Fixed errors

Imanol-Mikel Barba Sabariego
1 parent 00dcf762
Showing 5 changed files with 23 additions and 23 deletions
digger.py
findfile.py
modules/globeimposter2.py
regquery.py
winver.py
@@ -38,7 +38,7 @@ def getModules():
             del module
             sys.modules.pop(modname)
         except Exception as e:
-            print("Exception raised while importing " + modname)
+            logger.msgLog("Exception raised while importing " + modname + ": " + str(e),"digger",logger.TYPE_ERROR)
     return choiceList
 def prepareModule(moduleName):
@@ -124,14 +124,13 @@ if __name__ == &quot;__main__&quot;:
     locale.setlocale(locale.LC_ALL, '')
     d = Dialog(dialog="dialog",autowidgetsize=True)
     d.set_background_title("Gravedigger")
-
-    moduleList = getModules()
     code,value = d.inputbox("Input computer's name")
     if code == d.OK:
         tomb._MACHINE_NAME= value
         logger.logSystems.append(ConsoleLogger())
         logger.logSystems.append(FileLogger(tomb.getPath() + "log.txt"))
         logger.msgLog("Beginning excavation of tomb: " + tomb.getPath(),"digger",logger.TYPE_INFO)
+        moduleList = getModules()
         d.set_background_title("Gravedigger - " + value)
         code, tags = d.checklist("Select modules to execute",
                              choices=moduleList + [("all","Execute all modules",False)],
@@ -5,10 +5,10 @@ def find_pattern_all(pattern, path, casesensitive):
     result = []
     for root, dirs, files in os.walk(path):
         for name in files:
-            if sensitive:
+            if casesensitive:
                 if fnmatch.fnmatchcase(name,pattern):
                     result.append(os.path.join(root, name))
-			else:
+            else:
                 if fnmatch.fnmatch(name.lower(), pattern.lower()):
                     result.append(os.path.join(root, name))
     return result
@@ -16,10 +16,10 @@ def find_pattern_all(pattern, path, casesensitive):
 def find_pattern(pattern, path, casesensitive):
     for root, dirs, files in os.walk(path):
         for name in files:
-            if sensitive:
+            if casesensitive:
                 if fnmatch.fnmatchcase(name,pattern):
                     return os.path.join(root, name)
-			else:
+            else:
                 if fnmatch.fnmatch(name.lower(), pattern.lower()):
                     return os.path.join(root, name)
     return None
@@ -36,9 +36,10 @@ class RegistryModule(Module):
             profiles = winver.getUserProfiles(mntpoint)
             for profile in profiles:
                 hkcu = profile + "/NTUSER.DAT"
-                value = regquery.queryValue(hkcu,"""Software\Microsoft\Windows\CurrentVersion\RunOnce""","CertificatesCheck")
-                if(value != None):
-                    logger.msgLog("FOUND Globeimposter 2.0 value in RunOnce: " + value,"globeimposter2",logger.TYPE_WARNING)
+                if(os.path.isfile(hkcu)):
+                    value = regquery.queryValue(hkcu,"""Software\Microsoft\Windows\CurrentVersion\RunOnce""","CertificatesCheck")
+                    if(value != None):
+                        logger.msgLog("FOUND Globeimposter 2.0 value in RunOnce: " + value,"globeimposter2",logger.TYPE_WARNING)
             #VSS
         for vol in self.vars['ntfsvol'].value:
@@ -48,9 +49,9 @@ class RegistryModule(Module):
             except:
                 raise
             mntpoint += mntid
-            result = find_pattern("*.725",mntpoint,False)
-			if(result != None):
+            result = findfile.find_pattern("*.725",mntpoint,False)
+            if(result != None):
                 logger.msgLog("FOUND at least one file with 725 extension: " + result,"globeimposter2",logger.TYPE_WARNING)
-            result = find("RECOVER-FILES.html",mntpoint)
+            result = findfile.find("RECOVER-FILES.html",mntpoint)
             if(result != None):
                 logger.msgLog("FOUND ransom letter: " + result,"globeimposter2",logger.TYPE_WARNING)
 from Registry import Registry
-def queryValue(hive,keyPath,valueName):
+def queryValue(hive,key,valueName):
     reg = Registry.Registry(hive)
-    key = reg.open(keyPath)
+    key = reg.open(key)
     try:
         value = str(key.value(valueName).value)
-    except Registry.RegistryValueNotFoundException:
+    except Registry.RegistryParse.RegistryStructureDoesNotExist:
         value = None
     return value
 def getValues(hive,key):
     valueList = []
     reg = Registry.Registry(hive)
-    key = reg.open(keyPath)
-	for value in key.values():
-        valueList.append(value.value_name)
+    key = reg.open(key)
+    for value in key.values():
+        valueList.append(value.value)
     return valueList
 def getSubkeys(hive,key):
     subkeyList = []
     reg = Registry.Registry(hive)
-    key = reg.open(keyPath)
+    key = reg.open(key)
     for subkey in key.subkeys():
         subkeyList.append(subkey.name)
     return subkeyList
@@ -52,11 +52,11 @@ def getWindowsVersion(path):
         return _WIN_9x
 def getWindowsDirectory(path):
-    if DETECTED_WINDOWS_PATH[path] is None:
-      result = find_pattern("explorer.exe",path,False)
+    if path not in DETECTED_WINDOWS_PATH:
+      result = findfile.find_pattern("explorer.exe",path,False)
       #result,code = runProcess(["find",path,"-xdev","-iname","explorer.exe","-print","-quit"])
       #if(result.decode("utf-8") == ""):
-      if(len(result) == 0):
+      if result is None:
           return None
       #matches = result.decode("utf-8").splitlines()
       #WARNING: ONLY CONSIDERING FIRST MATCH