CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
bd483ee6b69c01d117f3dc4f2b7b7b694b114631
hayabusa/src/main.rs
akiranishikawa 03be1dad34 cargo fmt --all
2020-10-10 11:14:39 +09:00

62 lines
2.1 KiB
Rust
Raw Blame History

extern crate clap;
extern crate serde;
use clap::{App, AppSettings, Arg};
use evtx::EvtxParser;
use quick_xml::de::DeError;
use std::{path::PathBuf, process};
use yamato_event_analyzer::detections::detection;
use yamato_event_analyzer::toml;
fn build_app() -> clap::App<'static, 'static> {
let program = std::env::args()
.nth(0)
.and_then(|s| {
std::path::PathBuf::from(s)
.file_stem()
.map(|s| s.to_string_lossy().into_owned())
})
.unwrap();
App::new(program)
.about("Yea! (Yamato Event Analyzer). Aiming to be the world's greatest Windows event log analysis tool!")
.version("0.0.1")
.author("Author name <author@example.com>")
.setting(AppSettings::VersionlessSubcommands)
.arg(Arg::from_usage("-f --filepath=[FILEPATH] 'event file path'"))
.arg(Arg::from_usage("--attackhunt=[ATTACK_HUNT] 'Attack Hunt'"))
.arg(Arg::from_usage("--csv-timeline=[CSV_TIMELINE] 'csv output timeline'"))
.arg(Arg::from_usage("--human-readable-timeline=[HUMAN_READABLE_TIMELINE] 'human readable timeline'"))
.arg(Arg::from_usage("-l --lang=[LANG] 'output language'"))
.arg(Arg::from_usage("-t --timezone=[TIMEZONE] 'timezone setting'"))
.arg(Arg::from_usage("-d --directory 'event log files directory'"))
.arg(Arg::from_usage("-s --statistics 'event statistics'"))
.arg(Arg::from_usage("-u --update 'signature update'"))
.arg(Arg::from_usage("--credits 'Zachary Mathis, Akira Nishikawa'"))
}
fn main() -> Result<(), DeError> {
let args = build_app().get_matches();
let filepath: Option<&str> = args.value_of("filepath");
if let Some(filepath) = filepath {
parse_file(filepath);
}
Ok(())
}
fn parse_file(filepath: &str) {
let fp = PathBuf::from(filepath);
let parser = match EvtxParser::from_path(fp) {
Ok(pointer) => pointer,
Err(e) => {
eprintln!("{}", e);
process::exit(1);
}
};
let mut detection = detection::Detection::new();
&detection.start(parser);
}
Reference in New Issue View Git Blame Copy Permalink