ASRGEN 1.0

MHaggis · Nov 30, 2023 · 7a995e1 · 7a995e1
1 parent 0a6dac5
commit 7a995e1
Show file tree

Hide file tree

Showing 5 changed files with 111 additions and 3 deletions.
diff --git a/Attack_Surface_Reduction.py b/Attack_Surface_Reduction.py
@@ -10,7 +10,6 @@
 # Page header
 st.markdown("<h1 style='text-align: left;'>Attack Surface Reduction Generator</h1>", unsafe_allow_html=True)
 
-
 col1, col2, col3 = st.columns([2,1,1])
 
 with col1:
@@ -26,6 +25,10 @@
     2️⃣ <a href="ASR_Essentials" target="_self">ASR Essentials</a> 📚: A guide to the basics of ASR, including how to use ASR on the command line, how to list ASR rules, and how to understand ASR event codes. 🤓
 
     3️⃣ <a href="ASR_Atomic_Testing" target="_self">ASR Atomic Testing</a> 🧪: A collection of scripts for testing the effectiveness of ASR rules. 🔬
+    
+    4️⃣ <a href="4_ASR_PwSh_Group_Policy_Generator" target="_self">ASR PwSh Group Policy Generator</a> 🛠️: A tool for generating Group Policy Objects (GPO) with PowerShell. 📝
+    
+    5️⃣ <a href="5_ASR_Read_Pol_File" target="_self">ASR .pol File Reader</a> 📖: A tool for reading and displaying the contents of GPO .pol files. 📝
 
     The ASR Generator is an ongoing project, and we are constantly working to improve its features and capabilities. We welcome feedback and suggestions from our users to help us make this tool even better 🙌. 💡
 
@@ -36,6 +39,7 @@
     <iframe width="560" height="315" src="https://www.youtube.com/embed/BUZBGbzm1cE?si=ye9LOktWEDZRYIUL" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>
     """, unsafe_allow_html=True)
 
+
 st.sidebar.image("assets/logo.png", width=300)
 
 st.sidebar.markdown(html_code, unsafe_allow_html=True)

