Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/jmhickman/Fetters

Port of Seatbelt in F#
https://github.com/jmhickman/Fetters

Last synced: 22 days ago
JSON representation

Port of Seatbelt in F#

Host: GitHub
URL: https://github.com/jmhickman/Fetters
Owner: jmhickman
License: other
Created: 2020-06-14T16:56:41.000Z (over 4 years ago)
Default Branch: master
Last Pushed: 2020-07-12T22:28:39.000Z (over 4 years ago)
Last Synced: 2024-08-05T17:25:07.785Z (4 months ago)
Language: F#
Homepage:
Size: 177 KB
Stars: 13
Watchers: 2
Forks: 2
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-hacking-lists - jmhickman/Fetters - Port of Seatbelt in F# (F# #)

README

        # Fetters

F# re-implementation of Ghostpack/Seatbelt, a Windows enumeration program for red teams and system administrators.

## Purpose

This project was for me to get comfortable with F# by implementing a program that I liked. Seatbelt is not too big, not too small, and had sufficient complexity that I would always be challenged while writing it.

It is _NOT_ a 100% compliant implementation of Seatbelt! 

Because the primary purpose was to learn F#, there are bits and bobs that I chose to not port because I found the particular piece of functionality to not be very compelling vs the number of lines of code to get it going. I'd estimate that Fetters does about 93-94% of what Seatbelt does. There are things that Fetters does that Seatbelt doesn't do, so it's not even an apples to apples comparison!

Also, Seatbelt got a massive re-write and update about 2 weeks before I wrapped up the program. This version of Fetters targetted the old version of Seatbelt, not the shiny new version. I may circle back around later and add checks. If I do so, it will probably be because I've gained enough experience to make substantial changes to Fetters in order to make it more idiomatic.

## Credits

Please check the CREDITS file for code acknowledgements.

## Improvements

I'm likely to ignore PRs, at least for the time being. This represented 2 months of work in my free time to do, and I'm quite ready to put it down and work on other things. If you want to see an improvement, feel free to submit a PR, but don't be surprised if I don't immediately respond.

## Requirements

I've tested Fetters on 64bit Windows **10** 1703 and later, Server **2012**, Windows **7** and Windows **8.1**. **Net 4.61 or later** must be present. While many checks should work if run in 32 bit mode, there is PInvoke code that, for various reasons, has statically set pointer math that will probably make things angry with smaller IntPtrs. I don't have a 32bit Windows lying around to check.

## Build

You should be able to import the Solution and simply build it. Costura is in use in order to generate a singular binary. It's kind of fat, sorry about that. FSharp.Core.dll is not distributed in the GAC because Microsoft seems to forget about it year after year.

## Use

Fetters is meant to be run at the console directly. There isn't an explicit namespace in use, so how it would interact with post exploitation frameworks via a `execute-assembly`-like command is anyone's guess. Fortunately, Windows Defender has sniffed it and largely ignored it, so until someone uses it for evil it might stay 'clean.'

The program will take any number of function names in a sequence to run. You can see a terse description of each by running `-hh`. Or you may simply specify `system` or `user` to run a pre-set series of checks. I recommend `getbasicinfo` by itself to start.