Twenty Year Anniversary

SkypeFreak Forensic Tool

SkypeFreak Forensic Tool
Posted Mar 21, 2014
Authored by Osanda Malith

This tool can be used to enumerate Skype users profiles, contacts, messages, and calls from the main.db file. This is automated easy to use application in which to perform forensic spelunking of Skype data.

tags | tool, forensics
MD5 | c2f9ce08e658c838aa56267c0fda951a

SkypeFreak Forensic Tool

Change Mirror Download
'''
Title: SkypeFreak
Description: A cross platform forensic tool for Skype
Author: Osanda Malith (@OsandaMalith)
URL: http://osandamalith.github.io/SkypeFreak/

Disclaimer: This tool is meant for ethical (legal) purposes only.

Notes: Please note this tool may contain errors, and
is provided "as it is". There is no guarantee
that it will work on your target server(s), as
the code may have to be adapted.
This is to avoid script kiddie abuse as well.

License:
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
'''
import os
import sqlite3
import optparse
import sys

def Profile(skypeDB, PathName):
connexion = sqlite3.connect(skypeDB)
c = connexion.cursor()
c.execute("SELECT fullname, skypename, city, country,\
datetime(profile_timestamp,'unixepoch') FROM Accounts")
print '[*] --- Details of %s' % (os.path.basename(PathName)) +' ---'
profile = '[*] --- Details of %s' % (os.path.basename(PathName)) +' ---\n'
for row in c:
print '[+] User: %s ' %(str(row[0]))
profile += '[+] User: %s \n' %(str(row[0]))
print '[+] Skype Username: %s'%(str(row[1]))
profile += '[+] Skype Username: %s\n'%(str(row[1]))
print '[+] Country: %s' % (str(row[2]))
profile += '[+] Country: %s\n' % (str(row[2]))
print '[+] Location: %s'% (str(row[3]))
profile += '[+] Location: %s\n'% (str(row[3]))
print '[+] Profile Date: %s'%(str(row[4]))

while True:

choice = raw_input("\n[~] Generate Output?\n")
choice = choice.lower()

if choice[0] == 'y':
try:
output = profile
output += "\n[*] This file was Generated by Skype Freak\n[~] http://osandamalith.github.io/SkypeFreak/"
filename = str(raw_input("[~] Enter a Filename: "))
file = open(filename+'.txt' , "w")
file.write(output)
file.close()
print '[~] File Saved to ' + os.path.abspath(filename) + '.txt'
mainMenu(skypeDB, PathName)
break
except Exception, e:
print '[!] Access Denied! Directory is not writable. Probably you are in C:\\ drive'
if choice[0] == 'n':
mainMenu(skypeDB, PathName)
break


def Contacts(skypeDB, PathName):
connexion = sqlite3.connect(skypeDB)
c = connexion.cursor()
c.execute("SELECT displayname, skypename, country, city, about, phone_mobile, homepage, \
birthday , datetime(lastonline_timestamp,'unixepoch') FROM Contacts;")
print '\n[*] --- Found Contacts --- '
contacts = '[*] --- Found Contacts of %s' % (os.path.basename(PathName)) +' ---\n'
for row in c:
print '[+] User: %s\n' %(str(row[0]))
contacts += '\n\n[+] User: %s' %(str(row[0]))
print '[+] Skype Username: %s' %(str(row[1]))
contacts += '\n[+] Skype Username: %s\n' %(str(row[1]))
if str(row[2])!= 'None':
contacts += '[+] Country: %s\n' %(str(row[2]))
print '[+] Country: %s' %(str(row[2]))
if str(row[3])!= 'None':
contacts += '[+] City: %s\n' %(str(row[3]))
print '[+] City: %s' %(str(row[3]))
if str(row[4])!= 'None':
contacts += '[+] About Text: %s\n' %(str(row[4]))
print '[+] About Text: %s' %(str(row[4]))
if str(row[5])!= 'None':
contacts += '[+] Mobile Number: %s\n' %(str(row[5]))
print '[+] Mobile Number: %s' %(str(row[5]))
if str(row[6])!= 'None':
contacts += '[+] Homepage URL: %s\n' %(str(row[6]))
print '[+] Homepage URL: %s' %(str(row[6]))
if str(row[7])!= 'None':
contacts += '[+] Birthday: %s\n' %(str(row[7]))
print '[+] Birthday: %s' %(str(row[7]))
if str(row[8])!= 'None':
contacts += '[+] Last Online Date: %s\n' %(str(row[8]))
print '[+] Last Online Date: %s' %(str(row[8]))

while True:
try:
choice = raw_input("\n[~] Generate Output?\n")
choice = choice.lower()
except (NameError, SyntaxError, EOFError):
print '[!] Error Occured'
if choice[0] == 'y':
try:
output = contacts
output += "\n[*] This file was Generated by Skype Freak\n[~] http://osandamalith.github.io/SkypeFreak/"
filename = str(raw_input("[~] Enter a Filename: "))
file = open(filename+'.txt' , "w")
file.write(output)
file.close()
print '[~] File Saved to ' + os.path.abspath(filename) + '.txt'
mainMenu(skypeDB, PathName)
break
except Exception, e:
print '[!] Access Denied! Directory is not writable. Probably you are in C:\\ drive'
if choice[0] == 'n':
mainMenu(skypeDB, PathName)
break


def Calls(skypeDB, PathName):
connexion = sqlite3.connect(skypeDB)
c = connexion.cursor()
c.execute("SELECT datetime(begin_timestamp,'unixepoch'), time(duration,'unixepoch'), \
is_incoming, identity FROM calls, conversations WHERE calls.conv_dbid = conversations.id;")
print '\n[*] --- Found Calls --- '
calls = '[*] --- Found Calls of %s' % (os.path.basename(PathName)) +' ---\n'
for row in c:

print '[+] Date: %s'%(str(row[0])) + ' | Partner: %s' %(str(row[3]))
if (str(row[1])) != 'None':
print '[+] Call Duration: %s' %(str(row[1]))
if ((str(row[2])) == '1'):
print '[~] This was an Incoming Call\n'
else:
print '[~] This was an Outgoing Call\n'
#output

calls += '[+] Date: %s'%(str(row[0])) + ' | Partner: %s\n' %(str(row[3]))
if (str(row[1])) != 'None':
calls += '[+] Call Duration: %s\n' %(str(row[1]))
if ((str(row[2])) == '1'):
calls += '[~] This was an Incoming Call\n\n'
else:
calls += '[~] This was an Outgoing Call\n\n'

while True:
try:
choice = raw_input("\n[~] Generate Output?\n")
choice = choice.lower()
except (NameError, SyntaxError, EOFError):
print '[!] Error Occured'
if choice[0] == 'y':
try:
output = calls
output += "\n[*] This file was Generated by Skype Freak\n[~] http://osandamalith.github.io/SkypeFreak/"
filename = str(raw_input("[~] Enter a Filename: "))
file = open(filename+'.txt' , "w")
file.write(output)
file.close()
print '[~] File Saved to ' + os.path.abspath(filename) + '.txt'
mainMenu(skypeDB, PathName)
break
except Exception, e:
print '[!] Access Denied! Directory is not writable. Probably you are in C:\\ drive'
if choice[0] == 'n':
mainMenu(skypeDB, PathName)
break

def Msgs(skypeDB, PathName):
connexion = sqlite3.connect(skypeDB)
c = connexion.cursor()
c.execute("SELECT datetime(timestamp,'unixepoch'), \
dialog_partner, author, body_xml FROM Messages;")
msgs = '[*] --- Messages Found of %s' % (os.path.basename(PathName)) +' ---\n'
for row in c:
try:
if 'partlist' not in str(row[3]):
if str(row[1]) != str(row[2]):
msgDirection = 'To ' + str(row[1]) + ': '
else:
msgDirection = 'From ' + str(row[2]) + ': '
print 'Time: ' + str(row[0]) + ' ' \
+ msgDirection + str(row[3])

msgs += 'Time: ' + str(row[0]) + ' ' + msgDirection + str(row[3]) + '\n'
except:
pass

while True:
try:
choice = raw_input("[~] Generate Output?\n")
choice = choice.lower()
except (NameError, SyntaxError, EOFError):
print '[!] Error Occured'
if choice[0] == 'y':
try:
output = msgs
output += "\n[*] This file was Generated by Skype Freak\n[~] http://osandamalith.github.io/SkypeFreak/"
filename = str(raw_input("[~] Enter Filename: "))
file = open(filename+'.txt' , "w")
file.write(output)
file.close()
print '[~] File Saved to ' + os.path.abspath(filename) + '.txt'
mainMenu(skypeDB, PathName)
break
except Exception, e:
print '[!] Access Denied! Directory is not writable. Probably you are in C:\\ drive'
if choice[0] == 'n':
mainMenu(skypeDB, PathName)
break

def fullReport(skypeDB, PathName):
connexion = sqlite3.connect(skypeDB)
c = connexion.cursor()
c.execute("SELECT fullname, skypename, city, country,\
datetime(profile_timestamp,'unixepoch') FROM Accounts")
profile = '[*] --- Details of %s' % (os.path.basename(PathName)) +' ---\n\n'
for row in c:
profile += '[+] User: %s \n' %(str(row[0]))
profile += '[+] Skype Username: %s\n'%(str(row[1]))
profile += '[+] Country: %s\n' % (str(row[2]))
profile += '[+] Location: %s\n'% (str(row[3]))

c.execute("SELECT displayname, skypename, country, city, about, phone_mobile, homepage, \
birthday , datetime(lastonline_timestamp,'unixepoch') FROM Contacts;")

contacts = '\n\n[*] --- Found Contacts of %s' % (os.path.basename(PathName)) +' ---\n\n'
for row in c:
contacts += '\n\n[+] User: %s' %(str(row[0]))
contacts += '\n[+] Skype Username: %s\n' %(str(row[1]))
if str(row[2])!= 'None':
contacts += '[+] Country: %s\n' %(str(row[2]))
if str(row[3])!= 'None':
contacts += '[+] City: %s\n' %(str(row[3]))
if str(row[4])!= 'None':
contacts += '[+] About Text: %s\n' %(str(row[4]))
if str(row[5])!= 'None':
contacts += '[+] Mobile Number: %s\n' %(str(row[5]))
if str(row[6])!= 'None':
contacts += '[+] Homepage URL: %s\n' %(str(row[6]))
if str(row[7])!= 'None':
contacts += '[+] Birthday: %s\n' %(str(row[7]))
if str(row[8])!= 'None':
contacts += '[+] Last Online Date: %s\n' %(str(row[8]))

c.execute("SELECT datetime(begin_timestamp,'unixepoch'), time(duration,'unixepoch'), \
is_incoming, identity FROM calls, conversations WHERE calls.conv_dbid = conversations.id;")

calls = '\n\n[*] --- Found Calls of %s' % (os.path.basename(PathName)) +' ---\n\n'
for row in c:

calls += '[+] Date: %s'%(str(row[0])) + ' | Partner: %s\n' %(str(row[3]))
if (str(row[1])) != 'None':
calls += '[+] Call Duration: %s\n' %(str(row[1]))
if ((str(row[2])) == '1'):
calls += '[~] This was an Incoming Call\n\n'
else:
calls += '[~] This was an Outgoing Call\n\n'

connexion = sqlite3.connect(skypeDB)
c.execute("SELECT datetime(timestamp,'unixepoch'), \
dialog_partner, author, body_xml FROM Messages;")
msgs = '\n\n[*] --- Messages Found of %s' % (os.path.basename(PathName)) +' ---\n\n'
for row in c:
try:
if 'partlist' not in str(row[3]):
if str(row[1]) != str(row[2]):
msgDirection = 'To ' + str(row[1]) + ': '
else:
msgDirection = 'From ' + str(row[2]) + ': '
msgs += 'Time: ' + str(row[0]) + ' ' + msgDirection + str(row[3]) + '\n'
except:
pass

output = profile + contacts + calls + msgs
output += "\n[*] This file was Generated by Skype Freak\n[~] http://osandamalith.github.io/SkypeFreak/"
filename = str(raw_input("[~] Enter Filename: "))
file = open(filename+'.txt' , "w")
file.write(output)
file.close()
print '[~] File Saved to ' + os.path.abspath(filename) + '.txt'
mainMenu(skypeDB, PathName)


def mainMenu(skypeDB, PathName):
while True:
try:
choice = raw_input("[~] Go to Main Menu?\n")
choice = choice.lower()
except (NameError, SyntaxError, EOFError):
print '[!] Error Occured'
if choice[0] == 'y':
banner(skypeDB, PathName)
if choice[0] == 'n':
sys.exit(0)

def banner(skypeDB, PathName):

if os.name == "nt":
os.system('cls')
else:
os.system('clear')

print '''
8""""8
8 e e e e eeeee eeee
8eeeee 8 8 8 8 8 8 8
88 8eee8e 8eeee8 8eee8 8eee
e 88 88 8 88 88 88
8eee88 88 8 88 88 88ee

8""""
8 eeeee eeee eeeee e e
8eeee 8 8 8 8 8 8 8
88 8eee8e 8eee 8eee8 8eee8e
88 88 8 88 88 8 88 8
88 88 8 88ee 88 8 88 8

'''
print '%s' %('A creation of Osanda Malith\nURL: http://osandamalith.github.io/SkypeFreak/') + '\n'

while True:
try:
choice = int(raw_input("[~] What Do You Like to Investigate? \
\n1. Profile\n2. Contact\n3. Calls\n4. Messages\n5. Generate Full Report\n6. Exit\n" ))
except ValueError:
print '[!] Enter Only a Number'
continue
if choice == 1:
Profile(skypeDB, PathName)
break
if choice == 2:
Contacts(skypeDB, PathName)
break
if choice == 3:
Calls(skypeDB, PathName)
break
if choice == 4:
Msgs(skypeDB, PathName)
break
if choice == 5:
fullReport(skypeDB, PathName)
break
if choice == 6:
sys.exit(0)
else:
print '[!] Invalid Choice'



def menu(username):

if os.name == "nt":
PathName = os.getenv('appdata') + "\\Skype\\" + username
elif os.name == "posix":
PathName = os.getenv('HOME') + "/.Skype/" + username

if PathName == None :
print '[!] Please Enter a valid Skype username '

elif ((os.name == "posix") and (os.path.isdir(PathName) == False)):
PathName = os.getenv('HOME') + "/Library/Application Support/Skype/" + username
skypeDB = os.path.join(PathName, 'main.db')

if os.path.isfile(skypeDB):
banner(skypeDB,PathName)


elif os.path.isdir(PathName) == False:
print '[!] Username Does Not Exist '

else:
skypeDB = os.path.join(PathName, 'main.db')

if os.path.isfile(skypeDB):
banner(skypeDB,PathName)

def main():
try:
if os.name == "nt":
os.system('cls')
else:
os.system('clear')
while True:
username = str(raw_input("[~] Enter your Skype Username: "))
menu(username)
break

except (KeyboardInterrupt):
print '[!] Ctrl + C detected\n[!] Exiting'
sys.exit(0)
except (EOFError):
print '[!] Ctrl + D detected\n[!] Exiting'
sys.exit(0)



if __name__ == "__main__":
main()

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

June 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    14 Files
  • 2
    Jun 2nd
    1 Files
  • 3
    Jun 3rd
    3 Files
  • 4
    Jun 4th
    18 Files
  • 5
    Jun 5th
    21 Files
  • 6
    Jun 6th
    8 Files
  • 7
    Jun 7th
    16 Files
  • 8
    Jun 8th
    18 Files
  • 9
    Jun 9th
    5 Files
  • 10
    Jun 10th
    2 Files
  • 11
    Jun 11th
    21 Files
  • 12
    Jun 12th
    32 Files
  • 13
    Jun 13th
    15 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    4 Files
  • 16
    Jun 16th
    1 Files
  • 17
    Jun 17th
    2 Files
  • 18
    Jun 18th
    15 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    15 Files
  • 21
    Jun 21st
    15 Files
  • 22
    Jun 22nd
    7 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close