Created
September 6, 2025 21:46
-
-
Save teebow1e/c8064fd2016d08bc5de04f3374a042f0 to your computer and use it in GitHub Desktop.
Install EricZimmerman tools on Linux
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| declare -A TOOLS=( | |
| ["EvtxECmd"]=true | |
| ["AmcacheParser"]=true | |
| ["AppCompatCacheParser"]=true | |
| ["JLECmd"]=true | |
| ["LECmd"]=true | |
| ["MFTECmd"]=true | |
| ["PECmd"]=true | |
| ["RBCmd"]=true | |
| ["RecentFileCacheParser"]=true | |
| ["RECmd"]=true | |
| ["SBECmd"]=true | |
| ) | |
| declare -A TOOL_URLS=( | |
| ["EvtxECmd"]="https://download.ericzimmermanstools.com/net9/EvtxECmd.zip" | |
| ["AmcacheParser"]="https://download.ericzimmermanstools.com/net9/AmcacheParser.zip" | |
| ["AppCompatCacheParser"]="https://download.ericzimmermanstools.com/net9/AppCompatCacheParser.zip" | |
| ["JLECmd"]="https://download.ericzimmermanstools.com/net9/JLECmd.zip" | |
| ["LECmd"]="https://download.ericzimmermanstools.com/net9/LECmd.zip" | |
| ["MFTECmd"]="https://download.ericzimmermanstools.com/net9/MFTECmd.zip" | |
| ["PECmd"]="https://download.ericzimmermanstools.com/net9/PECmd.zip" | |
| ["RBCmd"]="https://download.ericzimmermanstools.com/net9/RBCmd.zip" | |
| ["RecentFileCacheParser"]="https://download.ericzimmermanstools.com/net9/RecentFileCacheParser.zip" | |
| ["RECmd"]="https://download.ericzimmermanstools.com/net9/RECmd.zip" | |
| ["SBECmd"]="https://download.ericzimmermanstools.com/net9/SBECmd.zip" | |
| ) | |
| declare -A TOOL_DESTINATIONS=( | |
| ["EvtxECmd"]="/opt" | |
| ["AmcacheParser"]="/opt/AmcacheParser" | |
| ["AppCompatCacheParser"]="/opt/AppCompatCacheParser" | |
| ["JLECmd"]="/opt/JLECmd" | |
| ["LECmd"]="/opt/LECmd" | |
| ["MFTECmd"]="/opt/MFTECmd" | |
| ["PECmd"]="/opt/PECmd" | |
| ["RBCmd"]="/opt/RBCmd" | |
| ["RecentFileCacheParser"]="/opt/RecentFileCacheParser" | |
| ["RECmd"]="/opt" | |
| ["SBECmd"]="/opt/SBECmd" | |
| ) | |
| declare -A TOOL_ALIASES=( | |
| ["EvtxECmd"]="alias evtxecmd='dotnet /opt/EvtxeCmd/EvtxECmd.dll'" | |
| ["AmcacheParser"]="alias amcacheparser='dotnet /opt/AmcacheParser/AmcacheParser.dll'" | |
| ["AppCompatCacheParser"]="alias appcompatcacheparser='dotnet /opt/AppCompatCacheParser/AppCompatCacheParser.dll'" | |
| ["JLECmd"]="alias jlecmd='dotnet /opt/JLECmd/JLECmd.dll'" | |
| ["LECmd"]="alias lecmd='dotnet /opt/LECmd/LECmd.dll'" | |
| ["MFTECmd"]="alias mftecmd='dotnet /opt/MFTEcmd/MFTECmd.dll'" | |
| ["PECmd"]="alias pecmd='dotnet /opt/PECmd/PECmd.dll'" | |
| ["RBCmd"]="alias rbcmd='dotnet /opt/RBCmd/RBCmd.dll'" | |
| ["RecentFileCacheParser"]="alias recentfilecacheparser='dotnet /opt/RecentFileCacheParser/RecentFileCacheParser.dll'" | |
| ["RECmd"]="alias recmd='dotnet /opt/RECmd/RECmd.dll'" | |
| ["SBECmd"]="alias sbecmd='dotnet /opt/SBECmd/SBECmd.dll'" | |
| ) | |
| GREEN=$'\e[0;32m' | |
| RED=$'\e[0;31m' | |
| NC=$'\e[0m' | |
| clear | |
| echo "Installing prereqs..." 1>&2 | |
| if sudo apt-get update > /dev/null && sudo apt-get install -y wget apt-transport-https software-properties-common > /dev/null; then | |
| echo "${GREEN}Prereqs installed.${NC}" 1>&2 | |
| else | |
| echo "${RED}ERROR: Couldn't install prereqs.${NC}" 1>&2 | |
| fi | |
| echo "Installing .NET9..." 1>&2 | |
| if sudo add-apt-repository ppa:dotnet/backports -y > /dev/null && sudo apt-get update > /dev/null && sudo apt-get install -y dotnet-runtime-9.0 > /dev/null; then | |
| echo "${GREEN}.NET9 installed.${NC}" 1>&2 | |
| else | |
| echo "${RED}ERROR: Couldn't install .NET9.${NC}" 1>&2 | |
| fi | |
| download_and_unzip() { | |
| local url="$1" | |
| local dest_dir="$2" | |
| local zip_name=$(basename "$url") | |
| echo "--------------------------------------------------------------------------------------------" 1>&2 | |
| echo "Downloading ${zip_name}..." 1>&2 | |
| if wget "$url" -q && sudo unzip "$zip_name" -d "$dest_dir" > /dev/null 2>&1 && rm -f "$zip_name"; then | |
| echo "${GREEN}${zip_name} installed.${NC}" 1>&2 | |
| else | |
| echo "${RED}ERROR: Couldn't install ${zip_name}.${NC}" 1>&2 | |
| fi | |
| } | |
| for tool in "${!TOOLS[@]}"; do | |
| if [ "${TOOLS[$tool]}" = true ]; then | |
| download_and_unzip "${TOOL_URLS[$tool]}" "${TOOL_DESTINATIONS[$tool]}" | |
| fi | |
| done | |
| echo "--------------------------------------------------------------------------------------------" | |
| echo "Finalising..." | |
| export PATH="$PATH:/opt" | |
| for tool in "${!TOOL_ALIASES[@]}"; do | |
| if [ "${TOOLS[$tool]}" = true ]; then | |
| if [ -n "$SUDO_USER" ]; then | |
| echo "${TOOL_ALIASES[$tool]}" >> "/home/$SUDO_USER/.bashrc" | |
| else | |
| echo "${TOOL_ALIASES[$tool]}" >> ~/.bashrc | |
| fi | |
| fi | |
| done | |
| . ~/.bashrc | |
| read -p "Installation complete. You may need to exit the terminal for the relevant aliases to work. Press any key to exit script..." |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment