSecurityPrincipal => {
144 let mut security_principal = Fsp::new();
145 security_principal.parse(
146 cloneresult,
147 domain,
148 dn_sid,
149 sid_type,
150 )?;
151 vec_fsps.push(security_principal);
152 }
153 Type::Container => {
154 if PARSER_MOD_RE1.is_match(&cloneresult.dn.to_uppercase())
155 {
156 continue
158 }
159 if PARSER_MOD_RE2.is_match(&cloneresult.dn.to_uppercase())
160 {
161 continue
163 }
164 let mut container = Container::new();
166 container.parse(
167 cloneresult,
168 domain,
169 dn_sid,
170 sid_type,
171 &domain_sid
172 )?;
173 vec_containers.push(container);
174 }
175 Type::Trust => {
176 let mut trust = Trust::new();
177 trust.parse(
178 cloneresult,
179 domain
180 )?;
181 vec_trusts.push(trust);
182 }
183 Type::NtAutStore => {
184 let mut nt_auth_store = NtAuthStore::new();
185 nt_auth_store.parse(
186 cloneresult,
187 domain,
188 dn_sid,
189 sid_type,
190 &domain_sid
191 )?;
192 vec_ntauthstore.push(nt_auth_store);
193 }
194 Type::AIACA => {
195 let mut aiaca = AIACA::new();
196 aiaca.parse(
197 cloneresult,
198 domain,
199 dn_sid,
200 sid_type,
201 &domain_sid
202 )?;
203 vec_aiacas.push(aiaca);
204 }
205 Type::RootCA => {
206 let mut root_ca = RootCA::new();
207 root_ca.parse(
208 cloneresult,
209 domain,
210 dn_sid,
211 sid_type,
212 &domain_sid
213 )?;
214 vec_rootcas.push(root_ca);
215 }
216 Type::EnterpriseCA => {
217 let mut enterprise_ca = EnterpriseCA::new();
218 enterprise_ca.parse(
219 cloneresult,
220 domain,
221 dn_sid,
222 sid_type,
223 &domain_sid
224 )?;
225 vec_enterprisecas.push(enterprise_ca);
226 }
227 Type::CertTemplate => {
228 let mut cert_template = CertTemplate::new();
229 cert_template.parse(
230 cloneresult,
231 domain,
232 dn_sid,
233 sid_type,
234 &domain_sid
235 )?;
236 vec_certtemplates.push(cert_template);
237 }
238 Type::IssuancePolicie => {
239 let mut issuance_policie = IssuancePolicie::new();
240 issuance_policie.parse(
241 cloneresult,
242 domain,
243 dn_sid,
244 sid_type,
245 &domain_sid
246 )?;
247 vec_issuancepolicies.push(issuance_policie);
248 }
249 Type::Unknown => {
250 let _unknown = parse_unknown(cloneresult, domain);
251 }
252 }
253 count += 1;
256 let pourcentage = 100 * count / total;
257 progress_bar(pb.to_owned(),"Parsing LDAP objects".to_string(),pourcentage.try_into()?,"%".to_string());
258 }
259 pb.finish_and_clear();
260 info!("Parsing LDAP objects finished!");
261 Ok(())
262}