talaikis · June 10, 2017 10:12
diff --git a/sniff.py b/sniff.py
 """
 Recycle bin sniffer for Windows.
 Tested on Python 3.6, Windows 8.1.
 """

 from os import listdir
 from os.path import isdir
 import optparse
 from winreg import (OpenKey, QueryValueEx)
 from shutil import  move

 ext = None

 def sid_to_user(sid):
    try:
        key = OpenKey(key=HKEY_LOCAL_MACHINE,
            sub_key="SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList"
            + '\\' + sid)
        (value, type) = QueryValueEx(key=key, value_name='ProfileImagePath')
        user = value.split("\\")[-1]
        return user
    except:
        return sid


 def return_dir():
    dirs = ["C:\\Recycler\\", "C:\\Recycled\\", "C:\\$Recycle.Bin\\"]
    for recycle_dir in dirs:
        if isdir(recycle_dir):
            print("Recycle dir is {}".format(recycle_dir))
            return recycle_dir


 def find_recycled_files(recycle_dir):
    dir_list = listdir(recycle_dir)
    for sid in dir_list:
        files = listdir(recycle_dir + sid)
        user = sid_to_user(sid)
        print("\n[*] Files for user: " + str(user))
        for f in files:
            try:
                file_path = recycle_dir + sid + "\\" + f
                print("[+] Found file: " + file_path)
                if ext:
                    move_file(ext=ext, f=f, file_path=file_path)
            except Exception as e:
                print("Error encountered {}".format(e))


 def move_file(ext, f, file_path):
    if ext in f:
        destination = "C:\\" + f
        move(file_path, destination)


 def main():
    recycled_dir = return_dir()
    find_recycled_files(recycle_dir=recycled_dir)

    
 main()
	"""
	Recycle bin sniffer for Windows.
	Tested on Python 3.6, Windows 8.1.
	"""

	from os import listdir
	from os.path import isdir
	import optparse
	from winreg import (OpenKey, QueryValueEx)
	from shutil import move

	ext = None

	def sid_to_user(sid):
	try:
	key = OpenKey(key=HKEY_LOCAL_MACHINE,
	sub_key="SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList"
	+ '\\' + sid)
	(value, type) = QueryValueEx(key=key, value_name='ProfileImagePath')
	user = value.split("\\")[-1]
	return user
	except:
	return sid


	def return_dir():
	dirs = ["C:\\Recycler\\", "C:\\Recycled\\", "C:\\$Recycle.Bin\\"]
	for recycle_dir in dirs:
	if isdir(recycle_dir):
	print("Recycle dir is {}".format(recycle_dir))
	return recycle_dir


	def find_recycled_files(recycle_dir):
	dir_list = listdir(recycle_dir)
	for sid in dir_list:
	files = listdir(recycle_dir + sid)
	user = sid_to_user(sid)
	print("\n[*] Files for user: " + str(user))
	for f in files:
	try:
	file_path = recycle_dir + sid + "\\" + f
	print("[+] Found file: " + file_path)
	if ext:
	move_file(ext=ext, f=f, file_path=file_path)
	except Exception as e:
	print("Error encountered {}".format(e))


	def move_file(ext, f, file_path):
	if ext in f:
	destination = "C:\\" + f
	move(file_path, destination)


	def main():
	recycled_dir = return_dir()
	find_recycled_files(recycle_dir=recycled_dir)


	main()