diff --git a/ACE-WebService/src/ACEWebService/scripts/eb31cb51-0fb6-4e08-b9c6-f1b23e7fa4ce.ace b/ACE-WebService/src/ACEWebService/scripts/eb31cb51-0fb6-4e08-b9c6-f1b23e7fa4ce.ace deleted file mode 100644 index 95ad349..0000000 --- a/ACE-WebService/src/ACEWebService/scripts/eb31cb51-0fb6-4e08-b9c6-f1b23e7fa4ce.ace +++ /dev/null @@ -1,161 +0,0 @@ -function Start-AceScript -{ - param - ( - [Parameter(Mandatory = $true)] - [string] - $ServerUri, - - [Parameter(Mandatory = $true)] - [string] - $ScriptUri, - - [Parameter(Mandatory = $true)] - [string] - $Thumbprint, - - [Parameter(Mandatory = $true)] - [string] - $SweepId, - - [Parameter(Mandatory = $true)] - [string] - $ScanId, - - [Parameter(Mandatory = $true)] - [string] - $RoutingKey - ) - - # Get the FQDN of the target computer and the Timestamp of the scan itself - $HostFQDN = Get-WmiObject Win32_ComputerSystem -Property 'Name','Domain' | ForEach-Object {"$($_.Name).$($_.Domain)"} - $ResultDate = (Get-Date).ToString("yyyyMMddThhmmssmsmsZ") - - # Create a list of strings to put scan results in - $dataList = New-Object -TypeName System.Collections.Generic.List['string'] - - # Download the script to execute from the server - Invoke-AceWebRequest -Thumbprint $Thumbprint -Uri "$($ServerUri)$($ScriptUri)" - - foreach($o in (Invoke-Expression $scan.Function)) - { - $o.Add('ComputerName', $HostFQDN) - $o.Add('ScanType', $scan.ScanType) - $o.Add('SweepId', $SweepId) - $o.Add('ScanId', $ScanId) - $o.Add('ResultDate', $ResultDate) - - $message = ConvertTo-JsonV2 -InputObject $o - $dataList.Add($message) - } - - $props = @{ - ComputerName = $HostFQDN - ScanType = $scan.ScanType - RoutingKey = $scan.RoutingKey - ResultDate = $ResultDate - ScanId = $ScanId - Data = $dataList.ToArray() - } - - # Submit the results to the server - Invoke-AceWebRequest -Thumbprint $Thumbprint -Uri "$($ServerUri)/ace/result/$($SweepId)" -Body (ConvertTo-JsonV2 -InputObject $props) -} - -function ConvertTo-JsonV2 -{ - param - ( - [Parameter(Mandatory = $true)] - $InputObject - ) - - Begin - { - $null = [System.Reflection.Assembly]::LoadWithPartialName("System.Web.Extensions") - $Serializer = New-Object System.Web.Script.Serialization.JavaScriptSerializer - } - - Process - { - try - { - $Serializer.Serialize($InputObject) - } - catch - { - # Write error message to ACE to let it know that the scan failed - Invoke-AceWebRequest -Thumbprint $Thumbprint -Uri "$($Uri)/ace/result/$($SweepId)" -Body $body - } - } -} - -# Need to update to accept GET requests -function Invoke-AceWebRequest -{ - param - ( - [Parameter(Mandatory = $true)] - [string] - $Thumbprint, - - [Parameter(Mandatory = $true)] - [string] - $Uri, - - [Parameter(Mandatory = $true)] - [string] - $Body - ) - - [Net.ServicePointManager]::ServerCertificateValidationCallback = { - $Thumbprint = $Thumbprint - $certificate = [System.Security.Cryptography.X509Certificates.X509Certificate2]$args[1] - - if ($certificate -eq $null) - { - $Host.UI.WriteErrorLine("Null certificate.") - return $true - } - - if ($certificate.Thumbprint -eq $Thumbprint) - { - return $true - } - else - { - $Host.UI.WriteErrorLine("Thumbprint mismatch. Certificate thumbprint $($certificate.Thumbprint)") - } - - return $false - } - - try - { - #Write-Host "URI: $($Uri)" - - # Create web request - $WebRequest = [Net.WebRequest]::Create($uri) - $WebRequest.Method = 'Post' - $WebRequest.ContentType = 'application/json' - $WebRequest.Headers.Add('X-API-Version:1.0') - - $byteArray = [System.Text.Encoding]::UTF8.GetBytes($Body) - $Webrequest.ContentLength = $byteArray.Length - - $dataStream = $Webrequest.GetRequestStream() - $dataStream.Write($byteArray, 0, $byteArray.Length) - $dataStream.Close() - - # Get response stream - $ResponseStream = $Webrequest.GetResponse().GetResponseStream() - - # Create a stream reader and read the stream returning the string value. - $StreamReader = New-Object System.IO.StreamReader -ArgumentList $ResponseStream - $StreamReader.ReadToEnd() - } - catch - { - Write-Error "Failed: $($_.exception.innerexception.message)" - } -} \ No newline at end of file diff --git a/README.md b/README.md index 891ff33..f0b8b26 100644 --- a/README.md +++ b/README.md @@ -4,6 +4,8 @@ The Automated Collection and Enrichment (ACE) platform is a suite of tools for t ACE is meant to simplify the process of remotely collecting data across an environment by offering credential management, scheduling, centralized script management, and remote file downloading. ACE is designed to complement a SIEM by collecting data and enriching data; final analysis is best suited for SIEM tools such as Splunk, ELK, or the tools the analyst prefers. +![alt text](resources/images/ACE_Infrastructure.png "ACE Infrastructure") + ## Why use ACE? ACE grew out of the need to perform Compromise Assessments in places with common restrictions: diff --git a/resources/images/ACE_Infrastructure.png b/resources/images/ACE_Infrastructure.png new file mode 100644 index 0000000..19dea12 Binary files /dev/null and b/resources/images/ACE_Infrastructure.png differ