MonaxGT/gosddl MonaxGT/gosddl

Windows Libraries
  • Stars
    star
    11
  • Rank 1,639,057 (Top 34 %)
  • Language
    Go
  • License
    Apache License 2.0
  • Created over 5 years ago
  • Updated about 5 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
MonaxGT/gosddl
github

MonaxGT

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

GoSDDL converter

GoSDDL (Security Descriptor Definition Language)

Build Status Codacy Badge Maintainability Go Report Card

Converter from SDDL-string to user-friendly JSON. SDDL consist of four part: Owner, Primary Group, DACL, SACL. This converter works with two mode:

  1. Direct
  2. API

You can attach file with SIDs-Username for decoding with replacement SID to Username. You should attach file with option -f. File should store with format:

S-1-XXXX,Username1
S-1-YYYY,Username2

Installing

To start using gosddl, install Go and run go get:

$ go get -u github.com/MonaxGT/gosddl

Direct usage example

go run gosddl.go "D:(A;;GA;;;S-1-5-21-111111111-1111111111-1111111111-11111)(A;;GA;;;SY)(A;;GXGR;;;S-1-5-5-1-1111111111)(A;;GA;;;BA)"

{"owner":"","primary":"","dacl":[{"accountsid":"S-1-5-21-111111111-1111111111-1111111111-11111","aceType":"ACCESS ALLOWED","aceflags":[""],"rights":["GENERIC_ALL"],"objectguid":"","InheritObjectGuid":""},{"accountsid":"Local system","aceType":"ACCESS ALLOWED","aceflags":[""],"rights":["GENERIC_ALL"],"objectguid":"","InheritObjectGuid":""},{"accountsid":"S-1-5-5-1-1111111111","aceType":"ACCESS ALLOWED","aceflags":[""],"rights":["GENERIC_EXECUTE","GENERIC_READ"],"objectguid":"","InheritObjectGuid":""},{"accountsid":"Built-in administrators","aceType":"ACCESS ALLOWED","aceflags":[""],"rights":["GENERIC_ALL"],"objectguid":"","InheritObjectGuid":""}],"daclInheritFlags":null,"sacl":null,"saclInheritFlags":null}

API usage example

go run gosddl.go -api

curl 'http://127.0.0.1:8000/sddl/D:(A;;GA;;;S-1-5-21-111111111-1111111111-1111111111-11111)(A;;GA;;;SY)(A;;GXGR;;;S-1-5-5-1-1111111111)(A;;GA;;;BA)'
{"owner":"","primary":"","dacl":[{"accountsid":"S-1-5-21-111111111-1111111111-1111111111-11111","aceType":"ACCESS ALLOWED","aceflags":[""],"rights":["GENERIC_ALL"],"objectguid":"","InheritObjectGuid":""},{"accountsid":"Local system","aceType":"ACCESS ALLOWED","aceflags":[""],"rights":["GENERIC_ALL"],"objectguid":"","InheritObjectGuid":""},{"accountsid":"S-1-5-5-1-1111111111","aceType":"ACCESS ALLOWED","aceflags":[""],"rights":["GENERIC_EXECUTE","GENERIC_READ"],"objectguid":"","InheritObjectGuid":""},{"accountsid":"Built-in administrators","aceType":"ACCESS ALLOWED","aceflags":[""],"rights":["GENERIC_ALL"],"objectguid":"","InheritObjectGuid":""}],"daclInheritFlags":null,"sacl":null,"saclInheritFlags":null}

Additionally you can use Docker

docker build -t gosddl .
docker run -d -p 8000:8000 gosddl -api
docker run --rm -it -v $PWD/store:/app/data gosddl "O:BAG:SYD:(D;;GA;;;AN)(D;;GA;;;BG)(A;;GA;;;SY)(A;;GA;;;BA)S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)"

Links:

Source

More Repositories

1

gomalshare

Go library MalShare API
Go
13
star
2

parsefields

Tools for parse JSON-like logs for collecting unique fields and events
Go
8
star
3

awesome-R-cyber-security

awesome-R-cyber-security
4
star
4

Moloch

Docker-compose version
YARA
2
star
5

gogeocheck

Simple checker geo by ip on Go
Go
1
star
6

rekall

Docker for rekall forensic tool
Dockerfile
1
star