Пример #1
0
    def __init__(self):
        Module.__init__(self, "hash", HASH)
        self.conf.addArgument({"input": Argument.Required|Argument.Single|typeId.Node,
                               "name": "file",
                               "description": "file to hash"
                               })
        self.conf.addArgument({"input": Argument.Optional|Argument.List|typeId.String,
                               "name": "algorithm",
                               "description": "algorithm(s) used to hash file",
                               "parameters": {"type": Parameter.NotEditable,
                                              "predefined": ["sha1", "md5", "sha224", "sha256", "sha384", "sha512"]}
                               })
	self.conf.addArgument({"input": Argument.Optional|Argument.List|typeId.Path,
			       "name": "known_good",
			       "description" : "Path to file containing a sets of known good hashes",
			      }) 
 	self.conf.addArgument({"input": Argument.Optional|Argument.List|typeId.Path,
			       "name": "known_bad",
			       "description" : "Path to file containing a sets of known bad hashes",
			      })
        self.conf.addArgument({"input": Argument.Optional|Argument.Single|typeId.UInt64,
			       "name": "skip_size",
			       "description" : "Each node with a size greater or equal to the one set will node be hashed"}) 
        self.conf.addArgument({"input": Argument.Optional|Argument.Single|typeId.UInt64,
			       "name": "low_cache-limit",
			       "description" : "Set a low bound size for the cache.\nEach hash of a node with a size lesser or equal to the one set will not be cached,\nthis could lower the RAM usage on a dump with a very huge amount of nodes",
			      })
        self.flags = ["single", "generic"]
        self.tags = "Hash"
        self.icon = ":filehash"
Пример #2
0
    def __init__(self):
        Module.__init__(self, "msiecf", MSIECF)
        self.conf.addArgument({
            "name":
            "file",
            "description":
            "Internet Explorer Cache File",
            "input":
            Argument.Required | Argument.Single | typeId.Node
        })

        self.conf.addArgument({
            "name": "verbose",
            "description": "Display module progression",
            "input": Argument.Empty
        })

        self.conf.addConstant({
            "name": "mime-type",
            "type": typeId.String,
            "description": "managed mime type",
            "values": ["windows/ie-cache"]
        })
        self.tags = "Databases"
        self.flags = ["noscan"]
        self.icon = ":database"
Пример #3
0
    def __init__(self):
        Module.__init__(self, "hash", HASH)
        self.conf.addArgument({"input": Argument.Required|Argument.Single|typeId.Node,
                               "name": "file",
                               "description": "file to process"
                               })
        self.conf.addArgument({"input": Argument.Optional|Argument.List|typeId.String,
                               "name": "algorithm",
                               "description": "algorithm(s) used to process cryptographic hash",
                               "parameters": {"type": Parameter.NotEditable,
                                              "predefined": ["sha1", "md5", "sha224", "sha256", "sha384", "sha512"]}
                               })
	self.conf.addArgument({"input": Argument.Optional|Argument.List|typeId.Path,
			       "name": "known_good",
			       "description" : "Files containing a set of known good hashes",
			      }) 
 	self.conf.addArgument({"input": Argument.Optional|Argument.List|typeId.Path,
			       "name": "known_bad",
			       "description" : "Files containing a set of known bad hashes",
			      })
        self.conf.addArgument({"input": Argument.Optional|Argument.Single|typeId.UInt64,
			       "name": "skip_size",
                               "description" : "Each node with a size greater than or equal to skip_size will not be processed"})
        self.conf.addArgument({"input": Argument.Optional|Argument.Single|typeId.UInt64,
			       "name": "low_cache-limit",
                               "description" : "Set a low bound size for the cache.\nEach node with a size lesser or equal to low_cache-limit will not be cached,\nthis could lower the RAM usage on a dump with a very huge amount of nodes"
                             })
        self.flags = ["single", "generic"]
        self.tags = "Hash"
        self.icon = ":filehash"
Пример #4
0
Файл: fg.py Проект: kzwkt/dff
 def __init__(self):
  Module.__init__(self, "fg", FG)
  self.conf.addArgument({"name": "pid",
                         "description": "Process id (use jobs to list process id)",
                         "input": Argument.Single|Argument.Required|typeId.UInt32})
  self.tags = "builtins"
  self.flags = ["console"]
Пример #5
0
    def __init__(self):
        Module.__init__(self, "winreg", WINREG)
        self.conf.addArgument({
            "name":
            "file",
            "description":
            "Registry hive file",
            "input":
            Argument.Required | Argument.Single | typeId.Node
        })

