The current "apptelem.pl", "failedlogins.pl", and "restarts.pl" plugins all appear to be busted. #1
Comments
|
That's weird. I'll see what I can about replacing those three from my local repo. |
|
Okay, try it now |
|
Yep, the problem appears to have be resolved. Many thanks! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Something appears to be wrong with the "apptelem.pl", "failedlogins.pl", and "restarts.pl" plugins that have been uploaded into your "Events-Ripper" repository on GitHub.
After running a "git clone" against the current "Events-Ripper" repository, those three (3) specific plugin files appear to be filled with blank lines (or some other non-printable special character). When run on Windows, the command "erip.exe -l -c" returns errors when it hits those plugins as well. Lastly, attempting to view the source code for any of those plugins via the github website, appears to just return a bunch of the same repeating special characters (i.e., no source code is displayed).
Below is an example of "erip.exe -l -c" output on my machine:
PS C:\keydet89\Events-Ripper> .\erip.exe -l -c
Plugin,Version,Description
appissue,20230605,Parse Application Hang/Error events
Error: C:\keydet89\Events-Ripper\plugins\apptelem.pl did not return a true value at C:\keydet89\Events-Ripper\erip.exe line 65.
bitsclient,20230523,Gets info from BITS-Client/3 and /59 events
cleared,20230302,Check for EventLog cleared events
dcom10028,20220930,Parse DCOM/10028 events
defender,20230802,Parse multiple WinDefend events
Error: C:\keydet89\Events-Ripper\plugins\failedlogins.pl did not return a true value at C:\keydet89\Events-Ripper\erip.exe line 65.
filter,20230802,Parse Windows Filtering Platform events from Security.evtx
filtering,20230302,Parse filtering platform events
hitman,20220930,Parse HitmanPro.Alert/911 events
localsessionips,20230209,Parse LocalSessionManager events for IP addrs
logins,20230714,Parse Security-Auditing/4624 login events
mount,20221010,Get VHD[X]/ISO files mounted
msi,20230504,Parse MsiInstaller events
mssql,20230411,Parse MSSQL/18456 and ../15457 events
nssm,20230525,Parse nssm events
ntfs,20221010,Get NTFS volumes
osversion,20220930,Determine Windows version from EventLog/6009 events
pca,20220930,Gets info from Program Compat Asst Event Log
posh600,20230526,Parse Powershell/600 events for scripts
rdpcore140,20230203,Parse RdpCoreTS/140 events
Error: C:\keydet89\Events-Ripper\plugins\restarts.pl did not return a true value at C:\keydet89\Events-Ripper\erip.exe line 65.
s1,20220930,Parse SentinelOne/31 and /32 events
scm,20230802,Parse Service Control Manager events
sec4648,20220930,Parse Security-Auditing/4648 events
sec4688,20220930,Parse Security-Auditing/4688 events
sec4697,20220930,Parse Security-Auditing/4697 (service install) events
sec4797,20230504,Parse Security-Auditing/4797 (user account checked for blank passwd) events
sec4948,20220928,Parse Security-Auditing/4948 (firewall rule deletion) events
sec5381,20230605,Parse Security-Auditing/5381 (user enum. vault creds) events
sessions,20230307,Parse login/logoff events
shellcore,20220930,Get apps run via Run/RunOnce keys
timechange,20230601,Parse Security-Auditing/616 (system clock changed) events
tsgateway,20230209,Parse TSGateway events
usrmgr,20220930,Parse user mgmt events
Please advise if you have any questions. Regards!
The text was updated successfully, but these errors were encountered: