mirror/ usbrip
1
0
Fork 0
mirror of https://github.com/snovvcrash/usbrip.git synced 2024-06-03 12:46:03 +02:00
Code

Update README.md

This commit is contained in:
Sam Freeside 2018-03-22 19:40:29 +03:00 committed by GitHub
parent 2e1a04c763
commit b8029e1f62
Signed by: GitHub
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
README.md
View File

@ -1,9 +1,9 @@
# usbrip
usbrip
========
usbrip (derived from "USB Ripper", not "USB R.I.P." :hushed:) is an open source forensic tool with CLI interface that lets you keep track of USB device artifacts (a.k.a. *USB event history*: "Connected" and "Disconnected" events) on Linux machines.
Table of Contents
# Description
Description
========
usbrip is a small piece of software written in pure Python 3 (using some external modules though, see Dependencies) which parses Linux log files (`/var/log/syslog*` or `/var/log/messages*` depending on the distro) for constructing USB event history tables. Such tables may contain the following columns: "Connected" (date & time), "User", "VID" (vendor ID), "PID" (product ID), "Product", "Manufacturer", "Serial Number", "Port" and "Disconnected" (date & time).
Besides, it also can:
@ -11,11 +11,13 @@ Besides, it also can:
* search for "violation events" based on `auth.json`: show (or generate another JSON with) all USB devices that do appear in history but do NOT appear in `auth.json`;
* search additional details about a specific USB device base on its VID and/or PID.
# Screenshots
Screenshots
========
![Screenshot-1](https://user-images.githubusercontent.com/23141800/37735126-2b601742-2d5e-11e8-85ed-9945123f484e.png "Get USB event history of external devices")
![Screenshot-2](https://user-images.githubusercontent.com/23141800/37735847-4340b720-2d60-11e8-83ce-b77c2b0673f8.png "Search for USB devices by PID")
# Usage
Usage
========
To get a list of module names use:
```
$ python3 usbrip.py -h
@ -31,7 +33,8 @@ To get a list of all switches for a specific submodule use:
$ python3 usbrip.py <module> <submodule> -h
```
# Examples
Examples
========
* Show event history of all USB devices without asking about the generation method of the output (-q, --quite, default output to the terminal stdout) represented as list (-l, --list) with latest 100 entries (-n, --number 100):
```
$ python3 usbrip.py events history -ql -c conn vid pid disconn serial -n 100
@ -73,7 +76,8 @@ $ python3 usbrip.py <module> <submodule> -h
$ python3 usbrip.py ids download
```
# Dependencies
Dependencies
========
usbrips makes use of the following external modules:
* [terminaltables](https://robpol86.github.io/terminaltables/v3.1.0/index.html "terminaltables 3.1.0 — terminaltables")
* [termcolor](https://pypi.python.org/pypi/termcolor "termcolor 1.1.0 : Python Package Index")
@ -81,5 +85,6 @@ usbrips makes use of the following external modules:
All requirements are stated in `requirements.txt`.
# Post Scriptum
Post Scriptum
========
Yep, the logo and info messages style is inspired by the *sqlmap* project :see_no_evil: