v2.4.1 (#137)

## Pull Request Template

### Prerequisites

<!-- Take a couple of minutes to help our maintainers work faster by
checking of the pre-requisites. -->
<!-- To tick the checkboxes replace the space with an 'x', so [ ]
becomes [x] . -->

- [x] I have
[searched](https://github.com/DefinetlyNotAI/Logicytics/pulls) for
duplicate or closed issues.
- [x] I have read the [contributing
guidelines](https://github.com/DefinetlyNotAI/Logicytics/blob/main/CONTRIBUTING.md).
- [x] I have followed the instructions in the
[wiki](https://github.com/DefinetlyNotAI/Logicytics/wiki) about
contributions.
- [x] I have updated the documentation accordingly, if required.
- [x] I have tested my code with the `--dev` flag, if required.

### PR Type

<!-- Take a couple of minutes to help our maintainers work faster by
telling us what is the PR guided on. -->
<!-- To tick the checkboxes replace the space with an 'x', so [ ]
becomes [x] . -->

- [x] Bug fix <!-- Non-Breaking Bug Fix - Usually relates to fixing an
issue -->
- [x] New feature <!-- Non-Breaking Change that adds a new feature -->
- [x] Refactoring <!-- Non-Breaking Change that modifies existing code
to refactor it to become more organised -->
- [x] Documentation
update <!-- Non-Breaking Change that modifies existing documentation to
refactor it or add extra comments - either wiki, md files or code is
included here -->
- [ ] ⚠️ Breaking change ⚠️ <!-- Breaking Bug Fix / New Addition that
changes how Logicytics works -->

### Description

<!-- REQUIRED: Provide a summary of the PR and what you expected to
happen. -->

Ehh, fixed bugs that made half of the program not run

### Motivation and Context

<!-- REQUIRED: Why is this PR required? What problem does it solve? Why
do you want to do it? -->

Many minor and major bugs

### Credit

<!-- If this PR is a contribution, please mention the contributors here
using the appropriate syntax. -->

<!--
### File-Created/CONTRIBUTION by MAIN-Username
What you did, created, removed, refactored, fixed, or discovered.
- [Your GitHub Username](https://github.com/YourGitHubLink)
- [Your GitHub Username](https://github.com/YourGitHubLink) etc...
-->

_N/A_

### Issues Fixed

<!-- REQUIRED: What issues will be fixed? (Format: "#50, #23" etc.) if
none exist type _N/A_ -->

_N/A_

CODE/__lib_class.py

@@ -1,13 +1,15 @@
 from __future__ import annotations
+
 import argparse
+import ctypes
 import json
 import os
-import subprocess
-import ctypes
 import os.path
+import subprocess
 import zipfile
-from subprocess import CompletedProcess
 from pathlib import Path
+from subprocess import CompletedProcess
+
 from __lib_log import Log
 
 
@@ -310,7 +312,7 @@ def uac() -> bool:
         return int(value.strip("\n")) == 1
 
     @staticmethod
-    def sys_internal_zip():
+    def sys_internal_zip() -> str:
         """
         Extracts the SysInternal_Suite zip file if it exists and is not ignored.
 
@@ -331,49 +333,30 @@ def sys_internal_zip():
                         "SysInternal_Suite/SysInternal_Suite.zip"
                 ) as zip_ref:
                     zip_ref.extractall("SysInternal_Suite")
-                if __name__ == "__main__":
-                    Log({"log_level": DEBUG}).debug("SysInternal_Suite zip extracted")
+                    return "SysInternal_Suite zip extracted"
 
             elif ignore_file:
-                if __name__ == "__main__":
-                    Log({"log_level": DEBUG}).debug(
-                        "Found .sys.ignore file, skipping SysInternal_Suite zip extraction"
-                    )
+                return "Found .sys.ignore file, skipping SysInternal_Suite zip extraction"
 
         except Exception as err:
             exit(f"Failed to unzip SysInternal_Suite: {err}")
 
