Clean up libs, add fody, make a bunch more changes

FodyWeavers.xml

@@ -1,3 +1,3 @@
 <Weavers xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="FodyWeavers.xsd">
-  <Costura />
+    <Costura/>
 </Weavers>

README.md

@@ -1,10 +1,8 @@
 ---
-owern: SpecterOps
-project: SharpHound Open Source Client
-version: *.*
+owern: SpecterOps project: SharpHound Open Source Client version: *.*
 ---
 
-# SharpHound 
+# SharpHound
 
 ```csharp
 dotnet restore .

Sharphound.csproj

@@ -1,40 +1,47 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
-  <PropertyGroup>
-    <OutputType>Exe</OutputType>
-    <TargetFramework>net462</TargetFramework>
-  </PropertyGroup>
+    <PropertyGroup>
+        <OutputType>Exe</OutputType>
+        <TargetFramework>net462</TargetFramework>
+        <LangVersion>latest</LangVersion>
+    </PropertyGroup>
 
-  <ItemGroup>
-    <Compile Remove="src\JSON\**" />
-    <Compile Remove="src\LdapWrappers\**" />
-    <Compile Remove="src\Tasks\**" />
-    <EmbeddedResource Remove="src\JSON\**" />
-    <EmbeddedResource Remove="src\LdapWrappers\**" />
-    <EmbeddedResource Remove="src\Tasks\**" />
-    <None Remove="src\JSON\**" />
-    <None Remove="src\LdapWrappers\**" />
-    <None Remove="src\Tasks\**" />
-  </ItemGroup>
+    <ItemGroup>
+        <Compile Remove="src\JSON\**" />
+        <Compile Remove="src\LdapWrappers\**" />
+        <Compile Remove="src\Tasks\**" />
+        <EmbeddedResource Remove="src\JSON\**" />
+        <EmbeddedResource Remove="src\LdapWrappers\**" />
+        <EmbeddedResource Remove="src\Tasks\**" />
+        <None Remove="src\JSON\**" />
+        <None Remove="src\LdapWrappers\**" />
+        <None Remove="src\Tasks\**" />
+    </ItemGroup>
 
-  <ItemGroup>
-    <Compile Remove="src\Core\Enums.cs" />
-  </ItemGroup>
+    <ItemGroup>
+        <Compile Remove="src\Core\Enums.cs" />
+    </ItemGroup>
 
-  <ItemGroup>
-    <PackageReference Include="DnsClient" Version="1.5.0" />
-    <PackageReference Include="Microsoft.Extensions.Logging" Version="6.0.0-preview.7.21377.19" />
-    <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="6.0.0-preview.7.21377.19" />
-    <PackageReference Include="SharpHoundCommon" Version="1.0.10" />
-    <PackageReference Include="SharpZipLib" Version="1.3.2" />
-    <PackageReference Include="System.CommandLine" Version="2.0.0-beta1.21308.1" />
-    <PackageReference Include="System.CommandLine.DragonFruit" Version="0.3.0-alpha.21216.1" />
-    <PackageReference Include="System.Threading.Channels" Version="5.0.0" />
-    <PackageReference Include="System.Threading.Tasks.Dataflow" Version="5.0.0" />
-  </ItemGroup>
+    <ItemGroup>
+        <PackageReference Include="Costura.Fody" Version="4.1.0" />
+        <PackageReference Include="Fody" Version="6.5.5">
+          <PrivateAssets>all</PrivateAssets>
+          <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
+        </PackageReference>
+        <PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="5.0.0" />
+        <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="5.0.0" />
+<!--        <PackageReference Include="SharpHoundCommon" Version="1.0.16" />-->
+        <PackageReference Include="System.Threading.Channels" Version="5.0.0" />
+        <PackageReference Include="Utf8Json" Version="1.3.7" />
+    </ItemGroup>
 
-  <ItemGroup>
-    <Reference Include="System.DirectoryServices.Protocols" />
-  </ItemGroup>
+    <ItemGroup>
+        <Reference Include="SharpHoundCommonLib, Version=1.1.0.0, Culture=neutral, PublicKeyToken=null">
+          <HintPath>..\SharpHoundCommon\src\CommonLib\bin\Debug\net462\SharpHoundCommonLib.dll</HintPath>
+        </Reference>
+        <Reference Include="System.DirectoryServices" />
+        <Reference Include="System.DirectoryServices.Protocols" />
+        <Reference Include="System.IO.Compression" />
+    </ItemGroup>
 
 </Project>

src/Client/Context.cs

@@ -1,14 +1,14 @@
-using Microsoft.Extensions.Logging;
-using SharpHound.Enums;
-using SharpHoundCommonLib;
-using SharpHoundCommonLib.Enums;
-using System;
+using System;
 using System.Collections.Generic;
 using System.Linq;
-using System.Text;
 using System.Threading;
 using System.Threading.Tasks;
-using System.Timers;
+using Microsoft.Extensions.Logging;
+using SharpHound.Enums;
+using SharpHoundCommonLib;
+using SharpHoundCommonLib.Enums;
+using SharpHoundCommonLib.LDAPQueries;
+using Timer = System.Timers.Timer;
 
 namespace SharpHound.Core.Behavior
 {
@@ -21,35 +21,135 @@ public FileExistsException(string message) : base(message)
 
     public static class ContextUtils
     {
-        public static Dictionary<string, object> Merge(this Dictionary<string, object> dict, Dictionary<string, object> delta)
+        public static Dictionary<string, object> Merge(this Dictionary<string, object> dict,
+            Dictionary<string, object> delta)
         {
             return dict.Concat(delta).ToDictionary(kvp => kvp.Key, kvp => kvp.Value);
         }
+
+        public static bool ResolveBaseCollectionMethods(IEnumerable<string> collectionMethods, bool stealth, out ResolvedCollectionMethod resolved)
+        {
+            var arr = collectionMethods.ToArray();
+            if (arr.Count() == 1)
+            {
+                arr = arr.First().Split(',');
+            }
+
+            resolved = ResolvedCollectionMethod.None;
+            foreach (var collection in arr)
+            {
+                if (!Enum.TryParse<CollectionMethodOptions>(collection, out var option))
+                {
+                    Console.WriteLine($"Failed to parse Collection Method {collection}");
+                    return false;
+                }
+
+                resolved |= option switch
+                {
+                    CollectionMethodOptions.Group => ResolvedCollectionMethod.Group,
+                    CollectionMethodOptions.Session => ResolvedCollectionMethod.Session,
+                    CollectionMethodOptions.LoggedOn => ResolvedCollectionMethod.LoggedOn,
+                    CollectionMethodOptions.Trusts => ResolvedCollectionMethod.Trusts,
+                    CollectionMethodOptions.ACL => ResolvedCollectionMethod.ACL,
+                    CollectionMethodOptions.ObjectProps => ResolvedCollectionMethod.ObjectProps,
+                    CollectionMethodOptions.RDP => ResolvedCollectionMethod.RDP,
+                    CollectionMethodOptions.DCOM => ResolvedCollectionMethod.DCOM,
+                    CollectionMethodOptions.LocalAdmin => ResolvedCollectionMethod.LocalAdmin,
+                    CollectionMethodOptions.PSRemote => ResolvedCollectionMethod.PSRemote,
+                    CollectionMethodOptions.SPNTargets => ResolvedCollectionMethod.SPNTargets,
+                    CollectionMethodOptions.Container => ResolvedCollectionMethod.Container,
+                    CollectionMethodOptions.GPOLocalGroup => ResolvedCollectionMethod.GPOLocalGroup,
+                    CollectionMethodOptions.LocalGroup => ResolvedCollectionMethod.LocalGroups,
+                    CollectionMethodOptions.Default => ResolvedCollectionMethod.Default,
+                    CollectionMethodOptions.DCOnly => ResolvedCollectionMethod.DCOnly,
+                    CollectionMethodOptions.ComputerOnly => ResolvedCollectionMethod.ComputerOnly,
+                    CollectionMethodOptions.All => ResolvedCollectionMethod.All,
+                    _ => throw new ArgumentOutOfRangeException()
+                };
+            }
+
+            if (stealth)
+            {
+                var updates = new List<string>();
+                if ((resolved & ResolvedCollectionMethod.LoggedOn) != 0)
+                {
+                    resolved ^= ResolvedCollectionMethod.LoggedOn;
+                    updates.Add("[-] Removed LoggedOn");
+                }
+
+                var localGroupRemoved = false;
+                if ((resolved & ResolvedCollectionMethod.RDP) != 0)
+                {
+                    localGroupRemoved = true;
+                    resolved ^= ResolvedCollectionMethod.RDP;
+                    updates.Add("[-] Removed RDP Collection");
+                }
+
+                if ((resolved & ResolvedCollectionMethod.DCOM) != 0)
+                {
+                    localGroupRemoved = true;
+                    resolved ^= ResolvedCollectionMethod.DCOM;
+                    updates.Add("[-] Removed DCOM Collection");
+                }
+
+                if ((resolved & ResolvedCollectionMethod.PSRemote) != 0)
+                {
+                    localGroupRemoved = true;
+                    resolved ^= ResolvedCollectionMethod.PSRemote;
+                    updates.Add("[-] Removed PSRemote Collection");
+                }
+
+                if ((resolved & ResolvedCollectionMethod.LocalAdmin) != 0)
+                {
+                    localGroupRemoved = true;
+                    resolved ^= ResolvedCollectionMethod.LocalAdmin;
+                    updates.Add("[-] Removed LocalAdmin Collection");
+                }
+
+                if (localGroupRemoved)
