From a5040fc5058e876d5ed90f5cfba012b447c0c24c Mon Sep 17 00:00:00 2001 From: YamatoSecurity Date: Wed, 25 Dec 2024 07:29:02 +0300 Subject: [PATCH 1/7] bump --- Cargo.lock | 234 +++++++++++++++++++++++++---------------------------- Cargo.toml | 4 +- 2 files changed, 114 insertions(+), 124 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 488eaedf3..982cd3998 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -40,9 +40,9 @@ dependencies = [ [[package]] name = "allocator-api2" -version = "0.2.20" +version = "0.2.21" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "45862d1c77f2228b9e10bc609d5bc203d86ebc9b87ad8d5d5167a6c9abf739d9" +checksum = "683d7910e743518b0e34f1186f92494becacb047c7b6bf616c96772180fef923" [[package]] name = "android-tzdata" @@ -110,9 +110,9 @@ dependencies = [ [[package]] name = "anyhow" -version = "1.0.93" +version = "1.0.95" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4c95c10ba0b00a02636238b814946408b1322d5ac4760326e6fb8ec956d85775" +checksum = "34ac096ce696dc2fcabef30516bb13c0a68a11d30131d3df6f04711467681b04" [[package]] name = "arraydeque" @@ -176,9 +176,9 @@ dependencies = [ [[package]] name = "bstr" -version = "1.11.0" +version = "1.11.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1a68f1f47cdf0ec8ee4b941b2eee2a80cb796db73118c0dd09ac63fbe405be22" +checksum = "786a307d683a5bf92e6fd5fd69a7eb613751668d1d8d67d802846dfe367c62c8" dependencies = [ "memchr", "serde", @@ -256,9 +256,9 @@ dependencies = [ [[package]] name = "cc" -version = "1.2.2" +version = "1.2.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f34d93e62b03caf570cccc334cbc6c2fceca82f39211051345108adcba3eebdc" +checksum = "c31a0499c1dc64f458ad13872de75c0eb7e3fdb0e67964610c914b034fc5956e" dependencies = [ "jobserver", "libc", @@ -284,9 +284,9 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" [[package]] name = "chrono" -version = "0.4.38" +version = "0.4.39" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a21f936df1771bf62b77f047b726c4625ff2e8aa607c01ec06e5a05bd8463401" +checksum = "7e36cc9d416881d2e24f9a963be5fb1cd90966419ac844274161d10488b3e825" dependencies = [ "android-tzdata", "iana-time-zone", @@ -316,9 +316,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.5.21" +version = "4.5.23" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fb3b4b9e5a7c7514dfa52869339ee98b3156b0bfb4e8a77c4ff4babb64b1604f" +checksum = "3135e7ec2ef7b10c6ed8950f0f792ed96ee093fa088608f1c76e569722700c84" dependencies = [ "clap_builder", "clap_derive", @@ -326,9 +326,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.5.21" +version = "4.5.23" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b17a95aa67cc7b5ebd32aa5370189aa0d79069ef1c64ce893bd30fb24bff20ec" +checksum = "30582fc632330df2bd26877bde0c1f4470d57c582bbc070376afcd04d8cb4838" dependencies = [ "anstream", "anstyle", @@ -345,14 +345,14 @@ dependencies = [ "heck", "proc-macro2", "quote", - "syn 2.0.89", + "syn 2.0.91", ] [[package]] name = "clap_lex" -version = "0.7.3" +version = "0.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "afb84c814227b90d6895e01398aee0d8033c00e7466aca416fb6a8e0eb19d8a7" +checksum = "f46ad14479a25103f283c0f10005961cf086d8dc42205bb44c46ac563475dca6" [[package]] name = "colorchoice" @@ -362,12 +362,12 @@ checksum = "5b63caa9aa9397e2d9480a9b13673856c78d8ac123288526c37d7839f2a86990" [[package]] name = "colored" -version = "2.1.0" +version = "2.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cbf2150cce219b664a8a70df7a1f933836724b503f8a413af9365b4dcc4d90b8" +checksum = "117725a109d387c937a1533ce01b450cbde6b88abceea8473c4d7a85853cda3c" dependencies = [ "lazy_static", - "windows-sys 0.48.0", + "windows-sys 0.59.0", ] [[package]] @@ -379,7 +379,7 @@ dependencies = [ "crossterm", "strum", "strum_macros", - "unicode-width 0.2.0", + "unicode-width", ] [[package]] @@ -398,15 +398,15 @@ dependencies = [ [[package]] name = "console" -version = "0.15.8" +version = "0.15.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0e1f83fc076bd6dd27517eacdf25fef6c4dfe5f1d7448bafaaf3a26f13b5e4eb" +checksum = "ea3c6ecd8059b57859df5c69830340ed3c41d30e3da0c1cbed90a96ac853041b" dependencies = [ "encode_unicode", - "lazy_static", "libc", - "unicode-width 0.1.14", - "windows-sys 0.52.0", + "once_cell", + "unicode-width", + "windows-sys 0.59.0", ] [[package]] @@ -435,9 +435,9 @@ dependencies = [ [[package]] name = "crossbeam-deque" -version = "0.8.5" +version = "0.8.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "613f8cc01fe9cf1a3eb3d7f488fd2fa8388403e97039e2f73692932e291a770d" +checksum = "9dd111b7b7f7d55b72c0a6ae361660ee5853c9af73f70c3c2ef6858b950e2e51" dependencies = [ "crossbeam-epoch", "crossbeam-utils", @@ -454,9 +454,9 @@ dependencies = [ [[package]] name = "crossbeam-utils" -version = "0.8.20" +version = "0.8.21" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "22ec99545bb0ed0ea7bb9b8e1e9122ea386ff8a48c0922e43f36d45ab09e0e80" +checksum = "d0a5c400df2834b80a4c3327b3aad3a4c4cd4de0629063962b03235697506a28" [[package]] name = "crossterm" @@ -562,7 +562,7 @@ checksum = "97369cbbc041bc366949bc74d34658d6cda5621039731c6310521892a3a20ae0" dependencies = [ "proc-macro2", "quote", - "syn 2.0.89", + "syn 2.0.91", ] [[package]] @@ -579,9 +579,9 @@ checksum = "60b1af1c220855b6ceac025d3f6ecdd2b7c4894bfe9cd9bda4fbb4bc7c0d4cf0" [[package]] name = "encode_unicode" -version = "0.3.6" +version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a357d28ed41a50f9c765dbfe56cbc04a64e53e5fc58ba79fbc34c10ef3df831f" +checksum = "34aa73646ffb006b8f5147f3dc182bd4bcb190227ce861fc4a4844bf8e3cb2c0" [[package]] name = "encoding" @@ -683,8 +683,8 @@ dependencies = [ [[package]] name = "evtx" -version = "0.8.12" -source = "git+https://github.com/Yamato-Security/hayabusa-evtx.git?rev=b152e83#b152e83d85886eea5a636535424cc19f8d2d5482" +version = "0.8.13" +source = "git+https://github.com/Yamato-Security/hayabusa-evtx.git?rev=cd33263#cd33263767db119bb9c5c1b2f29549580fdf812f" dependencies = [ "anyhow", "bitflags 2.6.0", @@ -710,9 +710,9 @@ dependencies = [ [[package]] name = "fastrand" -version = "2.2.0" +version = "2.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "486f806e73c5707928240ddc295403b1b93c96a02038563881c4a2fd84b81ac4" +checksum = "37909eebbb50d72f9059c3b6d82c0463f2ff062c9e95845c43a6c9c0355411be" [[package]] name = "file-chunker" @@ -742,9 +742,9 @@ checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1" [[package]] name = "foldhash" -version = "0.1.3" +version = "0.1.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f81ec6369c545a7d40e4589b5597581fa1c441fe1cce96dd1de43159910a36a2" +checksum = "a0d2fde1f7b3d48b8395d5f2de76c18a528bd6a9cdde438df747bfcba3e05d6f" [[package]] name = "foreign-types" @@ -862,7 +862,7 @@ dependencies = [ [[package]] name = "hayabusa" -version = "3.0.0-dev" +version = "3.0.0" dependencies = [ "aho-corasick", "base64", @@ -907,7 +907,7 @@ dependencies = [ "serde_derive", "serde_json", "termcolor", - "terminal_size 0.4.0", + "terminal_size 0.4.1", "tokio", "ureq", "uuid", @@ -1078,7 +1078,7 @@ checksum = "1ec89e9337638ecdc08744df490b221a7399bf8d164eb52a665454e60e075ad6" dependencies = [ "proc-macro2", "quote", - "syn 2.0.89", + "syn 2.0.91", ] [[package]] @@ -1104,9 +1104,9 @@ dependencies = [ [[package]] name = "indexmap" -version = "2.6.0" +version = "2.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "707907fe3c25f5424cce2cb7e1cbcafee6bdbe735ca90ef77c29e84591e5b9da" +checksum = "62f822373a4fe84d4bb149bf54e584a7f4abec90e072ed49cda0edea5b95471f" dependencies = [ "equivalent", "hashbrown 0.15.2", @@ -1121,7 +1121,7 @@ dependencies = [ "console", "number_prefix", "portable-atomic", - "unicode-width 0.2.0", + "unicode-width", "web-time", ] @@ -1210,10 +1210,11 @@ dependencies = [ [[package]] name = "js-sys" -version = "0.3.72" +version = "0.3.76" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6a88f1bda2bd75b0452a14784937d796722fdebfe50df998aeb3f0b7603019a9" +checksum = "6717b6b5b077764fb5966237269cb3c64edddde4b14ce42647430a78ced9e7b7" dependencies = [ + "once_cell", "wasm-bindgen", ] @@ -1243,9 +1244,9 @@ checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" [[package]] name = "libc" -version = "0.2.167" +version = "0.2.169" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "09d6582e104315a817dff97f75133544b2e094ee22447d2acf4a74e189ba06fc" +checksum = "b5aba8db14291edd000dfcc4d620c7ebfb122c613afb886ca8803fa4e128a20a" [[package]] name = "libgit2-sys" @@ -1306,9 +1307,9 @@ checksum = "78b3ae25bc7c8c38cec158d1f2757ee79e9b3740fbc7ccf0e59e4b08d793fa89" [[package]] name = "litemap" -version = "0.7.3" +version = "0.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "643cb0b8d4fcc284004d5fd0d67ccf61dfffadb7f75e1e71bc420f4688a3a704" +checksum = "4ee93343901ab17bd981295f2cf0026d4ad018c7c31ba84549a4ddbb47a45104" [[package]] name = "lock_api" @@ -1373,20 +1374,19 @@ dependencies = [ [[package]] name = "miniz_oxide" -version = "0.8.0" +version = "0.8.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e2d80299ef12ff69b16a84bb182e3b9df68b5a91574d3d4fa6e41b65deec4df1" +checksum = "4ffbe83022cedc1d264172192511ae958937694cd57ce297164951b8b3568394" dependencies = [ "adler2", ] [[package]] name = "mio" -version = "1.0.2" +version = "1.0.