 
 class Execute:
     @classmethod
-    def file(cls, execution_list: list, Index: int):
-        # IT IS USED, DO NOT REMOVE
-        """
-        Executes a file from the execution list at the specified index.
-        Parameters:
-            Index (int): The index of the file to be executed in the execution list.
-            execution_list (list): List to use when indexing
-        Returns:
-            None
-        """
-        cls.script(execution_list[Index])
-        if __name__ == "__main__":
-            Log().info(f"{execution_list[Index]} executed")
-
-    @classmethod
-    def script(cls, script_path: str):
+    def script(cls, script_path: str) -> list[list[str]] | None:
         """
         Executes a script file and handles its output based on the file extension.
         Parameters:
             script_path (str): The path of the script file to be executed.
         """
-        if script_path.endswith(".ps1"):
-            cls.__unblock_ps1_script(script_path)
-            cls.__run_other_script(script_path)
-        elif script_path.endswith(".py"):
+        if script_path.endswith(".py"):
             cls.__run_python_script(script_path)
+            return None
         else:
-            cls.__run_other_script(script_path)
+            if script_path.endswith(".ps1"):
+                cls.__unblock_ps1_script(script_path)
+            return cls.__run_other_script(script_path)
 
     @staticmethod
     def command(command: str) -> str:
@@ -401,8 +384,6 @@ def __unblock_ps1_script(script: str):
         try:
             unblock_command = f'powershell.exe -Command "Unblock-File -Path {script}"'
             subprocess.run(unblock_command, shell=False, check=True)
-            if __name__ == "__main__":
-                Log().info("PS1 Script unblocked.")
         except Exception as err:
             exit(f"Failed to unblock script: {err}")
 
@@ -421,23 +402,23 @@ def __run_python_script(script: str):
         # LEAVE AS PRINT
         print(result.decode())
 
-    @staticmethod
-    def __run_other_script(script: str):
+    @classmethod
+    def __run_other_script(cls, script: str) -> list[list[str]]:
         """
         Runs a script with other extensions and logs output based on its content.
         Parameters:
             script (str): The path of the script.
         Returns:
             None
         """
-
-        result = subprocess.run(
-            ["powershell.exe", ".\\" + script], capture_output=True, text=True
-        )
-        lines = result.stdout.splitlines()
-        ID = next((line.split(":")[0].strip() for line in lines if ":" in line), None)
-        if ID and __name__ == "__main__":
-            Log().string(str(lines), ID)
+        result = cls.command(f"powershell.exe -File {script}")
+        lines = result.splitlines()
+        messages = []
+        for line in lines:
+            if ":" in line:
+                id_part, message_part = line.split(":", 1)
+                messages.append([message_part.strip(), id_part.strip()])
+        return messages
 
 
 class Get:

CODE/__lib_log.py

@@ -221,6 +221,12 @@ def __internal(self, message):
         if self.color and message != "None" and message is not None:
             colorlog.log(self.INTERNAL_LOG_LEVEL, str(message))
 
+    def execute_log_parse(self, message_log):
+        if message_log:
+            for message_list in message_log:
+                if len(message_list) == 2:
+                    self.string(message_list[0], message_list[1])
+
 
 if __name__ == "__main__":
     Log().exception(

CODE/_dev.py

@@ -65,8 +65,7 @@ def dev_checks(self) -> str | None:
             ("Have you made files you don't want to be run start with '_'?", "."),
             ("Have you added the file to CODE dir?", "."),
             ("Have you added docstrings and comments?", "../CONTRIBUTING.md"),
-            ("Is each file containing no more than 1 feature?", "../CONTRIBUTING.md"),
-            ("Have you NOT modified __wrapper__.py without authorization?", "Logicytics.py"),
+            ("Is each file containing around 1 main feature?", "../CONTRIBUTING.md"),
         ]
         try:
             for question, file_to_open in checks:

CODE/_zipper.py

@@ -36,13 +36,13 @@ class Zip:
     @staticmethod
     def __get_files_to_zip(path: str) -> list:
         """
-        Returns a list of files to be zipped, excluding certain file types and names.
+        Returns a list of files and directories to be zipped, excluding certain file types and names.
 
         Args:
             path (str): The directory path to search for files.
 
         Returns:
-            list: A list of file names to be zipped.
+            list: A list of file and directory names to be zipped.
         """
         return [
             f
@@ -66,7 +66,12 @@ def __create_zip_file(path: str, files: list, filename: str):
         """
         with zipfile.ZipFile(f"{filename}.zip", "w") as zip_file:
             for file in files:
-                zip_file.write(os.path.join(path, file))
+                if os.path.isdir(os.path.join(path, file)):
+                    for root, _, files in os.walk(os.path.join(path, file)):
+                        for f in files:
+                            zip_file.write(os.path.join(root, f), os.path.relpath(os.path.join(root, f), path))
+                else:
+                    zip_file.write(os.path.join(path, file))
 
     @staticmethod
     def __remove_files(path: str, files: list):

CODE/browser_miner.ps1

@@ -47,7 +47,7 @@ $fullSourcePath = $sourcePath -replace '\{\}', $currentUser
 # Enhanced error checking for source path existence and accessibility
 if (-not (Test-PathAndAccess $fullSourcePath))
 {
-    Write-Host "ERROR: Source path $fullSourcePath does not exist or cannot be accessed."
+    Write-Host "WARNING: Source path $fullSourcePath does not exist or cannot be accessed."
 continue
 }
 
@@ -84,9 +84,7 @@ Write-Host "INFO: Successfully copied $fullSourcePath to $destinationPath"
 catch
 {
     # Detailed error handling
-    Write-Host "ERROR: An error occurred while copying $fullSourcePath to $destinationPath. Error: $_"
+    Write-Host "ERROR: An error occurred while copying $fullSourcePath to $destinationPath : $_"
 exit
 }
 }
-
-# TODO Test me

CODE/config.json

@@ -1,6 +1,6 @@
 {
     "Log Level Debug?": false,
-    "VERSION": "2.4.0",
+    "VERSION": "2.4.1",
     "CURRENT_FILES": [
         "browser_miner.ps1",
         "cmd_commands.py",
@@ -15,7 +15,7 @@
         "ssh_miner.py",
         "sys_internal.py",
         "tasklist.py",
-        "tree.bat",
+        "tree.ps1",
         "wifi_stealer.py",
         "window_feature_miner.ps1",
         "wmic.py",

CODE/media_backup.py

@@ -60,4 +60,3 @@ def backup(self):
 
 
 Media().backup()
-# TODO Test me

CODE/registry.py

@@ -16,11 +16,12 @@ def backup_registry():
     cmd = [reg_path, "export", "HKLM", export_path]
 
     try:
-        subprocess.run(cmd, check=True)
-        log.info(f"Registry backed up successfully to {export_path}")
+        result = subprocess.run(cmd, check=True, capture_output=True, text=True)
+        log.info(f"Registry backed up successfully to {export_path}. Output: {result.stdout}")
     except subprocess.CalledProcessError as e:
+        log.error(f"Failed to back up the registry: {e}. More details: {result.stderr}")
+    except Exception as e:
         log.error(f"Failed to back up the registry: {e}")
 
 
 backup_registry()
-# TODO Fix the issue of random operation completion message not adhering colorlog

CODE/ssh_miner.py

@@ -44,4 +44,3 @@ def ssh_miner():
 
 
 ssh_miner()
-# TODO Test me

CODE/tree.ps1

@@ -0,0 +1,9 @@
+Write-Host "INFO: Starting Tree Command"
+
+# Define the output file name as Tree.txt
+$outputFile = "Tree.txt"
+
+# Run the tree command and redirect the output to the file
+tree /f C:\ | Out-File -FilePath $outputFile -Force
+
+Write-Host "INFO: Saved $outputFile"

Plans.md → PLANS.md

@@ -2,9 +2,9 @@
 
 | Task                                                                                                                 | Version |
 |----------------------------------------------------------------------------------------------------------------------|---------|
-| Check todos                                                                                                          | v2.4.1  |
-| Refactor logicytics                                                                                                  | v2.4.1  |
+| Docstring everything again                                                                                           | v2.4.2  |
 | Implement a parser for Windows Event Logs to extract and analyze security-related events.                            | v2.4.2  |
 | Enable integration with popular SIEM (Security Information and Event Management) systems.                            | v2.5.0  |
 | Add a tool to capture and analyse network traffic, which can help in forensic investigations.                        | v2.5.0  |
+| Change config.json to config.ini                                                                                     | v2.5.0  |
 | Integrate machine learning algorithms to detect anomalies and potential security threats automatically and log them. | v3.0.0  |

README.md

@@ -73,10 +73,10 @@ This opens a help menu.
 Once you have run the program, you can run the program with the following command:
 `python Logicytics.py -h`
 Replace the flags with the ones you want to use.
-you must have admin privelages while running!
+you must have admin privileges while running!
 
 > [!TIP]
-> Although its really recommended to use admin, by setting debug in the config.json to true, you can bypass this requirement
+> Although it's really recommended to use admin, by setting debug in the config.json to true, you can bypass this requirement
 
 6) Wait for magic to happen 🧙‍♀️
 Logicytics will now run and gather data according to the flags you used.
@@ -102,7 +102,8 @@ If you have an idea or want to contribute to the project, you can submit an issu
 After running and successfully collecting data, you may traverse the ACCESS directory as much as you like,
 Remove add and delete files, it's the safest directory where your backups, hashes, data zips and logs are found.
 
-Also watch this [video](https://www.youtube.com/watch?v=XVTBmdTQqOs) for a better understanding of Logicytics
+> [!TIP]
+> Watch this [video](https://www.youtube.com/watch?v=XVTBmdTQqOs) for a better understanding of Logicytics
 
 ## 🔧 Configuration 🔧
 
@@ -155,7 +156,7 @@ The `--modded` flag can also be used to run custom scripts.
 If you want to run a custom script with the `--modded` flag, 
 you can add the script to the `MODS` directory, and it will be run with the `--modded` flag.
 
-To check all the mods and how to make your own, you can check the `Logicytics.py` file and the WIKI.
+To check all the mods and how to make your own, you can check the `Logicytics.py` file and the Wiki.
 Also refer to the contributing.md for more info
 
 ## 🛑 Troubleshooting 🛑
@@ -180,7 +181,7 @@ If those don't work attempt:
 
 ### Support Resources
 
-Check out the [GitHub wiki](https://github.com/DefinetlyNotAI/Logicytics/wiki) for help
+Check out the [GitHub wiki](https://github.com/DefinetlyNotAI/Logicytics/wiki) for help.
 
 ## 📊 Data Analysis 📊
 
@@ -190,7 +191,8 @@ Logicytics extracts a wide range of data points on a Windows system.
 
 Here are some of the data points that Logicytics extracts:
 
-Don't recreate these:
+> [!IMPORTANT]
+> Don't recreate these as then it's a waste of time for you
 
 <table>
   <tr>
@@ -283,7 +285,8 @@ Don't recreate these:
 This is not an exhaustive list, 
 but it should give you a good idea of what data Logicytics is capable of extracting.
 
-**Any file with `_` is not counted here, do note they may range from custom libraries to special files/wrappers**
+> [!NOTE]
+> **Any file with `_` is not counted here, do note they may range from custom libraries to special files/wrappers**
 
 ### Want to create your own mod?
 
@@ -301,7 +304,10 @@ special tools
 
 ### Want to create your own mod?
 
-Check out the [contributing guidlines](CONTRIBUTING.md) file for more info
+Check out the [contributing guidlines](CONTRIBUTING.md) file for more info, as well as the [wiki guidelines](https://github.com/DefinetlyNotAI/Logicytics/wiki/5-Contribution-Guidelines) for more info
+
+> [!IMPORTANT]
+> Always adhere to the [coding standards](https://github.com/DefinetlyNotAI/Logicytics/wiki/6-Coding-Standards) of Logicytics!
 
 ## 🌟 Conclusion 🌟
 
@@ -311,15 +317,14 @@ from forensics to system information gathering.
 Its ability to extract data from various sources makes it a valuable tool
 for any Windows system administrator or forensic investigator.
 
-### 📣 Note
-
-Please remember that extracting data from a system without proper authorization is illegal and unethical.
-Always obtain proper authorization before extracting any data from a system.
+> [!CAUTION]
+> Please remember that extracting data from a system without proper authorization is illegal and unethical.
+> Always obtain proper authorization before extracting any data from a system.
 
 ### 🔗 Links
 
 - [Project's Wiki](https://github.com/DefinetlyNotAI/Logicytics/wiki)
-- [Project's Future](https://definetlynotai.github.io/Logicytics/WEB/roadmap.html)
+- [Project's Future](PLANS.md)
 - [Project's License](LICENSE)
 
 ### License