1
import os
2

3
from core import HackingTool, HackingToolsCollection, console
4

5
from rich.panel import Panel
6
from rich.text import Text
7
from rich.prompt import Prompt
8

9

10
class Autopsy(HackingTool):
11
    TITLE = "Autopsy"
12
    DESCRIPTION = "Autopsy is a platform that is used by Cyber Investigators.\n" \
13
                  "[!] Works in any OS\n" \
14
                  "[!] Recover Deleted Files from any OS & Media \n" \
15
                  "[!] Extract Image Metadata"
16
    RUN_COMMANDS = ["sudo autopsy"]
17

18
    def __init__(self):
19
        super().__init__(installable=False)
20

21

22
class Wireshark(HackingTool):
23
    TITLE = "Wireshark"
24
    DESCRIPTION = "Wireshark is a network capture and analyzer \n" \
25
                  "tool to see what’s happening in your network.\n " \
26
                  "And also investigate Network related incident"
27
    RUN_COMMANDS = ["sudo wireshark"]
28

29
    def __init__(self):
30
        super().__init__(installable=False)
31

32

33
class BulkExtractor(HackingTool):
34
    TITLE = "Bulk extractor"
35
    DESCRIPTION = "Extract useful information without parsing the file system"
36
    PROJECT_URL = "https://github.com/simsong/bulk_extractor"
37
    SUPPORTED_OS = ["linux"]
38

39
    def __init__(self):
40
        super().__init__([
41
            ('GUI Mode (Download required)', self.gui_mode),
42
            ('CLI Mode', self.cli_mode)
43
        ], installable=False, runnable=False)
44

45
    def gui_mode(self):
46
        import subprocess
47
        from config import get_tools_dir
48
        console.print(Panel(Text(self.TITLE, justify="center"), style="bold magenta"))
49
        console.print("[bold magenta]Cloning repository and attempting to run GUI...[/]")
50
        tools_dir = get_tools_dir()
51
        subprocess.run(["git", "clone", "https://github.com/simsong/bulk_extractor.git"],
52
                       cwd=str(tools_dir))
53
        be_dir = tools_dir / "bulk_extractor"
54
        subprocess.run(["./BEViewer"], cwd=str(be_dir / "java_gui"))
55
        console.print(
56
            "[magenta]If you get an error after clone go to /java_gui/src/ and compile the .jar file && run ./BEViewer[/]")
57
        console.print(
58
            "[magenta]Please visit for more details about installation: https://github.com/simsong/bulk_extractor[/]")
59

60
    def cli_mode(self):
61
        import subprocess
62
        console.print(Panel(Text(self.TITLE + " - CLI Mode", justify="center"), style="bold magenta"))
63
        subprocess.run(["sudo", "apt", "install", "-y", "bulk-extractor"])
64
        console.print("[magenta]bulk_extractor [options] imagefile[/]")
65
        subprocess.run(["bulk_extractor", "-h"])
66

67

68
class Guymager(HackingTool):
69
    TITLE = "Disk Clone and ISO Image Acquire"
70
    DESCRIPTION = "Guymager is a free forensic imager for media acquisition."
71
    SUPPORTED_OS = ["linux"]
72
    INSTALL_COMMANDS = ["sudo apt install guymager"]
73
    RUN_COMMANDS = ["sudo guymager"]
74
    PROJECT_URL = "https://guymager.sourceforge.io/"
75

76

77

78
class Toolsley(HackingTool):
79
    TITLE = "Toolsley"
80
    DESCRIPTION = "Toolsley got more than ten useful tools for investigation.\n" \
81
                  "[+]File signature verifier\n" \
82
                  "[+]File identifier \n" \
83
                  "[+]Hash & Validate \n" \
84
                  "[+]Binary inspector \n " \
85
                  "[+]Encode text \n" \
86
                  "[+]Data URI generator \n" \
87
                  "[+]Password generator"
88
    PROJECT_URL = "https://www.toolsley.com/"
89

90
    def __init__(self):
91
        super().__init__(installable=False, runnable=False)
92

93

94
class Volatility3(HackingTool):
95
    TITLE = "Volatility 3 (Memory Forensics)"
96
    DESCRIPTION = (
97
        "The world's most widely used memory forensics framework.\n"
98
        "Usage: python3 vol.py -f memory.dmp windows.pslist"
99
    )
100
    INSTALL_COMMANDS = [
101
        "git clone https://github.com/volatilityfoundation/volatility3.git",
102
        "cd volatility3 && pip install --user -r requirements.txt",
103
    ]
104
    PROJECT_URL = "https://github.com/volatilityfoundation/volatility3"
105

106
    def run(self):
107
        from config import get_tools_dir
108
        import subprocess
109
        from rich.prompt import Prompt
110
        dump = Prompt.ask("Enter path to memory dump")
111
        plugin = Prompt.ask("Enter plugin", default="windows.pslist")
112
        subprocess.run(
113
            ["python3", "vol.py", "-f", dump, plugin],
114
            cwd=str(get_tools_dir() / "volatility3"),
115
        )
116

117

118
class Binwalk(HackingTool):
119
    TITLE = "Binwalk (Firmware Analysis)"
120
    DESCRIPTION = (
121
        "Analyze, reverse engineer, and extract firmware images.\n"
122
        "Usage: binwalk -e firmware.bin"
123
    )
124
    INSTALL_COMMANDS = ["pip install --user binwalk"]
125
    RUN_COMMANDS = ["binwalk --help"]
126
    PROJECT_URL = "https://github.com/ReFirmLabs/binwalk"
127

128

129
class Pspy(HackingTool):
130
    TITLE = "pspy (Process Monitor — No Root)"
131
    DESCRIPTION = "Monitor Linux processes without root — detects cron jobs, scheduled tasks, other users' commands."
132
    INSTALL_COMMANDS = [
133
        "curl -sSL https://github.com/DominicBreuker/pspy/releases/latest/download/pspy64 -o pspy",
134
        "chmod +x pspy",
135
    ]
136
    RUN_COMMANDS = ["./pspy --help"]
137
    PROJECT_URL = "https://github.com/DominicBreuker/pspy"
138
    SUPPORTED_OS = ["linux"]
139

140

141
class ForensicTools(HackingToolsCollection):
142
    TITLE = "Forensic tools"
143
    TOOLS = [
144
        Autopsy(),
145
        Wireshark(),
146
        BulkExtractor(),
147
        Guymager(),
148
        Toolsley(),
149
        Volatility3(),
150
        Binwalk(),
151
        Pspy(),
152
    ]
153

154
if __name__ == "__main__":
155
    tools = ForensicTools()
156
    tools.show_options()
157

158