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "80e04d1dcff3aae0704555fe5fee3bcfaf3d1fdf8a7e521d5b9d2b42acb52cec" +checksum = "2886843bf800fba2e3377cff24abf6379b4c4d5c6681eaf9ea5b0d15090450bd" dependencies = [ - "hermit-abi", "libc", "wasi", "windows-sys 0.52.0", @@ -1510,9 +1510,9 @@ checksum = "830b246a0e5f20af87141b25c173cd1b609bd7779a4617d6ec582abaf90870f3" [[package]] name = "object" -version = "0.36.5" +version = "0.36.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "aedf0a2d09c573ed1d8d85b30c119153926a2b36dce0ab28322c09a117a4683e" +checksum = "62948e14d923ea95ea2c7c86c71013138b66525b86bdc08d2dcc262bdb497b87" dependencies = [ "memchr", ] @@ -1546,7 +1546,7 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.89", + "syn 2.0.91", ] [[package]] @@ -1723,9 +1723,9 @@ dependencies = [ [[package]] name = "redox_syscall" -version = "0.5.7" +version = "0.5.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9b6dfecf2c74bce2466cabf93f6664d6998a69eb21e39f4207930065b27b771f" +checksum = "03a862b389f93e68874fbf580b9de08dd02facb9a788ebadaf4a3fd33cf58834" dependencies = [ "bitflags 2.6.0", ] @@ -1814,7 +1814,7 @@ dependencies = [ "proc-macro2", "quote", "rust-embed-utils", - "syn 2.0.89", + "syn 2.0.91", "walkdir", ] @@ -1837,22 +1837,22 @@ checksum = "719b953e2095829ee67db738b3bfa9fa368c94900df327b3f07fe6e794d2fe1f" [[package]] name = "rustix" -version = "0.38.41" +version = "0.38.42" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d7f649912bc1495e167a6edee79151c84b1bad49748cb4f1f1167f459f6224f6" +checksum = "f93dc38ecbab2eb790ff964bb77fa94faf256fd3e73285fd7ba0903b76bedb85" dependencies = [ "bitflags 2.6.0", "errno", "libc", "linux-raw-sys", - "windows-sys 0.52.0", + "windows-sys 0.59.0", ] [[package]] name = "rustls" -version = "0.23.19" +version = "0.23.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "934b404430bb06b3fae2cba809eb45a1ab1aecd64491213d7c3301b88393f8d1" +checksum = "5065c3f250cbd332cd894be57c40fa52387247659b14a2d6041d121547903b1b" dependencies = [ "log", "once_cell", @@ -1865,9 +1865,9 @@ dependencies = [ [[package]] name = "rustls-pki-types" -version = "1.10.0" +version = "1.10.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "16f1201b3c9a7ee8039bcadc17b7e605e2945b27eee7631788c1bd2b0643674b" +checksum = "d2bf47e6ff922db3825eb750c4e2ff784c6ff8fb9e13046ef6a1d1c5401b0b37" [[package]] name = "rustls-webpki" @@ -1909,38 +1909,38 @@ checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" [[package]] name = "semver" -version = "1.0.23" +version = "1.0.24" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b" +checksum = "3cb6eb87a131f756572d7fb904f6e7b68633f09cca868c5df1c4b8d1a694bbba" dependencies = [ "serde", ] [[package]] name = "serde" -version = "1.0.215" +version = "1.0.216" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6513c1ad0b11a9376da888e3e0baa0077f1aed55c17f50e7b2397136129fb88f" +checksum = "0b9781016e935a97e8beecf0c933758c97a5520d32930e460142b4cd80c6338e" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.215" +version = "1.0.216" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ad1e866f866923f252f05c889987993144fb74e722403468a4ebd70c3cd756c0" +checksum = "46f859dbbf73865c6627ed570e78961cd3ac92407a2d117204c49232485da55e" dependencies = [ "proc-macro2", "quote", - "syn 2.0.89", + "syn 2.0.91", ] [[package]] name = "serde_json" -version = "1.0.133" +version = "1.0.134" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c7fceb2473b9166b2294ef05efcb65a3db80803f0b03ef86a5fc88a2b85ee377" +checksum = "d00f4175c42ee48b15416f6193a959ba3a0d67fc699a0db9ad12df9f83991c7d" dependencies = [ "indexmap", "itoa", @@ -2052,7 +2052,7 @@ dependencies = [ "proc-macro2", "quote", "rustversion", - "syn 2.0.89", + "syn 2.0.91", ] [[package]] @@ -2074,9 +2074,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.89" +version = "2.0.91" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "44d46482f1c1c87acd84dea20c1bf5ebff4c757009ed6bf19cfd36fb10e92c4e" +checksum = "d53cbcb5a243bd33b7858b1d7f4aca2153490815872d86d955d6ea29f743c035" dependencies = [ "proc-macro2", "quote", @@ -2091,7 +2091,7 @@ checksum = "c8af7666ab7b6390ab78131fb5b0fce11d6b7a6951602017c35fa82800708971" dependencies = [ "proc-macro2", "quote", - "syn 2.0.89", + "syn 2.0.91", ] [[package]] @@ -2128,9 +2128,9 @@ dependencies = [ [[package]] name = "terminal_size" -version = "0.4.0" +version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4f599bd7ca042cfdf8f4512b277c02ba102247820f9d9d4a9f521f496751a6ef" +checksum = "5352447f921fda68cf61b4101566c0bdb5104eff6804d0678e5227580ab6a4e9" dependencies = [ "rustix", "windows-sys 0.59.0", @@ -2153,7 +2153,7 @@ checksum = "4fee6c4efc90059e10f81e6d42c60a18f76588c3d74cb83a0b242a2b6c7504c1" dependencies = [ "proc-macro2", "quote", - "syn 2.0.89", + "syn 2.0.91", ] [[package]] @@ -2168,9 +2168,9 @@ dependencies = [ [[package]] name = "tokio" -version = "1.41.1" +version = "1.42.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "22cfb5bee7a6a52939ca9224d6ac897bb669134078daa8735560897f69de4d33" +checksum = "5cec9b21b0450273377fc97bd4c33a8acffc8c996c987a7c5b319a0083707551" dependencies = [ "backtrace", "bytes", @@ -2192,7 +2192,7 @@ checksum = "693d596312e88961bc67d7f1f97af8a70227d9f90c31bba5806eec004978d752" dependencies = [ "proc-macro2", "quote", - "syn 2.0.89", + "syn 2.0.91", ] [[package]] @@ -2203,9 +2203,9 @@ checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825" [[package]] name = "unicase" -version = "2.8.0" +version = "2.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7e51b68083f157f853b6379db119d1c1be0e6e4dec98101079dec41f6f5cf6df" +checksum = "75b844d17643ee918803943289730bec8aac480150456169e647ed0b576ba539" [[package]] name = "unicode-ident" @@ -2213,12 +2213,6 @@ version = "1.0.14" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "adb9e6ca4f869e1180728b7950e35922a7fc6397f7b641499e8f3ef06e50dc83" -[[package]] -name = "unicode-width" -version = "0.1.14" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7dd6e30e90baa6f72411720665d41d89b9a3d039dc45b8faea1ddd07f617f6af" - [[package]] name = "unicode-width" version = "0.2.0" @@ -2233,21 +2227,18 @@ checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" [[package]] name = "ureq" -version = "2.11.0" +version = "2.12.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b30e6f97efe1fa43535ee241ee76967d3ff6ff3953ebb430d8d55c5393029e7b" +checksum = "02d1a66277ed75f640d608235660df48c8e3c19f3b4edb6a263315626cc3c01d" dependencies = [ "base64", "flate2", - "litemap", "log", "once_cell", "rustls", "rustls-pki-types", "url", "webpki-roots", - "yoke", - "zerofrom", ] [[package]] @@ -2318,9 +2309,9 @@ checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" [[package]] name = "wasm-bindgen" -version = "0.2.95" +version = "0.2.99" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "128d1e363af62632b8eb57219c8fd7877144af57558fb2ef0368d0087bddeb2e" +checksum = "a474f6281d1d70c17ae7aa6a613c87fce69a127e2624002df63dcb39d6cf6396" dependencies = [ "cfg-if", "once_cell", @@ -2329,24 +2320,23 @@ dependencies = [ [[package]] name = "wasm-bindgen-backend" -version = "0.2.95" +version = "0.2.99" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cb6dd4d3ca0ddffd1dd1c9c04f94b868c37ff5fac97c30b97cff2d74fce3a358" +checksum = "5f89bb38646b4f81674e8f5c3fb81b562be1fd936d84320f3264486418519c79" dependencies = [ "bumpalo", "log", - "once_cell", "proc-macro2", "quote", - "syn 2.0.89", + "syn 2.0.91", "wasm-bindgen-shared", ] [[package]] name = "wasm-bindgen-macro" -version = "0.2.95" +version = "0.2.99" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e79384be7f8f5a9dd5d7167216f022090cf1f9ec128e6e6a482a2cb5c5422c56" +checksum = "2cc6181fd9a7492eef6fef1f33961e3695e4579b9872a6f7c83aee556666d4fe" dependencies = [ "quote", "wasm-bindgen-macro-support", @@ -2354,22 +2344,22 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro-support" -version = "0.2.95" +version = "0.2.99" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "26c6ab57572f7a24a4985830b120de1594465e5d500f24afe89e16b4e833ef68" +checksum = "30d7a95b763d3c45903ed6c81f156801839e5ee968bb07e534c44df0fcd330c2" dependencies = [ "proc-macro2", "quote", - "syn 2.0.89", + "syn 2.0.91", "wasm-bindgen-backend", "wasm-bindgen-shared", ] [[package]] name = "wasm-bindgen-shared" -version = "0.2.95" +version = "0.2.99" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "65fc09f10666a9f147042251e0dda9c18f166ff7de300607007e96bdebc1068d" +checksum = "943aab3fdaaa029a6e0271b35ea10b72b943135afe9bffca82384098ad0e06a6" [[package]] name = "web-time" @@ -2626,9 +2616,9 @@ dependencies = [ [[package]] name = "yoke" -version = "0.7.4" +version = "0.7.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6c5b1314b079b0930c31e3af543d8ee1757b1951ae1e1565ec704403a7240ca5" +checksum = "120e6aef9aa629e3d4f52dc8cc43a015c7724194c97dfaf45180d2daf2b77f40" dependencies = [ "serde", "stable_deref_trait", @@ -2644,7 +2634,7 @@ checksum = "2380878cad4ac9aac1e2435f3eb4020e8374b5f13c296cb75b4620ff8e229154" dependencies = [ "proc-macro2", "quote", - "syn 2.0.89", + "syn 2.0.91", "synstructure", ] @@ -2666,14 +2656,14 @@ checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e" dependencies = [ "proc-macro2", "quote", - "syn 2.0.89", + "syn 2.0.91", ] [[package]] name = "zerofrom" -version = "0.1.4" +version = "0.