+                {
+                    resolved |= ResolvedCollectionMethod.GPOLocalGroup;
+                    updates.Add("[+] Added GPOLocalGroup");
+                }
+
+                if (updates.Count > 0)
+                {
+                    Console.WriteLine("Updated Collection Methods to Reflect Stealth Options");
+                    foreach (var update in updates)
+                    {
+                        Console.WriteLine(update);
+                    }
+                    Console.WriteLine();
+                }
+            }
+
+            Console.WriteLine($"Resolved Collection Methods: {resolved}");
+            Console.WriteLine();
+            return true;
+        }
     }
 
     public interface Context
     {
-        PipelineBuilder PipelineBuilder { get; set; }
         OutputTasks OutputTasks { get; set; }
-
         Flags Flags { get; set; }
         LDAPQueryOptions Options { get; set; }
         IEnumerable<string> CollectionMethods { get; set; }
-
         string LdapFilter { get; set; }
         string SearchBase { get; set; }
         string DomainName { get; set; }
         string CacheFileName { get; set; }
         string ZipFilename { get; set; }
-        System.Timers.Timer Timer { get; set; }
+        Timer Timer { get; set; }
         Cache Cache { get; set; }
         TimeSpan? LoopDuration { get; set; }
         TimeSpan? LoopInterval { get; set; }
         DateTime LoopEnd { get; set; }
         string CurrentUserName { get; set; }
-        int StatusInterval{ get; set; }
-        string RealDNSName {get; set; }
-        Task PipelineCompletionTask { get; set; }
+        int StatusInterval { get; set; }
+        int Threads { get; set; }
+        string RealDNSName { get; set; }
+        Task CollectionTask { get; set; }
         CancellationTokenSource CancellationTokenSource { get; set; }
 
         ILogger Logger { get; set; }
@@ -62,37 +162,17 @@ public interface Context
 
         int Throttle { get; set; }
         int Jitter { get; set; }
-
         int PortScanTimeout { get; set; }
 
         ResolvedCollectionMethod ResolvedCollectionMethods { get; set; }
 
         /// <summary>
-        /// Uses specified options to determine the final filename of the given file
+        ///     Does throttle and jitter for computer requests
         /// </summary>
-        /// <param name="filename"></param>
-        /// <param name="extension"></param>
-        /// <param name="addTimestamp"></param>
         /// <returns></returns>
-        string ResolveFileName(Context context, string filename, string extension, bool addTimestamp);
-
-        /// <summary>
-        /// Does throttle and jitter for computer requests
-        /// </summary>
-        /// <returns></returns>
-        Task DoDelay(Context context);
-
-        /// <summary>
-        /// Set some variables, and clear the ping cache for a new run
-        /// </summary>
-        void StartNewRun();
-
-        /// <summary>
-        /// Removes non-computer collection methods from specified ones for looping
-        /// </summary>
-        /// <returns></returns>
-        CollectionMethodResolved GetLoopCollectionMethods();
-
-        bool IsComputerCollectionSet();
+        Task DoDelay();
+        string GetCachePath();
+        ResolvedCollectionMethod SetupMethodsForLoop();
+        string ResolveFileName(string filename, string extension, bool addTimestamp);
     }
-}
+}

src/Client/Enums.cs

@@ -27,28 +27,4 @@ public enum CollectionMethodOptions
         ComputerOnly,
         All
     }
-
-    /// <summary>
-    /// Enum representing collection methods after being resolved from option sets
-    /// </summary>
-    [Flags]
-    public enum CollectionMethodResolved
-    {
-        None = 0,
-        Group = 1,
-        Sessions = 1 << 1,
-        LoggedOn = 1 << 2,
-        Trusts = 1 << 3,
-        ACL = 1 << 4,
-        ObjectProps = 1 << 5,
-        RDP = 1 << 6,
-        DCOM = 1 << 7,
-        LocalAdmin = 1 << 8,
-        PSRemote = 1 << 9,
-        SPNTargets = 1 << 10,
-        Container = 1 << 11,
-        GPOLocalGroup = 1 << 12,
-        DCOnly = 1 << 13,
-        LocalGroups = DCOM | RDP | LocalAdmin | PSRemote
-    }
 }

src/Client/Flags.cs

@@ -1,10 +1,4 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Text;
-using System.Threading.Tasks;
-
-namespace SharpHound.Core
+namespace SharpHound.Core
 {
     public class Flags
     {
@@ -36,4 +30,4 @@ public class Flags
 
         public bool StructureCollection { get; set; }
     }
-}
+}