v2.4.1 (#137)

DefinetlyNotAI · web-flow · commit bc1518ab9117 · 2024-11-13T13:59:29.000+04:00
## Pull Request Template ### Prerequisites   - [x] I have [searched](https://github.com/DefinetlyNotAI/Logicytics/pulls) for duplicate or closed issues. - [x] I have read the [contributing guidelines](https://github.com/DefinetlyNotAI/Logicytics/blob/main/CONTRIBUTING.md). - [x] I have followed the instructions in the [wiki](https://github.com/DefinetlyNotAI/Logicytics/wiki) about contributions. - [x] I have updated the documentation accordingly, if required. - [x] I have tested my code with the `--dev` flag, if required. ### PR Type   - [x] Bug fix  - [x] New feature  - [x] Refactoring  - [x] Documentation update  - [ ] ⚠️ Breaking change ⚠️  ### Description  Ehh, fixed bugs that made half of the program not run ### Motivation and Context  Many minor and major bugs ### Credit   _N/A_ ### Issues Fixed  _N/A_
diff --git a/CODE/Logicytics.py b/CODE/Logicytics.py
diff --git a/CODE/__lib_class.py b/CODE/__lib_class.py
@@ -1,13 +1,15 @@
 from __future__ import annotations
+
 import argparse
+import ctypes
 import json
 import os
-import subprocess
-import ctypes
 import os.path
+import subprocess
 import zipfile
-from subprocess import CompletedProcess
 from pathlib import Path
+from subprocess import CompletedProcess
+
 from __lib_log import Log
 
 
@@ -310,7 +312,7 @@ def uac() -> bool:
         return int(value.strip("\n")) == 1
 
     @staticmethod
-    def sys_internal_zip():
+    def sys_internal_zip() -> str:
         """
         Extracts the SysInternal_Suite zip file if it exists and is not ignored.
 
@@ -331,49 +333,30 @@ def sys_internal_zip():
                         "SysInternal_Suite/SysInternal_Suite.zip"
                 ) as zip_ref:
                     zip_ref.extractall("SysInternal_Suite")
-                if __name__ == "__main__":
-                    Log({"log_level": DEBUG}).debug("SysInternal_Suite zip extracted")
+                    return "SysInternal_Suite zip extracted"
 
             elif ignore_file:
-                if __name__ == "__main__":
-                    Log({"log_level": DEBUG}).debug(
-                        "Found .sys.ignore file, skipping SysInternal_Suite zip extraction"
-                    )
+                return "Found .sys.ignore file, skipping SysInternal_Suite zip extraction"
 
         except Exception as err:
             exit(f"Failed to unzip SysInternal_Suite: {err}")
 
 
 class Execute:
     @classmethod
-    def file(cls, execution_list: list, Index: int):
-        # IT IS USED, DO NOT REMOVE
-        """
-        Executes a file from the execution list at the specified index.
-        Parameters:
-            Index (int): The index of the file to be executed in the execution list.
-            execution_list (list): List to use when indexing
-        Returns:
-            None
-        """
-        cls.script(execution_list[Index])
-        if __name__ == "__main__":
-            Log().info(f"{execution_list[Index]} executed")
-
-    @classmethod
-    def script(cls, script_path: str):
+    def script(cls, script_path: str) -> list[list[str]] | None:
         """
         Executes a script file and handles its output based on the file extension.
         Parameters:
             script_path (str): The path of the script file to be executed.
         """
-        if script_path.endswith(".ps1"):
-            cls.__unblock_ps1_script(script_path)
-            cls.__run_other_script(script_path)
-        elif script_path.endswith(".py"):
+        if script_path.endswith(".py"):
             cls.__run_python_script(script_path)
+            return None
         else:
-            cls.__run_other_script(script_path)
+            if script_path.endswith(".ps1"):
+                cls.__unblock_ps1_script(script_path)
+            return cls.__run_other_script(script_path)
 
     @staticmethod
     def command(command: str) -> str:
@@ -401,8 +384,6 @@ def __unblock_ps1_script(script: str):
         try:
             unblock_command = f'powershell.exe -Command "Unblock-File -Path {script}"'
             subprocess.run(unblock_command, shell=False, check=True)
-            if __name__ == "__main__":
-                Log().info("PS1 Script unblocked.")
         except Exception as err:
             exit(f"Failed to unblock script: {err}")
 
@@ -421,23 +402,23 @@ def __run_python_script(script: str):
         # LEAVE AS PRINT
         print(result.decode())
 