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "91ec111ce797d0e0784a1116d0ddcdbea84322cd79e5d5ad173daeba4f93ab55" +checksum = "cff3ee08c995dee1859d998dea82f7374f2826091dd9cd47def953cae446cd2e" dependencies = [ "zerofrom-derive", ] @@ -2686,7 +2676,7 @@ checksum = "595eed982f7d355beb85837f651fa22e90b3c044842dc7f2c2842c086f295808" dependencies = [ "proc-macro2", "quote", - "syn 2.0.89", + "syn 2.0.91", "synstructure", ] @@ -2715,5 +2705,5 @@ checksum = "6eafa6dfb17584ea3e2bd6e76e0cc15ad7af12b09abdd1ca55961bed9b1063c6" dependencies = [ "proc-macro2", "quote", - "syn 2.0.89", + "syn 2.0.91", ] diff --git a/Cargo.toml b/Cargo.toml index 093274cbc..f5b56b086 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "hayabusa" -version = "3.0.0-dev" +version = "3.0.0" repository = "https://github.com/Yamato-Security/hayabusa" authors = ["Yamato Security @SecurityYamato"] edition = "2021" @@ -22,7 +22,7 @@ csv = "1.3.*" dashmap = "*" dialoguer = "*" downcast-rs = "1.*" -evtx = { git = "https://github.com/Yamato-Security/hayabusa-evtx.git" , features = ["fast-alloc"] , rev = "b152e83" } # 0.8.12 2024/11/26 update +evtx = { git = "https://github.com/Yamato-Security/hayabusa-evtx.git" , features = ["fast-alloc"] , rev = "cd33263" } # 0.8.13 2024/12/23 update git2 = "0.*" hashbrown = "0.15.*" hex = "0.4.*" From 0425dc0b962f266c29dd62700f4fc54fd8d78026 Mon Sep 17 00:00:00 2001 From: YamatoSecurity Date: Wed, 25 Dec 2024 07:29:12 +0300 Subject: [PATCH 2/7] update rules --- rules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules b/rules index 3de77e855..49df8782b 160000 --- a/rules +++ b/rules @@ -1 +1 @@ -Subproject commit 3de77e855585a307b28d93a37d58a2ae743b1696 +Subproject commit 49df8782bc855904911e4d29dd0f06cba5d0e144 From ffba7b882f558b036879f9b0b850167cfcc69239 Mon Sep 17 00:00:00 2001 From: YamatoSecurity Date: Wed, 25 Dec 2024 07:29:28 +0300 Subject: [PATCH 3/7] change xmas egg more green --- src/main.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main.rs b/src/main.rs index bbc58be92..99e686890 100644 --- a/src/main.rs +++ b/src/main.rs @@ -2678,8 +2678,8 @@ impl App { eggs.insert("05/09", ("goku.txt", Color::Rgb(243, 156, 22))); // Middle Washed Orange eggs.insert("08/08", ("takoyaki.txt", Color::Rgb(181, 101, 29))); // Light Brown eggs.insert("10/31", ("halloween.txt", Color::Rgb(255, 87, 51))); // Pumpkin Orange - eggs.insert("12/24", ("christmas.txt", Color::Rgb(70, 192, 22))); // Green - eggs.insert("12/25", ("christmas.txt", Color::Rgb(70, 192, 22))); // Green + eggs.insert("12/24", ("christmas.txt", Color::Rgb(0, 255, 0))); // Green + eggs.insert("12/25", ("christmas.txt", Color::Rgb(0, 255, 0))); // Green match eggs.get(exec_datestr) { None => {} From 3dcada9af0ae0b674f85973d1392f8d4fb1defb4 Mon Sep 17 00:00:00 2001 From: YamatoSecurity Date: Wed, 25 Dec 2024 07:29:37 +0300 Subject: [PATCH 4/7] update release name --- src/detections/configs.rs | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/src/detections/configs.rs b/src/detections/configs.rs index 8dbc84f81..0fd750f0a 100644 --- a/src/detections/configs.rs +++ b/src/detections/configs.rs @@ -903,7 +903,7 @@ fn check_thread_number(config: &Config) -> Option { pub enum Action { #[clap( author = "Yamato Security (https://github.com/Yamato-Security/hayabusa - @SecurityYamato)", - help_template = "\nHayabusa v3.0.0 - Dev Build\n{author-with-newline}\n{usage-heading}\n hayabusa.exe eid-metrics [OPTIONS]\n\n{all-args}", + help_template = "\nHayabusa v3.0.0 - 3rd Year Anniversary Release\n{author-with-newline}\n{usage-heading}\n hayabusa.exe eid-metrics [OPTIONS]\n\n{all-args}", term_width = 400, display_order = 290, disable_help_flag = true @@ -913,7 +913,7 @@ pub enum Action { #[clap( author = "Yamato Security (https://github.com/Yamato-Security/hayabusa - @SecurityYamato)", - help_template = "\nHayabusa v3.0.0 - Dev Build\n{author-with-newline}\n{usage-heading}\n hayabusa.exe json-timeline [OPTIONS]\n\n{all-args}", + help_template = "\nHayabusa v3.0.0 - 3rd Year Anniversary Release\n{author-with-newline}\n{usage-heading}\n hayabusa.exe json-timeline [OPTIONS]\n\n{all-args}", term_width = 400, display_order = 360, disable_help_flag = true @@ -923,7 +923,7 @@ pub enum Action { #[clap( author = "Yamato Security (https://github.com/Yamato-Security/hayabusa - @SecurityYamato)", - help_template = "\nHayabusa v3.0.0 - Dev Build\n{author-with-newline}\n{usage-heading}\n hayabusa.exe log-metrics [OPTIONS]\n\n{all-args}", + help_template = "\nHayabusa v3.0.0 - 3rd Year Anniversary Release\n{author-with-newline}\n{usage-heading}\n hayabusa.exe log-metrics [OPTIONS]\n\n{all-args}", term_width = 400, display_order = 382, disable_help_flag = true @@ -933,7 +933,7 @@ pub enum Action { #[clap( author = "Yamato Security (https://github.com/Yamato-Security/hayabusa - @SecurityYamato)", - help_template = "\nHayabusa v3.0.0 - Dev Build\n{author-with-newline}\n{usage-heading}\n hayabusa.exe logon-summary [OPTIONS]\n\n{all-args}", + help_template = "\nHayabusa v3.0.0 - 3rd Year Anniversary Release\n{author-with-newline}\n{usage-heading}\n hayabusa.exe logon-summary [OPTIONS]\n\n{all-args}", term_width = 400, display_order = 383, disable_help_flag = true @@ -943,7 +943,7 @@ pub enum Action { #[clap( author = "Yamato Security (https://github.com/Yamato-Security/hayabusa - @SecurityYamato)", - help_template = "\nHayabusa v3.0.0 - Dev Build\n{author-with-newline}\n{usage-heading}\n hayabusa.exe eid-metrics [OPTIONS]\n\n{all-args}", + help_template = "\nHayabusa v3.0.0 - 3rd Year Anniversary Release\n{author-with-newline}\n{usage-heading}\n hayabusa.exe eid-metrics [OPTIONS]\n\n{all-args}", term_width = 400, display_order = 310, disable_help_flag = true @@ -953,7 +953,7 @@ pub enum Action { #[clap( author = "Yamato Security (https://github.com/Yamato-Security/hayabusa - @SecurityYamato)", - help_template = "\nHayabusa v3.0.0 - Dev Build\n{author-with-newline}\n{usage-heading}\n hayabusa.exe expand-list [OPTIONS]\n\n{all-args}", + help_template = "\nHayabusa v3.0.0 - 3rd Year Anniversary Release\n{author-with-newline}\n{usage-heading}\n hayabusa.exe expand-list [OPTIONS]\n\n{all-args}", term_width = 400, display_order = 311, disable_help_flag = true @@ -963,7 +963,7 @@ pub enum Action { #[clap( author = "Yamato Security (https://github.com/Yamato-Security/hayabusa - @SecurityYamato)", - help_template = "\nHayabusa v3.0.0 - Dev Build\n{author-with-newline}\n{usage-heading}\n hayabusa.exe extract-base64 [OPTIONS]\n\n{all-args}", + help_template = "\nHayabusa v3.0.0 - 3rd Year Anniversary Release\n{author-with-newline}\n{usage-heading}\n hayabusa.exe extract-base64 [OPTIONS]\n\n{all-args}", term_width = 400, display_order = 311, disable_help_flag = true @@ -973,7 +973,7 @@ pub enum Action { #[clap( author = "Yamato Security (https://github.com/Yamato-Security/hayabusa - @SecurityYamato)", - help_template = "\nHayabusa v3.0.0 - Dev Build\n{author-with-newline}\n{usage-heading}\n hayabusa.exe pivot-keywords-list [OPTIONS]\n\n{all-args}", + help_template = "\nHayabusa v3.0.0 - 3rd Year Anniversary Release\n{author-with-newline}\n{usage-heading}\n hayabusa.exe pivot-keywords-list [OPTIONS]\n\n{all-args}", term_width = 400, display_order = 420, disable_help_flag = true @@ -983,7 +983,7 @@ pub enum Action { #[clap( author = "Yamato Security (https://github.com/Yamato-Security/hayabusa - @SecurityYamato)", - help_template = "\nHayabusa v3.0.0 - Dev Build\n{author-with-newline}\n{usage-heading}\n hayabusa.exe search <--keywords \"\" OR --regex \"\"> [OPTIONS]\n\n{all-args}", + help_template = "\nHayabusa v3.0.0 - 3rd Year Anniversary Release\n{author-with-newline}\n{usage-heading}\n hayabusa.exe search <--keywords \"\" OR --regex \"\"> [OPTIONS]\n\n{all-args}", term_width = 400, display_order = 450, disable_help_flag = true @@ -993,7 +993,7 @@ pub enum Action { #[clap( author = "Yamato Security (https://github.com/Yamato-Security/hayabusa - @SecurityYamato)", - help_template = "\nHayabusa v3.0.0 - Dev Build\n{author-with-newline}\n{usage-heading}\n {usage}\n\n{all-args}", + help_template = "\nHayabusa v3.0.0 - 3rd Year Anniversary Release\n{author-with-newline}\n{usage-heading}\n {usage}\n\n{all-args}", term_width = 400, display_order = 470, disable_help_flag = true @@ -1003,7 +1003,7 @@ pub enum Action { #[clap( author = "Yamato Security (https://github.com/Yamato-Security/hayabusa - @SecurityYamato)", - help_template = "\nHayabusa v3.0.0 - Dev Build\n{author-with-newline}\n{usage-heading}\n {usage}\n\n{all-args}", + help_template = "\nHayabusa v3.0.0 - 3rd Year Anniversary Release\n{author-with-newline}\n{usage-heading}\n {usage}\n\n{all-args}", term_width = 400, display_order = 380, disable_help_flag = true @@ -1013,7 +1013,7 @@ pub enum Action { #[clap( author = "Yamato Security (https://github.com/Yamato-Security/hayabusa - @SecurityYamato)", - help_template = "\nHayabusa v3.0.0 - Dev Build\n{author-with-newline}\n{usage-heading}\n {usage}\n\n{all-args}", + help_template = "\nHayabusa v3.0.0 - 3rd Year Anniversary Release\n{author-with-newline}\n{usage-heading}\n {usage}\n\n{all-args}", term_width = 400, display_order = 451, disable_help_flag = true @@ -1031,7 +1031,7 @@ pub enum Action { #[clap( author = "Yamato Security (https://github.com/Yamato-Security/hayabusa - @SecurityYamato)", - help_template = "\nHayabusa v3.0.0 - Dev Build\n{author-with-newline}\n{usage-heading}\n hayabusa.exe computer-metrics [OPTIONS]\n\n{all-args}", + help_template = "\nHayabusa v3.0.0 - 3rd