Skip to content

Commit

Permalink
Update version to 2021.01.16, readying for PyPI/GH release, and minor…
Browse files Browse the repository at this point in the history 
… syntax fixes.
  • Loading branch information
@obsidianforensics
obsidianforensics committed Jan 17, 2021
1 parent 13b7a64 commit ac93047
Show file tree
Hide file tree
Showing 8 changed files with 32 additions and 32 deletions.
2 changes: 1 addition & 1 deletion hindsight_gui.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -150,7 +150,7 @@ def do_run():

# Hindsight version info
log.info(
'\n' + '#' * 80 + '\n### Hindsight v{} (https://github.com/obsidianforensics/hindsight) ###\n'
'\n' + '#' * 80 + '\n### Hindsight v{} (https://github.com/obsidianforensics/hindsight) ###\n'
.format(pyhindsight.__version__) + '#' * 80)

if 'windows' in ui_selected_decrypts:
Expand Down
2 changes: 1 addition & 1 deletion pyhindsight/__init__.py
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
__author__ = "Ryan Benson"
__version__ = "20201120"
__version__ = "2021.01.16"
__email__ = "[email protected]"
8 changes: 4 additions & 4 deletions pyhindsight/analysis.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -790,15 +790,15 @@ def generate_excel(self, output_object):
w.write_string(row_number, 2, item.url, gray_url_format) # URL
except Exception as e:
print(e, item.url, item.location)
w.write_string(row_number, 3, str(item.name), gray_field_format) # cached status // Normal (data cached)
w.write_string(row_number, 4, item.value, gray_value_format) # content-type (size) // image/jpeg (2035 bytes)
w.write_string(row_number, 3, str(item.name), gray_field_format) # status // Normal (data cached)
w.write_string(row_number, 4, item.value, gray_value_format) # type (size) // image/jpeg (35 bytes)
w.write(row_number, 5, item.interpretation, gray_value_format) # cookie interpretation
w.write(row_number, 6, item.profile, gray_value_format) # Profile
w.write(row_number, 16, item.etag, gray_value_format) # ETag
w.write(row_number, 17, item.last_modified, gray_value_format) # Last Modified
w.write(row_number, 18, item.server_name, gray_value_format) # Server name
w.write(row_number, 19, item.location, gray_value_format) # Cached data location // data_2 [1542523]
w.write(row_number, 20, item.http_headers_str, gray_value_format) # Cached data location // data_2 [1542523]
w.write(row_number, 19, item.location, gray_value_format) # data location // data_2 [1542523]
w.write(row_number, 20, item.http_headers_str, gray_value_format) # headers

elif item.row_type.startswith("local storage"):
w.write_string(row_number, 0, item.row_type, gray_type_format) # record_type
Expand Down
24 changes: 12 additions & 12 deletions pyhindsight/browsers/chrome.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -274,7 +274,7 @@ def get_history(self, path, history_file, version, row_type):
while compatible_version not in list(query.keys()) and compatible_version > 0:
compatible_version -= 1

if compatible_version is not 0:
if compatible_version != 0:
log.info(f' - Using SQL query for History items for Chrome {compatible_version}')
try:
# Copy and connect to copy of 'History' SQLite DB
Expand Down Expand Up @@ -344,7 +344,7 @@ def get_media_history(self, path, history_file, version, row_type):
while compatible_version not in list(query.keys()) and compatible_version > 0:
compatible_version -= 1

if compatible_version is not 0:
if compatible_version != 0:
log.info(f' - Using SQL query for Media History items for Chrome {compatible_version}')
try:
# Copy and connect to copy of 'Media History' SQLite DB
Expand Down Expand Up @@ -430,7 +430,7 @@ def get_downloads(self, path, database, version, row_type):
while compatible_version not in list(query.keys()) and compatible_version > 0:
compatible_version -= 1

if compatible_version is not 0:
if compatible_version != 0:
log.info(f' - Using SQL query for Download items for Chrome v{compatible_version}')
try:
# Copy and connect to copy of 'History' SQLite DB
Expand Down Expand Up @@ -517,13 +517,13 @@ def clean(x):
if encrypted_value is not None:
if len(encrypted_value) >= 2:
# If running Chrome on Windows
if sys.platform == 'win32' and self.available_decrypts['windows'] is 1:
if sys.platform == 'win32' and self.available_decrypts['windows'] == 1:
try:
decrypted_value = win32crypt.CryptUnprotectData(encrypted_value, None, None, None, 0)[1]
except:
decrypted_value = "<encrypted>"
# If running Chrome on OSX
elif sys.platform == 'darwin' and self.available_decrypts['mac'] is 1:
elif sys.platform == 'darwin' and self.available_decrypts['mac'] == 1:
try:
if not self.cached_key:
my_pass = keyring.get_password('Chrome Safe Storage', 'Chrome')
Expand All @@ -538,7 +538,7 @@ def clean(x):

# If running Chromium on Linux.
# Unlike Win/Mac, we can decrypt Linux cookies without the user's pw
if decrypted_value is "<encrypted>" and self.available_decrypts['linux'] is 1:
if decrypted_value == "<encrypted>" and self.available_decrypts['linux'] == 1:
try:
if not self.cached_key:
my_pass = 'peanuts'
Expand Down Expand Up @@ -583,7 +583,7 @@ def get_cookies(self, path, database, version):
while compatible_version not in list(query.keys()) and compatible_version > 0:
compatible_version -= 1

if compatible_version is not 0:
if compatible_version != 0:
log.info(" - Using SQL query for Cookie items for Chrome v{}".format(compatible_version))
try:
# Copy and connect to copy of 'Cookies' SQLite DB
Expand Down Expand Up @@ -664,7 +664,7 @@ def get_login_data(self, path, database, version):
while compatible_version not in list(query.keys()) and compatible_version > 0:
compatible_version -= 1

if compatible_version is not 0:
if compatible_version != 0:
log.info(f' - Using SQL query for Login items for Chrome v{compatible_version}')

# Copy and connect to copy of 'Login Data' SQLite DB
Expand Down Expand Up @@ -708,7 +708,7 @@ def get_login_data(self, path, database, version):
username_row.row_type = 'login (username)'
results.append(username_row)

if row.get('password_value') is not None and self.available_decrypts['windows'] is 1:
if row.get('password_value') is not None and self.available_decrypts['windows'] == 1:
try:
# Windows is all I've had time to test; Ubuntu uses built-in password manager
password = win32crypt.CryptUnprotectData(
Expand All @@ -734,7 +734,7 @@ def get_login_data(self, path, database, version):
while compatible_version not in list(query.keys()) and compatible_version > 0:
compatible_version -= 1

if compatible_version is not 0:
if compatible_version != 0:
log.info(f' - Using SQL query for Login Stat items for Chrome v{compatible_version}')

# Copy and connect to copy of 'Login Data' SQLite DB
Expand Down Expand Up @@ -779,7 +779,7 @@ def get_autofill(self, path, database, version):
while compatible_version not in list(query.keys()) and compatible_version > 0:
compatible_version -= 1

if compatible_version is not 0:
if compatible_version != 0:
log.info(" - Using SQL query for Autofill items for Chrome v{}".format(compatible_version))
try:
# Copy and connect to copy of 'Web Data' SQLite DB
Expand Down Expand Up @@ -1420,7 +1420,7 @@ def expand_language_code(code):
prefs['profile']['content_settings']['exceptions']['sound'].items():
if pref_data.get('last_modified'):
interpretation = ''
if pref_data.get('setting') is 2:
if pref_data.get('setting') == 2:
interpretation = 'Muted site'
pref_item = Chrome.PreferenceItem(
self.profile_path, url=origin,
Expand Down
5 changes: 3 additions & 2 deletions pyhindsight/utils.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -159,7 +159,7 @@ def get_ldb_records(ldb_path, prefix=''):
try:
db = ccl_leveldb.RawLevelDb(ldb_path)
except Exception as e:
log.warning(f' - Couldn\'t open {ldb_path} as LevelDB; {e}')
log.warning(f' - Could not open {ldb_path} as LevelDB; {e}')
return []

cleaned_records = []
Expand All @@ -177,6 +177,7 @@ def get_ldb_records(ldb_path, prefix=''):

cleaned_records.append(cleaned_record)

