{
    "info": {
        "author": "ANSSI-INM",
        "author_email": "",
        "bugtrack_url": null,
        "classifiers": [
            "Development Status :: 4 - Beta",
            "Programming Language :: Python",
            "Programming Language :: Python :: 3",
            "Programming Language :: Python :: 3.5",
            "Programming Language :: Python :: 3.6"
        ],
        "description": "===========\nbits_parser\n===========\n\n\nExtract BITS jobs from QMGR queue and store them as CSV records.\n\nThis topic has been presented during a talk at the French conference `CORI&IN 2018 <https://www.cecyf.fr/activites/recherche-et-developpement/coriin-2018/>`_\n\n\nInstallation\n============\n\nIf you want to run the latest version of ``bits_parser`` you can install it\nfrom PyPI by running the following command:\n\n  .. code:: bash\n\n    pip install bits_parser\n\n\nTo install it from the sources:\n\n  .. code:: bash\n\n    python setup.py install\n\n\nUsage\n=====\n\nQMGR queues are usually *.dat* files located in the folder\n``%%ALLUSERSPROFILE%%\\Microsoft\\Network\\Downloader`` on a Windows system.\n\nOnce those files have been located (*e.g.* ``qmgr0.dat`` and ``qmgr1.dat``) you\ncan run `bits_parser` by issuing the following command:\n\n  .. code:: bash\n\n    bits_parser qmgr0.dat\n\n`bits_parser` also supports full-disk analysis but the process is longer and\nthe results are dirtier (some data from adjacent data clusters can leak in the\nresult). This mode is enable with the switch `-i`:\n\n  .. code:: bash\n\n    bits_parser -i image.bin\n\nThe disk mode works by looking for expected bit sequences (markers) and\ncollecting surrounding data. The amount of surrounding data (the radiance) is\nsettable and defaulted to 2048 kB:\n\n  .. code:: bash\n\n    bits_parser -i --radiance=4096 image.bin\n\nIncreasing the radiance could help to retrieve more data but the default value\nis normally enough.\n\nWhen the processing is finished, the result is csv-formatted and then displayed\non the standard output. The output can be written to a file with `-o`:\n\n  .. code:: bash\n\n    bits_parser -o jobs.csv qmgr0.dat\n\nUse `--help` to display all options options of ``bits_parser``.\n\n\nRelated works\n=============\n\n`Finding your naughty BITS <https://www.dfrws.org/sites/default/files/session-files/pres-finding_your_naughty_bits.pdf>`_ [DFRWS USA 2015, Matthew Geiger]\n\n`BITSInject <https://github.com/SafeBreach-Labs/BITSInject>`_ [DEFCON 2017, Dor Azouri]\n",
        "description_content_type": null,
        "docs_url": null,
        "download_url": "",
        "downloads": {
            "last_day": -1,
            "last_month": -1,
            "last_week": -1
        },
        "home_page": "",
        "keywords": "",
        "license": "MIT",
        "maintainer": "",
        "maintainer_email": "",
        "name": "bits_parser",
        "package_url": "https://pypi.org/project/bits_parser/",
        "platform": "any",
        "project_url": "https://pypi.org/project/bits_parser/",
        "project_urls": null,
        "release_url": "https://pypi.org/project/bits_parser/1.0.1/",
        "requires_dist": null,
        "requires_python": "",
        "summary": "bits_parser",
        "version": "1.0.1"
    },
    "last_serial": 3542092,
    "releases": {
        "1.0.0": [
            {
                "comment_text": "",
                "digests": {
                    "md5": "54556e04d461bbe3202610b7cbc66d41",
                    "sha256": "b0efc3dd4bbbb25bfdd1b8376ad50c6e214e90dd1db0d56eec43c489a4361551"
                },
                "downloads": -1,
                "filename": "bits_parser-1.0.0.tar.gz",
                "has_sig": false,
                "md5_digest": "54556e04d461bbe3202610b7cbc66d41",
                "packagetype": "sdist",
                "python_version": "source",
                "requires_python": null,
                "size": 11710,
                "upload_time": "2018-01-19T11:50:36",
                "url": "https://files.pythonhosted.org/packages/a8/11/bec65f0f117f9062424e36cbf359a1f667ce8086186dfc043b3a39459505/bits_parser-1.0.0.tar.gz"
            }
        ],
        "1.0.1": [
            {
                "comment_text": "",
                "digests": {
                    "md5": "378202e20ead95f6405b82b55b98069a",
                    "sha256": "d8fb1f34174ab718f3986bcb6944325686d1d039fa099ffdb7fb159bfb07f608"
                },
                "downloads": -1,
                "filename": "bits_parser-1.0.1.tar.gz",
                "has_sig": false,
                "md5_digest": "378202e20ead95f6405b82b55b98069a",
                "packagetype": "sdist",
                "python_version": "source",
                "requires_python": null,
                "size": 11932,
                "upload_time": "2018-02-01T16:17:04",
                "url": "https://files.pythonhosted.org/packages/92/3c/d752ca07c69a5f4bb973327e18ad35d4401dabdfe129d2f33c1292931afc/bits_parser-1.0.1.tar.gz"
            }
        ]
    },
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "md5": "378202e20ead95f6405b82b55b98069a",
                "sha256": "d8fb1f34174ab718f3986bcb6944325686d1d039fa099ffdb7fb159bfb07f608"
            },
            "downloads": -1,
            "filename": "bits_parser-1.0.1.tar.gz",
            "has_sig": false,
            "md5_digest": "378202e20ead95f6405b82b55b98069a",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": null,
            "size": 11932,
            "upload_time": "2018-02-01T16:17:04",
            "url": "https://files.pythonhosted.org/packages/92/3c/d752ca07c69a5f4bb973327e18ad35d4401dabdfe129d2f33c1292931afc/bits_parser-1.0.1.tar.gz"
        }
    ]
}