From 66a49d92285982fba2918c3f84d5ed5c1ba09281 Mon Sep 17 00:00:00 2001
From: QU35T-code <github@qu35t-mail.simplelogin.com>
Date: Mon, 19 Aug 2024 18:00:13 +0200
Subject: [PATCH 1/4] Add AD-miner + Remove CME

---
 sources/assets/crackmapexec/cme.conf         | 25 ------------
 sources/assets/grc/conf.cme                  | 16 --------
 sources/assets/grc/grc.conf                  |  4 --
 sources/assets/shells/aliases.d/adminer      |  1 +
 sources/assets/shells/aliases.d/crackmapexec |  2 -
 sources/assets/shells/aliases.d/netexec      |  4 +-
 sources/assets/shells/history.d/adminer      |  2 +
 sources/assets/shells/history.d/crackmapexec | 42 --------------------
 sources/install/package_ad.sh                | 26 +++++-------
 sources/install/package_most_used.sh         |  1 -
 10 files changed, 16 insertions(+), 107 deletions(-)
 delete mode 100644 sources/assets/crackmapexec/cme.conf
 delete mode 100644 sources/assets/grc/conf.cme
 create mode 100644 sources/assets/shells/aliases.d/adminer
 delete mode 100644 sources/assets/shells/aliases.d/crackmapexec
 create mode 100644 sources/assets/shells/history.d/adminer
 delete mode 100644 sources/assets/shells/history.d/crackmapexec

