Python bindings for https://github.com/omerbenamram/evtx
Project description
pyevtx-rs
Python bindings for https://github.com/omerbenamram/evtx/.
Installation
Available on PyPi - https://pypi.org/project/evtx/.
To install from PyPi - pip install evtx
Wheels
Wheels are currently automatically built for python3.6 python3.7 for all 64-bit platforms (Windows, macOS, and manylinux).
Installation from sources
Installation is possible for other platforms by installing from sources, this requires a nightly rust compiler and setuptools-rust.
Run python setup.py install
Usage
The API surface is currently fairly limited (only yields events as XML/JSON documents), but is planned to be expanded in the future.
This will print each record as an XML string.
from evtx import PyEvtxParser def main(): parser = PyEvtxParser("./samples/Security_short_selected.evtx") for record in parser.records(): print(f'Event Record ID: {record["event_record_id"]}') print(f'Event Timestamp: {record["timestamp"]}') print(record['data']) print(f'------------------------------------------')
And this will print each record as a JSON string.
from evtx.parser import PyEvtxParser def main(): parser = PyEvtxParser("./samples/Security_short_selected.evtx") for record in parser.records_json(): print(f'Event Record ID: {record["event_record_id"]}') print(f'Event Timestamp: {record["timestamp"]}') print(record['data']) print(f'------------------------------------------')
File-like objects are also supported.
from evtx.parser import PyEvtxParser def main(): a = open("./samples/Security_short_selected.evtx", 'rb') # io.BytesIO is also supported. parser = PyEvtxParser(a) for record in parser.records_json(): print(f'Event Record ID: {record["event_record_id"]}') print(f'Event Timestamp: {record["timestamp"]}') print(record['data']) print(f'------------------------------------------')
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
| Filename, size | File type | Python version | Upload date | Hashes |
|---|---|---|---|---|
| Filename, size evtx-0.6.11-cp35-cp35m-macosx_10_7_x86_64.whl (688.3 kB) | File type Wheel | Python version cp35 | Upload date | Hashes View |
| Filename, size evtx-0.6.11-cp35-cp35m-manylinux1_x86_64.whl (754.5 kB) | File type Wheel | Python version cp35 | Upload date | Hashes View |
| Filename, size evtx-0.6.11-cp35-none-win_amd64.whl (693.0 kB) | File type Wheel | Python version cp35 | Upload date | Hashes View |
| Filename, size evtx-0.6.11-cp36-cp36m-macosx_10_7_x86_64.whl (688.2 kB) | File type Wheel | Python version cp36 | Upload date | Hashes View |
| Filename, size evtx-0.6.11-cp36-cp36m-manylinux1_x86_64.whl (754.3 kB) | File type Wheel | Python version cp36 | Upload date | Hashes View |
| Filename, size evtx-0.6.11-cp36-none-win_amd64.whl (693.0 kB) | File type Wheel | Python version cp36 | Upload date | Hashes View |
| Filename, size evtx-0.6.11-cp37-cp37m-macosx_10_7_x86_64.whl (688.0 kB) | File type Wheel | Python version cp37 | Upload date | Hashes View |
| Filename, size evtx-0.6.11-cp37-cp37m-manylinux1_x86_64.whl (754.1 kB) | File type Wheel | Python version cp37 | Upload date | Hashes View |
| Filename, size evtx-0.6.11-cp37-none-win_amd64.whl (692.8 kB) | File type Wheel | Python version cp37 | Upload date | Hashes View |
| Filename, size evtx-0.6.11-cp38-cp38-macosx_10_7_x86_64.whl (688.0 kB) | File type Wheel | Python version cp38 | Upload date | Hashes View |
| Filename, size evtx-0.6.11-cp38-cp38-manylinux1_x86_64.whl (754.1 kB) | File type Wheel | Python version cp38 | Upload date | Hashes View |
| Filename, size evtx-0.6.11-cp38-none-win_amd64.whl (692.8 kB) | File type Wheel | Python version cp38 | Upload date | Hashes View |
Close
Hashes for evtx-0.6.11-cp35-cp35m-macosx_10_7_x86_64.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | c29450cfabad2c179f03c5c7aa4ea783e59dbc2d2b9c559f9659b01a2ac517ab |
|
| MD5 | abba389dea3367a7f9e3483bfa365a11 |
|
| BLAKE2-256 | b2969bd4616bf782bceeac821cd5ef9927247a0d592066e7df45f0dd58d2e59e |
Close
Hashes for evtx-0.6.11-cp35-cp35m-manylinux1_x86_64.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | ac3d9d43f6c985b5e443996c5cae69b537244a1485e9d663c273d0c1809598f8 |
|
| MD5 | d612af5815667db65aae0168e8af239f |
|
| BLAKE2-256 | f1608dd1fe790f09fc22810022abd35d04c7c142391636f913e60ef4fe1b8900 |
Close
Hashes for evtx-0.6.11-cp35-none-win_amd64.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 9cb254aa5bb42f7a07e70000369b49696f4fa1b47a9aabc9be5485d9d80487e6 |
|
| MD5 | c97061c9ba8963105a82c99a3d312b70 |
|
| BLAKE2-256 | 404d5b20f84d62f93188a5ec4fd0f2a09668934ef0dd0bd15438882723d9d174 |
Close
Hashes for evtx-0.6.11-cp36-cp36m-macosx_10_7_x86_64.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | acad29479f830a75ff20d3a6f9f4c02e5eff4df1524ebba9ed81bae6f7008906 |
|
| MD5 | 6e4a15dd6505e23ae59152ab6d1fd63e |
|
| BLAKE2-256 | 8ae56141fe1c7f79b357974c4674185e0d249c6112215048b66bcb262d72b999 |
Close
Hashes for evtx-0.6.11-cp36-cp36m-manylinux1_x86_64.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 8b87d4b40c264c50b9bc7bdf65393fbbe150bcead36bff83e192493dcf786181 |
|
| MD5 | 1180169528b1d524fe692f57e16814b6 |
|
| BLAKE2-256 | 5f9d51dc4794c71f69422c8b4a027a7b91833c86f0e9e52f4dbf7b1c454330d9 |
Close
Hashes for evtx-0.6.11-cp36-none-win_amd64.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | b61173b54716e5a0b7226b64aa2ba4072a30e7a11f5bb99bfa092bb18a125129 |
|
| MD5 | 4f6207146a55a4db3f1ff6cf29f14949 |
|
| BLAKE2-256 | 3a7b112ff335baa931440fd539057e5af5b2814fae086bee72d117202279df22 |
Close
Hashes for evtx-0.6.11-cp37-cp37m-macosx_10_7_x86_64.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 8e5a2c89a8e345c0baec68a1f15501de3c64807e4085a3d09b684166568c8e86 |
|
| MD5 | 74f5c7a0e30e9a052fbb0d8acfb30960 |
|
| BLAKE2-256 | b75b39a574908017fa6e4ad25855d68e6f43ba034a1ebf6052563ab973b87114 |
Close
Hashes for evtx-0.6.11-cp37-cp37m-manylinux1_x86_64.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 7173ab3f1594a410f20320b2679d7392e68446bab3f86e300b1d463d4d2eb75a |
|
| MD5 | 6bc8f6f7386ec03272697931e107fa37 |
|
| BLAKE2-256 | aef82d13b40a4fb61062b65d66762cd1810e21bcf2891a8a902e41513448ec06 |
Close
Hashes for evtx-0.6.11-cp37-none-win_amd64.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 0cf88f58549effa93a7f3d6cc607a0d83bcdf27c33dca78e93d837e035352c4b |
|
| MD5 | f5409d19acc0a8f3779aa43964b7b9bf |
|
| BLAKE2-256 | e3e3e74c9f73feab9d2b97d41d99d36eb23afa8955c1f67248542d9023157a05 |
Close
Hashes for evtx-0.6.11-cp38-cp38-macosx_10_7_x86_64.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | a359fd344647fd71839729044179ceb1b3b91ee8f280266883d6df186910a097 |
|
| MD5 | eb6e8272d5603cb26b8d6f7cc5c5988d |
|
| BLAKE2-256 | a1234f36330f21f9bd7d79164303284ea27d721570abd321e3ba4aa6d544c3d5 |
Close
Hashes for evtx-0.6.11-cp38-cp38-manylinux1_x86_64.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 2b4116ba97670404084ed521cb86454f8878b601cdd95a36d80a91664e238d30 |
|
| MD5 | b37c2b4ef060f4634d43f073209b729e |
|
| BLAKE2-256 | 0517a2925c542a29d066de70916e573cda7e978989e4aef3345549f29d842cf2 |
Close
Hashes for evtx-0.6.11-cp38-none-win_amd64.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | b777688200615db479fd39cfdef758d7f8544ae88bb5ff4e2f8f2bfcddaf5fe0 |
|
| MD5 | 06f991253b5e8657d3b6cad70576d7ad |
|
| BLAKE2-256 | e5958bd1058797900e15f56211a71e4b61536e370cf75828cb31be3ab15ead66 |
