2021 version of project

README.md

@@ -0,0 +1,19 @@
+# Indetectables Toolkit
+
+Esta compilación de herramientas está pensada para que sea útil al que se inicia, a los más avanzados, 
+al que quiere entrar en el análisis de malware y también para los que quieren probar suerte en el mundo del cracking.
+
+Es el complemento ideal para ser usado con para empezar con los [manuales](https://github.com/indetectables-net/manuals) del sitio.
+
+## Instalación
+
+Puede clonar el repo con [git](https://git-scm.com/download/win) o simplemente bajarlo desde descargar.
+
+```bash
+git clone https://github.com/indetectables-net/toolkit
+```
+
+## Contribuciones
+Los pull requests son bienvenidos. Para cambios importantes abra primero un issue para analizarlo entre todos.
+
+Las herramientas están comprimidas con 7zip y el formato usado para los nombres es {nombre} - {version}.7z

Updater/tools.ini

@@ -0,0 +1,192 @@
+[DIE]
+folder = Analysis\DIE
+url = https://github.com/horsicq/DIE-engine
+from = github
+local_version = 3.01
+re_version = <span class="css-truncate-target" [^>]*>(.*?)</span>
+re_download = "(.*?/die_win64_portable_(?:\S+).zip)"
+
+[ExeinfoPe]
+folder = Analysis\ExeinfoPe
+url = https://github.com/ExeinfoASL/ASL
+update_url = https://github.com/ExeinfoASL/ASL/raw/master/exeinfope.zip
+from = web
+local_version = 0.0.6.3
+re_version = Version      : (.*?) -
+
+[XELFViewer]
+folder = Analysis\XELFViewer
+url = https://github.com/horsicq/XELFViewer
+from = github
+local_version = 0.01
+re_version = <span class="css-truncate-target" [^>]*>(.*?)</span>
+re_download = "(.*?/xelfviewer_win32_portable_(?:\S+).zip)"
+
+[XPEViewer]
+folder = Analysis\XPEViewer
+url = https://github.com/horsicq/XPEViewer
+from = github
+local_version = 0.01
+re_version = <span class="css-truncate-target" [^>]*>(.*?)</span>
+re_download = "(.*?/xpeviewer_win32_portable_(?:\S+).zip)"
+
+[XAPKDetector]
+folder = Analysis\XAPKDetector
+url = https://github.com/horsicq/XAPKDetector
+from = github
+local_version = 0.01
+re_version = <span class="css-truncate-target" [^>]*>(.*?)</span>
+re_download = "(.*?/xapkdetector_win64_portable_(?:\S+).zip)"
+
+[JADX]
+folder = Decompilers\[ANDROID] JADX
+url = https://github.com/skylot/jadx
+from = github
+local_version = 1.2.0
+re_version = <span class="css-truncate-target" [^>]*>v(.*?)</span>
+re_download = "(.*?/jadx-gui-(?:\S+)-with-jre-win.zip)"
+
+[DnSpy]
+folder = Decompilers\[DOTNET] DnSpy
+url = https://github.com/dnSpy/dnSpy
+from = github
+local_version = 6.1.8
+re_version = <span class="css-truncate-target" [^>]*>v(.*?)</span>
+re_download = "(.*?/dnSpy-net-win64.zip)"
+
+[ILSpy]
+folder = Decompilers\[DOTNET] ILSpy
+url = https://github.com/icsharpcode/ILSpy
+from = github
+local_version = 7.0-preview2
+re_version = <span class="css-truncate-target" [^>]*>v(.*?)</span>
+re_download = "(.*?/ILSpy_binaries_(?:\S+).zip)"
+
+[JD-GUI]
+folder = Decompilers\[JAVA] JD-GUI
+url = https://github.com/java-decompiler/jd-gui
+from = github
+local_version = 1.6.6
+re_version = <span class="css-truncate-target" [^>]*>v(.*?)</span>
+re_download = "(.*?/jd-gui-windows-(?:\S+).zip)"
+
+[x64dbg]
+folder = Dissasembler\x64dbg
+url = https://sourceforge.net/projects/x64dbg/files/snapshots/
+update_url = https://razaoinfo.dl.sourceforge.net/project/x64dbg/snapshots/
+from = web
+local_version = 2021-02-09_17-28
+re_version = snapshot_(.*?).zip
+re_download = <span class="sub-label">(.*?) \(
+
+[Autoruns]
+folder = Monitor\Autoruns
+url = https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns
+from = web
+local_version = 13.98
+re_version = <h1 [^>]*>Autoruns for Windows v(.*?)</h1>
+re_download = "(.*?/Autoruns.zip)"
+
+[CurrPorts]
+folder = Monitor\CurrPorts
+url = https://www.nirsoft.net/utils/cports.html
+update_url = https://www.nirsoft.net/utils/cports.zip
+from = web
+local_version = 2.63
+re_version = <td>CurrPorts v(.*?) - Monitoring Opened
+
+[Portmon]
+folder = Monitor\Portmon
+url = https://docs.microsoft.com/en-us/sysinternals/downloads/portmon
+update_url = https://download.sysinternals.com/files/PortMon.zip
+from = web
+local_version = 3.03
+re_version = <h1 [^>]*>Portmon for Windows v(.*?)</h1>
+
+[Process Explorer]
+folder = Monitor\Process Explorer
+url = https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer
+update_url = https://download.sysinternals.com/files/ProcessExplorer.zip
+from = web
+local_version = 16.32
+re_version = <h1 [^>]*>Process Explorer v(.*?)</h1>
+
+[Process Hacker 2]
+folder = Monitor\Process Hacker 2
+url = https://github.com/processhacker/processhacker
+from = github
+local_version = 2.39
+re_version = <span class="css-truncate-target" [^>]*>v(.*?)</span>
+re_download = "(.*?/processhacker-(?:\S+)-bin.zip)"
+
+[Process Hacker 3]
+folder = Monitor\Process Hacker 3
+url = https://processhacker.sourceforge.io/nightly.php
+from = web
+local_version = 3.0.3813
+re_version = Build: <span style="font-weight:bold">(.*?)</span>
+re_download = href="(.*?artifacts/processhacker-(?:\S+)-bin.zip)
+
+[Procmon]
+folder = Monitor\Procmon
+url = https://docs.microsoft.com/en-us/sysinternals/downloads/procmon
+update_url = https://download.sysinternals.com/files/ProcessMonitor.zip
+from = web
+local_version = 3.61
+re_version = <h1 [^>]*>Process Monitor v(.*?)</h1>
+
+[TCPView]
+folder = Monitor\TCPView
+url = https://docs.microsoft.com/en-us/sysinternals/downloads/tcpview
+update_url = https://download.sysinternals.com/files/TCPView.zip
+from = web
+local_version = 3.05
+re_version = <h1 [^>]*>TCPView v(.*?)</h1>
+
+[Strings]
+folder = Other\Strings
+url = https://docs.microsoft.com/en-us/sysinternals/downloads/strings
+update_url = https://download.sysinternals.com/files/Strings.zip
+from = web
+local_version = 2.53
+re_version = <h1 [^>]*>Strings v(.*?)</h1>
+
+[XOpcodeCalc]
+folder = Other\XOpcodeCalc
+url = https://github.com/horsicq/XOpcodeCalc
+from = github
+local_version = 0.02
+re_version = <span class="css-truncate-target" [^>]*>(.*?)</span>
+re_download = "(.*?/xopcodecalc_win64_portable_(?:\S+).zip)"
+
+[Windows Kernel Explorer]
+folder = Rootkits Detector\Windows Kernel Explorer
+url = https://github.com/AxtMueller/Windows-Kernel-Explorer
+update_url = https://github.com/AxtMueller/Windows-Kernel-Explorer/raw/master/binaries/WKE64.exe
+from = web
+local_version = 20201111
+re_version = >Current Version: (.*?)<
+
+[SysInspector]
+folder = Rootkits Detector\SysInspector
+url = https://www.eset.com/ar/soporte/diagnostico-de-pc-gratuito/?type=13554&tx_esetdownloads_ajax[product]=46&tx_esetdownloads_ajax[beta]=0&tx_esetdownloads_ajax[page_id]=17328&tx_esetdownloads_ajax[plugin_id]=571902&tx_esetdownloads_ajax[product]=46&tx_esetdownloads_ajax[beta]=0&tx_esetdownloads_ajax[page_id]=17328&tx_esetdownloads_ajax[plugin_id]=571902
+update_url = https://download.eset.com/com/eset/tools/diagnosis/sysinspector/latest/sysinspector_nt64_esn.exe
+from = web
+local_version = 1.4.2.0
+re_version = "full_version":"(.*?)"
+
+[GMER]
+folder = Rootkits Detector\GMER
+url = http://www.gmer.net
+update_url = http://www2.gmer.net/gmer.zip
+from = web
+local_version = 2.2.19882
+re_version = <STRONG>GMER (.*?)<\/STRONG>
+
+[UniExtract]
+folder = UnPacking\UniExtract
+url = https://github.com/Bioruebe/UniExtract2
+from = github
+local_version = 2.0.0-rc.3
+re_version = <span class="css-truncate-target" [^>]*>v(.*?)</span>
+re_download = "(.*?/UniExtract(?:\S+).zip)"

Updater/updater.py

@@ -0,0 +1,191 @@
+# -*- coding: utf-8  -*-
+#
+# Copyright (C) 2021 DSR! <xchwarze@gmail.com>
+# Released under the terms of the MIT License
+# Developed for Python 3.6+
+# pip install requests py7zr
+
+import configparser
+import requests
+import re
+import os
+import shutil
+import pathlib
+import zipfile
+import py7zr
+
+
+# Helpers functions
+def get_filename_from_url(url):
+    fragment_removed = url.split('#')[0]  # keep to left of first #
+    query_string_removed = fragment_removed.split('?')[0]
+    scheme_removed = query_string_removed.split('://')[-1].split(':')[-1]
+
+    if scheme_removed.find('/') == -1:
+        return ''
+
+    return os.path.basename(scheme_removed)
+
+
+def cleanup_folder(path):
+    for file in os.listdir(path):
+        full_path = os.path.join(path, file)
+        if os.path.isdir(full_path):
+            shutil.rmtree(full_path)
+        else:
+            os.remove(full_path)
+
+
+# Steps
+def handle_updates():
+    for ini_name in config.sections():
+        try:
+            update_tool(ini_name)
+        except Exception as exception:
+            print(exception)
+
+    cleanup_folder(updates_path)
+
+
+def update_tool(name):
+    # generate download url
+    from_url = config.get(name, 'from')
+    download_url = config.get(name, 'url')
+    if from_url == 'github':
+        download_url = '{0}/releases/latest'.format(download_url)
+
+    # load html
+    html_response = requests.get(download_url)
+    html_response.raise_for_status()
+
+    # regex shit
+    latest_version = check_version(name, html_response.text)
+    update_download_url = get_download_url(name, html_response.text, from_url)
+
+    # download
+    cleanup_folder(updates_path)
+    file_path = download(name, update_download_url, updates_path)
+    file_info = os.path.splitext(file_path)
+
+    # processing file
+    print('{0}: processing file'.format(name))
+    unpack_path = os.path.join(updates_path, file_info[0])
+    unpack(file_path, file_info, unpack_path)
+    repack(name, unpack_path, latest_version)
+
+    # end!
+    print('{0}: update complete'.format(name))
+
+
+def check_version(name, html):
+    # https://api.github.com/repos/horsicq/DIE-engine/releases/latest
+    # python -c 'import json,sys;obj=json.load(sys.stdin);print obj["assets"][0]["browser_download_url"];'
+    local_version = config.get(name, 'local_version')
+    re_version = config.get(name, 're_version')
+    html_regex_version = re.findall(re_version, html)
+
+    if not html_regex_version:
+        raise Exception('{0}: re_version not match'.format(name))
+
+    if local_version == html_regex_version[0]:
+        raise Exception('{0}: {1} is the latest version'.format(name, local_version))
+
+    print('{0}: updated from {1} --> {2}'.format(name, local_version, html_regex_version[0]))
+
+    return html_regex_version[0]
+
+
+def get_download_url(name, html, from_url):
+    # case 1: if update_url is set... download it!
+    update_download_url = config.get(name, 'update_url', fallback=None)
+    re_download = config.get(name, 're_download', fallback=None)
+
+    # case 2: if update_url is not set, scrape the link from html (ex: nirsoft)
+    if not update_download_url:
+        html_regex_download = re.findall(re_download, html)
+        if not html_regex_download:
+            raise Exception('{0}: re_download not match'.format(name))
+
+        # fix github url
+        update_download_url = html_regex_download[0]
+        if from_url == 'github':
+            update_download_url = 'https://github.com{0}'.format(update_download_url)
+
+    # case 3: if update_url and re_download is set.... generate download link (ex: sourceforge)
+    elif re_download:
+        html_regex_download = re.findall(re_download, html)
+        if not html_regex_download:
+            raise Exception('{0}: re_download not match'.format(name))
+
+        update_download_url = '{0}{1}'.format(update_download_url, html_regex_download[0])
+
+    if not update_download_url:
+        raise Exception('{0}: update_download_url not generated!'.format(name))
+
+    return update_download_url
+
+
+def download(name, url, download_path):
+    # prepare
+    file_name = get_filename_from_url(url)
+    file_path = os.path.join(download_path, file_name)
+    print('{0}: downloading update "{1}"'.format(name, file_name))
+
+    # download
+    file_response = requests.get(url, stream=True)
+    file_response.raise_for_status()
+
+    with open(file_path, 'wb') as handle:
+        for block in file_response.iter_content(1024):
+            handle.write(block)
+
+    return file_path
+
+
+def unpack(file_path, file_info, unpack_path):
+    if file_info[1] == '.zip':
+        with zipfile.ZipFile(file_path, 'r') as compressed:
+            compressed.extractall(unpack_path)
+
+    elif file_info[1] == '.7z':
+        with py7zr.SevenZipFile(file_path, 'r') as compressed:
+            compressed.extractall(unpack_path)
+
+    else:
+        pathlib.Path(unpack_path).mkdir(exist_ok=True)
+        shutil.copy2(file_path, unpack_path)
+
+
+def repack(name, unpack_path, version):
+    # prepare
+    tool_folder_name = config.get(name, 'folder')
+    tool_folder_path = os.path.join(os.path.dirname(current_path), tool_folder_name)
+    tool_name = '{0} - {1}.7z'.format(name, version)
+    tmp_tool_path = os.path.join(os.path.dirname(unpack_path), tool_name)
+
+    # dirty hack for correct folders structure
+    folder_list = os.listdir(unpack_path)
+    folder_sample = os.path.join(unpack_path, folder_list[0])
+    if len(folder_list) == 1 & os.path.isdir(folder_sample):
+        unpack_path = folder_sample
+
+    # update tool
+    with py7zr.SevenZipFile(tmp_tool_path, 'w') as archive:
+        archive.writeall(unpack_path, arcname='')
+
+    pathlib.Path(tool_folder_path).mkdir(parents=True, exist_ok=True)
+    cleanup_folder(tool_folder_path)
+    shutil.copy2(tmp_tool_path, tool_folder_path)
+
+    # update local version data
+    config.set(name, 'local_version', version)
+    with open('tools.ini', 'w') as configfile:
+        config.write(configfile)
+
+
+# se fini
+current_path = os.fsdecode(os.getcwdb())
+updates_path = os.path.join(current_path, 'updates')
+config = configparser.ConfigParser()
+config.read('tools.ini')
+handle_updates()