From 7953003fad867d9d1f295eeed01f424a54cf082d Mon Sep 17 00:00:00 2001 From: DReneau <53024966+DReneau@users.noreply.github.com> Date: Sat, 26 Oct 2024 11:50:27 -0700 Subject: [PATCH 01/13] Added Ollama-AI Compound Module --- Modules/Compound/Ollama-AI.mkape | 37 ++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 Modules/Compound/Ollama-AI.mkape diff --git a/Modules/Compound/Ollama-AI.mkape b/Modules/Compound/Ollama-AI.mkape new file mode 100644 index 000000000..3b19fb7ca --- /dev/null +++ b/Modules/Compound/Ollama-AI.mkape @@ -0,0 +1,37 @@ +Description: Ollama-AI Parsers +Category: Modules +Author: DReneau +Version: 1.0 +Id: 4e934950-54e4-4c6d-a1de-cb24e3872f5e +ExportFormat: txt +Processors: + - + Executable: PowerShell_Ollama_AI_Blobs.mkape + CommandLine: "" + ExportFormat: "" + - + Executable: PowerShell_Ollama_AI_Keys.mkape + CommandLine: "" + ExportFormat: "" + - + Executable: PowerShell_Ollama_AI_Manifests.mkape + CommandLine: "" + ExportFormat: "" + - + Executable: PowerShell_Ollama_AI_Models.mkape + CommandLine: "" + ExportFormat: "" + - + Executable: PowerShell_Docker_Containers.mkape + CommandLine: "" + ExportFormat: "" + - + Executable: PowerShell_Ollama_AI_cve-2024-37032.mkape + CommandLine: "" + ExportFormat: "" + +# Documentation +# https://www.youtube.com/watch?v=aHhQvxwkuuw +# Ollama is used for self-hosted AI inference, and it supports many models out of the box. +# Ollama serves as the backend for common AI projects such as OpenWebUI, among others. +# .\kape.exe --msource c:\ --mdest k:\case-12345\Kape\mout --module ollama-ai From c81fdf2dddc52bda269804c2c1a6d49d5c2c0318 Mon Sep 17 00:00:00 2001 From: DReneau <53024966+DReneau@users.noreply.github.com> Date: Sat, 26 Oct 2024 11:53:34 -0700 Subject: [PATCH 02/13] Ollama-AI Parser Upload Blobs, Keys, Manifests, Models, and CVE-2024-37032 Checker. --- Modules/Apps/PowerShell_Ollama_AI_Blobs.mkape | 16 +++++++++++++++ Modules/Apps/PowerShell_Ollama_AI_Keys.mkape | 18 +++++++++++++++++ .../Apps/PowerShell_Ollama_AI_Manifests.mkape | 19 ++++++++++++++++++ .../Apps/PowerShell_Ollama_AI_Models.mkape | 19 ++++++++++++++++++ .../PowerShell_Ollama_AI_cve-2024-37032.mkape | 20 +++++++++++++++++++ 5 files changed, 92 insertions(+) create mode 100644 Modules/Apps/PowerShell_Ollama_AI_Blobs.mkape create mode 100644 Modules/Apps/PowerShell_Ollama_AI_Keys.mkape create mode 100644 Modules/Apps/PowerShell_Ollama_AI_Manifests.mkape create mode 100644 Modules/Apps/PowerShell_Ollama_AI_Models.mkape create mode 100644 Modules/Apps/PowerShell_Ollama_AI_cve-2024-37032.mkape diff --git a/Modules/Apps/PowerShell_Ollama_AI_Blobs.mkape b/Modules/Apps/PowerShell_Ollama_AI_Blobs.mkape new file mode 100644 index 000000000..c3881a237 --- /dev/null +++ b/Modules/Apps/PowerShell_Ollama_AI_Blobs.mkape @@ -0,0 +1,16 @@ +Description: Ollama-AI Blob Files +Category: PowerShell +Author: DReneau +Version: 1.0 +Id: a31a4412-f6d4-4098-9ba1-feba2f96ad57 +ExportFormat: txt +Processors: + - Executable: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe + CommandLine: "$destinationPath = '%DestinationDirectory%\\ollama_combined_blobs.txt'; $usersPath = Join-Path '%SourceDirectory%' 'Users'; Get-ChildItem -Path $usersPath -Directory | ForEach-Object { $modelsPath = Join-Path $_.FullName '.ollama\\models\\blobs'; if (Test-Path $modelsPath) { Get-ChildItem -Path $modelsPath -File | Where-Object { $_.Length -lt 2KB } | ForEach-Object { $fileContent = Get-Content -Path $_.FullName -Raw -ErrorAction SilentlyContinue; if ($fileContent -match '\"model_format\"') { $entry = ('{0} | {1}' -f $_.Name, $fileContent); Add-Content -Path $destinationPath -Value $entry; Add-Content -Path $destinationPath -Value \"`r`n\"; } } } }" + ExportFormat: txt + +# Documentation +# https://ollama.com/blog | https://github.com/ollama/ollama | https://hub.docker.com/r/ollama/ollama +# Ollama is used for self-hosted AI inference, and it supports many models out of the box. +# Ollama serves as the backend for common AI projects such as OpenWebUI, among others. +#.\kape.exe --msource c:\ --mdest k:\case-12345\Kape\mout --module powershell_ollama_ai_blobs diff --git a/Modules/Apps/PowerShell_Ollama_AI_Keys.mkape b/Modules/Apps/PowerShell_Ollama_AI_Keys.mkape new file mode 100644 index 000000000..df3f72b29 --- /dev/null +++ b/Modules/Apps/PowerShell_Ollama_AI_Keys.mkape @@ -0,0 +1,18 @@ +Description: Ollama-AI Private-Public Key Finder +Category: PowerShell +Author: DReneau +Version: 1.0 +Id: f5a65250-42bd-4c11-80dd-4ab621e0c8b8 +ExportFormat: TXT +Processors: + - + Executable: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe + CommandLine: "$users = Get-ChildItem -Path '%SourceDirectory%\\Users' -Directory; foreach ($user in $users) { $ollamaPath = Join-Path $user.FullName '.ollama'; $privateKeyPath = Join-Path $ollamaPath 'id_*'; $publicKeyPath = Join-Path $ollamaPath '*.pub'; if (Test-Path $ollamaPath) { $privateKey = Get-ChildItem -Path $privateKeyPath -Exclude *.pub | ForEach-Object { $content = Get-Content -Path $_.FullName -Raw; [PSCustomObject]@{ Name = $_.Name; FilePath = $_.FullName; KeyLocated = $content } }; $privateKeyOutput = $privateKey | ForEach-Object { 'Name: ' + $_.Name + [System.Environment]::NewLine + [System.Environment]::NewLine + 'FilePath: ' + $_.FilePath + [System.Environment]::NewLine + [System.Environment]::NewLine + 'Key: ' + $_.KeyLocated + [System.Environment]::NewLine + [System.Environment]::NewLine }; Set-Content -Path '%destinationDirectory%\\ollama_privatekey.txt' -Value $privateKeyOutput -Encoding UTF8; if (Test-Path $publicKeyPath) { $publicKey = Get-ChildItem -Path $publicKeyPath | ForEach-Object { $pubContent = Get-Content -Path $_.FullName -Raw; 'Name: ' + $_.Name + [System.Environment]::NewLine + [System.Environment]::NewLine + 'FilePath: ' + $_.FullName + [System.Environment]::NewLine + [System.Environment]::NewLine + 'Key: ' + $pubContent + [System.Environment]::NewLine + [System.Environment]::NewLine }; Set-Content -Path '%destinationDirectory%\\ollama_publickey.txt' -Value $publicKey -Encoding UTF8 } } }" + ExportFormat: TXT + +# Documentation +# https://ollama.com/blog | https://github.com/ollama/ollama | https://hub.docker.com/r/ollama/ollama +# Ollama is used for self-hosted AI inference, and it supports many models out of the box. +# Ollama serves as the backend for common AI projects such as OpenWebUI, among others. +# The code will identify the installed Models, the Model Integrity hash and the Ollama PrivateKey. +#.\kape.exe --msource c:\ --mdest k:\case-12345\Kape\mout --module powershell_ollama_ai_keys diff --git a/Modules/Apps/PowerShell_Ollama_AI_Manifests.mkape b/Modules/Apps/PowerShell_Ollama_AI_Manifests.mkape new file mode 100644 index 000000000..b6702dc22 --- /dev/null +++ b/Modules/Apps/PowerShell_Ollama_AI_Manifests.mkape @@ -0,0 +1,19 @@ +Description: Ollama-AI Manifests +Category: PowerShell +Author: DReneau +Version: 1.0 +Id: 48146441-174c-43a6-8dd0-8c317f1004e2 +ExportFormat: txt +Processors: + - + Executable: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe + CommandLine: "$destinationPath = '%destinationDirectory%\\ollama_combined_manifests.txt'; Remove-Item -Path $destinationPath -ErrorAction SilentlyContinue; $users = Get-ChildItem -Path '%SourceDirectory%\\Users' -Directory; foreach ($user in $users) { $ollamaPath = Join-Path $user.FullName '.ollama'; if (Test-Path $ollamaPath) { $modelsPath = Join-Path $ollamaPath 'models\\manifests'; if (Test-Path $modelsPath) { Get-ChildItem -Path $modelsPath -Recurse -File | ForEach-Object { $modelName = $_.Name; $fileContent = Get-Content -Path $_.FullName -Raw -ErrorAction SilentlyContinue; if ($fileContent -match '\"mediaType\"') { $entry = ('{0} | {1}' -f $_.FullName, $fileContent); Add-Content -Path $destinationPath -Value $entry; Add-Content -Path $destinationPath -Value \"`r`n`r`n\"; } } } } }" + ExportFormat: txt + +# Documentation +# https://ollama.com/blog | https://github.com/ollama/ollama | https://hub.docker.com/r/ollama/ollama +# Ollama is used for self-hosted AI inference, and it supports many models out of the box. +# Ollama serves as the backend for common AI projects such as OpenWebUI, among others. +# The code will identify the installed Models, the Model Integrity hash and the Ollama PrivateKey. +#.