Add JSON output #11
Assignees
Labels
enhancement
New feature or request
Comments
|
This makes me think of @williballenthin's presentation, Willi is very convincing that instead of hardcoding a predefined output (be it a JSON structure), we should implement a templating system. That way, each one is free to implement output as they wish: XML,, CSV, JSON, etc. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
As mentioned in #10, it would be really useful if RegRippy could also output its results in a format that it easier to process by scripts.
In my opinion, JSON would be the best solution. Here is a possible output format:
$ regrip.py --json -r /mnt/evidence --all-user-hives run[ { "plugin": "run", "hive": "SOFTWARE", "path": "/mnt/evidence/Windows/System32/config/SOFTWARE", "result": { "key": "Microsoft\\Windows\\CurrentVersion\\Run", "value_name": "Calculator", "value_type": "REG_SZ", "value_data": "C:\\Windows\\system32\\calc.exe" } }, { "plugin": "run", "hive": "NTUSER.DAT", "path": "/mnt/evidence/Users/John/NTUSER.DAT", "result": { "key": "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", "value_name": "UpdateTeams", "value_type": "REG_SZ", "value_data": "%USERPROFILE\\update_ms_teams.exe" } }, ]display_jsondisplay_jsonreturn useful data even if the plugin didn't override itdisplay_jsonif the--jsonflag is passed, grouping results in a JSON arrayIf you use RegRippy, what do you think? Would this help you in your day-to-day job?
The text was updated successfully, but these errors were encountered: