def __nodeToHtmlCell(self, uid): imagecell = """<td style="text-align: center;"><img src="data:image/jpg;base64,{}"/><br />{} {} {}</td>""" node = VFS.Get().getNodeById(uid) timestamp = "" device = "" model = "" make = "" b64image = self.__corrupt if node is not None: dtype = node.dataType() try: if dtype.find("image") != -1: vfile = node.open() image = vfile.read() vfile.close() data = node.attributesByName("exif.Model", ABSOLUTE_ATTR_NAME) if len(data): model = data[0].toString() data = node.attributesByName("exif.Make", ABSOLUTE_ATTR_NAME) if len(data): make = data[0].toString() if len(model) or len(make): device = "<br />{} {}".format(model, make) data = node.attributesByName("exif.DateTimeDigitized", ABSOLUTE_ATTR_NAME) if len(data): timestamp = "<br /> {}".format(data[0].toString()) b64image = base64.b64encode(image) except: pass return imagecell.format(b64image, node.name(), device, timestamp) return ""
def __init__(self, parent=None, mode=ADVANCED): EventHandler.__init__(self) super(QWidget, self).__init__(parent) self.setupUi(self) self.type = "filebrowser" self.icon = None self.name = "nodebrowser" self.setObjectName(self.name) #Define browser functions self.mode = mode self.mainwindow = QApplication.instance().mainWindow # Main layout self.mainlayout = QVBoxLayout() self.mainlayout.setSpacing(0) self.mainlayout.setMargin(0) self.createSelection() self.attributes = PropertyTable(self) if mode == ADVANCED: self.createNavigationHeader() self.createToolbar() self.createViewPan() self.createViews() self.setLayout(self.mainlayout) self.VFS = VFS.Get() self.VFS.connection(self) self.connect(self, SIGNAL("refreshList"), self.refreshList) self.bookManager = BookmarkManager(self.model()) self.timelinerThread = None
def __init__(self, manager): super(QDialog, self).__init__() self.vfs = vfs() self.VFS = VFS.Get() self.setupUi(self) self.manager = manager self.initShape()
def __init__(self): EventHandler.__init__(self) self.loader = loader.loader() self.processusManager = ProcessusManager() self.VFS = VFS.Get() self.VFS.connection(self) self.ppModules = ModulesConfig() self.ppAnalyses = ModulesConfig()
def getFileItems(self, evt, root): node = VFS.Get().getNodeById(evt) if node is None: return None if node.absolute()[:len(root)] != root: return None fileItem = FileItem(QIcon(':/toggle_log'), node.name(), node) return fileItem
def getItem(self): ret = None data = self.itemData(self.currentIndex(), Qt.UserRole) if data.isValid(): idx, valid = data.toInt() if valid: uid = self._items[idx] node = VFS.Get().getNodeById(uid) ret = node return ret
def __init__(self): self.cm = ConfigManager.Get() self.vfs = VFS.Get() self.cmodules = {} self.scripts = {} self.builtins = {} self.modules = {} self.tags = {} self.loadedPaths = [] self.__modulesPaths = []
def __init__(self): fso.__init__(self, "unzip") self.name = "unzip" self.VFS = VFS.Get() self.vfs = vfs.vfs() self.fdm = FdManager() self.origin = None self.zipcontent = None self.file = None self.mapped_files = {}
def getItems(self): items = [] for i in xrange(0, self.count()): item = self.item(i) idx, valid = item.data(Qt.UserRole).toInt() if valid: uid = self._items[idx] node = VFS.Get().getNodeById(uid) items.append(node) return items
def __init__(self, parent=None): QLabel.__init__(self, parent) self.setTextInteractionFlags(Qt.LinksAccessibleByMouse|Qt.TextSelectableByMouse) self.setAlignment(Qt.AlignLeft) sizePolicy = QSizePolicy(QSizePolicy.Minimum, QSizePolicy.Minimum) sizePolicy.setHorizontalStretch(0) sizePolicy.setVerticalStretch(0) self.setSizePolicy(sizePolicy) self.setTextFormat(Qt.RichText) self.__node = VFS.Get().GetNode("/") self.connect(self, SIGNAL("linkActivated(QString)"), self.goto)
def report(self, root): self.reportManager = ReportManager() self.translator = AccountTranslator() for nodeID in self.__accountInfo.iterkeys(): node = VFS.Get().getNodeById(nodeID) info = self.__accountInfo[nodeID] categoryName = self.translator.translate( "Operating system") + " " + root.name().translate( None, "!@#$%^&'\/?") page = self.reportManager.createPage( categoryName, self.translator.translate("Users") + " (" + node.name() + ')') tableHeader = ["userName", "RID", "lastLoginDate", "logins"] headerTranslation = [] translationMap = {} translationMap.update(UserV.Translate().details()) translationMap.update(UserF.Translate().details()) for name in tableHeader: headerTranslation.append(translationMap[name]) userTable = page.addDetailTable( self.translator.translate("Accounts"), headerTranslation) for user in info.users(): tempTable = [] for attr, description in user.details().iteritems(): try: value = getattr(user, attr)() if value: tempTable.append((description, value)) except AttributeError: pass detailTable = TableFragment( self.translator.translate("Details"), [ self.translator.translate('Key'), self.translator.translate('Value') ], tempTable) userTable.addRow((user.userName(), user.RID(), user.lastLoginDate(), user.logins()), detailTable) groupTable = [] gtr = GroupC.Translate() headerTranslation = [] for m in ["name", "ID", "members"]: headerTranslation.append(gtr.translate(m)) for group in info.groups(): groupTable.append((group.name(), group.ID(), group.members())) page.addTable(gtr.translate("groups"), headerTranslation, groupTable) self.reportManager.addPage(page)
def __init__(self, parent=None, coord=False): """ Constructor """ QTreeView.__init__(self) self.VFS = VFS.Get() self.setSelectionMode(QAbstractItemView.NoSelection) self.setState(QAbstractItemView.NoState) self.setUniformRowHeights(True) self.setSortingEnabled(False) self.coord = coord self.delegate = CheckDelegate(self) self.setItemDelegate(self.delegate) self.connect(self, SIGNAL("expanded(QModelIndex)"), self.indexExpanded)
def __init__(self): EventHandler.__init__(self) self.__fsEncoding = sys.getfilesystemencoding() self.__vfsRoot = VFS.Get().root self.__extracted = {} self.__errors = {} self.total_files = 0 self.total_folders = 0 self.extracted_files = 0 self.extracted_folders = 0 self.files_errors = 0 self.folders_errors = 0 self.ommited_files = 0 self.ommited_folders = 0
def __init__(self, parent=None): QTreeWidget.__init__(self, parent) self.vfs = VFS.Get() self.nodesMapWidget = parent self.mainWindow = QApplication.instance().mainWindow self.countryLevel = {} self.countyLevel = {} self.streetLevel = {} self.nodeLevel = {} self.connect(self, SIGNAL("itemClicked(QTreeWidgetItem*, int)"), self.clicked) self.connect(self, SIGNAL("focusOnNode"), self.focusOnNodeItem) headerItem = self.headerItem().setText(0, "No images found") self.imageCount = 0
def __init__(self, __parent = None, selection=None): QStandardItemModel.__init__(self, __parent) EventHandler.__init__(self) self.__parent = __parent self.VFS = VFS.Get() # init translation self.translation() self.indexmap = {} self.createRootItems() self.currentIndex = self.root_item self.ch = True self.selection = selection self.VFS.connection(self) # keep track of index - node pointers self.connect(self, SIGNAL("refreshModel"), self.refreshModel)
def fill_log_viewer(self, item): ptr = item.data(QListWidgetItem.UserType) node = VFS.Get().getNodeById(ptr.toULongLong()[0]) processus_manager = ModuleProcessusManager() evtx = processus_manager.get('evtx') self.node = node self.evtx_parser.chunks = evtx.data(ptr.toULongLong()[0]) self.evtx_parser.node = node self.admin_pannel.cb = self.admin_pannel.initId( evtx.data(ptr.toULongLong()[0]), 'id') self.admin_pannel.cbs = self.admin_pannel.initId( evtx.data(ptr.toULongLong()[0]), 'source') self.display(evtx.data(ptr.toULongLong()[0]), node)
