A library for fast import of Windows NT Registry(REGF) into Elasticsearch.

Related tags

Searchreg2es
Overview

reg2es

MIT License PyPI version Python Versions

reg2es logo

A library for fast import of Windows NT Registry(REGF) into Elasticsearch.
reg2es uses C library libregf.

Usage

When using from the commandline interface:

$ reg2es /path/to/your/file.DAT

When using from the python-script:

from reg2es import reg2es

if __name__ == '__main__':
  filepath = '/path/to/your/file.DAT'
  reg2es(filepath)

Arguments

reg2es supports importing from multiple files.

$ reg2es NTUSER.DAT SYSTEM SAM

Also, possible to import recursively from a specific directory.

Note: In this case, the filename will not be checked, please check for unnecessary files before execute.

$ tree .
regfiles/
  ├── NTUSER.DAT
  ├── NTUSER.MAN
  ├── SAM
  └── subdirectory/
    ├── SOFTWARE
    └── subsubdirectory/
      ├── SYSTEM
      └── UsrClass.dat

$ reg2es /regfiles/ # The Path is recursively expanded to file1~6.reg.

Options

--version, -v

--help, -h

--quiet, -q
  Flag to suppress standard output
  (default: False)

--host:
  ElasticSearch host address
  (default: localhost)

--port:
  ElasticSearch port number
  (default: 9200)

--index:
  Index name of Import destination
  (default: reg2es)

--scheme:
  Scheme to use (http, or https)
  (default: http)

--pipeline
  Elasticsearch Ingest Pipeline to use
  (default: )

--login:
  The login to use if Elastic Security is enable
  (default: )

--pwd:
  The password linked to the login provided
  (default: )

--fields-limit
  index.mapping.total_fields.limit settings
  (default: 10000)

Examples

When using from the commandline interface:

$ reg2es /path/to/your/file.dat --host=localhost --port=9200 --index=foobar

When using from the python-script:

if __name__ == '__main__':
    reg2es('/path/to/your/file.dat', host=localhost, port=9200, index='foobar')

With the Amazon Elasticsearch Serivce (ES):

$ reg2es /path/to/your/file.dat --host=example.us-east-1.es.amazonaws.com --port=443 --scheme=https --index=foobar

With credentials for Elastic Security:

$ reg2es /path/to/your/file.dat --host=localhost --port=9200 --index=foobar --login=elastic --pwd=******

Note: The current version does not verify the certificate.

Appendix

Reg2json

Extra feature. 🍣 🍣 🍣

Convert from Windows NT Registry(REGF) to json file.

$ reg2json /path/to/your/file.DAT /path/to/output/target.json

Convert from Windows NT Registry(REGF) to Python dict object.

from reg2es import reg2json

if __name__ == '__main__':
  filepath = '/path/to/your/file.DAT'
  result: dict = reg2json(filepath)

Output Format

The structures is not well optimized for searchable with Elasticsearch. I'm waiting for your PR!!

{
  "ROOT": {
    "AppEvents": {
      "meta": {
        "last_written_time": "2015-10-30T07:24:57.814133"
      },
      "EventLabels": {
        "meta": {
          "last_written_time": "2015-10-30T07:25:51.735838"
        },
        "Default": {
          "meta": {
            "last_written_time": "2015-10-30T07:24:57.861009"
          },
          "_": {
            "type": 1,
            "identifier": "REG_SZ",
            "size": 26,
            "data": "Default Beep"
          },
          "DispFileName": {
            "type": 1,
            "identifier": "REG_SZ",
            "size": 34,
            "data": "@mmres.dll,-5824"
          }
        },
        "ActivatingDocument": {
          "meta": {
            "last_written_time": "2015-10-30T07:24:57.861009"
          },
          "_": {
            "type": 1,
            "identifier": "REG_SZ",
            "size": 40,
            "data": "Complete Navigation"
          },
          "DispFileName": {
            "type": 1,
            "identifier": "REG_SZ",
            "size": 40,
            "data": "@ieframe.dll,-10321"
          }
        }
        ...
      }
    }
  }
}

Installation

via PyPI

$ pip install reg2es

Known Issues

elasticsearch.exceptions.RequestError: RequestError(400, 'illegal_argument_exception', 'Limit of total fields [1000] in index [reg2es] has been exceeded')

Windows NT Registry has a large number of elements per document and is caught in the initial value of the limit. Therefore, please use the --fields-limit(default: 10000) option to remove the limit.

$ reg2es --fields-limit 10000 NTUSER.DAT

Contributing

CONTRIBUTING

The source code for reg2es is hosted at GitHub, and you may download, fork, and review it from this repository(https://github.com/sumeshi/reg2es). Please report issues and feature requests. 🍣 🍣 🍣

License

reg2es is released under the MIT License.

Powered by libregf.

Owner
S.Nakano
DFIR Researcher / Software Developer
S.Nakano
GitHub Repository
Searches for MAC addresses in a text file of a Cisco "show IP arp" in any address format

show-ip-arp-mac-lookup Searches for MAC addresses in a text file of a Cisco "show IP arp" in any address format What it does: Takes a text file with t

Stew Alexander 0 Dec 24, 2022
Pythonic search engine based on PyLucene.

Lupyne is a search engine based on PyLucene, the Python extension for accessing Java Lucene. Lucene is a relatively low-level toolkit, and PyLucene wr

A. Coady 83 Jan 02, 2023
Google Search Engine Results Pages (SERP) in locally, no API key, no signup required

Local SERP Google Search Engine Results Pages (SERP) in locally, no API key, no signup required Make sure the chromedriver and required package are in

theblackcat102 4 Jun 29, 2021
Eland is a Python Elasticsearch client for exploring and analyzing data in Elasticsearch with a familiar Pandas-compatible API.

Python Client and Toolkit for DataFrames, Big Data, Machine Learning and ETL in Elasticsearch

elastic 463 Dec 30, 2022
txtai executes machine-learning workflows to transform data and build AI-powered semantic search applications.

txtai executes machine-learning workflows to transform data and build AI-powered semantic search applications.

NeuML 3.1k Dec 31, 2022
A library for fast import of Windows NT Registry(REGF) into Elasticsearch.

A library for fast import of Windows NT Registry(REGF) into Elasticsearch.

S.Nakano 3 Apr 01, 2022
Yet another googlesearch - A Python library for executing intelligent, realistic-looking, and tunable Google searches.

yagooglesearch - Yet another googlesearch Overview yagooglesearch is a Python library for executing intelligent, realistic-looking, and tunable Google

115 Dec 29, 2022
A sphinx extension for designing beautiful, screen-size responsive web components.

sphinx-design A sphinx extension for designing beautiful, view size responsive web components. Created with inspiration from Bootstrap (v5), Material

Executable Books 109 Jan 01, 2023
An image inline search telegram bot.

Image-Search-Bot An image inline search telegram bot. Note: Use Telegram picture bot. That is better. Not recommending to deploy this bot. Made with P

Fayas Noushad 24 Oct 21, 2022
This is a Telegram Bot written in Python for searching data on Google Drive.

This is a Telegram Bot written in Python for searching data on Google Drive. Supports multiple Shared Drives (TDs). Manual Guide for deploying the bot

Levi 158 Dec 27, 2022
ElasticSearch ODM (Object Document Mapper) for Python - pip install esengine

esengine - The Elasticsearch Object Document Mapper esengine is an ODM (Object Document Mapper) it maps Python classes in to Elasticsearch index/doc_t

SEEK International AI 109 Nov 22, 2022
Reverse-ikea-image-search - A simple image of ikea search using jina.ai

IKEA Reverse Image Search This is a demo project to fetch ikea product images(IK

SOUVIK GHOSH 4 Mar 08, 2022
Inverted index creation and query search mechanism on Wikipedia pages.

WikiPedia Search Engine Step 1 : Installing Requirements Install "stemming" module for python using pip. Step 2 : Parsing the Data To parse the data,

Piyush Atri 1 Nov 27, 2021
A simple tool for searching images inside a local folder with text/image input using CLIP

clip-search (WIP) A simple tool for searching images inside a local folder with text/image input using CLIP 10 results for "a blonde woman" in a folde

5 Dec 25, 2022
A real-time tech course finder, created using Elasticsearch, Python, React+Redux, Docker, and Kubernetes.

A real-time tech course finder, created using Elasticsearch, Python, React+Redux, Docker, and Kubernetes.

Dinesh Sonachalam 130 Dec 20, 2022
A play store search application programming interface ( API )

Play-Store-API A play store search application programming interface ( API ) Made with Python3

Fayas Noushad 8 Oct 21, 2022
ForFinder is a search tool for folder and files

ForFinder is a search tool for folder and files. You can use that when you Source Code Analysis at your project's local files or other projects that you are download. Enter a root path and keyword to

Çağrı Aliş 7 Oct 25, 2022
a Telegram bot writen in Python for searching files in Drive. Based on SearchX-bot

Drive Search Bot This is a Telegram bot writen in Python for searching files in Drive. Based on SearchX-bot How to deploy? Clone this repo: git clone

Hafitz Setya 25 Dec 09, 2022
Python Elasticsearch handler for the standard python logging framework

Python Elasticsearch Log handler This library provides an Elasticsearch logging appender compatible with the python standard logging library. This lib

Mohammed Mousa 0 Dec 08, 2021
Image search service based on imgsmlr extension of PostgreSQL. Support image search by image.

imgsmlr-server Image search service based on imgsmlr extension of PostgreSQL. Support image search by image. This is a sample application of imgsmlr.

jie 45 Dec 12, 2022