rpm/dumpzilla
SHA256
1
0
Fork 0
forked from pool/dumpzilla
Code Pull Requests Activity

Accepting request 830014 from home:mnhauke

Browse Source 
Initial package for dumpzilla

OBS-URL: https://build.opensuse.org/request/show/830014
OBS-URL: https://build.opensuse.org/package/show/security:forensics/dumpzilla?expand=0&rev=1
This commit is contained in:
Greg Freemyer 2020-08-31 23:28:31 +00:00 committed by Git OBS Bridge
commit a43757c9ba
8 changed files with 624 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
.osc

485
Manual_dumpzilla_en.txt Normal file
View File

@ -0,0 +1,485 @@
################################################################## [ Index ] ###################################################################
1.- Introduction.
2.- Dependencies installation and Microsoft Windows use tips.
3.- Sintax.
4.- Options.
5.- Examples of use.
############################################################### [ Introduction ] ################################################################
Dumpzilla application is developed in Python 3.x and has as purpose extract all forensic interesting information of Firefox, Iceweasel and Seamonkey browsers to be analyzed. Due to its Python 3.x developement, might not work properly in old Python versions, mainly with certain characters. Works under Unix and Windows 32/64 bits systems. Works in command line interface, so information dumps could be redirected by pipes with tools such as grep, awk, cut, sed... Dumpzilla allows to visualize following sections, search customization and extract certain content.
- Cookies + DOM Storage (HTML 5).
- User preferences (Domain permissions, Proxy settings...).
- Downloads.
- Web forms (Searches, emails, comments..).
- Historial.
- Bookmarks.
- Cache HTML5 Visualization / Extraction (Offline cache).
- visited sites "thumbnails" Visualization / Extraction .
- Addons / Extensions and used paths or urls.
- Browser saved passwords.
- SSL Certificates added as a exception.
- Session data (Webs, reference URLs and text used in forms).
- Visualize live user surfing, Url used in each tab / window and use of forms.
Dumpzilla will show SHA256 hash of each file to extract the information and finally a summary with totals.
Sections which date filter is not possible: DOM Storage, Permissions / Preferences, Addons, Extensions, Passwords/Exceptions, Thumbnails and Session
To use a cache data extraction application (for example MozCache) is recommend to complete the browser forensic analysis.
MozCache: : http://mozcache.sourceforge.net/
####################################################### [ Tips and install dependencies ] #######################################################
Dependencies:
============
- Python 3.x (GNU/Linux Repositories or http://www.python.org/download/)
- Unix Systems with UTF-8 locale / Windows Systems
- Python Magic Module: https://github.com/ahupp/python-magic
Install Magic Module in Windows:
===============================
1.- Install Magic Module: https://github.com/ahupp/python-magic (python setup.py install)
2.- Get the GnuWin32 File utility (Binaries and Dependencies): http://gnuwin32.sourceforge.net/packages/file.htm
3.- Place magic1.dll from the Binaries package into your C:\windows\system32 directory.
4.- Put "magic" from the Binaries package into your C:\windows\system32 directory.
5.- Place zlib1.dll and regex2.dll from the Dependencies package into your system32 directory.
Windows Console Tips:
====================
In Windows command line:
set PYTHONIOENCODING=UTF-8
Why? http://wiki.python.org/moin/PrintFails#Windows
Ok, but I still see strange characters in the console !!
Solution 1: Redirect output to a file (>)
