Step 1: Review Your Packages

Step 2: Choose Your Integration Method

Step 3: Copy Your Script or Download Config

Option 1: Copy Script

Option 2: Download Config

Step 4: Setup Your Environment

1. Ensure you are set for organizational deployment

Please see the organizational deployment guide

2. Get the package into your environment

Option 1: Cached Package (Unreliable, Requires Internet - Same As Community)

Open Source or Commercial:
- Proxy Repository - Create a proxy nuget repository on Nexus, Artifactory Pro, or a proxy Chocolatey repository on ProGet. Point your upstream to https://community.chocolatey.org/api/v2/. Packages cache on first access automatically. Make sure your choco clients are using your proxy repository as a source and NOT the default community repository. See source command for more information.
- You can also just download the packages and push them to a repository
  Download Packages

Option 2: Internalized Package (Reliable, Scalable)

Open Source
- Download the packages:
  Download Packages
- Follow manual internalization instructions
Package Internalizer (C4B)
- Run: (additional options)
- For package and dependencies run:
- Automate package internalization

Step 5: Copy Your Script

See options you can pass to upgrade.

See best practices for scripting.

Add this to a PowerShell script or use a Batch script with tools and in places where you are calling directly to Chocolatey. If you are integrating, keep in mind enhanced exit codes.

If you do use a PowerShell script, use the following to ensure bad exit codes are shown as failures:

If Applicable - Chocolatey Configuration/Installation


## 1. REQUIREMENTS ##
### Here are the requirements necessary to ensure this is successful.

### a. Internal/Private Cloud Repository Set Up ###
#### You'll need an internal/private cloud repository you can use. These are
####  generally really quick to set up and there are quite a few options.
####  Chocolatey Software recommends Nexus, Artifactory Pro, or ProGet as they
####  are repository servers and will give you the ability to manage multiple
####  repositories and types from one server installation.

### b. Download Chocolatey Package and Put on Internal Repository ###
#### You need to have downloaded the Chocolatey package as well.
####  Please see https://chocolatey.org/install#organization

### c. Other Requirements ###

#### We initialize a few things that are needed by this script - there are no other requirements.
$ErrorActionPreference = "Stop"

#### Set TLS 1.2 (3072) as that is the minimum required by various up-to-date repositories.
#### Use integers because the enumeration value for TLS 1.2 won't exist
#### in .NET 4.0, even though they are addressable if .NET 4.5+ is
#### installed (.NET 4.5 is an in-place upgrade).
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072

#### We use this variable for future REST calls.
$RequestArguments = @{
    UseBasicParsing = $true
}

## 2. TOP LEVEL VARIABLES ##

### a. Your internal repository url (the main one). ###
####  Should be similar to what you see when you browse
#### to https://community.chocolatey.org/api/v2/
$NugetRepositoryUrl = "INTERNAL REPO URL"

### b. Internal Repository Credential ###
#### If required, add the repository access credential here
# $NugetRepositoryCredential = [PSCredential]::new(
#     "username",
#     ("password" | ConvertTo-SecureString -AsPlainText -Force)
# )
# $RequestArguments.Credential = $NugetRepositoryCredential

### c. Chocolatey nupkg download url ###
#### This url should result in an immediate download when you navigate to it
$ChocolateyDownloadUrl = "$($NugetRepositoryUrl.TrimEnd('/'))/package/chocolatey.1.1.0.nupkg"

### d. Chocolatey Central Management (CCM) ###
#### If using CCM to manage Chocolatey, add the following:
#### i. Endpoint URL for CCM
# $ChocolateyCentralManagementUrl = "https://chocolatey-central-management:24020/ChocolateyManagementService"

#### ii. If using a Client Salt, add it here
# $ChocolateyCentralManagementClientSalt = "clientsalt"

#### iii. If using a Service Salt, add it here
# $ChocolateyCentralManagementServiceSalt = "servicesalt"

## 3. ENSURE CHOCOLATEY IS INSTALLED ##
### Ensure Chocolatey is installed from your internal repository

#### Download the Nupkg, appending .zip to the filename to handle archive cmdlet limitations
if (-not (Get-Command choco.exe -ErrorAction SilentlyContinue)) {
    $TempDirectory = Join-Path $env:Temp "chocolateyInstall"
    if (-not (Test-Path $TempDirectory -PathType Container)) {
        $null = New-Item -Path $TempDirectory -ItemType Directory
    }
    $DownloadedNupkg = Join-Path $TempDirectory "$(Split-Path $ChocolateyDownloadUrl -Leaf).zip"
    Invoke-WebRequest -Uri $ChocolateyDownloadUrl -OutFile $DownloadedNupkg @RequestArguments

    #### Extract the Nupkg, and run the chocolateyInstall script
    if (Get-Command Microsoft.PowerShell.Archive\Expand-Archive -ErrorAction SilentlyContinue) {
        Microsoft.PowerShell.Archive\Expand-Archive -Path $DownloadedNupkg -DestinationPath $TempDirectory -Force
    } else {
        # PowerShell versions <4.0 do not have this function available
        try {
            $shellApplication = New-Object -ComObject Shell.Application
            $zipPackage = $shellApplication.NameSpace($DownloadedNupkg)
            $destinationFolder = $shellApplication.NameSpace($TempDirectory)
            $destinationFolder.CopyHere($zipPackage.Items(), 0x10)
        } catch {
            Write-Warning "Unable to unzip package using built-in compression."
            throw $_
        }
    }

    & $(Join-Path $TempDirectory "tools\chocolateyInstall.ps1")
}

if (-not (Get-Command choco.exe -ErrorAction SilentlyContinue)) {
    refreshenv
}

## 4. CONFIGURE CHOCOLATEY BASELINE ##
### a. FIPS Feature ###
#### If you need FIPS compliance - make this the first thing you configure
#### before you do any additional configuration or package installations
# choco feature enable -n useFipsCompliantChecksums

### b. Apply Recommended Configuration ###
#### Move cache location so Chocolatey is very deterministic about
#### cleaning up temporary data and the location is secured to admins
choco config set --name cacheLocation --value C:\ProgramData\chocolatey\cache

#### Increase timeout to at least 4 hours
choco config set --name commandExecutionTimeoutSeconds --value 14400

#### Turn off download progress when running choco through integrations
choco feature disable --name showDownloadProgress

### c. Sources ###
#### Remove the default community package repository source
choco source list --limitoutput | ConvertFrom-Csv -Header 'Name', 'Location' -Delimiter '|' | ForEach-Object {
    if ($_.Location -eq 'https://community.chocolatey.org/api/v2/') {
        choco source remove -n $_.Name
    }
}

#### Add internal default sources
#### You could have multiple sources here, so we will provide an example
#### of one using the remote repo variable here

#### NOTE: This EXAMPLE may require changes
if ($NugetRepositoryCredential) {
    choco source add --name ChocolateyInternal --source $NugetRepositoryUrl --user $NugetRepositoryCredential.UserName --password $NugetRepositoryCredential.GetNetworkCredential().Password --priority 1
} else {
    choco source add --name ChocolateyInternal --source $NugetRepositoryUrl --priority 1
}

### b. Keep Chocolatey Up To Date ###
#### Keep chocolatey up to date based on your internal source
#### You control the upgrades based on when you push an updated version
####  to your internal repository.
#### Note the source here is to the OData feed, similar to what you see
####  when you browse to https://community.chocolatey.org/api/v2/
choco upgrade chocolatey --confirm

## 5. ENSURE CHOCOLATEY FOR BUSINESS ##
### If you don't have Chocolatey for Business (C4B), you'll want to remove from here down.

### a. Ensure The License File Is Installed ###
#### Create a license package using script from https://docs.chocolatey.org/en-us/how-tos/setup-offline-installation#exercise-4-create-a-package-for-the-license
choco install chocolatey-license --source $NugetRepositoryUrl --confirm

### b. Disable The Licensed Source ###
#### The licensed source cannot be removed, so it must be disabled.
#### This must occur after the license has been set by the license package.
if ("chocolatey-license" -in (choco list --localonly --limitoutput | ConvertFrom-Csv -Header "Name" -Delimiter "|").Name) {
    choco source disable --name chocolatey.licensed
} else {
    Write-Warning "Not disabling 'chocolatey.licensed' feed, as Chocolatey-License has not been installed."
}

### c. Ensure Chocolatey Licensed Extension ###
#### You will have downloaded the licensed extension to your internal repository
#### as you have disabled the licensed repository in step 5b.

#### Ensure the chocolatey.extension package (aka Chocolatey Licensed Extension)
if ("chocolatey-license" -in (choco list --localonly --limitoutput | ConvertFrom-Csv -Header "Name" -Delimiter "|").Name) {
    choco install chocolatey.extension --source $NugetRepositoryUrl --confirm
} else {
    Write-Warning "Not installing 'chocolatey.extension', as Chocolatey-License has not been installed."
}

#### The Chocolatey Licensed Extension unlocks all of the following, which also have configuration/feature items available with them. You may want to visit the feature pages to see what you might want to also enable:
#### - Package Builder - https://docs.chocolatey.org/en-us/features/paid/package-builder
#### - Package Internalizer - https://docs.chocolatey.org/en-us/features/paid/package-internalizer
#### - Package Synchronization (3 components) - https://docs.chocolatey.org/en-us/features/paid/package-synchronization
#### - Package Reducer - https://docs.chocolatey.org/en-us/features/paid/package-reducer
#### - Package Audit - https://docs.chocolatey.org/en-us/features/paid/package-audit
#### - Package Throttle - https://docs.chocolatey.org/en-us/features/paid/package-throttle
#### - CDN Cache Access - https://docs.chocolatey.org/en-us/features/paid/private-cdn
#### - Branding - https://docs.chocolatey.org/en-us/features/paid/branding
#### - Self-Service Anywhere (more components will need to be installed and additional configuration will need to be set) - https://docs.chocolatey.org/en-us/features/paid/self-service-anywhere
#### - Chocolatey Central Management (more components will need to be installed and additional configuration will need to be set) - https://docs.chocolatey.org/en-us/features/paid/chocolatey-central-management
#### - Other - https://docs.chocolatey.org/en-us/features/paid/

### d. Ensure Self-Service Anywhere ###
#### If you have desktop clients where users are not administrators, you may
#### to take advantage of deploying and configuring Self-Service anywhere
choco feature disable --name showNonElevatedWarnings
choco feature enable --name useBackgroundService
choco feature enable --name useBackgroundServiceWithNonAdministratorsOnly
choco feature enable --name allowBackgroundServiceUninstallsFromUserInstallsOnly
choco config set --name allowedBackgroundServiceCommands --value "install,upgrade,uninstall"

### e. Ensure Chocolatey Central Management ###
#### If you want to manage and report on endpoints, you can set up and configure
### Central Management. There are multiple portions to manage, so you'll see
### a section on agents here along with notes on how to configure the server
### side components.
if ($ChocolateyCentralManagementUrl) {
    choco install chocolatey-agent --source $NugetRepositoryUrl --confirm
    choco config set --name CentralManagementServiceUrl --value $ChocolateyCentralManagementUrl
    if ($ChocolateyCentralManagementClientSalt) {
        choco config set --name centralManagementClientCommunicationSaltAdditivePassword --value $ChocolateyCentralManagementClientSalt
    }
    if ($ChocolateyCentralManagementServiceSalt) {
        choco config set --name centralManagementServiceCommunicationSaltAdditivePassword --value $ChocolateyCentralManagementServiceSalt
    }
    choco feature enable --name useChocolateyCentralManagement
    choco feature enable --name useChocolateyCentralManagementDeployments
}

See docs at https://docs.ansible.com/ansible/latest/modules/win_chocolatey_module.html.

If Applicable - Chocolatey Configuration/Installation


## 1. REQUIREMENTS ##
### Here are the requirements necessary to ensure this is successful.

### a. Internal/Private Cloud Repository Set Up ###
#### You'll need an internal/private cloud repository you can use. These are
####  generally really quick to set up and there are quite a few options.
####  Chocolatey Software recommends Nexus, Artifactory Pro, or ProGet as they
####  are repository servers and will give you the ability to manage multiple
####  repositories and types from one server installation.

