-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathBitlocker_Key_Finder.py
76 lines (68 loc) · 2.92 KB
/
Bitlocker_Key_Finder.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
#Python3
import re
import os
import fnmatch
import argparse
_author_ = ['Copyright 2021 North Loop Consulting']
_copy_ = ['(C) 2021']
_description_ = ("---Bitlocker_Key_Finder v1.1---"
" A tool to locate and retrieve Bitlocker Recovery files."
" Searches file names and file content for recovery keys."
)
parser = argparse.ArgumentParser(
description=_description_,
epilog="{}".format(
", ".join(_author_), _copy_))
parser.add_argument("INPUT_VOLUME", help="Input volume letter - ex. 'C:\\\\' or Absolute path - ex. 'E:\\Evidence\\MountedImage\\C'")
args = parser.parse_args()
In_Vol = args.INPUT_VOLUME
txt_Files = []
for root, dirs, file in os.walk(In_Vol):
for filename in file:
if filename.endswith(('.txt', '.TXT', '.bek', '.BEK')): #filters to txt and bek files
txt_Files.append(os.path.join(root, filename)) #creates list of txt and bek files
pattern = re.compile(r"\d{6}-\d{6}-\d{6}-\d{6}-\d{6}-\d{6}-\d{6}-\d{6}")
Bit_Keys = []
for ele in txt_Files:
if fnmatch.fnmatch(ele, "*BitLocker Recovery Key*"):
print(ele)
Bit_Keys.append(ele)
if fnmatch.fnmatch(ele, "*.BEK"):
print(ele + '\n')
Bit_Keys.append(ele)
if len(Bit_Keys) == 0:
print("""***************************************************************************
\nNo Bitlocker Recovery text files were found.
\nWould you like to perform a string search on all text files (slow process)?
\n***************************************************************************""")
choice = input("'Yes' or 'No': ")
if choice == 'Yes' or "Yes " or "yes" or "yes ":
for ele in txt_Files:
try:
with open(ele, 'r', encoding="utf-16-le") as text:
text = text.read()
k = re.findall(pattern, text)
for key in k:
print(ele + " - " + key)
except UnicodeDecodeError:
pass
except PermissionError:
pass
if len(Bit_Keys) >= 1:
print("""++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
\nGREAT JOB!!! YOU FOUND SOME!
\nWould you like to continue and search the contents of all text files (slower process)?
\n++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++""")
choice = input("'Yes' or 'No': ")
if choice == 'Yes' or "Yes " or "yes" or "yes ":
for ele in txt_Files:
try:
with open(ele, 'r', encoding="utf-16-le") as text:
text = text.read()
k = re.findall(pattern, text)
for key in k:
print(ele + " - " + key)
except UnicodeDecodeError:
pass
except PermissionError:
pass