def __init__(self, parent = None, selectedNodesList = []): QDialog.__init__(self, parent) self.setupUi(self) self.VFS = VFS.Get() self.connect(self.newTagButton, SIGNAL("clicked()"), self.editTag) self.connect(self.deleteTagButton, SIGNAL("clicked()"), self.deleteTag) self.connect(self.addTagNodesButton, SIGNAL("clicked()"), self.addTagNodes) self.connect(self.removeTagNodesButton, SIGNAL("clicked()"), self.removeTagNodes) self.connect(self.selectedTags, SIGNAL("itemDoubleClicked(QListWidgetItem*)"), self.editTag) self.connect(self.allTags, SIGNAL("itemDoubleClicked(QListWidgetItem*)"), self.editTag) self.tagsManager = TagsManager.get() if len(selectedNodesList) == 1 and selectedNodesList[0] == None: self.selectedNodesList = [] else: self.selectedNodesList = selectedNodesList self.selectedNodes = [] self.fillLists() self.translation()
def __init__(self, evtxManager, root): EventLogViewer.__init__(self, None) self.evtxManager = evtxManager self.vfs = VFS.Get() self.evtx_table_view.setColumnCount(7) self.evtx_table_view.hideColumn(4) self.evtx_table_view.hideColumn(5) self.evtx_table_view.hideColumn(6) self.admin_pannel.hide() self.list_widget = QListWidget() file_names = QLabel('Windows events') ww = QWidget() l = QVBoxLayout(ww) l.addWidget(file_names) l.addWidget(self.list_widget) l.setSpacing(2) l.setContentsMargins(2, 2, 2, 2) for node_name, chunks in self.evtxManager.getData(): node = self.vfs.getNodeById(node_name) if node.absolute()[:len(root)] != root: continue item = QListWidgetItem( QIcon(':/toggle_log'), node.name().replace('Microsoft-Windows-', '').replace('.evtx', '')) item.setData(QListWidgetItem.UserType, long(node_name)) self.list_widget.addItem(item) self.list_widget.sortItems() self.list_widget.itemClicked.connect(self.fill_log_viewer) self.splitter.insertWidget(0, ww) ctrl = EvtControlPannel(self.evtx_table_view) self.splitter.insertWidget(2, ctrl) self.list_widget.itemClicked.connect(ctrl.reload)
def dispEvent(self, row, column): item = self.evtx_table_view.item(row, 4) offset_str = item.text() offset = int(offset_str) item = self.evtx_table_view.item(row, 5) chunk_str = item.text() chunk_nb = int(chunk_str) if self.evtx_table_view.columnCount() == 7: item = self.evtx_table_view.item(row, 6).data(QTableWidgetItem.Type) n = item.toULongLong()[0] self.evtx_parser.node = VFS.Get().getNodeById(n) xml = self.evtx_parser.getXML(chunk_nb, offset, self.evtx_parser.node) xml_str = tostring(xml, "utf-8") self.disp = ViewEvtx() self.disp.view.setAlternatingRowColors(1) self.disp.view.setSelectionBehavior(QAbstractItemView.SelectRows) self.disp.view.setSelectionMode(QAbstractItemView.SingleSelection) self.current_row = row if not row: self.disp.prev_evtx.setEnabled(False) if row + 1 == self.evtx_table_view.rowCount(): self.disp.next_evtx.setEnabled(False) self.widget = EvtxTree(xml_str, self.disp) self.disp.textEdit.setText(self.widget.doc.toString(3)) self.disp.view.expandAll() self.disp.view.resizeColumnToContents(0) if PYQT_VERSION_STR >= "4.5.0": self.disp.next_evtx.clicked.connect(self.nextEvent) self.disp.prev_evtx.clicked.connect(self.prevEvent) self.disp.exec_() del self.disp self.disp = None
def readStringData(self, dataName): if (dataName, str) in self.shellLink.LinkFlags: size = unpack("H", self.vfile.read(2))[0] if size: Name = dataName.replace('Has', '') if ("IsUnicode", str) in self.shellLink.LinkFlags: data = unicode(self.vfile.read(size * 2).decode('UTF-16')) else: data = self.vfile.read(size) setattr(self, Name, data) if Name == "RelativePath": n = VFS.Get().GetNode( self.node.parent().absolute() + '/' + data.encode('UTF-8').replace('\\', '/')) if n: #This create a subnode with a link #vl = VLink(n, self.node) #vl.thisown = False setattr(self, "RelativePathLink", n)
def nextEvent(self, checked): row = self.current_row + 1 self.disp.prev_evtx.setEnabled(True) while row + 1 != self.evtx_table_view.rowCount( ) and self.evtx_table_view.isRowHidden(row): row += 1 # row = self.current_row item = self.evtx_table_view.item(row, 4) offset_str = item.text() offset = int(offset_str) item = self.evtx_table_view.item(row, 5) chunk_str = item.text() chunk_nb = int(chunk_str) node = None if self.evtx_table_view.columnCount() == 7: item = self.evtx_table_view.item(row, 6) node = VFS.Get().getNodeById(long(item.text())) else: node = self.node self.evtx_table_view.setCurrentCell(row, 0) xml = self.evtx_parser.getXML(chunk_nb, offset, node) xml_str = tostring(xml, "utf-8") self.widget = EvtxTree(xml_str, self.disp) self.disp.textEdit.setText(self.widget.doc.toString(3)) self.disp.view.expandAll() self.disp.view.resizeColumnToContents(0) self.current_row = row while row + 1 != self.evtx_table_view.rowCount(): row += 1 if not self.evtx_table_view.isRowHidden(row): return self.disp.next_evtx.setEnabled(False)
def __init__(self, __parent=None, selection=None, root=None): QStandardItemModel.__init__(self, __parent) EventHandler.__init__(self) self.__parent = __parent self.VFS = VFS.Get() # init translation self.root_node = root self.__root_uids = [] self.translation() self.itemmap = {} self.createRootItems() self.currentIndex = self.root_item self.ch = True self.displayCount = True self.selection = selection if self.selection != None: self.connect(self.selection, SIGNAL("selectionChanged"), self.updateSelected) self.VFS.connection(self) # keep track of index - node pointers self.connect(self, SIGNAL("refreshModel"), self.refreshModel)
def __init__(self): QWidget.__init__(self) self.inversedGeoCoder = InversedGeoCoder() self.vfs = VFS.Get() self.mainWindow = QApplication.instance().mainWindow self.vboxLayout = QVBoxLayout(self) self.vboxLayout.setSpacing(0) self.vboxLayout.setMargin(0) self.setLayout(self.vboxLayout) self.splitter = QSplitter() self.mapWidget = QGoogleMap(self) self.mapWidget.markerClicked.connect(self.markerClicked) self.mapWidget.waitUntilReady() self.splitter.addWidget(self.mapWidget) self.nodesAddressWidget = NodesAddressWidget(self) self.connect(self.nodesAddressWidget, SIGNAL("center"), self.center) self.splitter.addWidget(self.nodesAddressWidget) self.vboxLayout.addWidget(self.splitter) self.mapWidget.centerAt(43.776037, -31.330157) self.mapWidget.setZoom(3)
def evtx(self, filter_name, event_map, root='/'): records_match = [] for ptr, chunks in self.evtxManager.getData(): node = VFS.Get().getNodeById(ptr) if node.absolute()[:len(root)] != root: continue count = 0 for chunk in self.evtxManager.node_name[long(ptr)]: for event in chunk.events(): match = True for f in event_map: try: if f == 'All' and node.name() == event_map[f]: match = True break match = chunk.events()[event][f] in event_map[f] except: match = False if not match : break if match: records_match.append(EvtxInfo(event, chunk.events()[event], count, ptr)) count += 1 self.evtxResults[filter_name] = records_match
def __init__(self): QObject.__init__(self) self.VFS = VFS.Get() self._selection = set()
def __init__(self): AttributesHandler.__init__(self, "metacompound") ModuleProcessusHandler.__init__(self, "metacompound") self.__disown__() self.nodeAttributes = {} self.vfs = VFS.Get()
def __init__(self): AttributesHandler.__init__(self, "clamdscan") ModuleProcessusHandler.__init__(self, "clamdscan") self.__disown__() self.nodeAttributes = {} self.vfs = VFS.Get()
def deleteBookmark(self): vfs = VFS.Get() try: vfs.unregister(self.model.currentNode()) except Exception as e: print 'TreeMenu.deleteNode exceptions : ', str(e)
def createRootNodes(self): root = self.vfs.getnode('/') self.devicenode = deviceNode(root, str('Local devices')) self.logicalenode = logicalNode(root, str('Logical files')) self.modulesrootnode = ModulesRootNode(VFS.Get(), root) self.booknode = bookNode(root, str('Bookmarks'))
def openParentDirectory(self): node = VFS.Get().getNodeById(self.item.nodeuid) QApplication.instance().mainWindow.addNodeBrowser(node.parent())