Here we go
()
| 1574 | HTML_LOG_CONTENT += HTML_EVENTS_TL |
| 1575 | |
| 1576 | def Main(): |
| 1577 | ''' Here we go ''' |
| 1578 | |
| 1579 | global ROOT_PATH |
| 1580 | global HTML_LOG_FILE |
| 1581 | global HOSTNAME |
| 1582 | global GEOLOCATE_WIFI_AP |
| 1583 | global OSX_VERSION |
| 1584 | |
| 1585 | HOSTNAME = socket.gethostname() |
| 1586 | Euid = str(os.geteuid()) |
| 1587 | Egid = str(os.getegid()) |
| 1588 | |
| 1589 | Parser = optparse.OptionParser(usage='usage: %prog [options]\n' + __description__ + ' v' + __version__, version='%prog ' + __version__) |
| 1590 | Parser.add_option('-p', '--path', dest='RootPath', help='Path to the OS X system to audit (e.g. /mnt/xxx). The running system will be audited if not specified') |
| 1591 | Parser.add_option('-t', '--txtoutput', dest='TxtLogFile', help='Path to the txt output log file') |
| 1592 | Parser.add_option('-H', '--htmloutput', dest='HTMLLogFile', help='Path to the HTML output log file') |
| 1593 | Parser.add_option('-z', '--ziplogs', dest='ZipLogsFile', help='Create a zip file containing all system and users\' logs. Path to directory to put the zip file in') |
| 1594 | Parser.add_option('-S', '--syslog', dest='SyslogServer', default=False, help='Syslog server to send the report to') |
| 1595 | Parser.add_option('-a', '--all', action='store_true', default=False, help='Analyze all (it is equal to -qsidbAkUe)') |
| 1596 | Parser.add_option('-q', '--quarantines', action='store_true', default=False, help='Analyze quarantined files') |
| 1597 | Parser.add_option('-s', '--startup', action='store_true', default=False, help='Analyze startup agents and daemons ') |
| 1598 | Parser.add_option('-i', '--installedapps', action='store_true', default=False, help='Analyze installed applications') |
| 1599 | Parser.add_option('-d', '--downloads', action='store_true', default=False, help='Analyze downloaded files ') |
| 1600 | Parser.add_option('-b', '--browsers', action='store_true', default=False, help='Analyze browsers (Safari, FF & Chrome) ') |
| 1601 | Parser.add_option('-A', '--airportprefs', action='store_true', default=False, help='Analyze Airport preferences ') |
| 1602 | Parser.add_option('-g', '--wifiapgeolocate', action='store_true', default=False, help='Tries to geolocate WiFi AP found in AirportPrefs using Geomena.org') |
| 1603 | Parser.add_option('-k', '--kext', action='store_true', default=False, help='Analyze kernel extensions (kext) ') |
| 1604 | Parser.add_option('-U', '--usersaccounts', action='store_true', default=False, help='Analyze users\' accounts ') |
| 1605 | Parser.add_option('-e', '--eventlogs', action='store_true', default=False, help='Analyze system event logs') |
| 1606 | Parser.add_option('-m', '--mrh', action='store_true', default=False, help='Perform a reputation lookup in Team Cymru\'s MRH') |
| 1607 | Parser.add_option('-v', '--virustotal', action='store_true', default=False, help='Perform a lookup in VirusTotal database.') |
| 1608 | Parser.add_option('-l', '--localhashesdb', dest='LocalDatabase', default=False, help='Path to a local database of suspicious hashes to perform a lookup in') |
| 1609 | |
| 1610 | (options, args) = Parser.parse_args() |
| 1611 | |
| 1612 | if sys.version_info < (2, 7) or sys.version_info > (3, 0): |
| 1613 | PrintAndLog(u'You must use python 2.7 or greater but not python 3', 'ERROR') # This error won't be logged |
| 1614 | exit(1) |
| 1615 | |
| 1616 | if options.RootPath: |
| 1617 | ROOT_PATH = options.RootPath |
| 1618 | |
| 1619 | if options.TxtLogFile: |
| 1620 | logging.basicConfig(filename=options.TxtLogFile, filemode='w', level=logging.DEBUG) |
| 1621 | |
| 1622 | if options.SyslogServer: |
| 1623 | SyslogSetup(options.SyslogServer) |
| 1624 | |
| 1625 | if options.HTMLLogFile: |
| 1626 | try: |
| 1627 | HTML_LOG_FILE = codecs.open(options.HTMLLogFile, 'w', 'utf-8') |
| 1628 | except (IOError): |
| 1629 | PrintAndLog(u'Cannot open ' + options.HTMLLogFile.decode('utf-8') + u'\n', 'ERROR') |
| 1630 | except: |
| 1631 | PrintAndLog(u'HTML Log setup failed, HTML Log is disabled ', 'ERROR') |
| 1632 | HTML_LOG_FILE = False |
| 1633 |
no test coverage detected