        self.conf.addArgument({
            "name": "verbose",
            "description": "Display module progression",
            "input": Argument.Empty
        })

        self.conf.addArgument({
            "name": "mount",
            "description":
            "Mount registry key and value in the VFS (This can consume lots of memory)",
            "input": Argument.Empty
        })

        self.conf.addConstant({
            "name": "mime-type",
            "type": typeId.String,
            "description": "managed mime type",
            "values": ["windows/registry"]
        })
        self.tags = "Databases"
        self.flags = ["noscan"]
        self.scanFilter = 'path in [$*Users*$, $*Documents and Settings*$] and name matches "NTUSER.DAT" or path matches $*system32/config*$'
        self.icon = ":password.png"
Пример #6
0
 def __init__(self):
  Module.__init__(self, "ls", LS)
  self.conf.addArgument({"name": "nodes",
                         "description": "files to list",
                         "input": Argument.List|Argument.Optional|typeId.Node})
  self.conf.addArgument({"name": "long",
                         "description": "Display more information for each files",
                         "input": Argument.Empty})
  self.conf.addArgument({"name": "recursive",
                         "description": "enables recursion on folders",
                         "input": Argument.Empty})
  self.conf.addArgument({"name": "human-readable",
                         "description": "outputs information in human readable style",
                         "input": Argument.Empty})
  self.conf.addArgument({"name": "reverse",
                         "description": "reverse order while sorting",
                         "input": Argument.Empty})
  self.conf.addArgument({"name": "sort",
                         "description": "Sort ouput by provided key. By default, sort by name alphabetically. If the provided key is not based on predefined attributes, a column will be added to show associated values after default fields",
                         "input": Argument.Optional|Argument.Single|typeId.String,
                         "parameters": {"type": Parameter.Editable,
                                        "predefined": ["size", "name", "deleted", "extension", "mime"]}})
  self.conf.addArgument({"name": "attributes",
                         "description": "If long format, provided attributes will be output in the same order after default fields. If sort is provided with an attribute not listed here, it will be output before this list.",
                         "input": Argument.Optional|Argument.List|typeId.String})
  self.tags = "builtins"
Пример #7
0
 def __init__(self):
     Module.__init__(self, "pictures", ImageView)
     self.conf.addArgument({
         "name":
         "file",
         "description":
         "Picture file to display",
         "input":
         Argument.Required | Argument.Single | typeId.Node
     })
     self.conf.addArgument({
         "name": "preview",
         "description": "Preview mode",
         "input": Argument.Empty
     })
     self.conf.addConstant({
         "name":
         "mime-type",
         "type":
         typeId.String,
         "description":
         "managed mime type",
         "values": [
             "image/jpeg", "image/gif", "image/png", "image/bmp",
             "image/tiff", "PBM", "PGM", "PPM", "XBM", "XPM"
         ]
     })
     self.tags = "Viewers"
     self.icon = ":lphoto"
Пример #8
0
 def __init__(self):
  """Histogram diplay"""
  Module.__init__(self, "hist", HIST)
  self.conf.addArgument({"name": "file",
                         "description": "input file used to generate histogram",
                         "input": Argument.Required|Argument.Single|typeId.Node})
  self.tags = "Viewers"
Пример #9
0
  def __init__(self):
    Module.__init__(self, "splunk", SplunkIndexer)
    self.conf.addArgument({"name": "node",
                           "description": "Node to index",
                           "input": Argument.Required|Argument.Single|typeId.Node})
    self.conf.addArgument({"name": "host",
			   "input": Argument.Optional|Argument.Single|typeId.String,
			   "description": "Splunk host:port",
			   "parameters": {"type" : Parameter.Editable, 
					  "predefined": ["localhost:8089"]}})
    self.conf.addArgument({"name": "index_name",
			   "input": Argument.Optional|Argument.Single|typeId.String,
			   "description": "Splunk index",
			   "parameters": {"type" : Parameter.Editable, 
					  "predefined": ["dff"]}})
    self.conf.addArgument({"name": "login",
			   "input": Argument.Optional|Argument.Single|typeId.String,
			   "description": "Splunk server user login",
			   "parameters": {"type" : Parameter.Editable, 
					  "predefined": ["admin"]}})
    self.conf.addArgument({"name": "password",
			   "input": Argument.Optional|Argument.Single|typeId.String,
			   "description": "Splunk server user password",
			   "parameters": {"type" : Parameter.Editable, 
					  "predefined": ["password"]}})
    self.flags = ["single", "generic"]
    self.tags = "Analyse"
    self.icon = "splunk.jpg"
    self.depends = ['File systems', 'Volumes', 'Databases', 'Metadata', 'Mailbox', 'Malware'] 
Пример #10
0
 def __init__(self):
     Module.__init__(self, "exportcsv", ExportCSV)
     self.conf.addArgument({
         "name":
         "root",
         "description":
         "Root from where the analysis will start",
         "input":
         Argument.Required | Argument.List | typeId.Node,
         #"parameters" : {"type": Parameter.Editable,
         #"predefined" : [vfs().getnode("/")]},
     })
     self.conf.addArgument({
         "input":
         Argument.Required | typeId.Path | Argument.Single,
         "parameters": {
             "type": Parameter.Editable,
             "predefined": [os.path.expanduser('~') + "/dff.csv"]
         },
         "name":
         "outputpath",
         "description":
         "Path where to output csv file."
     })
     self.conf.addArgument({
         "name": "no split",
         "description": "Don't split file after 65535 row",
         "input": Argument.Empty
     })
     self.flags = ["console", "gui"]
     self.tags = "Export"
     self.icon = ":spreadsheet.png"
Пример #11
0
    def __init__(self):
        Module.__init__(self, "winreg", WINREG)
        self.conf.addArgument({
            "name":
            "file",
            "description":
            "Registry hive file",
            "input":
            Argument.Required | Argument.Single | typeId.Node
        })

        self.conf.addArgument({
            "name": "verbose",
            "description": "Display module progression",
            "input": Argument.Empty
        })

        self.conf.addArgument({
            "name": "mount",
            "description":
            "Mount registry key and value in the VFS (This can consume lot of memory)",
            "input": Argument.Empty
        })

        self.conf.addConstant({
            "name": "mime-type",
            "type": typeId.String,
            "description": "managed mime type",
            "values": ["registry file"]
        })
        self.tags = "Databases"
        self.flags = ["noscan"]
        self.icon = ":password.png"
Пример #12
0
    def __init__(self):
        Module.__init__(self, "gen_nodes", GenNodes)
        self.conf.addArgument(
            {
                "input": Argument.Optional | Argument.Single | typeId.Node,
                "name": "parent",
                "description": "files or folders will be added as child(ren) of this node or as the root node by default",
                "parameters": {"type": Parameter.Editable, "predefined": [vfs().getnode("/")]},
            }
        )
        self.conf.addArgument(
            {
                "input": Argument.Optional | Argument.Single | typeId.UInt64,
                "name": "count",
                "description": "number of nodes to create",
                "parameters:": {
                    "type": Parameter.Editable,
                    "predefined": [1000, 5000, 10000, 25000, 50000, 70000, 100000, 500000, 1000000, 2 ** 64 - 1],
                },
            }
        )

        # self.conf.addArgument({"input": Argument.Required|Argument.Single|typeId.UInt64,
        # "name": "start_offset",
        # "description": "Address start of the new node"
        # })

