cisagov / untitledgoosetool

Untitled Goose Tool is a robust and flexible hunt and incident response tool that adds novel authentication and data gathering methods in order to run a full investigation against a customer’s Azure Active Directory (AzureAD), Azure, and M365 environments.
Creative Commons Zero v1.0 Universal
912 stars 79 forks source link

New Issue, Goosey trying to execute a .exe with python and i cant make the gui version of the tool work. #17

Closed thebrainiak closed 1 year ago

thebrainiak commented 1 year ago

🐛 Summary

When i configure the config file, and i click Start to start to extract logs with the goose-gui, it gives me the error that it doesnt find the goose-gui file in the directory .venv\Scripts\goosey-gui. I think its because the tool is trying to open a .exe with python, how can i solve it? or its a native bug? Its crazy, cause when i use the DIR command in cmd, it shows me a .exe, but when i open the directly in windows gui its a python file. (And the problem is not the language of the name of the directory of the desktop, cause i have the same error using english language)

Steps to reproduce the behavior:

  1. I configure the config file
  2. I click at Start

Expected behavior

Extract the logs and create the file.

Any helpful log output or screenshots

gosseyerror2 gosseyerror3

gooseerror

@victoriawallace-cisa @h-m-f-t @sangling

victoriawallace-cisa commented 1 year ago

Thanks, I'll take a look at replicating the issue. It looks like you installed Python using the Microsoft store, so I should be able to replicate it soon.

victoriawallace-cisa commented 1 year ago

It looks like its an error with the gooey python module and Windows. Here's how to fix it:

  1. Download the Gooey source code from here: https://github.com/chriskiehl/Gooey/archive/refs/tags/1.0.8.1.zip
  2. Extract the .zip.
  3. Open the following file in a text editor: gooey/gooey/gui/cli.py
  4. Replace the file with the following code:
    
    import sys

from itertools import chain

from copy import deepcopy

from gooey.util.functional import compact

def buildCliString(target, cmd, positional, optional, suppress_gooey_flag=False): positionals = deepcopy(positional) if positionals: positionals.insert(0, "--")

cmd_string = ' '.join(compact(chain(optional, positionals)))

if cmd != '::gooey/default':
    cmd_string = u'{} {}'.format(cmd, cmd_string)

ignore_flag = '' if suppress_gooey_flag else '--ignore-gooey'
if sys.platform == 'win32':
    return u'{}-script.py {} {}'.format(target, ignore_flag, cmd_string)
else:
    return u'{} {} {}'.format(target, ignore_flag, cmd_string)

5. In the Gooey folder, run a `python -m pip install .` (Make sure you are in the folder for the Gooey module).
6. Re-install the untitledgoosetool as well `python -m pip install .` or `python3 -m pip install .`
7. Run `goosey-gui`

Please let us know if that fixes the issue.
victoriawallace-cisa commented 1 year ago

@thebrainiak We've fixed the issue in the latest update of Untitled Goose Tool. Please update the tool, re-install it, and try it again and let us know how it goes.