From 26f1d4b35cbd1676712a48cf490fa98919461293 Mon Sep 17 00:00:00 2001
From: yellow-starburst <39839623+yellow-starburst@users.noreply.github.com>
Date: Mon, 14 Dec 2020 16:47:50 -0500
Subject: [PATCH 1/3] Add Operating System variable to 2 query's csv

2 query's:
- compsWithLocalAdminData
- compsWithSessionData
---
 cypheroth.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/cypheroth.sh b/cypheroth.sh
index 88f7dc4..ccf7ac6 100755
--- a/cypheroth.sh
+++ b/cypheroth.sh
@@ -247,8 +247,8 @@ declare -a queries=(
     "Full OU Property List;MATCH(ou:OU {domain:'$DOMAIN'}) RETURN ou.name AS OU, ou.domain AS Domain, ou.highvalue AS HighValue, ou.guid AS GUID, ou.description AS Description, ou.blocksinheritance AS BlockInheritance;AllOUProps.csv"
     "Full GPO Property List;MATCH(gpo:GPO {domain:'$DOMAIN'}) RETURN gpo.name AS GPO, gpo.domain AS Domain, gpo.highvalue AS HighValue, gpo.guid AS GUID, gpo.gpcpath AS GPC_Path;AllGPOProps.csv"
     "Full Group Property List;MATCH(g:Group {domain:'$DOMAIN'}) RETURN g.name AS Name, g.domain AS Domain, g.highvalue AS HighValue, g.objectid AS SID, g.description AS Description, g.admincount AS AdminCount;AllGroupProps.csv"
-    "Computers with Local Admin Data;MATCH (n)-[:AdminTo]->(c:Computer {domain:'$DOMAIN'}) WITH COUNT(DISTINCT(c)) as computersWithAdminsCount MATCH (c2:Computer {domain:'$DOMAIN'}) RETURN c2.name AS ComputerName;compsWithLocalAdminData.csv"
-    "Computers with Session Data;MATCH (c:Computer {domain:'$DOMAIN'})-[:HasSession]->() WITH COUNT(DISTINCT(c)) as computersWithSessions MATCH (c2:Computer {domain:'$DOMAIN'}) RETURN c2.name AS ComputerName;compsWithSessionData.csv"
+    "Computers with Local Admin Data;MATCH (n)-[:AdminTo]->(c:Computer {domain:'$DOMAIN'}) WITH COUNT(DISTINCT(c)) as computersWithAdminsCount MATCH (c2:Computer {domain:'$DOMAIN'}) RETURN c2.name AS ComputerName, c.operatingsystem AS OperatingSystem,;compsWithLocalAdminData.csv"
+    "Computers with Session Data;MATCH (c:Computer {domain:'$DOMAIN'})-[:HasSession]->() WITH COUNT(DISTINCT(c)) as computersWithSessions MATCH (c2:Computer {domain:'$DOMAIN'}) RETURN c2.name AS ComputerName, c.operatingsystem AS OperatingSystem;compsWithSessionData.csv"
     "Computers by number of sessions;MATCH (c:Computer {domain:'$DOMAIN'})-[:HasSession]->(n) WITH COUNT(DISTINCT(n)) AS nb_sessions, c ORDER BY nb_sessions DESC RETURN c.name, nb_sessions;compsWithSessionNumbers.csv"
     "Users with Session Data;MATCH ()-[:HasSession]->(u:User {domain:'$DOMAIN'}) WITH COUNT(DISTINCT(u)) as usersWithSessions MATCH (u2:User {domain:'$DOMAIN',enabled:true}) RETURN u2.name AS UserName;userWithSessionData.csv"
     "Domain users with Local Admin;MATCH (g:Group {domain:'$DOMAIN'}) WHERE g.objectid ENDS WITH '-513' OPTIONAL MATCH (g)-[:AdminTo]->(c1) OPTIONAL MATCH (g)-[:MemberOf*1..]->(:Group)-[:AdminTo]->(c2) WITH COLLECT(c1) + COLLECT(c2) as tempVar UNWIND tempVar AS computers RETURN DISTINCT(computers.name);domainUsersWithLocalAdmin.csv"

From 2424be028b521924fa2534e29eabf39dfdca21dd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cl=C3=A9ment=20Notin?= <clement@notin.org>
Date: Tue, 15 Dec 2020 15:02:49 +0100
Subject: [PATCH 2/3] Remove trailing comma

---
 cypheroth.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cypheroth.sh b/cypheroth.sh
index ccf7ac6..ee8da9a 100755
--- a/cypheroth.sh
+++ b/cypheroth.sh
@@ -247,7 +247,7 @@ declare -a queries=(
     "Full OU Property List;MATCH(ou:OU {domain:'$DOMAIN'}) RETURN ou.name AS OU, ou.domain AS Domain, ou.highvalue AS HighValue, ou.guid AS GUID, ou.description AS Description, ou.blocksinheritance AS BlockInheritance;AllOUProps.csv"
     "Full GPO Property List;MATCH(gpo:GPO {domain:'$DOMAIN'}) RETURN gpo.name AS GPO, gpo.domain AS Domain, gpo.highvalue AS HighValue, gpo.guid AS GUID, gpo.gpcpath AS GPC_Path;AllGPOProps.csv"
     "Full Group Property List;MATCH(g:Group {domain:'$DOMAIN'}) RETURN g.name AS Name, g.domain AS Domain, g.highvalue AS HighValue, g.objectid AS SID, g.description AS Description, g.admincount AS AdminCount;AllGroupProps.csv"
-    "Computers with Local Admin Data;MATCH (n)-[:AdminTo]->(c:Computer {domain:'$DOMAIN'}) WITH COUNT(DISTINCT(c)) as computersWithAdminsCount MATCH (c2:Computer {domain:'$DOMAIN'}) RETURN c2.name AS ComputerName, c.operatingsystem AS OperatingSystem,;compsWithLocalAdminData.csv"
+    "Computers with Local Admin Data;MATCH (n)-[:AdminTo]->(c:Computer {domain:'$DOMAIN'}) WITH COUNT(DISTINCT(c)) as computersWithAdminsCount MATCH (c2:Computer {domain:'$DOMAIN'}) RETURN c2.name AS ComputerName, c.operatingsystem AS OperatingSystem;compsWithLocalAdminData.csv"
     "Computers with Session Data;MATCH (c:Computer {domain:'$DOMAIN'})-[:HasSession]->() WITH COUNT(DISTINCT(c)) as computersWithSessions MATCH (c2:Computer {domain:'$DOMAIN'}) RETURN c2.name AS ComputerName, c.operatingsystem AS OperatingSystem;compsWithSessionData.csv"
     "Computers by number of sessions;MATCH (c:Computer {domain:'$DOMAIN'})-[:HasSession]->(n) WITH COUNT(DISTINCT(n)) AS nb_sessions, c ORDER BY nb_sessions DESC RETURN c.name, nb_sessions;compsWithSessionNumbers.csv"
     "Users with Session Data;MATCH ()-[:HasSession]->(u:User {domain:'$DOMAIN'}) WITH COUNT(DISTINCT(u)) as usersWithSessions MATCH (u2:User {domain:'$DOMAIN',enabled:true}) RETURN u2.name AS UserName;userWithSessionData.csv"

From d06b0838b87949d787a6826722ab01b49fb9211a Mon Sep 17 00:00:00 2001
From: yellow-starburst <39839623+yellow-starburst@users.noreply.github.com>
Date: Mon, 8 Mar 2021 13:53:43 -0500
Subject: [PATCH 3/3] Fixing a mistake I made in a pull request

---
 cypheroth.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/cypheroth.sh b/cypheroth.sh
index ee8da9a..d9303be 100755
--- a/cypheroth.sh
+++ b/cypheroth.sh
@@ -247,8 +247,8 @@ declare -a queries=(
     "Full OU Property List;MATCH(ou:OU {domain:'$DOMAIN'}) RETURN ou.name AS OU, ou.domain AS Domain, ou.highvalue AS HighValue, ou.guid AS GUID, ou.description AS Description, ou.blocksinheritance AS BlockInheritance;AllOUProps.csv"
     "Full GPO Property List;MATCH(gpo:GPO {domain:'$DOMAIN'}) RETURN gpo.name AS GPO, gpo.domain AS Domain, gpo.highvalue AS HighValue, gpo.guid AS GUID, gpo.gpcpath AS GPC_Path;AllGPOProps.csv"
     "Full Group Property List;MATCH(g:Group {domain:'$DOMAIN'}) RETURN g.name AS Name, g.domain AS Domain, g.highvalue AS HighValue, g.objectid AS SID, g.description AS Description, g.admincount AS AdminCount;AllGroupProps.csv"
-    "Computers with Local Admin Data;MATCH (n)-[:AdminTo]->(c:Computer {domain:'$DOMAIN'}) WITH COUNT(DISTINCT(c)) as computersWithAdminsCount MATCH (c2:Computer {domain:'$DOMAIN'}) RETURN c2.name AS ComputerName, c.operatingsystem AS OperatingSystem;compsWithLocalAdminData.csv"
-    "Computers with Session Data;MATCH (c:Computer {domain:'$DOMAIN'})-[:HasSession]->() WITH COUNT(DISTINCT(c)) as computersWithSessions MATCH (c2:Computer {domain:'$DOMAIN'}) RETURN c2.name AS ComputerName, c.operatingsystem AS OperatingSystem;compsWithSessionData.csv"
+    "Computers with Local Admin Data;MATCH (n)-[:AdminTo]->(c:Computer {domain:'$DOMAIN'}) WITH COUNT(DISTINCT(c)) as computersWithAdminsCount MATCH (c2:Computer {domain:'$DOMAIN'}) RETURN c2.name AS ComputerName, c2.operatingsystem AS OperatingSystem;compsWithLocalAdminData.csv"
+    "Computers with Session Data;MATCH (c:Computer {domain:'$DOMAIN'})-[:HasSession]->() WITH COUNT(DISTINCT(c)) as computersWithSessions MATCH (c2:Computer {domain:'$DOMAIN'}) RETURN c2.name AS ComputerName, c2.operatingsystem AS OperatingSystem;compsWithSessionData.csv"
     "Computers by number of sessions;MATCH (c:Computer {domain:'$DOMAIN'})-[:HasSession]->(n) WITH COUNT(DISTINCT(n)) AS nb_sessions, c ORDER BY nb_sessions DESC RETURN c.name, nb_sessions;compsWithSessionNumbers.csv"
     "Users with Session Data;MATCH ()-[:HasSession]->(u:User {domain:'$DOMAIN'}) WITH COUNT(DISTINCT(u)) as usersWithSessions MATCH (u2:User {domain:'$DOMAIN',enabled:true}) RETURN u2.name AS UserName;userWithSessionData.csv"
     "Domain users with Local Admin;MATCH (g:Group {domain:'$DOMAIN'}) WHERE g.objectid ENDS WITH '-513' OPTIONAL MATCH (g)-[:AdminTo]->(c1) OPTIONAL MATCH (g)-[:MemberOf*1..]->(:Group)-[:AdminTo]->(c2) WITH COLLECT(c1) + COLLECT(c2) as tempVar UNWIND tempVar AS computers RETURN DISTINCT(computers.name);domainUsersWithLocalAdmin.csv"