Year Anniversary Release\n{author-with-newline}\n{usage-heading}\n hayabusa.exe computer-metrics [OPTIONS]\n\n{all-args}", term_width = 400, display_order = 290, disable_help_flag = true @@ -1899,7 +1899,7 @@ pub struct ExpandListOption { #[derive(Parser, Clone, Debug)] #[clap( author = "Yamato Security (https://github.com/Yamato-Security/hayabusa - @SecurityYamato)", - help_template = "\nHayabusa v3.0.0 - Dev Build\n{author-with-newline}\n{usage-heading}\n hayabusa.exe [OPTIONS]\n hayabusa.exe help or hayabusa.exe -h\n\n{all-args}{options}", + help_template = "\nHayabusa v3.0.0 - 3rd Year Anniversary Release\n{author-with-newline}\n{usage-heading}\n hayabusa.exe [OPTIONS]\n hayabusa.exe help or hayabusa.exe -h\n\n{all-args}{options}", term_width = 400, disable_help_flag = true )] From 4dbefce614d28606ef335dfd95fbbeb6cf52019b Mon Sep 17 00:00:00 2001 From: YamatoSecurity Date: Wed, 25 Dec 2024 07:32:44 +0300 Subject: [PATCH 5/7] update changelog --- CHANGELOG-Japanese.md | 2 +- CHANGELOG.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG-Japanese.md b/CHANGELOG-Japanese.md index d96b4d0fc..a2e685346 100644 --- a/CHANGELOG-Japanese.md +++ b/CHANGELOG-Japanese.md @@ -1,6 +1,6 @@ # 変更点 -## x.x.x [xxxx/xx/xx] +## 3.0.0 [2024/12/25] - 3rd Year Anniversary Release **新機能:** diff --git a/CHANGELOG.md b/CHANGELOG.md index 08c9308af..bc9b69acc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,6 @@ # Changes -## x.x.x [xxxx/xx/xx] +## 3.0.0 [2024/12/25] - 3rd Year Anniversary Release **New Features:** From b15b39732452120ade83a8ddc863ad2ef4ad675c Mon Sep 17 00:00:00 2001 From: YamatoSecurity Date: Wed, 25 Dec 2024 07:52:23 +0300 Subject: [PATCH 6/7] en fix --- src/detections/configs.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/detections/configs.rs b/src/detections/configs.rs index 0fd750f0a..637f84222 100644 --- a/src/detections/configs.rs +++ b/src/detections/configs.rs @@ -958,7 +958,7 @@ pub enum Action { display_order = 311, disable_help_flag = true )] - /// Extract expand placeholders from rule folder + /// Extract expand placeholders from the rules folder ExpandList(ExpandListOption), #[clap( From e252d011f862a3a41232ce163f4e374dc06e524f Mon Sep 17 00:00:00 2001 From: YamatoSecurity Date: Wed, 25 Dec 2024 08:00:32 +0300 Subject: [PATCH 7/7] update readme --- README.md | 147 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 147 insertions(+) diff --git a/README.md b/README.md index 612e8cc0e..d9cff8ce4 100644 --- a/README.md +++ b/README.md @@ -105,6 +105,12 @@ Hayabusa is a **Windows event log fast forensics timeline generator** and **thre - [`eid-metrics` command examples](#eid-metrics-command-examples) - [`eid-metrics` command config file](#eid-metrics-command-config-file) - [`eid-metrics` screenshot](#eid-metrics-screenshot) + - [`expand-list` command](#expand-list-command) + - [`expand-list` command examples](#expand-list-command-examples) + - [`expand-list` results](#expand-list-results) + - [`extract-base64` command](#extract-base64-command) + - [`extract-base64` command examples](#extract-base64-command-examples) + - [`extract-base64` results](#extract-base64-results) - [`log-metrics` command](#log-metrics-command) - [`log-metrics` command examples](#log-metrics-command-examples) - [`log-metrics` screenshot](#log-metrics-screenshot) @@ -288,6 +294,7 @@ You can learn how to analyze JSON-formatted results with `jq` [here](doc/Analysi * PowerShell classic log field parsing and extraction. * Low memory usage. (Note: this is possible by not sorting results. Best for running on agents or big data.) * Filtering on Channels and Rules for the most efficient performance. +* Detect, extract and decode Base64 strings found in logs. # Downloads @@ -517,6 +524,8 @@ You should now be able to run hayabusa. ## Analysis Commands: * `computer-metrics`: Print the number of events based on computer names. * `eid-metrics`: Print the number and percentage of events based on Event ID. +* `expand-list`: Extract `expand` placeholders from the rules folder. +* `extract-base64`: Extract and decode base64 strings from events. * `log-metrics`: Print log file metrics. * `logon-summary`: Print a summary of logon events. * `pivot-keywords-list`: Print a list of suspicious keywords to pivot on. @@ -657,6 +666,144 @@ Microsoft-Windows-Sysmon/Operational,4,Sysmon Service State Changed. ![eid-metrics screenshot](screenshots/EID-Metrics.png) +### `expand-list` command + +Extract `expand` placeholders from the rules folder. +This is useful when creating config files to use any rule that uses the `expand` field modifier. +To use `expand` rules, you just need to create a `.txt` file with the