### b. Download Chocolatey Package and Put on Internal Repository ###
#### You need to have downloaded the Chocolatey package as well.
####  Please see https://chocolatey.org/install#organization

### c. Other Requirements ###
#### i. chocolatey.chocolatey
##### You will require the chocolatey.chocolatey collection to be installed
##### on all machines using this playbook.
##### Please see https://github.com/chocolatey/chocolatey-ansible/#installing-the-collection-from-ansible-galaxy

- name: Install and Configure Chocolatey
  hosts: all

## 2. TOP LEVEL VARIABLES ##
  vars:

### a. Your internal repository url (the main one). ###
####  Should be similar to what you see when you browse
#### to https://community.chocolatey.org/api/v2/
    nuget_repository_url: INTERNAL REPO URL

### b. Internal Repository Credential ###
#### If required, add the repository access credential here and
#### uncomment lines with source_username and source_password below
#    nuget_repository_username: username
#    nuget_repository_password: password

### c. Chocolatey Central Management (CCM) ###
#### If using CCM to manage Chocolatey, add the following:
#### i. Endpoint URL for CCM
#    chocolatey_central_management_url: https://chocolatey-central-management:24020/ChocolateyManagementService

#### ii. If using a Client Salt, add it here
#    chocolatey_central_management_client_salt: clientsalt

#### iii. If using a Service Salt, add it here
#    chocolatey_central_management_service_salt: servicesalt

## 3. ENSURE CHOCOLATEY IS INSTALLED ##
### Ensure Chocolatey is installed from your internal repository

  tasks:
  - name: Install chocolatey
    win_chocolatey:
      name: chocolatey
      source: {{ nuget_repository_url }}
      # source_username: {{ nuget_repository_username }}
      # source_password: {{ nuget_repository_password }}

## 4. CONFIGURE CHOCOLATEY BASELINE ##
### a. FIPS Feature ###
#### If you need FIPS compliance - make this the first thing you configure
#### before you do any additional configuration or package installations
#   - name: Enable FIPS compliance
#     win_chocolatey_feature:
#       name: useFipsCompliantChecksums
#       state: enabled

### b. Apply Recommended Configuration ###

#### Move cache location so Chocolatey is very deterministic about
#### cleaning up temporary data and the location is secured to admins
  - name: Set the cache location
    win_chocolatey_config:
      name: cacheLocation
      state: present
      value: C:\ProgramData\chocolatey\cache

#### Increase timeout to at least 4 hours
  - name: Set the command execution timeout
    win_chocolatey_config:
      name: commandExecutionTimeoutSeconds
      state: present
      value: 14400

#### Turn off download progress when running choco through integrations
  - name: Disable showing download progress
    win_chocolatey_feature:
      name: showDownloadProgress
      state: disabled

### c. Sources ###
#### Remove the default community package repository source
  - name: Remove Chocolatey Community Repository
    win_chocolatey_source:
      name: chocolatey
      state: absent

#### Add internal default sources
#### You could have multiple sources here, so we will provide an example
#### of one using the remote repo variable here
#### NOTE: This EXAMPLE may require changes
  - name: Add Internal Repository
    win_chocolatey_source:
      name: ChocolateyInternal
      state: present
      source: {{ nuget_repository_url }}
      # source_username: {{ nuget_repository_username }}
      # source_password: {{ nuget_repository_password }}
      priority: 1

### b. Keep Chocolatey Up To Date ###
#### Keep chocolatey up to date based on your internal source
#### You control the upgrades based on when you push an updated version
####  to your internal repository.
#### Note the source here is to the OData feed, similar to what you see
####  when you browse to https://community.chocolatey.org/api/v2/
  - name: Upgrade Chocolatey
    win_chocolatey:
      name: chocolatey
      state: latest

## 5. ENSURE CHOCOLATEY FOR BUSINESS ##
### If you don't have Chocolatey for Business (C4B), you'll want to remove from here down.
### a. Ensure The License File Is Installed ###
#### Create a license package using script from https://docs.chocolatey.org/en-us/how-tos/setup-offline-installation#exercise-4-create-a-package-for-the-license
  - name: Install Chocolatey License
    win_chocolatey:
      name: chocolatey-license
      source: ChocolateyInternal
      state: latest

### b. Disable The Licensed Source ###
#### The licensed source cannot be removed, so it must be disabled.
#### This must occur after the license has been set by the license package.
  - name: Disable Chocolatey Community Repository
    win_chocolatey_source:
      name: chocolatey.licensed
      state: disabled

### c. Ensure Chocolatey Licensed Extension ###
#### You will have downloaded the licensed extension to your internal repository
#### as you have disabled the licensed repository in step 5b.

#### Ensure the chocolatey.extension package (aka Chocolatey Licensed Extension)
  - name: Install Chocolatey Extension
    win_chocolatey:
      name: chocolatey.extension
      source: ChocolateyInternal
      state: latest

#### The Chocolatey Licensed Extension unlocks all of the following, which also have configuration/feature items available with them. You may want to visit the feature pages to see what you might want to also enable:
#### - Package Builder - https://docs.chocolatey.org/en-us/features/paid/package-builder
#### - Package Internalizer - https://docs.chocolatey.org/en-us/features/paid/package-internalizer
#### - Package Synchronization (3 components) - https://docs.chocolatey.org/en-us/features/paid/package-synchronization
#### - Package Reducer - https://docs.chocolatey.org/en-us/features/paid/package-reducer
#### - Package Audit - https://docs.chocolatey.org/en-us/features/paid/package-audit
#### - Package Throttle - https://docs.chocolatey.org/en-us/features/paid/package-throttle
#### - CDN Cache Access - https://docs.chocolatey.org/en-us/features/paid/private-cdn
#### - Branding - https://docs.chocolatey.org/en-us/features/paid/branding
#### - Self-Service Anywhere (more components will need to be installed and additional configuration will need to be set) - https://docs.chocolatey.org/en-us/features/paid/self-service-anywhere
#### - Chocolatey Central Management (more components will need to be installed and additional configuration will need to be set) - https://docs.chocolatey.org/en-us/features/paid/chocolatey-central-management
#### - Other - https://docs.chocolatey.org/en-us/features/paid/

### d. Ensure Self-Service Anywhere ###
#### If you have desktop clients where users are not administrators, you may
#### to take advantage of deploying and configuring Self-Service anywhere
  - name: Hide not-elevated warnings
    win_chocolatey_feature:
      name: showNonElevatedWarnings
      state: disabled

  - name: Use background mode for self-service
    win_chocolatey_feature:
      name: useBackgroundService
      state: enabled

  - name: Use background service for non-admins
    win_chocolatey_feature:
      name: useBackgroundServiceWithNonAdministratorsOnly
      state: enabled

  - name: Allow background uninstallation for user installs
    win_chocolatey_feature:
      name: allowBackgroundServiceUninstallsFromUserInstallsOnly
      state: enabled

  - name: Set allowed background service commands
    win_chocolatey_config:
      name: backgroundServiceAllowedCommands
      state: present
      value: install,upgrade,uninstall

### e. Ensure Chocolatey Central Management ###
#### If you want to manage and report on endpoints, you can set up and configure
### Central Management. There are multiple portions to manage, so you'll see
### a section on agents here along with notes on how to configure the server
### side components.
  - name: Install Chocolatey Agent
    when: chocolatey_central_management_url is defined
    win_chocolatey:
      name: chocolatey-agent
      source: ChocolateyInternal
      state: latest

  - name: Set the Central Management Service URL
    when: chocolatey_central_management_url is defined
    win_chocolatey_config:
      name: CentralManagementServiceUrl
      state: present
      value: {{ chocolatey_central_management_url }}

  - name: Set the Central Management Client Salt
    when: chocolatey_central_management_client_salt is defined
    win_chocolatey_config:
      name: centralManagementClientCommunicationSaltAdditivePassword
      state: present
      value: {{ chocolatey_central_management_client_salt }}

  - name: Set the Central Management Service Salt
    when: chocolatey_central_management_service_salt is defined
    win_chocolatey_config:
      name: centralManagementServiceCommunicationSaltAdditivePassword
      state: present
      value: {{ chocolatey_central_management_service_salt }}

  - name: Use Central Management
    when: chocolatey_central_management_url is defined
    win_chocolatey_feature:
      name: useChocolateyCentralManagement
      state: enabled

  - name: Use Central Management Deployments
    when: chocolatey_central_management_url is defined
    win_chocolatey_feature:
      name: useChocolateyCentralManagementDeployments
      state: enabled

See docs at https://docs.chef.io/resource_chocolatey_package.html.

If Applicable - Chocolatey Configuration/Installation


## 1. REQUIREMENTS ##
### Here are the requirements necessary to ensure this is successful.

### a. Internal/Private Cloud Repository Set Up ###
#### You'll need an internal/private cloud repository you can use. These are
####  generally really quick to set up and there are quite a few options.
####  Chocolatey Software recommends Nexus, Artifactory Pro, or ProGet as they
####  are repository servers and will give you the ability to manage multiple
####  repositories and types from one server installation.

### b. Download Chocolatey Package and Put on Internal Repository ###
#### You need to have downloaded the Chocolatey package as well.
####  Please see https://chocolatey.org/install#organization

### c. Other Requirements ###
#### The Chocolatey resources are available with any recent version of Chef.
#### We utilise the Chocolatey recipe to install the Chocolatey binaries.
include_recipe "chocolatey"

## 2. TOP LEVEL VARIABLES ##
### a. Your internal repository url (the main one). ###
####  Should be similar to what you see when you browse
#### to https://community.chocolatey.org/api/v2/
NugetRepositoryUrl = "INTERNAL REPO URL"

### b. Internal Repository Credential ###
#### If required, add the repository access credential here
# NugetRepositoryUsername = "username"
# NugetRepositoryPassword = "password"

### c. Chocolatey nupkg download url ###
#### This url should result in an immediate download when you navigate to it in
#### a web browser
ChocolateyNupkgUrl = "INTERNAL REPO URL/package/chocolatey.1.1.0.nupkg",

### d. Chocolatey Central Management (CCM) ###
#### If using CCM to manage Chocolatey, add the following:
#### i. Endpoint URL for CCM
# ChocolateyCentralManagementUrl = "https://chocolatey-central-management:24020/ChocolateyManagementService"

#### ii. If using a Client Salt, add it here
# ChocolateyCentralManagementClientSalt = "clientsalt"

#### iii. If using a Service Salt, add it here
# ChocolateyCentralManagementServiceSalt = "servicesalt"

## 3. ENSURE CHOCOLATEY IS INSTALLED ##
### Ensure Chocolatey is installed from your internal repository
node['chocolatey']['install vars'] = {
  'chocolateyDownloadUrl' => "#{ChocolateyNupkgUrl}",
}

## 4. CONFIGURE CHOCOLATEY BASELINE ##
### a. FIPS Feature ###
#### If you need FIPS compliance - make this the first thing you configure
#### before you do any additional configuration or package installations
# chocolatey_feature 'useFipsCompliantChecksums' do
#   action :enable
# end

### b. Apply Recommended Configuration ###

#### Move cache location so Chocolatey is very deterministic about
#### cleaning up temporary data and the location is secured to admins
chocolatey_config 'cacheLocation' do
  value 'C:\ProgramData\chocolatey\cache'
end

#### Increase timeout to at least 4 hours
chocolatey_config 'commandExecutionTimeoutSeconds' do
  value '14400'
end

#### Turn off download progress when running choco through integrations
chocolatey_feature 'showDownloadProgress' do
  action :disable
end

### c. Sources ###
#### Remove the default community package repository source
chocolatey_source 'chocolatey' do
  action :remove
end

#### Add internal default sources
#### You could have multiple sources here, so we will provide an example
#### of one using the remote repo variable here

#### NOTE: This EXAMPLE may require changes
chocolatey_source 'ChocolateyInternal' do
  source "#{NugetRepositoryUrl}"
  priority 1
  action   :add
end

execute 'ChocolateyInternal' do
  command "choco source add --name ChocolateyInternal -s #{NugetRepositoryUrl} -u=#{NugetRepositoryUsername} -p=#{NugetRepositoryPassword} --priority=1"
  only_if { NugetRepositoryUsername != nil || NugetRepositoryPassword != nil }
end

### b. Keep Chocolatey Up To Date ###
#### Keep chocolatey up to date based on your internal source
#### You control the upgrades based on when you push an updated version
####  to your internal repository.
#### Note the source here is to the OData feed, similar to what you see
####  when you browse to https://community.chocolatey.org/api/v2/
chocolatey_package 'chocolatey' do
  action :upgrade
  source "#{NugetRepositoryUrl}"
end

## 5. ENSURE CHOCOLATEY FOR BUSINESS ##
### If you don't have Chocolatey for Business (C4B), you'll want to remove from here down.

