Exemplo n.º 1
0
def main():
    import argparse
    parser = argparse.ArgumentParser(
        description=
        "Merge existing template files, deduping identical templates.")
    parser.add_argument("--verbose",
                        action="store_true",
                        help="Enable debugging output")
    parser.add_argument("templates_outfile",
                        type=str,
                        help="Path to the output template file")
    parser.add_argument("templates_files",
                        type=str,
                        nargs="+",
                        help="Path to the template files")
    args = parser.parse_args()

    if args.verbose:
        logging.basicConfig(
            level=logging.DEBUG,
            format="%(asctime)s %(levelname)s %(name)s %(message)s")

    templates = TemplateDatabase()

    for file_ in args.templates_files:
        new_templates = TemplateDatabase()
        with open(file_, "rb") as f:
            new_templates.deserialize(f.read(), warn_on_conflict=False)
        templates.extend(new_templates)

    with open(args.templates_outfile, "wb") as f:
        f.write(templates.serialize())
Exemplo n.º 2
0
def main():
    import argparse
    parser = argparse.ArgumentParser(
        description="Merge existing template files, deduping identical templates.")
    parser.add_argument("--verbose", action="store_true",
                        help="Enable debugging output")
    parser.add_argument("templates_outfile", type=str,
                        help="Path to the output template file")
    parser.add_argument("templates_files", type=str, nargs="+",
                        help="Path to the template files")
    args = parser.parse_args()

    if args.verbose:
        logging.basicConfig(level=logging.DEBUG,
                            format="%(asctime)s %(levelname)s %(name)s %(message)s")

    templates = TemplateDatabase()

    for file_ in args.templates_files:
        new_templates = TemplateDatabase()
        with open(file_, "rb") as f:
            new_templates.deserialize(f.read(), warn_on_conflict=False)
        templates.extend(new_templates)

    with open(args.templates_outfile, "wb") as f:
        f.write(templates.serialize())
Exemplo n.º 3
0
def main():
    import argparse
    parser = argparse.ArgumentParser(
        description="Verify a template file's syntax and contents.")
    parser.add_argument("templates", type=str,
                        help="Path to the file containing recovered templates")
    args = parser.parse_args()

    with open(args.templates, "rb") as f:
        templates_txt = f.read()

    # we break rules below be reaching into `templates`. Sorry :-(
    templates = TemplateDatabase()
    try:
        templates.deserialize(templates_txt, warn_on_conflict=True)

        print "Template Distribution:"
        for eid in sorted(templates._eid_map.keys()):
            print "  EID: %6d  --> %2d templates" % \
                (eid, len(templates._eid_map[eid]))

        print ""
        print "  Summary   "
        print "-------------"
        print "No Conflicts!"
        sys.exit(0)
    except TemplateEIDConflictError:
        templates.deserialize(templates_txt, warn_on_conflict=False)

        print "Template Distribution:"
        for eid in sorted(templates._eid_map.keys()):
            ids = []
            tt = []
            for id_ in templates._eid_map[eid]:
                tt.extend(templates._templates[id_])
                ids.append(id_)

            if len(ids) != len(tt):
                print "  EID: %6d  --> %2d templates (%d conflicts)" % \
                    (eid, len(tt), len(tt) - len(ids))
            else:
                print "  EID: %6d  --> %2d templates" % \
                    (eid, len(templates._eid_map[eid]))

        print ""
        print "        Summary        "
        print "-----------------------"

        print "There are %d Conflicts!" % \
            (sum(map(len, templates._templates.values())) - len(templates._templates.keys()))
        sys.exit(-1)
#!/bin/python#    This file is part of recover-evtx.##   Copyright 2013 Willi Ballenthin <*****@*****.**>#                    while at Mandiant <http://www.mandiant.com>##   Licensed under the Apache License, Version 2.0 (the "License");#   you may not use this file except in compliance with the License.#   You may obtain a copy of the License at##       http://www.apache.org/licenses/LICENSE-2.0##   Unless required by applicable law or agreed to in writing, software#   distributed under the License is distributed on an "AS IS" BASIS,#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.#   See the License for the specific language governing permissions and#   limitations under the License.##   Version v0.1import logging
from recovery_utils import TemplateDatabase

def main(): import argparse    parser = argparse.ArgumentParser( description="Merge existing template files, deduping identical templates.")    parser.add_argument("--verbose", action="store_true", help="Enable debugging output")    parser.add_argument("templates_outfile", type=str, help="Path to the output template file")    parser.add_argument("templates_files", type=str, nargs="+", help="Path to the template files")    args = parser.parse_args()
 if args.verbose:        logging.basicConfig(level=logging.DEBUG, format="%(asctime)s %(levelname)s %(name)s %(message)s")
    templates = TemplateDatabase()
 for file_ in args.templates_files:        new_templates = TemplateDatabase() with open(file_, "rb") as f:            new_templates.deserialize(f.read(), warn_on_conflict=False)        templates.extend(new_templates)
 with open(args.templates_outfile, "wb") as f:        f.write(templates.serialize())

if __name__ == "__main__":    main()