MacProbe/macprobe.py at main · Shreesha812/MacProbe · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
import os
import sys
import datetime
import getpass

def print_banner():
    print("""
╔══════════════════════════════════════════════════════════════╗
║                                                              ║
║   ███╗   ███╗ █████╗  ██████╗██████╗ ██████╗  ██████╗ ███████╗ ║
║   ████╗ ████║██╔══██╗██╔════╝██╔══██╗██╔══██╗██╔═══██╗██╔════╝ ║
║   ██╔████╔██║███████║██║     ██████╔╝██████╔╝██║   ██║█████╗   ║
║   ██║╚██╔╝██║██╔══██║██║     ██╔═══╝ ██╔══██╗██║   ██║██╔══╝   ║
║   ██║ ╚═╝ ██║██║  ██║╚██████╗██║     ██║  ██║╚██████╔╝███████╗ ║
║   ╚═╝     ╚═╝╚═╝  ╚═╝ ╚═════╝╚═╝     ╚═╝  ╚═╝ ╚═════╝ ╚══════╝ ║
║                                                              ║
║          macOS Forensic Investigation Platform              ║
║                       Version 2.0                           ║
╚══════════════════════════════════════════════════════════════╝
    """)

def print_status(message, status="info"):
    icons = {"info": "[*]", "success": "[✓]", "warning": "[!]", "error": "[✗]"}
    print(f"  {icons.get(status,'[*]')} {message}")

def main():
    print_banner()

    print("  ⚠️  This tool collects forensic artifacts from THIS machine.")
    print("  ⚠️  No data is sent anywhere — all data stays local.\n")
    answer = input("  Proceed with forensic collection? (yes/no): ").strip().lower()
    if answer not in ['yes', 'y']:
        print("\n  Collection cancelled.\n")
        sys.exit(0)

    # Ask about evidence vault
    print()
    vault_answer = input("  Create encrypted evidence vault after collection? (yes/no): ").strip().lower()
    vault_password = None
    if vault_answer in ['yes', 'y']:
        vault_password = getpass.getpass("  Set vault password: ")
        confirm = getpass.getpass("  Confirm vault password: ")
        if vault_password != confirm:
            print_status("Passwords do not match — skipping vault creation", "warning")
            vault_password = None
        else:
            print_status("Vault password set ✓", "success")

    start_time = datetime.datetime.now()
    print(f"\n  Collection started at: {start_time.strftime('%Y-%m-%d %H:%M:%S')}")
    print("  " + "─" * 56 + "\n")

    sys.path.append(os.path.dirname(os.path.abspath(__file__)))

    try:
        from modules.report_generator import generate_report
        report_path, collected_data = generate_report()

        # Create evidence vault if requested
        if vault_password:
            print("\n[*] Creating encrypted evidence vault...")
            from modules.evidence_vault import get_evidence_vault
            output_dir = os.path.join(
                os.path.dirname(os.path.abspath(__file__)), 'output'
            )
            vault_result = get_evidence_vault(
                report_path=report_path,
                collected_data=collected_data,
                password=vault_password,
                output_dir=output_dir
            )
            print_status(f"Vault created: {os.path.basename(vault_result['vault_path'])}", "success")
            print_status(f"Vault hash:    {vault_result['vault_hash'][:48]}...", "success")
            print()
            print("  ╔══════════════════════════════════════════════════╗")
            print("  ║  ⚠️  SAVE YOUR VAULT PASSWORD — UNRECOVERABLE   ║")
            print("  ╚══════════════════════════════════════════════════╝")

        end_time = datetime.datetime.now()
        duration = (end_time - start_time).seconds

        print("\n  " + "─" * 56)
        print_status(f"Collection completed in {duration} seconds", "success")
        print_status(f"Report: {report_path}", "success")
        print("\n  Opening report in browser...")
        os.system(f"open '{report_path}'")
        print_status("Done! MacProbe v2.0 complete.", "success")
        print("\n" + "═" * 60 + "\n")

    except ImportError as e:
        print_status(f"Import error: {e}", "error")
        sys.exit(1)
    except Exception as e:
        print_status(f"Unexpected error: {e}", "error")
        import traceback
        traceback.print_exc()
        sys.exit(1)

if __name__ == "__main__":
    main()