### a. Ensure The License File Is Installed ###
#### Create a license package using script from https://docs.chocolatey.org/en-us/how-tos/setup-offline-installation#exercise-4-create-a-package-for-the-license
chocolatey_package 'chocolatey-license' do
  action :install
  source "#{NugetRepositoryUrl}"
end

### b. Disable The Licensed Source ###
#### The licensed source cannot be removed, so it must be disabled.
#### This must occur after the license has been set by the license package.
chocolatey_source 'chocolatey.licensed' do
  action            :disable
end

### c. Ensure Chocolatey Licensed Extension ###
#### You will have downloaded the licensed extension to your internal repository
#### as you have disabled the licensed repository in step 5b.

#### Ensure the chocolatey.extension package (aka Chocolatey Licensed Extension)
chocolatey_package 'chocolatey.extention' do
  action     install
  source     "#{NugetRepositoryUrl}"
end

#### The Chocolatey Licensed Extension unlocks all of the following, which also have configuration/feature items available with them. You may want to visit the feature pages to see what you might want to also enable:
#### - Package Builder - https://docs.chocolatey.org/en-us/features/paid/package-builder
#### - Package Internalizer - https://docs.chocolatey.org/en-us/features/paid/package-internalizer
#### - Package Synchronization (3 components) - https://docs.chocolatey.org/en-us/features/paid/package-synchronization
#### - Package Reducer - https://docs.chocolatey.org/en-us/features/paid/package-reducer
#### - Package Audit - https://docs.chocolatey.org/en-us/features/paid/package-audit
#### - Package Throttle - https://docs.chocolatey.org/en-us/features/paid/package-throttle
#### - CDN Cache Access - https://docs.chocolatey.org/en-us/features/paid/private-cdn
#### - Branding - https://docs.chocolatey.org/en-us/features/paid/branding
#### - Self-Service Anywhere (more components will need to be installed and additional configuration will need to be set) - https://docs.chocolatey.org/en-us/features/paid/self-service-anywhere
#### - Chocolatey Central Management (more components will need to be installed and additional configuration will need to be set) - https://docs.chocolatey.org/en-us/features/paid/chocolatey-central-management
#### - Other - https://docs.chocolatey.org/en-us/features/paid/

### d. Ensure Self-Service Anywhere ###
#### If you have desktop clients where users are not administrators, you may
#### to take advantage of deploying and configuring Self-Service anywhere
chocolatey_feature 'showNonElevatedWarnings' do
  action :disable
end

chocolatey_feature 'useBackgroundService' do
  action :enable
end

chocolatey_feature 'useBackgroundServiceWithNonAdministratorsOnly' do
  action :enable
end

chocolatey_feature 'allowBackgroundServiceUninstallsFromUserInstallsOnly' do
  action :enable
end

chocolatey_config 'backgroundServiceAllowedCommands' do
  value 'install,upgrade,uninstall'
end

### e. Ensure Chocolatey Central Management ###
#### If you want to manage and report on endpoints, you can set up and configure
### Central Management. There are multiple portions to manage, so you'll see
### a section on agents here along with notes on how to configure the server
### side components.
chocolatey_package 'chocolatey-agent' do
  action     install
  source     "#{NugetRepositoryUrl}"
  # user       "#{NugetRepositoryUsername}"
  # password   "#{NugetRepositoryPassword}"
  only_if { ChocolateyCentralManagementUrl != nil }
end

chocolatey_config 'CentralManagementServiceUrl' do
  value  "#{ChocolateyCentralManagementUrl}"
  only_if { ChocolateyCentralManagementUrl != nil }
end

chocolatey_config 'centralManagementClientCommunicationSaltAdditivePassword' do
  value   "#{ChocolateyCentralManagementClientSalt}"
  only_if { ChocolateyCentralManagementClientSalt != nil }
end

chocolatey_config 'centralManagementServiceCommunicationSaltAdditivePassword' do
  value   "#{ChocolateyCentralManagementServiceSalt}"
  only_if { ChocolateyCentralManagementServiceSalt != nil }
end

chocolatey_feature 'useChocolateyCentralManagement' do
  action :enable
  only_if { ChocolateyCentralManagementUrl != nil }
end

chocolatey_feature 'useChocolateyCentralManagementDeployments' do
  action :enable
  only_if { ChocolateyCentralManagementUrl != nil }
end

Requires cChoco DSC Resource. See docs at https://github.com/chocolatey/cChoco.

If Applicable - Chocolatey Configuration/Installation


#requires -Modules cChoco
## 1. REQUIREMENTS ##
### Here are the requirements necessary to ensure this is successful.

### a. Internal/Private Cloud Repository Set Up ###
#### You'll need an internal/private cloud repository you can use. These are
####  generally really quick to set up and there are quite a few options.
####  Chocolatey Software recommends Nexus, Artifactory Pro, or ProGet as they
####  are repository servers and will give you the ability to manage multiple
####  repositories and types from one server installation.

### b. Download Chocolatey Package and Put on Internal Repository ###
#### You need to have downloaded the Chocolatey package as well.
####  Please see https://chocolatey.org/install#organization

### c. Other Requirements ###
#### i. Requires chocolatey\cChoco DSC module to be installed on the machine compiling the DSC manifest
#### NOTE: This will need to be installed before running the DSC portion of this script
if (-not (Get-Module cChoco -ListAvailable)) {
    $null = Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force
    if (($PSGallery = Get-PSRepository -Name PSGallery).InstallationPolicy -ne "Trusted") {
        Set-PSRepository -Name PSGallery -InstallationPolicy Trusted
    }
    Install-Module -Name cChoco
    if ($PSGallery.InstallationPolicy -ne "Trusted") {
        Set-PSRepository -Name PSGallery -InstallationPolicy $PSGallery.InstallationPolicy
    }
}

#### ii. Requires a hosted copy of the install.ps1 script
##### This should be available to download without authentication.
##### The original script can be found here: https://community.chocolatey.org/install.ps1

Configuration ChocolateyConfig {
## 2. TOP LEVEL VARIABLES ##
    param(
### a. Your internal repository url (the main one). ###
####  Should be similar to what you see when you browse
#### to https://community.chocolatey.org/api/v2/
        $NugetRepositoryUrl      = "INTERNAL REPO URL",

### b. Chocolatey nupkg download url ###
#### This url should result in an immediate download when you navigate to it in
#### a web browser
        $ChocolateyNupkgUrl      = "INTERNAL REPO URL/package/chocolatey.1.1.0.nupkg",

### c. Internal Repository Credential ###
#### If required, add the repository access credential here
#        $NugetRepositoryCredential = [PSCredential]::new(
#            "username",
#            ("password" | ConvertTo-SecureString -AsPlainText -Force)
#        ),

### d. Install.ps1 URL
#### The path to the hosted install script:
        $ChocolateyInstallPs1Url = "https://community.chocolatey.org/install.ps1"

### e. Chocolatey Central Management (CCM) ###
#### If using CCM to manage Chocolatey, add the following:
#### i. Endpoint URL for CCM
#        $ChocolateyCentralManagementUrl = "https://chocolatey-central-management:24020/ChocolateyManagementService",

#### ii. If using a Client Salt, add it here
#        $ChocolateyCentralManagementClientSalt = "clientsalt",

#### iii. If using a Service Salt, add it here
#        $ChocolateyCentralManagementServiceSalt = "servicesalt"
    )
    Import-DscResource -ModuleName PSDesiredStateConfiguration
    Import-DscResource -ModuleName cChoco

    Node 'localhost' {
## 3. ENSURE CHOCOLATEY IS INSTALLED ##
### Ensure Chocolatey is installed from your internal repository
        Environment chocoDownloadUrl {
            Name  = "chocolateyDownloadUrl"
            Value = $ChocolateyNupkgUrl
        }

        cChocoInstaller installChocolatey {
            DependsOn = "[Environment]chocoDownloadUrl"
            InstallDir = Join-Path $env:ProgramData "chocolatey"
            ChocoInstallScriptUrl = $ChocolateyInstallPs1Url
        }

## 4. CONFIGURE CHOCOLATEY BASELINE ##
### a. FIPS Feature ###
#### If you need FIPS compliance - make this the first thing you configure
#### before you do any additional configuration or package installations
#        cChocoFeature featureFipsCompliance {
#            FeatureName = "useFipsCompliantChecksums"
#        }

### b. Apply Recommended Configuration ###

#### Move cache location so Chocolatey is very deterministic about
#### cleaning up temporary data and the location is secured to admins
        cChocoConfig cacheLocation {
            DependsOn  = "[cChocoInstaller]installChocolatey"
            ConfigName = "cacheLocation"
            Value      = "C:\ProgramData\chocolatey\cache"
        }

#### Increase timeout to at least 4 hours
        cChocoConfig commandExecutionTimeoutSeconds {
            DependsOn  = "[cChocoInstaller]installChocolatey"
            ConfigName = "commandExecutionTimeoutSeconds"
            Value      = 14400
        }

#### Turn off download progress when running choco through integrations
        cChocoFeature showDownloadProgress {
            DependsOn   = "[cChocoInstaller]installChocolatey"
            FeatureName = "showDownloadProgress"
            Ensure      = "Absent"
        }

### c. Sources ###
#### Remove the default community package repository source
        cChocoSource removeCommunityRepository {
            DependsOn  = "[cChocoInstaller]installChocolatey"
            Name       = "chocolatey"
            Ensure     = "Absent"
        }

#### Add internal default sources
#### You could have multiple sources here, so we will provide an example
#### of one using the remote repo variable here.
#### NOTE: This EXAMPLE may require changes
        cChocoSource addInternalSource {
            DependsOn  = "[cChocoInstaller]installChocolatey"
            Name        = "ChocolateyInternal"
            Source      = $NugetRepositoryUrl
            Credentials = $NugetRepositoryCredential
            Priority    = 1
        }

### b. Keep Chocolatey Up To Date ###
#### Keep chocolatey up to date based on your internal source
#### You control the upgrades based on when you push an updated version
####  to your internal repository.
#### Note the source here is to the OData feed, similar to what you see
####  when you browse to https://community.chocolatey.org/api/v2/
        cChocoPackageInstaller updateChocolatey {
            DependsOn   = "[cChocoSource]addInternalSource", "[cChocoSource]removeCommunityRepository"
            Name        = "chocolatey"
            AutoUpgrade = $true
        }

## 5. ENSURE CHOCOLATEY FOR BUSINESS ##
### If you don't have Chocolatey for Business (C4B), you'll want to remove from here down.

### a. Ensure The License File Is Installed ###
#### Create a license package using script from https://docs.chocolatey.org/en-us/how-tos/setup-offline-installation#exercise-4-create-a-package-for-the-license
        cChocoPackageInstaller chocolateyLicense {
            DependsOn = "[cChocoPackageInstaller]updateChocolatey"
            Name      = "chocolatey-license"
        }

### b. Disable The Licensed Source ###
#### The licensed source cannot be removed, so it must be disabled.
#### This must occur after the license has been set by the license package.
        Script disableLicensedSource {
            DependsOn  = "[cChocoPackageInstaller]chocolateyLicense"
            GetScript  = {
                $Source = choco source list --limitoutput | `
                    ConvertFrom-Csv -Delimiter '|' -Header Name, Source, Disabled | `
                    Where-Object Name -eq "chocolatey.licensed"

                return @{
                    Result = if ($Source) {
                        [bool]::Parse($Source.Disabled)
                    } else {
                        Write-Warning "Source 'chocolatey.licensed' was not present."
                        $true  # Source does not need disabling
                    }
                }
            }
            SetScript  = {
                $null = choco source disable --name "chocolatey.licensed"
            }
            TestScript = {
                $State = [ScriptBlock]::Create($GetScript).Invoke()
                return $State.Result
            }
        }

### c. Ensure Chocolatey Licensed Extension ###
#### You will have downloaded the licensed extension to your internal repository
#### as you have disabled the licensed repository in step 5b.