-    @staticmethod
-    def __run_other_script(script: str):
+    @classmethod
+    def __run_other_script(cls, script: str) -> list[list[str]]:
         """
         Runs a script with other extensions and logs output based on its content.
         Parameters:
             script (str): The path of the script.
         Returns:
             None
         """
-
-        result = subprocess.run(
-            ["powershell.exe", ".\\" + script], capture_output=True, text=True
-        )
-        lines = result.stdout.splitlines()
-        ID = next((line.split(":")[0].strip() for line in lines if ":" in line), None)
-        if ID and __name__ == "__main__":
-            Log().string(str(lines), ID)
+        result = cls.command(f"powershell.exe -File {script}")
+        lines = result.splitlines()
+        messages = []
+        for line in lines:
+            if ":" in line:
+                id_part, message_part = line.split(":", 1)
+                messages.append([message_part.strip(), id_part.strip()])
+        return messages
 
 
 class Get:
diff --git a/CODE/__lib_log.py b/CODE/__lib_log.py
@@ -221,6 +221,12 @@ def __internal(self, message):
         if self.color and message != "None" and message is not None:
             colorlog.log(self.INTERNAL_LOG_LEVEL, str(message))
 
+    def execute_log_parse(self, message_log):
+        if message_log:
+            for message_list in message_log:
+                if len(message_list) == 2:
+                    self.string(message_list[0], message_list[1])
+
 
 if __name__ == "__main__":
     Log().exception(
diff --git a/CODE/_dev.py b/CODE/_dev.py
@@ -65,8 +65,7 @@ def dev_checks(self) -> str | None:
             ("Have you made files you don't want to be run start with '_'?", "."),
             ("Have you added the file to CODE dir?", "."),
             ("Have you added docstrings and comments?", "../CONTRIBUTING.md"),
-            ("Is each file containing no more than 1 feature?", "../CONTRIBUTING.md"),
-            ("Have you NOT modified __wrapper__.py without authorization?", "Logicytics.py"),
+            ("Is each file containing around 1 main feature?", "../CONTRIBUTING.md"),
         ]
         try:
             for question, file_to_open in checks:
diff --git a/CODE/_zipper.py b/CODE/_zipper.py
@@ -36,13 +36,13 @@ class Zip:
     @staticmethod
     def __get_files_to_zip(path: str) -> list:
         """
-        Returns a list of files to be zipped, excluding certain file types and names.
+        Returns a list of files and directories to be zipped, excluding certain file types and names.
 
         Args:
             path (str): The directory path to search for files.
 
         Returns:
-            list: A list of file names to be zipped.
+            list: A list of file and directory names to be zipped.
         """
         return [
             f
@@ -66,7 +66,12 @@ def __create_zip_file(path: str, files: list, filename: str):
         """
         with zipfile.ZipFile(f"{filename}.zip", "w") as zip_file:
             for file in files:
-                zip_file.write(os.path.join(path, file))
+                if os.path.isdir(os.path.join(path, file)):
+                    for root, _, files in os.walk(os.path.join(path, file)):
+                        for f in files:
+                            zip_file.write(os.path.join(root, f), os.path.relpath(os.path.join(root, f), path))
+                else:
+                    zip_file.write(os.path.join(path, file))
 
     @staticmethod
     def __remove_files(path: str, files: list):
diff --git a/CODE/browser_miner.ps1 b/CODE/browser_miner.ps1
@@ -47,7 +47,7 @@ $fullSourcePath = $sourcePath -replace '\{\}', $currentUser
 # Enhanced error checking for source path existence and accessibility
 if (-not (Test-PathAndAccess $fullSourcePath))
 {
-    Write-Host "ERROR: Source path $fullSourcePath does not exist or cannot be accessed."
+    Write-Host "WARNING: Source path $fullSourcePath does not exist or cannot be accessed."
 continue
 }
 
@@ -84,9 +84,7 @@ Write-Host "INFO: Successfully copied $fullSourcePath to $destinationPath"
 catch
 {
     # Detailed error handling
-    Write-Host "ERROR: An error occurred while copying $fullSourcePath to $destinationPath. Error: $_"
+    Write-Host "ERROR: An error occurred while copying $fullSourcePath to $destinationPath : $_"
 exit
 }
 }
-
-# TODO Test me
diff --git a/CODE/config.json b/CODE/config.json
@@ -1,6 +1,6 @@
 {
     "Log Level Debug?": false,
-    "VERSION": "2.4.0",
+    "VERSION": "2.4.1",
     "CURRENT_FILES": [
         "browser_miner.ps1",
         "cmd_commands.py",
@@ -15,7 +15,7 @@
         "ssh_miner.py",
         "sys_internal.py",
         "tasklist.py",
-        "tree.bat",
+        "tree.ps1",
         "wifi_stealer.py",
         "window_feature_miner.ps1",
         "wmic.py",
diff --git a/CODE/media_backup.py b/CODE/media_backup.py
@@ -60,4 +60,3 @@ def backup(self):
 
 
 Media().backup()
-# TODO Test me
diff --git a/CODE/registry.py b/CODE/registry.py
@@ -16,11 +16,12 @@ def backup_registry():
     cmd = [reg_path, "export", "HKLM", export_path]
 
     try:
-        subprocess.run(cmd, check=True)
-        log.info(f"Registry backed up successfully to {export_path}")
+        result = subprocess.run(cmd, check=True, capture_output=True, text=True)
+        log.info(f"Registry backed up successfully to {export_path}. Output: {result.stdout}")
     except subprocess.CalledProcessError as e:
+        log.error(f"Failed to back up the registry: {e}. More details: {result.stderr}")
+    except Exception as e:
         log.error(f"Failed to back up the registry: {e}")
 
 
 backup_registry()
-# TODO Fix the issue of random operation completion message not adhering colorlog
diff --git a/CODE/ssh_miner.py b/CODE/ssh_miner.py
@@ -44,4 +44,3 @@ def ssh_miner():
 
 
 ssh_miner()
-# TODO Test me
diff --git a/CODE/tree.bat b/CODE/tree.bat
diff --git a/CODE/tree.ps1 b/CODE/tree.ps1
@@ -0,0 +1,9 @@
+Write-Host "INFO: Starting Tree Command"
+
+# Define the output file name as Tree.txt
+$outputFile = "Tree.txt"
+
+# Run the tree command and redirect the output to the file
+tree /f C:\ | Out-File -FilePath $outputFile -Force
+
+Write-Host "INFO: Saved $outputFile"
diff --git a/PLANS.md b/PLANS.md
@@ -2,9 +2,9 @@
 
 | Task                                                                                                                 | Version |
 |----------------------------------------------------------------------------------------------------------------------|---------|
-| Check todos                                                                                                          | v2.4.1  |
-| Refactor logicytics                                                                                                  | v2.4.1  |
+| Docstring everything again                                                                                           | v2.4.2  |
 | Implement a parser for Windows Event Logs to extract and analyze security-related events.                            | v2.4.2  |
 | Enable integration with popular SIEM (Security Information and Event Management) systems.                            | v2.5.0  |
 | Add a tool to capture and analyse network traffic, which can help in forensic investigations.                        | v2.5.0  |
+| Change config.json to config.ini                                                                                     | v2.5.0  |
 | Integrate machine learning algorithms to detect anomalies and potential security threats automatically and log them. | v3.0.0  |
diff --git a/README.md b/README.md
@@ -73,10 +73,10 @@ This opens a help menu.
 Once you have run the program, you can run the program with the following command:
 `python Logicytics.py -h`
 Replace the flags with the ones you want to use.
-you must have admin privelages while running!
+you must have admin privileges while running!
 
 > [!TIP]
-> Although its really recommended to use admin, by setting debug in the config.json to true, you can bypass this requirement
+> Although it's really recommended to use admin, by setting debug in the config.json to true, you can bypass this requirement
 
 6) Wait for magic to happen 🧙‍♀️
 Logicytics will now run and gather data according to the flags you used.
@@ -102,7 +102,8 @@ If you have an idea or want to contribute to the project, you can submit an issu
 After running and successfully collecting data, you may traverse the ACCESS directory as much as you like,
 Remove add and delete files, it's the safest directory where your backups, hashes, data zips and logs are found.
 
-Also watch this [video](https://www.youtube.com/watch?v=XVTBmdTQqOs) for a better understanding of Logicytics
+> [!TIP]
+> Watch this [video](https://www.youtube.com/watch?v=XVTBmdTQqOs) for a better understanding of Logicytics
 
 ## 🔧 Configuration 🔧
 
@@ -155,7 +156,7 @@ The `--modded` flag can also be used to run custom scripts.
 If you want to run a custom script with the `--modded` flag, 
 you can add the script to the `MODS` directory, and it will be run with the `--modded` flag.
 
