def __nodeToHtmlCell(self, uid):
imagecell = """<td style="text-align: center;"><img src="data:image/jpg;base64,{}"/><br />{} {} {}</td>"""
node = VFS.Get().getNodeById(uid)
timestamp = ""
device = ""
model = ""
make = ""
b64image = self.__corrupt
if node is not None:
dtype = node.dataType()
try:
if dtype.find("image") != -1:
vfile = node.open()
image = vfile.read()
vfile.close()
data = node.attributesByName("exif.Model",
ABSOLUTE_ATTR_NAME)
if len(data):
model = data[0].toString()
data = node.attributesByName("exif.Make",
ABSOLUTE_ATTR_NAME)
if len(data):
make = data[0].toString()
if len(model) or len(make):
device = "<br />{} {}".format(model, make)
data = node.attributesByName("exif.DateTimeDigitized",
ABSOLUTE_ATTR_NAME)
if len(data):
timestamp = "<br /> {}".format(data[0].toString())
b64image = base64.b64encode(image)
except:
pass
return imagecell.format(b64image, node.name(), device, timestamp)
return ""
def __init__(self, parent=None, mode=ADVANCED):
EventHandler.__init__(self)
super(QWidget, self).__init__(parent)
self.setupUi(self)
self.type = "filebrowser"
self.icon = None
self.name = "nodebrowser"
self.setObjectName(self.name)
#Define browser functions
self.mode = mode
self.mainwindow = QApplication.instance().mainWindow
# Main layout
self.mainlayout = QVBoxLayout()
self.mainlayout.setSpacing(0)
self.mainlayout.setMargin(0)
self.createSelection()
self.attributes = PropertyTable(self)
if mode == ADVANCED:
self.createNavigationHeader()
self.createToolbar()
self.createViewPan()
self.createViews()
self.setLayout(self.mainlayout)
self.VFS = VFS.Get()
self.VFS.connection(self)
self.connect(self, SIGNAL("refreshList"), self.refreshList)
self.bookManager = BookmarkManager(self.model())
self.timelinerThread = None
def __init__(self, manager):
super(QDialog, self).__init__()
self.vfs = vfs()
self.VFS = VFS.Get()
self.setupUi(self)
self.manager = manager
self.initShape()
def __init__(self):
EventHandler.__init__(self)
self.loader = loader.loader()
self.processusManager = ProcessusManager()
self.VFS = VFS.Get()
self.VFS.connection(self)
self.ppModules = ModulesConfig()
self.ppAnalyses = ModulesConfig()
def getFileItems(self, evt, root):
node = VFS.Get().getNodeById(evt)
if node is None:
return None
if node.absolute()[:len(root)] != root:
return None
fileItem = FileItem(QIcon(':/toggle_log'), node.name(), node)
return fileItem
def getItem(self):
ret = None
data = self.itemData(self.currentIndex(), Qt.UserRole)
if data.isValid():
idx, valid = data.toInt()
if valid:
uid = self._items[idx]
node = VFS.Get().getNodeById(uid)
ret = node
return ret
def __init__(self):
self.cm = ConfigManager.Get()
self.vfs = VFS.Get()
self.cmodules = {}
self.scripts = {}
self.builtins = {}
self.modules = {}
self.tags = {}
self.loadedPaths = []
self.__modulesPaths = []
def __init__(self):
fso.__init__(self, "unzip")
self.name = "unzip"
self.VFS = VFS.Get()
self.vfs = vfs.vfs()
self.fdm = FdManager()
self.origin = None
self.zipcontent = None
self.file = None
self.mapped_files = {}
def getItems(self):
items = []
for i in xrange(0, self.count()):
item = self.item(i)
idx, valid = item.data(Qt.UserRole).toInt()
if valid:
uid = self._items[idx]
node = VFS.Get().getNodeById(uid)
items.append(node)
return items
def __init__(self, parent=None):
QLabel.__init__(self, parent)
self.setTextInteractionFlags(Qt.LinksAccessibleByMouse|Qt.TextSelectableByMouse)
self.setAlignment(Qt.AlignLeft)
sizePolicy = QSizePolicy(QSizePolicy.Minimum, QSizePolicy.Minimum)
sizePolicy.setHorizontalStretch(0)
sizePolicy.setVerticalStretch(0)
self.setSizePolicy(sizePolicy)
self.setTextFormat(Qt.RichText)
self.__node = VFS.Get().GetNode("/")
self.connect(self, SIGNAL("linkActivated(QString)"), self.goto)
def report(self, root):
self.reportManager = ReportManager()
self.translator = AccountTranslator()
for nodeID in self.__accountInfo.iterkeys():
node = VFS.Get().getNodeById(nodeID)
info = self.__accountInfo[nodeID]
categoryName = self.translator.translate(
"Operating system") + " " + root.name().translate(
None, "!@#$%^&'\/?")
page = self.reportManager.createPage(
categoryName,
self.translator.translate("Users") + " (" + node.name() + ')')
tableHeader = ["userName", "RID", "lastLoginDate", "logins"]
headerTranslation = []
translationMap = {}
translationMap.update(UserV.Translate().details())
translationMap.update(UserF.Translate().details())
for name in tableHeader:
headerTranslation.append(translationMap[name])
userTable = page.addDetailTable(
self.translator.translate("Accounts"), headerTranslation)
for user in info.users():
tempTable = []
for attr, description in user.details().iteritems():
try:
value = getattr(user, attr)()
if value:
tempTable.append((description, value))
except AttributeError:
pass
detailTable = TableFragment(
self.translator.translate("Details"), [
self.translator.translate('Key'),
self.translator.translate('Value')
], tempTable)
userTable.addRow((user.userName(), user.RID(),
user.lastLoginDate(), user.logins()),
detailTable)
groupTable = []
gtr = GroupC.Translate()
headerTranslation = []
for m in ["name", "ID", "members"]:
headerTranslation.append(gtr.translate(m))
for group in info.groups():
groupTable.append((group.name(), group.ID(), group.members()))
page.addTable(gtr.translate("groups"), headerTranslation,
groupTable)
self.reportManager.addPage(page)
def __init__(self, parent=None, coord=False):
"""
Constructor
"""
QTreeView.__init__(self)
self.VFS = VFS.Get()
self.setSelectionMode(QAbstractItemView.NoSelection)
self.setState(QAbstractItemView.NoState)
self.setUniformRowHeights(True)
self.setSortingEnabled(False)
self.coord = coord
self.delegate = CheckDelegate(self)
self.setItemDelegate(self.delegate)
self.connect(self, SIGNAL("expanded(QModelIndex)"), self.indexExpanded)
def __init__(self):
EventHandler.__init__(self)
self.__fsEncoding = sys.getfilesystemencoding()
self.__vfsRoot = VFS.Get().root
self.__extracted = {}
self.__errors = {}
self.total_files = 0
self.total_folders = 0
self.extracted_files = 0
self.extracted_folders = 0
self.files_errors = 0
self.folders_errors = 0
self.ommited_files = 0
self.ommited_folders = 0
def __init__(self, parent=None):
QTreeWidget.__init__(self, parent)
self.vfs = VFS.Get()
self.nodesMapWidget = parent
self.mainWindow = QApplication.instance().mainWindow
self.countryLevel = {}
self.countyLevel = {}
self.streetLevel = {}
self.nodeLevel = {}
self.connect(self, SIGNAL("itemClicked(QTreeWidgetItem*, int)"),
self.clicked)
self.connect(self, SIGNAL("focusOnNode"), self.focusOnNodeItem)
headerItem = self.headerItem().setText(0, "No images found")
self.imageCount = 0
def __init__(self, __parent = None, selection=None):
QStandardItemModel.__init__(self, __parent)
EventHandler.__init__(self)
self.__parent = __parent
self.VFS = VFS.Get()
# init translation
self.translation()
self.indexmap = {}
self.createRootItems()
self.currentIndex = self.root_item
self.ch = True
self.selection = selection
self.VFS.connection(self)
# keep track of index - node pointers
self.connect(self, SIGNAL("refreshModel"), self.refreshModel)
def fill_log_viewer(self, item):
ptr = item.data(QListWidgetItem.UserType)
node = VFS.Get().getNodeById(ptr.toULongLong()[0])
processus_manager = ModuleProcessusManager()
evtx = processus_manager.get('evtx')
self.node = node
self.evtx_parser.chunks = evtx.data(ptr.toULongLong()[0])
self.evtx_parser.node = node
self.admin_pannel.cb = self.admin_pannel.initId(
evtx.data(ptr.toULongLong()[0]), 'id')
self.admin_pannel.cbs = self.admin_pannel.initId(
evtx.data(ptr.toULongLong()[0]), 'source')
self.display(evtx.data(ptr.toULongLong()[0]), node)
def __init__(self, parent = None, selectedNodesList = []):
QDialog.__init__(self, parent)
self.setupUi(self)
self.VFS = VFS.Get()
self.connect(self.newTagButton, SIGNAL("clicked()"), self.editTag)
self.connect(self.deleteTagButton, SIGNAL("clicked()"), self.deleteTag)
self.connect(self.addTagNodesButton, SIGNAL("clicked()"), self.addTagNodes)
self.connect(self.removeTagNodesButton, SIGNAL("clicked()"), self.removeTagNodes)
self.connect(self.selectedTags, SIGNAL("itemDoubleClicked(QListWidgetItem*)"), self.editTag)
self.connect(self.allTags, SIGNAL("itemDoubleClicked(QListWidgetItem*)"), self.editTag)
self.tagsManager = TagsManager.get()
if len(selectedNodesList) == 1 and selectedNodesList[0] == None:
self.selectedNodesList = []
else:
self.selectedNodesList = selectedNodesList
self.selectedNodes = []
self.fillLists()
self.translation()
def __init__(self, evtxManager, root):
EventLogViewer.__init__(self, None)
self.evtxManager = evtxManager
self.vfs = VFS.Get()
self.evtx_table_view.setColumnCount(7)
self.evtx_table_view.hideColumn(4)
self.evtx_table_view.hideColumn(5)
self.evtx_table_view.hideColumn(6)
self.admin_pannel.hide()
self.list_widget = QListWidget()
file_names = QLabel('Windows events')
ww = QWidget()
l = QVBoxLayout(ww)
l.addWidget(file_names)
l.addWidget(self.list_widget)
l.setSpacing(2)
l.setContentsMargins(2, 2, 2, 2)
for node_name, chunks in self.evtxManager.getData():
node = self.vfs.getNodeById(node_name)
if node.absolute()[:len(root)] != root:
continue
item = QListWidgetItem(
QIcon(':/toggle_log'),
node.name().replace('Microsoft-Windows-',
'').replace('.evtx', ''))
item.setData(QListWidgetItem.UserType, long(node_name))
self.list_widget.addItem(item)
self.list_widget.sortItems()
self.list_widget.itemClicked.connect(self.fill_log_viewer)
self.splitter.insertWidget(0, ww)
ctrl = EvtControlPannel(self.evtx_table_view)
self.splitter.insertWidget(2, ctrl)
self.list_widget.itemClicked.connect(ctrl.reload)
def dispEvent(self, row, column):
item = self.evtx_table_view.item(row, 4)
offset_str = item.text()
offset = int(offset_str)
item = self.evtx_table_view.item(row, 5)
chunk_str = item.text()
chunk_nb = int(chunk_str)
if self.evtx_table_view.columnCount() == 7:
item = self.evtx_table_view.item(row,
6).data(QTableWidgetItem.Type)
n = item.toULongLong()[0]
self.evtx_parser.node = VFS.Get().getNodeById(n)
xml = self.evtx_parser.getXML(chunk_nb, offset, self.evtx_parser.node)
xml_str = tostring(xml, "utf-8")
self.disp = ViewEvtx()
self.disp.view.setAlternatingRowColors(1)
self.disp.view.setSelectionBehavior(QAbstractItemView.SelectRows)
self.disp.view.setSelectionMode(QAbstractItemView.SingleSelection)
self.current_row = row
if not row:
self.disp.prev_evtx.setEnabled(False)
if row + 1 == self.evtx_table_view.rowCount():
self.disp.next_evtx.setEnabled(False)
self.widget = EvtxTree(xml_str, self.disp)
self.disp.textEdit.setText(self.widget.doc.toString(3))
self.disp.view.expandAll()
self.disp.view.resizeColumnToContents(0)
if PYQT_VERSION_STR >= "4.5.0":
self.disp.next_evtx.clicked.connect(self.nextEvent)
self.disp.prev_evtx.clicked.connect(self.prevEvent)
self.disp.exec_()
del self.disp
self.disp = None
def readStringData(self, dataName):
if (dataName, str) in self.shellLink.LinkFlags:
size = unpack("H", self.vfile.read(2))[0]
if size:
Name = dataName.replace('Has', '')
if ("IsUnicode", str) in self.shellLink.LinkFlags:
data = unicode(self.vfile.read(size * 2).decode('UTF-16'))
else:
data = self.vfile.read(size)
setattr(self, Name, data)
if Name == "RelativePath":
n = VFS.Get().GetNode(
self.node.parent().absolute() + '/' +
data.encode('UTF-8').replace('\\', '/'))
if n:
#This create a subnode with a link
#vl = VLink(n, self.node)
#vl.thisown = False
setattr(self, "RelativePathLink", n)
def nextEvent(self, checked):
row = self.current_row + 1
self.disp.prev_evtx.setEnabled(True)
while row + 1 != self.evtx_table_view.rowCount(
) and self.evtx_table_view.isRowHidden(row):
row += 1
# row = self.current_row
item = self.evtx_table_view.item(row, 4)
offset_str = item.text()
offset = int(offset_str)
item = self.evtx_table_view.item(row, 5)
chunk_str = item.text()
chunk_nb = int(chunk_str)
node = None
if self.evtx_table_view.columnCount() == 7:
item = self.evtx_table_view.item(row, 6)
node = VFS.Get().getNodeById(long(item.text()))
else:
node = self.node
self.evtx_table_view.setCurrentCell(row, 0)
xml = self.evtx_parser.getXML(chunk_nb, offset, node)
xml_str = tostring(xml, "utf-8")
self.widget = EvtxTree(xml_str, self.disp)
self.disp.textEdit.setText(self.widget.doc.toString(3))
self.disp.view.expandAll()
self.disp.view.resizeColumnToContents(0)
self.current_row = row
while row + 1 != self.evtx_table_view.rowCount():
row += 1
if not self.evtx_table_view.isRowHidden(row): return
self.disp.next_evtx.setEnabled(False)
def __init__(self, __parent=None, selection=None, root=None):
QStandardItemModel.__init__(self, __parent)
EventHandler.__init__(self)
self.__parent = __parent
self.VFS = VFS.Get()
# init translation
self.root_node = root
self.__root_uids = []
self.translation()
self.itemmap = {}
self.createRootItems()
self.currentIndex = self.root_item
self.ch = True
self.displayCount = True
self.selection = selection
if self.selection != None:
self.connect(self.selection, SIGNAL("selectionChanged"),
self.updateSelected)
self.VFS.connection(self)
# keep track of index - node pointers
self.connect(self, SIGNAL("refreshModel"), self.refreshModel)
def __init__(self):
QWidget.__init__(self)
self.inversedGeoCoder = InversedGeoCoder()
self.vfs = VFS.Get()
self.mainWindow = QApplication.instance().mainWindow
self.vboxLayout = QVBoxLayout(self)
self.vboxLayout.setSpacing(0)
self.vboxLayout.setMargin(0)
self.setLayout(self.vboxLayout)
self.splitter = QSplitter()
self.mapWidget = QGoogleMap(self)
self.mapWidget.markerClicked.connect(self.markerClicked)
self.mapWidget.waitUntilReady()
self.splitter.addWidget(self.mapWidget)
self.nodesAddressWidget = NodesAddressWidget(self)
self.connect(self.nodesAddressWidget, SIGNAL("center"), self.center)
self.splitter.addWidget(self.nodesAddressWidget)
self.vboxLayout.addWidget(self.splitter)
self.mapWidget.centerAt(43.776037, -31.330157)
self.mapWidget.setZoom(3)
def evtx(self, filter_name, event_map, root='/'):
records_match = []
for ptr, chunks in self.evtxManager.getData():
node = VFS.Get().getNodeById(ptr)
if node.absolute()[:len(root)] != root: continue
count = 0
for chunk in self.evtxManager.node_name[long(ptr)]:
for event in chunk.events():
match = True
for f in event_map:
try:
if f == 'All' and node.name() == event_map[f]:
match = True
break
match = chunk.events()[event][f] in event_map[f]
except:
match = False
if not match : break
if match:
records_match.append(EvtxInfo(event, chunk.events()[event], count, ptr))
count += 1
self.evtxResults[filter_name] = records_match
def __init__(self):
QObject.__init__(self)
self.VFS = VFS.Get()
self._selection = set()
def __init__(self):
AttributesHandler.__init__(self, "metacompound")
ModuleProcessusHandler.__init__(self, "metacompound")
self.__disown__()
self.nodeAttributes = {}
self.vfs = VFS.Get()
def __init__(self):
AttributesHandler.__init__(self, "clamdscan")
ModuleProcessusHandler.__init__(self, "clamdscan")
self.__disown__()
self.nodeAttributes = {}
self.vfs = VFS.Get()
def deleteBookmark(self):
vfs = VFS.Get()
try:
vfs.unregister(self.model.currentNode())
except Exception as e:
print 'TreeMenu.deleteNode exceptions : ', str(e)
def createRootNodes(self):
root = self.vfs.getnode('/')
self.devicenode = deviceNode(root, str('Local devices'))
self.logicalenode = logicalNode(root, str('Logical files'))
self.modulesrootnode = ModulesRootNode(VFS.Get(), root)
self.booknode = bookNode(root, str('Bookmarks'))
def openParentDirectory(self):
node = VFS.Get().getNodeById(self.item.nodeuid)
QApplication.instance().mainWindow.addNodeBrowser(node.parent())
