windows

package

v0.0.0-...-f53e1c9 Latest Latest Go to latest Published: May 6, 2024 License: GPL-3.0 Imports: 14 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/InfoSec-Agent/InfoSec-Agent

Links

Open Source Insights

Documentation ¶

Overview ¶

Package windows provides functions related to security/privacy checks of windows settings

Index ¶

Variables
func Defender(scanKey mocking.RegistryKey, defenderKey mocking.RegistryKey) checks.Check
func FindWindowsBuild(n *html.Node) string
func GetURLBody(urlStr string) *html.Node
func GuestAccount(executorLocalGroup mocking.CommandExecutor, ...) checks.Check
func LastPasswordChange(executor mocking.CommandExecutor) checks.Check
func LoginMethod(registryKey mocking.RegistryKey) checks.Check
func Outdated(mockExecutor mocking.CommandExecutor) checks.Check
func Permission(permissionID int, permission string, registryKey mocking.RegistryKey) checks.Check
func RemoteDesktopCheck(registryKey mocking.RegistryKey) checks.Check
func RemoveDuplicateStr(strSlice []string) []string
func SecureBoot(registryKey mocking.RegistryKey) checks.Check
func Startup(key1 mocking.RegistryKey, key2 mocking.RegistryKey, key3 mocking.RegistryKey) checks.Check
func UACCheck(uacExecutor mocking.CommandExecutor) checks.Check

Constants ¶

This section is empty.

Variables ¶

View Source

var WinVersion int

Functions ¶

func Defender ¶

func Defender(scanKey mocking.RegistryKey, defenderKey mocking.RegistryKey) checks.Check

Defender is a function that checks the status of Windows Defender and its periodic scan feature on the system.

Parameters:

scanKey mocking.RegistryKey: A registry key object for accessing the Windows Defender registry key.
defenderKey mocking.RegistryKey: A registry key object for accessing the Windows Defender Real-Time Protection registry key.

Returns:

Check: A struct containing the result of the check. The result indicates whether Windows Defender and its periodic scan feature are enabled or disabled.

The function works by opening and reading the values of the Windows Defender and Real-Time Protection registry keys. Based on these values, it determines the status of Windows Defender and its periodic scan feature. The function returns a Check instance containing a string that describes the status of Windows Defender and its periodic scan feature.

func FindWindowsBuild ¶

func FindWindowsBuild(n *html.Node) string

FindWindowsBuild searches for the latest Windows build in the HTML content of a given URL.

This function iterates over the children of the provided HTML node. If the node is a table body (tbody), the function iterates over its children. If a child is a table row (tr), the function counts the number of table data (td) elements in the row. When it finds the fifth td element, it extracts and returns the data as a string. If the function does not find a tbody or a tr with five td elements, it continues the search recursively on the node's children.

The function is designed to work for the specific layout of the HTML content at the provided URL. Should this layout change, the function may need to be updated to reflect the new structure.

Parameters:

n *html.Node - The HTML node to search for the data element.

Returns: The data from the fifth td element in the first tr of the tbody of the provided HTML node. If no such data element is found, the function returns an empty string.

func GetURLBody ¶

func GetURLBody(urlStr string) *html.Node

GetURLBody fetches and parses the HTML content of a given URL.

This function makes an HTTP GET request to the provided URL and parses the HTML content of the response. It logs any errors that occur during the HTTP request or the HTML parsing. The function returns the root node of the parsed HTML document.

Parameters:

url string - The URL to fetch and parse the HTML content from.

Returns: The root node of the parsed HTML document.

func GuestAccount ¶

func GuestAccount(
	executorLocalGroup mocking.CommandExecutor,
	executorLocalGroupMembers mocking.CommandExecutor,
	executorYesWord mocking.CommandExecutor,
	executorNetUser mocking.CommandExecutor,
) checks.Check

GuestAccount checks the status of the Windows guest account.

Parameters:

executorLocalGroup (commandmock.CommandExecutor): An instance of CommandExecutor used to execute the Get-WmiObject command to retrieve local group information.
executorLocalGroupMembers (commandmock.CommandExecutor): An instance of CommandExecutor used to execute the 'net localgroup' command to retrieve local group members.
executorYesWord (commandmock.CommandExecutor): An instance of CommandExecutor used to execute the 'net user' command to retrieve the word for 'yes' in the current user's language.
executorNetUser (commandmock.CommandExecutor): An instance of CommandExecutor used to execute the 'net user' command to retrieve all users.

Returns:

Check: A Check instance encapsulating the results of the guest account check. If the guest account is active, the Result field of the Check instance will contain the message "Guest account is active". If the guest account is not active, the Result field will contain the message "Guest account is not active". If an error occurs during the check, it is encapsulated in the Error and ErrorMSG fields of the Check instance.

This function is primarily used to identify potential security risks associated with an active guest account on the Windows system.

func LastPasswordChange ¶

func LastPasswordChange(executor mocking.CommandExecutor) checks.Check

LastPasswordChange is a function that checks the last time the Windows password was changed.

Parameters:

executor mocking.CommandExecutor: An executor to run the command for retrieving the last password change date.

Returns:

Check: A struct containing the result of the check. The result indicates the date when the password was last changed.

The function works by executing a 'net user' command to get the user's password last set date. It then parses the output of the command to extract the date. The function compares this date with the current date and if the difference is more than half a year, it returns a warning suggesting the user to change the password. Otherwise, it returns a message indicating that the password was changed recently.

func LoginMethod ¶

func LoginMethod(registryKey mocking.RegistryKey) checks.Check

LoginMethod is a function that checks and returns the login methods enabled by the user on a Windows system.

