STRLCPY/LogonTracer

■ ■ ■ ■ ■ ■

.github/workflows/logontracer-test.yml

1	+	name: test
2	+
3	+	on:
4	+	push:
5	+	branches: [ master ]
6	+
7	+	jobs:
8	+
9	+	test:
10	+
11	+	runs-on: ubuntu-latest
12	+	strategy:
13	+	matrix:
14	+	python-version: [3.6, 3.7, 3.8]
15	+
16	+	steps:
17	+	- name: Checkout code
18	+	uses: actions/checkout@v2
19	+	- name: Build the LogonTracer Docker Image and start
20	+	run: \|
21	+	docker build ./docker -t jpcertcc/docker-logontracer:latest
22	+	docker run --detach --publish=7474:7474 --publish=7687:7687 --publish=8080:8080 -e LTHOSTNAME=localhost jpcertcc/docker-logontracer
23	+	- name: Set up Python ${{ matrix.python-version }}
24	+	uses: actions/setup-python@v2
25	+	with:
26	+	python-version: ${{ matrix.python-version }}
27	+	- name: Install dependencies
28	+	run: \|
29	+	python -m pip install --upgrade pip
30	+	pip install cython
31	+	pip install numpy
32	+	pip install scipy==1.2.1
33	+	pip install statsmodels==0.10.2
34	+	pip install -r requirements.txt
35	+	- name: Test for LogonTracer web gui
36	+	run: curl --verbose --show-error http://localhost:8080
37	+	- name: Test for LogonTracer log import
38	+	run: python logontracer.py -e sample/Security.evtx
39	+

■ ■ ■ ■ ■ ■

.github/workflows/publish-docker-image.yml

1	+	name: Publish docker image
2	+
3	+	on:
4	+	release:
5	+	types: [published]
6	+
7	+	jobs:
8	+
9	+	test:
10	+
11	+	runs-on: ubuntu-latest
12	+	strategy:
13	+	matrix:
14	+	python-version: [3.6, 3.7, 3.8]
15	+
16	+	steps:
17	+	- name: Checkout code
18	+	uses: actions/checkout@v2
19	+	- name: Build the LogonTracer Docker Image and start
20	+	run: \|
21	+	docker build ./docker -t jpcertcc/docker-logontracer:latest
22	+	docker run --detach --publish=7474:7474 --publish=7687:7687 --publish=8080:8080 -e LTHOSTNAME=localhost jpcertcc/docker-logontracer
23	+	- name: Set up Python ${{ matrix.python-version }}
24	+	uses: actions/setup-python@v2
25	+	with:
26	+	python-version: ${{ matrix.python-version }}
27	+	- name: Install dependencies
28	+	run: \|
29	+	python -m pip install --upgrade pip
30	+	pip install cython
31	+	pip install numpy
32	+	pip install scipy==1.2.1
33	+	pip install statsmodels==0.10.2
34	+	pip install -r requirements.txt
35	+	- name: Test for LogonTracer web gui
36	+	run: curl --verbose --show-error http://localhost:8080
37	+	- name: Test for LogonTracer log import
38	+	run: python logontracer.py -e sample/Security.evtx
39	+
40	+	publish:
41	+
42	+	runs-on: ubuntu-latest
43	+	needs: test
44	+
45	+	steps:
46	+	- name: Checkout code
47	+	uses: actions/checkout@v2
48	+	- name: Register docker image
49	+	uses: docker/build-push-action@v1
50	+	with:
51	+	username: ${{ secrets.DOCKER_USERNAME }}
52	+	password: ${{ secrets.DOCKER_PASSWORD }}
53	+	repository: jpcertcc/docker-logontracer
54	+	dockerfile: docker/Dockerfile
55	+	tags: latest
56	+

■ ■ ■ ■ ■ ■

README.md

1	1		<div align="center"><img src="images/logo_top.svg" width="500"></div>
2	2
3		-	[![Arsenal](https://rawgit.com/toolswatch/badges/master/arsenal/usa/2018.svg)](https://www.toolswatch.org/2018/05/black-hat-arsenal-usa-2018-the-w0w-lineup/)
	3	+	[![Arsenal](https://rawgit.com/toolswatch/badges/master/arsenal/usa/2018.svg)](https://www.toolswatch.org/2018/05/black-hat-arsenal-usa-2018-the-w0w-lineup/) [![Version](https://img.shields.io/github/v/release/JPCERTCC/LogonTracer)](https://github.com/JPCERTCC/LogonTracer/releases) [![Docker pull](https://img.shields.io/docker/pulls/jpcertcc/docker-logontracer)](https://hub.docker.com/r/jpcertcc/docker-logontracer/) ![test](https://github.com/JPCERTCC/LogonTracer/workflows/test/badge.svg?branch=master)
4	4
5	5		## Concept
6	6		LogonTracer is a tool to investigate malicious logon by visualizing and analyzing Windows Active Directory event logs. This tool associates a host name (or an IP address) and account name found in logon-related events and displays it as a graph. This way, it is possible to see in which account login attempt occurs and which host is used.
		skipped 41 lines