def run(self):
super(pstParse, self).run()
pst_path = __sessions__.current.file.path
pff_test = subprocess.call('pffexport -V', shell=True)
if pff_test == 127:
self.log('error', "pffexport not install. Try: 'sudo apt-get install pff-tools'")
return
new_proj = self.args.proj
save_path = self.args.output
if new_proj:
self.log('info', "Creating New Project")
project_name = str(datetime.date.today())
__project__.open('pst_{0}'.format(project_name))
if save_path:
save_path = self.args.output
else:
save_path = tempfile.mkdtemp()
self.log('info', "Temp Dir created at {0}".format(save_path))
self.log('info', "Processing Attachments, this might take a while...")
counter = self.parse_pst(save_path, pst_path)
self.log('success', "Stored {0} Email attachments".format(counter))
if not self.args.keep:
try:
shutil.rmtree('{0}.export'.format(save_path))
shutil.rmtree(save_path)
self.log('info', "Removing Temp Dir")
except OSError as e:
self.log('error', "Unable to delete tmpdir: {0}".format(e))
def cmd_investigations(self, *args):
parser = argparse.ArgumentParser(prog='investigations', description="Open a case", epilog="List or switch current investigations")
group = parser.add_mutually_exclusive_group()
group.add_argument('-l', '--list', action='store_true', help="List all existing investigations")
group.add_argument('-s', '--switch', metavar='NAME', help="Switch to the specified investigation")
group.add_argument('-d', '--delete', type=int, metavar='ID', help="delete investigation by id.")
try:
args = parser.parse_args(args)
except:
return
projects_path = os.path.join(os.getcwd(), 'investigations')
if not os.path.exists(projects_path):
self.log('info', "The investigations directory does not exist yet")
return
if args.list:
self.log('info', "Current Investigations:")
rows = []
items = self.db.get_investigation_list()
# Populate the list of search results.
count = 1
for item in items:
row = [item.id, item.name]
rows.append(row)
self.log('table', dict(header=['ID', 'Name'], rows=rows))
elif args.switch:
if __sessions__.is_set():
__sessions__.close()
self.log('info', "Closed opened session")
__project__.open(args.switch, self.db)
self.log('info', "Switched to investigation {0}".format(bold(args.switch)))
# Need to re-initialize the Database to open the new SQLite file.
self.db = Database()
elif args.delete:
if __sessions__.is_set():
__sessions__.close()
self.log('info', "Closed opened session")
__project__.delete(args.delete, self.db)
self.log('info', "Deleted investigation {0}".format(bold(args.delete)))
# Need to re-initialize the Database to open the new SQLite file.
self.db = Database()
else:
self.log('info', parser.print_usage())
def run(self):
super(pstParse, self).run()
pst_path = __sessions__.current.file.path
pff_test = subprocess.call('pffexport -V', shell=True)
if pff_test == 127:
self.log(
'error',
"pffexport not install. Try: 'sudo apt-get install pff-tools'")
return
new_proj = self.args.proj
save_path = self.args.output
if new_proj:
self.log('info', "Creating New Project")
project_name = str(datetime.date.today())
__project__.open('pst_{0}'.format(project_name))
if save_path:
save_path = self.args.output
else:
save_path = tempfile.mkdtemp()
self.log('info', "Temp Dir created at {0}".format(save_path))
self.log('info', "Processing Attachments, this might take a while...")
counter = self.parse_pst(save_path, pst_path)
self.log('success', "Stored {0} Email attachments".format(counter))
if not self.args.keep:
try:
shutil.rmtree('{0}.export'.format(save_path))
shutil.rmtree(save_path)
self.log('info', "Removing Temp Dir")
except OSError as e:
self.log('error', "Unable to delete tmpdir: {0}".format(e))
#!/usr/bin/env python
# This file is part of Cirtkit - https://github.com/cirtkit-framework/cirtkit
import argparse
from lib.core.ui import console
from lib.core.investigation import __project__
from lib.core.database import Database
parser = argparse.ArgumentParser()
parser.add_argument('-i',
'--investigation',
help='Specify a new or existing investigation',
action='store',
required=False)
args = parser.parse_args()
if args.investigation:
db = Database()
__project__.open(args.investigation, db)
c = console.Console()
c.start()
#!/usr/bin/env python
# This file is part of Cirtkit - https://github.com/cirtkit-framework/cirtkit
import argparse
from lib.core.ui import console
from lib.core.investigation import __project__
from lib.core.database import Database
parser = argparse.ArgumentParser()
parser.add_argument('-i', '--investigation', help='Specify a new or existing investigation', action='store', required=False)
args = parser.parse_args()
if args.investigation:
db = Database()
__project__.open(args.investigation, db)
c = console.Console()
c.start()