\kape.exe --msource c:\ --mdest k:\case-12345\Kape\mout --module powershell_ollama_ai_manifests +# https://www.wiz.io/blog/probllama-ollama-vulnerability-cve-2024-37032 diff --git a/Modules/Apps/PowerShell_Ollama_AI_Models.mkape b/Modules/Apps/PowerShell_Ollama_AI_Models.mkape new file mode 100644 index 000000000..9cc248f31 --- /dev/null +++ b/Modules/Apps/PowerShell_Ollama_AI_Models.mkape @@ -0,0 +1,19 @@ +Description: Ollama-AI Installed LLM's +Category: PowerShell +Author: DReneau +Version: 1.0 +Id: d165b496-55d9-480a-a592-b80dd50e2e14 +ExportFormat: CSV +Processors: + - + Executable: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe + CommandLine: "$users = Get-ChildItem -Path '%SourceDirectory%\\Users' -Directory; foreach ($user in $users) { $ollamaPath = Join-Path $user.FullName '.ollama'; if (Test-Path $ollamaPath) { $outputPath = '%destinationDirectory%\\ollama_models_identified.csv'; Remove-Item $outputPath -ErrorAction SilentlyContinue; $manifestsPath = Join-Path $ollamaPath 'models\\manifests'; $legitPath = Join-Path $manifestsPath 'registry.ollama.ai\\library'; $allModels = Get-ChildItem -Path $manifestsPath -Directory -Recurse | Where-Object { $_.Name -notin @('registry.ollama.ai', 'library') -and (Get-ChildItem -Path $_.FullName -File -ErrorAction SilentlyContinue | Where-Object { $_.Extension -eq '' }) } | ForEach-Object { $modelName = $_.Name; $modelFile = Get-ChildItem -Path $_.FullName -File -ErrorAction SilentlyContinue | Select-Object -First 1; $isLegit = if ($_.FullName -match [regex]::Escape($legitPath)) { 'Ollama Repo' } else { 'Non Ollama Repo' }; if ($modelFile -and (Test-Path $modelFile.FullName)) { try { $jsonContent = Get-Content -Path $modelFile.FullName -Raw -ErrorAction Stop | ConvertFrom-Json; $modelIntegrity = ($jsonContent.layers | Where-Object { $_.mediaType -eq 'application/vnd.ollama.image.model' }).digest; $sizeInGB = '{0:N1} GB' -f (($jsonContent.layers | Measure-Object -Property size -Sum).Sum / 1GB); $modifiedDate = (Get-Item $modelFile.FullName).LastWriteTime.ToString('g'); } catch { $modelIntegrity = 'Parsing Error'; $sizeInGB = 'Unknown'; $modifiedDate = 'Unknown'; } } else { $modelIntegrity = 'Not Found'; $sizeInGB = 'Unknown'; $modifiedDate = 'Unknown'; $modelFile = 'Access Denied' }; [PSCustomObject]@{ Name = $modelName; Sha = $modelIntegrity.Split(':')[1]; Size = $sizeInGB; Modified = $modifiedDate; Path = $modelFile.FullName; 'Source' = $isLegit } }; $allModels | Export-Csv -Path $outputPath -NoTypeInformation -Force } }" + ExportFormat: CSV + +# Documentation +# Yaml will identify Ollama models and identify if they are downloaded from official Ollama repo or not. +# https://ollama.com/blog | https://github.com/ollama/ollama | https://hub.docker.com/r/ollama/ollama +# Ollama is used for self-hosted AI inference, and it supports many models out of the box. +# Ollama serves as the backend for common AI projects such as OpenWebUI, among others. +# The code will identify the installed Models, the Model Integrity hash and the Ollama PrivateKey. +#.\kape.exe --msource c:\ --mdest k:\case-12345\Kape\mout --module powershell_ollama_ai_models diff --git a/Modules/Apps/PowerShell_Ollama_AI_cve-2024-37032.mkape b/Modules/Apps/PowerShell_Ollama_AI_cve-2024-37032.mkape new file mode 100644 index 000000000..0502e2031 --- /dev/null +++ b/Modules/Apps/PowerShell_Ollama_AI_cve-2024-37032.mkape @@ -0,0 +1,20 @@ +Description: Ollama-AI Manifest Path Traversal Scanner +Category: PowerShell +Author: DReneau +Version: 1.0 +Id: ce916f46-4160-4953-b635-3071494ab50b +ExportFormat: txt +Processors: + - + Executable: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe + CommandLine: "$destinationPath = '%destinationDirectory%\\ollama_path_traversal_check.txt'; Remove-Item -Path $destinationPath -ErrorAction SilentlyContinue; $users = Get-ChildItem -Path '%SourceDirectory%\\Users' -Directory; foreach ($user in $users) { $ollamaPath = Join-Path $user.FullName '.ollama'; if (Test-Path $ollamaPath) { $modelsPath = Join-Path $ollamaPath 'models\\manifests'; if (Test-Path $modelsPath) { Get-ChildItem -Path $modelsPath -Recurse -File | ForEach-Object { $modelName = $_.Name; $fileContent = Get-Content -Path $_.FullName -Raw -ErrorAction SilentlyContinue; if ($fileContent -match '(\\..