Incorrect hayabusa evtx parser flags in modules

[st3l1n]

KAPE version

1.2.0.0

Describe the bug

New versions of hayabusa require a -U or --UTC flag for UTC output, but modules have the --utc flag, which leads to module failure

To Reproduce

Steps to reproduce the behavior:

1. Create a folder "hayabusa" within the "Modules\bin" KAPE folder
2. Place "zip archive" file into "Modules\bin\hayabusa" and unpack
3. You can delete all except: "config"; "rules" and the "hayabusa.exe"
4. .\kape.exe --tsource C: --tdest C:\Users\root\tools\test --tflush --target EventLogs --mdest C:\Users\root\tools\test1 --mflush --module hayabusa_LiveResponse
5. See the error:

Executing remaining modules...
        Running 'hayabusa\hayabusa.exe': --live-analysis --min-level low --utc --quiet --rfc-2822 -o C:\Users\root\tools\test1\EventLogs\hayabusa.csv
                error: Found argument '--utc' which wasn't expected, or isn't valid in this context
                        If you tried to supply `--utc` as a value rather than a flag, use `-- --utc`
                USAGE:
                    hayabusa.exe -f file.evtx [OPTIONS] / hayabusa.exe -d evtx-directory [OPTIONS]
                For more information try --help

Expected behavior

After the kape command I expected:

        Running 'hayabusa\hayabusa.exe': -d C:\Users\root\tools\test -U --quiet -o C:\Users\root\tools\test1\EventLogs\hayabusa.csv
Executed 1 processor in 4,5788 seconds

Screenshots

Additional context

The solution is intuitive, change the --utc to --UTC in hayabusa*.mkape.

[gs3cl]

Hey yes that is correct this option has been changed within the last Hayabusa update. I can/will change this in the next few days.

Thanks

[gs3cl]

refer to: https://github.com/EricZimmerman/KapeFiles/pull/685

[st3l1n]

Hi! Yep, thx for a rapid response)