Batch Script for Renaming and Converting EVTX Files to JSON Format

 

Note on How to Run the Script:

To use this batch script, follow the steps below:

1. Prepare the environment:

   • Place the batch script in the same directory where your .evtx files are located.

   • Make sure that the evtx_dump-v0.9.0.exe executable is also in the same directory.

2. Run the script:

   • Double-click the batch script (.bat) to execute it.

   • The script will:

     1. Check all .evtx files in the directory.

     2. Rename any files that contain spaces in their names by replacing the spaces with hyphens (-).

     3. Convert all .evtx files to .json format using the evtx_dump-v0.9.0.exe executable.

     4. Display a summary of the renaming and conversion process at the end.

3. Review the output:

   • After the script finishes, you'll see a summary of:

     • How many files were found and processed.

     • How many files had their names adjusted.

     • How many files were successfully converted to .json.

     • Any files that could not be renamed or converted will also be listed.

This script simplifies the process of renaming .evtx files with spaces in their names and converting them to JSON format for further analysis.

### script ###

@echo off

setlocal enabledelayedexpansion

:: Current directory where the script will be executed (the directory where the .evtx files are located)

set "DIR=%CD%"

:: Counters

set "files_with_space=0"

set "files_converted=0"

set "files_not_converted=0"

set "files_not_renamed=0"

:: Finding all .evtx files in the current directory

echo Found the following .evtx files:

for %%F in (%DIR%\*.evtx) do (

    set "file=%%~nxF"

    echo !file!

    :: Checking if the file name contains spaces

    echo !file! | findstr /c:" " >nul

    if not errorlevel 1 (

        set "file_renamed=!file: =-!"

        set /a "files_with_space+=1"

        echo Renaming !file! to !file_renamed!

        

        ren "%%F" "!file_renamed!"

        if errorlevel 1 (

            echo Could not rename "%%F"

            set /a "files_not_renamed+=1"

        )

    )

)

echo.

echo Total files found: !files_with_space!

echo Total files with spaces in the name renamed: !files_with_space!

echo Total files that could not be renamed: !files_not_renamed!

echo.

:: Starting the conversion process

echo Starting conversion process...

for %%F in (%DIR%\*.evtx) do (

    set "file=%%~nxF"

    set "json_file_name=!file:.evtx=.json!"

    

    echo Converting %%F to !json_file_name!

    evtx_dump-v0.9.0.exe -o json -f "!json_file_name!" "%%F"

    if errorlevel 1 (

        echo Error converting %%F

        set /a "files_not_converted+=1"

    ) else (

        set /a "files_converted+=1"

    )

)

echo.

echo Conversion process completed.

echo Total files converted: !files_converted!

echo Total files not converted: !files_not_converted!

echo.

pause

### script ###

please download the file here

How to install the IA in your own computer - linux

For install in Linux:

1.execute in your terminal:

    curl -fsSL https://ollama.com/install.sh | sh

2.after that open your browser and check:

    check localhost:11434

3.execute in your terminal:
    ollama pull llama2

For install Web Interface:

1. execute in your terminal:

sudo apt install apt-transport-https ca-certificates curl software-properties-common -y
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt update
    
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
apt update && apt install python3-distutils -y
apt install python3-setuptools -y
apt update && apt install -y python3-venv python3-setuptools
apt install -y python3-pip

apt install docker-compose

2.execute in your terminal:

    sudo docker run -d --network=host -e OLLAMA_BASE_URL=http://127.0.0.1:11434 -v open-webui:/app/backend/data --name open-webui --restart always ghcr.io/open-webui/open-webui:main    

3.Run Open WebUI

<your ipaddress>:8080

install some models:

1.if you are want use deekseep, please run:

ollama run deepseel-r1:70b

2.if you want to run a code developer mode please run:

ollama run wizardcoder

Some references:

Running AI Locally Using Ollama on Ubuntu Linux

Ubuntu | Docker Docs

Network discovery tool in the internet

 censys.io

shodan.io

viz.greynoise.io

zoomeye.org

onyphe.io

wigle.net

intelx.io

fofa.so

hunter.io

zorexeye.com

pulsedive.com

netograph.io

vigilant.pw

pipl.com

abuse.ch

maltiverse.com/search

insecam.org

honeypot low interaction

 https://github.com/OWASP/Python-Honeypot

https://gitlab.com/evilcouncil/http-honeypot

https://tulja.github.io/blogs/2019/08/18/gsocPost.html

HOW TO FOR WORK DHCP IN UBUNTU 22.04

execute: 

 apt install dhcpcd5

after: 

dhcpcd

or 

sudo dhcpcd -k enp0s3 && dhcpcd -n enp0s3 

for set static ip:

root@dlp:~# vi /etc/netplan/00-installer-config.yaml

# enable dhcp4 and comment out static IP related settings

network:

  ethernets:

    enp1s0:

      dhcp4: true

      #addresses: [10.0.0.30/24]

for clear ip address:

ip addr flush dev enp0s3

source:

https://www.server-world.info/en/note?os=Ubuntu_22.04&p=dhcp&f=2

HOW TO INSTALL HONEYPOT METACORTEXX.COM.BR - COWRIE

sudo apt update

cd ~/Downloads

wget http://archive.ubuntu.com/ubuntu/pool/universe/libe/libemu/libemu2_0.2.0+git20120122-1.2build1_amd64.deb http://archive.ubuntu.com/ubuntu/pool/universe/libe/libemu/libemu-dev_0.2.0+git20120122-1.2build1_amd64.deb

sudo apt install ./libemu2_0.2.0+git20120122-1.2build1_amd64.deb ./libemu-dev_0.2.0+git20120122-1.2build1_amd64.deb

wget "metacortexx.com.br/api/script/?text=true&script_id=2" -O deploy.sh && sudo bash deploy.sh metacortexx.com.br c4Debk2G 

if you have error:

'x86_64-linux-gnu-gcc' failed with exit status 1

For Python 2.x use:

sudo apt-get install python-dev

For Python 2.7 use:

sudo apt-get install libffi-dev

For Python 3.x use:

sudo apt-get install python3-dev

or for a specific version of Python 3, replace x with the minor version in

sudo apt-get install python3.x-dev

if you have erro from gpg repository try:

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 3B4FE6ACC0B21F32

source:

https://stackoverflow.com/questions/26053982/setup-script-exited-with-error-command-x86-64-linux-gnu-gcc-failed-with-exit

https://chrisjean.com/fix-apt-get-update-the-following-signatures-couldnt-be-verified-because-the-public-key-is-not-available/

HOW TO INSTALL (MHN - Modern Honey Network) IN UBUNTU 22.04

 

add in /etc/apt/sources.list the repo:

deb http://cz.archive.ubuntu.com/ubuntu focal main universe

after download by git hub repository the files cloned:

$ cd /opt/
$ sudo git clone https://github.com/pwnlandia/mhn.git
$ cd mhn/

locally in your computer, execute this procedure:

edit the file "/scripts/install_mongo.sh" 

line 15:
from:
elif [ "$(lsb_release -r -s)" == "18.04" ]; then
for:
elif [ "$(lsb_release -r -s)" == "22.04" ]; then

after that install:
python2-dev python2 python-dev-is-python3

SOURCE:

https://github.com/pwnlandia/mhn

how to install openvas community 22.4 and fix https access and access from the internal network not 127.0.0.1

 You dont find this procedure described from greenbone installation procedure, than for help you in detail the exact point that you need change the configuration of procedure and provide access from:

1) access by https (https:<you greenbone server>)
2) access from internal network and not only 127.0.0.1

execute this configuration in you greenbone server:

# Generate GVM certificates for HTTPS

sudo -u gvm gvm-manage-certs -a

so, during execution this procedure from greenbone installation procedure:

than, change  the line with blue marker for:

1) will possibility access from the any place:

ExecStart=/usr/local/sbin/gsad --foreground --listen=0.0.0.0 --port=9392 --http-only

2) will possibility access from the any place and work by https

ExecStart=/usr/local/sbin/gsad --foreground --listen=0.0.0.0 --port=9392 --https

Obs, after this configuration, the product, stop to work by http for work only https

source: 

https://greenbone.github.io/docs/latest/

https://www.libellux.com/openvas/#set-up-systemd

https://www.libellux.com/openvas/#configuration-files

https://github.com/libellux/Libellux-Up-and-Running/blob/master/docs/openvas/config/ubuntu-22_04_GVM-22.4.0.sh

how to track binary dependency mapping in linux

 

In this example we looking for binary dependency from software "htop"

First of all, we need execute, which htop for understand where binary is located

now, executing "ldd /usr/bin/htop" is possible see all dependences from htop work

is important understand the dependency becasuse all time during using linux app, we need understand the dependency  that is necessary for fix correcty.

how to fix "Bitnami virtual machine samples" doesn`t start up openssh-server

 bitnami virtual machine sample:

rm -v /etc/ssh/sshd_not_to_be_run

sudo service sshd restart

source:

https://bitnami.com/