Add sshniff

.vscode/settings.json

@@ -149,6 +149,7 @@
         "deobshell",
         "desktopicon",
         "devcon",
+        "devel",
         "Dfile",
         "DFIR",
         "dfirws",
@@ -709,6 +710,7 @@
         "sqlitebrowser",
         "Squiblydoo",
         "ssdeep",
+        "sshniff",
         "ssview",
         "stackstrings",
         "startuptype",

downloadFiles.ps1

@@ -340,6 +340,7 @@ $warnings = Get-ChildItem .\log\* -Recurse | Select-String -Pattern "warning" |
     $_.Line -notmatch "create mode " -and
     $_.Line -notmatch "delete mode " -and
     $_.Line -notmatch "rename " -and
+    $_.Line -notmatch "reinstalling" -and
     $_.Line -notmatch "origin/main Updating"
 }
 
@@ -363,7 +364,8 @@ $errors = Get-ChildItem .\log\* -Recurse | Select-String -Pattern "error" | Wher
     $_.Line -notmatch "via WKD" -and
     $_.Line -notmatch "ERROR: 9DD0D4217D75" -and
     $_.Line -notmatch "usr\\share\\man\\man3" -and
-    $_.Line -notmatch "gpg-error.exe"
+    $_.Line -notmatch "gpg-error.exe" -and
+    $_.Line -notmatch "gpg-error"
 }
 
 if ($warnings -or $errors) {

resources/download/rust.ps1

@@ -17,7 +17,6 @@ ${CURRENT_VERSION_CUTE_TUI} = (curl --silent -L "https://crates.io/api/v1/crates
 ${CURRENT_VERSION_MFT2BODYFILE} = (curl --silent -L "https://crates.io/api/v1/crates/mft2bodyfile" | ConvertFrom-Json).crate.max_stable_version
 ${CURRENT_VERSION_USNJRNL} = (curl --silent -L "https://crates.io/api/v1/crates/usnjrnl" | ConvertFrom-Json).crate.max_stable_version
 
-
 ${STATUS} = $true
 
 if (Test-Path -Path "${ROOT_PATH}\mount\Tools\cargo\.crates.toml" ) {

setup/install_msys2.ps1

@@ -24,7 +24,7 @@ $env:MSYSTEM = 'UCRT64'
 & "C:\msys64\usr\bin\bash.exe" -lc 'pacman-key --populate' 2>&1 | ForEach-Object{ "$_" } >> "C:\log\msys2.txt"
 & "C:\msys64\usr\bin\bash.exe" -lc 'pacman --noconfirm -Syuu' 2>&1 | ForEach-Object{ "$_" } >> "C:\log\msys2.txt"
 & "C:\msys64\usr\bin\bash.exe" -lc 'pacman --noconfirm -Syuu' 2>&1 | ForEach-Object{ "$_" } >> "C:\log\msys2.txt"
-& "C:\msys64\usr\bin\bash.exe" -lc 'pacman --noconfirm -Syu git mingw-w64-ucrt-x86_64-toolchain mingw-w64-ucrt-x86_64-autotools mingw-w64-ucrt-x86_64-gcc mingw-w64-ucrt-x86_64-cmake mingw-w64-ucrt-x86_64-make vim' 2>&1 | ForEach-Object{ "$_" } >> "C:\log\msys2.txt"
+& "C:\msys64\usr\bin\bash.exe" -lc 'pacman --noconfirm -Syu git ncurses ncurses-devel mingw-w64-ucrt-x86_64-toolchain mingw-w64-ucrt-x86_64-autotools mingw-w64-ucrt-x86_64-gcc mingw-w64-ucrt-x86_64-cmake mingw-w64-ucrt-x86_64-make vim' 2>&1 | ForEach-Object{ "$_" } >> "C:\log\msys2.txt"
 
 Write-DateLog "MSYS2 installation done." 2>&1 | ForEach-Object{ "$_" } >> "C:\log\msys2.txt"
 Write-Output "" > "C:\msys64\done"

setup/install_rust_tools.ps1

@@ -17,17 +17,10 @@ Install-GitBash >> "C:\log\rust.txt"
 Write-DateLog "Install Rust." >> "C:\log\rust.txt"
 Install-Rust >> "C:\log\rust.txt"
 
-# Alternative install method for Rust
-#Set-Location "${HOME}" >> "C:\log\rust.txt"
-#curl -o "rustup-init.exe" "https://static.rust-lang.org/rustup/dist/x86_64-pc-windows-msvc/rustup-init.exe" >> "C:\log\rust.txt"
-#& ".\rustup-init.exe" --default-host x86_64-pc-windows-gnu -y >> "C:\log\rust.txt"
-#$env:PATH="${env:HOME}\.cargo\bin;${env:ProgramFiles}\Git\bin;${env:ProgramFiles}\Git\usr\bin;${env:PATH}"
-
 # Set PATH to include Rust and Git
 $env:PATH="${RUST_DIR}\bin;${env:ProgramFiles}\Git\bin;${env:ProgramFiles}\Git\usr\bin;${env:PATH};${MSYS2_DIR};${MSYS2_DIR}\ucrt64\bin;${MSYS2_DIR}\usr\bin"
 
 # Install Rust tools
-# Currently disabled due to issues with the Rust compiler
 Write-DateLog "Rust: Install dfir-toolkit in sandbox." >> "C:\log\rust.txt"
 cargo install --root "C:\cargo" "dfir-toolkit" 2>&1 | ForEach-Object { "$_" } >> "C:\log\rust.txt"
 
@@ -43,8 +36,12 @@ cargo install --root "C:\cargo" mft2bodyfile 2>&1 | ForEach-Object { "$_" } >> "
 cargo install --root "C:\cargo" usnjrnl 2>&1 | ForEach-Object { "$_" } >> "C:\log\rust.txt"
 # Requires gcc to compile
 cargo install --root "C:\cargo" CuTE-tui 2>&1 | ForEach-Object { "$_" } >> "C:\log\rust.txt"
-# https://github.com/janstarke/regview
-# https://github.com/janstarke/ntdsextract2
+
+Set-Location "C:\tmp"
+git clone https://github.com/CrzPhil/SSHniff.git
+Set-Location "C:\tmp\SSHniff\sshniff"
+cargo build --release
+Copy-Item ".\target\release\sshniff.exe" "C:\cargo\bin\sshniff.exe"
 
 Write-DateLog "Rust: Done installing Rust based tools in sandbox." >> "C:\log\rust.txt"
 

setup/install_verify.ps1

@@ -133,6 +133,7 @@ Test-Command mft2bodyfile PE32      # C:\Tools\cargo\bin\mft2bodyfile.exe
 Test-Command pf2bodyfile PE32      # C:\Tools\cargo\bin\pf2bodyfile.exe
 Test-Command pol_export PE32      # C:\Tools\cargo\bin\pol_export.exe
 Test-Command regdump PE32      # C:\Tools\cargo\bin\regdump.exe
+Test-Command sshniff PE32      # C:\Tools\cargo\bin\sshniff.exe
 Test-Command ts2date PE32      # C:\Tools\cargo\bin\ts2date.exe
 Test-Command usnjrnl_dump PE32      # C:\Tools\cargo\bin\usnjrnl_dump.exe
 Test-Command zip2bodyfile PE32      # C:\Tools\cargo\bin\zip2bodyfile.exe