PCDU Script With Custom ICONS

pcdu.bat

@@ -0,0 +1,452 @@
+@echo off
+setlocal EnableExtensions EnableDelayedExpansion
+
+REM =====================================================
+REM   ____                  _       ____ ____  _   _ 
+REM  |  _ \ __ _ _ ____   _( )___  / ___|  _ \| | | |
+REM  | |_) / _` | '__\ \ / /|// __|| |   | | | | | | |
+REM  |  __/ (_| | |   \ V /  \__ \| |___| |_| | |_| |
+REM  |_|   \__,_|_|    \_/   |___(_)____|____/ \___/ 
+REM                                                   
+REM  Parv's Case Download Utility (PCDU)
+REM  Downloads case files from analysis server
+REM =====================================================
+
+REM Check for pscp.exe (PuTTY SCP) or scp.exe
+set "SCP_TOOL="
+where pscp.exe >nul 2>&1
+if !ERRORLEVEL! EQU 0 (
+    set "SCP_TOOL=pscp.exe"
+    set "SCP_TYPE=PSCP"
+) else (
+    where scp.exe >nul 2>&1
+    if !ERRORLEVEL! EQU 0 (
+        set "SCP_TOOL=scp.exe"
+        set "SCP_TYPE=SCP"
+    )
+)
+
+if "%SCP_TOOL%"=="" (
+    echo ERROR: Neither pscp.exe nor scp.exe found in PATH.
+    echo.
+    echo Please install one of the following:
+    echo   - PuTTY ^(includes pscp.exe^) - https://www.putty.org/
+    echo   - OpenSSH Client ^(includes scp.exe^) - Built into Windows 10/11
+    echo.
+    pause
+    exit /b 1
+)
+
+REM =====================================================
+REM Configuration
+REM =====================================================
+set "REMOTE_SERVER=sjanalysis.citrite.net"
+set "REMOTE_BASE_PATH=/upload/ftp"
+
+REM Prompt for case number if not provided
+if "%~1"=="" (
+    set /p CASENO=Enter Case Number: 
+) else (
+    set "CASENO=%~1"
+)
+
+if "%CASENO%"=="" (
+    echo ERROR: Case number cannot be empty.
+    exit /b 1
+)
+
+REM Prompt for credentials if not provided
+if "%~2"=="" (
+    set /p USERNAME=Enter SSH Username: 
+) else (
+    set "USERNAME=%~2"
+)
+
+if "%USERNAME%"=="" (
+    echo ERROR: Username cannot be empty.
+    exit /b 1
+)
+
+if "%~3"=="" (
+    echo Enter SSH Password for %USERNAME%@%REMOTE_SERVER%:
+    set /p PASSWORD=
+) else (
+    set "PASSWORD=%~3"
+)
+
+REM =====================================================
+REM Paths
+REM =====================================================
+set "REMOTE_CASE_PATH=%REMOTE_BASE_PATH%/%CASENO%"
+set "DEST=%USERPROFILE%\Downloads\SJLNT\%CASENO%"
+set "LOGFILE=%DEST%\download_%CASENO%.log"
+set "TEMP_LIST=%TEMP%\caselist_%CASENO%.txt"
+set "TEMP_FILTERED=%TEMP%\filtered_%CASENO%.txt"
+set "COLLECTOR_LIST=%TEMP%\collectors_%CASENO%.txt"
+set "ALL_FILES_LIST=%TEMP%\allfiles_%CASENO%.txt"
+
+echo.
+echo  ============================================================
+echo   ^|^> Parv's Case Download Utility ^(PCDU^) v1.0
+echo  ============================================================
+echo   Case Number    : %CASENO%
+echo   Remote Server  : %REMOTE_SERVER%
+echo   Remote Path    : %REMOTE_CASE_PATH%
+echo   Local Dest     : %DEST%
+echo   SCP Tool       : %SCP_TYPE%
+echo   User           : %USERNAME%
+echo  ============================================================
+echo.
+
+REM Create destination if missing
+if not exist "%DEST%" (
+    mkdir "%DEST%" 2>nul || (
+        echo ERROR: Failed to create destination folder: %DEST%
+        exit /b 1
+    )
+    echo Created destination folder.
