from autorecon.plugins import ServiceScan
from autorecon.io import fformat

class WinRMDetection(ServiceScan):

	def __init__(self):
		super().__init__()
		self.name = 'WinRM Detection'
		self.tags = ['default', 'safe', 'winrm']

	def configure(self):
		self.match_service_name('^wsman')
		self.match_service('tcp', [5985, 5986], '^http')

	async def run(self, service):
		filename = fformat('{scandir}/{protocol}_{port}_winrm-detection.txt')
		with open(filename, mode='wt', encoding='utf8') as winrm:
			winrm.write('WinRM was possibly detected running on ' + service.protocol + ' port ' + str(service.port) + '.\nCheck _manual_commands.txt for manual commands you can run against this service.')

	def manual(self, service, plugin_was_run):
		service.add_manual_commands('Bruteforce logins:', [
			'crackmapexec winrm {address} -d ' + self.get_global('domain', default='<domain>') + ' -u ' + self.get_global('username_wordlist', default='/usr/share/seclists/Usernames/top-usernames-shortlist.txt') + ' -p ' + self.get_global('password_wordlist', default='/usr/share/seclists/Passwords/darkweb2017-top100.txt')
		])

		service.add_manual_commands('Check login (requires credentials):', [
			'crackmapexec winrm {address} -d ' + self.get_global('domain', default='<domain>') + ' -u <username> -p <password> -x "whoami"'
		])

		service.add_manual_commands('Evil WinRM (gem install evil-winrm):', [
			'evil-winrm -u <user> -p <password> -i {address}',
			'evil-winrm -u <user> -H <hash> -i {address}'
		])