A library for fast import of Windows NT Registry(REGF) into Elasticsearch.

Related tags

Searchreg2es
Overview

reg2es

MIT License PyPI version Python Versions

reg2es logo

A library for fast import of Windows NT Registry(REGF) into Elasticsearch.
reg2es uses C library libregf.

Usage

When using from the commandline interface:

$ reg2es /path/to/your/file.DAT

When using from the python-script:

from reg2es import reg2es

if __name__ == '__main__':
  filepath = '/path/to/your/file.DAT'
  reg2es(filepath)

Arguments

reg2es supports importing from multiple files.

$ reg2es NTUSER.DAT SYSTEM SAM

Also, possible to import recursively from a specific directory.

Note: In this case, the filename will not be checked, please check for unnecessary files before execute.

$ tree .
regfiles/
  ├── NTUSER.DAT
  ├── NTUSER.MAN
  ├── SAM
  └── subdirectory/
    ├── SOFTWARE
    └── subsubdirectory/
      ├── SYSTEM
      └── UsrClass.dat

$ reg2es /regfiles/ # The Path is recursively expanded to file1~6.reg.

Options

--version, -v

--help, -h

--quiet, -q
  Flag to suppress standard output
  (default: False)

--host:
  ElasticSearch host address
  (default: localhost)

--port:
  ElasticSearch port number
  (default: 9200)

--index:
  Index name of Import destination
  (default: reg2es)

--scheme:
  Scheme to use (http, or https)
  (default: http)

--pipeline
  Elasticsearch Ingest Pipeline to use
  (default: )

--login:
  The login to use if Elastic Security is enable
  (default: )

--pwd:
  The password linked to the login provided
  (default: )

--fields-limit
  index.mapping.total_fields.limit settings
  (default: 10000)

Examples

When using from the commandline interface:

$ reg2es /path/to/your/file.dat --host=localhost --port=9200 --index=foobar

When using from the python-script:

if __name__ == '__main__':
    reg2es('/path/to/your/file.dat', host=localhost, port=9200, index='foobar')

With the Amazon Elasticsearch Serivce (ES):

$ reg2es /path/to/your/file.dat --host=example.us-east-1.es.amazonaws.com --port=443 --scheme=https --index=foobar

With credentials for Elastic Security:

$ reg2es /path/to/your/file.dat --host=localhost --port=9200 --index=foobar --login=elastic --pwd=******

Note: The current version does not verify the certificate.

Appendix

Reg2json

Extra feature. 🍣 🍣 🍣

Convert from Windows NT Registry(REGF) to json file.

$ reg2json /path/to/your/file.DAT /path/to/output/target.json

Convert from Windows NT Registry(REGF) to Python dict object.

from reg2es import reg2json

if __name__ == '__main__':
  filepath = '/path/to/your/file.DAT'
  result: dict = reg2json(filepath)

Output Format

The structures is not well optimized for searchable with Elasticsearch. I'm waiting for your PR!!

{
  "ROOT": {
    "AppEvents": {
      "meta": {
        "last_written_time": "2015-10-30T07:24:57.814133"
      },
      "EventLabels": {
        "meta": {
          "last_written_time": "2015-10-30T07:25:51.735838"
        },
        "Default": {
          "meta": {
            "last_written_time": "2015-10-30T07:24:57.861009"
          },
          "_": {
            "type": 1,
            "identifier": "REG_SZ",
            "size": 26,
            "data": "Default Beep"
          },
          "DispFileName": {
            "type": 1,
            "identifier": "REG_SZ",
            "size": 34,
            "data": "@mmres.dll,-5824"
          }
        },
        "ActivatingDocument": {
          "meta": {
            "last_written_time": "2015-10-30T07:24:57.861009"
          },
          "_": {
            "type": 1,
            "identifier": "REG_SZ",
            "size": 40,
            "data": "Complete Navigation"
          },
          "DispFileName": {
            "type": 1,
            "identifier": "REG_SZ",
            "size": 40,
            "data": "@ieframe.dll,-10321"
          }
        }
        ...
      }
    }
  }
}

Installation

via PyPI

$ pip install reg2es

Known Issues

elasticsearch.exceptions.RequestError: RequestError(400, 'illegal_argument_exception', 'Limit of total fields [1000] in index [reg2es] has been exceeded')

Windows NT Registry has a large number of elements per document and is caught in the initial value of the limit. Therefore, please use the --fields-limit(default: 10000) option to remove the limit.

$ reg2es --fields-limit 10000 NTUSER.DAT

Contributing

CONTRIBUTING

The source code for reg2es is hosted at GitHub, and you may download, fork, and review it from this repository(https://github.com/sumeshi/reg2es). Please report issues and feature requests. 🍣 🍣 🍣

License

reg2es is released under the MIT License.

Powered by libregf.

Owner
S.Nakano
DFIR Researcher / Software Developer
S.Nakano
GitHub Repository
This is a Telegram Bot written in Python for searching data on Google Drive.

This is a Telegram Bot written in Python for searching data on Google Drive. Supports multiple Shared Drives (TDs). Manual Guide for deploying the bot

Levi 158 Dec 27, 2022
ForFinder is a search tool for folder and files

ForFinder is a search tool for folder and files. You can use that when you Source Code Analysis at your project's local files or other projects that you are download. Enter a root path and keyword to

Çağrı Aliş 7 Oct 25, 2022
Super Simple Similarities Service

Super Simple Similarities Service

vincent d warmerdam 95 Dec 25, 2022
Python Elasticsearch handler for the standard python logging framework

Python Elasticsearch Log handler This library provides an Elasticsearch logging appender compatible with the python standard logging library. This lib

Mohammed Mousa 0 Dec 08, 2021
Google Project: Search and auto-complete sentences within given input text files, manipulating data with complex data-structures.

Auto-Complete Google Project In this project there is an implementation for one feature of Google's search engines - AutoComplete. Autocomplete, or wo

Hadassah Engel 10 Jun 20, 2022
GitScanner is a script to make it easy to search for Exposed Git through an advanced Google search.

GitScanner Legal disclaimer Usage of GitScanner for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to

Kaio Gomes 3 Oct 28, 2022
This project is a sample demo of Arxiv search related to AI/ML Papers built using Streamlit, sentence-transformers and Faiss.

This project is a sample demo of Arxiv search related to AI/ML Papers built using Streamlit, sentence-transformers and Faiss.

Karn Deb 49 Oct 30, 2022
Simple algorithm search engine like google in python using function

Mini-Search-Engine-Like-Google I have created the simple algorithm search engine like google in python using function. I am matching every word with w

Sachin Vinayak Dabhade 5 Sep 24, 2021
esguard provides a Python decorator that waits for processing while monitoring the load of Elasticsearch.

esguard esguard provides a Python decorator that waits for processing while monitoring the load of Elasticsearch. Quick Start You need to launch elast

po3rin 5 Dec 08, 2021
A simple tool for searching images inside a local folder with text/image input using CLIP

clip-search (WIP) A simple tool for searching images inside a local folder with text/image input using CLIP 10 results for "a blonde woman" in a folde

5 Dec 25, 2022
Pysolr — Python Solr client

pysolr pysolr is a lightweight Python client for Apache Solr. It provides an interface that queries the server and returns results based on the query.

Haystack Search 626 Dec 01, 2022
Eland is a Python Elasticsearch client for exploring and analyzing data in Elasticsearch with a familiar Pandas-compatible API.

Python Client and Toolkit for DataFrames, Big Data, Machine Learning and ETL in Elasticsearch

elastic 463 Dec 30, 2022
A sphinx extension for designing beautiful, screen-size responsive web components.

sphinx-design A sphinx extension for designing beautiful, view size responsive web components. Created with inspiration from Bootstrap (v5), Material

Executable Books 109 Jan 01, 2023
A web search server for ParlAI, including Blenderbot2.

Description A web search server for ParlAI, including Blenderbot2. Querying the server: The server reacting correctly: Uses html2text to strip the mar

Jules Gagnon-Marchand 119 Jan 06, 2023
Free and Open, Distributed, RESTful Search Engine

Elasticsearch Elasticsearch is the distributed, RESTful search and analytics engine at the heart of the Elastic Stack. You can use Elasticsearch to st

elastic 62.4k Jan 08, 2023
An image inline search telegram bot.

Image-Search-Bot An image inline search telegram bot. Note: Use Telegram picture bot. That is better. Not recommending to deploy this bot. Made with P

Fayas Noushad 24 Oct 21, 2022
txtai executes machine-learning workflows to transform data and build AI-powered semantic search applications.

txtai executes machine-learning workflows to transform data and build AI-powered semantic search applications.

NeuML 3.1k Dec 31, 2022
Google Search Engine Results Pages (SERP) in locally, no API key, no signup required

Local SERP Google Search Engine Results Pages (SERP) in locally, no API key, no signup required Make sure the chromedriver and required package are in

theblackcat102 4 Jun 29, 2021
ElasticSearch ODM (Object Document Mapper) for Python - pip install esengine

esengine - The Elasticsearch Object Document Mapper esengine is an ODM (Object Document Mapper) it maps Python classes in to Elasticsearch index/doc_t

SEEK International AI 109 Nov 22, 2022
Whoosh indexing capabilities for Flask-SQLAlchemy, Python 3 compatibility fork.

Flask-WhooshAlchemy3 Whoosh indexing capabilities for Flask-SQLAlchemy, Python 3 compatibility fork. Performance improvements and suggestions are read

Blake VandeMerwe 27 Mar 10, 2022