+)
+
+REM Create subdirectories for organization
+if not exist "%DEST%\configs" mkdir "%DEST%\configs"
+if not exist "%DEST%\captures" mkdir "%DEST%\captures"
+if not exist "%DEST%\media" mkdir "%DEST%\media"
+
+REM Initialize log file
+echo ============================================================ > "%LOGFILE%"
+echo  Parv's Case Download Utility ^(PCDU^) - Download Log >> "%LOGFILE%"
+echo ============================================================ >> "%LOGFILE%"
+echo  Case Number  : %CASENO% >> "%LOGFILE%"
+echo  Date/Time    : %DATE% %TIME% >> "%LOGFILE%"
+echo  Remote Server: %REMOTE_SERVER% >> "%LOGFILE%"
+echo  User         : %USERNAME% >> "%LOGFILE%"
+echo ============================================================ >> "%LOGFILE%"
+echo. >> "%LOGFILE%"
+
+REM =====================================================
+REM Test SSH connection and verify case directory
+REM =====================================================
+echo [1/5] Testing SSH connection...
+echo [1/5] Testing SSH connection... >> "%LOGFILE%"
+
+if "%SCP_TYPE%"=="PSCP" (
+    echo y | plink.exe -batch -pw "%PASSWORD%" %USERNAME%@%REMOTE_SERVER% "test -d %REMOTE_CASE_PATH% && echo OK || echo NOTFOUND" 2>nul | findstr /V /C:"Keyboard" /C:"prompts from server" > "%TEMP_LIST%"
+) else (
+    sshpass -p "%PASSWORD%" ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=NUL %USERNAME%@%REMOTE_SERVER% "test -d %REMOTE_CASE_PATH% && echo OK || echo NOTFOUND" > "%TEMP_LIST%" 2>&1
+)
+
+if !ERRORLEVEL! NEQ 0 (
+    echo ERROR: SSH connection failed. >> "%LOGFILE%"
+    type "%TEMP_LIST%" >> "%LOGFILE%"
+    echo ERROR: SSH connection failed.
+    echo Check credentials and network connectivity.
+    echo See log: %LOGFILE%
+    del "%TEMP_LIST%" 2>nul
+    pause
+    exit /b 1
+)
+
+findstr /C:"OK" "%TEMP_LIST%" >nul
+if !ERRORLEVEL! NEQ 0 (
+    echo ERROR: Case directory not found on server: %REMOTE_CASE_PATH% >> "%LOGFILE%"
+    echo ERROR: Case directory not found on server.
+    echo Path: %REMOTE_CASE_PATH%
+    echo Please verify the case number.
+    del "%TEMP_LIST%" 2>nul
+    pause
+    exit /b 1
+)
+
+echo       Connection successful.
+echo       Connection successful. >> "%LOGFILE%"
+
+REM =====================================================
+REM Single SSH call to get all required info
+REM Collectors + All files in case root
+REM =====================================================
+echo.
+echo [2/5] Scanning case directory...
+echo [2/5] Scanning case directory... >> "%LOGFILE%"
+
+if "%SCP_TYPE%"=="PSCP" (
+    plink.exe -batch -pw "%PASSWORD%" %USERNAME%@%REMOTE_SERVER% "echo '===COLLECTORS==='; find %REMOTE_CASE_PATH% -maxdepth 1 -type d -name 'collector_*' 2>/dev/null; echo '===FILES==='; find %REMOTE_CASE_PATH% -maxdepth 1 -type f \( -name '*.cap' -o -name '*.pcap' -o -name '*.pcapng' -o -name '*.sslkeys' -o -name '*.keys' -o -name '*.har' -o -name '*.xml' -o -name '*.jpg' -o -name '*.jpeg' -o -name '*.png' -o -name '*.gif' -o -name '*.bmp' -o -name '*.webp' -o -name '*.tiff' -o -name '*.svg' -o -name '*.txt' -o -name '*.log' -o -name '*.csv' -o -name '*.json' \) 2>/dev/null" 2>nul | findstr /V /C:"Keyboard" /C:"prompts from server" > "%ALL_FILES_LIST%"
+) else (
+    sshpass -p "%PASSWORD%" ssh -o StrictHostKeyChecking=no %USERNAME%@%REMOTE_SERVER% "echo '===COLLECTORS==='; find %REMOTE_CASE_PATH% -maxdepth 1 -type d -name 'collector_*' 2>/dev/null; echo '===FILES==='; find %REMOTE_CASE_PATH% -maxdepth 1 -type f \( -name '*.cap' -o -name '*.pcap' -o -name '*.pcapng' -o -name '*.sslkeys' -o -name '*.keys' -o -name '*.har' -o -name '*.xml' -o -name '*.jpg' -o -name '*.jpeg' -o -name '*.png' -o -name '*.gif' -o -name '*.bmp' -o -name '*.webp' -o -name '*.tiff' -o -name '*.svg' -o -name '*.txt' -o -name '*.log' -o -name '*.csv' -o -name '*.json' \) 2>/dev/null" > "%ALL_FILES_LIST%"
+)
+
+REM Parse collectors from combined output
+set "IN_COLLECTORS=0"
+set "IN_FILES=0"
+echo. > "%COLLECTOR_LIST%"
+echo. > "%TEMP_LIST%"
+
+for /f "usebackq delims=" %%A in ("%ALL_FILES_LIST%") do (
+    set "LINE=%%A"
+    
+    REM Check for section markers
+    echo !LINE! | findstr /C:"===COLLECTORS===" >nul
+    if !ERRORLEVEL! EQU 0 (
+        set "IN_COLLECTORS=1"
+        set "IN_FILES=0"
+    ) else (
+        echo !LINE! | findstr /C:"===FILES===" >nul
+        if !ERRORLEVEL! EQU 0 (
+            set "IN_COLLECTORS=0"
+            set "IN_FILES=1"
+        ) else (
+            REM Skip empty lines and filter noise
+            if not "!LINE!"=="" (
+                echo !LINE! | findstr /C:"Keyboard" /C:"prompts" /C:"authentication" >nul
+                if !ERRORLEVEL! NEQ 0 (
+                    if !IN_COLLECTORS! EQU 1 (
+                        echo !LINE!>> "%COLLECTOR_LIST%"
+                    )
+                    if !IN_FILES! EQU 1 (
+                        echo !LINE!>> "%TEMP_LIST%"
+                    )
+                )
+            )
+        )
+    )
+)
+
+REM Count collectors
+set "COLLECTOR_COUNT=0"
+for /f "usebackq delims=" %%A in ("%COLLECTOR_LIST%") do (
+    set "LINE=%%A"
+    if not "!LINE!"=="" (
+        echo !LINE! | findstr /C:"collector_" >nul
+        if !ERRORLEVEL! EQU 0 (
+            set /a COLLECTOR_COUNT+=1
+            for %%B in ("!LINE!") do echo       Found: %%~nxB
+            echo       Found collector: !LINE! >> "%LOGFILE%"
+        )
+    )
+)
+
+if %COLLECTOR_COUNT% EQU 0 (
+    echo       No collector bundles found.
+    echo       No collector bundles found. >> "%LOGFILE%"
+) else (
+    echo       Total collectors found: %COLLECTOR_COUNT%
+)
+
+REM =====================================================
+REM Download Saved Config (ns.conf from nsconfig folder)
+REM Inside collector bundles only
+REM =====================================================
+echo.
+echo [3/5] Downloading saved configurations ^(ns.conf^)...
+echo [3/5] Downloading saved configurations... >> "%LOGFILE%"
+
+set "CONFIG_COUNT=0"
+for /f "usebackq delims=" %%C in ("%COLLECTOR_LIST%") do (
+    set "COLLECTOR_PATH=%%C"
+    
+    REM Skip empty lines and filter noise
+    if not "!COLLECTOR_PATH!"=="" (
+        echo !COLLECTOR_PATH! | findstr /C:"collector_" >nul
+        if !ERRORLEVEL! EQU 0 (
+            for %%D in ("!COLLECTOR_PATH!") do set "COLLECTOR_NAME=%%~nxD"
+            
+            echo       Checking !COLLECTOR_NAME!...
+            
+            set "DEST_FILENAME=ns.conf_!COLLECTOR_NAME!"
+            
+            if "%SCP_TYPE%"=="PSCP" (
+                pscp.exe -batch -pw "%PASSWORD%" -q "%USERNAME%@%REMOTE_SERVER%:!COLLECTOR_PATH!/nsconfig/ns.conf" "%DEST%\configs\!DEST_FILENAME!" >nul 2>&1
+            ) else (
+                scp -o StrictHostKeyChecking=no -q "%USERNAME%@%REMOTE_SERVER%:!COLLECTOR_PATH!/nsconfig/ns.conf" "%DEST%\configs\!DEST_FILENAME!" 2>nul
+            )
+            
+            if exist "%DEST%\configs\!DEST_FILENAME!" (
+                echo         [OK] !DEST_FILENAME!
