rusthound_ce/json/parser/
mod.rs1use std::collections::HashMap;
2use std::error::Error;
3use ldap3::SearchEntry;
4use indicatif::ProgressBar;
5use crate::objects::common::parse_unknown;
6use crate::objects::{
7 user::User,
8 computer::Computer,
9 group::Group,
10 ou::Ou,
11 container::Container,
12 gpo::Gpo,
13 domain::Domain,
14 fsp::Fsp,
15 trust::Trust,
16 ntauthstore::NtAuthStore,
17 aiaca::AIACA,
18 rootca::RootCA,
19 enterpriseca::EnterpriseCA,
20 certtemplate::CertTemplate,
21 inssuancepolicie::IssuancePolicie,
22};
23use std::convert::TryInto;
24
25use log::info;
26use crate::args::Options;
27use crate::banner::progress_bar;
28use crate::enums::ldaptype::*;
29use crate::enums::regex::{PARSER_MOD_RE1,PARSER_MOD_RE2};
30
31pub fn parse_result_type(
35 common_args: &Options,
36 result: Vec<SearchEntry>,
37 vec_users: &mut Vec<User>,
38 vec_groups: &mut Vec<Group>,
39 vec_computers: &mut Vec<Computer>,
40 vec_ous: &mut Vec<Ou>,
41 vec_domains: &mut Vec<Domain>,
42 vec_gpos: &mut Vec<Gpo>,
43 vec_fsps: &mut Vec<Fsp>,
44 vec_containers: &mut Vec<Container>,
45 vec_trusts: &mut Vec<Trust>,
46 vec_ntauthstore: &mut Vec<NtAuthStore>,
47 vec_aiacas: &mut Vec<AIACA>,
48 vec_rootcas: &mut Vec<RootCA>,
49 vec_enterprisecas: &mut Vec<EnterpriseCA>,
50 vec_certtemplates: &mut Vec<CertTemplate>,
51 vec_issuancepolicies: &mut Vec<IssuancePolicie>,
52
53 dn_sid: &mut HashMap<String, String>,
54 sid_type: &mut HashMap<String, String>,
55 fqdn_sid: &mut HashMap<String, String>,
56 fqdn_ip: &mut HashMap<String, String>,
57 ) -> Result<(), Box<dyn Error>> {
59 let domain = &common_args.domain;
61
62 let pb = ProgressBar::new(1);
64 let mut count = 0;
65 let total = result.len();
66 let mut domain_sid: String = "DOMAIN_SID".to_owned();
67
68 info!("Starting the LDAP objects parsing...");
69 for entry in result {
70 let cloneresult = entry.clone();
72 let atype = get_type(&entry).unwrap_or(Type::Unknown);
74 match atype {
75 Type::User => {
76 let mut user: User = User::new();
77 user.parse(
78 cloneresult,
79 domain,
80 dn_sid,
81 sid_type,
82 &domain_sid
83 )?;
84 vec_users.push(user);
85 }
86 Type::Group => {
87 let mut group = Group::new();
88 group.parse(
89 cloneresult,
90 domain,
91 dn_sid,
92 sid_type,
93 &domain_sid
94 )?;
95 vec_groups.push(group);
96 }
97 Type::Computer => {
98 let mut computer = Computer::new();
99 computer.parse(
100 cloneresult,
101 domain,
102 dn_sid,
103 sid_type,
104 fqdn_sid,
105 fqdn_ip,
106 &domain_sid
107 )?;
108 vec_computers.push(computer);
109 }
110 Type::Ou => {
111 let mut ou = Ou::new();
112 ou.parse(
113 cloneresult,
114 domain,
115 dn_sid,
116 sid_type,
117 &domain_sid
118 )?;
119 vec_ous.push(ou);
120 }
121 Type::Domain => {
122 let mut domain_object = Domain::new();
123 let domain_sid_from_domain = domain_object.parse(
124 cloneresult,
125 domain,
126 dn_sid,
127 sid_type,
128 )?;
129 domain_sid = domain_sid_from_domain;
130 if !domain_object.object_identifier().is_empty() {
132 vec_domains.push(domain_object);
133 }
134 }
135 Type::Gpo => {
136 let mut gpo = Gpo::new();
137 gpo.parse(
138 cloneresult,
139 domain,
140 dn_sid,
141 sid_type,
142 &domain_sid
143 )?;
144 vec_gpos.push(gpo);
145 }
146 Type::ForeignSecurityPrincipal => {
147 let mut security_principal = Fsp::new();
148 security_principal.parse(
149 cloneresult,
150 domain,
151 dn_sid,
152 sid_type,
153 )?;
154 vec_fsps.push(security_principal);
155 }
156 Type::Container => {
157 if PARSER_MOD_RE1.is_match(&cloneresult.dn.to_uppercase())
158 {
159 continue
161 }
162 if PARSER_MOD_RE2.is_match(&cloneresult.dn.to_uppercase())
163 {
164 continue
166 }
167 let mut container = Container::new();
169 container.parse(
170 cloneresult,
171 domain,
172 dn_sid,
173 sid_type,
174 &domain_sid
175 )?;
176 vec_containers.push(container);
177 }
178 Type::Trust => {
179 let mut trust = Trust::new();
180 trust.parse(
181 cloneresult,
182 domain
183 )?;
184 vec_trusts.push(trust);
185 }
186 Type::NtAutStore => {
187 let mut nt_auth_store = NtAuthStore::new();
188 nt_auth_store.parse(
189 cloneresult,
190 domain,
191 dn_sid,
192 sid_type,
193 &domain_sid
194 )?;
195 vec_ntauthstore.push(nt_auth_store);
196 }
197 Type::AIACA => {
198 let mut aiaca = AIACA::new();
199 aiaca.parse(
200 cloneresult,
201 domain,
202 dn_sid,
203 sid_type,
204 &domain_sid
205 )?;
206 vec_aiacas.push(aiaca);
207 }
208 Type::RootCA => {
209 let mut root_ca = RootCA::new();
210 root_ca.parse(
211 cloneresult,
212 domain,
213 dn_sid,
214 sid_type,
215 &domain_sid
216 )?;
217 vec_rootcas.push(root_ca);
218 }
219 Type::EnterpriseCA => {
220 let mut enterprise_ca = EnterpriseCA::new();
221 enterprise_ca.parse(
222 cloneresult,
223 domain,
224 dn_sid,
225 sid_type,
226 &domain_sid
227 )?;
228 vec_enterprisecas.push(enterprise_ca);
229 }
230 Type::CertTemplate => {
231 let mut cert_template = CertTemplate::new();
232 cert_template.parse(
233 cloneresult,
234 domain,
235 dn_sid,
236 sid_type,
237 &domain_sid
238 )?;
239 vec_certtemplates.push(cert_template);
240 }
241 Type::IssuancePolicie => {
242 let mut issuance_policie = IssuancePolicie::new();
243 issuance_policie.parse(
244 cloneresult,
245 domain,
246 dn_sid,
247 sid_type,
248 &domain_sid
249 )?;
250 vec_issuancepolicies.push(issuance_policie);
251 }
252 Type::Unknown => {
253 let _unknown = parse_unknown(cloneresult, domain);
254 }
255 }
256 count += 1;
259 let pourcentage = 100 * count / total;
260 progress_bar(pb.to_owned(),"Parsing LDAP objects".to_string(),pourcentage.try_into()?,"%".to_string());
261 }
262 pb.finish_and_clear();
263 info!("Parsing LDAP objects finished!");
264 Ok(())
265}