talaikis/sniff.py

## sniff.py
"""
Recycle bin sniffer for Windows.
Tested on Python 3.6, Windows 8.1.
"""

from os import listdir
from os.path import isdir
import optparse
from winreg import (OpenKey, QueryValueEx)
from shutil import  move

ext = None

def sid_to_user(sid):
    try:
        key = OpenKey(key=HKEY_LOCAL_MACHINE,
            sub_key="SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList"
            + '\\' + sid)
        (value, type) = QueryValueEx(key=key, value_name='ProfileImagePath')
        user = value.split("\\")[-1]
        return user
    except:
        return sid


def return_dir():
    dirs = ["C:\\Recycler\\", "C:\\Recycled\\", "C:\\$Recycle.Bin\\"]
    for recycle_dir in dirs:
        if isdir(recycle_dir):
            print("Recycle dir is {}".format(recycle_dir))
            return recycle_dir


def find_recycled_files(recycle_dir):
    dir_list = listdir(recycle_dir)
    for sid in dir_list:
        files = listdir(recycle_dir + sid)
        user = sid_to_user(sid)
        print("\n[*] Files for user: " + str(user))
        for f in files:
            try:
                file_path = recycle_dir + sid + "\\" + f
                print("[+] Found file: " + file_path)
                if ext:
                    move_file(ext=ext, f=f, file_path=file_path)
            except Exception as e:
                print("Error encountered {}".format(e))


def move_file(ext, f, file_path):
    if ext in f:
        destination = "C:\\" + f
        move(file_path, destination)


def main():
    recycled_dir = return_dir()
    find_recycled_files(recycle_dir=recycled_dir)


main()
	"""
	Recycle bin sniffer for Windows.
	Tested on Python 3.6, Windows 8.1.
	"""

	from os import listdir
	from os.path import isdir
	import optparse
	from winreg import (OpenKey, QueryValueEx)
	from shutil import move

	ext = None

	def sid_to_user(sid):
	try:
	key = OpenKey(key=HKEY_LOCAL_MACHINE,
	sub_key="SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList"
	+ '\\' + sid)
	(value, type) = QueryValueEx(key=key, value_name='ProfileImagePath')
	user = value.split("\\")[-1]
	return user
	except:
	return sid


	def return_dir():
	dirs = ["C:\\Recycler\\", "C:\\Recycled\\", "C:\\$Recycle.Bin\\"]
	for recycle_dir in dirs:
	if isdir(recycle_dir):
	print("Recycle dir is {}".format(recycle_dir))
	return recycle_dir


	def find_recycled_files(recycle_dir):
	dir_list = listdir(recycle_dir)
	for sid in dir_list:
	files = listdir(recycle_dir + sid)
	user = sid_to_user(sid)
	print("\n[*] Files for user: " + str(user))
	for f in files:
	try:
	file_path = recycle_dir + sid + "\\" + f
	print("[+] Found file: " + file_path)
	if ext:
	move_file(ext=ext, f=f, file_path=file_path)
	except Exception as e:
	print("Error encountered {}".format(e))


	def move_file(ext, f, file_path):
	if ext in f:
	destination = "C:\\" + f
	move(file_path, destination)


	def main():
	recycled_dir = return_dir()
	find_recycled_files(recycle_dir=recycled_dir)


	main()