EricZimmerman
Additional KAPE variable for unique output filenames
KAPE version
1.2.0.0
Is your feature request related to a problem? Please describe.
Some tools only allow for the specification of an output filename, overriding previous data if multiple executions are triggered.
For example, Nirsoft usbdeview.exe utility may retrieve data from the SYSTEM and RegBack\SYSTEM registry hives, but the second execution overrides the data from the previous one:
Describe the solution you'd like
A way to add uniqueness to output filename for tools that do not natively support this would be nice. A %timestamp% variable, replaced at runtime by the execution timestamp, would allow third-party tools to match the behavior of Eric Zimmerman's tools.
Describe alternatives you've considered
Instead of a %timestamp% variable, a variable that would convert the %sourceFile% path to a (Windows) valid filename would also allow for unique outputs. For example by converting X:\Windows\System32\config\SYSTEM to X_Windows_System32_config_SYSTEM.
what if the path is crazy long? that would break things. would something like %guid% work to add a random guid to the output filename, guaranteeing uniqueness? heck, even a new random #s between 0 and 10000 work.
Indeed anything that would make the filename unique would work (prefered solution mentioned timestamps, but a GUID or a random number would be fine as well)
the real solution here is for other tools to not blindly overwrite things, but alas, we cant control those.
im thinking something like this since %d already exists, for timestamp. Note that the KAPE CLI option is %d, the NEW option is %d% (% on both sides)
CommandLine: -f %sourceFile% --csv %destinationDirectory%\%sourceDirectoryBase% --csvf foo_%d%.csv
ends up working like this:
i also added %guid%, so this works:
