Example #1
0
    def test_args(self):
        """
        Tests setting base arguments

        :return: None
        """
        parser = common.set_base_args('test')
        args = common.parse_base_args(parser)
        assert(len(args) == 11)
        return
Example #2
0
        :return: Does not return anything
        '''

        common.on_event_callback(event_tufo,
                                 logfile=self.logfile,
                                 no_conout=self.no_conout)


def main(args):
    """
    Main function of script. Creates object based on input parameters and calls common main.

    :param args: a dict of all args.
    :return: Does not return anything.
    """

    if args['default_filters'] is True:
        args['filters'] = [
            'MICROSOFT-WINDOWS-TERMINALSERVICES-REMOTECONNECTIONMANAGER',
            'SESSIONARBITRATION', 'NOTIFYLOGONTOLICENSING'
        ]
    args.pop('default_filters')

    # Create an RDPETW instance with the parameters provided.
    with RDPETW(**args):
        common.run('rdp_etw', args['filters'])


if __name__ == '__main__':
    main(common.parse_base_args(common.set_base_args('RDP')))
Example #3
0
                                 no_conout=self.no_conout)


def main(args):
    """
    Main function of script. Creates object based on input parameters and calls common main.

    :param args: a dict of all args.
    :return: Does not return anything.
    """

    if args['default_filters'] is True:
        args['filters'] = [
            'WININET_USAGELOGREQUEST', 'WININET_CONNECT_HANDLE_CREATED',
            'WININET_DNS_QUERYSTART', 'WININET_HTTP_REQUEST_HANDLE_CREATED',
            'WININET_HTTPS_CLIENT_CERT_SELECTED',
            'WININET_HTTPS_SERVER_CERT_VALIDATED',
            'WININET_OPEN_URL_HANDLE_CREATED', 'WININET_ROOT_HANDLE_CREATED',
            'WININET_TCP_CONNECTIONSTART'
        ]
    args.pop('default_filters')

    # Create an INETETW instance with the parameters provided.
    with INETETW(**args):
        # call common run function to handle command line inout / output
        common.run('wininet_etw', args['filters'])


if __name__ == '__main__':
    main(common.parse_base_args(common.set_base_args('WinInet')))
Example #4
0
        :param event_tufo: tufo containing event information
        :return: Does not return anything
        '''

        common.on_event_callback(event_tufo,
                                 logfile=self.logfile,
                                 no_conout=self.no_conout)


def main(args):
    """
    Main function of script. Creates object based on input parameters and calls common main.

    :param args: a dict of all args.
    :return: Does not return anything.
    """

    if args['default_filters'] is True:
        args['filters'] = [
            'THREADSTART', 'THREADSTOP', 'PROCESSSTART', 'PROCESSSTOP'
        ]
    args.pop('default_filters')

    # Create an PROCETW instance with the parameters provided.
    with PROCETW(**args):
        common.run('proc_etw', args['filters'])


if __name__ == '__main__':
    main(common.parse_base_args(common.set_base_args('Process')))