+                echo         [OK] Downloaded: !DEST_FILENAME! >> "%LOGFILE%"
+                set /a CONFIG_COUNT+=1
+            ) else (
+                echo         [--] ns.conf not found
+            )
+        )
+    )
+)
+
+echo       Saved configs downloaded: %CONFIG_COUNT%
+
+REM =====================================================
+REM Download Running Config (ns_running_config.conf)
+REM Inside collector bundles only
+REM =====================================================
+echo.
+echo [4/5] Downloading running configurations...
+echo [4/5] Downloading running configurations... >> "%LOGFILE%"
+
+set "RUNNING_COUNT=0"
+for /f "usebackq delims=" %%C in ("%COLLECTOR_LIST%") do (
+    set "COLLECTOR_PATH=%%C"
+    
+    REM Skip empty lines and filter noise
+    if not "!COLLECTOR_PATH!"=="" (
+        echo !COLLECTOR_PATH! | findstr /C:"collector_" >nul
+        if !ERRORLEVEL! EQU 0 (
+            for %%D in ("!COLLECTOR_PATH!") do set "COLLECTOR_NAME=%%~nxD"
+            
+            echo       Checking !COLLECTOR_NAME!...
+            
+            set "DEST_FILENAME=ns_running_config.conf_!COLLECTOR_NAME!"
+            
+            if "%SCP_TYPE%"=="PSCP" (
+                pscp.exe -batch -pw "%PASSWORD%" -q "%USERNAME%@%REMOTE_SERVER%:!COLLECTOR_PATH!/shell/ns_running_config.conf" "%DEST%\configs\!DEST_FILENAME!" >nul 2>&1
+            ) else (
+                scp -o StrictHostKeyChecking=no -q "%USERNAME%@%REMOTE_SERVER%:!COLLECTOR_PATH!/shell/ns_running_config.conf" "%DEST%\configs\!DEST_FILENAME!" 2>nul
+            )
+            
+            if exist "%DEST%\configs\!DEST_FILENAME!" (
+                echo         [OK] !DEST_FILENAME!
+                echo         [OK] Downloaded: !DEST_FILENAME! >> "%LOGFILE%"
+                set /a RUNNING_COUNT+=1
+            ) else (
+                echo         [--] Running config not found
+            )
+        )
+    )
+)
+
+echo       Running configs downloaded: %RUNNING_COUNT%
+
+REM =====================================================
+REM Download Capture and Media Files
+REM OUTSIDE collector bundles only (case root level)
+REM Using pre-fetched file list
+REM =====================================================
+echo.
+echo [5/5] Downloading files from case directory...
+echo [5/5] Downloading files from case root... >> "%LOGFILE%"
+
+set "CAPTURE_COUNT=0"
+set "MEDIA_COUNT=0"
+set "OTHER_COUNT=0"
+
+for /f "usebackq delims=" %%F in ("%TEMP_LIST%") do (
+    set "REMOTE_FILE=%%F"
+    
+    REM Skip empty lines and filter noise
+    if not "!REMOTE_FILE!"=="" (
+        echo !REMOTE_FILE! | findstr /C:"Keyboard" /C:"prompts" /C:"authentication" >nul
+        if !ERRORLEVEL! NEQ 0 (
+            for %%G in ("!REMOTE_FILE!") do (
+                set "FILENAME=%%~nxG"
+                set "FILEEXT=%%~xG"
+            )
+            
+            if not "!FILENAME!"=="" (
+                REM Determine file type and destination
+                set "FILE_DEST="
+                set "FILE_TYPE="
+                
+                REM Check if capture file
+                echo !FILEEXT! | findstr /I /C:".cap" /C:".pcap" /C:".pcapng" /C:".sslkeys" /C:".keys" /C:".har" >nul
+                if !ERRORLEVEL! EQU 0 (
+                    set "FILE_DEST=%DEST%\captures\!FILENAME!"
+                    set "FILE_TYPE=capture"
+                )
+                
+                REM Check if image file
+                echo !FILEEXT! | findstr /I /C:".jpg" /C:".jpeg" /C:".png" /C:".gif" /C:".bmp" /C:".webp" /C:".tiff" /C:".svg" >nul
+                if !ERRORLEVEL! EQU 0 (
+                    set "FILE_DEST=%DEST%\media\!FILENAME!"
