g/offensive-dropbox-enterprise
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
master
offensive-dropbox-enterprise/client.py

111 lines
3.5 KiB
Python
Raw Permalink Normal View History

Base project
2021-03-15 13:54:18 +01:00
import dropbox
import sys
import json
from pprint import pprint
from hashlib import sha1
import sqlite3
# dropbox organization api key
token = "api key"
db = "{}.sqlite".format(sha1(token.encode("ascii")).hexdigest())
client = dropbox.Dropbox(token)
conn = sqlite3.connect(db)
cur = conn.cursor()
def init_db(conn, token):
conn.execute('CREATE TABLE IF NOT EXISTS users (id TEXT PRIMARY KEY, team_member_id TEXT, email TEXT, external_id TEXT, name TEXT, groups TEXT)')
members = client.members_list()
for member in members["members"]:
if "external_id" not in member["profile"]:
member["profile"]["external_id"] = None
cur.execute("INSERT INTO users (id, team_member_id, email, external_id, name, groups) VALUES (?, ?, ?, ?, ?, ?)", (member["profile"]["account_id"], member["profile"]["team_member_id"], member["profile"]["email"], member["profile"]["external_id"], member["profile"]["name"]["display_name"], json.dumps(member["profile"]["groups"])))
conn.commit()
def get_team_member_id(cur, email):
return cur.execute("SELECT team_member_id FROM users where email = ?", (email,)).fetchone()
def get_account_id(cur, email):
return cur.execute("SELECT id FROM users where email = ?", (email,)).fetchone()
def search_account(cur, query):
query = "%{}%".format(query.replace(" ", "%"))
return cur.execute("SELECT email,name FROM users where email like ? or name like ? or external_id like ? or id like ? or team_member_id like ?", (query, query, query, query, query)).fetchall()
def get_ids(cur, email):
id = get_account_id(conn, user)
team_member_id = get_team_member_id(conn, user)
if len(id) > 0 and len(team_member_id) > 0:
id = id[0]
team_member_id = team_member_id[0]
return id, team_member_id
else:
return None, None
try:
cur.execute("SELECT count(id) FROM users")
except:
init_db(conn, token)
if len(sys.argv) > 1:
cmd = sys.argv[1]
if cmd == "search":
query = sys.argv[2]
results = search_account(conn, query)
if len(results) > 0:
for result in results:
print("{}\t\t{}".format(result[0], result[1]))
elif cmd == "info":
if len(sys.argv) == 2:
pprint(client.get_info())
elif len(sys.argv) == 3:
user = user = sys.argv[2]
id, team_member_id = get_ids(cur, user)
pprint(client.get_current_account(team_member_id))
else:
user = user = sys.argv[2]
id, team_member_id = get_ids(cur, user)
operation = sys.argv[3]
if operation == "activity":
activity = client.get_events(id)
for event in activity["events"]:
for assets in event["assets"]:
print(assets["path"]["contextual"])
elif cmd == "file":
user = sys.argv[2]
operation = sys.argv[3]
path = sys.argv[4]
id, team_member_id = get_ids(cur, user)
if operation == "ls":
ls = client.list_folder(team_member_id, path, False)
for file in ls["entries"]:
print(file["path_display"])
elif operation == "tree":
tree = client.list_folder(team_member_id, path, True)
for file in tree["entries"]:
print(file["path_display"])
elif operation == "download":
file = client.download(team_member_id, path)
filename = path.split('/')[-1]
with open(filename, "wb") as f:
f.write(file)
elif operation == "info":
print(client.get_metadata(team_member_id, path))
elif cmd == "activity":
# Returns the file activity of the last 10 days
# This call wants the dbid (Dropbox ID) instead of the dbmid (Dropbox Team Member ID)
user = sys.argv[2]
id, team_member_id = get_ids(cur, user)
activity = client.get_events(id)
pprint(activity)
for event in activity["events"]:
for assets in event["assets"]:
try:
print(assets["path"]["contextual"])
except:
pass
Reference in New Issue Copy Permalink