name of the `expand` field modifier under the `./config/expand/` directory, and put in all of the values you want to check inside the file. + +For example, if the rule `detection` logic is: +```yaml +detection: + selection: + EventID: 5145 + RelativeTargetName|contains: '\winreg' + filter_main: + IpAddress|expand: '%Admins_Workstations%' + condition: selection and not filter_main +``` + +you would create the text file `./config/expand/Admins_Workstations.txt` and put in values like: +``` +AdminWorkstation1 +AdminWorkstation2 +AdminWorkstation3 +``` + +This would essentially check the same logic as: +``` +- IpAddress: 'AdminWorkstation1' +- IpAddress: 'AdminWorkstation2' +- IpAddress: 'AdminWorkstation3' +``` + +If the config file does not exist, Hayabusa will still load the `expand` rule but ignore it. + +``` +Usage: expand-list [OPTIONS] + +General Options: + -h, --help Show the help menu + -r, --rules Specify rule directory (default: ./rules) + +Display Settings: + -K, --no-color Disable color output + -q, --quiet Quiet mode: do not display the launch banner +``` + +#### `expand-list` command examples + +* Extract out `expand` field modifiers from the default `rules` directory: `hayabusa.exe expand-list` +* Extract out `expand` field modifiers from the `sigma` directory: `hayabusa.exe eid-metrics -r ../sigma` + +#### `expand-list` results + +``` +5 unique expand placeholders found: +Admins_Workstations +DC-MACHINE-NAME +Workstations +internal_domains +domain_controller_hostnames +``` + +### `extract-base64` command + +This command will extract base64 strings from the following events, decode them and tell what kind of encoding is being used. + * Security 4688 CommandLine + * Sysmon 1 CommandLine, ParentCommandLine + * PowerShell Operational 4104 + * PowerShell Operational 4103 + +``` +Usage: extract-base64 [OPTIONS] + +Input: + -d, --directory Directory of multiple .evtx files + -f, --file File path to one .evtx file + -l, --live-analysis Analyze the local C:\Windows\System32\winevt\Logs folder + +General Options: + -C, --clobber Overwrite files when saving + -h, --help Show the help menu + -J, --JSON-input Scan JSON formatted logs instead of .evtx (.json or .jsonl) + -Q, --quiet-errors Quiet errors mode: do not save error logs + -x, --recover-records Carve evtx records from slack space (default: disabled) + -c, --rules-config Specify custom rule config directory (default: ./rules/config) + -t, --threads Number of threads (default: optimal number for performance) + --target-file-ext Specify additional evtx file extensions (ex: evtx_data) + +Filtering: + --exclude-computer Do not scan specified computer names (ex: ComputerA) (ex: ComputerA,ComputerB) + --include-computer Scan only specified computer names (ex: ComputerA) (ex: ComputerA,ComputerB) + --time-offset Scan recent events based on an offset (ex: 1y, 3M, 30d, 24h, 30m) + +Output: + -o, --output Extract Base64 strings + +Display Settings: + -K, --no-color Disable color output + -q, --quiet Quiet mode: do not display the launch banner + -v, --verbose Output verbose information + +Time Format: + --European-time Output timestamp in European time format (ex: 22-02-2022 22:00:00.123 +02:00) + -O, --ISO-8601 Output timestamp in original ISO-8601 format (ex: 2022-02-22T10:10:10.1234567Z) (Always UTC) + --RFC-2822 Output timestamp in RFC 2822 format (ex: Fri, 22 Feb 2022 22:00:00 -0600) + --RFC-3339 Output timestamp in RFC 3339 format (ex: 2022-02-22 22:00:00.123456-06:00) + --US-military-time Output timestamp in US military time format (ex: 02-22-2022 22:00:00.123 -06:00) + --US-time Output timestamp in US time format (ex: 02-22-2022 10:00:00.123 PM -06:00) + -U, --UTC Output time in UTC format (default: local time) +``` + +#### `extract-base64` command examples + +* Scan a directory and output to the terminal: `./target/release/hayabusa extract-base64 -d ../hayabusa-sample-evtx` +* Scan a directory and output to a CSV file: `hayabusa.exe eid-metrics -r ../sigma -o base64-extracted.csv` + +#### `extract-base64` results + +When outputting to the terminal, because space is limited, only the following fields are displayed: + * Timestamp + * Computer + * Base64 String + * Decoded String (if not binary) + +When saving to a CSV file, the following fields are saved: + * Timestamp + * Computer + * Base64 String + * Decoded String (if not binary) + * Original Field + * Length + * Binary (`Y/N`) + * Double Encoding (when `Y`, it usually is malicious) + * Encoding Type + * File Type + * Event + * Record ID + * File Name + ### `log-metrics` command You can use the `log-metrics` command to print out the following metadata inside event logs: