From 213773e77e5c97850e6119a7273acf2bb2dbb7f5 Mon Sep 17 00:00:00 2001
From: reece394 <31659691+reece394@users.noreply.github.com>
Date: Thu, 19 Dec 2024 20:57:28 +0000
Subject: [PATCH] Add Angry IP Scanner to DFIRBatch

---
 BatchExamples/DFIRBatch.md  |  1 +
 BatchExamples/DFIRBatch.reb | 36 +++++++++++++++++++++++++++++++++++-
 2 files changed, 36 insertions(+), 1 deletion(-)

diff --git a/BatchExamples/DFIRBatch.md b/BatchExamples/DFIRBatch.md
index ccfe608..df55ff1 100644
--- a/BatchExamples/DFIRBatch.md
+++ b/BatchExamples/DFIRBatch.md
@@ -55,6 +55,7 @@ Example entry, please follow this format:
 | 2.06 | 2024-09-06 | Added various JPCert artifacts around remote access tools, Added LogonStats and an example of DEFAULT registry hive use with WinSCP  |
 | 2.07 | 2024-11-26 | Added new artifacts from the DEFAULT registry hive  |
 | 2.08 | 2024-12-07 | Added WinSCP DEFAULT artifact back and added Advanced IP Scanner and Advanced Port Scanner Artifacts |
+| 2.09 | 2024-12-19 | Added Angry IP Scanner Artifacts |
 
 # Documentation
 
diff --git a/BatchExamples/DFIRBatch.reb b/BatchExamples/DFIRBatch.reb
index 692666a..081a763 100644
--- a/BatchExamples/DFIRBatch.reb
+++ b/BatchExamples/DFIRBatch.reb
@@ -1,6 +1,6 @@
 Description: DFIR RECmd Batch File
 Author: Andrew Rathbun
-Version: 2.08
+Version: 2.09
 Id: 2e1589f5-e31a-4bef-822f-075d56afdddd
 Keys:
 #
@@ -2965,6 +2965,40 @@ Keys:
         Recursive: true
         Comment: "Displays artifacts relating to Advanced IP Scanner"
 
+# Third Party Applications -> Angry IP Scanner - https://angryip.org/
+
+    -
+        Description: Angry IP Scanner - Legacy
+        HiveType: NTUSER
+        Category: Third Party Applications
+        KeyPath: Software\Angryziber\ipscan
+        Recursive: true
+        Comment: "Displays artifacts relating to Angry IP Scanner"
+
+    -
+        Description: Angry IP Scanner - Legacy
+        HiveType: DEFAULT
+        Category: Third Party Applications
+        KeyPath: Software\Angryziber\ipscan
+        Recursive: true
+        Comment: "Displays artifacts relating to Angry IP Scanner"
+
+    -
+        Description: Angry IP Scanner
+        HiveType: NTUSER
+        Category: Third Party Applications
+        KeyPath: Software\JavaSoft\Prefs\ipscan
+        Recursive: true
+        Comment: "Displays artifacts relating to Angry IP Scanner"
+
+    -
+        Description: Angry IP Scanner
+        HiveType: DEFAULT
+        Category: Third Party Applications
+        KeyPath: Software\JavaSoft\Prefs\ipscan
+        Recursive: true
+        Comment: "Displays artifacts relating to Angry IP Scanner"
+
 # --------------------
 # CLOUD STORAGE
 # --------------------