-To check all the mods and how to make your own, you can check the `Logicytics.py` file and the WIKI.
+To check all the mods and how to make your own, you can check the `Logicytics.py` file and the Wiki.
 Also refer to the contributing.md for more info
 
 ## 🛑 Troubleshooting 🛑
@@ -180,7 +181,7 @@ If those don't work attempt:
 
 ### Support Resources
 
-Check out the [GitHub wiki](https://github.com/DefinetlyNotAI/Logicytics/wiki) for help
+Check out the [GitHub wiki](https://github.com/DefinetlyNotAI/Logicytics/wiki) for help.
 
 ## 📊 Data Analysis 📊
 
@@ -190,7 +191,8 @@ Logicytics extracts a wide range of data points on a Windows system.
 
 Here are some of the data points that Logicytics extracts:
 
-Don't recreate these:
+> [!IMPORTANT]
+> Don't recreate these as then it's a waste of time for you
 
 <table>
   <tr>
@@ -283,7 +285,8 @@ Don't recreate these:
 This is not an exhaustive list, 
 but it should give you a good idea of what data Logicytics is capable of extracting.
 
-**Any file with `_` is not counted here, do note they may range from custom libraries to special files/wrappers**
+> [!NOTE]
+> **Any file with `_` is not counted here, do note they may range from custom libraries to special files/wrappers**
 
 ### Want to create your own mod?
 
@@ -301,7 +304,10 @@ special tools
 
 ### Want to create your own mod?
 
-Check out the [contributing guidlines](CONTRIBUTING.md) file for more info
+Check out the [contributing guidlines](CONTRIBUTING.md) file for more info, as well as the [wiki guidelines](https://github.com/DefinetlyNotAI/Logicytics/wiki/5-Contribution-Guidelines) for more info
+
+> [!IMPORTANT]
+> Always adhere to the [coding standards](https://github.com/DefinetlyNotAI/Logicytics/wiki/6-Coding-Standards) of Logicytics!
 
 ## 🌟 Conclusion 🌟
 
@@ -311,15 +317,14 @@ from forensics to system information gathering.
 Its ability to extract data from various sources makes it a valuable tool
 for any Windows system administrator or forensic investigator.
 
-### 📣 Note
-
-Please remember that extracting data from a system without proper authorization is illegal and unethical.
-Always obtain proper authorization before extracting any data from a system.
+> [!CAUTION]
+> Please remember that extracting data from a system without proper authorization is illegal and unethical.
+> Always obtain proper authorization before extracting any data from a system.
 
 ### 🔗 Links
 
 - [Project's Wiki](https://github.com/DefinetlyNotAI/Logicytics/wiki)
-- [Project's Future](https://definetlynotai.github.io/Logicytics/WEB/roadmap.html)
+- [Project's Future](PLANS.md)
 - [Project's License](LICENSE)
 
 ### License

Original file line number	Diff line number	Diff line change
`@@ -47,7 +47,7 @@ $fullSourcePath = $sourcePath -replace '\{\}', $currentUser`
`47`	`47`	`# Enhanced error checking for source path existence and accessibility`
`48`	`48`	`if (-not (Test-PathAndAccess $fullSourcePath))`
`49`	`49`	`{`
`50`		`- Write-Host "ERROR: Source path $fullSourcePath does not exist or cannot be accessed."`
	`50`	`+ Write-Host "WARNING: Source path $fullSourcePath does not exist or cannot be accessed."`
`51`	`51`	`continue`
`52`	`52`	`}`
`53`	`53`
`@@ -84,9 +84,7 @@ Write-Host "INFO: Successfully copied $fullSourcePath to $destinationPath"`
`84`	`84`	`catch`
`85`	`85`	`{`
`86`	`86`	`# Detailed error handling`
`87`		`- Write-Host "ERROR: An error occurred while copying $fullSourcePath to $destinationPath. Error: $_"`
	`87`	`+ Write-Host "ERROR: An error occurred while copying $fullSourcePath to $destinationPath : $_"`
`88`	`88`	`exit`
`89`	`89`	`}`
`90`	`90`	`}`
`91`		`-`
`92`		`-# TODO Test me`
Original file line number	Diff line number	Diff line change
`@@ -60,4 +60,3 @@ def backup(self):`
`60`	`60`
`61`	`61`
`62`	`62`	`Media().backup()`
`63`		`-# TODO Test me`
Original file line number	Diff line number	Diff line change
`@@ -44,4 +44,3 @@ def ssh_miner():`
`44`	`44`
`45`	`45`
`46`	`46`	`ssh_miner()`
`47`		`-# TODO Test me`