usbrip ( USB Ripper )

[dEEpEst]

This link is hidden for visitors. Please Log in or register now.

This link is hidden for visitors. Please Log in or register now.

 

This link is hidden for visitors. Please Log in or register now.

 

This link is hidden for visitors. Please Log in or register now.

This link is hidden for visitors. Please Log in or register now.

 

This link is hidden for visitors. Please Log in or register now.

usbrip (derived from "USB Ripper", not "USB R.I.P." 

) is an open source forensics tool with CLI interface that lets you keep track of USB device artifacts (aka USB event history, "Connected" and "Disconnected" events) on Linux machines.

Table of Contents:

• This link is hidden for visitors. Please Log in or register now.
  
  
• This link is hidden for visitors. Please Log in or register now.
  
  
• This link is hidden for visitors. Please Log in or register now.
  
  
• This link is hidden for visitors. Please Log in or register now.
  
  
• This link is hidden for visitors. Please Log in or register now.
  
  
  
  
  This link is hidden for visitors. Please Log in or register now.
  
  
• This link is hidden for visitors. Please Log in or register now.
  
  
• This link is hidden for visitors. Please Log in or register now.
  
  
• This link is hidden for visitors. Please Log in or register now.
  
  

[*]

This link is hidden for visitors. Please Log in or register now.

• 
  
  
  This link is hidden for visitors. Please Log in or register now.
  
  
• This link is hidden for visitors. Please Log in or register now.
  
  
  
  
  This link is hidden for visitors. Please Log in or register now.
  
  
• This link is hidden for visitors. Please Log in or register now.
  
  
• This link is hidden for visitors. Please Log in or register now.
  
  

[*]

This link is hidden for visitors. Please Log in or register now.

• 
  
  
  This link is hidden for visitors. Please Log in or register now.
  
  
• This link is hidden for visitors. Please Log in or register now.
  
  

[*]

This link is hidden for visitors. Please Log in or register now.

[*]

This link is hidden for visitors. Please Log in or register now.

[*]

This link is hidden for visitors. Please Log in or register now.

Description


usbrip is a small piece of software written in pure Python 3 (using some external modules though, see 

This link is hidden for visitors. Please Log in or register now.

) which parses Linux log files (/var/log/syslog*or /var/log/messages* depending on the distro) for constructing USB event history tables. Such tables may contain the following columns: "Connected" (date & time), "User", "VID" (vendor ID), "PID" (product ID), "Product", "Manufacturer", "Serial Number", "Port" and "Disconnected" (date & time).

Besides, it also can:

• export gathered information as a JSON dump (and open such dumps, of course);
  
• generate a list of authorized (trusted) USB devices as a JSON (call it auth.json);
  
• search for "violation events" based on the auth.json: show (or generate another JSON with) USB devices that do appear in history and do NOT appear in the auth.json;
  
• *when installed with -s flag*create crypted storages (7zip archives) to automatically backup and accumulate USB events with the help of crontab scheduler;
  
• search additional details about a specific USB device based on its VID and/or PID.
  

Quick Start


usbrip is available for download and installation at 

This link is hidden for visitors. Please Log in or register now.

:

~$ pip3 install usbrip



Screenshots

This link is hidden for visitors. Please Log in or register now.

This link is hidden for visitors. Please Log in or register now.

To see this hidden content, you must like this content.