From 78aa86fdc512346917e99d73d60e7686c2b277eb Mon Sep 17 00:00:00 2001 From: DReneau <53024966+DReneau@users.noreply.github.com> Date: Mon, 28 Oct 2024 08:51:35 -0700 Subject: [PATCH 1/4] Added compound module for Open WebUI artifacts. --- Modules/Compound/Open-WebUI.mkape | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 Modules/Compound/Open-WebUI.mkape diff --git a/Modules/Compound/Open-WebUI.mkape b/Modules/Compound/Open-WebUI.mkape new file mode 100644 index 000000000..e6cdd1e79 --- /dev/null +++ b/Modules/Compound/Open-WebUI.mkape @@ -0,0 +1,29 @@ +Description: Open WebUI Parsers +Category: Modules +Author: DReneau +Version: 1.0 +Id: 23f770d6-43b7-4657-a7cb-a6d79d772918 +ExportFormat: txt +Processors: + - + Executable: powershell_openwebui_account_parser.mkape + CommandLine: "" + ExportFormat: "" + - + Executable: powershell_openwebui_chat_parser.mkape + CommandLine: "" + ExportFormat: "" + - + Executable: powershell_openwebui_document_parser.mkape + CommandLine: "" + ExportFormat: "" + - + Executable: PowerShell_Docker_Containers.mkape + CommandLine: "" + ExportFormat: "" + +# Documentation +# https://github.com/open-webui/open-webui +# https://docs.docker.com/reference/cli/docker/container/ls/ +# This module combines Open WebUI artifacts located in Docker Desktop logs. +# .\kape.exe --msource c:\ --mdest k:\case-12345\Kape\mout --module open-webui From 20f17f29f96360cc3301373b19785b7e5a8baf6c Mon Sep 17 00:00:00 2001 From: DReneau <53024966+DReneau@users.noreply.github.com> Date: Mon, 28 Oct 2024 08:53:58 -0700 Subject: [PATCH 2/4] Added Open WebUI parsers. Artifacts located in Docker Desktop logs. --- .../PowerShell_OpenWebUI_Account_Parser.mkape | 19 +++++++++++++++++++ .../PowerShell_OpenWebUI_Chat_Parser.mkape | 19 +++++++++++++++++++ ...PowerShell_OpenWebUI_Document_Parser.mkape | 19 +++++++++++++++++++ 3 files changed, 57 insertions(+) create mode 100644 Modules/Apps/PowerShell_OpenWebUI_Account_Parser.mkape create mode 100644 Modules/Apps/PowerShell_OpenWebUI_Chat_Parser.mkape create mode 100644 Modules/Apps/PowerShell_OpenWebUI_Document_Parser.mkape diff --git a/Modules/Apps/PowerShell_OpenWebUI_Account_Parser.mkape b/Modules/Apps/PowerShell_OpenWebUI_Account_Parser.mkape new file mode 100644 index 000000000..66396a351 --- /dev/null +++ b/Modules/Apps/PowerShell_OpenWebUI_Account_Parser.mkape @@ -0,0 +1,19 @@ +Description: Open WebUI User Account Parser - Extract new user account, passwords, and roles (Docker Desktop). +Category: LiveResponse +Author: DReneau +Version: 1.0 +Id: 5dbf2b24-2740-44ea-bca9-5b8dd90c592d +ExportFormat: txt +Processors: + - + Executable: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe + CommandLine: "$filePath = '%destinationDirectory%\\open-webui_account_data.txt'; try { $dockerInfo = (docker ps --all --filter 'name=webui' --format 'ID: {{.ID}} | Name: {{.Names}} | Image: {{.Image}} | Size: {{.Size}} | Status: {{.Status}} | Command: {{.Command}}' | Out-String).TrimEnd(); if (-not $dockerInfo) { Set-Content -Path $filePath -Value 'Docker Desktop Not Active' -Encoding UTF8; exit } $dockerLogs = docker ps --filter 'name=webui' --format '{{.ID}}' | ForEach-Object { docker logs $_ 2>&1 | ForEach-Object { if ($_ -match 'INFO \\[open_webui.apps.webui.models.auths\\] authenticate_user:') { $_ + [System.Environment]::NewLine } elseif ($_ -match 'name=') { $_ + [System.Environment]::NewLine } } } | Out-String; $output = $dockerInfo + [System.Environment]::NewLine + [System.Environment]::NewLine + $dockerLogs; Set-Content -Path $filePath -Value $output -Encoding UTF8; } catch { Set-Content -Path $filePath -Value 'Docker Desktop Not Active' -Encoding UTF8; exit }" + ExportFormat: txt + +# Documentation +# https://docs.openwebui.com/getting-started/logging/ +# https://docs.docker.com/reference/cli/docker/container/ls/ +# This module combines "docker ps" and "docker Logs" filtering on the Open WebUI container ID from "docker ps." +# User accounts and passwords are then extracted and written to "open-webui_account_data.txt." +# Example: +# .\kape.exe --msource c:\ --mdest k:\Kape\Case_1234\mout --module powershell_openwebui_account_parser diff --git a/Modules/Apps/PowerShell_OpenWebUI_Chat_Parser.mkape b/Modules/Apps/PowerShell_OpenWebUI_Chat_Parser.mkape new file mode 100644 index 000000000..4719c6554 --- /dev/null +++ b/Modules/Apps/PowerShell_OpenWebUI_Chat_Parser.mkape @@ -0,0 +1,19 @@ +Description: Open WebUI Chat History Parser - Extract text-based chat conversations (Docker Desktop). +Category: LiveResponse +Author: DReneau +Version: 1.0 +Id: 28a9649a-5871-4f65-9c1e-9da6f3c8a906 +ExportFormat: txt +Processors: + - + Executable: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe + CommandLine: "$filePath = '%destinationDirectory%\\open-webuii_chat_history.txt'; try { $dockerInfo = (docker ps --all --filter 'name=webui' --format 'ID: {{.ID}} | Name: {{.Names}} | Image: {{.Image}} | Size: {{.Size}} | Status: {{.Status}} | Command: {{.Command}}' | Out-String).TrimEnd(); if (-not $dockerInfo) { Set-Content -Path $filePath -Value 'Docker Desktop Not Active' -Encoding UTF8; exit } $dockerLogs = docker ps --filter 'name=webui' --format '{{.ID}}' | ForEach-Object { docker logs $_ 2>&1 | ForEach-Object { if ($_ -match '') { $inChatHistory = $true; [System.Environment]::NewLine + $_ } elseif ($_ -match '') { $inChatHistory = $false; $_ + [System.Environment]::NewLine + [System.Environment]::NewLine } elseif ($inChatHistory) { $_ } } } | Out-String; $output = $dockerInfo + [System.Environment]::NewLine + [System.Environment]::NewLine + $dockerLogs; Set-Content -Path $filePath -Value $output -Encoding UTF8; } catch { Set-Content -Path $filePath -Value 'Docker Desktop Not Active' -Encoding UTF8; exit }" + ExportFormat: txt + +# Documentation +# https://docs.docker.com/reference/cli/docker/container/ls/ +# This module combines "docker ps" and "docker Logs" filtering on the Open WebUI container ID from "docker ps." +# Open WebUI chat conversations are extracted for all users and written to "open-webui_chat_history.txt." +# Open WebUI chats conversations remain in the logs even after deleting the conversation in the app. +# Example: +# .\kape.exe --msource c:\ --mdest k:\Kape\Case_1234\mout --module powershell_openwebui_chat_parser diff --git a/Modules/Apps/PowerShell_OpenWebUI_Document_Parser.mkape b/Modules/Apps/PowerShell_OpenWebUI_Document_Parser.mkape new file mode 100644 index 000000000..c9abb3af0 --- /dev/null +++ b/Modules/Apps/PowerShell_OpenWebUI_Document_Parser.mkape @@ -0,0 +1,19 @@ +Description: Open WebUI Document Upload Parser - Extract text from uploaded documents (Docker Desktop). +Category: LiveResponse +Author: DReneau +Version: 1.0 +Id: 45492e28-2296-48ec-9fd5-762b42bf58bc +ExportFormat: txt +Processors: + - + Executable: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe + CommandLine: "$filePath = '%destinationDirectory%\\open-webui_uploaded_documents.txt'; try { $dockerInfo = (docker ps --all --filter 'name=webui' --format 'ID: {{.ID}} | Name: {{.Names}} | Image: {{.Image}} | Size: {{.Size}} | Status: {{.Status}} | Command: {{.Command}}' | Out-String).TrimEnd(); if (-not $dockerInfo) { Set-Content -Path $filePath -Value 'Docker Desktop Not Active' -Encoding UTF8; exit } $dockerLogs = docker ps --filter 'name=webui' --format '{{.ID}}' | ForEach-Object { docker logs $_ 2>&1 | ForEach-Object { if ($_ -match 'contexts \\[') { $inBlock = $true; [System.Environment]::NewLine + $_ } elseif ($_ -match '\\]\\}\\]') { $inBlock = $false; $_ + [System.Environment]::NewLine + [System.Environment]::NewLine } elseif ($inBlock) { $_ } } } | Out-String; $output = $dockerInfo + [System.Environment]::NewLine + [System.Environment]::NewLine + $dockerLogs; Set-Content -Path $filePath -Value $output -Encoding UTF8; } catch { Set-Content -Path $filePath -Value 'Docker Desktop Not Active' -Encoding UTF8; exit }" + ExportFormat: txt + +# Documentation +# https://docs.docker.com/reference/cli/docker/container/ls/ +# This module combines "docker ps" and "docker Logs" filtering on the Open WebUI container ID from "docker ps." +# Text from uploaded documents is then extracted and written to "open-webui_uploaded_documents.txt." +# Open WebUI documents remain in the logs even after deleting the chat conversation in the app. +# Example: +# .\kape.exe --msource c:\ --mdest k:\Kape\Case_1234\mout --module powershell_openwebui_document_parser From c4d10212e7b984581a2c0ffadc3578f810755ef5 Mon Sep 17 00:00:00 2001 From: Andrew Rathbun <36825567+AndrewRathbun@users.noreply.github.com> Date: Mon, 28 Oct 2024 12:38:14 -0400 Subject: [PATCH 3/4] Update Open-WebUI.mkape fix casing on three Modules --- Modules/Compound/Open-WebUI.mkape | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Modules/Compound/Open-WebUI.mkape b/Modules/Compound/Open-WebUI.mkape index e6cdd1e79..e33deb339 100644 --- a/Modules/Compound/Open-WebUI.mkape +++ b/Modules/Compound/Open-WebUI.mkape @@ -6,15 +6,15 @@ Id: 23f770d6-43b7-4657-a7cb-a6d79d772918 ExportFormat: txt Processors: - - Executable: powershell_openwebui_account_parser.mkape + Executable: PowerShell_OpenWebUI_Account_Parser.mkape CommandLine: "" ExportFormat: "" - - Executable: powershell_openwebui_chat_parser.mkape + Executable: PowerShell_OpenWebUI_Chat_Parser.mkape CommandLine: "" ExportFormat: "" - - Executable: powershell_openwebui_document_parser.mkape + Executable: PowerShell_OpenWebUI_Document_Parser.mkape CommandLine: "" ExportFormat: "" - From f8c1937235289a321a1fc2181ab220f991ba803e Mon Sep 17 00:00:00 2001 From: Andrew Rathbun <36825567+AndrewRathbun@users.noreply.github.com> Date: Mon, 28 Oct 2024 12:39:15 -0400 Subject: [PATCH 4/4] Update Open-WebUI.mkape update Category --- Modules/Compound/Open-WebUI.mkape | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/Compound/Open-WebUI.mkape b/Modules/Compound/Open-WebUI.mkape index e33deb339..01012229c 100644 --- a/Modules/Compound/Open-WebUI.mkape +++ b/Modules/Compound/Open-WebUI.mkape @@ -1,5 +1,5 @@ Description: Open WebUI Parsers -Category: Modules +Category: AI Author: DReneau Version: 1.0 Id: 23f770d6-43b7-4657-a7cb-a6d79d772918