{"id":18622753,"url":"https://github.com/jipegit/fect","last_synced_at":"2026-03-10T22:04:22.075Z","repository":{"id":10629586,"uuid":"12853086","full_name":"jipegit/FECT","owner":"jipegit","description":"Fast Evidence Collector Toolkit is an incident response toolkit to collect evidences on a suspicious windows computer","archived":false,"fork":false,"pushed_at":"2020-07-29T06:59:56.000Z","size":1354,"stargazers_count":41,"open_issues_count":0,"forks_count":14,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-11-18T00:02:41.985Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jipegit.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2013-09-15T21:38:02.000Z","updated_at":"2025-11-05T03:36:14.000Z","dependencies_parsed_at":"2022-09-22T20:23:52.929Z","dependency_job_id":null,"html_url":"https://github.com/jipegit/FECT","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/jipegit/FECT","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jipegit%2FFECT","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jipegit%2FFECT/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jipegit%2FFECT/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jipegit%2FFECT/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jipegit","download_url":"https://codeload.github.com/jipegit/FECT/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jipegit%2FFECT/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30357616,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-10T21:41:54.280Z","status":"ssl_error","status_checked_at":"2026-03-10T21:40:59.357Z","response_time":106,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-07T04:18:24.771Z","updated_at":"2026-03-10T22:04:22.046Z","avatar_url":"https://github.com/jipegit.png","language":"Python","readme":"# Fast Evidence Collector Toolkit\n\n![Maintenance](https://img.shields.io/badge/Maintained%3F-no-red.svg)\n![No Maintenance Intended](http://unmaintained.tech/badge.svg)\n\nFast Evidence Collector Toolkit is a light incident response toolkit to collect evidences on a suspicious Windows computer.\nBasically it is intended to be used by non-tech savvy people working with a journeyman Incident Handler.\n\nIt uses Microsoft autorunsc to identify binaries launched at windows startup and zip all the binaries to a zip archive.\nIt looks for all .exe/.com/.dll/.scr in users' home directories and add them to the zipball.\nIt also logs the output of some interesting network commands.\n\nFinally the zip archive is xored to evade from AV.\n\n## Author\n\nJean-Philippe Teissier - @Jipe_ \n\n## Development status\n\n**FECT is no longer maintained**\n\n## How to install\n\nJust copy all files from github\n\n## Dependencies\n\n* pywin32 - http://sourceforge.net/projects/pywin32/files/\n* py2exe - http://www.py2exe.org/\n* Microsoft Visual C runtime DLL See: http://www.py2exe.org/index.cgi/Tutorial#Step5\n\n## How to build\n\nEdit FECT.py and fill the autorunsc_exe_hex_encoded variable with a hex encoded version of the autorunsc binary.\nYou can use the provided pyBinHexEncoder.py script to generate it.\n\nThen type:\npython setup py2exe\n\n## How to run\n\nJust double click on it :) \n\nIf there is not Microsoft Visual C runtime DLL on the suspicious computer, you must add the Microsoft.VC90.CRT directory (containing both Microsoft.VC90.CRT.manifest and msvcr90.dll) in the same directory as FECT.exe\n\nDefault options passed to autorunsc are '-a -c -m -f' i.e. all entries with the respective hashes, except the one from Microsoft, output format is CSV.\n\nFECT also acts as a wrapper for autorunsc. You can pass any specific options you want by using the -a option.\nE.g.: FECT.py -a \\\"-b -s -c -f\\\"\n\nBeware: double quotes are Mandatory. -c is mandatory as well.\n\nFinally use pyXoredBinEn-Decoder.py to unXor the zipball.\n\n## Changelog\n### 0.3.2\n * Autorunsc now scans all users' registry files\n\n### 0.3.1\n * Handles zip archive \u003e 2Gb \n * memory footprint reduced\n\n### 0.3\n * Circumvents the Wow effet. See. http://cert.at/static/downloads/papers/cert.at-the_wow_effect.pdf\n * Hashes all binaries and add all the md5s to the log file\n * deduplicates redundant binaries based on their md5\n * Parses both \\Documents and Settings\\ and \\Users\\\n\n### 0.2\n * Searches all .exe/.com/.dll/.scr in users' home directories\n * A log file is now generated\n * The outputs of 'netstat -an' and 'ipconfig /displaydns' have been added to the log file\n * The zip file is XORed to evade from AV doing their job. The default key is 0x42\n\n### 0.1\n * Initial Release\n\n## License\n\nFECT\nCopyright (C) 2013 Jean-Philippe Teissier\n\nThis program is free software: you can redistribute it and/or modify\nit under the terms of the GNU General Public License as published by\nthe Free Software Foundation, either version 3 of the License, or\n(at your option) any later version.\n\nThis program is distributed in the hope that it will be useful,\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\nGNU General Public License for more details.\n\nYou should have received a copy of the GNU General Public License\nalong with this program.  If not, see \u003chttp://www.gnu.org/licenses/\u003e.\n\nFECT.ico comes from http://openiconlibrary.sourceforge.net/ and has its own license\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjipegit%2Ffect","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjipegit%2Ffect","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjipegit%2Ffect/lists"}