Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/flamusdiu/xleapp

xLEAPP - Merging of iLEAPP/RLEAPP/vLEAPP, ALEAPP, cLEAPP
https://github.com/flamusdiu/xleapp

dfir forensics forensics-tools python3

Last synced: 9 months ago
JSON representation

xLEAPP - Merging of iLEAPP/RLEAPP/vLEAPP, ALEAPP, cLEAPP

Awesome Lists containing this project

README 

          
# xLEAPP



> [!NOTE]

> This is an alpha application. I am having trouble getting a testing suite to test the main app object.

> So, I have been trying to solve this problem. Please use official packages for real DFIR work.

> If you want to help, please find me on https://azuleonyx.bio.link



[![Code style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/psf/black)

[![pre-commit](https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit&logoColor=white)](https://github.com/pre-commit/pre-commit)



**Development build. Please be cauious using on real cases.**



Framework for Logs, Events, And Plists Parser (LEAPP)



This framework is a complete rewrite of the excellent tool iLEAPP.Details of iLEAPP can be found in this [blog post](https://abrignoni.blogspot.com/2019/12/xleapp-ios-logs-events-and-properties.html)



xLEAPP is the framework created to merge several tools together. More information about the rewrite is given in by talk ([YouTube](https://www.youtube.com/watch?v=seTpCmSF0Gc)) at Black Hills Info Security's Wild West Hackin' Fest (WWHF): Deadwood in 2021.






## Features



* Provides a centralized and modular framework

* Provides a simplified way to write plugins (artifacts) for each different supported platform.

* Parses iOS, macOS, Android, Chromebook, warranty returns, and Windows artifacts depending on the plugins installed.



## Other Documentation



* [Artifact Creation](docs/current/artifact-creation.md)



## Pre-requisites



This project requires you to have Python >= 3.9



## Plugins



> Notice: Extensions have been merged into a single repo. Please ensure ths post [[v0.2.1](https://github.com/flamusdiu/xleapp/releases/tag/v0.2.1)] version.



Here is a list of plugins that need to be completed. Plugin package suffixed with "non-free" use licenses that may not conform with MIT licenses and are seperated out.



- [X] xleapp-extensions [[Github](https://github.com/flamusdiu/xleapp-extensions)] [[PyPI](https://pypi.org/project/xleapp-extensions/)]

- [ ] xleapp-non-free-extensions [[Github](https://github.com/flamusdiu/xleapp-non-free-extensions)]



## Installation



### Windows



* Python



  ```powershell

  PS> py -3 -m pip install xleapp

  PS> py -3 -m pip install xleapp-

  ```



* PIPX



  ```powershell

  PS> py -3 -m pip install pipx

  PS> pipx install xleapp

  PS> pipx inject xleapp xleapp-

  ```



### Linux



* Python



  ```bash

  $ python3 -m pip install xleapp

  $ python3 -m pip install xleapp-

  ```



* PIPX



  ```bash

  $ python3 -m pip install pipx

  $ pipx install xleapp

  $ pipx inject xleapp xleapp-

  ```



## Installation from Github and Development Information



* [Windows](docs/current/windows.md)

* [Linux](docs/current/linux.md)



## VS Code configuration files



There are several [configuration files](https://github.com/flamusdiu/xleapp-project) that I have been using for VS Code.



## Compile to executable



**NOTE:** This may not work at this time with this alpha version.



To compile to an executable so you can run this on a system without python installed.



To create xleapp.exe, run:



```bash

pyinstaller --onefile xleapp.spec

```



To create xleappGUI.exe, run:



```bash

pyinstaller --onefile --noconsole xleappGUI.spec

```



## Usage



### CLI



```bash

$ xleapp -h

usage: xleapp [-h] [-I] [-R] [-A] [-C] [-V] [-o OUTPUT_FOLDER] [-i INPUT_PATH]

       [--artifacts [ARTIFACTS ...]] [-p] [-l] [--gui] [--version]



xLEAPP: Logs, Events, and Plists Parser.



optional arguments:

  -h, --help            show this help message and exit

  -I                    parse ios artifacts

  -R                    parse Warrant Returns / User Generated Archives artifacts

  -A                    parse android artifacts

  -C                    parse Chromebook artifacts

  -V                    parse vehicle artifacts

  -o OUTPUT_FOLDER, --output_folder OUTPUT_FOLDER

                        Output folder path

  -i INPUT_PATH, --input_path INPUT_PATH

                        Path to input file/folder

  --artifact [ARTIFACT ...]

                        Filtered list of artifacts to run. Allowed: core, 

  -p, --artifact_paths  Text file list of artifact paths

  -l, --artifact_table  Text file with table of artifacts

  --gui                 Runs xLEAPP into graphical mode

  --version             show program's version number and exit



```



### GUI



This needs work and may not work properly!



```bash

$ xleapp --gui



```



### Help



```bash

$ xleapp.py --help



```



The GUI will open in another window.



## Acknowledgements



This tool is the result of a collaborative effort of many people in the DFIR community.



This product includes software developed by Sarah Edwards (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other contributors as part of APOLLO (Apple Pattern of Life Lazy Output'er).