search

ahmedkhlief / APT-Hunter

APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
https://shells.systems/introducing-apt-hunter-threat-hunting-tool-via-windows-event-log/
GNU General Public License v3.0
1.26k stars 238 forks source link

Requirements Issue #8

Closed hackjalstead closed 3 years ago

hackjalstead commented 3 years ago

I am trying to install the requirements on Win 10, I have installed Python3 + Rust but keep encountering this error -

I installed Rust using - pip install setuptools-rust - & the rustup-init.exe but still keep getting this -

ERROR: Failed building wheel for evtx Running setup.py clean for evtx Failed to build evtx Installing collected packages: evtx, netaddr, numpy, six, python-dateutil, pytz, pandas, XlsxWriter Running setup.py install for evtx ... error ERROR: Command errored out with exit status 1: command: 'C:\Users\user\AppData\Local\Microsoft\WindowsApps\PythonSoftwareFoundation.Python.3.9_qbz5n2kfra8p0\python.exe' -u -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'C:\Users\user\AppData\Local\Temp\pip-install-qjtjp_9e\evtx\setup.py'"'"'; file='"'"'C:\Users\user\AppData\Local\Temp\pip-install-qjtjp_9e\evtx\setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(file);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, file, '"'"'exec'"'"'))' install --record 'C:\Users\user\AppData\Local\Temp\pip-record-03gi9t6z\install-record.txt' --single-version-externally-managed --user --prefix= --compile --install-headers 'C:\Users\user\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.9_qbz5n2kfra8p0\LocalCache\local-packages\Python39\Include\evtx' cwd: C:\Users\user\AppData\Local\Temp\pip-install-qjtjp_9e\evtx\ Complete output (42 lines): running install running build running build_ext running build_rust error: manifest path Cargo.toml does not exist Traceback (most recent call last): File "", line 1, in File "C:\Users\user\AppData\Local\Temp\pip-install-qjtjp_9e\evtx\setup.py", line 21, in setup( File "C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.9_3.9.496.0_x64qbz5n2kfra8p0\lib\site-packages\setuptools__init.py", line 165, in setup return distutils.core.setup(**attrs) File "C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.9_3.9.496.0_x64qbz5n2kfra8p0\lib\distutils\core.py", line 148, in setup dist.run_commands() File "C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.9_3.9.496.0_x64qbz5n2kfra8p0\lib\distutils\dist.py", line 966, in run_commands self.run_command(cmd) File "C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.9_3.9.496.0_x64qbz5n2kfra8p0\lib\distutils\dist.py", line 985, in run_command cmd_obj.run() File "C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.9_3.9.496.0_x64qbz5n2kfra8p0\lib\site-packages\setuptools\command\install.py", line 61, in run return orig.install.run(self) File "C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.9_3.9.496.0_x64qbz5n2kfra8p0\lib\distutils\command\install.py", line 546, in run self.run_command('build') File "C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.9_3.9.496.0_x64qbz5n2kfra8p0\lib\distutils\cmd.py", line 313, in run_command self.distribution.run_command(command) File "C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.9_3.9.496.0_x64qbz5n2kfra8p0\lib\distutils\dist.py", line 985, in run_command cmd_obj.run() File "C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.9_3.9.496.0_x64qbz5n2kfra8p0\lib\distutils\command\build.py", line 135, in run self.run_command(cmd_name) File "C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.9_3.9.496.0_x64qbz5n2kfra8p0\lib\distutils\cmd.py", line 313, in run_command self.distribution.run_command(command) File "C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.9_3.9.496.0_x64qbz5n2kfra8p0\lib\distutils\dist.py", line 985, in run_command cmd_obj.run() File "C:\Users\user\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.9_qbz5n2kfra8p0\LocalCache\local-packages\Python39\site-packages\setuptools_rust\setuptools_ext.py", line 23, in run build_rust.run() File "C:\Users\user\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.9_qbz5n2kfra8p0\LocalCache\local-packages\Python39\site-packages\setuptools_rust\build.py", line 357, in run self.build_extension(ext) File "C:\Users\user\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.9_qbz5n2kfra8p0\LocalCache\local-packages\Python39\site-packages\setuptools_rust\build.py", line 120, in build_extension metadata = json.loads(check_output(metadata_command).decode("utf-8")) File "C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.9_3.9.496.0_x64qbz5n2kfra8p0\lib\subprocess.py", line 420, in check_output return run(*popenargs, stdout=PIPE, timeout=timeout, check=True, File "C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.9_3.9.496.0_x64qbz5n2kfra8p0\lib\subprocess.py", line 524, in run raise CalledProcessError(retcode, process.args, subprocess.CalledProcessError: Command '['cargo', 'metadata', '--manifest-path', 'Cargo.toml', '--format-version', '1']' returned non-zero exit status 101.

ERROR: Command errored out with exit status 1: 'C:\Users\user\AppData\Local\Microsoft\WindowsApps\PythonSoftwareFoundation.Python.3.9_qbz5n2kfra8p0\python.exe' -u -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'C:\Users\user\AppData\Local\Temp\pip-install-qjtjp_9e\evtx\setup.py'"'"'; file='"'"'C:\Users\user\AppData\Local\Temp\pip-install-qjtjp_9e\evtx\setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(file);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, file, '"'"'exec'"'"'))' install --record 'C:\Users\user\AppData\Local\Temp\pip-record-03gi9t6z\install-record.txt' --single-version-externally-managed --user --prefix= --compile --install-headers 'C:\Users\user\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.9_qbz5n2kfra8p0\LocalCache\local-packages\Python39\Include\evtx' Check the logs for full command output.

hackjalstead commented 3 years ago

The issue above can be solved by providing a specific version of Rust

pip install setuptools-rust==0.6.0

But brings up a new requirements issue -

Collecting evtx Using cached evtx-0.6.8.tar.gz (2.2 kB) ERROR: Command errored out with exit status 1: command: 'C:\Users\xx\AppData\Local\Microsoft\WindowsApps\PythonSoftwareFoundation.Python.3.9_qbz5n2kfra8p0\python.exe' -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'C:\Users\XXX\AppData\Local\Temp\pip-install-6qltjz6i\evtx\setup.py'"'"'; file='"'"'C:\Users\XXX\AppData\Local\Temp\pip-install-6qltjz6i\evtx\setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(file);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, file, '"'"'exec'"'"'))' egg_info --egg-base 'C:\Users\xx\AppData\Local\Temp\pip-pip-egg-info-c3jutk8m' cwd: C:\Users\xx\AppData\Local\Temp\pip-install-6qltjz6i\evtx\ Complete output (5 lines): Traceback (most recent call last): File "", line 1, in File "C:\Users\XXX\AppData\Local\Temp\pip-install-6qltjz6i\evtx\setup.py", line 34, in RustExtension( TypeError: init() got an unexpected keyword argument 'target'

ERROR: Command errored out with exit status 1: python setup.py egg_info Check the logs for full command output.

ahmedkhlief commented 3 years ago

Hi guys, please use python3.8 as python3.9 still not supported by the evtx library .

ahmedkhlief commented 3 years ago

please use this release : https://github.com/ahmedkhlief/APT-Hunter/releases/download/v1.0-beta/APT-Hunter_Windows.zip it will run without installing anything .