PLC/vPLC>> whodunnit>> 返回
项目作者: 1cysw0rdk0

项目描述 :
A PS forensics tool for Scraping, Filtering and Exporting Windows Event Logs
高级语言: PowerShell
项目地址: git://github.com/1cysw0rdk0/whodunnit.git
创建时间: 2018-08-27T14:49:00Z
项目社区:https://github.com/1cysw0rdk0/whodunnit
开源协议:
下载


Whodunnit

Parse, Filter and Present Windows Event Logs with ease, from the comfort and familiarity of a PowerShell Environment.

Interactive mode Menu Options

  1. + Read In Log Files
  2.     + Read from File
  3.     + Read from Local Machine
  4.     ? Read from Remote Machine
  5.         ?Requires PSRemoting
  6.         ?Requires Admin Creds to box
  8. + Set Active Filter
  9.     + Export Active Filter to File
  10.     + Load Filter From File
  11.     + Filter Options
  12.         + Username
  13.             +Negative Selection
  15.         + Time Window
  16.             +Start time
  17.             +End time
  19.         + Event Types
  20.             +Positive Selection
  22.         + Type
  23.             +Positive Selection
  25.         + Source 
  26.             +Positive Selection
  29. + Display Log Files
  30.     + Log files which match the active filter
  32. + Export Log Files
  33.     + Export all Read Log files
  34.     + Export all Log files that match active filter

Command Line Interface

  1. Usage:
  2.     whodunnit.ps1 -i=/full/path [-f=/full/path] [-o=/full/path]
  3.     whodunnit.ps1 -l [-f=/full/path] [-o=/full/path]
  4.     whodunnit.ps1 -r="$IPAddress" -u=$Username -p[=$Password] [-f=/full/path] [-o=/full/path]
  5.     whodunnit.ps1 -c [-f=/full/path/old] [-o=/full/path/new]
  7. Flags:
  8.     -c, --create-filter=$PATH
  9.         Creates a filter file at $PATH
  11.         -f : copy existing filter file
  12.         -o : output path
  14.     -i, --input-file 
  15.         Specify a previously exported file to read in
  17.     -l, --local-logs
  18.         Specify loading logs from local host
  20.     -r, --remote-logs
  21.         Specify loading logs from remote host
  22.         Username is required, password can be prompted
  24.         -u : Administrative Username to use
  25.         -p : Administrative Password to use
  27.     -f, --filter
  28.         Load a filter from file
  30.     -o, --output-file
  31.         Specify a file to export logs matching filter to
  33. Notes:
  34.     If -o is omitted in any command, all output is dumped to standard output.
  35.     If -f is omitted in any command, an empty filter is used.
  36.     if -p has no value set, it will be prompted.

Branch Descriptions

Interactive_menu:

  1. This branch was created to contain the changes made while working on an interactive menu.
  2. Status: On Hold
  3. Detailed: Created 10APR19
  4.       Put on hold 04SEP19

Roadmap

Branch Descriptions

Credit Where Credit is Due

Menu Creation

whodunnit_summary_report_1647576728226.docx