-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathMOF Suite.py
More file actions
417 lines (338 loc) · 18.2 KB
/
MOF Suite.py
File metadata and controls
417 lines (338 loc) · 18.2 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
# Import multiple libraries.
import platform
import subprocess
import sys
from PyQt5.QtWidgets import QApplication, QDialog, QFormLayout, QLineEdit, QVBoxLayout, QPushButton, QMessageBox, QMenuBar, QMenu, QAction
# Create a class for the MOF Suite application.
class MOFSuite(QDialog):
def __init__(self):
super().__init__()
self.setWindowTitle("MOF Suite")
self.layout = QVBoxLayout()
self.form_layout = QFormLayout()
# Create QLineEdit widgets for different case details.
self.investigator_name = QLineEdit()
self.case_number = QLineEdit()
self.evidence_number = QLineEdit()
self.evidence_details = QLineEdit()
self.date = QLineEdit()
# Add the QLineEdit widgets to the form layout.
self.form_layout.addRow("Investigator Name:", self.investigator_name)
self.form_layout.addRow("Case Number:", self.case_number)
self.form_layout.addRow("Evidence Number:", self.evidence_number)
self.form_layout.addRow("Evidence Details:", self.evidence_details)
self.form_layout.addRow("Date:", self.date)
# Create a button to save case details.
self.save_button = QPushButton("Save Case Details")
self.save_button.clicked.connect(self.save_case_details)
# Create a button to detect the operating system.
self.detect_os_button = QPushButton("Detect OS")
self.detect_os_button.clicked.connect(self.detect_os)
# Add the form layout and buttons to the main layout.
self.layout.addLayout(self.form_layout)
self.layout.addWidget(self.save_button)
self.layout.addWidget(self.detect_os_button)
self.setLayout(self.layout)
self.setFixedHeight(300)
self.setFixedWidth(420)
# This code initializes a menu bar for a GUI application.
self.init_menu()
def init_menu(self):
menu_bar = QMenuBar()
self.layout.setMenuBar(menu_bar)
# File menu
file_menu = QMenu("File", self)
menu_bar.addMenu(file_menu)
# Create an "Exit" QAction and add it to the file menu.
exit_action = QAction("Exit", self)
exit_action.triggered.connect(self.close)
file_menu.addAction(exit_action)
# Operating System Details menu
os_details_menu = QMenu("OS Details", self)
menu_bar.addMenu(os_details_menu)
# Create a menu item for generating a OS basic information report.
os_info_action = QAction("OS Information", self)
os_info_action.triggered.connect(self.generate_os_info_report)
os_details_menu.addAction(os_info_action)
# Create a menu item for generating a installed softwares report.
installed_softwares_action = QAction("Installed Softwares", self)
installed_softwares_action.triggered.connect(
self.generate_installed_softwares_report)
os_details_menu.addAction(installed_softwares_action)
# Create a menu item for generating a patches list report.
patches_list_action = QAction("Patches List", self)
patches_list_action.triggered.connect(
self.generate_patches_list_report)
os_details_menu.addAction(patches_list_action)
# Users menu
users_menu = QMenu("Users", self)
menu_bar.addMenu(users_menu)
# Create a menu item for generating a user list report.
user_list_action = QAction("User List", self)
user_list_action.triggered.connect(self.generate_user_list_report)
users_menu.addAction(user_list_action)
# Create a menu item for generating a user groups list report.
groups_action = QAction("Groups", self)
groups_action.triggered.connect(self.generate_groups_report)
users_menu.addAction(groups_action)
# Event Logs menu
event_logs_menu = QMenu("Event Logs", self)
menu_bar.addMenu(event_logs_menu)
# Create a menu item for generating a system logs report.
system_logs_action = QAction("System Logs", self)
system_logs_action.triggered.connect(self.generate_system_logs_report)
event_logs_menu.addAction(system_logs_action)
# Create a menu item for generating a running processes report.
executed_processes_action = QAction("Executed Processes", self)
executed_processes_action.triggered.connect(
self.generate_executed_processes_report)
event_logs_menu.addAction(executed_processes_action)
# Create a menu item for generating a users logon report.
logon_events_action = QAction("Logon Events", self)
logon_events_action.triggered.connect(
self.generate_logon_events_report)
event_logs_menu.addAction(logon_events_action)
# Create a menu item for generating a log report of installed packages.
installation_logs_action = QAction("Installation Logs", self)
installation_logs_action.triggered.connect(
self.generate_installation_logs_report)
event_logs_menu.addAction(installation_logs_action)
# Create a menu item for generating a user logs report.
user_logs_action = QAction("User Logs", self)
user_logs_action.triggered.connect(self.generate_user_logs_report)
event_logs_menu.addAction(user_logs_action)
# Create a menu item for generating a kernel network logs report.
kernel_network_logs_action = QAction("Kernel Network Logs", self)
kernel_network_logs_action.triggered.connect(
self.generate_kernel_network_logs_report)
event_logs_menu.addAction(kernel_network_logs_action)
# Drives menu
drives_menu = QMenu("Drives", self)
menu_bar.addMenu(drives_menu)
# Create a menu item for generating a file system related report.
root_file_system_action = QAction("File System", self)
root_file_system_action.triggered.connect(
self.generate_file_system_report)
drives_menu.addAction(root_file_system_action)
# Create a menu item for generating a list of drives on operating system.
drives_list_action = QAction("Drives List", self)
drives_list_action.triggered.connect(self.generate_drives_list_report)
drives_menu.addAction(drives_list_action)
# Devices submenu
usb_submenu = QMenu("USB Devices", self)
# Create a submenu item for generating a attached USB devices list report.
usb_devices_action = QAction("USB Devices", self)
usb_devices_action.triggered.connect(self.generate_usb_devices_report)
usb_submenu.addAction(usb_devices_action)
# Create a submenu item for generating a detailed USB drives list report.
usb_devices_detailed_action = QAction("USB Devices Detailed", self)
usb_devices_detailed_action.triggered.connect(
self.generate_usb_devices_detailed_report)
usb_submenu.addAction(usb_devices_detailed_action)
# Create a submenu item for generating a USB drives attach history report.
usb_devices_history_action = QAction("USB Devices History", self)
usb_devices_history_action.triggered.connect(
self.generate_usb_devices_history_report)
usb_submenu.addAction(usb_devices_history_action)
drives_menu.addMenu(usb_submenu)
# Create a menu item for generating a report of files created during last 7 days.
file_created_action = QAction("Files Created (NA)", self)
file_created_action.triggered.connect(
self.generate_file_created_report)
drives_menu.addAction(file_created_action)
# Suspicious Files submenu
suspicious_submenu = QMenu("Suspicious Files", self)
# Create a submenu item for generating a report of ELFs (Executables and Linkable Files) using regular expression.
suspicious_elf_action = QAction("Suspicious ELFs", self)
suspicious_elf_action.triggered.connect(
self.generate_suspicious_elf_report)
suspicious_submenu.addAction(suspicious_elf_action)
# Create a submenu item for generating a report of suspicious image files.
suspicious_images_action = QAction("Suspicious Images", self)
suspicious_images_action.triggered.connect(
self.generate_suspicious_images_report)
suspicious_submenu.addAction(suspicious_images_action)
drives_menu.addMenu(suspicious_submenu)
# Networks menu
networks_menu = QMenu("Networks", self)
menu_bar.addMenu(networks_menu)
# Create a menu item for generating an Internet Protocol Configuration report.
ip_configurations_action = QAction("IP Configurations", self)
ip_configurations_action.triggered.connect(
self.generate_ip_configurations_report)
networks_menu.addAction(ip_configurations_action)
# Create a menu item for generating a report of saved wifi networks.
saved_connections_action = QAction("Saved Connections (root)", self)
saved_connections_action.triggered.connect(
self.generate_saved_connections_report)
networks_menu.addAction(saved_connections_action)
# Create a menu item for generating Address Resolution Protocol (ARP) cache report.
arp_cache_action = QAction("ARP Cache", self)
arp_cache_action.triggered.connect(self.generate_arp_cache_report)
networks_menu.addAction(arp_cache_action)
# Create a menu item for generating a Domain Name System (DNS) cache report.
dns_cache_action = QAction("DNS Cache", self)
dns_cache_action.triggered.connect(self.generate_dns_cache_report)
networks_menu.addAction(dns_cache_action)
# Create a menu item for generating a report of active tcp connections.
tcp_connections_action = QAction("TCP Connections", self)
tcp_connections_action.triggered.connect(
self.generate_tcp_connections_report)
networks_menu.addAction(tcp_connections_action)
# Create a menu item for generating a list of rules configured by firewall.
firewall_rules_action = QAction("Firewall Rules (root)", self)
firewall_rules_action.triggered.connect(
self.generate_firewall_rules_report)
networks_menu.addAction(firewall_rules_action)
# Create a menu item for generating a report of all system services with status e.g. enabled, disabled.
systemctl_services_action = QAction("Systemctl Services", self)
systemctl_services_action.triggered.connect(
self.generate_systemctl_services_report)
networks_menu.addAction(systemctl_services_action)
# Method to get the entered case details
def save_case_details(self):
case_details = f"Investigator Name: {self.investigator_name.text()}\n" \
f"Case Number: {self.case_number.text()}\n" \
f"Evidence Number: {self.evidence_number.text()}\n" \
f"Evidence Details: {self.evidence_details.text()}\n" \
f"Date: {self.date.text()}"
# Save case details to the file
with open("0. Case_Details.txt", "w") as file:
file.write(case_details)
QMessageBox.information(
self, "Saved", "Case details saved successfully.")
# Method to detect the Operating System type
def detect_os(self):
system = platform.system()
if system == "Windows":
QMessageBox.information(
self, "OS Detected", "Windows Operating System Detected")
elif system == "Linux":
QMessageBox.information(
self, "OS Detected", "Linux Operating System Detected")
else:
QMessageBox.information(
self, "OS Detected", "Unknown operating system")
def run_command(self, command, output_file):
try:
# Execute the command and capture the output
output = subprocess.check_output(
command, shell=True, universal_newlines=True)
# Write the output to the specified file
with open(output_file, "w") as file:
file.write(output)
QMessageBox.information(
self, "Report Generated", f"Report generated successfully: {output_file}")
except subprocess.CalledProcessError:
QMessageBox.warning(
self, "Error", f"Failed to generate report: {output_file}")
# Method to get operating system information
def generate_os_info_report(self):
command = "lsb_release -a"
self.run_command(command, "1. OS_Info.txt")
# This method generates a report of all the installed software on a Debian-based system.
def generate_installed_softwares_report(self):
command = "dpkg --list"
self.run_command(command, "2. Installed_Softwares.txt")
# Method to get a list of all installed patches/updates.
def generate_patches_list_report(self):
command = "dpkg --get-selections | grep -E 'install|hold'"
self.run_command(command, "3. Installed_Patches.txt")
# Method to get user list.
def generate_user_list_report(self):
command = "getent passwd | awk -F: '{OFS=\":\"; print $1, $3, $4, $5, $6, $7}' | column -s\":\" -t"
self.run_command(command, "4. User_list.txt")
# Method to get a list of all groups.
def generate_groups_report(self):
command = "getent group | awk -F: '{printf \"%-10s %-5s %s\\n\", $1, $3, $4}' | column -t"
self.run_command(command, "5. Groups.txt")
# Method to get report of system logs.
def generate_system_logs_report(self):
command = "cat /var/log/syslog"
self.run_command(command, "6.Sys_Logs.txt")
# Method to get a list of all running processes.
def generate_executed_processes_report(self):
command = "ps -eo pid,ppid,user,start,cmd,ag_id,group,gid,policy,size"
self.run_command(command, "7. Executed_Processes.txt")
