Skip to content

Commit

Permalink
DllList & Handles
Browse files Browse the repository at this point in the history
  • Loading branch information
@k1nd0ne
k1nd0ne committed Jul 12, 2022
1 parent 30f711c commit fe2834d
Show file tree
Hide file tree
Showing 25 changed files with 331 additions and 190 deletions.
181 changes: 21 additions & 160 deletions dashboard/static/js/windows.js
View file
Original file line number Diff line number Diff line change
@@ -1,163 +1,3 @@
/* highlight functionnality */
$('#processCacheTable').on('click', 'tbody tr', function(event) {
var table = $(this);

if (table.hasClass("highlight")){
table.removeClass("highlight");
}
else{
table.addClass("highlight");
}
});



$('#processTreeTable').on('click', 'tbody tr', function(event) {
var table = $(this);

if (table.hasClass("highlight")){
table.removeClass("highlight");
}
else{
table.addClass("highlight");
}
});

$('#processScanTable').on('click', 'tbody tr', function(event) {
var table = $(this);
if (table.hasClass("highlight")){
table.removeClass("highlight");
}
else{
table.addClass("highlight");
}
});


$('#UserAssistTable').on('click', 'tbody tr', function(event) {
var table = $(this);
if (table.hasClass("highlight")){
table.removeClass("highlight");
}
else{
table.addClass("highlight");
}
});

$('#processEnvTable').on('click', 'tbody tr', function(event) {
var table = $(this);
if (table.hasClass("highlight")){
table.removeClass("highlight");
}
else{
table.addClass("highlight");
}
});

$('#processCmdTable').on('click', 'tbody tr', function(event) {
var table = $(this);
if (table.hasClass("highlight")){
table.removeClass("highlight");
}
else{
table.addClass("highlight");
}
});

$('#processPrivilegesTable').on('click', 'tbody tr', function(event) {
var table = $(this);
if (table.hasClass("highlight")){
table.removeClass("highlight");
}
else{
table.addClass("highlight");
}
});


$('#processNetworkTable').on('click', 'tbody tr', function(event) {
var table = $(this);
if (table.hasClass("highlight")){
table.removeClass("highlight");
}
else{
table.addClass("highlight");
}
});


$('#TimelineTable').on('click', 'tbody tr', function(event) {
var table = $(this);
if (table.hasClass("highlight")){
table.removeClass("highlight");
}
else{
table.addClass("highlight");
}
});


$('#FileScanTable').on('click', 'tbody tr', function(event) {
var table = $(this);
if (table.hasClass("highlight")){
table.removeClass("highlight");
}
else{
table.addClass("highlight");
}
});

$('#IOCTable').on('click', 'tbody tr', function(event) {
var table = $(this);
if (table.hasClass("highlight")){
table.removeClass("highlight");
}
else{
table.addClass("highlight");
}
});

$('#processHashTable').on('click', 'tbody tr', function(event) {
var table = $(this);
if (table.hasClass("highlight")){
table.removeClass("highlight");
}
else{
table.addClass("highlight");
}
});


$('#processCacheTable').on('click', 'tbody tr', function(event) {
var table = $(this);
if (table.hasClass("highlight")){
table.removeClass("highlight");
}
else{
table.addClass("highlight");
}
});

$('#processLsaTable').on('click', 'tbody tr', function(event) {
var table = $(this);
if (table.hasClass("highlight")){
table.removeClass("highlight");
}
else{
table.addClass("highlight");
}
});

$('#processNetworkStatTable').on('click', 'tbody tr', function(event) {
var table = $(this);
if (table.hasClass("highlight")){
table.removeClass("highlight");
}
else{
table.addClass("highlight");
}
});

$(document).ready(function(){
$('.container').show();
$('.container-fluid').show();
Expand All @@ -169,6 +9,17 @@ $(document).ready(function(){
$('#main').show();
$('#loading').hide();

/* highlight functionnality */
$('.artifacts').on('click', 'tbody tr', function(event) {
var table = $(this);
if (table.hasClass("highlight")){
table.removeClass("highlight");
}
else{
table.addClass("highlight");
}
});

/* Search bar Functionnality for each plugin */
$("#searchProcess").on("keyup", function() {
var value = $(this).val().toLowerCase();
Expand Down Expand Up @@ -380,3 +231,13 @@ $(document).ready(function(){
$('.Case').show();
});
});

$("#DllListLink").on("click", function(){
$('.plugin').hide();
$('.DllList').show();
});

$("#HandlesLink").on("click", function(){
$('.plugin').hide();
$('.Handles').show();
});
3 changes: 3 additions & 0 deletions investigations/templates/investigations/reviewinvest.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,9 @@
{% include "investigations/windows/process_artifacts/process_privileges.html" %}
{% include "investigations/windows/process_artifacts/process_cmdline.html" %}
{% include "investigations/windows/process_artifacts/process_env.html" %}
{% include "investigations/windows/process_artifacts/process_handles.html" %}
{% include "investigations/windows/process_artifacts/process_dlllist.html" %}


<!-- Network Artifacts -->
{% include "investigations/windows/network_artifacts/network_scan.html" %}
Expand Down
2 changes: 1 addition & 1 deletion investigations/templates/investigations/windows/ma_artifacts/ma_filescan.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
<div class="d-inline">
<input class="form-control mb-3" id="searchFileScan" type="text" placeholder="Search..">
</div>
<table style="table-layout:fixed;" id="FileScanTable" class="table table-light card-font table-condensed filescan">
<table style="table-layout:fixed;" class="table artifacts table-light card-font table-condensed filescan">
<thead>
<tr>
<th scope="col">Offset</th>
Expand Down
2 changes: 1 addition & 1 deletion investigations/templates/investigations/windows/ma_artifacts/ma_iocs.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
<div class="d-inline">
<input class="form-control mb-3" id="searchIOC" type="text" placeholder="Search..">
</div>
<table id="IOCTable" class="table table-light card-font ioc">
<table class="table artifacts table-light card-font ioc">
<thead>
<tr>
<th scope="col">Physical Address</th>
Expand Down
2 changes: 1 addition & 1 deletion investigations/templates/investigations/windows/ma_artifacts/ma_skeleton.html
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
<!-- Investigation malware_analysis_skeleton_key_check -->
<div class="collapse mt-5 SkeletonKeyCheck plugin">
<table id="SkeletonTable" class="table table-light card-font skeleton">
<table class="table artifacts table-light card-font skeleton">
<thead>
<tr>
<th scope="col">PID</th>
Expand Down
2 changes: 1 addition & 1 deletion investigations/templates/investigations/windows/ma_artifacts/ma_timeline.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
<div class="d-inline">
<input class="form-control mb-3" id="searchTimeline" type="text" placeholder="Search..">
</div>
<table id="TimelineTable" class="table table-light card-font timeline">
<table class="table table-light artifacts card-font timeline">
<thead>
<tr>
<th scope="col">Accessed Date</th>
Expand Down
2 changes: 1 addition & 1 deletion investigations/templates/investigations/windows/network_artifacts/network_scan.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
<div class="d-inline">
<input class="form-control mb-3" id="searchNetwork" type="text" placeholder="Search..">
</div>
<table id="processNetworkTable" class="table table-light card-font netscan">
<table class="table table-light artifacts card-font netscan">
<thead>
<tr>
<th scope="col">Created</th>
Expand Down
2 changes: 1 addition & 1 deletion investigations/templates/investigations/windows/network_artifacts/network_stat.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
<div class="d-inline">
<input class="form-control mb-3" id="searchNetworkStat" type="text" placeholder="Search..">
</div>
<table id="processNetworkStatTable" class="table table-light card-font netstat">
<table class="table artifacts table-light card-font netstat">
<thead>
<tr>
<th scope="col">Created</th>
Expand Down
2 changes: 1 addition & 1 deletion investigations/templates/investigations/windows/process_artifacts/process_cmdline.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ <h6 class="h6 text-dark">Process Command Line</h6>
<div class="d-inline">
<input class="form-control mb-3" id="searchCmdLine" type="text" placeholder="Search..">
</div>
<table id="processCmdTable" class="table table-light card-font processcmdline">
<table class="table table-light artifacts card-font processcmdline">
<thead>
<tr>
<th scope="col">PID</th>
Expand Down
35 changes: 35 additions & 0 deletions investigations/templates/investigations/windows/process_artifacts/process_dlllist.html
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
<!-- Investigation process_dlllist artifacts -->
<div class="mt-5 DllList plugin text-white">
<h6 class="h6">dll list</h6>
<div class="d-inline">
<input class="form-control mb-3" id="searchdll" type="text" placeholder="Search..">
</div>
<table class="table table-light artifacts card-font dlllist">
<thead>
<tr>
<th scope="col">Process</th>
<th scope="col">PID</th>
<th scope="col">Base</th>
<th scope="col">Name</th>
<th scope="col">Path</th>
<th scope="col">Size</th>
<th scope="col">LoadTime</th>
<th scope="col">Fileoutput</th>
</tr>
</thead>
<tbody id="dlllist">
{% for process in DllList %}
<tr>
<td>{{process.Process}}</td>
<td>{{process.PID}}</td>
<td>{{process.Base}}</td>
<td>{{process.Name}}</td>
<td>{{process.Path}}</td>
<td>{{process.Size}}</td>
<td>{{process.LoadTime}}</td>
<td>{{process.Fileoutput}}</td>
</tr>
{% endfor %}
</tbody>
</table>
</div>
2 changes: 1 addition & 1 deletion investigations/templates/investigations/windows/process_artifacts/process_env.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ <h6 class="h6">Process Environnement Variables</h6>
<div class="d-inline">
<input class="form-control mb-3" id="searchEnv" type="text" placeholder="Search..">
</div>
<table id="processEnvTable" class="table table-light card-font processenv">
<table class="table table-light artifacts card-font processenv">
<thead>
<tr>
<th scope="col">Block</th>
Expand Down
33 changes: 33 additions & 0 deletions investigations/templates/investigations/windows/process_artifacts/process_handles.html
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
<!-- Investigation process_handles artifacts -->
<div class="mt-5 Handles plugin text-white">
<h6 class="h6">Process Handles</h6>
<div class="d-inline">
<input class="form-control mb-3" id="searchHandles" type="text" placeholder="Search..">
</div>
<table class="table table-light card-font handles artifacts">
<thead>
<tr>
<th scope="col">Process</th>
<th scope="col">PID</th>
<th scope="col">Offset</th>
<th scope="col">Name</th>
<th scope="col">HandleValue</th>
<th scope="col">GrantedAccess</th>
<th scope="col">Type</th>
</tr>
</thead>
<tbody id="processHandles">
{% for entry in Handles %}
<tr>
<td>{{entry.Process}}</td>
<td>{{entry.PID}}</td>
<td>{{entry.Offset}}</td>
<td>{{entry.Name}}</td>
<td>{{entry.HandleValue}}</td>
<td>{{entry.GrantedAccess}}</td>
<td>{{entry.Type}}</td>
</tr>
{% endfor %}
</tbody>
</table>
</div>
2 changes: 1 addition & 1 deletion investigations/templates/investigations/windows/process_artifacts/process_privileges.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ <h6 class="h6">Process Privileges</h6>
<div class="d-inline">
<input class="form-control mb-3" id="searchPriv" type="text" placeholder="Search..">
</div>
<table id="processPrivilegesTable" class="table table-light card-font processpriv">
<table class="table table-light artifacts card-font processpriv">
<thead>
<tr>
<th scope="col">PID</th>
Expand Down
2 changes: 1 addition & 1 deletion investigations/templates/investigations/windows/process_artifacts/process_scan.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ <h6 class="h6">Process Scan</h6>
<div class="d-inline">
<input class="form-control mb-3" id="searchProcessScan" type="text" placeholder="Search..">
</div>
<table id="processScanTable" class="table table-light card-font processcan">
<table class="table table-light artifacts card-font processcan">
<thead>
<tr>
<th scope="col">PID</th>
Expand Down
2 changes: 1 addition & 1 deletion investigations/templates/investigations/windows/reg_artifacts/reg_hivelist.html
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
<!-- Investigation registry_hivelist artifacts -->
<div class="text-white mt-5 plugin HiveList">
<table id="hivelistTable" class="table table-light card-font hivelist">
<table class="table artifacts table-light card-font hivelist">
<thead>
<tr>
<th scope="col">FileFullPath</th>
Expand Down
2 changes: 1 addition & 1 deletion investigations/templates/investigations/windows/reg_artifacts/reg_userassist.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ <h6 class="h6 text-dark">User Assist</h6>
<div class="d-inline">
<input class="form-control mb-3" id="searchUserAssist" type="text" placeholder="Search..">
</div>
<table id="UserAssistTable" class="table table-light card-font userassist">
<table class="table artifacts table-light card-font userassist">
<thead>
<tr>
<th scope="col">HiveOffset</th>
Expand Down
Loading

0 comments on commit fe2834d

Please sign in to comment.