First Push

.gitignore

@@ -0,0 +1,68 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+env/
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+*.egg-info/
+.installed.cfg
+*.egg
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*,cover
+.hypothesis/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+target/
+
+#Ipython Notebook
+.ipynb_checkpoints
+
+
+# PyCharms
+.idea/
+
+vt_key.py

README.md

@@ -0,0 +1,100 @@
+# VolUtility
+Web Interface for Volatility Memory Analysis framework
+
+
+## Overview
+This does some things
+
+## Installation
+Tested on Ubuntu 14.04 LTS
+
+### Volatility
+You need to install volatility. Minimum version is 2.5.
+2.5 is needed as this is when unified output was introduced.
+
+```
+git clone https://github.com/volatilityfoundation/volatility
+cd volatility
+sudo python setup.py install
+```
+
+VolUtility will list what version you have installed under the Help page (At least it will soon)
+
+### Mongo & PyMongo
+Install mongodb version 3 or higher first. 
+https://docs.mongodb.org/v3.0/tutorial/install-mongodb-on-ubuntu/
+
+Then install pymongo
+```sudo pip install pymongo```
+
+### Django
+```sudo pip install django```
+
+### Other
+```sudo pip install virustotal-api```
+
+### Get the code
+
+```git clone https://github.com/kevthehermit/VolUtility```
+
+### VirusTotal
+If you would like to add a virus total key
+
+create a file in the web directory named vt_key.py
+In the file add a single line
+```API_KEY = 'YourKeyHere'```
+
+
+### Run The Code
+cd VolUtility
+```./manage.py runserver 0.0.0.0:8000```
+
+browse to http://your.ip:8000
+
+File paths are on the box thats running the interface. This does not Upload mem dumps. Just points to them
+
+## Using VolUtility
+
+#### Basic usage
+Create a new session then click the run button next to each plugin name. Plugins run in the background and you will be notified when a plugin completes. 
+Click the view button next to each plugin to view the output, that can be searched and filtered. 
+
+#### Plugins
+You can add extra plugin directories for example the Volatility Community plugin pack. 
+This must be done before creating a new session. Any sessions created after this will include the extra plugins. 
+
+#### Vol Command Line.
+In the session page, on the toolbar there is an option to run vol commands. This takes a full vol.py command string without the ```vol.py```. 
+e.g.
+
+```--plugin-dir=/path/to/dir --profile=Win7SP1x86 -f /path/to/image.vmem procdump --dump-dir=/path/to/dump```
+
+## Clean the DB
+The following commands will erase all data in the Volutility Database
+```
+mongo
+use voldb
+db.dropDatabase()
+use voldbfs
+db.dropDatabase()
+exit
+```
+
+## ToDo:
+
+  - Select plugins to run when importing image. 
+  - Update the following plugins to support unified output (On Volatility, Not here)
+  - pstree
+    - bitlocker
+    - chromedownloadchains 
+    - pstree
+    - wndscan 
+    - dumpregistry 
+    - userhandles 
+    - sessions
+  - More support for other plugins  
+  - Better Error handling for vol plugins
+
+
+## Help
+

manage.py

@@ -0,0 +1,10 @@
+#!/usr/bin/env python
+import os
+import sys
+
+if __name__ == "__main__":
+    os.environ.setdefault("DJANGO_SETTINGS_MODULE", "volgui.settings")
+
+    from django.core.management import execute_from_command_line
+
+    execute_from_command_line(sys.argv)

