Some changes

- Switch over to [pyyed] [1] library instead of networkx for generating GraphML
- Migrate Python 2 code to Python 3
- Stick to one casing style (lowercase) for node labels (HarmJ0y#1)
- Add more trust attributes (HarmJ0y#2)

[1]: https://github.com/jamesscottbrown/pyyed

Author: snovvcrash

README.md

@@ -1,24 +1,36 @@
 TrustVisualizer
 ====================
 
-Simple Python script that takes the output from [PowerView's](https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1) `Get-DomainTrustMapping | Export-CSV -NoTypeInformation trusts.csv` and transforms it to GraphMl. This output can be visualized in any number of ways, including with the [yEd](https://www.yworks.com/products/yed) project.
+Simple Python script that takes the output from [PowerView's](https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1) `Get-DomainTrustMapping` and transforms it to GraphML. This output can be visualized in any number of ways, including with the [yEd](https://www.yworks.com/products/yed) project:
+
+```
+PS > Get-DomainTrustMapping | Export-CSV -NoTypeInformation trusts.csv
+```
 
 The graph output will represent the access direction (opposite of trust direction).
 
-Heaily adapted from @sixdub's [DomainTrustExplorer](https://github.com/sixdub/DomainTrustExplorer/) project.
-Python script for analyis of the "Trust.csv" file generated by Veil PowerView. Provides graph based analysis and output.
+Heaily adapted from @sixdub's [DomainTrustExplorer](https://github.com/sixdub/DomainTrustExplorer/) project. Python script for analyis of the "trust.csv" file generated by Veil PowerView. Provides graph based analysis and output.
 
-yEd intstructions from [DomainTrustExplorer](https://github.com/sixdub/DomainTrustExplorer/blob/master/README.md):
+yEd intstructions from [DomainTrustExplorer](https://github.com/sixdub/DomainTrustExplorer/blob/master/README.md) (tested on Mac OSX with yEd for visualization). Parsing colors and labels in yEd (GraphML):
 
-Tested on Mac OSX with yEd for visualization.
-Parsing colors and labels in yEd (GraphML):
-	-Edit->Properties Mapper
-	-Add a configuration for node
-	-Add a mapping for label/Label Text
-	-Add a configuration for edge
-	-Add a mapping for color/Line Color
+1. Edit → Properties Mapper
+2. Add a configuration for node with a mapping for label, map to "Label Text"
+3. Apply
+4. Add a configuration for edge with a mapping for color, map to "Line Color"
+5. Apply, Ok
+6. Tools → Fit Node to Label, Ok
+7. Layout → Hierarchical
 
 Setup & Requirements
 ====================
 
-pip install networkx
+* [pyyed](https://github.com/jamesscottbrown/pyyed)
+
+```
+$ pip3 install -r requirements.txt
+```
+
+References
+====================
+
+* [Domain Trusts: Why You Should Care – harmj0y](http://www.harmj0y.net/blog/redteaming/domain-trusts-why-you-should-care/)

TrustVisualizer.py

@@ -1,86 +1,90 @@
-#!/usr/bin/python
+#!/usr/bin/env python3
 
 ##############################################################################
 # Author: @harmj0y
 #
 # Based on: https://github.com/sixdub/DomainTrustExplorer by @sixdub
 #
-# Description: Usesnetworkx library to transform PowerView's updated 
+# Description: Uses pyyed (yEd) library to transform PowerView's updated
 #              Get-DomainTrustMapping functionality output to graphml
 #
 # License: BSD 3-clause
 ##############################################################################
 
-import networkx as nx
-import sys, csv
+import csv
+from os.path import basename, splitext
+from argparse import ArgumentParser
 
-if __name__ == '__main__':
-
-    if (len(sys.argv) != 2):
-        print "usage: ./TrustVisualizer.py <trust_file.csv>"
-        exit()
-
-    graph = nx.DiGraph()
-    intputFile = sys.argv[1]
-
-    with open(intputFile, 'rb') as csvfile:
-
-        reader = csv.reader(csvfile, delimiter=',')
-
-        for row in reader:
-
-            # if we have the header row, skip
-            if row[0] == 'SourceName':
-                continue
+import pyyed
 
-            # csv format:
-            #   SourceName,TargetName,TrustType,TrustAttributes,TrustDirection,WhenCreated,WhenChanged
-            ecolor = ''
-            sourceName = row[0].strip()
-            targetName = row[1].strip()
-            trustType = row[2].strip()
-            trustAttributes = row[3].strip()
-            trustDirection = row[4].strip()
+parser = ArgumentParser()
+parser.add_argument('trust_file', help='trust file in .csv format (generate with PowerView)')
+args = parser.parse_args()
 
-            # if the source and destination domains are the same, skip
-            if (sourceName == targetName):
-                continue
-
-            if (trustType == 'MIT'):
-                # black label for MIT trusts
-                ecolor ='#000000'
-
-            else:
-                if "WITHIN_FOREST" in trustAttributes:
-                    # green label for intra-forest trusts
-                    ecolor = '#009900'
-                elif (trustAttributes == "FOREST_TRANSITIVE"):
-                    # blue label for inter-forest trusts
-                    ecolor = '#0000CC'
-                elif ((trustAttributes == "") or (trustAttributes == "TREAT_AS_EXTERNAL") or (trustAttributes == "FILTER_SIDS")):
-                    # red label for external trusts
-                    ecolor = '#FF0000'
-                else:
-                    # violet label for unknown
-                    print "[-] Unrecognized trust attributes between %s and %s : %s" % (sourceName, targetName, trustAttributes)
-                    ecolor = '#EE82EE'
-
-            # add the domain nodes to the internal graph
-            graph.add_node(sourceName, label=sourceName)
-            graph.add_node(targetName, label=targetName)
-
-            # add the edges to the graph
-            if "Bidirectional" in trustDirection:
-                graph.add_edge(sourceName, targetName, color=ecolor)
-                graph.add_edge(targetName, sourceName, color=ecolor)
-            elif "Outbound" in trustDirection:
-                graph.add_edge(targetName, sourceName, color=ecolor)
-            elif "Inbound" in trustDirection:
-                graph.add_edge(sourceName, targetName, color=ecolor)
-            else:
-                print "[-] Unrecognized relationship direction between %s and %s : %s" % (sourceName, targetName, trustDirection)
-
-        outputFile = intputFile + ".graphml"
-        nx.write_graphml(graph, outputFile)
-        print "\n[+] Graphml writte to '%s'" % (outputFile)
-        print "\n[*] Note: green = within forest, red = external, blue = forest to forest, black = MIT, violet = unrecognized\n"
+if __name__ == '__main__':
+	graph = pyyed.Graph()
+
+	with open(args.trust_file, 'r', encoding='utf-8') as fd:
+		reader = csv.reader(fd, delimiter=',')
+		next(reader, None)
+
+		for row in reader:
+			# csv format:
+			#   "SourceName","TargetName","TrustType","TrustAttributes","TrustDirection","WhenCreated","WhenChanged"
+			sourceName = row[0].strip().lower()
+			targetName = row[1].strip().lower()
+			trustType = row[2].strip()
+			trustAttributes = row[3].strip()
+			trustDirection = row[4].strip()
+
+			# if the source and destination domains are the same, skip
+			if sourceName == targetName:
+				continue
+
+			if trustType == 'MIT':
+				# black label for MIT trusts
+				ecolor = '#000000'
+			else:
+				if 'WITHIN_FOREST' in trustAttributes:
+					# green label for intra-forest trusts
+					ecolor = '#009900'
+				elif 'FOREST_TRANSITIVE' in trustAttributes:
+					# blue label for inter-forest trusts
+					ecolor = '#0000CC'
+				elif trustAttributes == '' or any(attr in trustAttributes for attr in ('TREAT_AS_EXTERNAL', 'FILTER_SIDS', 'CROSS_ORGANIZATION')):
+					# red label for external trusts
+					ecolor = '#FF0000'
+				else:
+					# violet label for unknown
+					print(f'[-] Unrecognized trust attributes between {sourceName} and {targetName} : {trustAttributes}')
+					ecolor = '#EE82EE'
+
+			try:
+				# add source node to the internal graph
+				graph.add_node(sourceName, label=sourceName, shape_fill='#FFCC00')
+			# node exists
+			except RuntimeWarning:
+				pass
+
+			try:
+				# add target node to the internal graph
+				graph.add_node(targetName, label=targetName, shape_fill='#FFCC00')
+			# node exists
+			except RuntimeWarning:
+				pass
+
+			# add the edges to the graph
+			if 'Bidirectional' in trustDirection:
+				graph.add_edge(sourceName, targetName, color=ecolor)
+			elif 'Outbound' in trustDirection:
+				graph.add_edge(targetName, sourceName, color=ecolor)
+			elif 'Inbound' in trustDirection:
+				graph.add_edge(sourceName, targetName, color=ecolor)
+			else:
+				print(f'[-] Unrecognized relationship direction between {sourceName} and {targetName} : {trustDirection}' % (sourceName, targetName, trustDirection))
+
+		outputFile = splitext(basename(args.trust_file))[0] + '.graphml'
+		graph.write_graph(outputFile)
+
+		print(f'[+] Graphml writte to "{outputFile}"')
+		print('[*] Note: green = within forest, red = external, blue = forest to forest, black = MIT, violet = unrecognized')

requirements.txt

@@ -0,0 +1 @@
+pyyed