klezVirus/dblchk.py

## dblchk.py
#!/usr/bin/env python3
# ======================================
# Requires the following deps:
# pip install xmltodict, requests, bs4
# ======================================
from argparse import ArgumentParser
from pathlib import Path

import requests
import zipfile

import xmltodict
from bs4 import BeautifulSoup


class Driver:
    def __init__(self, name: str, _hash: str):
        self.name = name.lower().split(" ")[0].strip()
        self.sha = _hash.lower().strip() if _hash else ""

    def __eq__(self, other):
        if not isinstance(other, Driver):
            return False
        return self.name == other.name or self.sha == other.sha

    def __str__(self):
        return f"Driver (name='{self.name}', hash='{self.sha}')"


class DriverBlockListChecker:
    def __init__(self, target="Enforced", verbose=False):
        self.verbose = verbose
        self.lol_url = "https://www.loldrivers.io/"
        self.win_url = "https://aka.ms/VulnerableDriverBlockList"
        self.lol_drivers = []
        self.win_bl_drivers = []
        self.temp_dir = Path("temp")
        self.temp_dir.mkdir(exist_ok=True)
        self.win_block_policy_zip = self.temp_dir.joinpath("blocklist.zip")
        self.win_block_policy_xml = self.temp_dir.joinpath(f"SiPolicy_{target}.xml")

    def get_lol_blocklist(self):
        print("[*] Getting LoL Blocklist...")
        r = requests.get(self.lol_url)
        soup = BeautifulSoup(r.text, features="html.parser")
        rows = soup.find_all("tr", {"class": "row"})
        for row in rows:
            tds = row.find_all("td")
            details = [td.get_text().strip() for td in tds]
            self.lol_drivers.append(
                Driver(details[0], details[1])
            )

    def get_windows_blocklist(self):
        print("[*] Getting Windows Blocklist...")
        r = requests.get(self.win_url, allow_redirects=True)
        with open(str(self.win_block_policy_zip), "wb") as _out:
            _out.write(r.content)

        with zipfile.ZipFile(str(self.win_block_policy_zip), "r") as zip_ref:
            zip_ref.extractall("temp")

        self.win_block_policy_zip.unlink(missing_ok=True)

        with open(str(self.win_block_policy_xml), "r", encoding="utf-8", errors="ignore") as _in:
            text = _in.read()

        policies = xmltodict.parse(text).get("SiPolicy", {}).get("FileRules", {}).get("Deny", {})
        for policy in policies:
            self.win_bl_drivers.append(
                Driver(policy.get("@FriendlyName"), policy.get("@Hash"))
            )

    def get_missing(self):
        counter = 0
        for driver in self.lol_drivers:
            for blocked in self.win_bl_drivers:
                if driver == blocked:
                    break
            if self.verbose:
                print(f"[-] Driver {driver} not blocked by Microsoft")
            counter += 1

        print(f"[+] Microsoft does not block {counter} vulnerable drivers")

    def get_matching(self):
        counter = 0
        for driver in self.lol_drivers:
            for blocked in self.win_bl_drivers:
                if driver == blocked:
                    if self.verbose:
                        print(f"[-] Driver {driver} blocked by Microsoft")
                    counter += 1
                    break

        print(f"[+] Microsoft does block {counter} vulnerable drivers")


if __name__ == "__main__":
    parser = ArgumentParser(description="Simple Driver Blocklist Checker")
    parser.add_argument("-v", "--verbose", action="store_true", help="Print verbose output")
    parser.add_argument("-t", "--target", choices=["Enforced", "Audit"], default="Enforced",
                        help="Select Driver Blocklist to check against")
    args = parser.parse_args()

    dblchk = DriverBlockListChecker(target=args.target, verbose=args.verbose)
    dblchk.get_lol_blocklist()
    dblchk.get_windows_blocklist()
    dblchk.get_missing()
    dblchk.get_matching()
	#!/usr/bin/env python3
	# ======================================
	# Requires the following deps:
	# pip install xmltodict, requests, bs4
	# ======================================
	from argparse import ArgumentParser
	from pathlib import Path

	import requests
	import zipfile

	import xmltodict
	from bs4 import BeautifulSoup


	class Driver:
	def __init__(self, name: str, _hash: str):
	self.name = name.lower().split(" ")[0].strip()
	self.sha = _hash.lower().strip() if _hash else ""

	def __eq__(self, other):
	if not isinstance(other, Driver):
	return False
	return self.name == other.name or self.sha == other.sha

	def __str__(self):
	return f"Driver (name='{self.name}', hash='{self.sha}')"


	class DriverBlockListChecker:
	def __init__(self, target="Enforced", verbose=False):
	self.verbose = verbose
	self.lol_url = "https://www.loldrivers.io/"
	self.win_url = "https://aka.ms/VulnerableDriverBlockList"
	self.lol_drivers = []
	self.win_bl_drivers = []
	self.temp_dir = Path("temp")
	self.temp_dir.mkdir(exist_ok=True)
	self.win_block_policy_zip = self.temp_dir.joinpath("blocklist.zip")
	self.win_block_policy_xml = self.temp_dir.joinpath(f"SiPolicy_{target}.xml")

	def get_lol_blocklist(self):
	print("[*] Getting LoL Blocklist...")
	r = requests.get(self.lol_url)
	soup = BeautifulSoup(r.text, features="html.parser")
	rows = soup.find_all("tr", {"class": "row"})
	for row in rows:
	tds = row.find_all("td")
	details = [td.get_text().strip() for td in tds]
	self.lol_drivers.append(
	Driver(details[0], details[1])
	)

	def get_windows_blocklist(self):
	print("[*] Getting Windows Blocklist...")
	r = requests.get(self.win_url, allow_redirects=True)
	with open(str(self.win_block_policy_zip), "wb") as _out:
	_out.write(r.content)

	with zipfile.ZipFile(str(self.win_block_policy_zip), "r") as zip_ref:
	zip_ref.extractall("temp")

	self.win_block_policy_zip.unlink(missing_ok=True)

	with open(str(self.win_block_policy_xml), "r", encoding="utf-8", errors="ignore") as _in:
	text = _in.read()

	policies = xmltodict.parse(text).get("SiPolicy", {}).get("FileRules", {}).get("Deny", {})
	for policy in policies:
	self.win_bl_drivers.append(
	Driver(policy.get("@FriendlyName"), policy.get("@Hash"))
	)

	def get_missing(self):
	counter = 0
	for driver in self.lol_drivers:
	for blocked in self.win_bl_drivers:
	if driver == blocked:
	break
	if self.verbose:
	print(f"[-] Driver {driver} not blocked by Microsoft")
	counter += 1

	print(f"[+] Microsoft does not block {counter} vulnerable drivers")

	def get_matching(self):
	counter = 0
	for driver in self.lol_drivers:
	for blocked in self.win_bl_drivers:
	if driver == blocked:
	if self.verbose:
	print(f"[-] Driver {driver} blocked by Microsoft")
	counter += 1
	break

	print(f"[+] Microsoft does block {counter} vulnerable drivers")


	if __name__ == "__main__":
	parser = ArgumentParser(description="Simple Driver Blocklist Checker")
	parser.add_argument("-v", "--verbose", action="store_true", help="Print verbose output")
	parser.add_argument("-t", "--target", choices=["Enforced", "Audit"], default="Enforced",
	help="Select Driver Blocklist to check against")
	args = parser.parse_args()

	dblchk = DriverBlockListChecker(target=args.target, verbose=args.verbose)
	dblchk.get_lol_blocklist()
	dblchk.get_windows_blocklist()
	dblchk.get_missing()
	dblchk.get_matching()