From 19fb91f14acb4c6b8e99613b34203ebad01b6611 Mon Sep 17 00:00:00 2001 From: ski-sketch Date: Thu, 12 Dec 2024 10:24:49 +0400 Subject: [PATCH 01/16] Fixed minor bug --- .idea/Logicytics.iml | 3 ++- requirements.txt | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.idea/Logicytics.iml b/.idea/Logicytics.iml index 235b40b..e3f0575 100644 --- a/.idea/Logicytics.iml +++ b/.idea/Logicytics.iml @@ -18,8 +18,9 @@ + - + diff --git a/requirements.txt b/requirements.txt index 137a2a8..ab14f73 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,7 +1,6 @@ configobj~=5.0.9 joblib~=1.3.2 matplotlib~=3.8.4 -torch~=2.5.1+cu124 xgboost~=2.1.3 scikit-learn~=1.5.2 Faker~=30.3.0 @@ -21,3 +20,4 @@ seaborn~=0.13.2 torchviz~=0.0.3 plotly~=5.24.1 tqdm~=4.66.6 +pywin32 From 4657d2d45a61f123fc3dda0486f746b3bc2e1a1c Mon Sep 17 00:00:00 2001 From: ski-sketch Date: Thu, 12 Dec 2024 10:34:45 +0400 Subject: [PATCH 02/16] Syntax Inspections Fixed some minor errors, as well as renamed some functions --- CODE/Logicytics.py | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/CODE/Logicytics.py b/CODE/Logicytics.py index 381becb..0a5a989 100644 --- a/CODE/Logicytics.py +++ b/CODE/Logicytics.py @@ -83,14 +83,14 @@ def get_flags(): If the flags are not a tuple, it prints the help message and exits the program. """ + global ACTION, SUB_ACTION if isinstance(Flag.data(), tuple): - global ACTION, SUB_ACTION try: # Get flags ACTION, SUB_ACTION = Flag.data() except Exception: - ACTIONS = Flag.data() - ACTION = ACTIONS[0] + actions = Flag.data() + ACTION = actions[0] SUB_ACTION = None else: parser = Flag.data() @@ -274,12 +274,12 @@ def threaded_execution(execution_list_thread, index_thread): log.debug("Using threading") threads = [] - EXECUTION_LIST = generate_execution_list() - for index, file in enumerate(EXECUTION_LIST): + execution_list = generate_execution_list() + for index, file in enumerate(execution_list): thread = threading.Thread( target=threaded_execution, args=( - EXECUTION_LIST, + execution_list, index, ), ) @@ -290,14 +290,14 @@ def threaded_execution(execution_list_thread, index_thread): thread.join() elif ACTION == "performance_check": execution_times = [] - EXECUTION_LIST = generate_execution_list() - for file in range(len(EXECUTION_LIST)): + execution_list = generate_execution_list() + for file in range(len(execution_list)): start_time = datetime.now() - log.parse_execution(Execute.script(EXECUTION_LIST[file])) + log.parse_execution(Execute.script(execution_list[file])) end_time = datetime.now() elapsed_time = end_time - start_time execution_times.append((file, elapsed_time)) - log.info(f"{EXECUTION_LIST[file]} executed in {elapsed_time}") + log.info(f"{execution_list[file]} executed in {elapsed_time}") table = PrettyTable() table.field_names = ["Script", "Execution Time"] @@ -313,10 +313,10 @@ def threaded_execution(execution_list_thread, index_thread): log.info("Performance check complete! Performance log found in ACCESS/LOGS/PERFORMANCE") else: try: - EXECUTION_LIST = generate_execution_list() - for file in range(len(EXECUTION_LIST)): # Loop through List - log.parse_execution(Execute.script(EXECUTION_LIST[file])) - log.info(f"{EXECUTION_LIST[file]} executed") + execution_list = generate_execution_list() + for file in range(len(execution_list)): # Loop through List + log.parse_execution(Execute.script(execution_list[file])) + log.info(f"{execution_list[file]} executed") except UnicodeDecodeError as e: log.error(f"Error in code: {e}") except Exception as e: From 37ecf25d6874cebec4de5f8b3e794a6626fd7bc5 Mon Sep 17 00:00:00 2001 From: ski-sketch Date: Thu, 12 Dec 2024 10:41:09 +0400 Subject: [PATCH 03/16] Fixed some logging bugs --- CODE/packet_sniffer.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CODE/packet_sniffer.py b/CODE/packet_sniffer.py index 5b02bf9..8dc36cf 100644 --- a/CODE/packet_sniffer.py +++ b/CODE/packet_sniffer.py @@ -78,7 +78,7 @@ def get_port_info(packet: IP, port_type: str) -> int | None: @log.function def print_packet_summary(packet_info: dict): """Prints a summary of the captured packet.""" - log.info(f"Packet captured: {packet_info['protocol']} packet from {packet_info['src_ip']} " + log.debug(f"Packet captured: {packet_info['protocol']} packet from {packet_info['src_ip']} " f"to {packet_info['dst_ip']} | Src Port: {packet_info['src_port']} | Dst Port: {packet_info['dst_port']}") @@ -162,7 +162,7 @@ def visualize_graph(node_colors: str = None, node_sizes: str = None): nx.draw_networkx_edge_labels(G, pos, edge_labels=edge_labels) plt.title("Network Connections Graph") plt.savefig("network_connections_graph.png") - plt.show() + plt.close() @log.function From 4d9ae4ca97b59bc46c47d0e5f8ff4a43a2630223 Mon Sep 17 00:00:00 2001 From: ski-sketch Date: Thu, 12 Dec 2024 10:46:47 +0400 Subject: [PATCH 04/16] Added bluetooth_details.py --- CODE/bluetooth_details.py | 51 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 CODE/bluetooth_details.py diff --git a/CODE/bluetooth_details.py b/CODE/bluetooth_details.py new file mode 100644 index 0000000..4dfd19a --- /dev/null +++ b/CODE/bluetooth_details.py @@ -0,0 +1,51 @@ +import win32com.client + +from logicytics import Log, DEBUG + +if __name__ == "__main__": + log = Log({"log_level": DEBUG}) + +def get_bluetooth_device_details(): + """ + Retrieves and logs detailed information about Bluetooth devices on the system. + + The function connects to the Windows Management Instrumentation (WMI) service and queries for devices + whose names contain the term 'Bluetooth'. It writes the information to a text file named 'Bluetooth Info.txt'. + + Information for each device includes: + - Name + - Device ID + - Description + - Manufacturer + - Status + - PNP Device ID + + Logs errors if any issues are encountered during the process. + + Returns: + None + """ + log.info("Fetching detailed info for Bluetooth devices...") + try: + locator = win32com.client.Dispatch("WbemScripting.SWbemLocator") + service = locator.ConnectServer(".", "root\\cimv2") + + devices = service.ExecQuery("SELECT * FROM Win32_PnPEntity WHERE Name LIKE '%Bluetooth%'") + + # Make sure it exists first + with open("Bluetooth Info.txt", "w", encoding="UTF-8") as f: + for device in devices: + log.info(f"Name: {device.Name}") + f.write(f"Name: {device.Name}\n") + f.write(f" Device ID: {device.DeviceID}\n") + f.write(f" Description: {device.Description}\n") + f.write(f" Manufacturer: {device.Manufacturer}\n") + f.write(f" Status: {device.Status}\n") + f.write(f" PNP Device ID: {device.PNPDeviceID}\n") + f.write("-" * 50) + f.write("\n\n") + except Exception as e: + log.error(f"Error: {e}") + + +get_bluetooth_device_details() From 884a76057496337036a8625215cc869f1ab4e2c6 Mon Sep 17 00:00:00 2001 From: ski-sketch Date: Thu, 12 Dec 2024 10:48:40 +0400 Subject: [PATCH 05/16] Updated --dev --- CODE/config.ini | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CODE/config.ini b/CODE/config.ini index 65a2e6d..edef834 100644 --- a/CODE/config.ini +++ b/CODE/config.ini @@ -9,8 +9,8 @@ delete_old_logs = false [System Settings] # Do not play with these settings unless you know what you are doing -version = 3.1.0 -files = "browser_miner.ps1, cmd_commands.py, dir_list.py, dump_memory.py, event_log.py, Logicytics.py, log_miner.py, media_backup.py, netadapter.ps1, packet_sniffer.py, property_scraper.ps1, registry.py, sensitive_data_miner.py, ssh_miner.py, sys_internal.py, tasklist.py, tree.ps1, vulnscan.py, wifi_stealer.py, window_feature_miner.ps1, wmic.py, _debug.py, _dev.py, _extra.py, logicytics\Checks.py, logicytics\Execute.py, logicytics\FileManagement.py, logicytics\Flag.py, logicytics\Get.py, logicytics\Logger.py, logicytics\__init__.py, VulnScan\tools\_study_network.py, VulnScan\tools\_test_gpu_acceleration.py, VulnScan\tools\_vectorizer.py, VulnScan\v2-deprecated\_generate_data.py, VulnScan\v2-deprecated\_train.py, VulnScan\v3\_generate_data.py, VulnScan\v3\_train.py" +version = 3.1.1 +files = "bluetooth_details.py, browser_miner.ps1, cmd_commands.py, dir_list.py, dump_memory.py, event_log.py, Logicytics.py, log_miner.py, media_backup.py, netadapter.ps1, packet_sniffer.py, property_scraper.ps1, registry.py, sensitive_data_miner.py, ssh_miner.py, sys_internal.py, tasklist.py, tree.ps1, vulnscan.py, wifi_stealer.py, window_feature_miner.ps1, wmic.py, _debug.py, _dev.py, _extra.py, logicytics\Checks.py, logicytics\Execute.py, logicytics\FileManagement.py, logicytics\Flag.py, logicytics\Get.py, logicytics\Logger.py, logicytics\__init__.py, VulnScan\tools\_study_network.py, VulnScan\tools\_test_gpu_acceleration.py, VulnScan\tools\_vectorizer.py, VulnScan\v2-deprecated\_generate_data.py, VulnScan\v2-deprecated\_train.py, VulnScan\v3\_generate_data.py, VulnScan\v3\_train.py" ################################################### # The following settings are for specific modules # From a2000bcf04763b63277acaebd674b8d77ff934aa Mon Sep 17 00:00:00 2001 From: ski-sketch Date: Thu, 12 Dec 2024 12:50:59 +0400 Subject: [PATCH 06/16] Fixing bugs and issues --- CODE/Logicytics.py | 10 +++++----- CODE/_dev.py | 17 ++++++++++++++--- CODE/bluetooth_details.py | 22 ++++++++++++---------- CODE/packet_sniffer.py | 5 +++-- 4 files changed, 34 insertions(+), 20 deletions(-) diff --git a/CODE/Logicytics.py b/CODE/Logicytics.py index 0a5a989..e78b9a6 100644 --- a/CODE/Logicytics.py +++ b/CODE/Logicytics.py @@ -88,7 +88,7 @@ def get_flags(): try: # Get flags ACTION, SUB_ACTION = Flag.data() - except Exception: + except ValueError: actions = Flag.data() ACTION = actions[0] SUB_ACTION = None @@ -275,7 +275,7 @@ def threaded_execution(execution_list_thread, index_thread): log.debug("Using threading") threads = [] execution_list = generate_execution_list() - for index, file in enumerate(execution_list): + for index, _ in enumerate(execution_list): thread = threading.Thread( target=threaded_execution, args=( @@ -314,9 +314,9 @@ def threaded_execution(execution_list_thread, index_thread): else: try: execution_list = generate_execution_list() - for file in range(len(execution_list)): # Loop through List - log.parse_execution(Execute.script(execution_list[file])) - log.info(f"{execution_list[file]} executed") + for script in execution_list: # Loop through List + log.parse_execution(Execute.script(script)) + log.info(f"{script} executed") except UnicodeDecodeError as e: log.error(f"Error in code: {e}") except Exception as e: diff --git a/CODE/_dev.py b/CODE/_dev.py index 18755ea..7b38f57 100644 --- a/CODE/_dev.py +++ b/CODE/_dev.py @@ -88,9 +88,20 @@ def dev_checks() -> None: # Get the list of code files in the current directory files = Get.list_of_code_files(".") - added_files = [f.replace('"', '') for f in files if f not in CURRENT_FILES] - removed_files = [f.replace('"', '') for f in CURRENT_FILES if f not in files] - normal_files = [f.replace('"', '') for f in files if f in CURRENT_FILES] + added_files, removed_files, normal_files = [], [], [] + clean_files_list = [file.replace('"', '') for file in CURRENT_FILES] + + for f in files: + clean_f = f.replace('"', '') + if clean_f in clean_files_list: + normal_files.append(clean_f) + else: + added_files.append(clean_f) + + for f in clean_files_list: + clean_f = f.replace('"', '') + if clean_f not in files: + removed_files.append(clean_f) # Print the list of added, removed, and normal files in color print("\n".join([f"\033[92m+ {file}\033[0m" for file in added_files])) # Green + diff --git a/CODE/bluetooth_details.py b/CODE/bluetooth_details.py index 4dfd19a..0330d79 100644 --- a/CODE/bluetooth_details.py +++ b/CODE/bluetooth_details.py @@ -32,18 +32,20 @@ def get_bluetooth_device_details(): devices = service.ExecQuery("SELECT * FROM Win32_PnPEntity WHERE Name LIKE '%Bluetooth%'") - # Make sure it exists first + # Making sure it exists first with open("Bluetooth Info.txt", "w", encoding="UTF-8") as f: for device in devices: - log.info(f"Name: {device.Name}") - f.write(f"Name: {device.Name}\n") - f.write(f" Device ID: {device.DeviceID}\n") - f.write(f" Description: {device.Description}\n") - f.write(f" Manufacturer: {device.Manufacturer}\n") - f.write(f" Status: {device.Status}\n") - f.write(f" PNP Device ID: {device.PNPDeviceID}\n") - f.write("-" * 50) - f.write("\n\n") + device_info = { + 'Name': getattr(device, 'Name', 'Unknown'), + 'Device ID': getattr(device, 'DeviceID', 'Unknown'), + 'Description': getattr(device, 'Description', 'Unknown'), + 'Manufacturer': getattr(device, 'Manufacturer', 'Unknown'), + 'Status': getattr(device, 'Status', 'Unknown'), + 'PNP Device ID': getattr(device, 'PNPDeviceID', 'Unknown') + } + log.info(f"Name: {device_info['Name']}") + for key, value in device_info.items(): + f.write(f"{key}: {value}\n" if key == 'Name' else f" {key}: {value}\n") except Exception as e: log.error(f"Error: {e}") diff --git a/CODE/packet_sniffer.py b/CODE/packet_sniffer.py index 8dc36cf..28523a3 100644 --- a/CODE/packet_sniffer.py +++ b/CODE/packet_sniffer.py @@ -171,8 +171,9 @@ def main(): packet_count = int(config['packet_count']) timeout = int(config['timeout']) - if packet_count == 0 or timeout == 0: - log.error("Invalid packet count or timeout value. Please check the configuration.") + if packet_count <= 0 or timeout <= 0: + log.error(f"Invalid values: packet_count ({packet_count}) and timeout ({timeout}) must be positive") + exit(1) try: start_sniffing(interface, packet_count, timeout) From 1847c414cdb322daad6ab96cfe44d49e93ab4f06 Mon Sep 17 00:00:00 2001 From: ski-sketch Date: Thu, 12 Dec 2024 13:01:57 +0400 Subject: [PATCH 07/16] Fixing bugs and issues Also insuring efficiency --- .github/CODEOWNERS | 3 +- CODE/bluetooth_details.py | 69 ++++++++++++++++++++++++++++++--------- CODE/packet_sniffer.py | 6 +++- 3 files changed, 61 insertions(+), 17 deletions(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index cf1f9ca..0bb6d3c 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1,3 +1,4 @@ * @DefinetlyNotAI wifi_stealer.py @ski-sketch -packet_sniffer.py @ski-sketch \ No newline at end of file +packet_sniffer.py @ski-sketch +bluetooth_details.py @ski-sketch \ No newline at end of file diff --git a/CODE/bluetooth_details.py b/CODE/bluetooth_details.py index 0330d79..3f3f4e0 100644 --- a/CODE/bluetooth_details.py +++ b/CODE/bluetooth_details.py @@ -5,6 +5,7 @@ if __name__ == "__main__": log = Log({"log_level": DEBUG}) + def get_bluetooth_device_details(): """ Retrieves and logs detailed information about Bluetooth devices on the system. @@ -26,28 +27,66 @@ def get_bluetooth_device_details(): None """ log.info("Fetching detailed info for Bluetooth devices...") + try: + devices = _query_bluetooth_devices() + _write_device_info_to_file(devices, "Bluetooth Info.txt") + except Exception as e: + log.error(f"Error: {e}") + exit(1) + + +def _query_bluetooth_devices(): + """ + Queries the WMI service for Bluetooth devices. + + Returns: + list: A list of device information dictionaries. + """ try: locator = win32com.client.Dispatch("WbemScripting.SWbemLocator") service = locator.ConnectServer(".", "root\\cimv2") - devices = service.ExecQuery("SELECT * FROM Win32_PnPEntity WHERE Name LIKE '%Bluetooth%'") + except Exception as e: + log.error(f"Failed to query Bluetooth devices: {e}") + exit(1) - # Making sure it exists first - with open("Bluetooth Info.txt", "w", encoding="UTF-8") as f: - for device in devices: - device_info = { - 'Name': getattr(device, 'Name', 'Unknown'), - 'Device ID': getattr(device, 'DeviceID', 'Unknown'), - 'Description': getattr(device, 'Description', 'Unknown'), - 'Manufacturer': getattr(device, 'Manufacturer', 'Unknown'), - 'Status': getattr(device, 'Status', 'Unknown'), - 'PNP Device ID': getattr(device, 'PNPDeviceID', 'Unknown') - } - log.info(f"Name: {device_info['Name']}") + device_info_list = [] + for device in devices: + device_info = { + 'Name': getattr(device, 'Name', 'Unknown'), + 'Device ID': getattr(device, 'DeviceID', 'Unknown'), + 'Description': getattr(device, 'Description', 'Unknown'), + 'Manufacturer': getattr(device, 'Manufacturer', 'Unknown'), + 'Status': getattr(device, 'Status', 'Unknown'), + 'PNP Device ID': getattr(device, 'PNPDeviceID', 'Unknown') + } + log.info(f"Retrieved device: {device_info['Name']}") + device_info_list.append(device_info) + + return device_info_list + + +def _write_device_info_to_file(devices, filename): + """ + Writes the details of the Bluetooth devices to a file. + + Args: + devices (list): List of device information dictionaries. + filename (str): Name of the file to write to. + + Returns: + None + """ + try: + with open(filename, "w", encoding="UTF-8") as f: + for device_info in devices: for key, value in device_info.items(): - f.write(f"{key}: {value}\n" if key == 'Name' else f" {key}: {value}\n") + formatted_line = f"{key}: {value}\n" if key == 'Name' else f" {key}: {value}\n" + f.write(formatted_line) + f.write("\n") # Separate devices with a blank line except Exception as e: - log.error(f"Error: {e}") + log.error(f"Failed to write device information to file: {e}") + exit(1) get_bluetooth_device_details() diff --git a/CODE/packet_sniffer.py b/CODE/packet_sniffer.py index 28523a3..d016d02 100644 --- a/CODE/packet_sniffer.py +++ b/CODE/packet_sniffer.py @@ -172,7 +172,11 @@ def main(): timeout = int(config['timeout']) if packet_count <= 0 or timeout <= 0: - log.error(f"Invalid values: packet_count ({packet_count}) and timeout ({timeout}) must be positive") + log.error( + f"Oops! Can't work with these values:\n" + f"- Packet count: {packet_count} {'❌ (must be > 0)' if packet_count <= 0 else '✅'}\n" + f"- Timeout: {timeout} {'❌ (must be > 0)' if timeout <= 0 else '✅'}" + ) exit(1) try: From 068110479eb3aa9400c9dd326f3be2337a608995 Mon Sep 17 00:00:00 2001 From: ski-sketch Date: Mon, 16 Dec 2024 07:34:44 +0400 Subject: [PATCH 08/16] Added bluetooth_logger.py Also fixed minor bugs in bluetooth_details.py --- CODE/bluetooth_details.py | 26 ++++++-- CODE/bluetooth_logger.py | 136 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 156 insertions(+), 6 deletions(-) create mode 100644 CODE/bluetooth_logger.py diff --git a/CODE/bluetooth_details.py b/CODE/bluetooth_details.py index 3f3f4e0..fccd57c 100644 --- a/CODE/bluetooth_details.py +++ b/CODE/bluetooth_details.py @@ -60,7 +60,7 @@ def _query_bluetooth_devices(): 'Status': getattr(device, 'Status', 'Unknown'), 'PNP Device ID': getattr(device, 'PNPDeviceID', 'Unknown') } - log.info(f"Retrieved device: {device_info['Name']}") + log.debug(f"Retrieved device: {device_info['Name']}") device_info_list.append(device_info) return device_info_list @@ -78,15 +78,29 @@ def _write_device_info_to_file(devices, filename): None """ try: - with open(filename, "w", encoding="UTF-8") as f: + with open(filename, "w", encoding="UTF-8") as file: for device_info in devices: - for key, value in device_info.items(): - formatted_line = f"{key}: {value}\n" if key == 'Name' else f" {key}: {value}\n" - f.write(formatted_line) - f.write("\n") # Separate devices with a blank line + _write_single_device_info(file, device_info) except Exception as e: log.error(f"Failed to write device information to file: {e}") exit(1) +def _write_single_device_info(file, device_info): + """ + Writes information for a single Bluetooth device to the file. + + Args: + file (TextIO): File object to write to. + device_info (dict): Dictionary containing device information. + + Returns: + None + """ + file.write(f"Name: {device_info.get('Name', 'Unknown')}\n") + for key, value in device_info.items(): + if key != 'Name': + file.write(f" {key}: {value}\n") + file.write("\n") # Separate devices with a blank line + get_bluetooth_device_details() diff --git a/CODE/bluetooth_logger.py b/CODE/bluetooth_logger.py new file mode 100644 index 0000000..b08daff --- /dev/null +++ b/CODE/bluetooth_logger.py @@ -0,0 +1,136 @@ +import winreg +import subprocess +import re +import datetime +from logicytics import Log, DEBUG + +if __name__ == "__main__": + log = Log({"log_level": DEBUG}) + +# Utility function to log collected data to a file +def log_to_file(filename, section_title, data): + """Logs collected data to a text file with a section title.""" + try: + with open(filename, 'a', encoding='utf-8') as file: + file.write(f"\n{'=' * 50}\n{section_title}\n{'=' * 50}\n") + if isinstance(data, list): + for item in data: + file.write(f"{item}\n") + else: + file.write(f"{data}\n") + file.write(f"\n{'=' * 50}\n") + except Exception as e: + log.error(f"Error writing to file {filename}: {e}") + + +# Function to collect paired Bluetooth devices +def get_paired_bluetooth_devices(): + """Retrieves paired Bluetooth devices from the Windows Registry.""" + devices = [] + try: + reg_path = r"SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Devices" + registry_key = winreg.OpenKey(winreg.HKEY_LOCAL_MACHINE, reg_path) + i = 0 + while True: + try: + device_mac = winreg.EnumKey(registry_key, i) + device_key_path = f"{reg_path}\\{device_mac}" + device_key = winreg.OpenKey(winreg.HKEY_LOCAL_MACHINE, device_key_path) + + try: + device_name, _ = winreg.QueryValueEx(device_key, "Name") + except FileNotFoundError: + device_name = "Unknown" + + devices.append(f"Device Name: {device_name}, MAC: {device_mac}") + winreg.CloseKey(device_key) + i += 1 + except OSError: + break # No more devices + except Exception as e: + log.error(f"Error reading Bluetooth devices from registry: {e}") + + return devices + + +# Function to execute PowerShell command and return results +def run_powershell_command(command): + """Runs a PowerShell command and returns the output.""" + try: + result = subprocess.run(["powershell", "-Command", command], capture_output=True, text=True) + return result.stdout.split('\n') + except Exception as e: + log.error(f"Error running PowerShell command: {e}") + return [] + + +# Function to get connection/disconnection logs from Event Viewer +def get_bluetooth_event_logs(): + """Extracts connection/disconnection logs from Event Viewer (Bluetooth).""" + powershell_command = ( + 'Get-WinEvent -LogName "Microsoft-Windows-Bluetooth-BthLEServices/Operational" ' + '| Select-Object TimeCreated, Id, Message | Format-Table -AutoSize' + ) + logs = run_powershell_command(powershell_command) + return logs + + +# Function to get Bluetooth file transfer logs +def get_bluetooth_file_transfer_logs(): + """Extracts Bluetooth file transfer logs from Event Viewer.""" + powershell_command = ( + 'Get-WinEvent -LogName "Microsoft-Windows-Bluetooth-BthLEServices/Operational" ' + '| Select-Object TimeCreated, Id, Message | Format-Table -AutoSize' + ) + log_output = run_powershell_command(powershell_command) + + transfer_logs = [] + try: + transfer_logs = re.findall(r'.*Bluetooth.*file.*transferred.*', '\n'.join(log_output), re.IGNORECASE) + except Exception as e: + log.error(f"Error parsing file transfer logs: {e}") + + return transfer_logs + + +# Main function to collect and log all Bluetooth data + + +def main(): + filename = "bluetooth_data.txt" + current_time = datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S") + log_to_file(filename, "Bluetooth Data Collection - Timestamp", current_time) + + log.info("Collecting Paired Bluetooth Devices...") + paired_devices = get_paired_bluetooth_devices() + if paired_devices: + log_to_file(filename, "Paired Bluetooth Devices", paired_devices) + for device in paired_devices: + log.debug(device) + else: + log.warning("No paired Bluetooth devices found.") + log_to_file(filename, "Paired Bluetooth Devices", "No paired Bluetooth devices found.") + + log.info("Collecting Bluetooth Connection/Disconnection Logs...") + bluetooth_logs = get_bluetooth_event_logs() + if bluetooth_logs: + log_to_file(filename, "Bluetooth Connection/Disconnection Logs", bluetooth_logs) + for log_for in bluetooth_logs: + log.debug(log_for) + else: + log.warning("No Bluetooth connection/disconnection logs found.") + log_to_file(filename, "Bluetooth Connection/Disconnection Logs", "No Bluetooth connection/disconnection logs found.") + + log.info("Collecting Bluetooth File Transfer Logs...") + file_transfers = get_bluetooth_file_transfer_logs() + if file_transfers: + log_to_file(filename, "Bluetooth File Transfer Logs", file_transfers) + for transfer in file_transfers: + log.warning(transfer) + else: + log.warning("No Bluetooth file transfers found.") + log_to_file(filename, "Bluetooth File Transfer Logs", "No Bluetooth file transfers found.") # Ensure we log even if no transfers are found + + +if __name__ == "__main__": + main() \ No newline at end of file From f8d1f01441c488044437ef449dad7cebda570a30 Mon Sep 17 00:00:00 2001 From: ski-sketch Date: Mon, 16 Dec 2024 08:43:48 +0400 Subject: [PATCH 09/16] Ran --dev command --- CODE/config.ini | 2 +- README.md | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/CODE/config.ini b/CODE/config.ini index edef834..108a1a3 100644 --- a/CODE/config.ini +++ b/CODE/config.ini @@ -10,7 +10,7 @@ delete_old_logs = false [System Settings] # Do not play with these settings unless you know what you are doing version = 3.1.1 -files = "bluetooth_details.py, browser_miner.ps1, cmd_commands.py, dir_list.py, dump_memory.py, event_log.py, Logicytics.py, log_miner.py, media_backup.py, netadapter.ps1, packet_sniffer.py, property_scraper.ps1, registry.py, sensitive_data_miner.py, ssh_miner.py, sys_internal.py, tasklist.py, tree.ps1, vulnscan.py, wifi_stealer.py, window_feature_miner.ps1, wmic.py, _debug.py, _dev.py, _extra.py, logicytics\Checks.py, logicytics\Execute.py, logicytics\FileManagement.py, logicytics\Flag.py, logicytics\Get.py, logicytics\Logger.py, logicytics\__init__.py, VulnScan\tools\_study_network.py, VulnScan\tools\_test_gpu_acceleration.py, VulnScan\tools\_vectorizer.py, VulnScan\v2-deprecated\_generate_data.py, VulnScan\v2-deprecated\_train.py, VulnScan\v3\_generate_data.py, VulnScan\v3\_train.py" +files = "bluetooth_details.py, bluetooth_logger.py, browser_miner.ps1, cmd_commands.py, dir_list.py, dump_memory.py, event_log.py, Logicytics.py, log_miner.py, media_backup.py, netadapter.ps1, packet_sniffer.py, property_scraper.ps1, registry.py, sensitive_data_miner.py, ssh_miner.py, sys_internal.py, tasklist.py, tree.ps1, vulnscan.py, wifi_stealer.py, window_feature_miner.ps1, wmic.py, _debug.py, _dev.py, _extra.py, logicytics\Checks.py, logicytics\Execute.py, logicytics\FileManagement.py, logicytics\Flag.py, logicytics\Get.py, logicytics\Logger.py, logicytics\__init__.py, VulnScan\tools\_study_network.py, VulnScan\tools\_test_gpu_acceleration.py, VulnScan\tools\_vectorizer.py, VulnScan\v2-deprecated\_generate_data.py, VulnScan\v2-deprecated\_train.py, VulnScan\v3\_generate_data.py, VulnScan\v3\_train.py" ################################################### # The following settings are for specific modules # diff --git a/README.md b/README.md index 7a3e5a8..fc304eb 100644 --- a/README.md +++ b/README.md @@ -213,6 +213,8 @@ Here are some of the data points that Logicytics extracts: | event_logs.py | Produces a multiple txt files in a folder on many event logs (Security, Applications and System) | | | vulnscan.py | Uses AI/ML to detect sensitive files, and log their paths | In beta! | | dump_memory.py | Dumps some memory as well as log some RAM details | | +| bluetooth_details.py | Gets the PNP Device ID, Status, Manufacturer, Device ID, Name, Description of all paired bluetooth devices | | +| bluetooth_logger.py | Collect, log, and analyze Bluetooth-related data, by accessing the Windows registry and Event Viewer. | | This is not an exhaustive list, but it should give you a good idea of what data Logicytics is capable of extracting. From 1024f24d150d6e7ca04e83a8005117edb208c948 Mon Sep 17 00:00:00 2001 From: DefinetlyNotAI Date: Mon, 16 Dec 2024 09:01:55 +0400 Subject: [PATCH 10/16] Minor fixes --- .idea/Logicytics.iml | 5 ++--- .idea/csv-editor.xml | 16 ---------------- CODE/bluetooth_logger.py | 9 ++++++--- requirements.txt | 14 +++++++------- 4 files changed, 15 insertions(+), 29 deletions(-) delete mode 100644 .idea/csv-editor.xml diff --git a/.idea/Logicytics.iml b/.idea/Logicytics.iml index e3f0575..1d86571 100644 --- a/.idea/Logicytics.iml +++ b/.idea/Logicytics.iml @@ -20,13 +20,12 @@ - + - diff --git a/.idea/misc.xml b/.idea/misc.xml index 800e363..3214d8e 100644 --- a/.idea/misc.xml +++ b/.idea/misc.xml @@ -4,5 +4,5 @@