+                    set "FILE_TYPE=media"
+                )
+                
+                REM Check if other file (txt, log, xml, json, csv)
+                echo !FILEEXT! | findstr /I /C:".txt" /C:".log" /C:".xml" /C:".json" /C:".csv" >nul
+                if !ERRORLEVEL! EQU 0 (
+                    set "FILE_DEST=%DEST%\!FILENAME!"
+                    set "FILE_TYPE=other"
+                )
+                
+                REM Download the file
+                if defined FILE_DEST (
+                    echo       Downloading: !FILENAME!
+                    
+                    if "%SCP_TYPE%"=="PSCP" (
+                        pscp.exe -batch -pw "%PASSWORD%" -q "%USERNAME%@%REMOTE_SERVER%:!REMOTE_FILE!" "!FILE_DEST!" >nul 2>&1
+                    ) else (
+                        scp -o StrictHostKeyChecking=no -q "%USERNAME%@%REMOTE_SERVER%:!REMOTE_FILE!" "!FILE_DEST!" 2>nul
+                    )
+                    
+                    if exist "!FILE_DEST!" (
+                        echo         [OK] !FILENAME!
+                        echo         [OK] Downloaded !FILE_TYPE!: !FILENAME! >> "%LOGFILE%"
+                        
+                        if "!FILE_TYPE!"=="capture" set /a CAPTURE_COUNT+=1
+                        if "!FILE_TYPE!"=="media" set /a MEDIA_COUNT+=1
+                        if "!FILE_TYPE!"=="other" set /a OTHER_COUNT+=1
+                    )
+                )
+            )
+        )
+    )
+)
+
+echo.
+echo       Capture files downloaded: %CAPTURE_COUNT%
+echo       Media files downloaded  : %MEDIA_COUNT%
+echo       Other files downloaded  : %OTHER_COUNT%
+
+REM =====================================================
+REM Cleanup and Summary
+REM =====================================================
+del "%TEMP_LIST%" 2>nul
+del "%TEMP_FILTERED%" 2>nul
+del "%COLLECTOR_LIST%" 2>nul
+del "%ALL_FILES_LIST%" 2>nul
+
+REM Remove empty directories
+for %%D in (configs captures media) do (
+    dir /b "%DEST%\%%D" 2>nul | findstr "." >nul || rmdir "%DEST%\%%D" 2>nul
+)
+
+echo.
+echo  ============================================================
+echo   ^|^> Download Complete - Summary
+echo  ============================================================
+echo.
+echo   FROM COLLECTOR BUNDLES:
+echo     Collector bundles found  : %COLLECTOR_COUNT%
+echo     Saved configs ^(ns.conf^)  : %CONFIG_COUNT%
+echo     Running configs          : %RUNNING_COUNT%
+echo.
+echo   FROM CASE ROOT DIRECTORY:
+echo     Capture files ^(pcap,har^) : %CAPTURE_COUNT%
+echo     Media files ^(images^)     : %MEDIA_COUNT%
+echo     Other files ^(xml,txt^)    : %OTHER_COUNT%
+echo.
+echo   Destination : %DEST%
+echo   Log file    : %LOGFILE%
+echo.
+
+REM Write summary to log
+echo. >> "%LOGFILE%"
+echo ============================================================ >> "%LOGFILE%"
+echo  SUMMARY >> "%LOGFILE%"
+echo ============================================================ >> "%LOGFILE%"
+echo  FROM COLLECTOR BUNDLES: >> "%LOGFILE%"
+echo    Collector bundles found  : %COLLECTOR_COUNT% >> "%LOGFILE%"
+echo    Saved configs            : %CONFIG_COUNT% >> "%LOGFILE%"
+echo    Running configs          : %RUNNING_COUNT% >> "%LOGFILE%"
+echo. >> "%LOGFILE%"
+echo  FROM CASE ROOT DIRECTORY: >> "%LOGFILE%"
+echo    Capture files            : %CAPTURE_COUNT% >> "%LOGFILE%"
+echo    Media files              : %MEDIA_COUNT% >> "%LOGFILE%"
+echo    Other files              : %OTHER_COUNT% >> "%LOGFILE%"
+echo ============================================================ >> "%LOGFILE%"
+
+echo  ============================================================
+echo.
+
+REM Open destination folder
+choice /C YN /M "Open destination folder now?"
+if !ERRORLEVEL! EQU 1 explorer "%DEST%"
+
+endlocal
+exit /b 0