Solution 2: Unix is Sexy
Install Magic Module in Unix:
============================
Download Magic Module: https://github.com/ahupp/python-magic
$ cd python-magic-master/
# python setup.py install
################################################################# [ Sintax ] ##################################################################
Dumpzilla command line:
======================
Locate the profile browser directory which will for audit:
- Windows: 'C:\Documents and Settings\xx\Application Data\Mozilla\Firefox\Profiles\xxxx.default'
- Unix: '$HOME/.mozilla/firefox/xxxx.default/'
Sintax: python dumpzilla.py browser_profile_directory [Options]
Options:
--All (Show everything but the DOM data. Doesn't extract thumbnails or HTML 5 offline)
--Cookies [-showdom -domain <string> -name <string> -hostcookie <string> -access <date> -create <date> -secure <0/1> -httponly <0/1> -range_last -range_create <start> <end>]
--Permissions [-host <string>]
--Downloads [-range <start> <end>]
--Forms [-value <string> -range_forms <start> <end>]
--History [-url <string> -title <string> -date <date> -range_history <start> <end> -frequency]
--Bookmarks [-range_bookmarks <start> <end>]
--Cacheoffline [-range_cacheoff <start> <end> -extract <directory>]
--Thumbnails [-extract_thumb <directory>]
--Range <start date> <end date>
--Addons
--Passwords (Decode only in Unix)
--Certoverride
--Session
--Watch [-text <string>] (Only Unix: Show in daemon mode the URLs and text form in real time. -text' Option allow filter, support all grep Wildcards. Exit: Ctrl + C).
Wildcards: '%' Any string of any length (Including zero length)
'_' Single character
'\' Escape character
Date syntax: YYYY-MM-DD HH:MM:SS
################################################################# [ Options ] ##################################################################
--All Show all except DOM data and do not extract content (thumbnails or HTML5 offline cache)
--Cookies Show cookies and DOM storage if is specified.
-showdom Show DOM stored data and cookies.
-domain <string> Filter by domain name (Wildcards support).
-name <string> Filter by cookie name (Wildcards support).
-hostcookie <string> Filter by Vhost (Wildcards support).
-access <date> Filter by access date (Wildcards support).
-create <date> Filter by creation date (Wildcards support).
-secure <0/1> Filter by cookies with secure flag secure enabled 0:Yes / 1:No.
-httponly <0/1> Filter by HttpOnly type 1:Yes / 0:No.
-range_last <start> <end> Filter last access date by range (YYYY-MM-DD HH:MM:SS).
-range_create <start> <end> Filter data creation date by range (YYYY-MM-DD HH:MM:SS).
--Permissions Show user preferences and permissions set on certain webs.
-host <string> Filter by domain (Wildcards support).
--Downloads Show the downloads, also history stored, and list directories download.
-range <start> <end> Filter by download initialization dates (YYYY-MM-DD HH:MM:SS).
--Forms Show used forms data and written text in them (Email, comments, searches,...).
-value <string> Filter written text in a form (Wildcards support).
-range_forms <start> <end> Filter form used date by range (YYYY-MM-DD HH:MM:SS).
--History Show visualized webs.
-url <string> Filter by URL (Wildcards support).
-title <title> Filter by web "title" (Wildcards support).
-date <date> Filter by access date (Wildcards support).
-range_history <start> <end> Filter visualization date by range (YYYY-MM-DD HH:MM:SS).
-frequency Show most visited sites first.
--Bookmarks Show stored sites in bookmarks.
-range_bookmarks <start> <end> Filter last update / installation by date range (YYYY-MM-DD HH:MM:SS).
--Cacheoffline Show which domains store offline data (html5) and allow extract their data.
-range_cacheoff <start> <end> Filter stored date by range (YYYY-MM-DD HH:MM:SS).
-extract <directory> Extract offline cache content to specified directory.
--Thumbnails Extract browser start or new tab/window thumbnails.
-extract_thumb <directory> Extract thumbnails pictures (If exist) to specified directory.
--Range <start> <end> Filter Cookies, Downloads, Forms, history, Bookmarks and offline Cache date by range (YYYY-MM-DD HH:MM:SS).
Do not filter: DOM Storage, Permissions / Preferences, Addons, Extensions, Passwords/Exceptions, Thumbnails and Session.
--Addons Show browser used Addons / Extensions and paths / URLs.
--Passwords Show stored users and passwords, and decode it (if master key was not used).(Python 2.x)
--Certoverride Show added SSL certificates.
--Session Show last and next-to-last session data. Last Webs and used forms.
--Watch Show in daemon mode the URLs and text form in real time. To finish: Ctrl + C
Edit line 18 with Python3.x path on "python3_path". Example: python3_path = /usr/bin/python3.3
-text <string> Filter by text strings, (grep Wildcards support). Example: --Watch -text "yahoo\|live\|gmail"
############################################################# [ Examples of use ] ###############################################################
=====================================
Cookies with Wildcards and data range:
=====================================
These commands have the same output:
$ python3.2 dumpzilla.py .yle8qt6e.default --Cookies -create 02:35 -name GAPS
$ python3.2 dumpzilla.py .yle8qt6e.default --Cookies -create 02:35:1% -name _AP%
$ python3.2 dumpzilla.py .yle8qt6e.default --Cookies -create 2013-0_-04 %:35:1% -name %A__ -hostcookie www.google.com
Domain: google.com
Host: www.google.com
Name: GAPS
Value: 1:IvFZXoV-6ihRuP658dfr7FjLQcnrhw:0X5FWx6hkt0Fp77C
Path: /accounts
Expiry: 2015-03-04 02:35:14
Last acess: 2013-03-04 02:35:14
Creation Time: 2013-03-04 02:35:14
Secure: 0
HttpOnly: 1
This command print domains and their DOM data with accessed cookies between two given dates.
$ python3.2 dumpzilla.py .yle8qt6e.default --Cookies -domain google% -range_last "2013-03-04 01:28:09" "2013-03-04 01:28:51" -secure 0 -httponly 0 -showdom
Domain: google.de
Host: .google.de
Name: PREF
Value: ID=e59d6b724e975713:U=ed7938110e81ef61:FF=0:LD=en:TM=1361492092:LM=1361492092:S=XE3J6pRySWKjnNuT
Path: /
Expiry: 2015-02-22 01:14:52
Last acess: 2013-03-04 01:28:11
Creation Time: 2013-02-22 01:14:52
Secure: 0
HttpOnly: 0
Domain: secure.shared.live.com
DOM data: 1361915953829
==================================
Use of escape characters to filter:
==================================
Not using escape characters:
$ python3.2 dumpzilla.py .yle8qt6e.default --Cookies -name "_ag%"
Domain: objectmix.com
Host: .objectmix.com
Name: _agads
Value: ID=9cd33476f2c9ad11:T=1361492099:S=ALNI_MaEx-Nl-AeR5nAgJq8o_Hz44yDfow
Path: /
Expiry: 2015-02-22 01:14:59
Last acess: 2013-03-04 14:44:13
Creation Time: 2013-03-04 14:44:13
Secure: 0
HttpOnly: 0
Domain: objectmix.com
Host: .objectmix.com
Name: Xagads
Value: 0
Path: /
Expiry: 2014-02-22 01:15:01
Last acess: 2013-03-04 14:44:55
Creation Time: 2013-03-04 14:44:55
Secure: 0
HttpOnly: 0
Using escape characters (two ways, same output)
$ python3.2 dumpzilla.py .yle8qt6e.default --Cookies -name "\_ag%"
$ python3.2 dumpzilla.py .yle8qt6e.default --Cookies -name \\_ag%
Domain: objectmix.com
Host: .objectmix.com
Name: _agads
Value: ID=9cd33476f2c9ad11:T=1361492099:S=ALNI_MaEx-Nl-AeR5nAgJq8o_Hz44yDfow
Path: /
Expiry: 2015-02-22 01:14:59
Last acess: 2013-03-04 14:44:13
Creation Time: 2013-03-04 14:44:13
Secure: 0
HttpOnly: 0
==================================================================
Audit real time surfing filtering Yahoo, hotmail and Gmail content:
==================================================================
Remember that "-text" option of "--Watch" can use grep wildcards. This command prints all the windows / tabs that contain "-text".
$ python3.2 dumpzilla.py .mozilla/firefox/yle8qt6e.default --Watch -text "yahoo\|live\|gmail"
Title: Redactar - luser1985@gmail.com - Gmail
URL: https://mail.google.com/mail/?shva=1#drafts/13d4aa3d5e74265e
Title: (29 no leídos) - Karl Müller - Yahoo! Mail
URL: http://es-mg42.mail.yahoo.com/neo/launch?.rand=4vhbkln5s409p#mail
Title: Yahoo! - 404 Not Found
URL: http://es-mg42.mail.yahoo.com/app/minty/options/general
Form: {'s1p': 'Big Butt'}
Title: A password is not enough
URL: https://account.live.com/Proofs/Manage?ru=https://login.live.com/login.srf%3flc%3d3082%26sf%3d1%26id%36%26cbcxt%3dmai%2mspp_shared%3d1%26seclog%3d0%26wa%3dwsignin1.0%26wp%6ru%3dhttp://mail.live.com/default.aspx&mkt=ES-ES&uiflavor=web&id=6455&lqsp=ntprob%3d-1&mpcxt=AFP&oru=http://mail.live.com/default.aspx&lmif=100
Form: {'Question': {'selectedIndex': 0, 'value': '0'}, 'DisplayPhoneNumber': '650457892', 'EmailAddress': 'recovery@hotmail.com', 'DisplayPhoneCountryISO': {'selectedIndex': 60, 'value': 'ES'}}
=========================
Combining mutiple options:
=========================
$ python3.2 dumpzilla.py .yle8qt6e.default --Cookies -access "16:32:18" --Permissions -host addons.cdn.mozilla.net --History -date "14:27:32"
Execution time: 2013-03-05 18:55:23.691384
Mozilla Profile: .mozilla/firefox/yle8qt6e.default
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Cookies [SHA256 hash: d05199c0ff5db35bedb47e536076d0aeda108940edb47e536076d0aeda108940]
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Domain: filldisk.com
Host: .filldisk.com
Name: __utmz
Value: 30275752.1362488826.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
Path: /
Expiry: 2013-09-04 05:32:18
Last acess: 2013-03-05 16:32:18
Creation Time: 2013-03-05 14:07:05
Secure: 0
HttpOnly: 0
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
DOM Storage [SHA256 hash: d2edb47e536076d0aeda1089408004d7a11e361a45c660dd507d2aed2b10061b]
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Domain: secure.shared.live.com
Domain: 2.filldisk.com
Domain: 1.filldisk.com
Domain: secure.shared.live.com
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Permissions [SHA256 hash: 1448abfa05363d0b68bcaeb75bb1bbf2bf873edb47e536076d0aeda10894019c]
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Host: addons.cdn.mozilla.net
Type: sts/subd
Permission: 2
ExpiteType: 0
ExpiteTime: 1970-01-01 01:00:00
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Preferences [SHA256 hash: eedb47e536076d0aeda108940371076d8be30ae13751ddd3e42e793cda78a4fd]
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Browser cache disk capacity: 228352
Download directory: /home/jasmin/Descargas
Last Download directory: /home/jasmin/Escritorio
Browser Version: 19.0
URL proxy autoconfig: http://caca.com/
FTP backup proxy: 127.0.0.1
FTP backup proxy port: 4001
Socks backup proxy: 127.0.0.1
Socks backup proxy port: 4001
SSL backup proxy: 127.0.0.1
SSL backup proxy port: 4001
FTP proxy: 127.0.0.1
FTP proxy port: 4001
Http proxy: 127.0.0.1
Http proxy port: 4001
Share proxy settings: true
Socks proxy: 127.0.0.1
Socks proxy port: 4001
SSL proxy port: 4001
Type Proxy: 1 (0: No proxy | 4: Auto detect settings | 1: Manual configuration | 2: URL autoconfig)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
History [SHA256 hash: edb47e536076d0aeda108940f9cabf311389c5b79810a2ac7369bc797307a80e]
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Last visit: 2013-03-05 14:27:32
Title: لوحة المفاتيح SwiftKey X للأندرويد وتدعم العربية
URL: http://www.vip4soft.com/%D9%84%D9%88%D8%AD%D8%A9-%D8%A7%D9%84%D9%85%D9%81%D8%A7%D8%AA%D9%8A%D8%AD-swiftkey-x-%D9%84%D9%84%D8%A3%D9%86%D8%AF%D8%B1%D9%88%D9%8A%D8%AF-%D9%88%D8%AA%D8%AF%D8%B9%D9%85-%D8%A7%D9%84%D8%B9%D8%B1.html
Frequency: 1
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Total information
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Total Cookies: 3
Total DOM Data: 14
WARNING: For show the DOM storage data , use the option -showdom
Total Permissions: 2
Total urls in History: 1
================================
Get the Passwords (NO python3.x):
================================
Show configured webs in order to not save credentials, encoded credentials and their decoded. (Only executing dumpzilla under 2.x brach)
$ python2.7 dumpzilla.py .mozilla/firefox/yle8qt6e.default --Passwords
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Exceptions/Passwords [SHA256 hash: 15ba116a979ba4edb47e536076d0aeda1089401cce582b2d78c2fa5fb24a570c]
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Exception Web: https://www.facebook.com
Exception Web: http://www.gmx.net
Exception Web: https://login.yahoo.com
Exception Web: https://accounts.google.com
Web: http://www.shodanhq.com
User field: username
Password field: password
User login (crypted): MDoEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECE5kYU15qEEzBBA0nPH2m3bNM3wVEziqY02u
Password login (crypted): MEoEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECE+XsaqLhIfIBCBoHtRGHjQ/Vq3FbPZgq2sGDL/YT9P5PHiUZ0QW6vktew==
Encripton type: 1
Created: 2013-03-05 13:19:22
Last used: 2013-03-05 13:19:22
Change: 2013-03-05 13:19:22
Frequency: 21
Web: https://www.facebook.com
User field: email
Password field: pass
User login (crypted): MEoEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECIkQJPfZJbL/BCB/lc86x0KEyhw8NBwR/dhJGdXuV0QDCcLqaFg/rVayBw==
Password login (crypted): MDIEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECNHMNFUnu2I+BAiA6BBtclMuFQ==
Encripton type: 1
Created: 2013-03-05 13:21:07
Last used: 2013-03-05 13:21:07
Change: 2013-03-05 13:21:07
Frequency: 9
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Decode Passwords
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Web: http://www.shodanhq.com:
Username: Bladimir
Passsword: Вакансиидерьмо
Web: https://www.facebook.com:
Username: justinbieber@hotmail.com
Passsword: 12345
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Total information
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Total passwords: 2
Total passwords decode: 2
========================
Dumpzilla with grep pipe:
========================
Show installed extensions and paths in C:\ (Windows) used by their.
$ python3.2 dumpzilla.py .yle8qt6e.default --Addons | grep -A 1 -B 1 -i "C:"
Type: theme
Descriptor: C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
Version: 19.0
--
Type: extension
Descriptor: C:\Documents and Settings\jasminpc\Application Data\Mozilla\Firefox\Profiles\5s28qo2r.default\extensions\exif_viewer@mozilla.doslash.org.xpi
Version: 2.00
--
APP: chrome://exif/content/exif.xul#history-loc-1
URL/PATH: C:\DocumentsandSettings\AllUsers\Documents\Porn\Sandra_2011\beach.jpg"
--
APP: chrome://exif/content/exif.xul#history-loc-1
URL/PATH: C:\DocumentsandSettings\AllUsers\Documents\Porn\Sandra_2011\ricorico.jpg"
################################################################# [ CopyLeft ] ##################################################################
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.

16
_service Normal file
View File

@ -0,0 +1,16 @@
<services>
<service mode="disabled" name="tar_scm">
<param name="url">https://github.com/Busindre/dumpzilla.git</param>
<param name="package-meta">yes</param>
<param name="revision">master</param>
<param name="scm">git</param>
<param name="changesgenerate">enable</param>
<param name="versionformat">0.0.0+git.%cd</param>
</service>
<service mode="disabled" name="recompress">
<param name="file">*.tar</param>
<param name="compression">xz</param>
</service>
<service mode="disabled" name="set_version"/>
</services>

4
_servicedata Normal file
View File

@ -0,0 +1,4 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/Busindre/dumpzilla.git</param>
<param name="changesrevision">73d82d971b69caad969ec5d951d1da66ff96ec55</param></service></servicedata>

3
dumpzilla-0.0.0+git.20180324.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:9ee0819aeeac7af96d6c171b6c4851ee8d5be75da9f4024fc57149bfeb2a4a3b
size 191268

4
dumpzilla.changes Normal file
View File

@ -0,0 +1,4 @@
-------------------------------------------------------------------
Sat Aug 22 22:43:04 UTC 2020 - mardnh@gmx.de
- Initial package, version 0.0.0+git.20180324

88
dumpzilla.spec Normal file
View File

@ -0,0 +1,88 @@
#
# spec file for package dumpzilla
#
# Copyright (c) 2020, Martin Hauke <mardnh@gmx.de>
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: dumpzilla
Version: 0.0.0+git.20180324
Release: 0
Summary: Firefox browser forensic tool
License: GPL-3.0-or-later
Group: Development/Tools/Other
URL: https://www.dumpzilla.org/
Source: %{name}-%{version}.tar.xz
Source1: http://www.dumpzilla.org/Manual_dumpzilla_en.txt
BuildRequires: python3-rpm-macros
BuildRequires: python3-setuptools
Requires: python3-magic
Requires: python3-lz4
BuildArch: noarch
%description
Extract all forensic interesting information from Firefox,
Iceweasel and Seamonkey browsers.
Works in command line interface, so information dumps could be
redirected by pipes with tools such as grep, awk, cut, sed...
Dumpzilla allows to visualize following sections, search
customization and extract certain content.
Features:
* Cookies + DOM Storage (HTML 5).
* User preferences (Domain permissions, Proxy settings...).
* Downloads.
* Web forms (Searches, emails, comments..).
* Historial.
* Bookmarks.
* Cache HTML5 Visualization / Extraction (Offline cache).
* visited sites "thumbnails" Visualization / Extraction .
* Addons / Extensions and used paths or urls.
* Browser saved passwords.
* SSL Certificates added as a exception.
* Session data (Webs, reference URLs and text used in forms).
* Visualize live user surfing, Url used in each tab or window
and use of forms.
%package bash-completion
Summary: Bash Completion for %{name}
Group: Development/Tools/Other
Requires: %{name} = %{version}
Requires: bash-completion
Supplements: (%{name} and bash-completion)
BuildArch: noarch
%description bash-completion
Bash completion script for %{name}.
%prep
%setup -q
sed -i 's|#!%{_bindir}/env python|#!%{_bindir}/python3|g' dumpzilla.py
cp %{SOURCE1} .
%build
%install
install -Dpm 0755 dumpzilla.py %{buildroot}%{_bindir}/dumpzilla
install -Dpm 0644 dumpzilla %{buildroot}%{_datadir}/bash-completion/completions/%{name}
%files
%doc README.md Manual_dumpzilla_en.txt
%{_bindir}/dumpzilla
%files bash-completion
%{_datadir}/bash-completion/completions/%{name}
%changelog