Subversion Repositories kim

Compare Revisions

Ignore whitespace Rev 5 → Rev 6

/trunk/kim/kim.py
12,6 → 12,8
# https://sandersonforensics.com/forum/content.php?205-Chrome-history-with-Recursive-Common-Table-Expressions
"""
 
import argparse
 
try:
from .logger import Logger
from .utils import *
21,6 → 23,19
from utils import Utils
from project import *
 
 
def get_app_options():
parser = argparse.ArgumentParser(description='%s by %s <%s>' % (name, author, author_email))
#~ parser.add_argument('-a', '--all', action='all', help='Get SAP Notes from all browsers')
#~ parser = parser.add_mutually_exclusive_group(required=False)
#~ parser.add_argument('-f', '--firefox', action='store_true', dest='Firefox', help='Get SAP Notes from Firefox')
#~ parser.add_argument('-c', '--chrome', dest='Chrome', help='Get SAP Notes from Chrome')
parser.add_argument('-d', '--debug', dest='LOGLEVEL', help='Increase output verbosity', action='store', default='INFO')
parser.add_argument('-v', '--version', action='version', version='%s %s' % (name, version))
params = parser.parse_args()
 
return params
 
class KIM:
snotes = set()
dnotes = {}
29,19 → 44,20
options = None
 
def __init__(self):
self.log = Logger('KIM').get_logger()
self.utils = Utils()
self.options = self.utils.get_app_options()
self.log.debug("Options: %s", self.options)
self.options = get_app_options()
self.utils = Utils(self.options)
self.log = Logger('KIM', level=self.options.LOGLEVEL).get_logger()
self.log.info('Starting %s %s', name, version)
 
def run(self):
snff = self.utils.get_firefox_history()
snch = self.utils.get_chrome_history()
self.log.debug(snff)
self.log.debug(snch)
usndict = self.utils.get_uniq_sapnotes([snff, snch])
self.log.debug(usndict)
 
return usndict
 
 
def main():
kim = KIM()
kim.run()
/trunk/kim/utils.py
13,7 → 13,6
import shutil
import sqlite3
import logging
import argparse
from subprocess import check_output
 
try:
28,8 → 27,8
 
class Utils:
log = None
def __init__(self):
self.log = Logger('Utils').get_logger()
def __init__(self, options):
self.log = Logger('Utils', level=options.LOGLEVEL).get_logger()
 
 
def validate(self, url):
84,8 → 83,7
placesDB = os.path.join(profile_dir, 'places.sqlite')
self.log.debug("Firefox DB: %s", placesDB)
if os.path.isfile(placesDB):
ff = self.filter_firefox_history(placesDB)
return ff
return self.filter_firefox_history(placesDB)
else:
self.log.warning ('PlacesDb does not exist: %s' % placesDB)
return None
128,7 → 126,7
placesDB = os.path.join(profile_dir, 'history')
self.log.debug("Chrome DB: %s", placesDB)
if os.path.isfile(placesDB):
self.filter_chrome_history(placesDB)
return self.filter_chrome_history(placesDB)
else:
self.log.warning ('PlacesDb does not exist: %s' % placesDB)
return None
145,7 → 143,6
moz_historyvisits.place_id;")
 
for row in c:
#~ self.log.info(row)
url = str(row[0])
date = str(row[1])
if '/support/notes/' in url:
170,25 → 167,28
return None
 
def filter_chrome_history(self, placesDB):
sndict = {}
self.log.debug('Printing Chrome history')
shutil.copy(placesDB, "history")
c = sqlite3.connect("history")
cursor = c.cursor()
conn = sqlite3.connect("history")
c = conn.cursor()
try:
select_statement = "SELECT urls.url, date(visits.visit_time/1000000-11644473600, 'unixepoch') FROM urls, visits WHERE urls.id = visits.url;"
cursor.execute(select_statement)
results = cursor.fetchall() #tuple
count = 0
for url, vtime in results:
if url.startswith("https://launchpad.support.sap.com/#/notes/"):
SAPNOTE = validate(url)
if SAPNOTE is not None:
line = "%s:%s" % (vtime, SAPNOTE)
self.log.debug("\tFound: %s", line)
snotes.add(line)
# ~ fout.write ("%s:%s\n" % (vtime, SAPNOTE))
count = count + 1
self.log.debug ("Chrome: %d SAP Notes found" % count)
c.execute(select_statement)
for row in c:
url = str(row[0])
date = str(row[1])
if '/support/notes/' in url:
snid = self.validate(url)
if snid is not None:
try:
sndate = sndict[snid]
if date > sndate:
sndict[snid] = date
except:
sndict[snid] = date
self.log.debug ("Chrome: %d SAP Notes found" % len(sndict))
return sndict
except Exception as error:
self.log.error (error)
return None
215,15 → 215,16
dnotes[snid]['visited'] = svdate
 
 
def get_uniq_sapnotes(self, sndicts):
usndict = {}
for sndict in sndicts:
for snid in sndict:
try:
date = usndict[snid]
if sndict[snid] > date:
usndict[snid] = sndict[snid]
except:
usndict[snid] = sndict[snid]
self.log.debug("Unique SAP Notes for all browsers: %d" % len(usndict))
return usndict
 
def get_app_options(self):
parser = argparse.ArgumentParser(description='%s by %s <%s>' % (name, author, author_email))
#~ parser.add_argument('-a', '--all', action='all', help='Get SAP Notes from all browsers')
#~ parser = parser.add_mutually_exclusive_group(required=False)
#~ parser.add_argument('-f', '--firefox', action='store_true', dest='Firefox', help='Get SAP Notes from Firefox')
#~ parser.add_argument('-c', '--chrome', dest='Chrome', help='Get SAP Notes from Chrome')
parser.add_argument('-d', '--debug', dest='LOGLEVEL', help='Increase output verbosity', action='store', default='INFO')
parser.add_argument('-v', '--version', action='version', version='%s %s' % (name, version))
params = parser.parse_args()
 
return params