        self.tags = "Node"
Пример #13
0
  def __init__(self):
    Module.__init__(self, "huge_node", HugeNodes)
    self.conf.addArgument({"input": Argument.Optional|Argument.Single|typeId.Node, 
	                   "name": "parent", 
	                   "description": "files or folders will be added as child(ren) of this node or as the root node by default",
                           "parameters": {"type": Parameter.Editable,
                                          "predefined": [vfs().getnode("/")]}
                          })
    self.tags = "Node"
Пример #14
0
  def __init__(self):
    Module.__init__(self, "Deleted items", DeletedItems)
    self.conf.addArgument({"name": "root",
			   "description" : "Root from where the analysis will start",
			   "input" : Argument.Required|Argument.Single|typeId.Node})
    self.tags = "Analyse"
    #self.icon = ":virus"
    self.depends = ["partition", "fatfs", "ntfs"]
    self.flags = ["gui"]
Пример #15
0
 def __init__(self):
     Module.__init__(self, "compound", MetaCompound)
     self.conf.addArgument({
         "name":
         "file",
         "description":
         "Extract metadata and content of this file",
         "input":
         Argument.Required | Argument.Single | typeId.Node
     })
     self.conf.addConstant({
         "name":
         "mime-type",
         "type":
         typeId.String,
         "description":
         "compatible extension",
         "values": [
             "windows/compound", "document/word", "document/excel",
             "document/powerpoint"
         ]
     })
     self.conf.addArgument({
         "name": "no-extraction",
         "description":
         "Don't create nodes for files stored inside compound documents",
         "input": Argument.Empty
     })
     self.conf.addArgument({
         "name": "no-text",
         "description": "Don't extract text from word document",
         "input": Argument.Empty
     })
     self.conf.addArgument({
         "name": "no-pictures",
         "description":
         "Don't extract pictures from word and powerpoint documents",
         "input": Argument.Empty
     })
     self.conf.addArgument({
         "name": "no-root_metadata",
         "description": "Don't apply metadata on the root document",
         "input": Argument.Empty
     })
     self.conf.addArgument({
         "name": "no-vba-detection",
         "description": "Don't try to detect malicious VBA macro",
         "input": Argument.Empty
     })
     self.conf.addArgument({
         "name": "no-vba-decompression",
         "description": "Don't decompress VBA macro",
         "input": Argument.Empty
     })
     #self.flags = ["single"]
     self.tags = "Metadata"
     self.icon = ":document.png"
Пример #16
0
  def __init__(self):
    Module.__init__(self, "evtx", EVTX)
    self.conf.addArgument({"name": "file",
                           "description": "MS Windows Vista Event Log file",
                           "input": Argument.Required|Argument.Single|typeId.Node})
    self.conf.addConstant({"name": "mime-type",
 	                   "type": typeId.String,
 	                   "description": "managed mime type",
 	                   "values": ["evtx-log"]})
    self.tags = "Databases"
    self.icon = ":database"
Пример #17
0
    def __init__(self):
        if not with_volatility:
            raise RuntimeError("Volatility not found. Please install it")
        Module.__init__(self, "mvolatility", Volatility)
        self.conf.addArgument({
            "name":
            "file",
            "description":
            "Dump to analyse",
            "input":
            Argument.Required | Argument.Single | typeId.Node
        })

        self.conf.addArgument({
            "name":
            "hdd_base",
            "description":
            "Hard Disk Drive mount point associated to this memory dump",
            "input":
            Argument.Optional | Argument.Single | typeId.Node
        })