#### Ensure the chocolatey.extension package (aka Chocolatey Licensed Extension)
        cChocoPackageInstaller chocolateyLicensedExtension {
            DependsOn = "[Script]disableLicensedSource"
            Name      = "chocolatey.extension"
        }

#### The Chocolatey Licensed Extension unlocks all of the following, which also have configuration/feature items available with them. You may want to visit the feature pages to see what you might want to also enable:
#### - Package Builder - https://docs.chocolatey.org/en-us/features/paid/package-builder
#### - Package Internalizer - https://docs.chocolatey.org/en-us/features/paid/package-internalizer
#### - Package Synchronization (3 components) - https://docs.chocolatey.org/en-us/features/paid/package-synchronization
#### - Package Reducer - https://docs.chocolatey.org/en-us/features/paid/package-reducer
#### - Package Audit - https://docs.chocolatey.org/en-us/features/paid/package-audit
#### - Package Throttle - https://docs.chocolatey.org/en-us/features/paid/package-throttle
#### - CDN Cache Access - https://docs.chocolatey.org/en-us/features/paid/private-cdn
#### - Branding - https://docs.chocolatey.org/en-us/features/paid/branding
#### - Self-Service Anywhere (more components will need to be installed and additional configuration will need to be set) - https://docs.chocolatey.org/en-us/features/paid/self-service-anywhere
#### - Chocolatey Central Management (more components will need to be installed and additional configuration will need to be set) - https://docs.chocolatey.org/en-us/features/paid/chocolatey-central-management
#### - Other - https://docs.chocolatey.org/en-us/features/paid/

### d. Ensure Self-Service Anywhere ###
#### If you have desktop clients where users are not administrators, you may
#### to take advantage of deploying and configuring Self-Service anywhere
        cChocoFeature hideElevatedWarnings {
            DependsOn   = "[cChocoPackageInstaller]chocolateyLicensedExtension"
            FeatureName = "showNonElevatedWarnings"
            Ensure      = "Absent"
        }

        cChocoFeature useBackgroundService {
            DependsOn   = "[cChocoPackageInstaller]chocolateyLicensedExtension"
            FeatureName = "useBackgroundService"
            Ensure      = "Present"
        }

        cChocoFeature useBackgroundServiceWithNonAdmins {
            DependsOn   = "[cChocoPackageInstaller]chocolateyLicensedExtension"
            FeatureName = "useBackgroundServiceWithNonAdministratorsOnly"
            Ensure      = "Present"
        }

        cChocoFeature useBackgroundServiceUninstallsForUserInstalls {
            DependsOn   = "[cChocoPackageInstaller]chocolateyLicensedExtension"
            FeatureName = "allowBackgroundServiceUninstallsFromUserInstallsOnly"
            Ensure      = "Present"
        }

        cChocoConfig allowedBackgroundServiceCommands {
            DependsOn   = "[cChocoFeature]useBackgroundService"
            ConfigName = "backgroundServiceAllowedCommands"
            Value       = "install,upgrade,uninstall"
        }

### e. Ensure Chocolatey Central Management ###
#### If you want to manage and report on endpoints, you can set up and configure
### Central Management. There are multiple portions to manage, so you'll see
### a section on agents here along with notes on how to configure the server
### side components.
        if ($ChocolateyCentralManagementUrl) {
            cChocoPackageInstaller chocolateyAgent {
                DependsOn = "[cChocoPackageInstaller]chocolateyLicensedExtension"
                Name      = "chocolatey-agent"
            }

            cChocoConfig centralManagementServiceUrl {
                DependsOn   = "[cChocoPackageInstaller]chocolateyAgent"
                ConfigName = "CentralManagementServiceUrl"
                Value       = $ChocolateyCentralManagementUrl
            }

            if ($ChocolateyCentralManagementClientSalt) {
                cChocoConfig centralManagementClientSalt {
                    DependsOn  = "[cChocoPackageInstaller]chocolateyAgent"
                    ConfigName = "centralManagementClientCommunicationSaltAdditivePassword"
                    Value      = $ChocolateyCentralManagementClientSalt
                }
            }

            if ($ChocolateyCentralManagementServiceSalt) {
                cChocoConfig centralManagementServiceSalt {
                    DependsOn  = "[cChocoPackageInstaller]chocolateyAgent"
                    ConfigName = "centralManagementServiceCommunicationSaltAdditivePassword"
                    Value      = $ChocolateyCentralManagementServiceSalt
                }
            }

            cChocoFeature useCentralManagement {
                DependsOn   = "[cChocoPackageInstaller]chocolateyAgent"
                FeatureName = "useChocolateyCentralManagement"
                Ensure      = "Present"
            }

            cChocoFeature useCentralManagementDeployments {
                DependsOn   = "[cChocoPackageInstaller]chocolateyAgent"
                FeatureName = "useChocolateyCentralManagementDeployments"
                Ensure      = "Present"
            }
        }
    }
}

# If working this into an existing configuration with a good method for
$ConfigData = @{
    AllNodes = @(
        @{
            NodeName                    = "localhost"
            PSDscAllowPlainTextPassword = $true
        }
    )
}

try {
    Push-Location $env:Temp
    $Config = ChocolateyConfig -ConfigurationData $ConfigData
    Start-DscConfiguration -Path $Config.PSParentPath -Wait -Verbose -Force
} finally {
    Pop-Location
}

Requires Puppet Chocolatey Provider module. See docs at https://forge.puppet.com/puppetlabs/chocolatey.

If Applicable - Chocolatey Configuration/Installation


## 1. REQUIREMENTS ##
### Here are the requirements necessary to ensure this is successful.

### a. Internal/Private Cloud Repository Set Up ###
#### You'll need an internal/private cloud repository you can use. These are
####  generally really quick to set up and there are quite a few options.
####  Chocolatey Software recommends Nexus, Artifactory Pro, or ProGet as they
####  are repository servers and will give you the ability to manage multiple
####  repositories and types from one server installation.

### b. Download Chocolatey Package and Put on Internal Repository ###
#### You need to have downloaded the Chocolatey package as well.
####  Please see https://chocolatey.org/install#organization

### c. Other Requirements ###
#### i. Requires puppetlabs/chocolatey module
####  See https://forge.puppet.com/puppetlabs/chocolatey


## 2. TOP LEVEL VARIABLES ##
### a. Your internal repository url (the main one). ###
####  Should be similar to what you see when you browse
#### to https://community.chocolatey.org/api/v2/
$_repository_url = 'INTERNAL REPO URL'

### b. Chocolatey nupkg download url ###
#### This url should result in an immediate download when you navigate to it in
#### a web browser
$_choco_download_url = 'INTERNAL REPO URL/package/chocolatey.1.1.0.nupkg'

### c. Chocolatey Central Management (CCM) ###
#### If using CCM to manage Chocolatey, add the following:
#### i. Endpoint URL for CCM
# $_chocolatey_central_management_url = 'https://chocolatey-central-management:24020/ChocolateyManagementService'

#### ii. If using a Client Salt, add it here
# $_chocolatey_central_management_client_salt = "clientsalt"

#### iii. If using a Service Salt, add it here
# $_chocolatey_central_management_service_salt = 'servicesalt'


## 3. ENSURE CHOCOLATEY IS INSTALLED ##
### Ensure Chocolatey is installed from your internal repository
### Note: `chocolatey_download_url is completely different than normal
###  source locations. This is directly to the bare download url for the
###  chocolatey.nupkg, similar to what you see when you browse to
###  https://community.chocolatey.org/api/v2/package/chocolatey
class {'chocolatey':
  chocolatey_download_url => $_choco_download_url,
  use_7zip                => false,
}


## 4. CONFIGURE CHOCOLATEY BASELINE ##
### a. FIPS Feature ###
#### If you need FIPS compliance - make this the first thing you configure
#### before you do any additional configuration or package installations

#chocolateyfeature {'useFipsCompliantChecksums':
#  ensure => enabled,
#}

### b. Apply Recommended Configuration ###

#### Move cache location so Chocolatey is very deterministic about
#### cleaning up temporary data and the location is secured to admins
chocolateyconfig {'cacheLocation':
  value => 'C:\ProgramData\chocolatey\cache',
}

#### Increase timeout to at least 4 hours
chocolateyconfig {'commandExecutionTimeoutSeconds':
  value => '14400',
}

#### Turn off download progress when running choco through integrations
chocolateyfeature {'showDownloadProgress':
  ensure => disabled,
}

### c. Sources ###
#### Remove the default community package repository source
chocolateysource {'chocolatey':
  ensure   => absent,
  location => 'https://community.chocolatey.org/api/v2/',
}

#### Add internal default sources
#### You could have multiple sources here, so we will provide an example
#### of one using the remote repo variable here

#### NOTE: This EXAMPLE requires changes
chocolateysource {'internal_chocolatey':
  ensure             => present,
  location           => $_repository_url,
  priority           => 1,
  username           => 'optional',
  password           => 'optional,not ensured',
  bypass_proxy       => true,
  admin_only         => false,
  allow_self_service => false,
}

### b. Keep Chocolatey Up To Date ###
#### Keep chocolatey up to date based on your internal source
#### You control the upgrades based on when you push an updated version
####  to your internal repository.
#### Note the source here is to the OData feed, similar to what you see
####  when you browse to https://community.chocolatey.org/api/v2/

package {'chocolatey':
  ensure   => latest,
  provider => chocolatey,
  source   => $_repository_url,
}


## 5. ENSURE CHOCOLATEY FOR BUSINESS ##
### If you don't have Chocolatey for Business (C4B), you'll want to remove from here down.

### a. Ensure The License File Is Installed ###
#### Create a license package using script from https://docs.chocolatey.org/en-us/guides/organizations/organizational-deployment-guide#exercise-4-create-a-package-for-the-license

# TODO: Add resource for installing/ensuring the chocolatey-license package
package {'chocolatey-license':
  ensure   => latest,
  provider => chocolatey,
  source   => $_repository_url,
}

### b. Disable The Licensed Source ###
#### The licensed source cannot be removed, so it must be disabled.
#### This must occur after the license has been set by the license package.
## Disabled sources still need all other attributes until
## https://tickets.puppetlabs.com/browse/MODULES-4449 is resolved.
## Password is necessary with user, but not ensurable, so it should not
## matter what it is set to here. If you ever do get into trouble here,
## the password is your license GUID.
chocolateysource {'chocolatey.licensed':
  ensure   => disabled,
  priority => '10',
  user     => 'customer',
  password => '1234',
  require  => Package['chocolatey-license'],
}

### c. Ensure Chocolatey Licensed Extension ###
#### You will have downloaded the licensed extension to your internal repository
#### as you have disabled the licensed repository in step 5b.

#### Ensure the chocolatey.extension package (aka Chocolatey Licensed Extension)
package {'chocolatey.extension':
  ensure   => latest,
  provider => chocolatey,
  source   => $_repository_url,
  require  => Package['chocolatey-license'],
}

#### The Chocolatey Licensed Extension unlocks all of the following, which also have configuration/feature items available with them. You may want to visit the feature pages to see what you might want to also enable:
#### - Package Builder - https://docs.chocolatey.org/en-us/features/paid/package-builder
#### - Package Internalizer - https://docs.chocolatey.org/en-us/features/paid/package-internalizer
#### - Package Synchronization (3 components) - https://docs.chocolatey.org/en-us/features/paid/package-synchronization
#### - Package Reducer - https://docs.chocolatey.org/en-us/features/paid/package-reducer
#### - Package Audit - https://docs.chocolatey.org/en-us/features/paid/package-audit
#### - Package Throttle - https://docs.chocolatey.org/en-us/features/paid/package-throttle
#### - CDN Cache Access - https://docs.chocolatey.org/en-us/features/paid/private-cdn
#### - Branding - https://docs.chocolatey.org/en-us/features/paid/branding
#### - Self-Service Anywhere (more components will need to be installed and additional configuration will need to be set) - https://docs.chocolatey.org/en-us/features/paid/self-service-anywhere
#### - Chocolatey Central Management (more components will need to be installed and additional configuration will need to be set) - https://docs.chocolatey.org/en-us/features/paid/chocolatey-central-management
#### - Other - https://docs.chocolatey.org/en-us/features/paid/

### d. Ensure Self-Service Anywhere ###
#### If you have desktop clients where users are not administrators, you may
#### to take advantage of deploying and configuring Self-Service anywhere
chocolateyfeature {'showNonElevatedWarnings':
  ensure => disabled,
}

chocolateyfeature {'useBackgroundService':
  ensure => enabled,
}

chocolateyfeature {'useBackgroundServiceWithNonAdministratorsOnly':
  ensure => enabled,
}

chocolateyfeature {'allowBackgroundServiceUninstallsFromUserInstallsOnly':
  ensure => enabled,
}

chocolateyconfig {'backgroundServiceAllowedCommands':
  value => 'install,upgrade,uninstall',
}

### e. Ensure Chocolatey Central Management ###
#### If you want to manage and report on endpoints, you can set up and configure
### Central Management. There are multiple portions to manage, so you'll see
### a section on agents here along with notes on how to configure the server
### side components.
if $_chocolatey_central_management_url {
  package {'chocolatey-agent':
    ensure   => latest,
    provider => chocolatey,
    source   => $_repository_url,
    require  => Package['chocolatey-license'],
  }

  chocolateyconfig {'CentralManagementServiceUrl':
    value   => $_chocolatey_central_management_url,
  }

  if $_chocolatey_central_management_client_salt {
    chocolateyconfig {'centralManagementClientCommunicationSaltAdditivePassword':
      value => $_chocolatey_central_management_client_salt,
    }
  }

  if $_chocolatey_central_management_service_salt {
    chocolateyconfig {'centralManagementClientCommunicationSaltAdditivePassword':
      value => $_chocolatey_central_management_client_salt,
    }
  }

  chocolateyfeature {'useChocolateyCentralManagement':
    ensure  => enabled,
    require => Package['chocolatey-agent'],
  }

  chocolateyfeature {'useChocolateyCentralManagementDeployments':
    ensure  => enabled,
    require => Package['chocolatey-agent'],
  }
}

Need Help? View our docs or file an issue.

