def run(self): super(pstParse, self).run() pst_path = __sessions__.current.file.path pff_test = subprocess.call('pffexport -V', shell=True) if pff_test == 127: self.log('error', "pffexport not install. Try: 'sudo apt-get install pff-tools'") return new_proj = self.args.proj save_path = self.args.output if new_proj: self.log('info', "Creating New Project") project_name = str(datetime.date.today()) __project__.open('pst_{0}'.format(project_name)) if save_path: save_path = self.args.output else: save_path = tempfile.mkdtemp() self.log('info', "Temp Dir created at {0}".format(save_path)) self.log('info', "Processing Attachments, this might take a while...") counter = self.parse_pst(save_path, pst_path) self.log('success', "Stored {0} Email attachments".format(counter)) if not self.args.keep: try: shutil.rmtree('{0}.export'.format(save_path)) shutil.rmtree(save_path) self.log('info', "Removing Temp Dir") except OSError as e: self.log('error', "Unable to delete tmpdir: {0}".format(e))
def cmd_investigations(self, *args): parser = argparse.ArgumentParser(prog='investigations', description="Open a case", epilog="List or switch current investigations") group = parser.add_mutually_exclusive_group() group.add_argument('-l', '--list', action='store_true', help="List all existing investigations") group.add_argument('-s', '--switch', metavar='NAME', help="Switch to the specified investigation") group.add_argument('-d', '--delete', type=int, metavar='ID', help="delete investigation by id.") try: args = parser.parse_args(args) except: return projects_path = os.path.join(os.getcwd(), 'investigations') if not os.path.exists(projects_path): self.log('info', "The investigations directory does not exist yet") return if args.list: self.log('info', "Current Investigations:") rows = [] items = self.db.get_investigation_list() # Populate the list of search results. count = 1 for item in items: row = [item.id, item.name] rows.append(row) self.log('table', dict(header=['ID', 'Name'], rows=rows)) elif args.switch: if __sessions__.is_set(): __sessions__.close() self.log('info', "Closed opened session") __project__.open(args.switch, self.db) self.log('info', "Switched to investigation {0}".format(bold(args.switch))) # Need to re-initialize the Database to open the new SQLite file. self.db = Database() elif args.delete: if __sessions__.is_set(): __sessions__.close() self.log('info', "Closed opened session") __project__.delete(args.delete, self.db) self.log('info', "Deleted investigation {0}".format(bold(args.delete))) # Need to re-initialize the Database to open the new SQLite file. self.db = Database() else: self.log('info', parser.print_usage())
def run(self): super(pstParse, self).run() pst_path = __sessions__.current.file.path pff_test = subprocess.call('pffexport -V', shell=True) if pff_test == 127: self.log( 'error', "pffexport not install. Try: 'sudo apt-get install pff-tools'") return new_proj = self.args.proj save_path = self.args.output if new_proj: self.log('info', "Creating New Project") project_name = str(datetime.date.today()) __project__.open('pst_{0}'.format(project_name)) if save_path: save_path = self.args.output else: save_path = tempfile.mkdtemp() self.log('info', "Temp Dir created at {0}".format(save_path)) self.log('info', "Processing Attachments, this might take a while...") counter = self.parse_pst(save_path, pst_path) self.log('success', "Stored {0} Email attachments".format(counter)) if not self.args.keep: try: shutil.rmtree('{0}.export'.format(save_path)) shutil.rmtree(save_path) self.log('info', "Removing Temp Dir") except OSError as e: self.log('error', "Unable to delete tmpdir: {0}".format(e))
#!/usr/bin/env python # This file is part of Cirtkit - https://github.com/cirtkit-framework/cirtkit import argparse from lib.core.ui import console from lib.core.investigation import __project__ from lib.core.database import Database parser = argparse.ArgumentParser() parser.add_argument('-i', '--investigation', help='Specify a new or existing investigation', action='store', required=False) args = parser.parse_args() if args.investigation: db = Database() __project__.open(args.investigation, db) c = console.Console() c.start()