PCDU/pcdu.bat

@echo off
setlocal EnableExtensions EnableDelayedExpansion

REM =====================================================
REM   ____                  _       ____ ____  _   _ 
REM  |  _ \ __ _ _ ____   _( )___  / ___|  _ \| | | |
REM  | |_) / _` | '__\ \ / /|// __|| |   | | | | | | |
REM  |  __/ (_| | |   \ V /  \__ \| |___| |_| | |_| |
REM  |_|   \__,_|_|    \_/   |___(_)____|____/ \___/ 
REM                                                   
REM  Parv's Case Download Utility (PCDU) v1.2
REM  Downloads case files from analysis server
REM =====================================================

set "PCDU_VERSION=1.2"
set "PCDU_NAME=pcdu"
set "PCDU_INSTALL_DIR=%USERPROFILE%\PCDU"
set "SCRIPT_PATH=%~f0"
set "SCRIPT_NAME=%~nx0"

REM =====================================================
REM Command Line Argument Handling
REM =====================================================
if /i "%~1"=="/install" goto :INSTALL_TO_PATH
if /i "%~1"=="/uninstall" goto :UNINSTALL_FROM_PATH
if /i "%~1"=="/help" goto :SHOW_HELP
if /i "%~1"=="-h" goto :SHOW_HELP
if /i "%~1"=="--help" goto :SHOW_HELP
if /i "%~1"=="/?" goto :SHOW_HELP

REM =====================================================
REM Check if first run (not installed to PATH)
REM =====================================================
call :CHECK_IF_INSTALLED
if !PCDU_INSTALLED! EQU 0 (
    call :PROMPT_INSTALL
)

goto :MAIN_SCRIPT

REM =====================================================
REM INSTALL TO PATH FUNCTION
REM =====================================================
:INSTALL_TO_PATH
echo.
echo  ============================================================
echo   ^|^> PCDU Installation
echo  ============================================================
echo.

REM Check if already installed
call :CHECK_IF_INSTALLED
if !PCDU_INSTALLED! EQU 1 (
    echo   [OK] PCDU is already installed and accessible from PATH.
    echo       Location: !PCDU_FOUND_PATH!
    echo.
    choice /C YN /M "Reinstall/Update PCDU?"
    if !ERRORLEVEL! EQU 2 (
        echo.
        echo   Installation cancelled.
        goto :EOF
    )
)

REM Create install directory
echo   [1/4] Creating installation directory...
if not exist "%PCDU_INSTALL_DIR%" (
    mkdir "%PCDU_INSTALL_DIR%" 2>nul
    if !ERRORLEVEL! NEQ 0 (
        echo   [ERROR] Failed to create directory: %PCDU_INSTALL_DIR%
        goto :EOF
    )
    echo         Created: %PCDU_INSTALL_DIR%
) else (
    echo         Exists: %PCDU_INSTALL_DIR%
)

REM Copy script to install directory
echo.
echo   [2/4] Copying PCDU script...
copy /Y "%SCRIPT_PATH%" "%PCDU_INSTALL_DIR%\%PCDU_NAME%.bat" >nul 2>&1
if !ERRORLEVEL! NEQ 0 (
    echo   [ERROR] Failed to copy script to installation directory.
    goto :EOF
)
echo         Copied to: %PCDU_INSTALL_DIR%\%PCDU_NAME%.bat

REM Create a simple launcher without .bat extension (optional convenience)
echo   [2b/4] Creating launcher...
echo @echo off > "%PCDU_INSTALL_DIR%\%PCDU_NAME%.cmd"
echo call "%PCDU_INSTALL_DIR%\%PCDU_NAME%.bat" %%* >> "%PCDU_INSTALL_DIR%\%PCDU_NAME%.cmd"
echo         Created: %PCDU_INSTALL_DIR%\%PCDU_NAME%.cmd

REM Check if directory is already in PATH
echo.
echo   [3/4] Checking PATH environment variable...
set "PATH_CONTAINS_PCDU=0"
echo !PATH! | findstr /I /C:"%PCDU_INSTALL_DIR%" >nul 2>&1
if !ERRORLEVEL! EQU 0 (
    set "PATH_CONTAINS_PCDU=1"
    echo         PCDU directory already in PATH.
)

REM Add to PATH if not present
if !PATH_CONTAINS_PCDU! EQU 0 (
    echo         Adding PCDU to User PATH...
    
    REM Get current user PATH
    for /f "tokens=2*" %%A in ('reg query "HKCU\Environment" /v PATH 2^>nul') do set "USER_PATH=%%B"
    
    REM Check if USER_PATH is empty or not set
    if "!USER_PATH!"=="" (
        set "NEW_PATH=%PCDU_INSTALL_DIR%"
    ) else (
        set "NEW_PATH=!USER_PATH!;%PCDU_INSTALL_DIR%"
    )
    
    REM Use setx to permanently add to user PATH
    setx PATH "!NEW_PATH!" >nul 2>&1
    if !ERRORLEVEL! EQU 0 (
        echo         [OK] Added to User PATH successfully.
    ) else (
        echo         [WARNING] Could not add to PATH automatically.
        echo         Please manually add this to your PATH:
        echo         %PCDU_INSTALL_DIR%
    )
) 

REM Verify installation
echo.
echo   [4/4] Verifying installation...

REM Update current session PATH
set "PATH=%PATH%;%PCDU_INSTALL_DIR%"

if exist "%PCDU_INSTALL_DIR%\%PCDU_NAME%.bat" (
    echo         [OK] Script installed successfully.
) else (
    echo         [ERROR] Script not found at expected location.
    goto :EOF
)

echo.
echo  ============================================================
echo   ^|^> Installation Complete!
echo  ============================================================
echo.
echo   PCDU has been installed to: %PCDU_INSTALL_DIR%
echo.
echo   You can now run PCDU from anywhere using:
echo.
echo     pcdu                      - Run interactively
echo     pcdu [CaseNumber]         - Download specific case
echo     pcdu [CaseNo] [User]      - With username
echo     pcdu [CaseNo] [User] [Pw] - Fully automated
echo.
echo     pcdu /help                - Show help
echo     pcdu /install             - Reinstall PCDU
echo     pcdu /uninstall           - Remove PCDU from system
echo.
echo   NOTE: You may need to restart your terminal/CMD for
echo         PATH changes to take effect.
echo.
echo  ============================================================
echo.

REM Refresh environment for current process
call :REFRESH_ENV

pause
goto :EOF

REM =====================================================
REM UNINSTALL FROM PATH FUNCTION
REM =====================================================
:UNINSTALL_FROM_PATH
echo.
echo  ============================================================
echo   ^|^> PCDU Uninstallation
echo  ============================================================
echo.

choice /C YN /M "Are you sure you want to uninstall PCDU?"
if !ERRORLEVEL! EQU 2 (
    echo.
    echo   Uninstallation cancelled.
    goto :EOF
)

echo.
echo   [1/3] Removing PCDU from PATH...

REM Get current user PATH
for /f "tokens=2*" %%A in ('reg query "HKCU\Environment" /v PATH 2^>nul') do set "USER_PATH=%%B"

REM Remove PCDU_INSTALL_DIR from PATH
set "NEW_PATH=!USER_PATH:%PCDU_INSTALL_DIR%;=!"
set "NEW_PATH=!NEW_PATH:;%PCDU_INSTALL_DIR%=!"
set "NEW_PATH=!NEW_PATH:%PCDU_INSTALL_DIR%=!"

REM Update PATH
if not "!NEW_PATH!"=="!USER_PATH!" (
    setx PATH "!NEW_PATH!" >nul 2>&1
    echo         [OK] Removed from PATH.
) else (
    echo         [--] PCDU was not in PATH.
)

echo.
echo   [2/3] Removing installation directory...
if exist "%PCDU_INSTALL_DIR%" (
    rmdir /S /Q "%PCDU_INSTALL_DIR%" 2>nul
    if !ERRORLEVEL! EQU 0 (
        echo         [OK] Removed: %PCDU_INSTALL_DIR%
    ) else (
        echo         [WARNING] Could not remove directory. Please delete manually:
        echo         %PCDU_INSTALL_DIR%
    )
) else (
    echo         [--] Installation directory not found.
)

echo.
echo   [3/3] Cleanup complete.
echo.
echo  ============================================================
echo   ^|^> PCDU has been uninstalled.
echo  ============================================================
echo.
echo   NOTE: Restart your terminal for PATH changes to take effect.
echo.

pause
goto :EOF

REM =====================================================
REM SHOW HELP FUNCTION
REM =====================================================
:SHOW_HELP
echo.
echo  ============================================================
echo   ^|^> Parv's Case Download Utility ^(PCDU^) v%PCDU_VERSION%
echo  ============================================================
echo.
echo   DESCRIPTION:
echo     Downloads case files from the analysis server including
echo     configurations, packet captures, and media files.
echo.
echo   USAGE:
echo     %PCDU_NAME% [options]
echo     %PCDU_NAME% [CaseNumber] [Username] [Password]
echo.
echo   OPTIONS:
echo     /install      Install PCDU to system PATH
echo     /uninstall    Remove PCDU from system
echo     /help, -h     Show this help message
echo.
echo   EXAMPLES:
echo     %PCDU_NAME%                     Interactive mode
echo     %PCDU_NAME% 12345678            Download case 12345678
echo     %PCDU_NAME% 12345678 myuser     With username
echo     %PCDU_NAME% /install            Install to PATH
echo.
echo   STORAGE LOCATIONS (in priority order):
echo     1. D:\SJLNT\[CaseNumber]
echo     2. [Temporary Storage Drive]:\SJLNT\[CaseNumber]
echo     3. C:\Temp\SJLNT\[CaseNumber] (fallback)
echo.
echo   DOWNLOADED FILES:
echo     - Saved configs (ns.conf) from collector bundles
echo     - Running configs (ns_running_config.conf)
echo     - Packet captures (.pcap, .cap, .har, etc.)
echo     - SSL keys (.sslkeys, .keys)
echo     - Media files (images)
echo     - Log and text files
echo.
echo   REQUIREMENTS:
echo     - PuTTY (pscp.exe, plink.exe) OR OpenSSH (scp.exe)
echo     - Network access to sjanalysis.citrite.net
echo.
echo  ============================================================
echo.
pause
goto :EOF

REM =====================================================
REM CHECK IF INSTALLED FUNCTION
REM =====================================================
:CHECK_IF_INSTALLED
set "PCDU_INSTALLED=0"
set "PCDU_FOUND_PATH="

REM Check if pcdu command is available
where pcdu.bat >nul 2>&1
if !ERRORLEVEL! EQU 0 (
    for /f "delims=" %%P in ('where pcdu.bat 2^>nul') do (
        set "PCDU_FOUND_PATH=%%P"
    )
    set "PCDU_INSTALLED=1"
    goto :EOF
)

where pcdu.cmd >nul 2>&1
if !ERRORLEVEL! EQU 0 (
    for /f "delims=" %%P in ('where pcdu.cmd 2^>nul') do (
        set "PCDU_FOUND_PATH=%%P"
    )
    set "PCDU_INSTALLED=1"
    goto :EOF
)

REM Check if running from install directory
if /i "%~dp0"=="%PCDU_INSTALL_DIR%\" (
    set "PCDU_INSTALLED=1"
    set "PCDU_FOUND_PATH=%PCDU_INSTALL_DIR%\%PCDU_NAME%.bat"
)

goto :EOF

REM =====================================================
REM PROMPT INSTALL FUNCTION
REM =====================================================
:PROMPT_INSTALL
echo.
echo  ============================================================
echo   ^|^> PCDU First Run Setup
echo  ============================================================
echo.
echo   PCDU is not installed to your system PATH.
echo   Installing allows you to run 'pcdu' from any directory.
echo.
echo   Installation will:
echo     - Create folder: %PCDU_INSTALL_DIR%
echo     - Copy PCDU script to that folder
echo     - Add folder to your User PATH
echo.

choice /C YNC /M "Install PCDU to PATH? (Y=Yes, N=No, C=Cancel script)"
if !ERRORLEVEL! EQU 3 (
    echo.
    echo   Script cancelled.
    exit /b 0
)
if !ERRORLEVEL! EQU 1 (
    call :INSTALL_TO_PATH
    echo.
    echo   Continuing with case download...
    echo.
)

goto :EOF

REM =====================================================
REM REFRESH ENVIRONMENT FUNCTION
REM =====================================================
:REFRESH_ENV
REM This refreshes the PATH for the current cmd session
for /f "tokens=2*" %%A in ('reg query "HKCU\Environment" /v PATH 2^>nul') do set "PATH=%%B;%PATH%"
goto :EOF

REM =====================================================
REM MAIN SCRIPT
REM =====================================================
:MAIN_SCRIPT

REM =====================================================
REM Storage Drive Configuration
REM Priority: D: -> "Temporary Storage" -> C:\Temp
REM =====================================================
set "STORAGE_DRIVE="
set "STORAGE_BASE="
set "DRIVE_STATUS="

echo.
echo  [STORAGE CHECK] Checking available storage drives...
echo.

REM Check for D: drive first
if exist "D:\" (
    set "STORAGE_DRIVE=D:"
    set "STORAGE_BASE=D:\SJLNT"
    set "DRIVE_STATUS=D: Drive found and accessible"
    echo   [OK] D: Drive found and accessible
    goto :DRIVE_FOUND
)

echo   [--] D: Drive not found, checking for 'Temporary Storage' drive...

REM Check for drive with label "Temporary Storage"
for /f "tokens=1,2*" %%A in ('wmic logicaldisk get caption^,volumename 2^>nul ^| findstr /I "Temporary Storage"') do (
    set "TEMP_DRIVE=%%A"
    if exist "!TEMP_DRIVE!\" (
        set "STORAGE_DRIVE=!TEMP_DRIVE!"
        set "STORAGE_BASE=!TEMP_DRIVE!\SJLNT"
        set "DRIVE_STATUS=Temporary Storage drive found at !TEMP_DRIVE!"
        echo   [OK] 'Temporary Storage' drive found at !TEMP_DRIVE!
        goto :DRIVE_FOUND
    )
)

REM Alternative method: Check all drives for "Temporary Storage" label
for %%D in (E F G H I J K L M N O P Q R S T U V W X Y Z) do (
    if exist "%%D:\" (
        for /f "tokens=*" %%L in ('vol %%D: 2^>nul ^| findstr /I "Temporary Storage"') do (
            set "STORAGE_DRIVE=%%D:"
            set "STORAGE_BASE=%%D:\SJLNT"
            set "DRIVE_STATUS=Temporary Storage drive found at %%D:"
            echo   [OK] 'Temporary Storage' drive found at %%D:
            goto :DRIVE_FOUND
        )
    )
)

echo   [--] 'Temporary Storage' drive not found
echo.

REM Fallback to C:\Temp if no preferred drive found
echo   [!!] WARNING: Neither D: nor 'Temporary Storage' drive found!
echo.
echo   Available options:
echo     1. Use C:\Temp\SJLNT (fallback location)
echo     2. Cancel and check your drives
echo.
choice /C 12 /M "Select option"
if !ERRORLEVEL! EQU 2 (
    echo.
    echo   Operation cancelled by user.
    echo   Please ensure D: drive or a drive labeled 'Temporary Storage' is available.
    pause
    exit /b 1
)

set "STORAGE_DRIVE=C:"
set "STORAGE_BASE=C:\Temp\SJLNT"
set "DRIVE_STATUS=Using fallback location C:\Temp\SJLNT"
echo.
echo   [!!] Using fallback: C:\Temp\SJLNT

:DRIVE_FOUND

REM Check for pscp.exe (PuTTY SCP) or scp.exe
set "SCP_TOOL="
where pscp.exe >nul 2>&1
if !ERRORLEVEL! EQU 0 (
    set "SCP_TOOL=pscp.exe"
    set "SCP_TYPE=PSCP"
) else (
    where scp.exe >nul 2>&1
    if !ERRORLEVEL! EQU 0 (
        set "SCP_TOOL=scp.exe"
        set "SCP_TYPE=SCP"
    )
)

if "%SCP_TOOL%"=="" (
    echo.
    echo  ============================================================
    echo   [ERROR] SCP Tool Not Found
    echo  ============================================================
    echo.
    echo   Neither pscp.exe nor scp.exe found in PATH.
    echo.
    echo   Please install one of the following:
    echo     - PuTTY ^(includes pscp.exe^) - https://www.putty.org/
    echo     - OpenSSH Client ^(includes scp.exe^) - Built into Windows 10/11
    echo.
    echo   To enable OpenSSH on Windows:
    echo     Settings ^> Apps ^> Optional Features ^> Add OpenSSH Client
    echo.
    pause
    exit /b 1
)

REM =====================================================
REM Configuration
REM =====================================================
set "REMOTE_SERVER=sjanalysis.citrite.net"
set "REMOTE_BASE_PATH=/upload/ftp"

REM Prompt for case number if not provided
if "%~1"=="" (
    set /p CASENO=Enter Case Number: 
) else (
    REM Skip if argument is an option
    echo %~1 | findstr /B /C:"/" /C:"-" >nul
    if !ERRORLEVEL! EQU 0 (
        set /p CASENO=Enter Case Number: 
    ) else (
        set "CASENO=%~1"
    )
)

if "%CASENO%"=="" (
    echo ERROR: Case number cannot be empty.
    exit /b 1
)

REM Prompt for credentials if not provided
if "%~2"=="" (
    set /p USERNAME=Enter SSH Username: 
) else (
    set "USERNAME=%~2"
)

if "%USERNAME%"=="" (
    echo ERROR: Username cannot be empty.
    exit /b 1
)

if "%~3"=="" (
    echo Enter SSH Password for %USERNAME%@%REMOTE_SERVER%:
    REM Use PowerShell for hidden password input
    for /f "delims=" %%P in ('powershell -Command "$p = Read-Host -AsSecureString; [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($p))"') do set "PASSWORD=%%P"
) else (
    set "PASSWORD=%~3"
)

if "%PASSWORD%"=="" (
    echo ERROR: Password cannot be empty.
    exit /b 1
)

REM =====================================================
REM Paths - Now using configured storage drive
REM =====================================================
set "REMOTE_CASE_PATH=%REMOTE_BASE_PATH%/%CASENO%"
set "DEST=%STORAGE_BASE%\%CASENO%"
set "LOGFILE=%DEST%\download_%CASENO%.log"
set "TEMP_LIST=%TEMP%\caselist_%CASENO%.txt"
set "TEMP_FILTERED=%TEMP%\filtered_%CASENO%.txt"
set "COLLECTOR_LIST=%TEMP%\collectors_%CASENO%.txt"
set "ALL_FILES_LIST=%TEMP%\allfiles_%CASENO%.txt"

echo.
echo  ============================================================
echo   ^|^> Parv's Case Download Utility ^(PCDU^) v%PCDU_VERSION%
echo  ============================================================
echo   Case Number    : %CASENO%
echo   Remote Server  : %REMOTE_SERVER%
echo   Remote Path    : %REMOTE_CASE_PATH%
echo   Storage Drive  : %STORAGE_DRIVE%
echo   Local Dest     : %DEST%
echo   SCP Tool       : %SCP_TYPE%
echo   User           : %USERNAME%
echo   Drive Status   : %DRIVE_STATUS%
echo  ============================================================
echo.

REM =====================================================
REM Create destination directory structure
REM =====================================================
echo  [PATH CHECK] Verifying destination paths...
echo.

REM Check if base storage path exists
if exist "%STORAGE_BASE%" (
    echo   [OK] Base path exists: %STORAGE_BASE%
) else (
    echo   [!!] Base path does not exist: %STORAGE_BASE%
    echo       Creating base directory...
    mkdir "%STORAGE_BASE%" 2>nul
    if !ERRORLEVEL! EQU 0 (
        echo   [OK] Created: %STORAGE_BASE%
    ) else (
        echo   [ERROR] Failed to create base directory: %STORAGE_BASE%
        echo.
        echo   Possible reasons:
        echo     - Drive not writable
        echo     - Insufficient permissions
        echo     - Drive full
        echo.
        pause
        exit /b 1
    )
)

REM Check if case destination exists
if exist "%DEST%" (
    echo   [OK] Case path exists: %DEST%
    echo.
    echo   [!!] WARNING: Case folder already exists!
    echo       Files may be overwritten.
    echo.
    choice /C YN /M "Continue and potentially overwrite existing files?"
    if !ERRORLEVEL! EQU 2 (
        echo.
        echo   Operation cancelled by user.
        pause
        exit /b 0
    )
) else (
    echo   [!!] Case path does not exist: %DEST%
    echo       Creating case directory...
    mkdir "%DEST%" 2>nul
    if !ERRORLEVEL! EQU 0 (
        echo   [OK] Created: %DEST%
    ) else (
        echo   [ERROR] Failed to create case directory: %DEST%
        pause
        exit /b 1
    )
)

REM Create subdirectories for organization
echo.
echo  [PATH CHECK] Creating subdirectories...

for %%S in (configs captures media) do (
    if exist "%DEST%\%%S" (
        echo   [OK] Exists: %DEST%\%%S
    ) else (
        mkdir "%DEST%\%%S" 2>nul
        if !ERRORLEVEL! EQU 0 (
            echo   [OK] Created: %DEST%\%%S
        ) else (
            echo   [!!] Failed to create: %DEST%\%%S
        )
    )
)

echo.

REM Initialize log file
echo ============================================================ > "%LOGFILE%"
echo  Parv's Case Download Utility ^(PCDU^) v%PCDU_VERSION% - Download Log >> "%LOGFILE%"
echo ============================================================ >> "%LOGFILE%"
echo  Case Number   : %CASENO% >> "%LOGFILE%"
echo  Date/Time     : %DATE% %TIME% >> "%LOGFILE%"
echo  Remote Server : %REMOTE_SERVER% >> "%LOGFILE%"
echo  User          : %USERNAME% >> "%LOGFILE%"
echo  Storage Drive : %STORAGE_DRIVE% >> "%LOGFILE%"
echo  Destination   : %DEST% >> "%LOGFILE%"
echo  Drive Status  : %DRIVE_STATUS% >> "%LOGFILE%"
echo ============================================================ >> "%LOGFILE%"
echo. >> "%LOGFILE%"

REM =====================================================
REM Test SSH connection and verify case directory
REM =====================================================
echo [1/5] Testing SSH connection...
echo [1/5] Testing SSH connection... >> "%LOGFILE%"

if "%SCP_TYPE%"=="PSCP" (
    echo y | plink.exe -batch -pw "%PASSWORD%" %USERNAME%@%REMOTE_SERVER% "test -d %REMOTE_CASE_PATH% && echo OK || echo NOTFOUND" 2>nul | findstr /V /C:"Keyboard" /C:"prompts from server" > "%TEMP_LIST%"
) else (
    sshpass -p "%PASSWORD%" ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=NUL %USERNAME%@%REMOTE_SERVER% "test -d %REMOTE_CASE_PATH% && echo OK || echo NOTFOUND" > "%TEMP_LIST%" 2>&1
)

if !ERRORLEVEL! NEQ 0 (
    echo ERROR: SSH connection failed. >> "%LOGFILE%"
    type "%TEMP_LIST%" >> "%LOGFILE%"
    echo ERROR: SSH connection failed.
    echo Check credentials and network connectivity.
    echo See log: %LOGFILE%
    del "%TEMP_LIST%" 2>nul
    pause
    exit /b 1
)

findstr /C:"OK" "%TEMP_LIST%" >nul
if !ERRORLEVEL! NEQ 0 (
    echo ERROR: Case directory not found on server: %REMOTE_CASE_PATH% >> "%LOGFILE%"
    echo ERROR: Case directory not found on server.
    echo Path: %REMOTE_CASE_PATH%
    echo Please verify the case number.
    del "%TEMP_LIST%" 2>nul
    pause
    exit /b 1
)

echo       Connection successful.
echo       Connection successful. >> "%LOGFILE%"

