How to use the regipy.utils._get_log_handlers function in regipy

To help you get started, we’ve selected a few regipy examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github mkorman90 / regipy / regipy / cli.py View on Github external
def run_plugins(hive_path, output_path, plugins, hive_type, partial_hive_path, verbose):
    with logbook.NestedSetup(_get_log_handlers(verbose=verbose)).applicationbound():
        registry_hive = RegistryHive(hive_path, hive_type=hive_type, partial_hive_path=partial_hive_path)
        click.secho('Loaded {} plugins'.format(len(PLUGINS)), fg='white')

        if plugins:
            plugin_names = {x.NAME for x in PLUGINS}
            plugins = plugins.split(',')
            plugins = set(plugins)
            if not plugins.issubset(plugin_names):
                click.secho('Invalid plugin names given: {}'.format(','.join(set(plugins) - plugin_names)), fg='red')
                click.secho('Use --help or -h to get list of plugins and their descriptions', fg='red')
                return

        # Run relevant plugins
        plugin_results = run_relevant_plugins(registry_hive, as_json=True, plugins=plugins)

        # If output path was set, dump results to disk
github mkorman90 / regipy / regipy / cli.py View on Github external
def parse_header(hive_path, verbose):
    with logbook.NestedSetup(_get_log_handlers(verbose=verbose)).applicationbound():
        registry_hive = RegistryHive(hive_path)

        click.secho(tabulate(registry_hive.header.items(), tablefmt='fancy_grid'))

        if registry_hive.header.primary_sequence_num != registry_hive.header.secondary_sequence_num:
            click.secho('Hive is not clean! You should apply transaction logs', fg='red')

        calculated_checksum = calculate_xor32_checksum(registry_hive._stream.read(4096))
        if registry_hive.header.checksum != calculated_checksum:
            click.secho('Hive is not clean! Header checksum does not match', fg='red')
github mkorman90 / regipy / regipy / cli.py View on Github external
def reg_diff(first_hive_path, second_hive_path, output_path, verbose):
    with logbook.NestedSetup(_get_log_handlers(verbose=verbose)).applicationbound():
        REGDIFF_HEADERS = ['difference', 'first_hive', 'second_hive', 'description']

        found_differences = compare_hives(first_hive_path, second_hive_path, verbose=verbose)
        click.secho('Comparing {} vs {}'.format(os.path.basename(first_hive_path), os.path.basename(second_hive_path)))

        if output_path:
            with open(output_path, 'w') as csvfile:
                csvwriter = csv.writer(csvfile, delimiter='|', quoting=csv.QUOTE_MINIMAL)
                csvwriter.writerow(REGDIFF_HEADERS)
                for difference in found_differences:
                    csvwriter.writerow(difference)
        else:
            click.secho(tabulate(found_differences, headers=REGDIFF_HEADERS,
                                 tablefmt='fancy_grid'))
        click.secho(f'Detected {len(found_differences)} differences', fg='green')
github mkorman90 / regipy / regipy / cli.py View on Github external
def hive_to_json(hive_path, output_path, registry_path, timeline, hive_type, partial_hive_path, verbose):
    with logbook.NestedSetup(_get_log_handlers(verbose=verbose)).applicationbound():
        registry_hive = RegistryHive(hive_path, hive_type=hive_type, partial_hive_path=partial_hive_path)

        if registry_path:
            try:
                name_key_entry = registry_hive.get_key(registry_path)
            except RegistryKeyNotFoundException as ex:
                logger.debug('Did not find the key: {}'.format(ex))
                return
        else:
            name_key_entry = registry_hive.root

        if timeline and not output_path:
            click.secho('You must provide an output path if choosing timeline output!', fg='red')
            return

        if output_path:
github mkorman90 / regipy / regipy / cli.py View on Github external
def parse_transaction_log(hive_path, primary_log_path, secondary_log_path, output_path, verbose):
    with logbook.NestedSetup(_get_log_handlers(verbose=verbose)).applicationbound():
        logger.info(f'Processing hive {hive_path} with transaction log {primary_log_path}')
        if secondary_log_path:
            logger.info(f'Processing hive {hive_path} with secondary transaction log {primary_log_path}')

        restored_hive_path, recovered_dirty_pages_count = apply_transaction_logs(hive_path, primary_log_path,
                                                                                 secondary_log_path=secondary_log_path,
                                                                                 restored_hive_path=output_path,
                                                                                 verbose=verbose)
        if recovered_dirty_pages_count:
            click.secho(
                f'Recovered {recovered_dirty_pages_count} dirty pages. Restored hive is at {restored_hive_path}',
                fg='green')