From a5098cebfd8d93f701cb1f0eadfe51b38aed01d4 Mon Sep 17 00:00:00 2001 From: nxb1t Date: Tue, 6 Sep 2022 04:41:21 +0530 Subject: [PATCH 1/2] [protonVPN.py] - Included VPN Connection History --- scripts/artifacts/protonVPN.py | 43 ++++++++++++++++++++++++++++++++-- 1 file changed, 41 insertions(+), 2 deletions(-) diff --git a/scripts/artifacts/protonVPN.py b/scripts/artifacts/protonVPN.py index 83dc1ae4..d91f9249 100644 --- a/scripts/artifacts/protonVPN.py +++ b/scripts/artifacts/protonVPN.py @@ -1,4 +1,6 @@ import os +import re +import socket import sqlite3 import textwrap import datetime @@ -59,7 +61,44 @@ def get_protonVPN(files_found, report_folder, seeker, wrap_text): timeline(report_folder, tlactivity, data_list, data_headers) else: logfunc('No ProtonVPN - Device Info available') - else: + + elif file_found.endswith('Data.log'): + + data_list = [] + + protonvpn_log = open(file_found).readlines() + regex = re.compile(r"node.+\.protonvpn\.net") + for entry in protonvpn_log: + initial_connect = entry.find('to:') + if initial_connect != -1: + timestamp = entry[:entry.find('|')-1].split('.')[0].replace('T', ' ') + try: + server_hostname = regex.search(entry)[0] + server_ip = socket.gethostbyname(server_hostname) + data_list.append((server_hostname + f" - [ {server_ip} ]", timestamp)) + except socket.error: + server_hostname = regex.search(entry)[0] + data_list.append((server_hostname, timestamp)) + except: + pass + + if data_list: + report = ArtifactHtmlReport('ProtonVPN Connection History') + report.start_artifact_report(report_folder, 'ProtonVPN - Connection History') + report.add_script() + data_headers = ('Server Address', 'Timestamp') + report.write_artifact_data_table(data_headers, data_list, file_found) + report.end_artifact_report() + + tsvname = f'ProtonVPN - Conncetion History' + tsv(report_folder, data_headers, data_list, tsvname) + + tlactivity = f'ProtonVPN - Connection History' + timeline(report_folder, tlactivity, data_list, data_headers) + else: + logfunc('No ProtonVPN - Connection History available') + + elif file_found.endswith('db'): db = open_sqlite_db_readonly(file_found) # Cursor for User Data @@ -99,6 +138,6 @@ def get_protonVPN(files_found, report_folder, seeker, wrap_text): __artifacts__ = { "protonVPN User": ( "ProtonVPN", - ('**/ch.protonvpn.android/databases/db', '**/ch.protonvpn.android/shared_prefs/ServerListUpdater.xml'), get_protonVPN + ('**/ch.protonvpn.android/databases/db', '**/ch.protonvpn.android/shared_prefs/ServerListUpdater.xml', '**/ch.protonvpn.android/log/Data.log'), get_protonVPN ) } \ No newline at end of file From 9150f82dfb7773ac07096126a4cef7dd70c2f774 Mon Sep 17 00:00:00 2001 From: Nashid P <95064572+nxb1t@users.noreply.github.com> Date: Tue, 6 Sep 2022 14:30:54 +0000 Subject: [PATCH 2/2] Properly closed protonvpn_log --- scripts/artifacts/protonVPN.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/scripts/artifacts/protonVPN.py b/scripts/artifacts/protonVPN.py index d91f9249..952bd348 100644 --- a/scripts/artifacts/protonVPN.py +++ b/scripts/artifacts/protonVPN.py @@ -66,9 +66,12 @@ def get_protonVPN(files_found, report_folder, seeker, wrap_text): data_list = [] - protonvpn_log = open(file_found).readlines() + protonvpn_log = open(file_found, 'r') + log_entries = protonvpn_log.readlines() + protonvpn_log.close() + regex = re.compile(r"node.+\.protonvpn\.net") - for entry in protonvpn_log: + for entry in log_entries: initial_connect = entry.find('to:') if initial_connect != -1: timestamp = entry[:entry.find('|')-1].split('.')[0].replace('T', ' ') @@ -140,4 +143,4 @@ def get_protonVPN(files_found, report_folder, seeker, wrap_text): "ProtonVPN", ('**/ch.protonvpn.android/databases/db', '**/ch.protonvpn.android/shared_prefs/ServerListUpdater.xml', '**/ch.protonvpn.android/log/Data.log'), get_protonVPN ) -} \ No newline at end of file +}