There is already a version of this package in your Script Builder

Current Version	New Version

Passing
Failing
Pending
Unknown / Exempted

Downloads:

112

Downloads of v 1.0:

112

Last Update:

03 Mar 2021

Package Maintainer(s):

Justaus3r

Software Author(s):

Justaus3r

Tags:

Hashes Crack SAM-file command-line

Hash-R

1.0 | Updated: 03 Mar 2021

Downloads:

112

Downloads of v 1.0:

112

Maintainer(s):

Justaus3r

Software Author(s):

Justaus3r

Tags:

Hashes Crack SAM-file command-line

1

2

3

Hash-R 1.0

Some Checks Have Failed or Are Not Yet Complete

Not All Tests Have Passed

Hide Checks

Validation Testing Passed

Verification Testing Passed

Details

Scan Testing Resulted in Flagged:

This package was submitted (and approved) prior to automated virus scanning integration into the package moderation processs.

We recommend clicking the "Details" link to make your own decision on installing this package.

Details

Learn More

Deployment Method: Individual Install, Upgrade, & Uninstall

To install Hash-R, run the following command from the command line or from PowerShell:

To upgrade Hash-R, run the following command from the command line or from PowerShell:

To uninstall Hash-R, run the following command from the command line or from PowerShell:

📝 NOTE: This applies to both open source and commercial editions of Chocolatey.

1. Enter Your Internal Repository Url

(this should look similar to https://community.chocolatey.org/api/v2/)

2. Setup Your Environment

1. Ensure you are set for organizational deployment

Please see the organizational deployment guide

2. Get the package into your environment

Option 1: Cached Package (Unreliable, Requires Internet - Same As Community)

Open Source or Commercial:
- Proxy Repository - Create a proxy nuget repository on Nexus, Artifactory Pro, or a proxy Chocolatey repository on ProGet. Point your upstream to https://community.chocolatey.org/api/v2/. Packages cache on first access automatically. Make sure your choco clients are using your proxy repository as a source and NOT the default community repository. See source command for more information.
- You can also just download the package and push it to a repository Download

Option 2: Internalized Package (Reliable, Scalable)

Open Source
- Download the package:
  Download
- Follow manual internalization instructions

Package Internalizer (C4B)

Run: (additional options)

choco download hash-r --internalize --source=https://community.chocolatey.org/api/v2/

For package and dependencies run:

choco push --source="'INTERNAL REPO URL'"

Automate package internalization

3. Copy Your Script

choco upgrade hash-r -y --source="'INTERNAL REPO URL'" [other options]

See options you can pass to upgrade.

See best practices for scripting.

Add this to a PowerShell script or use a Batch script with tools and in places where you are calling directly to Chocolatey. If you are integrating, keep in mind enhanced exit codes.

If you do use a PowerShell script, use the following to ensure bad exit codes are shown as failures:


choco upgrade hash-r -y --source="'INTERNAL REPO URL'" 
$exitCode = $LASTEXITCODE

Write-Verbose "Exit code was $exitCode"
$validExitCodes = @(0, 1605, 1614, 1641, 3010)
if ($validExitCodes -contains $exitCode) {
  Exit 0
}

Exit $exitCode


- name: Install hash-r
  win_chocolatey:
    name: hash-r
    version: '1.0'
    source: INTERNAL REPO URL
    state: present

See docs at https://docs.ansible.com/ansible/latest/modules/win_chocolatey_module.html.


chocolatey_package 'hash-r' do
  action    :install
  source   'INTERNAL REPO URL'
  version  '1.0'
end

See docs at https://docs.chef.io/resource_chocolatey_package.html.


cChocoPackageInstaller hash-r
{
    Name     = "hash-r"
    Version  = "1.0"
    Source   = "INTERNAL REPO URL"
}

Requires cChoco DSC Resource. See docs at https://github.com/chocolatey/cChoco.


package { 'hash-r':
  ensure   => '1.0',
  provider => 'chocolatey',
  source   => 'INTERNAL REPO URL',
}

Requires Puppet Chocolatey Provider module. See docs at https://forge.puppet.com/puppetlabs/chocolatey.

4. If applicable - Chocolatey configuration/installation

See infrastructure management matrix for Chocolatey configuration elements and examples.

This package was approved by moderator flcdrg on 08 Mar 2021.

Description

Description:

Hash-R is a simple tool to crack various hashes and has the ability to retrieve SAM(The Security Account Manager (SAM) is a database file in Windows XP, Windows Vista, Windows 7, 8.1 and 10 that stores users' passwords) file from registry.

For more details, visit the GitHub repro.

Files

bin\banner\banner1

bin\banner\banner10

bin\banner\banner2

bin\banner\banner3

bin\banner\banner4

bin\banner\banner5

bin\banner\banner6

bin\banner\banner7

bin\banner\banner8

bin\banner\banner9

bin\Exo.exe

md5: B4BB4727F022223F06964D7E698795C8 | sha1: 8C550A0E478EFC141A72B42DEF386F5CF5B88269 | sha256: 9685E49BB4B21B422351D0CCFD292D765FA7174AE2971327DC35E33C1A6E30AA | sha512: A85634F9A8F3AB7319BE9E5EFDB5E8984DC58CFB0C02B9BF164366DA02E7EA0580AD072D943CFF6D10ECF2B4585B004664D31C26E1EE2E68C22F029CE70AEFB2

bin\Hash-R.bat

@echo off 
title Hash-R
color 0b
cd /d "%~dp0"
::you can add more banner's in banner directory then increase the maxvalue accordingly
SET maxvalue=10
SET minvalue=1
SETLOCAL 
SET /A tmpRandom=((%RANDOM%)%%(%maxvalue%))+(%minvalue%)
type "banner\banner%tmpRandom%"
"%~dp0Exo.exe" /M:2:1 /C:0e /T:********************************* && echo.
"%~dp0Exo.exe" /M:2:1 /C:0e /T: Hash cracking tool  && echo.
"%~dp0Exo.exe" /M:2:1 /C:0c /T: Hey! /M:2:1 /C:0e /T: yeah you,am /M:2:1 /C:0c /T: not /M:2:1 /C:0e /T: responsible && echo. 
"%~dp0Exo.exe" /M:2:1 /C:0e /T: for your naughty work. && echo.
"%~dp0Exo.exe" /M:2:1 /C:0e /T:********************************* && echo.
ping localhost -n 2 >nul
setlocal enabledelayedexpansion

:Main
	:: Build the menu one time
	call :Build-Menu "MyMainMenu" MainMenu

:ShowMainMenu	
	echo.
	"%~dp0Exo.exe" /M:2:1 /C:0a /T:- /M:2:1 /C:0b /T:- /M:2:1 /C:0c /T:- /M:2:1 /C:0d /T:- /M:2:1 /C:0e /T:- /M:2:1 /C:0f /T: -
    "%~dp0Exo.exe" /M:2:1 /C:0e /T:CONTROL PANEL
    "%~dp0Exo.exe" /M:2:1 /C:0a /T:- /M:2:1 /C:0b /T:- /M:2:1 /C:0c /T:- /M:2:1 /C:0d /T:- /M:2:1 /C:0e /T:- /M:2:1 /C:0f /T: -
	echo.
    echo.
	call :Display-Menu MainMenu "'------------Choose your option" R1
	
	call %R1%

	goto ShowMainMenu



:: Build the menu
:Build-Menu <1=Menu-Prefix> <2=MenuVar-Out>
	set nmenu=1
	for /F "tokens=1*" %%a in ('findstr /c:":%~1-" /b "%~f0"') do (
		set Menu-%~2-N[!nmenu!]=%%a
		set Menu-%~2-Text[!nmenu!]=%%b

		set /A nmenu+=1
	)

	set /a Menu%~2=%nmenu%-1

	set nmenu=
	
	:: Return the number of menu items built
	exit /b %nmenu%

:: Show a menu
:Display-Menu <1=MenuVar-In> <2=Prompt-Text> <3=Dispatch-Label-Out>
	setlocal
	set choices=
	for /l %%a in (1, 1, !Menu%~1!) do (
		for /f "tokens=2 delims=-" %%b in ("!Menu-%~1-N[%%a]!") do (
			set choice=%%b
			set choices=!choices!!choice!
		)
		echo ^!choice!^) !Menu-%~1-Text[%%a]!
	)
	choice /C:%choices% /M "%~2"
	(
		endlocal
		set %~3=!Menu-%~1-N[%errorlevel%]!
		exit /b 0
	)


:MyMainMenu-A Crack MD2
"%~dp0Exo.exe" /M:2:1 /C:0a /T:Choose a password file 
"%~dp0Exo.exe" /M:2:1 /C:0c /T:(FILENAME SHOULD BE WITHOUT WHITESPACES):
echo.
"%~dp0Exo.exe" /M:2:1 /C:0d /T:----- && echo.
"%~dp0Exo.exe" /M:2:1 /C:0d /T:    ^| && echo.
"%~dp0Exo.exe" /M:2:1 /C:0d /T:    ^| && echo.
"%~dp0Exo.exe" /M:2:1 /C:0d /T:    ^| && echo.
"%~dp0Exo.exe" /M:2:1 /C:0d /T:     -------- /M:2:1 /C:0e /T:$/M:2:1 /C:0d /T:PATH:
set/p file=
"%~dp0Exo.exe" /M:2:1 /C:0d /T:Do you want to edit target hash file:
set choicee=
set /p choicee=
if not '%choicee%'=='' set choicee=%choicee:~0,1%
if '%choicee%'=='y' goto edit_hashfile_md2
if '%choicee%'=='n' goto crackmd2
if '%choicee%'=='Y' goto edit_hashfile_md2
if '%choicee%'=='N' goto crackmd2
:edit_hashfile_md2
notepad md2\hash.txt
goto crackmd2
:crackmd2
cd md2
call MD2CrackeR.bat %file%
pause
 exit
:MyMainMenu-B Crack MD4
 "%~dp0Exo.exe" /M:2:1 /C:0a /T:Choose a password file 
"%~dp0Exo.exe" /M:2:1 /C:0c /T:(FILENAME SHOULD BE WITHOUT WHITESPACES):
echo.
"%~dp0Exo.exe" /M:2:1 /C:0d /T:----- && echo.
"%~dp0Exo.exe" /M:2:1 /C:0d /T:    ^| && echo.
"%~dp0Exo.exe" /M:2:1 /C:0d /T:    ^| && echo.
"%~dp0Exo.exe" /M:2:1 /C:0d /T:    ^| && echo.
"%~dp0Exo.exe" /M:2:1 /C:0d /T:     -------- /M:2:1 /C:0e /T:$/M:2:1 /C:0d /T:PATH:
set/p file=
"%~dp0Exo.exe" /M:2:1 /C:0d /T:Do you want to edit targeted hash file:
set choicee=
set /p choicee=
if not '%choicee%'=='' set choicee=%choicee:~0,1%
if '%choicee%'=='y' goto edit_hashfile_md4
if '%choicee%'=='n' goto crackmd4
if '%choicee%'=='Y' goto edit_hashfile_md4
if '%choicee%'=='N' goto crackmd4
:edit_hashfile_md4
notepad md4\hash.txt
goto crackmd4
:crackmd4
cd md4
call MD4CrackeR.bat %file%
pause
 exit
:MyMainMenu-C Crack MD5
"%~dp0Exo.exe" /M:2:1 /C:0a /T:Choose a password file 
"%~dp0Exo.exe" /M:2:1 /C:0c /T:(FILENAME SHOULD BE WITHOUT WHITESPACES):
echo.
"%~dp0Exo.exe" /M:2:1 /C:0d /T:----- && echo.
"%~dp0Exo.exe" /M:2:1 /C:0d /T:    ^| && echo.
"%~dp0Exo.exe" /M:2:1 /C:0d /T:    ^| && echo.
"%~dp0Exo.exe" /M:2:1 /C:0d /T:    ^| && echo.
"%~dp0Exo.exe" /M:2:1 /C:0d /T:     -------- /M:2:1 /C:0e /T:$/M:2:1 /C:0d /T:PATH:
set/p file=
"%~dp0Exo.exe" /M:2:1 /C:0d /T:Do you want to edit targeted hash file:
set choicee=
set /p choicee=
if not '%choicee%'=='' set choicee=%choicee:~0,1%
if '%choicee%'=='y' goto edit_hashfile_md5
if '%choicee%'=='n' goto crackmd5
if '%choicee%'=='Y' goto edit_hashfile_md5
if '%choicee%'=='N' goto crackmd5
:edit_hashfile_md5
notepad md5\hash.txt
goto crackmd5
:crackmd5
cd md5
call MD5CrackeR.bat %file%
pause
 exit
:MyMainMenu-D Crack NTLM
 "%~dp0Exo.exe" /M:2:1 /C:0a /T:Choose a password file 
"%~dp0Exo.exe" /M:2:1 /C:0c /T:(FILENAME SHOULD BE WITHOUT WHITESPACES):
echo.
"%~dp0Exo.exe" /M:2:1 /C:0d /T:----- && echo.
"%~dp0Exo.exe" /M:2:1 /C:0d /T:    ^| && echo.
"%~dp0Exo.exe" /M:2:1 /C:0d /T:    ^| && echo.
"%~dp0Exo.exe" /M:2:1 /C:0d /T:    ^| && echo.
"%~dp0Exo.exe" /M:2:1 /C:0d /T:     -------- /M:2:1 /C:0e /T:$/M:2:1 /C:0d /T:PATH:
set/p file=
"%~dp0Exo.exe" /M:2:1 /C:0d /T:Do you want to edit targeted hash file:
set choicee=
set /p choicee=
if not '%choicee%'=='' set choicee=%choicee:~0,1%
if '%choicee%'=='y' goto edit_hashfile_ntlm
if '%choicee%'=='n' goto crackntlm
if '%choicee%'=='Y' goto edit_hashfile_ntlm
if '%choicee%'=='N' goto crackntlm
:edit_hashfile_ntlm
notepad ntlm\ntlm.txt
goto crackntlm
:crackntlm
cd ntlm
call NTLMCrackeR.bat %file%
pause
 exit
:MyMainMenu-E Crack SHA1
"%~dp0Exo.exe" /M:2:1 /C:0a /T:Choose a password file 
"%~dp0Exo.exe" /M:2:1 /C:0c /T:(FILENAME SHOULD BE WITHOUT WHITESPACES):
echo.
"%~dp0Exo.exe" /M:2:1 /C:0d /T:----- && echo.
"%~dp0Exo.exe" /M:2:1 /C:0d /T:    ^| && echo.
"%~dp0Exo.exe" /M:2:1 /C:0d /T:    ^| && echo.
"%~dp0Exo.exe" /M:2:1 /C:0d /T:    ^| && echo.
"%~dp0Exo.exe" /M:2:1 /C:0d /T:     -------- /M:2:1 /C:0e /T:$/M:2:1 /C:0d /T:PATH:
set/p file=
"%~dp0Exo.exe" /M:2:1 /C:0d /T:Do you want to edit targeted hash file:
set choicee=
set /p choicee=
if not '%choicee%'=='' set choicee=%choicee:~0,1%
if '%choicee%'=='y' goto edit_hashfile_sha1
if '%choicee%'=='n' goto cracksha1
if '%choicee%'=='Y' goto edit_hashfile_sha1
if '%choicee%'=='N' goto cracksha1
:edit_hashfile_sha1
notepad sha1\hash.txt
goto cracksha1
:cracksha1
cd sha1
call SHA1CrackeR.bat %file%
pause
 exit
:MyMainMenu-F Crack SHA256
"%~dp0Exo.exe" /M:2:1 /C:0a /T:Choose a password file 
"%~dp0Exo.exe" /M:2:1 /C:0c /T:(FILENAME SHOULD BE WITHOUT WHITESPACES):
echo.
"%~dp0Exo.exe" /M:2:1 /C:0d /T:----- && echo.
"%~dp0Exo.exe" /M:2:1 /C:0d /T:    ^| && echo.
"%~dp0Exo.exe" /M:2:1 /C:0d /T:    ^| && echo.
"%~dp0Exo.exe" /M:2:1 /C:0d /T:    ^| && echo.
"%~dp0Exo.exe" /M:2:1 /C:0d /T:     -------- /M:2:1 /C:0e /T:$/M:2:1 /C:0d /T:PATH:
set/p file=
"%~dp0Exo.exe" /M:2:1 /C:0d /T:Do you want to edit targeted hash file:
set choicee=
set /p choicee=
if not '%choicee%'=='' set choicee=%choicee:~0,1%
if '%choicee%'=='y' goto edit_hashfile_sha256
if '%choicee%'=='n' goto cracksha256
if '%choicee%'=='Y' goto edit_hashfile_sha256
if '%choicee%'=='N' goto cracksha256
:edit_hashfile_sha256
notepad sha256\hash.txt
goto cracksha256
:cracksha256
cd sha256
call SHA256CrackeR.bat %file%
pause
 exit
:MyMainMenu-G Crack SHA384
"%~dp0Exo.exe" /M:2:1 /C:0a /T:Choose a password file 
"%~dp0Exo.exe" /M:2:1 /C:0c /T:(FILENAME SHOULD BE WITHOUT WHITESPACES):
echo.
"%~dp0Exo.exe" /M:2:1 /C:0d /T:----- && echo.
"%~dp0Exo.exe" /M:2:1 /C:0d /T:    ^| && echo.
"%~dp0Exo.exe" /M:2:1 /C:0d /T:    ^| && echo.
"%~dp0Exo.exe" /M:2:1 /C:0d /T:    ^| && echo.
"%~dp0Exo.exe" /M:2:1 /C:0d /T:     -------- /M:2:1 /C:0e /T:$/M:2:1 /C:0d /T:PATH:
set/p file=
"%~dp0Exo.exe" /M:2:1 /C:0d /T:Do you want to edit targeted hash file:
set choicee=
set /p choicee=
if not '%choicee%'=='' set choicee=%choicee:~0,1%
if '%choicee%'=='y' goto edit_hashfile_sha384
if '%choicee%'=='n' goto cracksha384
if '%choicee%'=='Y' goto edit_hashfile_sha384
if '%choicee%'=='N' goto cracksha384
:edit_hashfile_sha384
notepad sha384\hash.txt
goto cracksha384
:cracksha384
cd sha384
call SHA384CrackeR.bat %file%
pause
 exit
:MyMainMenu-H Crack SHA512
"%~dp0Exo.exe" /M:2:1 /C:0a /T:Choose a password file 
"%~dp0Exo.exe" /M:2:1 /C:0c /T:(FILENAME SHOULD BE WITHOUT WHITESPACES):
echo.
"%~dp0Exo.exe" /M:2:1 /C:0d /T:----- && echo.
"%~dp0Exo.exe" /M:2:1 /C:0d /T:    ^| && echo.
"%~dp0Exo.exe" /M:2:1 /C:0d /T:    ^| && echo.
"%~dp0Exo.exe" /M:2:1 /C:0d /T:    ^| && echo.
"%~dp0Exo.exe" /M:2:1 /C:0d /T:     -------- /M:2:1 /C:0e /T:$/M:2:1 /C:0d /T:PATH:
set/p file=
"%~dp0Exo.exe" /M:2:1 /C:0d /T:Do you want to edit targeted hash file:
set choicee=
set /p choicee=
if not '%choicee%'=='' set choicee=%choicee:~0,1%
if '%choicee%'=='y' goto edit_hashfile_sha512
if '%choicee%'=='n' goto cracksha512
if '%choicee%'=='Y' goto edit_hashfile_sha512
if '%choicee%'=='N' goto cracksha512
:edit_hashfile_sha512
notepad sha512\hash.txt
goto cracksha512
:cracksha512
cd sha512
call SHA512CrackeR.bat %file%
pause
 exit
:MyMainMenu-I Retrieve Sam file(requires sudo privileges)
mkdir "%windir%\AdminCheck" 2>nul
if '%errorlevel%' == '0' rmdir "%windir%\AdminCheck" & call :gotPrivileges else call :getPrivileges
:getPrivileges
echo Invoking Uac for Privilege Escalation..
call "%~dp0runadmin.vbs" "%~dp0retsam.bat" 
exit
:gotPrivileges
call "%~dp0retsam.bat" 
exit
:MyMainMenu-J Help
cls
"%~dp0Exo.exe" /M:2:1 /C:0b /T:Help: && echo. && echo.
"%~dp0Exo.exe" /M:2:1 /C:0a /T:First choose the hash you want to crack. && echo.
"%~dp0Exo.exe" /M:2:1 /C:0a /T:then give the path for password file. && echo.
"%~dp0Exo.exe" /M:2:1 /C:0a /T:then edit the target hash file in which target hash will be stored && echo.
"%~dp0Exo.exe" /M:2:1 /C:0a /T:tool will start a bruteforce attack to crack the hash. && echo.
"%~dp0Exo.exe" /M:2:1 /C:0a /T:Please note that it depends on your luck, password file and time to crack the hash.  && echo.
pause
exit
:MyMainMenu-Q Quit
 exit

bin\LICENSE

bin\md2\Exo.exe

md5: B4BB4727F022223F06964D7E698795C8 | sha1: 8C550A0E478EFC141A72B42DEF386F5CF5B88269 | sha256: 9685E49BB4B21B422351D0CCFD292D765FA7174AE2971327DC35E33C1A6E30AA | sha512: A85634F9A8F3AB7319BE9E5EFDB5E8984DC58CFB0C02B9BF164366DA02E7EA0580AD072D943CFF6D10ECF2B4585B004664D31C26E1EE2E68C22F029CE70AEFB2

bin\md2\hash.txt

updateme

bin\md2\MD2CrackeR.bat

@echo off
CD /D "%~dp0"
set /p psh=<hash.txt
for /f %%a in (%1) do (
   call :funch %%a  
)
:funch
set userinput=%1
set "plaintext=%userinput%"
set "file=%temp%\%~n0.tmp"
set md2=

if not defined plaintext set /P "plaintext="

if exist "%plaintext%" (
    set "file=%plaintext%"
) else for %%I in ("%file%") do if %%~zI equ 0 (
    <NUL >"%file%" set /P "=%plaintext%"
)

for /f "skip=1 delims=" %%I in ('certutil -hashfile "%file%" MD2') do (
    if not defined md2 set "md2=%%I"
)

2>NUL del "%temp%\%~n0.tmp"

if  "%md2: =%" equ "%psh%" ( goto cracked) else ( goto notcracked)

:cracked
cls
"%~dp0Exo.exe" /M:2:1 /C:0b /T:Current Try:: /M:2:1 /C:0d /T: %userinput% /M:2:1 /C:0e /T:: /M:2:1 /C:0a /T: Success && echo.
"%~dp0Exo.exe" /M:2:1 /C:0a /T:Congratulation.Password has been cracked.it was /M:2:1 /C:0e /T: "%userinput%" && echo.
echo %userinput% >>C:\Users\%username%\Desktop\Cracked.txt
"%~dp0Exo.exe" /M:2:1 /C:0a /T: Saved the password in C:\Users\%username%\Desktop\Cracked.txt && echo.
pause
exit
:notcracked
"%~dp0Exo.exe" /M:2:1 /C:0b /T:Current Try:: /M:2:1 /C:0d /T: %userinput% /M:2:1 /C:0e /T:: /M:2:1 /C:0c /T: Failed && echo.

bin\md4\Exo.exe

md5: B4BB4727F022223F06964D7E698795C8 | sha1: 8C550A0E478EFC141A72B42DEF386F5CF5B88269 | sha256: 9685E49BB4B21B422351D0CCFD292D765FA7174AE2971327DC35E33C1A6E30AA | sha512: A85634F9A8F3AB7319BE9E5EFDB5E8984DC58CFB0C02B9BF164366DA02E7EA0580AD072D943CFF6D10ECF2B4585B004664D31C26E1EE2E68C22F029CE70AEFB2

bin\md4\hash.txt

updateme

bin\md4\MD4CrackeR.bat

@echo off
set /p psh=<hash.txt
for /f %%a in (%1) do (
   call :funch %%a  
)
:funch
set userinput=%1
set "plaintext=%userinput%"
set "file=%temp%\%~n0.tmp"
set md4=

if not defined plaintext set /P "plaintext="

if exist "%plaintext%" (
    set "file=%plaintext%"
) else for %%I in ("%file%") do if %%~zI equ 0 (
    <NUL >"%file%" set /P "=%plaintext%"
)

for /f "skip=1 delims=" %%I in ('certutil -hashfile "%file%" MD4') do (
    if not defined md4 set "md4=%%I"
)

2>NUL del "%temp%\%~n0.tmp"

if  "%md4: =%" equ "%psh%" ( goto cracked) else ( goto notcracked)

:cracked
cls
"%~dp0Exo.exe" /M:2:1 /C:0b /T:Current Try:: /M:2:1 /C:0d /T: %userinput% /M:2:1 /C:0e /T:: /M:2:1 /C:0a /T: Success && echo.
"%~dp0Exo.exe" /M:2:1 /C:0a /T:Congratulation.Password has been cracked.it was /M:2:1 /C:0e /T: "%userinput%" && echo.
echo %userinput% >>C:\Users\%username%\Desktop\Cracked.txt
"%~dp0Exo.exe" /M:2:1 /C:0a /T: Saved the password in C:\Users\%username%\Desktop\Cracked.txt && echo.
pause
exit
:notcracked
"%~dp0Exo.exe" /M:2:1 /C:0b /T:Current Try:: /M:2:1 /C:0d /T: %userinput% /M:2:1 /C:0e /T:: /M:2:1 /C:0c /T: Failed && echo.

bin\md5\Exo.exe

md5: B4BB4727F022223F06964D7E698795C8 | sha1: 8C550A0E478EFC141A72B42DEF386F5CF5B88269 | sha256: 9685E49BB4B21B422351D0CCFD292D765FA7174AE2971327DC35E33C1A6E30AA | sha512: A85634F9A8F3AB7319BE9E5EFDB5E8984DC58CFB0C02B9BF164366DA02E7EA0580AD072D943CFF6D10ECF2B4585B004664D31C26E1EE2E68C22F029CE70AEFB2

bin\md5\hash.txt

updateme

bin\md5\MD5CrackeR.bat

@echo off
set /p psh=<hash.txt
for /f %%a in (%1) do (
   call :funch %%a  
)
:funch
set userinput=%1
set "plaintext=%userinput%"
set "file=%temp%\%~n0.tmp"
set md5=

if not defined plaintext set /P "plaintext="

if exist "%plaintext%" (
    set "file=%plaintext%"
) else for %%I in ("%file%") do if %%~zI equ 0 (
    <NUL >"%file%" set /P "=%plaintext%"
)

for /f "skip=1 delims=" %%I in ('certutil -hashfile "%file%" MD5') do (
    if not defined md5 set "md5=%%I"
)

2>NUL del "%temp%\%~n0.tmp"

if  "%md5: =%" equ "%psh%" ( goto cracked) else ( goto notcracked)

:cracked
cls
"%~dp0Exo.exe" /M:2:1 /C:0b /T:Current Try:: /M:2:1 /C:0d /T: %userinput% /M:2:1 /C:0e /T:: /M:2:1 /C:0a /T: Success && echo.
"%~dp0Exo.exe" /M:2:1 /C:0a /T:Congratulation.Password has been cracked.it was /M:2:1 /C:0e /T: "%userinput%" && echo.
echo %userinput% >>C:\Users\%username%\Desktop\Cracked.txt
"%~dp0Exo.exe" /M:2:1 /C:0a /T: Saved the password in C:\Users\%username%\Desktop\Cracked.txt && echo.
pause
exit
:notcracked
"%~dp0Exo.exe" /M:2:1 /C:0b /T:Current Try:: /M:2:1 /C:0d /T: %userinput% /M:2:1 /C:0e /T:: /M:2:1 /C:0c /T: Failed && echo.

bin\ntlm\Exo.exe

md5: B4BB4727F022223F06964D7E698795C8 | sha1: 8C550A0E478EFC141A72B42DEF386F5CF5B88269 | sha256: 9685E49BB4B21B422351D0CCFD292D765FA7174AE2971327DC35E33C1A6E30AA | sha512: A85634F9A8F3AB7319BE9E5EFDB5E8984DC58CFB0C02B9BF164366DA02E7EA0580AD072D943CFF6D10ECF2B4585B004664D31C26E1EE2E68C22F029CE70AEFB2

bin\ntlm\HashConsole.exe

md5: D7C646A6DF655FE1E77EC35EC95D1539 | sha1: E741A3FE2E457641BAC6AF88A4E700DC715C86BA | sha256: A0B75B5AAE14ADA1F9CC2853DA31C046FB3F55B1D23F288819149795E1FCDCE6 | sha512: AD42259F9E5C3B83DB5B6AB2C94C4C759F47E17DCCD70E9F148A0E9C9C884B18CB690C20482173A12ABC9FD0B3E7899A707FEE9FE9E6A23716805FAD67310F51

bin\ntlm\ntlm.txt

updateme

bin\ntlm\NTLMCrackeR.bat

@echo off
setlocal enableextensions enabledelayedexpansion
set /p passhash=<ntlm.txt
::looping passwords to try everytime
for /f %%a in (%1) do (
   call :funch %%a  
)
::using hashconsole to extract and filter ntlm hash of our passwords and storing them in variable
:funch
set userinput=%1
set "plaintext=%userinput%"
for /f "tokens=1-2 delims=NTLM" %%a in ('HashConsole.exe -t %plaintext%^|find "NTLM"') do set ntlmh=%%b
echo %ntlmh% >>nth.txt
set "num=32"
set /a num=%num%+1

for /f "delims=" %%f in (nth.txt) do (
set a=%%f
echo !a:~31,%num%! >>ntlh.txt
set /p ntlmhash=<ntlh.txt
del ntlh.txt
del nth.txt
)
::Validating hashes,if a hash is matched then the password against it is thrown as the cracked password.
if %passhash% equ %ntlmhash% ( goto cracked) else ( goto  error)
:error
"%~dp0Exo.exe" /M:2:1 /C:0b /T:Current Try:: /M:2:1 /C:0d /T: %userinput% /M:2:1 /C:0e /T:: /M:2:1 /C:0c /T: Failed && echo.
goto :EOF
:cracked
cls
"%~dp0Exo.exe" /M:2:1 /C:0b /T:Current Try:: /M:2:1 /C:0d /T: %userinput% /M:2:1 /C:0e /T:: /M:2:1 /C:0a /T: Success && echo.
"%~dp0Exo.exe" /M:2:1 /C:0a /T:Congratulation.Password has been cracked.it was /M:2:1 /C:0e /T: "%userinput%" && echo.
echo %userinput% >>C:\Users\%username%\Desktop\Cracked.txt
"%~dp0Exo.exe" /M:2:1 /C:0a /T: Saved the password in C:\Users\%username%\Desktop\Cracked.txt && echo.
pause
exit

bin\Plz Disable antivirus.txt

Please disable Antivirus software as it may detect some of its file's as malware(false positive).there is
no harm in this tool if you don't believe then you are welcomed not to use this tool :).

bin\README.md

### Readme.md 👋
## Hash-R
![License](https://img.shields.io/badge/License-GPL3.0-<brightgreen>)
![Contribution](https://img.shields.io/badge/Contributions-Welcome-<brightgreen>)
![Status](https://img.shields.io/badge/Status-Alive-<brightgreen>)

Hash-R is a command line tool that can be used to crack various hashes such as md2,md4,sha1 and much more.
it can also retrieve sam file.there  is a version of mimikatz to dump hashes from SAM file.
#### Hashes supported/features:
- MD2
- MD4
- MD5
- SHA1
- SHA256
- SHA384
- SHA512
- NTLM
- Retrieve sam file from registry.
- Cool random banner's
#### Screenshot:
![screenshot](https://drive.google.com/uc?export=download&id=1Nazpx6g5g50CW8O-ZhuR0PUyLTrEehif)
### Note:
Please disable your anti-virus software before using this tool becuase it might delete some file's and the tool won't work properly.there is no harm in this tool but if you don't believe me then you are welcomed not to use this tool.
### limitations/known issues:
- Issues with some special character's in a file.
- Can crack only 1 hash at a time(to crack multiple hashes you would need to start another session)/no Multithreading.
### Changelog:

| Date:         | Comment:         | 
| ------------- |:-------------:   | 
| 22-jan-2021   | Initial Release  | 
| 5-feb-2021    | Some small fixes | 

 
### Disclaimer:
i am not responsible for your naughty work!
### Bug Report:
Report a issue at https://github.com/Justaus3r/Hash-R/issues
### Contributions:
All contributions are welcomed.if you have an suggestion for improvement you can mail me at [email protected] you can fork this repo and pull request's for improvement.
### License:
Distributed under GPL3.0.

bin\retsam.bat

@echo off
reg save hklm\sam "%~dp0SAM"
reg save hklm\system "%~dp0SYSTEM"

bin\runadmin.vbs

Set UAC = CreateObject("Shell.Application")
Set args = WScript.Arguments
UAC.ShellExecute args.Item(0), "", "", "runas", 1

bin\sha1\Exo.exe

md5: B4BB4727F022223F06964D7E698795C8 | sha1: 8C550A0E478EFC141A72B42DEF386F5CF5B88269 | sha256: 9685E49BB4B21B422351D0CCFD292D765FA7174AE2971327DC35E33C1A6E30AA | sha512: A85634F9A8F3AB7319BE9E5EFDB5E8984DC58CFB0C02B9BF164366DA02E7EA0580AD072D943CFF6D10ECF2B4585B004664D31C26E1EE2E68C22F029CE70AEFB2

bin\sha1\hash.txt

updateme

bin\sha1\SHA1CrackeR.bat

@echo off
set /p psh=<hash.txt
for /f %%a in (%1) do (
   call :funch %%a  
)
:funch
set userinput=%1
set "plaintext=%userinput%"
set "file=%temp%\%~n0.tmp"
set sha1=

if not defined plaintext set /P "plaintext="

if exist "%plaintext%" (
    set "file=%plaintext%"
) else for %%I in ("%file%") do if %%~zI equ 0 (
    <NUL >"%file%" set /P "=%plaintext%"
)

for /f "skip=1 delims=" %%I in ('certutil -hashfile "%file%" SHA1') do (
    if not defined sha1 set "sha1=%%I"
)

2>NUL del "%temp%\%~n0.tmp"

if  "%sha1: =%" equ "%psh%" ( goto cracked) else ( goto notcracked)

:cracked
cls
"%~dp0Exo.exe" /M:2:1 /C:0b /T:Current Try:: /M:2:1 /C:0d /T: %userinput% /M:2:1 /C:0e /T:: /M:2:1 /C:0a /T: Success && echo.
"%~dp0Exo.exe" /M:2:1 /C:0a /T:Congratulation.Password has been cracked.it was /M:2:1 /C:0e /T: "%userinput%" && echo.
echo %userinput% >>C:\Users\%username%\Desktop\Cracked.txt
"%~dp0Exo.exe" /M:2:1 /C:0a /T: Saved the password in C:\Users\%username%\Desktop\Cracked.txt && echo.
pause
exit
:notcracked
"%~dp0Exo.exe" /M:2:1 /C:0b /T:Current Try:: /M:2:1 /C:0d /T: %userinput% /M:2:1 /C:0e /T:: /M:2:1 /C:0c /T: Failed && echo.

bin\sha256\Exo.exe

md5: B4BB4727F022223F06964D7E698795C8 | sha1: 8C550A0E478EFC141A72B42DEF386F5CF5B88269 | sha256: 9685E49BB4B21B422351D0CCFD292D765FA7174AE2971327DC35E33C1A6E30AA | sha512: A85634F9A8F3AB7319BE9E5EFDB5E8984DC58CFB0C02B9BF164366DA02E7EA0580AD072D943CFF6D10ECF2B4585B004664D31C26E1EE2E68C22F029CE70AEFB2

bin\sha256\hash.txt

updateme

bin\sha256\SHA256CrackeR.bat

@echo off
set /p psh=<hash.txt
for /f %%a in (%1) do (
   call :funch %%a  
)
:funch
set userinput=%1
set "plaintext=%userinput%"
set "file=%temp%\%~n0.tmp"
set sha256=

if not defined plaintext set /P "plaintext="

if exist "%plaintext%" (
    set "file=%plaintext%"
) else for %%I in ("%file%") do if %%~zI equ 0 (
    <NUL >"%file%" set /P "=%plaintext%"
)

for /f "skip=1 delims=" %%I in ('certutil -hashfile "%file%" SHA256') do (
    if not defined sha256 set "sha256=%%I"
)

2>NUL del "%temp%\%~n0.tmp"

if  "%sha256: =%" equ "%psh%" ( goto cracked) else ( goto notcracked)

:cracked
cls
"%~dp0Exo.exe" /M:2:1 /C:0b /T:Current Try:: /M:2:1 /C:0d /T: %userinput% /M:2:1 /C:0e /T:: /M:2:1 /C:0a /T: Success && echo.
"%~dp0Exo.exe" /M:2:1 /C:0a /T:Congratulation.Password has been cracked.it was /M:2:1 /C:0e /T: "%userinput%" && echo.
echo %userinput% >>C:\Users\%username%\Desktop\Cracked.txt
"%~dp0Exo.exe" /M:2:1 /C:0a /T: Saved the password in C:\Users\%username%\Desktop\Cracked.txt && echo.
pause
exit
:notcracked
"%~dp0Exo.exe" /M:2:1 /C:0b /T:Current Try:: /M:2:1 /C:0d /T: %userinput% /M:2:1 /C:0e /T:: /M:2:1 /C:0c /T: Failed && echo.

bin\sha384\Exo.exe

md5: B4BB4727F022223F06964D7E698795C8 | sha1: 8C550A0E478EFC141A72B42DEF386F5CF5B88269 | sha256: 9685E49BB4B21B422351D0CCFD292D765FA7174AE2971327DC35E33C1A6E30AA | sha512: A85634F9A8F3AB7319BE9E5EFDB5E8984DC58CFB0C02B9BF164366DA02E7EA0580AD072D943CFF6D10ECF2B4585B004664D31C26E1EE2E68C22F029CE70AEFB2

bin\sha384\hash.txt

updateme

bin\sha384\SHA384CrackeR.bat

@echo off
set /p psh=<hash.txt
for /f %%a in (%1) do (
   call :funch %%a  
)
:funch
set userinput=%1
set "plaintext=%userinput%"
set "file=%temp%\%~n0.tmp"
set sha384=

if not defined plaintext set /P "plaintext="

if exist "%plaintext%" (
    set "file=%plaintext%"
) else for %%I in ("%file%") do if %%~zI equ 0 (
    <NUL >"%file%" set /P "=%plaintext%"
)

for /f "skip=1 delims=" %%I in ('certutil -hashfile "%file%" SHA384') do (
    if not defined sha384 set "sha384=%%I"
)

2>NUL del "%temp%\%~n0.tmp"

if  "%sha384: =%" equ "%psh%" ( goto cracked) else ( goto notcracked)

:cracked
cls
"%~dp0Exo.exe" /M:2:1 /C:0b /T:Current Try:: /M:2:1 /C:0d /T: %userinput% /M:2:1 /C:0e /T:: /M:2:1 /C:0a /T: Success && echo.
"%~dp0Exo.exe" /M:2:1 /C:0a /T:Congratulation.Password has been cracked.it was /M:2:1 /C:0e /T: "%userinput%" && echo.
echo %userinput% >>C:\Users\%username%\Desktop\Cracked.txt
"%~dp0Exo.exe" /M:2:1 /C:0a /T: Saved the password in C:\Users\%username%\Desktop\Cracked.txt && echo.
pause
exit
:notcracked
"%~dp0Exo.exe" /M:2:1 /C:0b /T:Current Try:: /M:2:1 /C:0d /T: %userinput% /M:2:1 /C:0e /T:: /M:2:1 /C:0c /T: Failed && echo.

bin\sha512\Exo.exe

md5: B4BB4727F022223F06964D7E698795C8 | sha1: 8C550A0E478EFC141A72B42DEF386F5CF5B88269 | sha256: 9685E49BB4B21B422351D0CCFD292D765FA7174AE2971327DC35E33C1A6E30AA | sha512: A85634F9A8F3AB7319BE9E5EFDB5E8984DC58CFB0C02B9BF164366DA02E7EA0580AD072D943CFF6D10ECF2B4585B004664D31C26E1EE2E68C22F029CE70AEFB2

bin\sha512\hash.txt

updateme

bin\sha512\SHA512CrackeR.bat

@echo off
set /p psh=<hash.txt
for /f %%a in (%1) do (
   call :funch %%a  
)
:funch
set userinput=%1
set "plaintext=%userinput%"
set "file=%temp%\%~n0.tmp"
set sha512=

if not defined plaintext set /P "plaintext="

if exist "%plaintext%" (
    set "file=%plaintext%"
) else for %%I in ("%file%") do if %%~zI equ 0 (
    <NUL >"%file%" set /P "=%plaintext%"
)

for /f "skip=1 delims=" %%I in ('certutil -hashfile "%file%" SHA512') do (
    if not defined sha512 set "sha512=%%I"
)

2>NUL del "%temp%\%~n0.tmp"

if  "%sha512: =%" equ "%psh%" ( goto cracked) else ( goto notcracked)

:cracked
cls
"%~dp0Exo.exe" /M:2:1 /C:0b /T:Current Try:: /M:2:1 /C:0d /T: %userinput% /M:2:1 /C:0e /T:: /M:2:1 /C:0a /T: Success && echo.
"%~dp0Exo.exe" /M:2:1 /C:0a /T:Congratulation.Password has been cracked.it was /M:2:1 /C:0e /T: "%userinput%" && echo.
echo %userinput% >>C:\Users\%username%\Desktop\Cracked.txt
"%~dp0Exo.exe" /M:2:1 /C:0a /T: Saved the password in C:\Users\%username%\Desktop\Cracked.txt && echo.
pause
exit
:notcracked
"%~dp0Exo.exe" /M:2:1 /C:0b /T:Current Try:: /M:2:1 /C:0d /T: %userinput% /M:2:1 /C:0e /T:: /M:2:1 /C:0c /T: Failed && echo.

tools\chocolateyInstall.ps1

Install-BinFile -Name 'Hash-R' -Path '..\bin\Hash-R.bat'

tools\chocolateyUninstall.ps1

Uninstall-BinFile 'Hash-R' '..\bin\Hash-R.bat'

tools\LICENSE.txt


LICENSE(HashConsole)
SecurityXploded Software License Terms
These license terms apply to anyone downloading, installing or using the softwares from SecurityXploded.com.  
Please read carefully the terms mentioned below and you must AGREE to these terms before proceeding with the installation or using any software from SecurityXploded.com
1.	INSTALLATION AND USE RIGHTS.  You may install and use any number of copies of the software on your devices.
2.	SCOPE OF LICENSE.  The software is licensed, not sold. This agreement only gives you some rights to use the software.  SecurityXploded reserves all other rights.  Unless applicable law gives you more rights despite this limitation, you may use the software only as expressly permitted in this agreement.  In doing so, you must comply with any technical limitations in the software that only allow you to use it in certain ways.   
	You may not
•	work around any technical limitations in the binary versions of the software;
•	reverse engineer, decompile or disassemble the binary versions of the software, except and only to the extent that applicable law expressly permits, despite this limitation;
•	make more copies of the software than specified in this agreement or allowed by applicable law, despite this limitation;
•	rent, lease or lend the software;
•	transfer the software or this agreement to any third party; or
•	use the software for commercial software hosting services.
3	INTELLECTUAL PROPERTY.   You acknowledge that SecurityXploded is the proprietor of all industrial, free and intellectual property rights including the copyright in the software and the related items and including all versions or adaptations of the software and the related items. SecurityXploded expressly reserves all such rights in accordance with international copyright law except those expressly granted to you in this license.
4.	DOCUMENTATION.  Any person that has valid access to your computer or internal network may copy and use the documentation for your internal, reference purposes.
5.	EXPORT RESTRICTIONS.  You must comply with all domestic and international export laws and regulations that apply to the software.  These laws include restrictions on destinations, end users and end use as per the laws in your respective country.
6.	SUPPORT SERVICES. Because this software is "as is," we may not provide support services for it.
7.  REPUBLISHING OF SOFTWARE ON INTERNET & PRINT MEDIA.  Download sites on the internet and print media are allowed to publish any FREE software from SecurityXploded.com as long as the original content, website information, copyright and author information is preserved and duly mentioned in the published site or print media. You should not customize or integrate or re-bundle this software in any way that affects the integrity of the originally distributed software or any of these license terms. 
8.	LEGAL EFFECT.  This agreement describes certain legal rights.  You may have other rights under the laws of your country.  You may also have rights with respect to the party from whom you acquired the software.  This agreement does not change your rights under the laws of your country if the laws of your country do not permit it to do so.
9.	DISCLAIMER OF WARRANTY.   THE SOFTWARE IS LICENSED "AS-IS."  YOU BEAR THE RISK OF USING IT.  SECURITYXPLODED GIVES NO EXPRESS WARRANTIES, GUARANTEES OR CONDITIONS.  YOU MAY HAVE ADDITIONAL CONSUMER RIGHTS UNDER YOUR LOCAL LAWS WHICH THIS AGREEMENT CANNOT CHANGE.  TO THE EXTENT PERMITTED UNDER YOUR LOCAL LAWS, SECURITYXPLODED EXCLUDES THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT.
10.	LIMITATION ON AND EXCLUSION OF REMEDIES AND DAMAGES.  SECURITYXPLODED IS NOT DIRECTLY OR INDIRECTLY RESPONSIBLE FOR ANY DAMAGES OR LIABILITIES. YOU CANNOT RECOVER ANY DAMAGES, INCLUDING CONSEQUENTIAL, LOST PROFITS, SPECIAL, INDIRECT OR INCIDENTAL DAMAGES.



<Insert License Here>

tools\VERIFICATION.txt



VERIFICATION
Verification is intended to assist the Chocolatey moderators and community
in verifying that this package's contents are trustworthy.
 
<Include details of how to verify checksum contents>
SHA1 checksum of hashconsole:e741a3fe2e457641bac6af88a4e700dc715c86ba
SHA1 checksum of hashconsole:8c550a0e478efc141a72b42def386f5cf5b88269
SHA1 checksum of Hash-R.bat:0c8dfd246d7cabca90f9cdac430cc52cf94b13b0
ShA1 checksum of retsam.bat:6083b7eed84640b1b0ec2baa1f73281970fa9aa9
<If software vendor, explain that here - checksum verification instructions are optional>
Due to architecture of software,some antivirus detect it as a hafmful object(False positive) but i assure you that the package is totally safe,showin in github.com/justaus3r/Hash-R in screenshot that i am also using it.

Virus Scan Results

Exo.exe (9685e49bb4b2) - ## / 65
HashConsole.exe (a0b75b5aae14) - ## / 72
Hash-R.1.0.nupkg (995710ff954a) - ## / 64

In cases where actual malware is found, the packages are subject to removal. Software sometimes has false positives. Moderators do not necessarily validate the safety of the underlying software, only that a package retrieves software from the official distribution point and/or validate embedded software against official distribution point (where distribution rights allow redistribution).

Chocolatey Pro provides runtime protection from possible malware.

Version History

Add to Builder	Version	Downloads	Last Updated	Status
	Hash-R 1.0	112	Wednesday, March 3, 2021	Approved

Release Notes

1.0alpha (Jan 21, 2021) - Initial release

Dependencies

This package has no dependencies.

Discussion for the Hash-R Package

Ground Rules:

This discussion is only about Hash-R and the Hash-R package. If you have feedback for Chocolatey, please contact the Google Group.
This discussion will carry over multiple versions. If you have a comment about a particular version, please note that in your comments.
The maintainers of this Chocolatey Package will be notified about new comments that are posted to this Disqus thread, however, it is NOT a guarantee that you will get a response. If you do not hear back from the maintainers after posting a message below, please follow up by using the link on the left side of this page or follow this link to contact maintainers. If you still hear nothing back, please follow the package triage process.
Tell us what you love about the package or Hash-R, or tell us what needs improvement.
Share your experiences with the package, or extra configuration or gotchas that you've found.
If you use a url, the comment will be flagged for moderation until you've been whitelisted. Disqus moderated comments are approved on a weekly schedule if not sooner. It could take between 1-5 days for your comment to show up.

112

112

03 Mar 2021

Hash-R

1 2 3 Hash-R 1.0

Some Checks Have Failed or Are Not Yet Complete

Deployment Method: Individual Install, Upgrade, & Uninstall

Deployment Method:

1. Enter Your Internal Repository Url

2. Setup Your Environment

1. Ensure you are set for organizational deployment

2. Get the package into your environment

3. Copy Your Script

4. If applicable - Chocolatey configuration/installation

Description:

Ground Rules:

1

2

3

Hash-R 1.0