diff --git a/.vscode/settings.json b/.vscode/settings.json index f877976..293576a 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -149,6 +149,7 @@ "deobshell", "desktopicon", "devcon", + "devel", "Dfile", "DFIR", "dfirws", @@ -709,6 +710,7 @@ "sqlitebrowser", "Squiblydoo", "ssdeep", + "sshniff", "ssview", "stackstrings", "startuptype", diff --git a/downloadFiles.ps1 b/downloadFiles.ps1 index 8ff8018..b28d597 100644 --- a/downloadFiles.ps1 +++ b/downloadFiles.ps1 @@ -340,6 +340,7 @@ $warnings = Get-ChildItem .\log\* -Recurse | Select-String -Pattern "warning" | $_.Line -notmatch "create mode " -and $_.Line -notmatch "delete mode " -and $_.Line -notmatch "rename " -and + $_.Line -notmatch "reinstalling" -and $_.Line -notmatch "origin/main Updating" } @@ -363,7 +364,8 @@ $errors = Get-ChildItem .\log\* -Recurse | Select-String -Pattern "error" | Wher $_.Line -notmatch "via WKD" -and $_.Line -notmatch "ERROR: 9DD0D4217D75" -and $_.Line -notmatch "usr\\share\\man\\man3" -and - $_.Line -notmatch "gpg-error.exe" + $_.Line -notmatch "gpg-error.exe" -and + $_.Line -notmatch "gpg-error" } if ($warnings -or $errors) { diff --git a/resources/download/rust.ps1 b/resources/download/rust.ps1 index 5503f76..a81e271 100644 --- a/resources/download/rust.ps1 +++ b/resources/download/rust.ps1 @@ -17,7 +17,6 @@ ${CURRENT_VERSION_CUTE_TUI} = (curl --silent -L "https://crates.io/api/v1/crates ${CURRENT_VERSION_MFT2BODYFILE} = (curl --silent -L "https://crates.io/api/v1/crates/mft2bodyfile" | ConvertFrom-Json).crate.max_stable_version ${CURRENT_VERSION_USNJRNL} = (curl --silent -L "https://crates.io/api/v1/crates/usnjrnl" | ConvertFrom-Json).crate.max_stable_version - ${STATUS} = $true if (Test-Path -Path "${ROOT_PATH}\mount\Tools\cargo\.crates.toml" ) { diff --git a/setup/install_msys2.ps1 b/setup/install_msys2.ps1 index ea21e9b..97e9f03 100644 --- a/setup/install_msys2.ps1 +++ b/setup/install_msys2.ps1 @@ -24,7 +24,7 @@ $env:MSYSTEM = 'UCRT64' & "C:\msys64\usr\bin\bash.exe" -lc 'pacman-key --populate' 2>&1 | ForEach-Object{ "$_" } >> "C:\log\msys2.txt" & "C:\msys64\usr\bin\bash.exe" -lc 'pacman --noconfirm -Syuu' 2>&1 | ForEach-Object{ "$_" } >> "C:\log\msys2.txt" & "C:\msys64\usr\bin\bash.exe" -lc 'pacman --noconfirm -Syuu' 2>&1 | ForEach-Object{ "$_" } >> "C:\log\msys2.txt" -& "C:\msys64\usr\bin\bash.exe" -lc 'pacman --noconfirm -Syu git mingw-w64-ucrt-x86_64-toolchain mingw-w64-ucrt-x86_64-autotools mingw-w64-ucrt-x86_64-gcc mingw-w64-ucrt-x86_64-cmake mingw-w64-ucrt-x86_64-make vim' 2>&1 | ForEach-Object{ "$_" } >> "C:\log\msys2.txt" +& "C:\msys64\usr\bin\bash.exe" -lc 'pacman --noconfirm -Syu git ncurses ncurses-devel mingw-w64-ucrt-x86_64-toolchain mingw-w64-ucrt-x86_64-autotools mingw-w64-ucrt-x86_64-gcc mingw-w64-ucrt-x86_64-cmake mingw-w64-ucrt-x86_64-make vim' 2>&1 | ForEach-Object{ "$_" } >> "C:\log\msys2.txt" Write-DateLog "MSYS2 installation done." 2>&1 | ForEach-Object{ "$_" } >> "C:\log\msys2.txt" Write-Output "" > "C:\msys64\done" diff --git a/setup/install_rust_tools.ps1 b/setup/install_rust_tools.ps1 index 47831ed..c143f00 100644 --- a/setup/install_rust_tools.ps1 +++ b/setup/install_rust_tools.ps1 @@ -17,17 +17,10 @@ Install-GitBash >> "C:\log\rust.txt" Write-DateLog "Install Rust." >> "C:\log\rust.txt" Install-Rust >> "C:\log\rust.txt" -# Alternative install method for Rust -#Set-Location "${HOME}" >> "C:\log\rust.txt" -#curl -o "rustup-init.exe" "https://static.rust-lang.org/rustup/dist/x86_64-pc-windows-msvc/rustup-init.exe" >> "C:\log\rust.txt" -#& ".\rustup-init.exe" --default-host x86_64-pc-windows-gnu -y >> "C:\log\rust.txt" -#$env:PATH="${env:HOME}\.cargo\bin;${env:ProgramFiles}\Git\bin;${env:ProgramFiles}\Git\usr\bin;${env:PATH}" - # Set PATH to include Rust and Git $env:PATH="${RUST_DIR}\bin;${env:ProgramFiles}\Git\bin;${env:ProgramFiles}\Git\usr\bin;${env:PATH};${MSYS2_DIR};${MSYS2_DIR}\ucrt64\bin;${MSYS2_DIR}\usr\bin" # Install Rust tools -# Currently disabled due to issues with the Rust compiler Write-DateLog "Rust: Install dfir-toolkit in sandbox." >> "C:\log\rust.txt" cargo install --root "C:\cargo" "dfir-toolkit" 2>&1 | ForEach-Object { "$_" } >> "C:\log\rust.txt" @@ -43,8 +36,12 @@ cargo install --root "C:\cargo" mft2bodyfile 2>&1 | ForEach-Object { "$_" } >> " cargo install --root "C:\cargo" usnjrnl 2>&1 | ForEach-Object { "$_" } >> "C:\log\rust.txt" # Requires gcc to compile cargo install --root "C:\cargo" CuTE-tui 2>&1 | ForEach-Object { "$_" } >> "C:\log\rust.txt" -# https://github.com/janstarke/regview -# https://github.com/janstarke/ntdsextract2 + +Set-Location "C:\tmp" +git clone https://github.com/CrzPhil/SSHniff.git +Set-Location "C:\tmp\SSHniff\sshniff" +cargo build --release +Copy-Item ".\target\release\sshniff.exe" "C:\cargo\bin\sshniff.exe" Write-DateLog "Rust: Done installing Rust based tools in sandbox." >> "C:\log\rust.txt" diff --git a/setup/install_verify.ps1 b/setup/install_verify.ps1 index 757a5dc..5b2bdea 100644 --- a/setup/install_verify.ps1 +++ b/setup/install_verify.ps1 @@ -133,6 +133,7 @@ Test-Command mft2bodyfile PE32 # C:\Tools\cargo\bin\mft2bodyfile.exe Test-Command pf2bodyfile PE32 # C:\Tools\cargo\bin\pf2bodyfile.exe Test-Command pol_export PE32 # C:\Tools\cargo\bin\pol_export.exe Test-Command regdump PE32 # C:\Tools\cargo\bin\regdump.exe +Test-Command sshniff PE32 # C:\Tools\cargo\bin\sshniff.exe Test-Command ts2date PE32 # C:\Tools\cargo\bin\ts2date.exe Test-Command usnjrnl_dump PE32 # C:\Tools\cargo\bin\usnjrnl_dump.exe Test-Command zip2bodyfile PE32 # C:\Tools\cargo\bin\zip2bodyfile.exe