REM =====================================================
REM Single SSH call to get all required info
REM Collectors + All files in case root
REM =====================================================
echo.
echo [2/5] Scanning case directory...
echo [2/5] Scanning case directory... >> "%LOGFILE%"

if "%SCP_TYPE%"=="PSCP" (
    plink.exe -batch -pw "%PASSWORD%" %USERNAME%@%REMOTE_SERVER% "echo '===COLLECTORS==='; find %REMOTE_CASE_PATH% -maxdepth 1 -type d -name 'collector_*' 2>/dev/null; echo '===FILES==='; find %REMOTE_CASE_PATH% -maxdepth 1 -type f \( -name '*.cap' -o -name '*.pcap' -o -name '*.pcapng' -o -name '*.sslkeys' -o -name '*.keys' -o -name '*.har' -o -name '*.xml' -o -name '*.jpg' -o -name '*.jpeg' -o -name '*.png' -o -name '*.gif' -o -name '*.bmp' -o -name '*.webp' -o -name '*.tiff' -o -name '*.svg' -o -name '*.txt' -o -name '*.log' -o -name '*.csv' -o -name '*.json' \) 2>/dev/null" 2>nul | findstr /V /C:"Keyboard" /C:"prompts from server" > "%ALL_FILES_LIST%"
) else (
    sshpass -p "%PASSWORD%" ssh -o StrictHostKeyChecking=no %USERNAME%@%REMOTE_SERVER% "echo '===COLLECTORS==='; find %REMOTE_CASE_PATH% -maxdepth 1 -type d -name 'collector_*' 2>/dev/null; echo '===FILES==='; find %REMOTE_CASE_PATH% -maxdepth 1 -type f \( -name '*.cap' -o -name '*.pcap' -o -name '*.pcapng' -o -name '*.sslkeys' -o -name '*.keys' -o -name '*.har' -o -name '*.xml' -o -name '*.jpg' -o -name '*.jpeg' -o -name '*.png' -o -name '*.gif' -o -name '*.bmp' -o -name '*.webp' -o -name '*.tiff' -o -name '*.svg' -o -name '*.txt' -o -name '*.log' -o -name '*.csv' -o -name '*.json' \) 2>/dev/null" > "%ALL_FILES_LIST%"
)

REM Parse collectors from combined output
set "IN_COLLECTORS=0"
set "IN_FILES=0"
echo. > "%COLLECTOR_LIST%"
echo. > "%TEMP_LIST%"

for /f "usebackq delims=" %%A in ("%ALL_FILES_LIST%") do (
    set "LINE=%%A"
    
    REM Check for section markers
    echo !LINE! | findstr /C:"===COLLECTORS===" >nul
    if !ERRORLEVEL! EQU 0 (
        set "IN_COLLECTORS=1"
        set "IN_FILES=0"
    ) else (
        echo !LINE! | findstr /C:"===FILES===" >nul
        if !ERRORLEVEL! EQU 0 (
            set "IN_COLLECTORS=0"
            set "IN_FILES=1"
        ) else (
            REM Skip empty lines and filter noise
            if not "!LINE!"=="" (
                echo !LINE! | findstr /C:"Keyboard" /C:"prompts" /C:"authentication" >nul
                if !ERRORLEVEL! NEQ 0 (
                    if !IN_COLLECTORS! EQU 1 (
                        echo !LINE!>> "%COLLECTOR_LIST%"
                    )
                    if !IN_FILES! EQU 1 (
                        echo !LINE!>> "%TEMP_LIST%"
                    )
                )
            )
        )
    )
)

REM Count collectors
set "COLLECTOR_COUNT=0"
for /f "usebackq delims=" %%A in ("%COLLECTOR_LIST%") do (
    set "LINE=%%A"
    if not "!LINE!"=="" (
        echo !LINE! | findstr /C:"collector_" >nul
        if !ERRORLEVEL! EQU 0 (
            set /a COLLECTOR_COUNT+=1
            for %%B in ("!LINE!") do echo       Found: %%~nxB
            echo       Found collector: !LINE! >> "%LOGFILE%"
        )
    )
)

if %COLLECTOR_COUNT% EQU 0 (
    echo       No collector bundles found.
    echo       No collector bundles found. >> "%LOGFILE%"
) else (
    echo       Total collectors found: %COLLECTOR_COUNT%
)

REM =====================================================
REM Download Saved Config (ns.conf from nsconfig folder)
REM Inside collector bundles only
REM =====================================================
echo.
echo [3/5] Downloading saved configurations ^(ns.conf^)...
echo [3/5] Downloading saved configurations... >> "%LOGFILE%"

set "CONFIG_COUNT=0"
for /f "usebackq delims=" %%C in ("%COLLECTOR_LIST%") do (
    set "COLLECTOR_PATH=%%C"
    
    REM Skip empty lines and filter noise
    if not "!COLLECTOR_PATH!"=="" (
        echo !COLLECTOR_PATH! | findstr /C:"collector_" >nul
        if !ERRORLEVEL! EQU 0 (
            for %%D in ("!COLLECTOR_PATH!") do set "COLLECTOR_NAME=%%~nxD"
            
            echo       Checking !COLLECTOR_NAME!...
            
            set "DEST_FILENAME=ns.conf_!COLLECTOR_NAME!"
            
            if "%SCP_TYPE%"=="PSCP" (
                pscp.exe -batch -pw "%PASSWORD%" -q "%USERNAME%@%REMOTE_SERVER%:!COLLECTOR_PATH!/nsconfig/ns.conf" "%DEST%\configs\!DEST_FILENAME!" >nul 2>&1
            ) else (
                scp -o StrictHostKeyChecking=no -q "%USERNAME%@%REMOTE_SERVER%:!COLLECTOR_PATH!/nsconfig/ns.conf" "%DEST%\configs\!DEST_FILENAME!" 2>nul
            )
            
            if exist "%DEST%\configs\!DEST_FILENAME!" (
                echo         [OK] !DEST_FILENAME!
                echo         [OK] Downloaded: !DEST_FILENAME! >> "%LOGFILE%"
                set /a CONFIG_COUNT+=1
            ) else (
                echo         [--] ns.conf not found
            )
        )
    )
)

echo       Saved configs downloaded: %CONFIG_COUNT%

REM =====================================================
REM Download Running Config (ns_running_config.conf)
REM Inside collector bundles only
REM =====================================================
echo.
echo [4/5] Downloading running configurations...
echo [4/5] Downloading running configurations... >> "%LOGFILE%"

set "RUNNING_COUNT=0"
for /f "usebackq delims=" %%C in ("%COLLECTOR_LIST%") do (
    set "COLLECTOR_PATH=%%C"
    
    REM Skip empty lines and filter noise
    if not "!COLLECTOR_PATH!"=="" (
        echo !COLLECTOR_PATH! | findstr /C:"collector_" >nul
        if !ERRORLEVEL! EQU 0 (
            for %%D in ("!COLLECTOR_PATH!") do set "COLLECTOR_NAME=%%~nxD"
            
            echo       Checking !COLLECTOR_NAME!...
            
            set "DEST_FILENAME=ns_running_config.conf_!COLLECTOR_NAME!"
            
            if "%SCP_TYPE%"=="PSCP" (
                pscp.exe -batch -pw "%PASSWORD%" -q "%USERNAME%@%REMOTE_SERVER%:!COLLECTOR_PATH!/shell/ns_running_config.conf" "%DEST%\configs\!DEST_FILENAME!" >nul 2>&1
            ) else (
                scp -o StrictHostKeyChecking=no -q "%USERNAME%@%REMOTE_SERVER%:!COLLECTOR_PATH!/shell/ns_running_config.conf" "%DEST%\configs\!DEST_FILENAME!" 2>nul
            )
            
            if exist "%DEST%\configs\!DEST_FILENAME!" (
                echo         [OK] !DEST_FILENAME!
                echo         [OK] Downloaded: !DEST_FILENAME! >> "%LOGFILE%"
                set /a RUNNING_COUNT+=1
            ) else (
                echo         [--] Running config not found
            )
        )
    )
)

echo       Running configs downloaded: %RUNNING_COUNT%

REM =====================================================
REM Download Capture and Media Files
REM OUTSIDE collector bundles only (case root level)
REM Using pre-fetched file list
REM =====================================================
echo.
echo [5/5] Downloading files from case directory...
echo [5/5] Downloading files from case root... >> "%LOGFILE%"

set "CAPTURE_COUNT=0"
set "MEDIA_COUNT=0"
set "OTHER_COUNT=0"

for /f "usebackq delims=" %%F in ("%TEMP_LIST%") do (
    set "REMOTE_FILE=%%F"
    
    REM Skip empty lines and filter noise
    if not "!REMOTE_FILE!"=="" (
        echo !REMOTE_FILE! | findstr /C:"Keyboard" /C:"prompts" /C:"authentication" >nul
        if !ERRORLEVEL! NEQ 0 (
            for %%G in ("!REMOTE_FILE!") do (
                set "FILENAME=%%~nxG"
                set "FILEEXT=%%~xG"
            )
            
            if not "!FILENAME!"=="" (
                REM Determine file type and destination
                set "FILE_DEST="
                set "FILE_TYPE="
                
                REM Check if capture file
                echo !FILEEXT! | findstr /I /C:".cap" /C:".pcap" /C:".pcapng" /C:".sslkeys" /C:".keys" /C:".har" >nul
                if !ERRORLEVEL! EQU 0 (
                    set "FILE_DEST=%DEST%\captures\!FILENAME!"
                    set "FILE_TYPE=capture"
                )
                