# Method to get report of user login history.
def generate_logon_events_report(self):
command = "last"
self.run_command(command, "8. Logon_Events.txt")
# Method to get report of installed debian packages.
def generate_installation_logs_report(self):
command = "cat /var/log/dpkg.log"
self.run_command(command, "9. Installation_logs.txt")
# Method to get a report of user logs.
def generate_user_logs_report(self):
command = "cat /var/log/auth.log"
self.run_command(command, "10. User_logs.txt")
# Method to get a report of kernel network logs.
def generate_kernel_network_logs_report(self):
command = "dmesg"
self.run_command(command, "11. Kernel_Network_Logs.txt")
# Method to generate a report about file system including some basic information.
def generate_file_system_report(self):
command = "df -T -H /"
self.run_command(command, "12. Root_File_System.txt")
# Method to get a list of all drives with some basic information.
def generate_drives_list_report(self):
command = "lsblk -o NAME,SIZE,FSTYPE,MOUNTPOINT,MODEL,SERIAL,WWN"
self.run_command(command, "13. Drives_List.txt")
# Method to get USB Devices list.
def generate_usb_devices_report(self):
command = "lsusb"
self.run_command(command, "14a. USB_Devices.txt")
# Method to get detailed USB devices list.
def generate_usb_devices_detailed_report(self):
command = "usb-devices"
self.run_command(command, "14b. USB_Devices_Detailed.txt")
# Method to generate a report of USB devices history
def generate_usb_devices_history_report(self):
command = "cat /var/log/syslog | grep -i 'USB\|drive'"
self.run_command(command, "14c. USB_Devices_History.txt")
# Method to get a list of files created during last 7 days.
def generate_file_created_report(self):
command = "find / -type f -ctime 7 2>/dev/null"
self.run_command(command, "15. Created_Files (-7 Days).txt")
# Method to get a list of all suspicious ELFs.
def generate_suspicious_elf_report(self):
command = "find / -regex '.*\\.\(jpg\|gif\|png\|jpeg\)' -type f -exec file -p '{}' \; 2>/dev/null | grep ELF | cut -d':' -f1"
self.run_command(command, "16a. Suspicious_ELFs.txt")
# Method to get a list of all suspicious image files.
def generate_suspicious_images_report(self):
command = "find / -regex '.*\\.\(jpg\|gif\|png\|jpeg\)' -type f -exec file -p '{}' \; 2>/dev/null | grep -v image"
self.run_command(command, "16b. Suspicious_Images.txt")
# Method to get a report of IP Configurations including network adapters.
def generate_ip_configurations_report(self):
command = "ifconfig -a"
self.run_command(command, "17. IP_Configurations.txt")
# Method to get a detailed list of all saved wifi networks.
def generate_saved_connections_report(self):
command = "cat /etc/NetworkManager/system-connections/*"
self.run_command(command, "18. Saved_Connections.txt")
# Method to get a report of ARP cache.
def generate_arp_cache_report(self):
command = "arp -a"
self.run_command(command, "19. ARP_Cache.txt")
# Method to get a report of DNS cache.
def generate_dns_cache_report(self):
command = "cat /etc/resolv.conf"
self.run_command(command, "20. DNS_Cache.txt")
# Method to get a list of all active TCP connections.
def generate_tcp_connections_report(self):
command = "netstat -atn"
self.run_command(command, "21. TCP_Connections.txt")
# Method to get a list of all configured firewall rules.
def generate_firewall_rules_report(self):
command = "iptables -L"
self.run_command(command, "22. Firewall_Rules.txt")
# Method to get a list of all system services alongwith status e.g. enabled, disabled.
def generate_systemctl_services_report(self):
command = "systemctl list-unit-files"
self.run_command(command, "23. Systemctl_Services.txt")
'''This code block is the entry point of the application. It creates a QApplication object, initializes the MOFSuite dialog, shows it, and starts the application event loop. When the event loop is exited, the application is terminated.'''
if __name__ == "__main__":
app = QApplication(sys.argv)
dialog = MOFSuite()
dialog.show()
sys.exit(app.exec_())