Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
analysis_session.input_path = bottle.request.forms.get('profile_path') # TODO: refactor bottle name
analysis_session.cache_path = bottle.request.forms.get('cache_path')
analysis_session.browser_type = bottle.request.forms.get('browser_type')
analysis_session.timezone = bottle.request.forms.get('timezone')
analysis_session.log_path = bottle.request.forms.get('log_path')
# Set up logging
logging.basicConfig(filename=analysis_session.log_path, level=logging.DEBUG,
format='%(asctime)s.%(msecs).03d | %(levelname).01s | %(message)s',
datefmt='%Y-%m-%d %H:%M:%S')
log = logging.getLogger(__name__)
# Hindsight version info
log.info(
'\n' + '#' * 80 + '\n### Hindsight v{} (https://github.com/obsidianforensics/hindsight) ###\n'
.format(pyhindsight.__version__) + '#' * 80)
if 'windows' in ui_selected_decrypts:
analysis_session.available_decrypts['windows'] = 1
else:
analysis_session.available_decrypts['windows'] = 0
if 'mac' in ui_selected_decrypts:
analysis_session.available_decrypts['mac'] = 1
else:
analysis_session.available_decrypts['mac'] = 0
if 'linux' in ui_selected_decrypts:
analysis_session.available_decrypts['linux'] = 1
else:
analysis_session.available_decrypts['linux'] = 0
@staticmethod
def base_encoder(history_item):
item = {'source_short': 'WEBHIST', 'source_long': 'Chrome History',
'parser': 'hindsight/{}'.format(__version__)}
for key, value in history_item.__dict__.items():
# Drop any keys that have None as value
if value is None:
continue
if isinstance(value, datetime.datetime):
value = value.isoformat()
# JSONL requires utf-8 encoding
if isinstance(value, str):
value = value.decode('utf-8', errors='replace')
item[key] = value
item['datetime'] = item['timestamp']
del(item['timestamp'])
banner = '''
################################################################################
_ _ _ _ _ _
| | (_) | | (_) | | | |
| |__ _ _ __ __| |___ _ __ _| |__ | |_
| '_ \| | '_ \ / _` / __| |/ _` | '_ \| __|
| | | | | | | | (_| \__ \ | (_| | | | | |_
|_| |_|_|_| |_|\__,_|___/_|\__, |_| |_|\__|
__/ |
by @_RyanBenson |___/ v{}
################################################################################
'''.format(__version__)
analysis_session.timezone = args.timezone
if args.log == 'hindsight.log':
args.log = os.path.join(real_path, args.log)
analysis_session.log_path = args.log
# Set up logging
logging.basicConfig(filename=analysis_session.log_path, level=logging.DEBUG,
format='%(asctime)s.%(msecs).03d | %(levelname).01s | %(message)s',
datefmt='%Y-%m-%d %H:%M:%S')
log = logging.getLogger(__name__)
# Hindsight version info
log.info(
'\n' + '#' * 80 + '\n### Hindsight v{} (https://github.com/obsidianforensics/hindsight) ###\n'
.format(pyhindsight.__version__) + '#' * 80)
# Analysis start time
print(format_meta_output("Start time", str(datetime.datetime.now())[:-3]))
# Read the input directory
analysis_session.input_path = args.input
print(format_meta_output("Input directory", args.input))
log.info("Reading files from %s" % args.input)
input_listing = os.listdir(args.input)
log.debug("Input directory contents: " + str(input_listing))
# Search input directory for browser profiles to analyze
input_profiles = analysis_session.find_browser_profiles(args.input)
log.info(" - Found {} browser profile(s): {}".format(len(input_profiles), input_profiles))
analysis_session.profile_paths = input_profiles
red_url_format = workbook.add_format({'font_color': 'red', 'align': 'left'})
red_field_format = workbook.add_format({'font_color': 'red', 'align': 'right'})
red_value_format = workbook.add_format({'font_color': 'red', 'align': 'left', 'num_format': '0'})
green_type_format = workbook.add_format({'font_color': 'green', 'align': 'left'})
green_date_format = workbook.add_format({'font_color': 'green', 'num_format': 'yyyy-mm-dd hh:mm:ss.000'})
green_url_format = workbook.add_format({'font_color': 'green', 'align': 'left'})
green_field_format = workbook.add_format({'font_color': 'green', 'align': 'left'})
green_value_format = workbook.add_format({'font_color': 'green', 'align': 'left'})
blue_type_format = workbook.add_format({'font_color': 'blue', 'align': 'left'})
blue_date_format = workbook.add_format({'font_color': 'blue', 'num_format': 'yyyy-mm-dd hh:mm:ss.000'})
blue_url_format = workbook.add_format({'font_color': 'blue', 'align': 'left'})
blue_field_format = workbook.add_format({'font_color': 'blue', 'align': 'left'})
blue_value_format = workbook.add_format({'font_color': 'blue', 'align': 'left'})
# Title bar
w.merge_range('A1:H1', u'Hindsight Internet History Forensics (v%s)' % __version__, title_header_format)
w.merge_range('I1:M1', u'URL Specific', center_header_format)
w.merge_range('N1:P1', u'Download Specific', center_header_format)
w.merge_range('Q1:R1', u'', center_header_format)
w.merge_range('S1:U1', u'Cache Specific', center_header_format)
# Write column headers
w.write(1, 0, u'Type', header_format)
w.write(1, 1, u'Timestamp ({})'.format(self.timezone), header_format)
w.write(1, 2, u'URL', header_format)
w.write(1, 3, u'Title / Name / Status', header_format)
w.write(1, 4, u'Data / Value / Path', header_format)
w.write(1, 5, u'Interpretation', header_format)
w.write(1, 6, u'Profile', header_format)
w.write(1, 7, u'Source', header_format)
w.write(1, 8, u'Duration', header_format)
w.write(1, 9, u'Visit Count', header_format)
self.artifacts_counts = {}
if self.available_output_formats is None:
self.available_output_formats = ['sqlite', 'jsonl']
if self.available_decrypts is None:
self.available_decrypts = {'windows': 0, 'mac': 0, 'linux': 0}
if self.plugin_results is None:
self.plugin_results = {}
if self.preferences is None:
self.preferences = []
if __version__:
self.hindsight_version = __version__
# Try to import modules for different output formats, adding to self.available_output_format array if successful
try:
import xlsxwriter
self.available_output_formats.append('xlsx')
except ImportError:
log.warning("Couldn't import module 'xlsxwriter'; XLSX output disabled.")
# Set output name to default if not set by user
if self.output_name is None:
self.output_name = "Hindsight Report ({})".format(time.strftime('%Y-%m-%dT%H-%M-%S'))
# Try to import modules for cookie decryption on different OSes.
# Windows
try:
import win32crypt