\\/)+|traversal') { $entry = ('{0} | {1}' -f $_.FullName, $fileContent.Substring(0, [Math]::Min($fileContent.Length, 200)) + '...'); Add-Content -Path $destinationPath -Value $entry; Add-Content -Path $destinationPath -Value \"`r`n`r`n\"; } } } } }" + ExportFormat: txt + +# Documentation +# https://ollama.com/blog | https://github.com/ollama/ollama | https://hub.docker.com/r/ollama/ollama +# Ollama is used for self-hosted AI inference, and it supports many models out of the box. +# Ollama serves as the backend for common AI projects such as OpenWebUI, among others. +# The code will identify the installed Models, the Model Integrity hash and the Ollama PrivateKey. +#.\kape.exe --msource c:\ --mdest k:\case-12345\Kape\mout --module powershell_ollama_ai_cve-2024-37032 +# https://www.wiz.io/blog/probllama-ollama-vulnerability-cve-2024-37032 +# https://owasp.org/www-community/attacks/Path_Traversal From 477f254cb6165ad07d780310c423353f4102b31b Mon Sep 17 00:00:00 2001 From: DReneau <53024966+DReneau@users.noreply.github.com> Date: Sat, 26 Oct 2024 11:59:02 -0700 Subject: [PATCH 03/13] Update PowerShell_Ollama_AI_Keys.mkape Trailing spaces. --- Modules/Apps/PowerShell_Ollama_AI_Keys.mkape | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/Apps/PowerShell_Ollama_AI_Keys.mkape b/Modules/Apps/PowerShell_Ollama_AI_Keys.mkape index df3f72b29..0408bc19a 100644 --- a/Modules/Apps/PowerShell_Ollama_AI_Keys.mkape +++ b/Modules/Apps/PowerShell_Ollama_AI_Keys.mkape @@ -5,7 +5,7 @@ Version: 1.0 Id: f5a65250-42bd-4c11-80dd-4ab621e0c8b8 ExportFormat: TXT Processors: - - + - Executable: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe CommandLine: "$users = Get-ChildItem -Path '%SourceDirectory%\\Users' -Directory; foreach ($user in $users) { $ollamaPath = Join-Path $user.FullName '.ollama'; $privateKeyPath = Join-Path $ollamaPath 'id_*'; $publicKeyPath = Join-Path $ollamaPath '*.pub'; if (Test-Path $ollamaPath) { $privateKey = Get-ChildItem -Path $privateKeyPath -Exclude *.pub | ForEach-Object { $content = Get-Content -Path $_.FullName -Raw; [PSCustomObject]@{ Name = $_.Name; FilePath = $_.FullName; KeyLocated = $content } }; $privateKeyOutput = $privateKey | ForEach-Object { 'Name: ' + $_.Name + [System.Environment]::NewLine + [System.Environment]::NewLine + 'FilePath: ' + $_.FilePath + [System.Environment]::NewLine + [System.Environment]::NewLine + 'Key: ' + $_.KeyLocated + [System.Environment]::NewLine + [System.Environment]::NewLine }; Set-Content -Path '%destinationDirectory%\\ollama_privatekey.txt' -Value $privateKeyOutput -Encoding UTF8; if (Test-Path $publicKeyPath) { $publicKey = Get-ChildItem -Path $publicKeyPath | ForEach-Object { $pubContent = Get-Content -Path $_.FullName -Raw; 'Name: ' + $_.Name + [System.Environment]::NewLine + [System.Environment]::NewLine + 'FilePath: ' + $_.FullName + [System.Environment]::NewLine + [System.Environment]::NewLine + 'Key: ' + $pubContent + [System.Environment]::NewLine + [System.Environment]::NewLine }; Set-Content -Path '%destinationDirectory%\\ollama_publickey.txt' -Value $publicKey -Encoding UTF8 } } }" ExportFormat: TXT From d3b4475216498ea589de61df0d065cb6a55617ca Mon Sep 17 00:00:00 2001 From: DReneau <53024966+DReneau@users.noreply.github.com> Date: Sat, 26 Oct 2024 12:01:14 -0700 Subject: [PATCH 04/13] Update PowerShell_Ollama_AI_Blobs.mkape Trailing spaces fix. --- Modules/Apps/PowerShell_Ollama_AI_Blobs.mkape | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Modules/Apps/PowerShell_Ollama_AI_Blobs.mkape b/Modules/Apps/PowerShell_Ollama_AI_Blobs.mkape index c3881a237..2b8d763e9 100644 --- a/Modules/Apps/PowerShell_Ollama_AI_Blobs.mkape +++ b/Modules/Apps/PowerShell_Ollama_AI_Blobs.mkape @@ -5,7 +5,8 @@ Version: 1.0 Id: a31a4412-f6d4-4098-9ba1-feba2f96ad57 ExportFormat: txt Processors: - - Executable: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe + - + Executable: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe CommandLine: "$destinationPath = '%DestinationDirectory%\\ollama_combined_blobs.txt'; $usersPath = Join-Path '%SourceDirectory%' 