def finish_saved_job(self, jobname):
"""Restore client with pickle. Transfer dump."""
restored_client = pickle.load(open(jobname, 'rb'))
cprint("Client restored!", 'green')
cprint("Retrieving RAM dump {}".format(restored_client.output), 'blue')
if not os.path.isdir(restored_client.output_dir):
os.mkdir(restored_client.output_dir)
saved_session = Session(restored_client)
delayed_profiler = Profiler()
LimeDeploy(saved_session, delayed_profiler).transfer_dump()
VolDeploy(saved_session).main(self.volatility_profile_dir)
cprint(
"Job {} pickup has been completed!".format(restored_client.output),
'green')
saved_session.disconnect()
os.remove(jobname)
def main(self):
"""Start the interactive session for LiMEaide."""
cprint("""\
.---. _______
| |.--. __ __ ___ __.....__ .--.\ ___ `'. __.....__
| ||__|| |/ `.' `. .-'' '. |__| ' |--.\ \ .-'' '.
| |.--.| .-. .-. ' / .-''"'-. `. .--. | | \ ' / .-''"'-. `.
| || || | | | | |/ /________\ \ __ | | | | | '/ /________\ |
| || || | | | | || | .:--.'. | | | | | || |
| || || | | | | |\ .-------------'/ | \ || | | | ' .'\ .-------------'
| || || | | | | | \ '-.____...---.`" __ | || | | |___.' /' \ '-.____...---.
| ||__||__| |__| |__| `. .' .'.''| ||__|/_______.'/ `. .'
'---' `''-...... -' / / | |_ \_______|/ `''-...... -'
\ \._,\ '/
`--' `"
by kd8bny {0}\n""".format(self.__version__),
'green',
attrs=['bold'])
print("LiMEaide is licensed under GPL-3.0\n"
"LiME is licensed under GPL-2.0\n")
date = datetime.strftime(datetime.today(), "%Y_%m_%dT%H_%M_%S_%f")
self.check_directories()
self.check_tools()
logging.basicConfig(level=logging.INFO,
filename='{0}{1}.log'.format(self.log_dir, date))
self.logger = logging.getLogger()
args = self.get_args()
config = configparser.ConfigParser()
config.read('.limeaide')
profiler = Profiler()
profiler.load_profiles()
client = self.get_client(args, config)
if args.pickup:
self.finish_saved_job(args.pickup)
sys.exit()
if args.case is not None:
self.args_case = 'case_%s' % (args.case)
# Start session
session = Session(client, args.verbose)
session.connect()
client.output_dir = "{0}{1}{2}/".format(self.output_dir,
self.args_case, date)
os.mkdir(client.output_dir)
if args.force_clean:
session.disconnect()
sys.exit("Clean attempt complete")
if args.profile is not None:
profile = profiler.select_profile(args.profile[0], args.profile[1],
args.profile[2])
if profile is None:
new_profile = input(
colored(
"No profiles found... Would you like to build a new" +
"profile for the remote client [Y/n] ", 'red'))
if new_profile.lower() == 'n':
sys.exit()
else:
client.profile = profile
cprint("Profile found!", 'green')
elif not args.no_profiler:
use_profile = input(
colored(
"Would you like to select a pre-generated profile " +
"[y/N] ", 'green'))
if use_profile.lower() == 'y':
profile = profiler.interactive_chooser()
if profile is None:
cprint(
"No profiles found... Will build new profile " +
"for remote client", 'red')
else:
client.profile = profile
LimeDeploy(session, profiler).main()
if args.delay_pickup:
self.save_job(client, client.jobname)
cprint("> RAM dump retrieval is postponed", 'green')
cprint(
"> To retrieve, run LiMEaide with" +
'"-P scheduled_jobs/{}.dat"'.format(client.jobname), 'yellow')
else:
# Now that's taken care of, lets do work on Volatility
VolDeploy(session).main(self.volatility_profile_dir)
session.disconnect()
logging.shutdown()