security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update T1217.yaml (#2876)

Browse Source 
* Update T1217.yaml

This test will extract Microsoft Edge browser's history of current user

* Update T1217.yaml

* Update T1217.yaml

* remove duplicate test

* Update T1217.yaml

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
This commit is contained in:
sree siva likhitha kothalanka
2024-07-24 20:01:17 +05:30
committed by GitHub
parent 33939648b7
commit ba841eba7a
1 changed files with 40 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1217/T1217.yaml
+40
View File
@@ -133,3 +133,43 @@ atomic_tests:
cleanup_command: |
rm -f #{output_file} 2>/dev/null
name: sh
- name: Extract Edge Browsing History
description: |
This test will extract Microsoft Edge browser's history of current user
supported_platforms:
- windows
input_arguments:
history_path:
description: Microsoft Edge browser history file path
type: String
default: $Env:LOCALAPPDATA\Microsoft\Edge\User Data\Default\History
dest_path:
description: Target file path to where the history to be extracted
type: String
default: $Env:USERPROFILE\Downloads\edgebrowsinghistory.txt
executor:
command: |
$URL_Regex = '(htt(p|s))://([\w-]+\.)+[\w-]+(/[\w- ./?%&=]*)*?'
$History = Get-Content -Path "#{history_path}" | Select-String -AllMatches $URL_Regex | ForEach-Object { $_.Matches.Value } | Sort -Unique
$History | Out-File -FilePath "#{dest_path}"
cleanup_command: |
Remove-Item -Path "#{dest_path}"
name: powershell
elevation_required: true
- name: Extract chrome Browsing History
description: |
This test will extract browsing history of the chrome user
supported_platforms:
- windows
executor:
command: |
$Username = (whoami).Split('\')[1]
$URL_Regex = '(htt(p|s))://([\w-]+\.)+[\w-]+(/[\w- ./?%&=]*)*?'
$History = Get-Content -Path "$Env:systemdrive\Users\$UserName\AppData\Local\Google\Chrome\User Data\Default\History" | Select-String -AllMatches $URL_Regex | ForEach-Object { $_.Matches.Value } | Sort -Unique
$History | Out-File -FilePath "$Env:USERPROFILE\Downloads\chromebrowsinghistory.txt"
cleanup_command: |
Remove-Item -Path "$Env:USERPROFILE\Downloads\chromebrowsinghistory.txt"
name: powershell
elevation_required: true