'Users'; Get-ChildItem -Path $usersPath -Directory | ForEach-Object { $modelsPath = Join-Path $_.FullName '.ollama\\models\\blobs'; if (Test-Path $modelsPath) { Get-ChildItem -Path $modelsPath -File | Where-Object { $_.Length -lt 2KB } | ForEach-Object { $fileContent = Get-Content -Path $_.FullName -Raw -ErrorAction SilentlyContinue; if ($fileContent -match '\"model_format\"') { $entry = ('{0} | {1}' -f $_.Name, $fileContent); Add-Content -Path $destinationPath -Value $entry; Add-Content -Path $destinationPath -Value \"`r`n\"; } } } }" ExportFormat: txt From f39e2dde6a39cbf7722b6ef717915d41aaec3ce5 Mon Sep 17 00:00:00 2001 From: DReneau <53024966+DReneau@users.noreply.github.com> Date: Sat, 26 Oct 2024 12:04:00 -0700 Subject: [PATCH 05/13] Update PowerShell_Ollama_AI_Keys.mkape Trailing spaces fix. --- Modules/Apps/PowerShell_Ollama_AI_Keys.mkape | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/Apps/PowerShell_Ollama_AI_Keys.mkape b/Modules/Apps/PowerShell_Ollama_AI_Keys.mkape index 0408bc19a..ad9b5b2c2 100644 --- a/Modules/Apps/PowerShell_Ollama_AI_Keys.mkape +++ b/Modules/Apps/PowerShell_Ollama_AI_Keys.mkape @@ -15,4 +15,4 @@ Processors: # Ollama is used for self-hosted AI inference, and it supports many models out of the box. # Ollama serves as the backend for common AI projects such as OpenWebUI, among others. # The code will identify the installed Models, the Model Integrity hash and the Ollama PrivateKey. -#.\kape.exe --msource c:\ --mdest k:\case-12345\Kape\mout --module powershell_ollama_ai_keys +# .\kape.exe --msource c:\ --mdest k:\case-12345\Kape\mout --module powershell_ollama_ai_keys From 5911dcafbd7af12482504d3c028dbe77ec2d047c Mon Sep 17 00:00:00 2001 From: DReneau <53024966+DReneau@users.noreply.github.com> Date: Sat, 26 Oct 2024 12:04:44 -0700 Subject: [PATCH 06/13] Update PowerShell_Ollama_AI_Manifests.mkape Trailing spaces fix. --- Modules/Apps/PowerShell_Ollama_AI_Manifests.mkape | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Modules/Apps/PowerShell_Ollama_AI_Manifests.mkape b/Modules/Apps/PowerShell_Ollama_AI_Manifests.mkape index b6702dc22..6652b7a02 100644 --- a/Modules/Apps/PowerShell_Ollama_AI_Manifests.mkape +++ b/Modules/Apps/PowerShell_Ollama_AI_Manifests.mkape @@ -5,12 +5,12 @@ Version: 1.0 Id: 48146441-174c-43a6-8dd0-8c317f1004e2 ExportFormat: txt Processors: - - + - Executable: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe CommandLine: "$destinationPath = '%destinationDirectory%\\ollama_combined_manifests.txt'; Remove-Item -Path $destinationPath -ErrorAction SilentlyContinue; $users = Get-ChildItem -Path '%SourceDirectory%\\Users' -Directory; foreach ($user in $users) { $ollamaPath = Join-Path $user.FullName '.ollama'; if (Test-Path $ollamaPath) { $modelsPath = Join-Path $ollamaPath 'models\\manifests'; if (Test-Path $modelsPath) { Get-ChildItem -Path $modelsPath -Recurse -File | ForEach-Object { $modelName = $_.Name; $fileContent = Get-Content -Path $_.FullName -Raw -ErrorAction SilentlyContinue; if ($fileContent -match '\"mediaType\"') { $entry = ('{0} | {1}' -f $_.FullName, $fileContent); Add-Content -Path $destinationPath -Value $entry; Add-Content -Path $destinationPath -Value \"`r`n`r`n\"; } } } } }" ExportFormat: txt -# Documentation +# Documentation # https://ollama.com/blog | https://github.com/ollama/ollama | https://hub.docker.com/r/ollama/ollama # Ollama is used for self-hosted AI inference, and it supports many models out of the box. # Ollama serves as the backend for common AI projects such as OpenWebUI, among others. From 8a6ffddd291f5921ca5fb850a1729a5aaac758d0 Mon Sep 17 00:00:00 2001 From: DReneau <53024966+DReneau@users.noreply.github.com> Date: Sat, 26 Oct 2024 12:05:33 -0700 Subject: [PATCH 07/13] Update PowerShell_Ollama_AI_Models.mkape Trailing spaces fix. --- Modules/Apps/PowerShell_Ollama_AI_Models.mkape | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Modules/Apps/PowerShell_Ollama_AI_Models.mkape b/Modules/Apps/PowerShell_Ollama_AI_Models.mkape index 9cc248f31..581a8608a 100644 --- a/Modules/Apps/PowerShell_Ollama_AI_Models.mkape +++ b/Modules/Apps/PowerShell_Ollama_AI_Models.mkape @@ -5,7 +5,7 @@ Version: 1.0 Id: d165b496-55d9-480a-a592-b80dd50e2e14 ExportFormat: CSV Processors: - - + - Executable: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe CommandLine: "$users = Get-ChildItem -Path '%SourceDirectory%\\Users' -Directory; foreach ($user in $users) { $ollamaPath = Join-Path $user.FullName '.ollama'; if (Test-Path $ollamaPath) { $outputPath = '%destinationDirectory%\\ollama_models_identified.csv'; Remove-Item $outputPath -ErrorAction SilentlyContinue; $manifestsPath = Join-Path $ollamaPath 'models\\manifests'; $legitPath = Join-Path $manifestsPath 'registry.ollama.ai\\library'; $allModels = Get-ChildItem -Path $manifestsPath -Directory -Recurse | Where-Object { $_.Name -notin @('registry.ollama.ai', 'library') -and (Get-ChildItem -Path $_.FullName -File -ErrorAction SilentlyContinue | Where-Object { $_.Extension -eq '' }) } | ForEach-Object { $modelName = $_.Name; $modelFile = Get-ChildItem -Path $_.FullName -File -ErrorAction SilentlyContinue | Select-Object -First 1; $isLegit = if ($_.FullName -match [regex]::Escape($legitPath)) { 'Ollama Repo' } else { 'Non Ollama Repo' }; if ($modelFile -and (Test-Path $modelFile.FullName)) { try { $jsonContent = Get-Content -Path $modelFile.FullName -Raw -ErrorAction Stop | ConvertFrom-Json; $modelIntegrity = ($jsonContent.layers | Where-Object { $_.mediaType -eq 'application/vnd.ollama.image.model' }).digest; $sizeInGB = '{0:N1} GB' -f (($jsonContent.layers | Measure-Object -Property size -Sum).Sum / 1GB); $modifiedDate = (Get-Item $modelFile.FullName).LastWriteTime.ToString('g'); } catch { $modelIntegrity = 'Parsing Error'; $sizeInGB = 'Unknown'; $modifiedDate = 'Unknown'; } } else { $modelIntegrity = 'Not Found'; $sizeInGB = 'Unknown'; $modifiedDate = 'Unknown'; $modelFile = 'Access Denied' }; [PSCustomObject]@{ Name = $modelName; Sha = $modelIntegrity.Split(':')[1]; Size = $sizeInGB; Modified = $modifiedDate; Path = $modelFile.FullName; 'Source' = $isLegit } }; $allModels | Export-Csv -Path $outputPath -NoTypeInformation -Force } }" ExportFormat: CSV @@ -13,7 +13,7 @@ Processors: # Documentation # Yaml will identify Ollama models and identify if they are downloaded from official Ollama repo or not. # https://ollama.com/blog | https://github.com/ollama/ollama | https://hub.docker.com/r/ollama/ollama -# Ollama is used for self-hosted AI inference, and it supports many models out of the box. +# Ollama is used for self-hosted AI inference, and it supports many models out of the box. # Ollama serves as the backend for common AI projects such as OpenWebUI, among others. # The code will identify the installed Models, the Model Integrity hash and the Ollama PrivateKey. #.\kape.exe --msource c:\ --mdest k:\case-12345\Kape\mout --module powershell_ollama_ai_models From 6c3bbd43ba33e67faec64fd8f952d07ace7f5a29 Mon Sep 17 00:00:00 2001 From: DReneau <53024966+DReneau@users.noreply.github.com> Date: Sat, 26 Oct 2024 12:06:19 -0700 Subject: [PATCH 08/13] Update PowerShell_Ollama_AI_cve-2024-37032.mkape Trailing spaces fix. --- Modules/Apps/PowerShell_Ollama_AI_cve-2024-37032.mkape | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Modules/Apps/PowerShell_Ollama_AI_cve-2024-37032.mkape b/Modules/Apps/PowerShell_Ollama_AI_cve-2024-37032.mkape index 0502e2031..ed27b8451 100644 --- a/Modules/Apps/PowerShell_Ollama_AI_cve-2024-37032.mkape +++ b/Modules/Apps/PowerShell_Ollama_AI_cve-2024-37032.mkape @@ -5,14 +5,14 @@ Version: 1.0 Id: ce916f46-4160-4953-b635-3071494ab50b ExportFormat: txt Processors: - - + - Executable: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe CommandLine: "$destinationPath = '%destinationDirectory%\\ollama_path_traversal_check.txt'; Remove-Item -Path $destinationPath -ErrorAction SilentlyContinue; $users = Get-ChildItem -Path '%SourceDirectory%\\Users' -Directory; foreach ($user in $users) { $ollamaPath = Join-Path $user.FullName '.ollama'; if (Test-Path $ollamaPath) { $modelsPath = Join-Path $ollamaPath 'models\\manifests'; if (Test-Path $modelsPath) { Get-ChildItem -Path $modelsPath -Recurse -File | ForEach-Object { $modelName = $_.Name; $fileContent = Get-Content -Path $_.FullName -Raw -ErrorAction SilentlyContinue; if ($fileContent -match '(\\..\\/)+|traversal') { $entry = ('{0} | {1}' -f $_.FullName, $fileContent.Substring(0, [Math]::Min($fileContent.Length, 200)) + '...'); Add-Content -Path $destinationPath -Value $entry; Add-Content -Path $destinationPath -Value \"`r`n`r`n\"; } } } } }" ExportFormat: txt # Documentation # https://ollama.com/blog | https://github.com/ollama/ollama | https://hub.docker.com/r/ollama/ollama -# Ollama is used for self-hosted AI inference, and it supports many models out of the box. +# Ollama is used for self-hosted AI inference, and it supports many models out of the box. # Ollama serves as the backend for common AI projects such as OpenWebUI, among others. # The code will identify the installed Models, the Model Integrity hash and the Ollama PrivateKey. #.\kape.exe --msource c:\ --mdest k:\case-12345\Kape\mout --module powershell_ollama_ai_cve-2024-37032 From 6330ff3aa387a5a6fe2c39427ea18e7cfcf1d0e3 Mon Sep 17 00:00:00 2001 From: Andrew Rathbun <36825567+AndrewRathbun@users.noreply.github.com> Date: Sat, 26 Oct 2024 15:48:53 -0400 Subject: [PATCH 09/13] Update PowerShell_Ollama_AI_Blobs.mkape --- Modules/Apps/PowerShell_Ollama_AI_Blobs.mkape | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Modules/Apps/PowerShell_Ollama_AI_Blobs.mkape b/Modules/Apps/PowerShell_Ollama_AI_Blobs.mkape index 2b8d763e9..03902e3ac 100644 --- a/Modules/Apps/PowerShell_Ollama_AI_Blobs.mkape +++ b/Modules/Apps/PowerShell_Ollama_AI_Blobs.mkape @@ -5,7 +5,7 @@ Version: 1.0 Id: a31a4412-f6d4-4098-9ba1-feba2f96ad57 ExportFormat: txt Processors: - - + - Executable: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe CommandLine: "$destinationPath = '%DestinationDirectory%\\ollama_combined_blobs.txt'; $usersPath = Join-Path '%SourceDirectory%' 'Users'; Get-ChildItem -Path $usersPath -Directory | ForEach-Object { $modelsPath = Join-Path $_.FullName '.ollama\\models\\blobs'; if (Test-Path $modelsPath) { Get-ChildItem -Path $modelsPath -File | Where-Object { $_.Length -lt 2KB } | ForEach-Object { $fileContent = Get-Content -Path $_.FullName -Raw -ErrorAction SilentlyContinue; if ($fileContent -match '\"model_format\"') { $entry = ('{0} | {1}' -f $_.Name, $fileContent); Add-Content -Path $destinationPath -Value $entry; Add-Content -Path $destinationPath -Value \"`r`n\"; } } } }" ExportFormat: txt @@ -14,4 +14,4 @@ Processors: # https://ollama.com/blog | https://github.com/ollama/ollama | https://hub.docker.com/r/ollama/ollama # Ollama is used for self-hosted AI inference, and it supports many models out of the box. # Ollama serves as the backend for common AI projects such as OpenWebUI, among others. -#.\kape.exe --msource c:\ --mdest k:\case-12345\Kape\mout --module powershell_ollama_ai_blobs +# .\kape.exe --msource c:\ --mdest k:\case-12345\Kape\mout --module powershell_ollama_ai_blobs From c81fd544fec2e011c7c50c42a837dcc53e231a6c Mon Sep 17 00:00:00 2001 From: Andrew Rathbun <36825567+AndrewRathbun@users.noreply.github.com> Date: Sat, 26 Oct 2024 15:49:26 -0400 Subject: [PATCH 10/13] Update PowerShell_Ollama_AI_Manifests.mkape --- Modules/Apps/PowerShell_Ollama_AI_Manifests.mkape | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/Apps/PowerShell_Ollama_AI_Manifests.mkape b/Modules/Apps/PowerShell_Ollama_AI_Manifests.mkape index 6652b7a02..e54325706 100644 --- a/Modules/Apps/PowerShell_Ollama_AI_Manifests.mkape +++ b/Modules/Apps/PowerShell_Ollama_AI_Manifests.mkape @@ -15,5 +15,5 @@ Processors: # Ollama is used for self-hosted AI inference, and it supports many models out of the box. # Ollama serves as the backend for common AI projects such as OpenWebUI, among others. # The code will identify the installed Models, the Model Integrity hash and the Ollama PrivateKey. -#.\kape.exe --msource c:\ --mdest k:\case-12345\Kape\mout --module powershell_ollama_ai_manifests +# .