{"id":101,"date":"2024-11-14T18:56:41","date_gmt":"2024-11-14T17:56:41","guid":{"rendered":"https:\/\/aralez.co\/index.php\/docs\/documentation\/3-core-functionality\/running-a-basic-collection\/"},"modified":"2024-11-17T20:28:37","modified_gmt":"2024-11-17T19:28:37","password":"","slug":"running-a-basic-collection","status":"publish","type":"docs","link":"https:\/\/aralez.co\/index.php\/docs\/running-a-basic-collection\/","title":{"rendered":"Tools Overview"},"content":{"rendered":"\n

Aralez utilizes a combination of internal tools<\/strong>, external tools<\/strong>, and Windows system commands<\/strong> to collect forensic artifacts and provide detailed system overview. This page explains each tool type and provides guidance on adding and configuring tools.<\/p>\n\n\n\n

<\/div>\n\n\n\n

Internal Tools<\/h4>\n\n\n\n

Internal tools are built directly into Aralez and provide specific forensic functionalities, such as retrieving process details, active network ports, and other system-level data. These tools are integrated into the tool\u2019s source code and do not rely on external executables.<\/p>\n\n\n\n

<\/div>\n\n\n\n
Available Internal Tools<\/h5>\n\n\n\n
Tool Name<\/strong><\/th>Description<\/strong><\/th><\/tr><\/thead>
ProcInfo<\/strong><\/td>Retrieves basic process information, including PID, parent PID, and executable name.<\/td><\/tr>
ProcDetailsInfo<\/strong><\/td>Collects detailed process information such as loaded modules, memory usage, and hashes (MD5, SHA-256).<\/td><\/tr>
PortsInfo<\/strong><\/td>Gathers information on open TCP ports, including local\/remote addresses and connection states.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

Example:<\/p>\n\n\n\n

<\/path><\/path><\/svg><\/span>
tasks:<\/span><\/span>\n  <\/span>tools:<\/span><\/span>\n    <\/span>priority:<\/span> <\/span>3<\/span><\/span>\n    <\/span>type<\/span>: <\/span>"<\/span>execute<\/span>"<\/span><\/span>\n    <\/span>entries:<\/span><\/span>\n      <\/span>internal:<\/span> <\/span><\/span>\n        <\/span>-<\/span> <\/span>name:<\/span> <\/span>"<\/span>ProcInfo<\/span>"<\/span><\/span>\n          <\/span>output_file:<\/span> <\/span>"<\/span>ProcInfo.txt<\/span>"<\/span><\/span>\n          <\/span>exec_type:<\/span> <\/span>"<\/span>internal<\/span>"<\/span><\/span>\n        <\/span>-<\/span> <\/span>name:<\/span> <\/span>"<\/span>ProcDetailsInfo<\/span>"<\/span><\/span>\n          <\/span>output_file:<\/span> <\/span>"<\/span>ProcDetailsInfo.txt<\/span>"<\/span><\/span>\n          <\/span>exec_type:<\/span> <\/span>"<\/span>internal<\/span>"<\/span><\/span>\n        <\/span>-<\/span> <\/span>name:<\/span> <\/span>"<\/span>PortsInfo<\/span>"<\/span><\/span>\n          <\/span>output_file:<\/span> <\/span>"<\/span>PortsInfo.txt<\/span>"<\/span><\/span>\n          <\/span>exec_type:<\/span> <\/span>"<\/span>internal<\/span>"<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n
<\/div>\n\n\n\n
External Tools<\/h4>\n\n\n\n
External tools are third-party utilities included in the Sysinternals Suite<\/strong> or other external sources. These tools are widely used in system analysis and troubleshooting.<\/p>\n\n\n\n
<\/div>\n\n\n\n
Available External Tools<\/h6>\n\n\n\n
Tool Name<\/strong><\/th>Description<\/strong><\/th><\/tr><\/thead>
autorunsc.exe<\/strong><\/td>Lists auto-start programs and services.<\/td><\/tr>
handle.exe<\/strong><\/td>Displays open handles for processes.<\/td><\/tr>
Listdlls.exe<\/strong><\/td>Lists loaded DLLs and their associated processes.<\/td><\/tr>
pslist.exe<\/strong><\/td>Lists active processes with detailed information.<\/td><\/tr>
PsService.exe<\/strong><\/td>Displays and controls services on the system.<\/td><\/tr>
tcpvcon.exe<\/strong><\/td>Lists active TCP connections.<\/td><\/tr>
pipelist.exe<\/strong><\/td>Displays named pipes and the processes using them.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
Example:<\/p>\n\n\n\n
<\/path><\/path><\/svg><\/span>
tasks:<\/span><\/span>\n  <\/span>tools:<\/span><\/span>\n    <\/span>priority:<\/span> <\/span>3<\/span><\/span>\n    <\/span>type<\/span>: <\/span>"<\/span>execute<\/span>"<\/span><\/span>\n    <\/span>entries:<\/span><\/span>\n      <\/span>external:<\/span> <\/span><\/span>\n        <\/span>-<\/span> <\/span>name:<\/span> <\/span>"<\/span>autorunsc.exe<\/span>"<\/span><\/span>\n          <\/span>args:<\/span> [<\/span>"<\/span>-nobanner<\/span>"<\/span>, <\/span>"<\/span>-c<\/span>"<\/span>,<\/span> <\/span>"<\/span>\/accepteula<\/span>"<\/span>]<\/span><\/span>\n          <\/span>output_file:<\/span> <\/span>"<\/span>Autorunsc.txt<\/span>"<\/span><\/span>\n          <\/span>exec_type:<\/span> <\/span>"<\/span>external<\/span>"<\/span><\/span>\n        <\/span>-<\/span> <\/span>name:<\/span> <\/span>"<\/span>handle.exe<\/span>"<\/span><\/span>\n          <\/span>args:<\/span> [<\/span>"<\/span>\/accepteula<\/span>"<\/span>, <\/span>"<\/span>\/a<\/span>"<\/span>,<\/span> <\/span>"<\/span>\/nobanner<\/span>"<\/span>]<\/span><\/span>\n          <\/span>output_file:<\/span> <\/span>"<\/span>Handle.txt<\/span>"<\/span><\/span>\n          <\/span>exec_type:<\/span> <\/span>"<\/span>external<\/span>"<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n
<\/div>\n\n\n\n
Adding New External Tools<\/h6>\n\n\n\n
To add new external tools:<\/p>\n\n\n\n
    \n
  1. Modify build.rs<\/code>:<\/strong>\n
      \n
    • Update the list of external tools in the exe_files<\/code> array.<\/li>\n\n\n\n
    • Ensure the build script downloads and extracts the new tool during the build process.<\/li>\n<\/ul>\n<\/li>\n\n\n\n
    • Update the Configuration File:<\/strong>\n
        \n
      • Add the new tool under the external<\/code> section with its name<\/code>, args<\/code>, and output_file<\/code>.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n
        <\/div>\n\n\n\n
        Steps to Add a New External Tool<\/strong><\/h6>\n\n\n\n
        Edit build.rs<\/code><\/strong>: Add the new tool\u2019s executable name to the exe_files<\/code> array:<\/p>\n\n\n\n
        <\/path><\/path><\/svg><\/span>
        let<\/span> <\/span>exe_files<\/span> <\/span>=<\/span> <\/span>vec![<\/span><\/span>\n    <\/span>"autorunsc.exe"<\/span>,<\/span><\/span>\n    <\/span>"handle.exe"<\/span>,<\/span><\/span>\n    <\/span>"Listdlls.exe"<\/span>,<\/span><\/span>\n    <\/span>"pslist.exe"<\/span>,<\/span><\/span>\n    <\/span>"PsService.exe"<\/span>,<\/span><\/span>\n    <\/span>"tcpvcon.exe"<\/span>,<\/span><\/span>\n    <\/span>"pipelist.exe"<\/span>,<\/span><\/span>\n    <\/span>"new_tool.exe"<\/span>,<\/span> <\/span>\/\/<\/span> <\/span>Add<\/span> <\/span>your<\/span> <\/span>new<\/span> <\/span>tool<\/span> <\/span>here<\/span><\/span>\n];<\/span><\/span>\n<\/span><\/code><\/pre><\/div>\n\n\n\n
        Recompile the Project<\/strong>: Run the following command to rebuild the tool with the updated build.rs<\/code>:<\/p>\n\n\n\n
        <\/path><\/path><\/svg><\/span>
        cargo<\/span> <\/span>build<\/span> <\/span>--release<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n
        Update the Configuration File<\/strong>: Define the new tool in the YAML file:<\/p>\n\n\n\n
        <\/path><\/path><\/svg><\/span>
        tasks:<\/span><\/span>\n  <\/span>tools:<\/span><\/span>\n    <\/span>priority:<\/span> <\/span>3<\/span><\/span>\n    <\/span>type<\/span>: <\/span>"<\/span>execute<\/span>"<\/span><\/span>\n    <\/span>entries:<\/span><\/span>\n      <\/span>external:<\/span><\/span>\n        <\/span>-<\/span> <\/span>name:<\/span> <\/span>"<\/span>new_tool.exe<\/span>"<\/span><\/span>\n          <\/span>args:<\/span> [<\/span>"<\/span>--example-arg<\/span>"<\/span>]<\/span><\/span>\n          <\/span>output_file:<\/span> <\/span>"<\/span>NewToolOutput.txt<\/span>"<\/span><\/span>\n          <\/span>exec_type:<\/span> <\/span>"<\/span>external<\/span>"<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n
        <\/div>\n\n\n\n
        Windows System Tools<\/h4>\n\n\n\n
        Windows system tools are native utilities included in every Windows installation. Aralez uses these tools to collect system and network information without requiring external dependencies.<\/p>\n\n\n\n
        <\/div>\n\n\n\n
        Some examples of Windows System Tools<\/h6>\n\n\n\n
        Command<\/strong><\/th>Description<\/strong><\/th><\/tr><\/thead>
        netstat.exe<\/strong><\/td>Displays active network connections and listening ports.<\/td><\/tr>
        ipconfig.exe<\/strong><\/td>Displays network configuration, including IP addresses and DNS cache.<\/td><\/tr>
        systeminfo.exe<\/strong><\/td>Collects system hardware and software information.<\/td><\/tr>
        tasklist.exe<\/strong><\/td>Lists running tasks and their details.<\/td><\/tr>
        net.exe<\/strong><\/td>Displays network shares on the system.<\/td><\/tr>
        powershell<\/strong><\/td>Executes a PowerShell command to gather detailed system information.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
        Example:<\/p>\n\n\n\n
        <\/path><\/path><\/svg><\/span>
        tasks:<\/span><\/span>\n  <\/span>tools:<\/span><\/span>\n    <\/span>priority:<\/span> <\/span>3<\/span><\/span>\n    <\/span>type<\/span>: <\/span>"<\/span>execute<\/span>"<\/span><\/span>\n    <\/span>entries:<\/span><\/span>\n      <\/span>system:<\/span><\/span>\n        <\/span>-<\/span> <\/span>name:<\/span> <\/span>"<\/span>netstat.exe<\/span>"<\/span><\/span>\n          <\/span>args:<\/span> [<\/span>"<\/span>-anob<\/span>"<\/span>]<\/span><\/span>\n          <\/span>output_file:<\/span> <\/span>"<\/span>NetStat.txt<\/span>"<\/span><\/span>\n          <\/span>exec_type:<\/span> <\/span>"<\/span>system<\/span>"<\/span><\/span>\n        <\/span>-<\/span> <\/span>name:<\/span> <\/span>"<\/span>ipconfig.exe<\/span>"<\/span><\/span>\n          <\/span>args:<\/span> [<\/span>"<\/span>\/all<\/span>"<\/span>]<\/span><\/span>\n          <\/span>output_file:<\/span> <\/span>"<\/span>IPConfig.txt<\/span>"<\/span><\/span>\n          <\/span>exec_type:<\/span> <\/span>"<\/span>system<\/span>"<\/span><\/span>\n        <\/span>-<\/span> <\/span>name:<\/span> <\/span>"<\/span>systeminfo.exe<\/span>"<\/span><\/span>\n          <\/span>args:<\/span> []<\/span><\/span>\n          <\/span>output_file:<\/span> <\/span>"<\/span>SystemInfo.txt<\/span>"<\/span><\/span>\n          <\/span>exec_type:<\/span> <\/span>"<\/span>system<\/span>"<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n
        <\/div>\n\n\n\n
        How to Add or Customize Tools<\/strong><\/h4>\n\n\n\n
        Internal Tools<\/strong>:<\/p>\n\n\n\n
          \n
        • Modify the Aralez source code and recompile the tool.<\/li>\n<\/ul>\n\n\n\n
          External Tools<\/strong>:<\/p>\n\n\n\n
            \n
          • Update the build.rs<\/code> file to include the new tool in the download and extraction process.<\/li>\n\n\n\n
          • Add the tool\u2019s configuration in the YAML file.<\/li>\n<\/ul>\n\n\n\n
            Windows System Tools<\/strong>:<\/p>\n\n\n\n
              \n
            • Add the command and its arguments to the configuration file under the system<\/code> section.<\/li>\n<\/ul>\n\n\n\n
              <\/p>\n","protected":false},"excerpt":{"rendered":"
              Aralez utilizes a combination of internal tools, external tools, and Windows system commands to collect forensic artifacts and provide detailed system overview. This page explains each tool type and provides guidance on adding and configuring tools. Internal Tools Internal tools are built directly into Aralez and provide specific forensic functionalities, such as retrieving process details, […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","template":"","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_themeisle_gutenberg_block_has_review":false,"footnotes":""},"doc_category":[10],"doc_tag":[],"class_list":["post-101","docs","type-docs","status-publish","hentry","doc_category-3-core-functionality"],"blocksy_meta":[],"aioseo_notices":[],"year_month":"2026-04","word_count":717,"total_views":0,"reactions":{"happy":0,"normal":0,"sad":0},"author_info":{"name":"ab","author_nicename":"admin5116","author_url":"https:\/\/aralez.co\/index.php\/author\/admin5116\/"},"doc_category_info":[{"term_name":"3. Core Functionality","term_url":"https:\/\/aralez.co\/index.php\/docs-category\/3-core-functionality\/"}],"doc_tag_info":[],"_links":{"self":[{"href":"https:\/\/aralez.co\/index.php\/wp-json\/wp\/v2\/docs\/101","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/aralez.co\/index.php\/wp-json\/wp\/v2\/docs"}],"about":[{"href":"https:\/\/aralez.co\/index.php\/wp-json\/wp\/v2\/types\/docs"}],"author":[{"embeddable":true,"href":"https:\/\/aralez.co\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/aralez.co\/index.php\/wp-json\/wp\/v2\/comments?post=101"}],"version-history":[{"count":11,"href":"https:\/\/aralez.co\/index.php\/wp-json\/wp\/v2\/docs\/101\/revisions"}],"predecessor-version":[{"id":469,"href":"https:\/\/aralez.co\/index.php\/wp-json\/wp\/v2\/docs\/101\/revisions\/469"}],"wp:attachment":[{"href":"https:\/\/aralez.co\/index.php\/wp-json\/wp\/v2\/media?parent=101"}],"wp:term":[{"taxonomy":"doc_category","embeddable":true,"href":"https:\/\/aralez.co\/index.php\/wp-json\/wp\/v2\/doc_category?post=101"},{"taxonomy":"doc_tag","embeddable":true,"href":"https:\/\/aralez.co\/index.php\/wp-json\/wp\/v2\/doc_tag?post=101"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}