Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
SECRET//NOFORN
________________________________________________________________________
9.2.2 (U) INPUT
(S//NF) This argument provides the ability to import a file or directory of files into the Parser.
By default, the Parser will search the parser_input directory for files that are not marked.
9.2.3 (U) OUTPUT
(S//NF) This argument provides the output path location. By default, the Parser will place the
output results in the parser_output directory.
9.2.4 (U) NOMARK
(S//NF) This argument provides the ability to reuse a processed directory. By default, the parsing
code will mark processed files with a date prefix. (e.g. 20150908_1010_30996559)
9.3 (U) Processing Responses and Safeties
(S//NF) The Parser will process all the output files from the Listening Post. By default, the
Listening Post will store the response file as <parent>_<child>_<date>.
Example: test_ABCD0064_20151221_18_55_28_4091
(S//NF) Once the Parser processes the file, it will preface the filename with the parsing date.
Example: [20151221_18_59_26_6964]_test_ABCD0064_20151221_18_55_28_4091
(S//NF) This strategy will allow processed files to remain in the parser_input directory without
slowing down processing of newly added response files.
Note
(S//NF) To simplify processing, place newly uploaded
responses and safeties in the parser_input directory.
9.4 (U) Output
(S//NF) The Parser produces a text file containing the command and results of each response.
9.4.1 (U) Get
(S//NF) The Get command will also store a file with the same name as the results text file that
contains the content of the file retrieved:
Batch ID = 0x11111111
Command ID = 0x00000000
Command Type = get
Command Status = 0x00000000
Error Code = 0x00000000
Persist = False
Stop On Error = False
Parent ID = test
Target ID = ABCD0086
Time = Mon Dec 21 22:08:47 2015 GMT
Filename = GET.TXT
Attributes = ARCHIVE
SECRET//NOFORN 38