diff --git a/sources/assets/crackmapexec/cme.conf b/sources/assets/crackmapexec/cme.conf
deleted file mode 100644
index 521d420c9..000000000
--- a/sources/assets/crackmapexec/cme.conf
+++ /dev/null
@@ -1,25 +0,0 @@
-[CME]
-workspace = default
-last_used_db = smb
-pwn3d_label = admin
-audit_mode =
-log_mode = False
-ignore_opsec = True
-
-[BloodHound]
-bh_enabled = False
-bh_uri = 127.0.0.1
-bh_port = 7687
-bh_user = neo4j
-bh_pass = exegol4thewin
-
-[Empire]
-api_host = 127.0.0.1
-api_port = 1337
-username = empireadmin
-password = exegol4thewin
-
-[Metasploit]
-rpc_host = 127.0.0.1
-rpc_port = 55552
-password = abc123
diff --git a/sources/assets/grc/conf.cme b/sources/assets/grc/conf.cme
deleted file mode 100644
index 47576d235..000000000
--- a/sources/assets/grc/conf.cme
+++ /dev/null
@@ -1,16 +0,0 @@
-# Signing True
-regexp=signing\:True
-colours=bold green
-=======
-# Signing False
-regexp=signing\:False
-colours=bold red
-=======
-# SMB1 True
-regexp=SMBv1\:True
-colours=yellow
-=======
-# SMBv1 False
-regexp=SMBv1\:False
-colours=blue
-=======
\ No newline at end of file
diff --git a/sources/assets/grc/grc.conf b/sources/assets/grc/grc.conf
index 1f6d52dd6..8156df4cf 100644
--- a/sources/assets/grc/grc.conf
+++ b/sources/assets/grc/grc.conf
@@ -1,7 +1,3 @@
-# cme
-(^|[/\w\.]+/)g?crackmapexec\s?
-conf.cme
-
 # rbcd
 (^|[/\w\.]+/)g?rbcd.py\s?
 conf.rbcd
diff --git a/sources/assets/shells/aliases.d/adminer b/sources/assets/shells/aliases.d/adminer
new file mode 100644
index 000000000..ba5f13447
--- /dev/null
+++ b/sources/assets/shells/aliases.d/adminer
@@ -0,0 +1 @@
+alias adminer=AD-miner
\ No newline at end of file
diff --git a/sources/assets/shells/aliases.d/crackmapexec b/sources/assets/shells/aliases.d/crackmapexec
deleted file mode 100644
index 824111b7c..000000000
--- a/sources/assets/shells/aliases.d/crackmapexec
+++ /dev/null
@@ -1,2 +0,0 @@
-alias cme-neo4j-enable='sed -i "s/bh_enabled = False/bh_enabled = True/" ~/.cme/cme.conf'
-alias cme-neo4j-disable='sed -i "s/bh_enabled = True/bh_enabled = False/" ~/.cme/cme.conf'
\ No newline at end of file
diff --git a/sources/assets/shells/aliases.d/netexec b/sources/assets/shells/aliases.d/netexec
index a06f77142..c2038f304 100644
--- a/sources/assets/shells/aliases.d/netexec
+++ b/sources/assets/shells/aliases.d/netexec
@@ -1,2 +1,4 @@
 alias netexec-neo4j-enable='sed -i "s/bh_enabled = False/bh_enabled = True/" ~/.nxc/nxc.conf'
-alias netexec-neo4j-disable='sed -i "s/bh_enabled = True/bh_enabled = False/" ~/.nxc/nxc.conf'
\ No newline at end of file
+alias netexec-neo4j-disable='sed -i "s/bh_enabled = True/bh_enabled = False/" ~/.nxc/nxc.conf'
+alias crackmapexec='echo "crackmapexec has been replaced with netexec"'
+alias cme=crackmapexec
\ No newline at end of file
diff --git a/sources/assets/shells/history.d/adminer b/sources/assets/shells/history.d/adminer
new file mode 100644
index 000000000..6f93b70cd
--- /dev/null
+++ b/sources/assets/shells/history.d/adminer
@@ -0,0 +1,2 @@
+AD-miner -c -cf My_Report u $USERNAME -p $PASSWORD
+adminer -c -cf My_Report -u $USERNAME -p $PASSWORD
\ No newline at end of file
diff --git a/sources/assets/shells/history.d/crackmapexec b/sources/assets/shells/history.d/crackmapexec
deleted file mode 100644
index ed4af65c7..000000000
--- a/sources/assets/shells/history.d/crackmapexec
+++ /dev/null
@@ -1,42 +0,0 @@
-crackmapexec smb --list-modules
-crackmapexec ldap "$DC_HOST" -d "$DOMAIN" -u "$USER" -p "$PASSWORD" -M maq
-crackmapexec ldap "$DC_HOST" -d "$DOMAIN" -u "$USER" -p "$PASSWORD"
-crackmapexec ldap "$DC_HOST" -d "$DOMAIN" -u "$USER" -p "$PASSWORD" --asreproast ASREProastables.txt --kdcHost "$DC_HOST"
-crackmapexec ldap "$DC_HOST" -d "$DOMAIN" -u "$USER" -p "$PASSWORD" --kerberoasting Kerberoastables.txt --kdcHost "$DC_HOST"
-crackmapexec smb "$TARGET" --continue-on-success --no-bruteforce -u users.txt -p passwords.txt
-crackmapexec smb "$TARGET" --continue-on-success -u users.txt -p passwords.txt
-crackmapexec smb "$TARGET" --local-auth -u "$USER" -H "$NT_HASH" -M enum_avproducts
-crackmapexec smb "$TARGET" --local-auth -u "$USER" -H "$NT_HASH" -M mimikatz
-crackmapexec smb "$TARGET" -u '' -p '' --pass-pol
-crackmapexec smb 192.168.56.0/24 --gen-relay-list smb_targets.txt
-crackmapexec smb 192.168.56.0/24 --local-auth -u '' -p ''
-crackmapexec smb 192.168.56.0/24 -u "$USER" -p "$PASSWORD" --loggedon-users
-crackmapexec smb 192.168.56.0/24 -u "$USER" -p "$PASSWORD" --sessions
-crackmapexec smb 192.168.56.0/24 -u "$USER" -p "$PASSWORD" --shares
-crackmapexec smb 192.168.56.0/24 -u '' -p '' --shares
-crackmapexec smb "$IP" -u "$USER" -p "$PASSWORD" -M noPac
-crackmapexec smb "$IP" -u "$USER" -p "$PASSWORD" -M petitpotam
-crackmapexec smb "$IP" -u '' -p '' -M zerologon
-crackmapexec smb "$IP" -u '' -p '' -M ms17-010
-crackmapexec smb "$IP" -u '' -p '' -M ioxidresolver
-cme smb --list-modules
-cme ldap "$DC_HOST" -d "$DOMAIN" -u "$USER" -p "$PASSWORD" -M maq
-cme ldap "$DC_HOST" -d "$DOMAIN" -u "$USER" -p "$PASSWORD"
-cme ldap "$DC_HOST" -d "$DOMAIN" -u "$USER" -p "$PASSWORD" --asreproast ASREProastables.txt --kdcHost "$DC_HOST"
-cme ldap "$DC_HOST" -d "$DOMAIN" -u "$USER" -p "$PASSWORD" --kerberoasting Kerberoastables.txt --kdcHost "$DC_HOST"
-cme smb "$TARGET" --continue-on-success --no-bruteforce -u users.txt -p passwords.txt
-cme smb "$TARGET" --continue-on-success -u users.txt -p passwords.txt
-cme smb "$TARGET" --local-auth -u "$USER" -H "$NT_HASH" -M enum_avproducts
-cme smb "$TARGET" --local-auth -u "$USER" -H "$NT_HASH" -M mimikatz
-cme smb "$TARGET" -u '' -p '' --pass-pol
-cme smb 192.168.56.0/24 --gen-relay-list smb_targets.txt
-cme smb 192.168.56.0/24 --local-auth -u '' -p ''
-cme smb 192.168.56.0/24 -u "$USER" -p "$PASSWORD" --loggedon-users
-cme smb 192.168.56.0/24 -u "$USER" -p "$PASSWORD" --sessions
-cme smb 192.168.56.0/24 -u "$USER" -p "$PASSWORD" --shares
-cme smb 192.168.56.0/24 -u '' -p '' --shares
-cme smb "$IP" -u "$USER" -p "$PASSWORD" -M noPac
-cme smb "$IP" -u "$USER" -p "$PASSWORD" -M petitpotam
-cme smb "$IP" -u '' -p '' -M zerologon
-cme smb "$IP" -u '' -p '' -M ms17-010
-cme smb "$IP" -u '' -p '' -M ioxidresolver
diff --git a/sources/install/package_ad.sh b/sources/install/package_ad.sh
index c4d65e124..0566c356e 100644
--- a/sources/install/package_ad.sh
+++ b/sources/install/package_ad.sh
@@ -101,21 +101,6 @@ function install_ldapdomaindump() {
     add-to-list "ldapdomaindump,https://github.com/dirkjanm/ldapdomaindump,A tool for dumping domain data from an LDAP service"
 }
 
-function install_crackmapexec() {
-    colorecho "Installing CrackMapExec"
-    git -C /opt/tools/ clone --depth 1 https://github.com/Porchetta-Industries/CrackMapExec
-    pipx install --system-site-packages /opt/tools/CrackMapExec/
-    mkdir -p ~/.cme
-    [[ -f ~/.cme/cme.conf ]] && mv ~/.cme/cme.conf ~/.cme/cme.conf.bak
-    cp -v /root/sources/assets/crackmapexec/cme.conf ~/.cme/cme.conf
-    # below is for having the ability to check the source code when working with modules and so on
-    cp -v /root/sources/assets/grc/conf.cme /usr/share/grc/conf.cme
-    add-aliases crackmapexec
-    add-history crackmapexec
-    add-test-command "crackmapexec --help"
-    add-to-list "crackmapexec,https://github.com/Porchetta-Industries/CrackMapExec,Network scanner."
-}
-
 function install_bloodhound-py() {
     colorecho "Installing and Python ingestor for BloodHound"
     pipx install --system-site-packages git+https://github.com/fox-it/BloodHound.py
@@ -1402,6 +1387,15 @@ function install_conpass() {
     add-to-list "conpass,https://github.com/login-securite/conpass,Python tool for continuous password spraying taking into account the password policy."
 }
 
+function install_adminer() {
+    colorecho "Installing adminer"
+    pipx install git+https://github.com/Mazars-Tech/AD_Miner
+    add-aliases adminer
+    add-history adminer
+    add-test-command "adminer --help"
+    add-to-list "AD-miner,https://github.com/Mazars-Tech/AD_Miner,Active Directory audit tool that leverages cypher queries."
+}
+
 # Package dedicated to internal Active Directory tools
 function package_ad() {
     set_env
@@ -1413,7 +1407,6 @@ function package_ad() {
     install_pretender
     install_responder               # LLMNR, NBT-NS and MDNS poisoner
     install_ldapdomaindump
-    install_crackmapexec            # Network scanner
     install_sprayhound              # Password spraying tool
     install_smartbrute              # Password spraying tool
     install_bloodhound-py           # ingestor for legacy BloodHound
@@ -1507,6 +1500,7 @@ function package_ad() {
     install_sccmwtf                # This code is designed for exploring SCCM in a lab.
     install_smbclientng
     install_conpass                # Python tool for continuous password spraying taking into account the password policy.
+    install_adminer
     end_time=$(date +%s)
     local elapsed_time=$((end_time - start_time))
     colorecho "Package ad completed in $elapsed_time seconds."
diff --git a/sources/install/package_most_used.sh b/sources/install/package_most_used.sh
index 8f488846e..b2856f53a 100644
--- a/sources/install/package_most_used.sh
+++ b/sources/install/package_most_used.sh
@@ -73,7 +73,6 @@ function package_most_used() {
     install_gittools                # Dump a git repository from a website
     install_ysoserial               # Deserialization payloads
     install_responder               # LLMNR, NBT-NS and MDNS poisoner
-    install_crackmapexec            # Network scanner
     install_impacket                # Network protocols scripts
     install_enum4linux-ng           # Active Directory enumeration tool, improved Python alternative to enum4linux
     install_smbmap                  # Allows users to enumerate samba share drives across an entire domain

From 7fb39ef9bc00d41ab82e99a7c155f5a3a6ea0b0c Mon Sep 17 00:00:00 2001
From: QU35T-code <github@qu35t-mail.simplelogin.com>
Date: Mon, 19 Aug 2024 18:00:26 +0200
Subject: [PATCH 2/4] Fix sherlock installation

---
 sources/install/package_osint.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sources/install/package_osint.sh b/sources/install/package_osint.sh
index 7bd7f04fe..5699f0ca2 100644
--- a/sources/install/package_osint.sh
+++ b/sources/install/package_osint.sh
@@ -499,7 +499,7 @@ function install_blackbird() {
 function install_sherlock() {
     # CODE-CHECK-WHITELIST=add-aliases
     colorecho "Installing Sherlock"
-    pipx install git+https://github.com/sherlock-project/sherlock
+    pipx install sherlock-project
     add-history sherlock
     add-test-command "sherlock --help"
     add-to-list "Sherlock,https://github.com/sherlock-project/sherlock,Hunt down social media accounts by username across social networks."

From 72afbb2378b5697bd9666ecd8c2af08e0294fc49 Mon Sep 17 00:00:00 2001
From: QU35T-code <github@qu35t-mail.simplelogin.com>
Date: Mon, 19 Aug 2024 18:00:34 +0200
Subject: [PATCH 3/4] Remove cewler temp fix

---
 sources/install/package_wordlists.sh | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/sources/install/package_wordlists.sh b/sources/install/package_wordlists.sh
index 649e1e5fc..ed0737a4f 100644
--- a/sources/install/package_wordlists.sh
+++ b/sources/install/package_wordlists.sh
@@ -35,13 +35,6 @@ function install_cewler() {
     # CODE-CHECK-WHITELIST=add-aliases
     colorecho "Installing cewler"
     pipx install --system-site-packages cewler
-    # https://github.com/roys/cewler/pull/5
-    local temp_fix_limit="2024-09-01"
-    if [[ "$(date +%Y%m%d)" -gt "$(date -d $temp_fix_limit +%Y%m%d)" ]]; then
-      criticalecho "Temp fix expired. Exiting."
-    else
-        pipx inject cewler pypdf==4.0.1
-    fi
     add-history cewler
     add-test-command "cewler --output cewler.txt https://thehacker.recipes/"
     add-to-list "cewler,https://github.com/roys/cewler,CeWL alternative in Python"

From 0a9d2e3051130160eb1a07a1f939b82e36ebf24e Mon Sep 17 00:00:00 2001
From: QU35T-code <github@qu35t-mail.simplelogin.com>
Date: Mon, 19 Aug 2024 19:47:02 +0200
Subject: [PATCH 4/4] Fix useless cme file

---
 sources/install/package_ad.sh | 1 -
 1 file changed, 1 deletion(-)

diff --git a/sources/install/package_ad.sh b/sources/install/package_ad.sh
index 0566c356e..3dc7e5c48 100644
--- a/sources/install/package_ad.sh
+++ b/sources/install/package_ad.sh
@@ -1220,7 +1220,6 @@ function install_netexec() {
     mkdir -p ~/.nxc
     [[ -f ~/.nxc/nxc.conf ]] && mv ~/.nxc/nxc.conf ~/.nxc/nxc.conf.bak
     cp -v /root/sources/assets/netexec/nxc.conf ~/.nxc/nxc.conf
-    cp -v /root/sources/assets/grc/conf.cme /usr/share/grc/conf.cme
     add-aliases netexec
     add-history netexec
     add-test-command "netexec --help"