                REM Check if image file
                echo !FILEEXT! | findstr /I /C:".jpg" /C:".jpeg" /C:".png" /C:".gif" /C:".bmp" /C:".webp" /C:".tiff" /C:".svg" >nul
                if !ERRORLEVEL! EQU 0 (
                    set "FILE_DEST=%DEST%\media\!FILENAME!"
                    set "FILE_TYPE=media"
                )
                
                REM Check if other file (txt, log, xml, json, csv)
                echo !FILEEXT! | findstr /I /C:".txt" /C:".log" /C:".xml" /C:".json" /C:".csv" >nul
                if !ERRORLEVEL! EQU 0 (
                    set "FILE_DEST=%DEST%\!FILENAME!"
                    set "FILE_TYPE=other"
                )
                
                REM Download the file
                if defined FILE_DEST (
                    echo       Downloading: !FILENAME!
                    
                    if "%SCP_TYPE%"=="PSCP" (
                        pscp.exe -batch -pw "%PASSWORD%" -q "%USERNAME%@%REMOTE_SERVER%:!REMOTE_FILE!" "!FILE_DEST!" >nul 2>&1
                    ) else (
                        scp -o StrictHostKeyChecking=no -q "%USERNAME%@%REMOTE_SERVER%:!REMOTE_FILE!" "!FILE_DEST!" 2>nul
                    )
                    
                    if exist "!FILE_DEST!" (
                        echo         [OK] !FILENAME!
                        echo         [OK] Downloaded !FILE_TYPE!: !FILENAME! >> "%LOGFILE%"
                        
                        if "!FILE_TYPE!"=="capture" set /a CAPTURE_COUNT+=1
                        if "!FILE_TYPE!"=="media" set /a MEDIA_COUNT+=1
                        if "!FILE_TYPE!"=="other" set /a OTHER_COUNT+=1
                    )
                )
            )
        )
    )
)

echo.
echo       Capture files downloaded: %CAPTURE_COUNT%
echo       Media files downloaded  : %MEDIA_COUNT%
echo       Other files downloaded  : %OTHER_COUNT%

REM =====================================================
REM Cleanup and Summary
REM =====================================================
del "%TEMP_LIST%" 2>nul
del "%TEMP_FILTERED%" 2>nul
del "%COLLECTOR_LIST%" 2>nul
del "%ALL_FILES_LIST%" 2>nul

REM Remove empty directories
for %%D in (configs captures media) do (
    dir /b "%DEST%\%%D" 2>nul | findstr "." >nul || rmdir "%DEST%\%%D" 2>nul
)

echo.
echo  ============================================================
echo   ^|^> Download Complete - Summary
echo  ============================================================
echo.
echo   STORAGE INFORMATION:
echo     Storage Drive            : %STORAGE_DRIVE%
echo     Drive Status             : %DRIVE_STATUS%
echo     Base Path                : %STORAGE_BASE%
echo.
echo   FROM COLLECTOR BUNDLES:
echo     Collector bundles found  : %COLLECTOR_COUNT%
echo     Saved configs ^(ns.conf^)  : %CONFIG_COUNT%
echo     Running configs          : %RUNNING_COUNT%
echo.
echo   FROM CASE ROOT DIRECTORY:
echo     Capture files ^(pcap,har^) : %CAPTURE_COUNT%
echo     Media files ^(images^)     : %MEDIA_COUNT%
echo     Other files ^(xml,txt^)    : %OTHER_COUNT%
echo.
echo   Destination : %DEST%
echo   Log file    : %LOGFILE%
echo.

REM Write summary to log
echo. >> "%LOGFILE%"
echo ============================================================ >> "%LOGFILE%"
echo  SUMMARY >> "%LOGFILE%"
echo ============================================================ >> "%LOGFILE%"
echo  STORAGE INFORMATION: >> "%LOGFILE%"
echo    Storage Drive            : %STORAGE_DRIVE% >> "%LOGFILE%"
echo    Drive Status             : %DRIVE_STATUS% >> "%LOGFILE%"
echo. >> "%LOGFILE%"
echo  FROM COLLECTOR BUNDLES: >> "%LOGFILE%"
echo    Collector bundles found  : %COLLECTOR_COUNT% >> "%LOGFILE%"
echo    Saved configs            : %CONFIG_COUNT% >> "%LOGFILE%"
echo    Running configs          : %RUNNING_COUNT% >> "%LOGFILE%"
echo. >> "%LOGFILE%"
echo  FROM CASE ROOT DIRECTORY: >> "%LOGFILE%"
echo    Capture files            : %CAPTURE_COUNT% >> "%LOGFILE%"
echo    Media files              : %MEDIA_COUNT% >> "%LOGFILE%"
echo    Other files              : %OTHER_COUNT% >> "%LOGFILE%"
echo ============================================================ >> "%LOGFILE%"

echo  ============================================================
echo.

REM Open destination folder
choice /C YN /M "Open destination folder now?"
if !ERRORLEVEL! EQU 1 explorer "%DEST%"

endlocal
exit /b 0