Parameters:

registryKey mocking.RegistryKey: A registry key object for accessing the Windows login methods registry key.

Returns:

Check: A struct containing the result of the check. The result is a list of enabled login methods such as PIN, Picture Logon, Password, Fingerprint, Facial recognition, and Trust signal.

The function works by opening and reading the values of the Windows login methods registry key. Each login method corresponds to a unique GUID. The function checks whether the GUID is present in the registry key, and if it is, that login method is considered enabled. The function returns a Check instance containing a list of enabled login methods.

func Outdated ¶

func Outdated(mockExecutor mocking.CommandExecutor) checks.Check

Outdated is a function that checks if the currently installed Windows version is outdated.

Parameters:

mockOS mocking.WindowsVersion: A mock object for retrieving the Windows version information.

Returns:

Check: A struct containing the result of the check. The result indicates whether the Windows version is up-to-date or if updates are available.

The function works by retrieving the Windows version information using the provided mock object. It then compares the build number of the installed Windows version with the build numbers of the latest Windows 10 and Windows 11 versions. If the installed version's build number matches the latest build number for its major version (10 or 11), the function returns a message indicating that the Windows version is up-to-date. If the build number does not match, the function returns a message indicating that updates are available. If the major version is neither 10 nor 11, the function returns a message suggesting to update to Windows 10 or Windows 11.

func Permission ¶

func Permission(permissionID int, permission string, registryKey mocking.RegistryKey) checks.Check

Permission is a function that checks if a user has granted a specific permission to an application.

Parameters:

permissionID (int): The ID of the permission check.
permission (string): The specific permission to check.
registryKey (mocking.RegistryKey): The registry key to use for the check.

Returns:

Check: A Check instance encapsulating the results of the permission check. The Result field of the Check instance will contain a list of applications that have been granted the specified permission.

This function opens the registry key for the given permission and retrieves the names of all sub-keys, which represent applications. It then iterates through these applications, checking if they have been granted the specified permission. If the permission value is "Allow", the application name is added to the results. The function also handles non-packaged applications separately. Finally, it removes any duplicate results before returning them.

func RemoteDesktopCheck ¶

func RemoteDesktopCheck(registryKey mocking.RegistryKey) checks.Check

RemoteDesktopCheck is a function that checks if the Remote Desktop feature is enabled on the system.

Parameters:

registryKey (mocking.RegistryKey): A mocker of a Windows registry key. This is used to simulate the behavior of the Windows registry for testing purposes.

Returns:

Check: A struct containing the result of the check. The result indicates whether the Remote Desktop feature is enabled or not.

The function works by opening the registry key for Terminal Server settings. It then reads the value of 'fDenyTSConnections', which indicates whether Remote Desktop is enabled or not. If the value is 0, it means that Remote Desktop is enabled. Otherwise, it is disabled. The function returns a Check instance containing the result of the check.

func RemoveDuplicateStr ¶

func RemoveDuplicateStr(strSlice []string) []string

RemoveDuplicateStr is a utility function that eliminates duplicate string values from a given slice.

Parameters:

strSlice []string: The input slice from which duplicate string values need to be removed.

Returns:

[]string: A new slice that contains the unique string values from the input slice. The order of the elements is preserved based on their first occurrence in the input slice.

func SecureBoot ¶

func SecureBoot(registryKey mocking.RegistryKey) checks.Check

SecureBoot is a function that checks if Windows Secure Boot is enabled on the system.

Parameters:

registryKey mocking.RegistryKey: A registry key object for accessing the Windows Secure Boot registry key.

Returns:

Check: A struct containing the result of the check. The result indicates whether Windows Secure Boot is enabled or not.

The function works by opening the Windows Secure Boot registry key and reading its 'UEFISecureBootEnabled' value. This value represents the status of Secure Boot. If the value is 1, Secure Boot is enabled. If the value is 0, Secure Boot is disabled. If the function encounters an error while accessing the registry key or reading the value, it returns a Check instance containing an error message. If the 'UEFISecureBootEnabled' value is not 1 or 0, the function returns a Check instance indicating that the Secure Boot status is unknown.

func Startup ¶

func Startup(key1 mocking.RegistryKey, key2 mocking.RegistryKey, key3 mocking.RegistryKey) checks.Check

Startup is a function that checks the Windows registry for startup programs.

Parameters:

key1 mocking.RegistryKey: A registry key object for accessing the first registry key location for startup programs.
key2 mocking.RegistryKey: A registry key object for accessing the second registry key location for startup programs.
key3 mocking.RegistryKey: A registry key object for accessing the third registry key location for startup programs.

Returns:

Check: A struct containing the result of the check. The result includes a list of startup programs if any are found, or a message indicating that no startup programs were found.

The function works by opening three different registry keys where startup programs can be located. It reads the entries within each registry key and concatenates the results. If any startup programs are found, the function returns a Check instance containing a list of the startup programs. If no startup programs are found, the function returns a Check instance with a message indicating that no startup programs were found. If the function encounters an error while opening the registry keys or reading the entries, it returns a Check instance containing an error message.

func UACCheck ¶

func UACCheck(uacExecutor mocking.CommandExecutor) checks.Check

UACCheck is a function that checks the User Account Control (UAC) level on the system.

Parameters:

uacExecutor commandmock.CommandExecutor: An executor to run the command for checking the UAC level.

Returns:

Check: A struct containing the result of the check. The result indicates the level at which the UAC is enabled.

The function works by executing a PowerShell command to get the 'ConsentPromptBehaviorAdmin' property from the system registry. This property represents the UAC level. The function then parses the output of the command to determine the UAC level. Based on the value of the key, the function returns a Check instance containing a string that describes the UAC level.

Types ¶

This section is empty.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL