diff --git a/art/omikuji/CHUKICHI.txt b/art/omikuji/CHUKICHI.txt new file mode 100644 index 00000000..e60a5f78 --- /dev/null +++ b/art/omikuji/CHUKICHI.txt @@ -0,0 +1,38 @@ + + + + + + .gggggggggggggggggggggggggggggggggggggp + ,#pbppppppbppppppbbbbpppppppbppbpppbpW# + .#pppppppppppppppppppppppppppppppppppW# + ` ` ` ` ` ` ` ` ` ,#ppb` .... (bppW# ` ` ` ` ` ` ` ` + ,#ppb. 7WpbW, (ppbW# + .#ppp_ ,bbbW+wkkaJ. (pppW# + .#ppb_ .Xbn,...+XppppbbWY"pppn. (pppW# ` + ` .#ppp_ TbbpppbbbpbpW=` .ppbbR (bppW# ` + ` ` ` ` ` ` ` ` ,#ppp_ bpp=TTY4ppbW .XbpbbP (ppbW# ` ` ` ` ` ` + ,#ppb_ bpb} ,bppp .XppbW= (pppW# ` + .#ppp_ bbp[ ,bbpbbbppbpp+ (pppW# ` + ` ` .#bbb_ 4pbbbbpbppbpbpbppbpbb (bbpW# ` ` + .#ppp_ 7Wpppbppbpp>` _7"' (pppW# + .#bpb_ ,ppbp_ (bppW# + .#ppp_ ,ppbb: (bppW# + .#ppp` 7UY= (bppW# + .#ppb ... (ppbW# + .#ppp .Wbbpo (bppW# + .#pbp. ...bpbpbbbbbbka, (bppW# + .#ppb. dWbbbbbpppppbpbWUUUpbb] (ppbW# + .#ppb. ?TYYY""7pbpp_ ... (pppW# + .#ppp` ......(ubpppppbpppWa. (pppW# + .#ppb_ ?WbbpppbpbWUY""""TUY' (bppW# + .#ppp_ gbW= ..JdpppWa, (bbpW# + .#ppp_ JbpndppppKY!_4pph. (pppW# + .#ppb_ .bbp?TY"^ .pppp' (ppbW# + .#ppb_ Wpp; .....WpppY` (pppW# + .#ppp_ ,Wppppbbbpbpbbpb[ (ppbW# + .#ppb_ ?77!` _?` (pppW# + .#ppp-...........................JpbpW# + .#pppppppppppppbbbpbbppppppppppppppppW# + .NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN# + diff --git a/art/omikuji/DAIKICHI.txt b/art/omikuji/DAIKICHI.txt new file mode 100644 index 00000000..edfee525 --- /dev/null +++ b/art/omikuji/DAIKICHI.txt @@ -0,0 +1,37 @@ + + + + + + .gggggggggggggggggggggggggggggggggggggp + ,#pbppppppbppppppbbbbpppppppbppbpppbpW# + .#pppppppppppppppppppppppppppppppppppW# + ` ` ` ` ` ` ` ` ` ,#ppb` (bppW# ` ` ` ` ` ` ` ` + ,#ppb. .&aJ, (ppbW# + .#ppp_ .4bppL (pppW# + .#ppb_ ,bppWdXkkAJ. (bppW# ` + ` .#ppp_ ` ..Jdbppbpbbbpbppbn (ppbW# ` + ` ` ` ` ` ` ` ` ,#ppp_ jbpppbbppbppppppWWbppb! (pppW# ` ` ` ` ` ` + ,#ppb_ (Wpppppbppbpbk. _! (bppW# ` + .#ppp_ ?77Xbppbppbbn. (ppbW# ` + ` ` .#bbb_ JbpbpP7pppbbo. (pppW# ` ` + .#ppp_ .XbppbK` (Wbppppa. (bbpW# + .#bpb_ .JbbppbK` 4pppbbbn (bppW# + .#ppp_ .Wbbbpbpf` ?Wpppppb (bppW# + .#ppp` ?WpbpW= Tpbpp% (ppbW# + .#ppb ?` ~ (pppW# + .#ppp .JJ., (pbpW# + .#pbp. .4pbbh...... (bppW# + .#ppb. ......JdXppbbbbbpbppWa. (pppW# + .#ppb. 4bpppbbbpbppWY""777TUY! (bppW# + .#ppp` _??!` ,pbpW..(J... (ppbW# + .#ppb_ J+J&dWpppbppbbpbppbh (bppW# + .#ppp_ (4WppbpUY""71--. ??! (bppW# + .#ppp_ .pbY .(dppbpppW+ (bppW# + .#ppb_ .bppbpppWY=` XpbW. (ppbW# + .#ppp_ ,ppR ~! .XppbY (pppW# + .#pbp_ .Wppo..JdkWbpppp+ (bppW# + .#ppp_ .4pppbWUUYYYTWpp} (pbpW# + .#ppb-...........................JpppW# + .#ppppppppppppppbbbbbppppppppppppppbpW# + .NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN# \ No newline at end of file diff --git a/art/omikuji/KICHI.txt b/art/omikuji/KICHI.txt new file mode 100644 index 00000000..fd74d0ab --- /dev/null +++ b/art/omikuji/KICHI.txt @@ -0,0 +1,38 @@ + + + + + + .gggggggggggggggggggggggggggggggggggggp + ,#pbppppppbppppppbbbbpppppppbppbpppbpW# + .#pppppppppppppppppppppppppppppppppppW# + ` ` ` ` ` ` ` ` ` ,#ppb` (bppW# ` ` ` ` ` ` ` ` + ,#ppb. (ppbW# + .#ppp_ (pppW# + .#ppb_ (bppW# ` + ` .#ppp_ (ppbW# ` + ` ` ` ` ` ` ` ` ,#ppp_ ` ` ` ` ` ` ` (bppW# ` ` ` ` ` ` + ,#ppb_ (bppW# ` + .#ppp_ ... (ppbW# ` + ` ` .#bpp_ ?bbbW, ` (bppW# ` ` + .#ppb_ ` ...dppppbbbkkkk+, (pppW# + .#bpp_ .bbbbbbbbpppppbWUUUWbpW` (bppW# + .#ppb_ 7TTT""74pbbP .... (bppW# + .#pbp` .....(+XbppbbbbbbbW, (bppW# + .#ppb 4ppbpbppbWUY"""""TY= (ppbW# + .#ppb .Wpf' ..dppppk-. (bppW# + .#ppb. .ppWgWppppY=`(ppbl (pppW# + .#ppb. JppP7""7` .Jpppf (bppW# + .#ppb. ,bpW. ....(JbpbW^ (ppbW# + .#ppp` 7ppppppbbpbbpppW. (pppW# + .#ppb_ ??!` _! (bppW# + .#ppp_ (bbpW# + .#ppp_ (pppW# + .#ppb_ (ppbW# + .#ppp_ (pppW# + .#pbp_ (ppbW# + .#ppp_ (pppW# + .#ppb-...........................JpbpW# + .#pppppppppppppppbbbpbpppppppppppppppW# + .NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN# + diff --git a/art/omikuji/KYOU.txt b/art/omikuji/KYOU.txt new file mode 100644 index 00000000..f9648b06 --- /dev/null +++ b/art/omikuji/KYOU.txt @@ -0,0 +1,39 @@ + + + + + + .gggggggggggggggggggggggggggggggggggggp + ,#pbppppppbppppppbbbbpppppppbppbpppbpW# + .#pppppppppppppppppppppppppppppppppppW# + ` ` ` ` ` ` ` ` ` ,#ppb` (bppW# ` ` ` ` ` ` ` ` + ,#ppb. (ppbW# + .#ppp_ (pppW# + .#ppb_ (bppW# ` + ` .#ppp_ (ppbW# ` + ` ` ` ` ` ` ` ` ,#ppp_ ` ` ` ` ` ` ` (bppW# ` ` ` ` ` ` + ,#ppb_ (bppW# ` + .#ppp_ (bn,.(.. (ppbW# ` + ` ` .#bpp_ 4kWa. dbpR4bbh (pppW# ` ` + .#ppb_ .bbbn... `.dbpp%Jppb_ (bbpW# + .#bpp_ .pppUbbbbn..WpbpP Jbpp_ (bppW# + .#ppb_ .ppb} (4bbbpppp= Jppp_ (pppW# + .#pbp` .ppb) .ppppbp&. Jbpp_ (pbpW# + .#ppb .bpp) .Jppbpbppbp,Jppp~ (bppW# + .#ppb ,ppbndppbpW=,Wpppppbpp~ (pbpW# + .#ppb. ,bppWbppbY` 7WpbWpbp_ (pppW# + .#ppb. ,pbp) ?! ......dpbb: (bppW# + .#ppb. .ppbWAwWbbbppppppppppp! (ppbW# + .#ppp` .TWppWUUYY"""77777Wpf (pppW# + .#ppb_ (bppW# + .#ppp_ (bbpW# + .#ppp_ (pppW# + .#ppb_ (ppbW# + .#ppp_ (pppW# + .#pbp_ (ppbW# + .#ppp_ (pppW# + .#ppb-...........................JpbpW# + .#pppppppppppppppbbbpbpppppppppppppppW# + .NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN# + + ` ` \ No newline at end of file diff --git a/art/omikuji/SHOUKICHI.txt b/art/omikuji/SHOUKICHI.txt new file mode 100644 index 00000000..e5e03566 --- /dev/null +++ b/art/omikuji/SHOUKICHI.txt @@ -0,0 +1,38 @@ + + + + + + .gggggggggggggggggggggggggggggggggggggp + ,#pbppppppbppppppbbbbpppppppbppbpppbpW# + .#pppppppppppppppppppppppppppppppppppW# + ` ` ` ` ` ` ` ` ` ,#ppb` (bppW# ` ` ` ` ` ` ` ` + ,#ppb. (AA&, (ppbW# + .#ppp_ ,Wppb[ ... (pppW# + .#ppb_ ... Xppb] 7bbpn (bppW# ` + ` .#ppp_ ,WpbW. Xbpp] WpbL (ppbW# ` + ` ` ` ` ` ` ` ` ,#ppp_ .pbb: Xbpp] XppW (pppW# ` ` ` ` ` ` + ,#ppb_ dppb Xbpb] Xpbb; (pppW# ` + .#ppp_ bbpW Xbpb] Xbpp] (ppbW# ` + ` ` .#bpp_ .bppW Xbpp] Wbppb (bppW# ` ` + .#ppb_ .ppbpbn..Xppb] bbpbR (pppW# + .#bpp_ .ppbW?Wpbbppb$ Wppbf (bppW# + .#ppb_ WppK 4ppbppb (bpp\ (bppW# + .#pbp` 7"^ ?ppbp% (ppbW# + .#ppb _?` (pppW# + .#ppb .ea+, (bppW# + .#ppb. 4ppph....... (ppbW# + .#ppb. .....JdXbpppppppppppbn. (pppW# + .#ppb. 4ppppbbpbbbpW""7?!?"T"` (pppW# + .#ppp` ``` ,bpbW(J&&+.. (ppbW# + .#ppb_ gAgwpbbppbpbpppppppW (bppW# + .#ppp_ .7UWpbWY""7i(... !` (bppW# + .#ppp_ .bp=..+ppppVWbba. (ppbW# + .#ppb_ .bppbbppKY^ XbbW. (pppW# + .#ppp_ ,bpR .bppp= (pppW# + .#pbp_ Wbpn.JdXbbbbpbp+ (ppbW# + .#ppp_ TpbbWUYY"""TTWW> (pppW# + .#ppb-...........................JpbpW# + .#ppppppppppppppbbbbbppppppppppppppppW# + .NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN# + diff --git a/art/omikuji/SUEKICHI.txt b/art/omikuji/SUEKICHI.txt new file mode 100644 index 00000000..6b1c932d --- /dev/null +++ b/art/omikuji/SUEKICHI.txt @@ -0,0 +1,38 @@ + + + + + + .gggggggggggggggggggggggggggggggggggggp + ,#pbppppppbppppppbbbbpppppppbppbpppbpW# + .#pppppppppppppppppppppppppppppppppppW# + ` ` ` ` ` ` ` ` ` ,#ppb` (bppW# ` ` ` ` ` ` ` ` + ,#ppb. .Wbbk. (ppbW# + .#ppp_ 7ppbbneAkAa+.. (pppW# + .#ppb_ .....+dbppppppbbbpbbbbk. (bppW# ` + ` .#ppp_ 4ppbbbppbbpbpY!``_?7""" (bppW# ` + ` ` ` ` ` ` ` ` ,#ppp_ ?777!` Xppb[..... (ppbW# ` ` ` ` ` ` + ,#ppb_ 4W+..Wppppppppbbn (pppW# ` + .#ppp_ .WpppppbpbppWWppbWpW\ (pppW# ` + ` ` .#bbb_ .zppWY"Wbbp[ WppW, (bbpW# ` ` + .#ppp_ .bpbP Xppb] ,bpbbl (pppW# + .#bpb_ .ppbb+..Xbppb zbpbb[ (bppW# + .#ppp_ Jbppp\.Tppbppp. .ppppR (bppW# + .#ppp` ?TY' 7Wbbf ,4UY! (bppW# + .#ppb (ppbW# + .#ppp dpka, (bppW# + .#pbp. .bbbba.JJJ(.. (pppW# + .#ppb. ...(+dXpbpppbbbpppppppo (ppbW# + .#ppb. .4pbpbppWbpppY?!` _?"' (bppW# + .#ppp` .pbppkdXWkAJ, (pppW# + .#ppb_ ,bpbbbbppbpbppppbbpb] (bbpW# + .#ppp_ _"4pbWY"?~..+&-, (bppW# + .#ppp_ .Wpf..dpppbUTWpW& (pppW# + .#ppb_ dppWpppUY! .pbbr (ppbW# + .#ppp_ Wpp) .XppbY` (pppW# + .#pbp_ ,bppAdXpbppbpbpk, (ppbW# + .#ppp_ .TWUUY"""7777TU= (pppW# + .#ppb-...........................JpppW# + .#pppppppppppppbbbbbbpppppppppppppbppW# + .NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN# + diff --git a/src/lib.rs b/src/lib.rs index 72434c62..b1dd090e 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -1,3 +1,4 @@ pub mod detections; pub mod models; +pub mod omikuji; pub mod toml; diff --git a/src/main.rs b/src/main.rs index 96239b23..fe8ffba4 100644 --- a/src/main.rs +++ b/src/main.rs @@ -4,8 +4,9 @@ extern crate serde; use clap::{App, AppSettings, Arg}; use evtx::EvtxParser; use quick_xml::de::DeError; -use std::{path::PathBuf, process}; +use std::{fs, path::PathBuf, process}; use yamato_event_analyzer::detections::detection; +use yamato_event_analyzer::omikuji::Omikuji; use yamato_event_analyzer::toml; fn build_app() -> clap::App<'static, 'static> { @@ -32,6 +33,7 @@ fn build_app() -> clap::App<'static, 'static> { .arg(Arg::from_usage("-d --directory 'event log files directory'")) .arg(Arg::from_usage("-s --statistics 'event statistics'")) .arg(Arg::from_usage("-u --update 'signature update'")) + .arg(Arg::from_usage("-o --omikuji 'output with omikuji'")) .arg(Arg::from_usage("--credits 'Zachary Mathis, Akira Nishikawa'")) } @@ -59,3 +61,9 @@ fn parse_file(filepath: &str) { let mut detection = detection::Detection::new(); &detection.start(parser); } + +fn output_with_omikuji(omikuji: Omikuji) { + let fp = &format!("art/omikuji/{}", omikuji); + let content = fs::read_to_string(fp).unwrap(); + println!("{}", content); +} diff --git a/src/omikuji.rs b/src/omikuji.rs new file mode 100644 index 00000000..7b85df14 --- /dev/null +++ b/src/omikuji.rs @@ -0,0 +1,28 @@ +use std::fmt; + +pub enum Omikuji { + DAIKICHI, + KICHI, + CHUKICHI, + SHOUKICHI, + SUEKICHI, + KYOU, +} + +impl fmt::Display for Omikuji { + fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { + match *self { + Omikuji::DAIKICHI => write!(f, "DAIKICHI.txt"), + Omikuji::KICHI => write!(f, "KICHI.txt"), + Omikuji::CHUKICHI => write!(f, "CHUKICHI.txt"), + Omikuji::SHOUKICHI => write!(f, "SHOUKICHI.txt"), + Omikuji::SUEKICHI => write!(f, "SUEKICHI.txt"), + Omikuji::KYOU => write!(f, "KYOU.txt"), + } + } +} + +#[test] +fn test_display() { + assert_eq!(Omikuji::DAIKICHI.to_string(), "DAIKICHI.txt",); +}