diff --git a/asr.py b/asr.py
@@ -20,5 +20,5 @@
 
 html_code = """
 <iframe srcdoc="<script type='text/javascript' src='https://storage.ko-fi.com/cdn/widget/Widget_2.js'></script><script type='text/javascript'>kofiwidget2.init('Support Me on Ko-fi', '#29abe0', 'P5P61I35A');kofiwidget2.draw();</script>" width="100%" height="50" style="border:0" allowtransparency="true" loading="lazy"></iframe>
-<iframe src="https://github.com/sponsors/MHaggis/button" title="Sponsor MHaggis" height="32" width="114" style="border: 0; border-radius: 6px;" target="_blank"></iframe>
+<a href="https://github.com/sponsors/MHaggis" target="_blank" style="display: inline-block; background-color: #0366d6; color: white; padding: 5px 10px; border-radius: 4px; text-decoration: none;">Sponsor MHaggis</a>
 """
diff --git a/pages/4_ASR PwSh Group Policy Generator.py b/pages/4_ASR PwSh Group Policy Generator.py
@@ -0,0 +1,73 @@
+import streamlit as st
+from asr import asr_rules, html_code
+
+st.set_page_config(page_title="ASR PwSh", layout="wide")
+
+# Initialize user inputs
+user_inputs = {}
+
+# App title and introduction
+st.title("ASR PwSh Group Policy Object Generator")
+st.markdown("This tool will help you create a new Group Policy Object (GPO) in the Group Policy Management Console (GPMC). Once the GPO is created, it can be further deployed as per your organization's requirements.")
+
+
+# Add a checkbox and a select box at the top of the app
+enable_all = st.checkbox("Enable All Rules")
+if enable_all:
+    enable_all_state = st.selectbox("Select state for all rules:", ["0 (Disabled)", "1 (Block)", "2 (Audit)"], key="enable_all_state")
+    # If the checkbox is checked, set the state of all rules to the selected value
+    for rule_id in asr_rules.values():
+        user_inputs[rule_id] = int(enable_all_state[0])  # Get the first character (0, 1, or 2) as the state
+
+# Iterating over each ASR rule to create an expander with options
+for rule_name, rule_id in asr_rules.items():
+    with st.expander(f"{rule_name} ({rule_id})"):
+        # Check if the rule has already been set
+        if rule_id not in user_inputs:
+            state = st.radio("Select state for this rule:", ["0 (Disabled)", "1 (Block)", "2 (Audit)"], key=rule_id)
+            user_inputs[rule_id] = int(state[0])  # Get the first character (0, 1, or 2) as the state
+
+gpo_name = st.text_input("Enter the GPO Name", value="MyNewASRGPO", key="gpo_name_input")
+# Initialize the PowerShell script
+ps_script = ""
+
+if st.button("Generate PowerShell Script"):  # Button to generate PowerShell script
+    # Start of the PowerShell script
+    ps_script = f"""# Create a new GPO
+    $gpoName = "{gpo_name}"
+    $gpo = New-GPO -Name $gpoName -Comment "GPO to configure ASR rules"
+
+    # Define the registry path for ASR settings
+    $asrRegPath = "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Windows Defender Exploit Guard\\ASR\\Rules"
+
+    # ASR rule settings
+    $asrRules = @{{\n"""
+
+    # Adding each rule to the script
+    for rule_id, state in user_inputs.items():
+        # Include the rule only if the state is not "0 (Disabled)"
+        if state != 0:
+            # Get the rule name corresponding to the rule ID
+            rule_name = [name for name, id in asr_rules.items() if id == rule_id][0]
+            ps_script += f'    "{rule_id}" = {state};  # {rule_name}\n'
+
+    # Closing the ASR rules PowerShell array
+    ps_script += """}
+
+    # Apply the ASR rule settings
+    foreach ($rule in $asrRules.GetEnumerator()) {
+        $regKey = "$asrRegPath\$($rule.Name)"
+        Set-GPRegistryValue -Name $gpoName -Key $asrRegPath -ValueName $rule.Name -Type Dword -Value $rule.Value
+    }
+
+    # Link the GPO to an OU (optional)
+    # Replace 'OU=MyOU,DC=example,DC=com' with the actual path to your OU
+    # Link-GPO -Name $gpoName -Target "OU=MyOU,DC=example,DC=com"
+    """
+
+st.code(ps_script, language='powershell')
+
+st.warning("Please note that I have not tested this in production, but only a lab. Be sure to thoroughly test before implementing in production.", icon="⚠️")
+
+st.sidebar.image("assets/logo.png", width=300)
+st.sidebar.markdown(html_code, unsafe_allow_html=True)
diff --git a/pages/5_ASR_Read_Pol_File.py b/pages/5_ASR_Read_Pol_File.py
@@ -0,0 +1,30 @@
+import streamlit as st
+import registrypol
+from asr import html_code
+
+st.set_page_config(page_title="ASR Policy Reader", layout="wide")
+
+def main():
+    st.title("GPO .pol File Reader")
+    st.markdown("This tool allows you to read and display the contents of a GPO .pol file. \
+    It uses the registry.pol file from a GPO backup. After you upload a .pol file, \
+    the tool will parse the file and display the key, value, type, size, and data for each entry.")
+    file = st.file_uploader("Upload a GPO .pol file", type=['pol'])
+    if file is not None:
+        # Load the Registry.pol file
+        policy = registrypol.load(file)
+
+        # Display the parsed data
+        for value in policy.values:
+            st.write(f"Key: {value.key}")
+            st.write(f"Value: {value.value}")
+            st.write(f"Type: {value.type}")
+            st.write(f"Size: {value.size}")
+            st.write(f"Data: {value.data}")
+            st.write("---")
+
+if __name__ == "__main__":
+    main()
+
+st.sidebar.image("assets/logo.png", width=300)
+st.sidebar.markdown(html_code, unsafe_allow_html=True)
diff --git a/requirements.txt b/requirements.txt
@@ -1,2 +1,3 @@
 streamlit
-streamlit-js-eval
+streamlit-js-eval
+registrypol #https://pypi.org/project/registrypol/