Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

Parser
The parser will extract the encrypted response and output to a local text file.
Parser Tool
usage: parser.py [-h] [-r RECEIPT] [-i INPUT] [-d] [-o OUTPUT] [-m]
Athena Parser
optional arguments:
-h, --help show this help message and exit
-r RECEIPT, --receipt RECEIPT
This argument defines an existing receipt filename or
directory of receipts to be used for processing.
-i INPUT, --input INPUT
This argument provides the ability to import a file
or directory of files.
-d, --debug Enable decoding of unencrypted files from target
-o OUTPUT, --output OUTPUT
This argument provides the output path location.
-m, --nomark This argument provides the ability to reuse a
processed directory. By default, the parsing code
will mark processed files with a date prefix. (e.g.
20150908_1010_{30996559-C169-490B-A40B-4ADB597E0D19}.
Example: (Athena_suite)
Python.exe parser.py –i files
Offline
The offline capability allows the Athena tool to be loaded with a Linux distribution or
in Windows recovery mode. The user will be requested to select the path where the
operating system resides and will update the file system and registry.
OFFLINE::Nov 21 2015
USAGE: offline <optional windows path>
Searching C:
Searching D:
Searching X:
Update options:
1) C:\Windows (x64::standard)
2) D:\Window10 (x64::standard)
3) D:\Window10 - Copy (x64::standard)
4) D:\WindowsTest (x64::standard)
Select instance to update (q or x to quit):3

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh