Supporte multiple company names

helviojunior · Jan 17, 2023 · dc522f1 · dc522f1
1 parent 3c23685
commit dc522f1
Show file tree

Hide file tree

Showing 6 changed files with 28 additions and 16 deletions.
diff --git a/knowsmore/__meta__.py b/knowsmore/__meta__.py
@@ -1,4 +1,4 @@
-__version__ = '0.1.26'
+__version__ = '0.1.27'
 __title__ = "knowsmore"
 __description__ = "KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes, BloodHound, NTDS and DCSync)."
 __url__ = "https://github.com/helviojunior/knowsmore"

diff --git a/knowsmore/cmd/hashes.py b/knowsmore/cmd/hashes.py
@@ -196,8 +196,10 @@ def run(self):
 
             pdata = {}
 
-            if Configuration.company != '':
-                pdata['company_similarity'] = self.password.calc_ratio(Configuration.company)
+            if len(Configuration.company) > 0:
+                pdata['company_similarity'] = sorted(
+                            [self.password.calc_ratio(n1) for n1 in Configuration.company]
+                        )[-1]
 
             self.db.insert_password_manually(self.password, **pdata)
             Logger.pl('{+} {C}Password inserted/updated{W}')
@@ -328,8 +330,10 @@ def run(self):
                                     clear_text=pre_computed[0]['password']
                                 )
 
-                                if Configuration.company != '':
-                                    pdata['company_similarity'] = password.calc_ratio(Configuration.company)
+                                if len(Configuration.company) > 0:
+                                    pdata['company_similarity'] = sorted(
+                                        [password.calc_ratio(n1) for n1 in Configuration.company]
+                                    )[-1]
 
                                 self.db.update_password(
                                     password,
@@ -354,7 +358,7 @@ def run(self):
             count = 0
             ignored = 0
 
-            if Configuration.company == '':
+            if len(Configuration.company) == 0:
                 Logger.pl(
                     '{!} {W}It is recommended import cracked passwords using the parameter {O}--company{W} because '
                     'the KnowsMore will calculate the score of similarity of the passwords and Company Name.'
@@ -413,8 +417,10 @@ def run(self):
 
                                 pdata = {}
 
-                                if Configuration.company != '':
-                                    pdata['company_similarity'] = password.calc_ratio(Configuration.company)
+                                if len(Configuration.company) > 0:
+                                    pdata['company_similarity'] = sorted(
+                                        [password.calc_ratio(n1) for n1 in Configuration.company]
+                                    )[-1]
 
                                 self.db.update_password(
                                     password,

diff --git a/knowsmore/cmd/secretsdump.py b/knowsmore/cmd/secretsdump.py
@@ -529,8 +529,10 @@ def __secret_callback(self, secret_type, secret):
             self.add_credential(secret.domain, secret.user_name, pwd.ntlm_hash)
 
             pdata = {}
-            if Configuration.company != '':
-                pdata['company_similarity'] = pwd.calc_ratio(Configuration.company)
+            if len(Configuration.company) > 0:
+                pdata['company_similarity'] = sorted(
+                    [pwd.calc_ratio(n1) for n1 in Configuration.company]
+                )[-1]
 
             self.db.insert_password_manually(pwd, **pdata)
 

diff --git a/knowsmore/config.py b/knowsmore/config.py
@@ -22,7 +22,7 @@ class Configuration(object):
     verbose = 0
     module = None
     cmd_line = ''
-    company = ''
+    company = []
 
     @staticmethod
     def initialize():
@@ -78,10 +78,10 @@ def load_from_arguments():
         Logger.pl('     {C}module:{O} %s{W}' % module.name)
 
         if args.args.company is not None and args.args.company.strip(' .,'):
-            Configuration.company = Tools.clear_string(args.args.company)
+            Configuration.company = [] + Tools.clear_string(args.args.company).split(',')
 
-        if Configuration.company != '':
-            Logger.pl('     {C}company name:{O} %s{W}' % Configuration.company)
+        if len(Configuration.company) > 0:
+            Logger.pl('     {C}company name:{O} %s{W}' % ', '.join(Configuration.company))
 
         if not module.load_from_arguments(args.args):
             Configuration.mandatory()

diff --git a/knowsmore/password.py b/knowsmore/password.py
@@ -168,8 +168,10 @@ def get_leets(self, word, index=0) -> list:
                     yield from self.get_leets(p, index + 1)
 
     def calc_ratio(self, name: str, score_cutoff: float = 0.0) -> int:
-        if name == 0:
-            name = name.lower()
+        if len(name) == 0:
+            return 0
+
+        name = name.lower()
 
         str_pass = self.bytes_password.decode("Latin-1")
 

diff --git a/knowsmore/util/tools.py b/knowsmore/util/tools.py
@@ -38,6 +38,8 @@ def permited_char(s):
             return True
         elif s == ".":
             return True
+        elif s == ",":
+            return True
         else:
             return False