\kape.exe --msource c:\ --mdest k:\case-12345\Kape\mout --module powershell_ollama_ai_manifests # https://www.wiz.io/blog/probllama-ollama-vulnerability-cve-2024-37032 From 2c9154ecdf6d080fcff094257e9cba11f6641261 Mon Sep 17 00:00:00 2001 From: Andrew Rathbun <36825567+AndrewRathbun@users.noreply.github.com> Date: Sat, 26 Oct 2024 15:49:40 -0400 Subject: [PATCH 11/13] Update PowerShell_Ollama_AI_cve-2024-37032.mkape --- Modules/Apps/PowerShell_Ollama_AI_cve-2024-37032.mkape | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/Apps/PowerShell_Ollama_AI_cve-2024-37032.mkape b/Modules/Apps/PowerShell_Ollama_AI_cve-2024-37032.mkape index ed27b8451..72619867e 100644 --- a/Modules/Apps/PowerShell_Ollama_AI_cve-2024-37032.mkape +++ b/Modules/Apps/PowerShell_Ollama_AI_cve-2024-37032.mkape @@ -15,6 +15,6 @@ Processors: # Ollama is used for self-hosted AI inference, and it supports many models out of the box. # Ollama serves as the backend for common AI projects such as OpenWebUI, among others. # The code will identify the installed Models, the Model Integrity hash and the Ollama PrivateKey. -#.\kape.exe --msource c:\ --mdest k:\case-12345\Kape\mout --module powershell_ollama_ai_cve-2024-37032 +# .\kape.exe --msource c:\ --mdest k:\case-12345\Kape\mout --module powershell_ollama_ai_cve-2024-37032 # https://www.wiz.io/blog/probllama-ollama-vulnerability-cve-2024-37032 # https://owasp.org/www-community/attacks/Path_Traversal From e49e861361a246a81e12507aad7893b9b29c97c3 Mon Sep 17 00:00:00 2001 From: Andrew Rathbun <36825567+AndrewRathbun@users.noreply.github.com> Date: Sat, 26 Oct 2024 15:50:39 -0400 Subject: [PATCH 12/13] Update PowerShell_Ollama_AI_Models.mkape --- Modules/Apps/PowerShell_Ollama_AI_Models.mkape | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Modules/Apps/PowerShell_Ollama_AI_Models.mkape b/Modules/Apps/PowerShell_Ollama_AI_Models.mkape index 581a8608a..ecf7c9a2f 100644 --- a/Modules/Apps/PowerShell_Ollama_AI_Models.mkape +++ b/Modules/Apps/PowerShell_Ollama_AI_Models.mkape @@ -11,9 +11,9 @@ Processors: ExportFormat: CSV # Documentation -# Yaml will identify Ollama models and identify if they are downloaded from official Ollama repo or not. +# Yaml will identify Ollama models and identify if they are downloaded from the official Ollama repo or not. # https://ollama.com/blog | https://github.com/ollama/ollama | https://hub.docker.com/r/ollama/ollama # Ollama is used for self-hosted AI inference, and it supports many models out of the box. # Ollama serves as the backend for common AI projects such as OpenWebUI, among others. # The code will identify the installed Models, the Model Integrity hash and the Ollama PrivateKey. -#.\kape.exe --msource c:\ --mdest k:\case-12345\Kape\mout --module powershell_ollama_ai_models +# .\kape.exe --msource c:\ --mdest k:\case-12345\Kape\mout --module powershell_ollama_ai_models From a5187f1db4d863aed943aa02e556b0e57ef0c837 Mon Sep 17 00:00:00 2001 From: Andrew Rathbun <36825567+AndrewRathbun@users.noreply.github.com> Date: Sat, 26 Oct 2024 15:51:56 -0400 Subject: [PATCH 13/13] Update PowerShell_Ollama_AI_Blobs.mkape --- Modules/Apps/PowerShell_Ollama_AI_Blobs.mkape | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/Apps/PowerShell_Ollama_AI_Blobs.mkape b/Modules/Apps/PowerShell_Ollama_AI_Blobs.mkape index 03902e3ac..d01255609 100644 --- a/Modules/Apps/PowerShell_Ollama_AI_Blobs.mkape +++ b/Modules/Apps/PowerShell_Ollama_AI_Blobs.mkape @@ -10,7 +10,7 @@ Processors: CommandLine: "$destinationPath = '%DestinationDirectory%\\ollama_combined_blobs.txt'; $usersPath = Join-Path '%SourceDirectory%' 'Users'; Get-ChildItem -Path $usersPath -Directory | ForEach-Object { $modelsPath = Join-Path $_.FullName '.ollama\\models\\blobs'; if (Test-Path $modelsPath) { Get-ChildItem -Path $modelsPath -File | Where-Object { $_.Length -lt 2KB } | ForEach-Object { $fileContent = Get-Content -Path $_.FullName -Raw -ErrorAction SilentlyContinue; if ($fileContent -match '\"model_format\"') { $entry = ('{0} | {1}' -f $_.Name, $fileContent); Add-Content -Path $destinationPath -Value $entry; Add-Content -Path $destinationPath -Value \"`r`n\"; } } } }" ExportFormat: txt -# Documentation +# Documentation # https://ollama.com/blog | https://github.com/ollama/ollama | https://hub.docker.com/r/ollama/ollama # Ollama is used for self-hosted AI inference, and it supports many models out of the box. # Ollama serves as the backend for common AI projects such as OpenWebUI, among others.