", unsafe_allow_html=True)
-
col1, col2, col3 = st.columns([2,1,1])
with col1:
@@ -26,6 +25,10 @@
2๏ธโฃ ASR Essentials ๐: A guide to the basics of ASR, including how to use ASR on the command line, how to list ASR rules, and how to understand ASR event codes. ๐ค
3๏ธโฃ ASR Atomic Testing ๐งช: A collection of scripts for testing the effectiveness of ASR rules. ๐ฌ
+
+ 4๏ธโฃ ASR PwSh Group Policy Generator ๐ ๏ธ: A tool for generating Group Policy Objects (GPO) with PowerShell. ๐
+
+ 5๏ธโฃ ASR .pol File Reader ๐: A tool for reading and displaying the contents of GPO .pol files. ๐
The ASR Generator is an ongoing project, and we are constantly working to improve its features and capabilities. We welcome feedback and suggestions from our users to help us make this tool even better ๐. ๐ก
@@ -36,6 +39,7 @@
""", unsafe_allow_html=True)
+
st.sidebar.image("assets/logo.png", width=300)
st.sidebar.markdown(html_code, unsafe_allow_html=True)
diff --git a/asr.py b/asr.py
index a22a886..ddff15b 100644
--- a/asr.py
+++ b/asr.py
@@ -20,5 +20,5 @@
html_code = """
-
+Sponsor MHaggis
"""
diff --git a/pages/4_ASR PwSh Group Policy Generator.py b/pages/4_ASR PwSh Group Policy Generator.py
new file mode 100644
index 0000000..0f8522d
--- /dev/null
+++ b/pages/4_ASR PwSh Group Policy Generator.py
@@ -0,0 +1,73 @@
+import streamlit as st
+from asr import asr_rules, html_code
+
+st.set_page_config(page_title="ASR PwSh", layout="wide")
+
+# Initialize user inputs
+user_inputs = {}
+
+# App title and introduction
+st.title("ASR PwSh Group Policy Object Generator")
+st.markdown("This tool will help you create a new Group Policy Object (GPO) in the Group Policy Management Console (GPMC). Once the GPO is created, it can be further deployed as per your organization's requirements.")
+
+
+# Add a checkbox and a select box at the top of the app
+enable_all = st.checkbox("Enable All Rules")
+if enable_all:
+ enable_all_state = st.selectbox("Select state for all rules:", ["0 (Disabled)", "1 (Block)", "2 (Audit)"], key="enable_all_state")
+ # If the checkbox is checked, set the state of all rules to the selected value
+ for rule_id in asr_rules.values():
+ user_inputs[rule_id] = int(enable_all_state[0]) # Get the first character (0, 1, or 2) as the state
+
+# Iterating over each ASR rule to create an expander with options
+for rule_name, rule_id in asr_rules.items():
+ with st.expander(f"{rule_name} ({rule_id})"):
+ # Check if the rule has already been set
+ if rule_id not in user_inputs:
+ state = st.radio("Select state for this rule:", ["0 (Disabled)", "1 (Block)", "2 (Audit)"], key=rule_id)
+ user_inputs[rule_id] = int(state[0]) # Get the first character (0, 1, or 2) as the state
+
+gpo_name = st.text_input("Enter the GPO Name", value="MyNewASRGPO", key="gpo_name_input")
+# Initialize the PowerShell script
+ps_script = ""
+
+if st.button("Generate PowerShell Script"): # Button to generate PowerShell script
+ # Start of the PowerShell script
+ ps_script = f"""# Create a new GPO
+ $gpoName = "{gpo_name}"
+ $gpo = New-GPO -Name $gpoName -Comment "GPO to configure ASR rules"
+
+ # Define the registry path for ASR settings
+ $asrRegPath = "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Windows Defender Exploit Guard\\ASR\\Rules"
+
+ # ASR rule settings
+ $asrRules = @{{\n"""
+
+ # Adding each rule to the script
+ for rule_id, state in user_inputs.items():
+ # Include the rule only if the state is not "0 (Disabled)"
+ if state != 0:
+ # Get the rule name corresponding to the rule ID
+ rule_name = [name for name, id in asr_rules.items() if id == rule_id][0]
+ ps_script += f' "{rule_id}" = {state}; # {rule_name}\n'
+
+ # Closing the ASR rules PowerShell array
+ ps_script += """}
+
+ # Apply the ASR rule settings
+ foreach ($rule in $asrRules.GetEnumerator()) {
+ $regKey = "$asrRegPath\$($rule.Name)"
+ Set-GPRegistryValue -Name $gpoName -Key $asrRegPath -ValueName $rule.Name -Type Dword -Value $rule.Value
+ }
+
+ # Link the GPO to an OU (optional)
+ # Replace 'OU=MyOU,DC=example,DC=com' with the actual path to your OU
+ # Link-GPO -Name $gpoName -Target "OU=MyOU,DC=example,DC=com"
+ """
+
+st.code(ps_script, language='powershell')
+
+st.warning("Please note that I have not tested this in production, but only a lab. Be sure to thoroughly test before implementing in production.", icon="โ ๏ธ")
+
+st.sidebar.image("assets/logo.png", width=300)
+st.sidebar.markdown(html_code, unsafe_allow_html=True)
\ No newline at end of file
diff --git a/pages/5_ASR_Read_Pol_File.py b/pages/5_ASR_Read_Pol_File.py
new file mode 100644
index 0000000..d56ef1d
--- /dev/null
+++ b/pages/5_ASR_Read_Pol_File.py
@@ -0,0 +1,30 @@
+import streamlit as st
+import registrypol
+from asr import html_code
+
+st.set_page_config(page_title="ASR Policy Reader", layout="wide")
+
+def main():
+ st.title("GPO .pol File Reader")
+ st.markdown("This tool allows you to read and display the contents of a GPO .pol file. \
+ It uses the registry.pol file from a GPO backup. After you upload a .pol file, \
+ the tool will parse the file and display the key, value, type, size, and data for each entry.")
+ file = st.file_uploader("Upload a GPO .pol file", type=['pol'])
+ if file is not None:
+ # Load the Registry.pol file
+ policy = registrypol.load(file)
+
+ # Display the parsed data
+ for value in policy.values:
+ st.write(f"Key: {value.key}")
+ st.write(f"Value: {value.value}")
+ st.write(f"Type: {value.type}")
+ st.write(f"Size: {value.size}")
+ st.write(f"Data: {value.data}")
+ st.write("---")
+
+if __name__ == "__main__":
+ main()
+
+st.sidebar.image("assets/logo.png", width=300)
+st.sidebar.markdown(html_code, unsafe_allow_html=True)
\ No newline at end of file
diff --git a/requirements.txt b/requirements.txt
index e2740a1..bcfe0b5 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,2 +1,3 @@
streamlit
-streamlit-js-eval
\ No newline at end of file
+streamlit-js-eval
+registrypol #https://pypi.org/project/registrypol/
\ No newline at end of file