New expand-list command

[YamatoSecurity]

In order to help users understand what expand config files they need to create, we should include a command that lists up the placeholders.

Usage:
  hayabusa.exe expand-list <INPUT> [OPTIONS]

Input:
  -r, --rules <DIR>  Directory of rules (default: ./rules)

General Options:
  -h, --help                           Show the help menu

Display Settings:
  -K, --no-color  Disable color output
  -q, --quiet     Quiet mode: do not display the launch banner

Stdout:

5 unique expand placeholders found:

Admins_Workstations
DC-MACHINE-NAME
Workstations
internal_domains
domain_controller_hostnames

This command just recursively checks the .yml files in ./rules or the specified rules directory, extracts out Admins_Workstations, etc.. from IpAddress|expand: '%Admins_Workstations%' and does sort -u

@fukusuket Could I ask you to do this one?

[fukusuket]

Yes, I would love to implement it!💪

[fukusuket]

@YamatoSecurity @Shirofune-Security
Please let me discuss two things! What do you think about the following two points?

1. Stdout

I think For users, outputting only a placeholder may be a little time-consuming🤔
How about the following stdout? (To make it easy to check which rule is the PlaceHolder)

+--------------------------------------+-------------------------------------------------------+-----------------------------+------------------------------------------+
| ID                                   | Title                                                 | Expand                      | Filepath                                 |
+--------------------------------------+-------------------------------------------------------+-----------------------------+------------------------------------------+
| 550e8400-e29b-41d4-a716-446655440001 | User with Privileges Logon                            | Admins_Workstations         | ./config/Admins_Workstations.txt         |
| 550e8400-e29b-41d4-a716-446655440002 | Potential Zerologon (CVE-2020-1472) Exploitation      | DC-MACHINE-NAME             | ./config/DC-MACHINE-NAME.txt             |
| 550e8400-e29b-41d4-a716-446655440003 | Potential Pass the Hash Activity                      | Workstations                | ./config/Workstations.txt                |
| 550e8400-e29b-41d4-a716-446655440004 | DNS Request From Windows Script Host                  | internal_domains            | ./config/internal_domains.txt            |
| 550e8400-e29b-41d4-a716-446655440005 | New RDP Connection Initiated From Domain Controller   | domain_controller_hostnames | ./config/domain_controller_hostnames.txt |
+--------------------------------------+-------------------------------------------------------+-----------------------------+------------------------------------------+

2. Creating txt file template with some option

I think it would be easier if you could also create a txt file template with some options. e.g --output option
(However, I think it is a bit unnatural behavior to create a file with the list-xxx* command...😅)

Usage:
  hayabusa.exe expand-list <INPUT> [OPTIONS]

Input:
  -r, --rules <DIR>  Directory of rules (default: ./rules)

General Options:
  -h, --help                           Show the help menu

Display Settings:
  -K, --no-color  Disable color output
  -q, --quiet     Quiet mode: do not display the launch banner

Output:
  -o, --output <FILE>        Save the template in TXT