db.close()
return cleaned_records


Expand Down Expand Up @@ -234,7 +235,7 @@ def read_int64(input_bytes, ptr):
| | | | | | | | (_| \__ \ | (_| | | | | |_
|_| |_|_|_| |_|\__,_|___/_|\__, |_| |_|\__|
__/ |
by @_RyanBenson |___/ v{}
by @_RyanBenson |___/ v{}
################################################################################
'''.format(__version__)
3 changes: 1 addition & 2 deletions setup.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
packages=find_packages(),
include_package_data=True,
scripts=['hindsight.py', 'hindsight_gui.py'],
version='20200607',
version='20210116',
description='Browser forensics for Google Chrome/Chromium',
url='https://github.com/obsidianforensics/hindsight',
author='Ryan Benson',
Expand All @@ -15,7 +15,6 @@
install_requires=[
'bottle>=0.12.18',
'keyring>=21.2.1',
# 'plyvel>=1.2',
'pycryptodomex>=3.9.7',
# 'pypiwin32>=219',
'pytz>=2020.1',
Expand Down
10 changes: 5 additions & 5 deletions spec/file_version_info_cmd.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,8 @@ VSVersionInfo(
ffi=FixedFileInfo(
# filevers and prodvers should be always a tuple with four items: (1, 2, 3, 4)
# Set not needed items to zero 0.
filevers=(2, 3, 0, 0),
prodvers=(2, 3, 0, 0),
filevers=(2021, 1, 16, 0),
prodvers=(2021, 1, 16, 0),
# Contains a bitmask that specifies the valid bits 'flags'r
mask=0x0,
# Contains a bitmask that specifies the Boolean attributes of the file.
Expand All @@ -33,10 +33,10 @@ VSVersionInfo(
[StringStruct(u'Comments', u'Internet history forensics for Google Chrome/Chromium'),
StringStruct(u'CompanyName', u'dfir.blog'),
StringStruct(u'FileDescription', u'Hindsight'),
StringStruct(u'LegalCopyright', u'Copyright© 2012 - 2019 Ryan Benson'),
StringStruct(u'LegalCopyright', u'Copyright© 2012 - 2021 Ryan Benson'),
StringStruct(u'ProductName', u'Hindsight'),
StringStruct(u'FileVersion', u'2.3.0'),
StringStruct(u'ProductVersion', u'2.3.0'),
StringStruct(u'FileVersion', u'2021.01.16'),
StringStruct(u'ProductVersion', u'2021.01.16'),
StringStruct(u'InternalName', u'Hindsight'),
StringStruct(u'OriginalFilename', u'hindsight.exe')])
])
Expand Down
10 changes: 5 additions & 5 deletions spec/file_version_info_gui.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,8 @@ VSVersionInfo(
ffi=FixedFileInfo(
# filevers and prodvers should be always a tuple with four items: (1, 2, 3, 4)
# Set not needed items to zero 0.
filevers=(2, 3, 0, 0),
prodvers=(2, 3, 0, 0),
filevers=(2021, 1, 16, 0),
prodvers=(2021, 1, 16, 0),
# Contains a bitmask that specifies the valid bits 'flags'r
mask=0x0,
# Contains a bitmask that specifies the Boolean attributes of the file.
Expand All @@ -33,10 +33,10 @@ VSVersionInfo(
[StringStruct(u'Comments', u'Internet history forensics for Google Chrome/Chromium'),
StringStruct(u'CompanyName', u'dfir.blog'),
StringStruct(u'FileDescription', u'Hindsight'),
StringStruct(u'LegalCopyright', u'Copyright© 2012 - 2019 Ryan Benson'),
StringStruct(u'LegalCopyright', u'Copyright© 2012 - 2021 Ryan Benson'),
StringStruct(u'ProductName', u'Hindsight'),
StringStruct(u'FileVersion', u'2.3.0'),
StringStruct(u'ProductVersion', u'2.3.0'),
StringStruct(u'FileVersion', u'2021.01.16'),
StringStruct(u'ProductVersion', u'2021.01.16'),
StringStruct(u'InternalName', u'Hindsight'),
StringStruct(u'OriginalFilename', u'hindsight_gui.exe')])
])
Expand Down

0 comments on commit ac93047

Please sign in to comment.