{"id":25029056,"url":"https://github.com/danzek/bupsummary","last_synced_at":"2025-03-30T18:44:36.990Z","repository":{"id":86883622,"uuid":"119895961","full_name":"danzek/BupSummary","owner":"danzek","description":"Gathers summary details from multiple McAfee antivirus quarantine (BUP) files","archived":false,"fork":false,"pushed_at":"2018-02-09T23:21:53.000Z","size":17,"stargazers_count":3,"open_issues_count":1,"forks_count":1,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-02-05T21:02:38.765Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/danzek.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-02-01T21:29:38.000Z","updated_at":"2023-02-25T23:43:47.000Z","dependencies_parsed_at":"2023-03-13T19:49:43.592Z","dependency_job_id":null,"html_url":"https://github.com/danzek/BupSummary","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/danzek%2FBupSummary","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/danzek%2FBupSummary/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/danzek%2FBupSummary/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/danzek%2FBupSummary/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/danzek","download_url":"https://codeload.github.com/danzek/BupSummary/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246365638,"owners_count":20765546,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-02-05T20:57:50.673Z","updated_at":"2025-03-30T18:44:36.831Z","avatar_url":"https://github.com/danzek.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# BupSummary\nGathers summary details from multiple McAfee BUP files. In other words, \"unbup all the things, but just get some data\".\n\n# Usage\n\n1. Place all BUP files in directories where each BUP file's *direct* parent folder is the hostname of the machine from whence the BUP file was extracted.\n2. Navigate to the folder *one level above* the folder(s) named after each hostname containing the BUP files.\n3. Run BupSummary and specify the output file/path. Example:\n\n       python bupsummary.py -o output.csv\n\nExample directory structure:\n\n    Quarantine \u003c-- run bupsummary.py from this directory\n      |\n      +--- Machine1\n      |      |\n      |      +--- 41f6e7ebce.bup\n      |      +--- 56fcf12345.bup\n      |\n      +--- Machine2\n             |\n             +--- f5c4abcd12.bup\n             +--- deadbeef01.bup\n\n## Sample Output\n\n    Date,Timestamp,Timezone,Hostname,Bupname,Detection Name,Original Name,MD5,Bup Corrupt?\n    2017-11-14,20:51:43,Central Standard Time,DC-ATL-1234,C:\\Data\\McAfeeQuar\\DC-ATL-1234\\41f6e7ebce.bup,Artemis!09D7A37B73CD (ED),C:\\WINDOWS\\SYSTEM32\\LOK.EXE,09d7a37b73cd0c804bac7341f6e7ebce,False\n    2017-11-13,01:22:14,Central Standard Time,DC-ATL-1234,C:\\Data\\McAfeeQuar\\DC-ATL-1235\\c20394bec6.bup,Trojan-FNTX!4E39362668C2 (ED),C:\\DATA\\CJ.EXE,d079b02b6a21bc70f10e60c20394bec6,False\n\n## Homage\n\nThis code is largely based on [Bupectomy](https://github.com/PoorBillionaire/bupectomy) by [Adam Witt](https://github.com/PoorBillionaire). He had already begun rewriting it to accomplish this when I started working on it (not on GitHub).\n\n## Resources / Acknowledgements\n\n- McAfee Knowledge Center, [\"How to restore a quarantined file not listed in the VSE Quarantine Manager\" (KB72755)](https://kc.mcafee.com/corporate/index?page=content\u0026id=KB72755)\n\n- herrcore [punbup project](https://github.com/herrcore/punbup) (use this if you want to get the original malware from the BUP file(s))\n\n- MalwareLu [XOR Tools project](https://github.com/MalwareLu/tools/blob/master/xortools.py)\n\n## License\n\nCopyright \u0026copy; 2018 Dan O'Day \u0026 Adam Witt\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\nhttp://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n\nSee [`LICENSE`](LICENSE) file included in repository.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdanzek%2Fbupsummary","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdanzek%2Fbupsummary","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdanzek%2Fbupsummary/lists"}