{"id":13698298,"url":"https://github.com/airbus-cert/regrippy","last_synced_at":"2026-01-16T14:03:35.759Z","repository":{"id":34634827,"uuid":"180773594","full_name":"airbus-cert/regrippy","owner":"airbus-cert","description":"A modern Python-3-based alternative to RegRipper","archived":false,"fork":false,"pushed_at":"2025-03-31T12:26:17.000Z","size":647,"stargazers_count":196,"open_issues_count":2,"forks_count":17,"subscribers_count":16,"default_branch":"master","last_synced_at":"2025-06-04T00:45:17.799Z","etag":null,"topics":["dfir","forensics","python","registry","windows"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/airbus-cert.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2019-04-11T10:59:31.000Z","updated_at":"2025-06-02T23:48:46.000Z","dependencies_parsed_at":"2022-07-22T08:32:33.724Z","dependency_job_id":"7ee53c37-59da-42c8-adfb-a68a36ee22c8","html_url":"https://github.com/airbus-cert/regrippy","commit_stats":{"total_commits":58,"total_committers":9,"mean_commits":6.444444444444445,"dds":0.3620689655172413,"last_synced_commit":"5a4babedb31fc1ac4699a435265da18cc60dca30"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/airbus-cert/regrippy","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/airbus-cert%2Fregrippy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/airbus-cert%2Fregrippy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/airbus-cert%2Fregrippy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/airbus-cert%2Fregrippy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/airbus-cert","download_url":"https://codeload.github.com/airbus-cert/regrippy/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/airbus-cert%2Fregrippy/sbom","scorecard":{"id":173465,"data":{"date":"2025-08-11","repo":{"name":"github.com/airbus-cert/regrippy","commit":"05c9db999853c47af1d15f92f1a34aa2441e8882"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3,"checks":[{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":1,"reason":"Found 5/30 approved changesets -- score normalized to 1","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Vulnerabilities","score":9,"reason":"1 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: PYSEC-2022-43017 / GHSA-qwmp-2cf2-g9g6"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 5 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-16T17:08:31.986Z","repository_id":34634827,"created_at":"2025-08-16T17:08:31.986Z","updated_at":"2025-08-16T17:08:31.986Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28479090,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-16T11:59:17.896Z","status":"ssl_error","status_checked_at":"2026-01-16T11:55:55.838Z","response_time":107,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dfir","forensics","python","registry","windows"],"created_at":"2024-08-02T19:00:43.404Z","updated_at":"2026-01-16T14:03:35.742Z","avatar_url":"https://github.com/airbus-cert.png","language":"Python","funding_links":[],"categories":["Python","Challenges","Tools","python","\u003ca id=\"ecb63dfb62722feb6d43a9506515b4e3\"\u003e\u003c/a\u003e新添加"],"sub_categories":["Frameworks","Windows Artifacts"],"readme":"# regrippy -- a modern Python 3 alternative to RegRipper\n\n*This is the public GitHub repository of RegRippy*\n\n*We are aware of the existence of [mkorman90/regipy](https://github.com/mkorman90/regipy), which has a similar goal. Both projects were developed in parallel, we were not aware of any other project like RegRippy when we started developing it.*\n\n## Description\n\nRegRip**py** is a framework for reading and extracting useful forensics data from Windows registry hives. It is an alternative to [RegRipper](https://github.com/keydet89/RegRipper2.8) developed in modern Python 3. It makes use of William Ballenthin's [python-registry](https://github.com/williballenthin/python-registry) to access the raw registry hives.\n\nThe goal of this project is to provide a framework for quickly and easily developing your own plugins in an incident response scenario.\n\nThis tool will try its best to stay out of your way and quickly provide you with usable data:\n```\n# Get the computer name\n$ regrip.py --root /mnt/evidence/C compname\nJOHN-DESKTOP\n\n# Get URLs typed in IE for all users on a machine\n$ regrip.py -v --root /mnt/evidence/C --all-user-hives typedurls\nregrip.py:info:Administrator\nregrip.py:warn:Could not open key Software\\Microsoft\\Internet Explorer\\TypedURLs\nregrip.py:info:John\nhttps://google.com/?q=how+to+buy+bitcoin\n```\n\nAll plugins should also support both a human-readable and machine-readable output (the [Bodyfile](https://wiki.sleuthkit.org/index.php?title=Body_file) format), allowing easy piping to `mactime` or other tools.\n\n## Install\n\nRegRippy is available on PyPI and can be installed using `pip`:\n```\n$ pip install regrippy\n```\n\nIf you want the bleeding-edge release, it can be installed like any other Python package using `pip` or `setuptools`:\n```\n$ pip install .\n# Alternatively\n$ python3 setup.py install\n```\n\nSymlinks will automatically be created for all plugins: for example, you can call the `compname`\nplugin by running:\n```\n$ reg_compname -r /mnt/c/\n```\n\n## Usage\n\n```\nusage: regrip.py [-h] [--system SYSTEM] [--software SOFTWARE] [--sam SAM]\n [--ntuser NTUSER] [--usrclass USRCLASS] [--root ROOT]\n [--all-user-hives] [--backups] [--verbose] [--bodyfile]\n [--list]\n plugin_name\n\nExtract information from Windows Registry hives\n\npositional arguments:\n plugin_name Name of the plugin to run\n\noptional arguments:\n -h, --help show this help message and exit\n --system SYSTEM, -y SYSTEM\n Path to the SYSTEM hive. Overrides --root and the\n REG_SYSTEM environment variable\n --software SOFTWARE, -o SOFTWARE\n Path to the SOFTWARE hive. Overrides --root and the\n REG_SOFTWARE environment variable\n --sam SAM, -a SAM Path to the SAM hive. Overrides --root and the REG_SAM\n environment variable\n --ntuser NTUSER, -n NTUSER\n Path to the NTUSER.DAT hive. Overrides the REG_NTUSER\n environment variable\n --usrclass USRCLASS, -u USRCLASS\n Path to the UsrClass.DAT hive. Overrides the\n REG_USRCLASS environment variable\n --root ROOT, -r ROOT Path to the C: folder. Overrides the REG_ROOT\n environment variable\n --all-user-hives Work on all NTUSER.DAT and USRCLASS.DAT hives if\n required. Requires --root. Overrides --ntuser and\n --usrclass.\n --backups Run the plugin on backup registry hives as well (does\n not work for hives loaded from stdin)\n --verbose, -v Be more verbose\n --bodyfile, -b Force output in Bodyfile format\n --list, -l List available plugins\n```\n\n## Documentation \u0026 development\n\nIf you want to make your own plugin using the RegRippy framework, head over to [the documentation](https://airbus-cert.github.io/regrippy) right now!\n\nYou can also build the documentation yourself by running:\n```\n$ tox -e docs\n```\n\n## Testing\n\nThis project uses [tox](https://tox.readthedocs.io/en/latest/) to automate the testing process, as well as [pytest](http://pytest.org/) for the test themselves.\n\nRunning the tests can be done by invoking:\n```\n$ tox -e py37\n```\n\n## Credits\n\n- This project is under copyright of the [Airbus Computer Emergency Response Team (CERT)](https://www.trusted-introducer.org/directory/teams/ai-cert.html) and distributed under the [Apache 2.0](https://www.apache.org/licenses/LICENSE-2.0) license\n- [keydet89](https://github.com/keydet89) for his [RegRipper](https://github.com/keydet89/RegRipper2.8) project which was a great inspiration\n- [Willi Ballenthin](http://www.williballenthin.com/) for his [python-registry](https://github.com/williballenthin/python-registry) framework\n\n## License\n\nRegRippy is released under the [Apache 2.0](https://www.apache.org/licenses/LICENSE-2.0) license.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fairbus-cert%2Fregrippy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fairbus-cert%2Fregrippy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fairbus-cert%2Fregrippy/lists"}