        self.conf.addArgument({
            "name":
            "profile",
            "description":
            "Profile to use",
            "input":
            Argument.Optional | Argument.Single | typeId.String,
            "parameters": {
                "type":
                Parameter.NotEditable,
                "predefined":
                sorted([
                    p.__name__
                    for p in registry.get_plugin_classes(obj.Profile).values()
                ])
            }
        })
        self.conf.addConstant({
            "name": "extention-type",
            "type": typeId.String,
            "description": "managed extension",
            "values": ["vmem"]
        })
        self.conf.addConstant({
            "name": "mime-type",
            "type": typeId.String,
            "description": "managed mime type",
            "values": ["x-coredump"]
        })
        self.conf.description = "Analyse windows ram dump"
        self.tags = "Volatile memory"
        self.icon = ":dev_ram.png"
Пример #18
0
 def __init__(self):
   Module.__init__(self, "Registry viewer", REGEDIT)
   self.conf.addArgument({"input": Argument.Optional|Argument.List|typeId.Node,
                          "name": "mountpoints",
                          "description": "mountpoints of (NTFS) file systems",
                          "parameters": {"type": Parameter.Editable,
                                         "minimum": 1}
                          })
   self.tags = "Viewers"
   self.flags = ["gui"]
   self.icon = ":text"	
Пример #19
0
 def __init__(self):
     Module.__init__(self, 'carvergui', CarverGui)
     self.conf.addArgument({
         "name":
         "file",
         "input":
         typeId.Node | Argument.Single | Argument.Required,
         "description":
         "Node to search data in"
     })
     self.tags = "Search"
Пример #20
0
 def __init__(self):
     Module.__init__(self, "show_db", SHOW_DB)
     self.conf.addArgument({
         "name":
         "key",
         "description":
         "Display only this key value",
         "input":
         Argument.Single | Argument.Optional | typeId.String
     })
     self.tags = "builtins"
Пример #21
0
  def __init__(self):
    Module.__init__(self, "metaexif", MetaEXIF)
    self.conf.addArgument({"name": "file",
                           "description": "file for extracting metadata",
                           "input": Argument.Required|Argument.Single|typeId.Node})
    self.conf.addConstant({"name": "mime-type", 
 	                   "type": typeId.String,
 	                   "description": "managed mime type",
 	                   "values": ["jpeg", "TIFF"]})
    self.flags = ["single"]
    self.tags = "Metadata"
Пример #22
0
 def __init__(self):
     Module.__init__(self, "batch", BATCH)
     self.conf.addArgument({
         "name":
         "path",
         "description":
         "Path to a dff batch file",
         "input":
         Argument.Required | Argument.Single | typeId.Path
     })
     self.tags = "builtins"
Пример #23
0
 def __init__(self):
   Module.__init__(self, "disassemble", Disassemble)
   self.conf.addArgument({"name": "file",
                          "description": "file to disassemble",
                          "input": Argument.Required|Argument.Single|typeId.Node})
   self.conf.addConstant({"name": "mime-type",
                          "type": typeId.String,
                          "description": "managed mime type",
                          "values": ["x-sharedlib", "x-executable"]})
   self.flags = ["gui"]
   self.tags = "Viewers"
Пример #24
0
 def __init__(self):
     Module.__init__(self, "timeline", Timeline)
     self.conf.addArgument(
         {
             "name": "file",
             "description": "Text file to display",
             "input": Argument.Required | Argument.Single | typeId.Node,
         }
     )
     self.tags = "Statistics"
     self.icon = ":date"
Пример #25
0
 def __init__(self):
     Module.__init__(self, "info", INFO)
     self.tags = "builtins"
     self.conf.addArgument({
         "name":
         "modules",
         "description":
         "Display information concerning provided modules",
         "input":
         Argument.Optional | Argument.List | typeId.String
     })
Пример #26
0
  def __init__(self):
    Module.__init__(self, "prefetch", Prefetch)
    self.conf.addArgument({"name": "file",
                           "description": "file to extract metadata",
                           "input": Argument.Required|Argument.Single|typeId.Node})
    self.conf.addConstant({"name": "extension-type", 
 	                   "type": typeId.String,
 	                   "description": "compatible extension",
 	                   "values": ["pf"]})
    self.flags = ["single"]
    self.tags = "Metadata"
Пример #27
0
  def __init__(self):
    Module.__init__(self, "metahachoir", MetaHachoir)
    self.conf.addArgument({"name": "file",
                           "description": "file for extracting metadata",
                           "input": Argument.Required|Argument.Single|typeId.Node})
    self.conf.addConstant({"name": "extension-type",
                           "type": typeId.String,
                           "description" : "compatible extensions",
                           "values" : MetaHachoir.getSupportedFileExtensions()})

    self.flags = ["single"]
    self.tags = "Metadata"
Пример #28
0
  def __init__(self):
    Module.__init__(self, "textviewer", CAT)
    self.conf.addArgument({"name": "file",
                           "description": "Text file to display",
                           "input": Argument.Required|Argument.Single|typeId.Node})
    self.conf.addConstant({"name": "mime-type", 
 	                   "type": typeId.String,
 	                   "description": "managed mime type",
 	                   "values": ["HTML", "ASCII", "XML", "text"]})
    self.tags = "Viewers"
    self.flags = ["console", "gui"]
    self.icon = ":text"	
Пример #29
0
Файл: unzip.py Проект: kzwkt/dff
  def __init__(self):
    Module.__init__(self, "unzip", UNZIP)
    self.conf.addArgument({"name": "file",
                           "input": Argument.Required|Argument.Single|typeId.Node,
                           "description": "zip file to decompress"
                           })
    self.conf.addConstant({"name": "mime-type", 
 	                   "type": typeId.String,
 	                   "description": "managed mime type",
 	                   "values": ["Zip"]})
    self.tags = "Archives"
    self.icon = ":zip"
Пример #30
0
  def __init__(self):
    Module.__init__(self, "lnk", LNK)
    self.conf.addArgument({"name": "file",
                           "description": "file to extract metadata",
                           "input": Argument.Required|Argument.Single|typeId.Node})
    self.conf.addConstant({"name": "mime-type", 
 	                   "type": typeId.String,
 	                   "description": "compatible extension",
 	                   "values": ["MS Windows shortcut"]})
    self.flags = ["single"] 
    self.tags = "Metadata"
    self.icon = ":lnk"
Пример #31
0
 def __init__(self):
     """Histogram diplay"""
     Module.__init__(self, "hist", HIST)
     self.conf.addArgument({
         "name":
         "file",
         "description":
         "input file used to generate histogram",
         "input":
         Argument.Required | Argument.Single | typeId.Node
     })
     self.tags = "Viewers"
Пример #32
0
 def __init__(self):
     Module.__init__(self, "hexadecimal", ViewerHexa)
     self.conf.addArgument(
         {
             "input": Argument.Required | Argument.Single | typeId.Node,
             "name": "file",
             "description": "File to display as hexadecimal",
         }
     )
     self.conf.addArgument({"name": "preview", "description": "Preview mode", "input": Argument.Empty})
     self.tags = "Viewers"
     self.icon = ":hexedit.png"
Пример #33
0
 def __init__(self):
     Module.__init__(self, 'timeline', Timeline)
     self.conf.addArgument({
         "name":
         "file",
         "description":
         "Text file to display",
         "input":
         Argument.Required | Argument.Single | typeId.Node
     })
     self.tags = 'Statistics'
     self.icon = ":date"
Пример #34
0
 def __init__(self):
     Module.__init__(self, "sqlitedb", SqliteDB)
     self.conf.addArgument(
         {
             "input": Argument.Optional | Argument.Single | typeId.Node,
             "name": "node",
             "description": "sqlite base wrapper.",
         }
     )
     self.conf.addConstant(
         {"name": "mime-type", "type": typeId.String, "description": "managed mime type", "values": ["SQLite"]}
     )
     self.tags = "Databases"
Пример #35
0
 def __init__(self):
     Module.__init__(self, "Network", Network)
     self.conf.addArgument({
         "name":
         "root",
         "description":
         "Root from where the analysis will start.",
         "input":
         Argument.Required | Argument.Single | typeId.Node
     })
     self.tags = "Windows Analyse"
     self.icon = ":network"
     self.depends = ["File systems", "partition", "winreg"]
Пример #36
0
 def __init__(self):
  Module.__init__(self, "player", PLAYER)
  self.conf.addArgument({"name": "file",
                         "description": "multimedia file to play",
                         "input": Argument.Required|Argument.Single|typeId.Node})
  self.tags = "Viewers"
  #for mimeType in Phonon.BackendCapabilities.availableMimeTypes():
    #self.conf.add_const("mime-type", str(mimeType))
  #self.conf.addConstant({"name": "mime-type", 
                         #"type": typeId.String,
                         #"description": "managed mime type",
                         #"values": ["video", "audio"]})
  self.icon = ":multimedia"
Пример #37
0
 def __init__(self):
     Module.__init__(self, "Malware Analyse", MalwareAnalyse)
     self.conf.addArgument({
         "name":
         "root",
         "description":
         "Root from where the analysis will start",
         "input":
         Argument.Required | Argument.Single | typeId.Node
     })
     self.tags = "Analyse"
     self.icon = ":virus"
     self.depends = ["File systems", "partition", "clamdscan"]
     self.flags = ["gui"]
Пример #38
0
  def __init__(self):
    Module.__init__(self, "pictures", ImageView)
    self.conf.addArgument({"name": "file",
                           "description": "Picture file to display",
                           "input": Argument.Required|Argument.Single|typeId.Node})
    self.conf.addArgument({"name": "preview",
			   "description": "Preview mode",
			   "input": Argument.Empty})
    self.conf.addConstant({"name": "mime-type", 
 	                   "type": typeId.String,
 	                   "description": "managed mime type",
 	                   "values": ["JPEG", "GIF", "PNG", "PC bitmap", "TIFF", "PBM", "PGM", "PPM", "XBM", "XPM"]})
    self.tags = "Viewers"
    self.icon = ":lphoto"
Пример #39
0
  def __init__(self):
    Module.__init__(self, "thumbnailvideo", ThumbnailVideoView)
    self.conf.addArgument({"name": "file",
                           "description": "Picture file to display",
                           "input": Argument.Required|Argument.Single|typeId.Node})
    self.conf.addArgument({"name": "preview",
			   "description": "Preview mode",
			   "input": Argument.Empty})
    self.conf.addConstant({"name": "mime-type", 
 	                   "type": typeId.String,
 	                   "description": "managed mime type",
 	                   "values": ["avi", "video"]})
    self.tags = "Viewers"
    self.icon = ":movie"
Пример #40
0
 def __init__(self):
     Module.__init__(self, "clamdscan", ClamdScan)
     self.conf.addArgument({
         "name":
         "file",
         "description":
         "file for extracting metadata",
         "input":
         Argument.Required | Argument.Single | typeId.Node
     })
     self.conf.addArgument({
         "name":
         "ip connection",
         "input":
         Argument.Empty,
         "description":
         "Connect to a distant server rather than a local pipe"
     })
     if sys.platform.startswith("win32"):
         hostparams = {
             "type": Parameter.Editable,
             "predefined": ["127.0.0.1:3310"]
         }
     else:
         hostparams = {
             "type":
             Parameter.Editable,
             "predefined":
             ["/var/run/clamav/clamd.ctl", "/var/run/clamav/clamd.pid"]
         }
     self.conf.addArgument({
         "name":
         "host",
         "input":
         Argument.Optional | Argument.Single | typeId.String,
         "description":
         "Addresse of local pipe or IP of clamd server (default port 3310) or ip:port ",
         "parameters":
         hostparams
     })
     self.conf.addConstant({
         "name": "mime-type",
         "type": typeId.String,
         "description": "managed mime type",
         "values": ["binary/windows"]
     })
     self.flags = ["single"]
     self.tags = "Malware"
     self.icon = ":virus"
Пример #41
0
 def __init__(self):
     Module.__init__(self, "Windows logs", WIN_EVENTS)
     self.conf.addArgument({
         "name":
         "root",
         "description":
         "Root from where the analysis will start",
         "input":
         Argument.Required | Argument.Single | typeId.Node
     })
     self.depends = [
         "File systems", "partition", "evtx", "evt", "ntfs", "vmware"
     ]
     self.tags = "Windows Analyse"
     self.icon = ":toggle_log"
Пример #42
0
 def __init__(self):
     Module.__init__(self, "WebBrowsers", BROWSERS)
     self.conf.addArgument({
         "name":
         "root",
         "description":
         "Root from where the analysis will start",
         "input":
         Argument.Required | Argument.Single | typeId.Node
     })
     self.icon = ":firefox"
     self.depends = [
         "File systems", "partition", "winreg", "sqlitedb", "msiecf"
     ]
     self.tags = "Analyse"
Пример #43
0
 def __init__(self):
     Module.__init__(self, "sqlitedb", SqliteDB)
     self.conf.addArgument({
         "input":
         Argument.Optional | Argument.Single | typeId.Node,
         "name":
         "file",
         "description":
         "sqlite database file."
     })
     self.conf.addConstant({
         "name": "mime-type",
         "type": typeId.String,
         "description": "managed mime type",
         "values": ["database/sqlite"]
     })
     self.tags = "Databases"
Пример #44
0
 def __init__(self):
     Module.__init__(self, "find", FIND)
     self.conf.addArgument(
         {
             "name": "filter_name",
             "description": "Name of the filter",
             "input": Argument.Single | Argument.Required | typeId.String,
         }
     )
     self.conf.addArgument(
         {
             "name": "expression",
             "description": 'Expression provided to filter engine (e.g: name == w("*.jp?g", i)',
             "input": Argument.Single | Argument.Required | typeId.String,
         }
     )
     self.conf.addArgument(
         {
             "name": "root_node",
             "description": "node from which apply filter expression",
             "input": Argument.Single | Argument.Required | typeId.Node,
         }
     )
     self.conf.addArgument(
         {
             "name": "recursive",
             "description": "apply filter expression in recursive way (on all thre subtree from provided root_node)",
             "input": Argument.Empty,
         }
     )
     self.conf.addArgument(
         {
             "name": "save_result",
             "description": "save results by creating links to matching nodes",
             "input": Argument.Empty,
         }
     )
     self.conf.addArgument(
         {
             "name": "verbose",
             "description": "outputs matching node on console during processing",
             "input": Argument.Empty,
         }
     )
     self.tags = "builtins"
Пример #45
0
  def __init__(self):
    Module.__init__(self, "winreg", WINREG)
    self.conf.addArgument({"name": "file",
                           "description": "Registry hive file",
                           "input": Argument.Required|Argument.Single|typeId.Node})

    self.conf.addArgument({"name": "verbose",
                           "description": "Display module progression",
                           "input": Argument.Empty})

    self.conf.addArgument({"name": "mount",
                           "description": "Mount registry key and value in the VFS (This can consume lot of memory)",
                           "input": Argument.Empty})

    self.conf.addConstant({"name": "mime-type", 
 	                   "type": typeId.String,
 	                   "description": "managed mime type",
 	                   "values": ["registry file"]})
    self.tags = "Databases"
    self.flags = ["noscan"]
    self.icon = ":password.png"
Пример #46
0
  def __init__(self):
    Module.__init__(self, "compound", MetaCompound)
    self.conf.addArgument({"name": "file",
                           "description": "file to extract metadata",
                           "input": Argument.Required|Argument.Single|typeId.Node})
    self.conf.addConstant({"name": "mime-type", 
 	                   "type": typeId.String,
 	                   "description": "compatible extension",
 	                   "values": ["Composite Document File V2"]})
    self.conf.addArgument({"name": "no-extraction",	
			   "description" : "Don't create nodes for files stored inside compound document",
			   "input": Argument.Empty})
    self.conf.addArgument({"name": "no-text",	
			   "description" : "Don't extract text from word document",
			   "input": Argument.Empty})
    self.conf.addArgument({"name": "no-pictures",	
			   "description" : "Don't extract pictures from word and powerpoint document",
			   "input": Argument.Empty})
    self.conf.addArgument({"name" : "no-root_metadata",
			   "description" : "Don't apply metadata on the root document",
			   "input": Argument.Empty})
    #self.flags = ["single"]
    self.tags = "Metadata"
    self.icon = ":document.png"
Пример #47
0
 def __init__(self):
  Module.__init__(self, "cd", CD)
  self.conf.addArgument({"name": "dir",
                         "description": "Directory to go in",
                         "input": Argument.Single|Argument.Optional|typeId.Node})
  self.tags = "builtins"
Пример #48
0
 def __init__(self):
   Module.__init__(self, "info", INFO)
   self.tags = "builtins"
   self.conf.addArgument({"name": "modules",
                          "description": "Display information concerning provided modules",
                          "input": Argument.Optional|Argument.List|typeId.String})
Пример #49
0
  def __init__(self):
    Module.__init__(self, "batch", BATCH)
    self.conf.addArgument({"name":"path",
			   "description": "Path to a dff batch file",
			   "input" : Argument.Required|Argument.Single|typeId.Path}) 	
    self.tags = "builtins"
Пример #50
0
 def __init__(self):
   Module.__init__(self, 'carvergui', CarverGui)
   self.conf.addArgument({"name": "file",
                          "input": typeId.Node|Argument.Single|Argument.Required,
                          "description": "Node to search data in"})
   self.tags = "Search"