volgui/settings.py

@@ -0,0 +1,120 @@
+"""
+Django settings for volgui project.
+
+Generated by 'django-admin startproject' using Django 1.9.2.
+
+For more information on this file, see
+https://docs.djangoproject.com/en/1.9/topics/settings/
+
+For the full list of settings and their values, see
+https://docs.djangoproject.com/en/1.9/ref/settings/
+"""
+
+import os
+
+# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
+BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
+
+
+# Quick-start development settings - unsuitable for production
+# See https://docs.djangoproject.com/en/1.9/howto/deployment/checklist/
+
+# SECURITY WARNING: keep the secret key used in production secret!
+SECRET_KEY = 'kek7(%1#&bk1b*g(c2uz9r4d5-5)2919u6#4g3dfx4gu!njewc'
+
+# SECURITY WARNING: don't run with debug turned on in production!
+DEBUG = True
+
+ALLOWED_HOSTS = []
+
+
+# Application definition
+
+INSTALLED_APPS = [
+    'django.contrib.auth',
+    'django.contrib.contenttypes',
+    'django.contrib.sessions',
+    'django.contrib.messages',
+    'django.contrib.staticfiles',
+    'web'
+]
+
+MIDDLEWARE_CLASSES = [
+    'django.middleware.security.SecurityMiddleware',
+    'django.contrib.sessions.middleware.SessionMiddleware',
+    'django.middleware.common.CommonMiddleware',
+    'django.middleware.csrf.CsrfViewMiddleware',
+    'django.contrib.auth.middleware.AuthenticationMiddleware',
+    'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
+    'django.contrib.messages.middleware.MessageMiddleware',
+    'django.middleware.clickjacking.XFrameOptionsMiddleware',
+]
+
+ROOT_URLCONF = 'volgui.urls'
+
+TEMPLATES = [
+    {
+        'BACKEND': 'django.template.backends.django.DjangoTemplates',
+        'DIRS': [os.path.join(BASE_DIR, 'web/templates'),
+                 os.path.join(BASE_DIR, 'web/templates/modals'),
+                 os.path.join(BASE_DIR, 'web/templates/sections')
+                 ]
+        ,
+        'APP_DIRS': True,
+        'OPTIONS': {
+            'context_processors': [
+                'django.template.context_processors.debug',
+                'django.template.context_processors.request',
+                'django.contrib.auth.context_processors.auth',
+                'django.contrib.messages.context_processors.messages',
+            ],
+        },
+    },
+]
+
+WSGI_APPLICATION = 'volgui.wsgi.application'
+
+
+# Database
+# https://docs.djangoproject.com/en/1.9/ref/settings/#databases
+
+DATABASES = {}
+
+
+# Password validation
+# https://docs.djangoproject.com/en/1.9/ref/settings/#auth-password-validators
+
+AUTH_PASSWORD_VALIDATORS = [
+    {
+        'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
+    },
+    {
+        'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
+    },
+    {
+        'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
+    },
+    {
+        'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
+    },
+]
+
+
+# Internationalization
+# https://docs.djangoproject.com/en/1.9/topics/i18n/
+
+LANGUAGE_CODE = 'en-us'
+
+TIME_ZONE = 'UTC'
+
+USE_I18N = True
+
+USE_L10N = True
+
+USE_TZ = True
+
+
+# Static files (CSS, JavaScript, Images)
+# https://docs.djangoproject.com/en/1.9/howto/static-files/
+
+STATIC_URL = '/static/'

volgui/urls.py

@@ -0,0 +1,30 @@
+"""volgui URL Configuration
+
+The `urlpatterns` list routes URLs to views. For more information please see:
+    https://docs.djangoproject.com/en/1.9/topics/http/urls/
+Examples:
+Function views
+    1. Add an import:  from my_app import views
+    2. Add a URL to urlpatterns:  url(r'^$', views.home, name='home')
+Class-based views
+    1. Add an import:  from other_app.views import Home
+    2. Add a URL to urlpatterns:  url(r'^$', Home.as_view(), name='home')
+Including another URLconf
+    1. Import the include() function: from django.conf.urls import url, include
+    2. Add a URL to urlpatterns:  url(r'^blog/', include('blog.urls'))
+"""
+from django.conf.urls import url
+# from django.contrib import admin
+from web import views
+
+urlpatterns = [
+    # url(r'^admin/', admin.site.urls),
+    url(r'^$', views.main_page),
+    url(r'^session/(?P<sess_id>.+)/$', views.session_page),
+    url(r'createsession', views.create_session),
+    url(r'^pluginoutput/(?P<plugin_id>[0-9a-fA-F]{24})/$', views.plugin_output),
+    # Download
+    url(r'^download/(?P<query_type>.+)/(?P<object_id>[0-9a-fA-F]{24})/$', views.file_download),
+    # AjaxHandlers
+    url(r'^ajaxhandler/(?P<command>.+)/$', views.ajax_handler),
+]

volgui/wsgi.py

@@ -0,0 +1,16 @@
+"""
+WSGI config for volgui project.
+
+It exposes the WSGI callable as a module-level variable named ``application``.
+
+For more information on this file, see
+https://docs.djangoproject.com/en/1.9/howto/deployment/wsgi/
+"""
+
+import os
+
+from django.core.wsgi import get_wsgi_application
+
+os.environ.setdefault("DJANGO_SETTINGS_MODULE", "volgui.settings")
+
+application = get_wsgi_application()

web/admin.py

@@ -0,0 +1,3 @@
+from django.contrib import admin
+
+# Register your models here.

web/apps.py

@@ -0,0 +1,7 @@
+from __future__ import unicode_literals
+
+from django.apps import AppConfig
+
+
+class WebConfig(AppConfig):
+    name = 'web'