Added functionality

added securitytools functions

backend/lists/security-tools.md

@@ -0,0 +1,452 @@
+Anti-Virus (AV):
+360rp.exe
+360sd.exe
+360tray.exe
+a2guard.exe
+a2service.exe
+a2start.exe
+agent.exe
+amp.exe
+ashServ.exe
+aswidsagent.exe
+avastsvc.exe
+avastui.exe
+avcenter.exe
+avengine.exe
+avgsrmaa.exe
+avgsvc.exe
+avguard.exe
+avgui.exe
+AVKService.exe
+AVKTray.exe
+AVKWCtl.exe
+avp.exe
+bdservicehost.exe
+beats.exe
+BgMain.exe
+BkavService.exe
+BkavUI.exe
+BullGuard.exe
+CbDefense.exe
+cb.exe
+ccsvchst.exe
+cis.exe
+clamscan.exe
+clamtray.exe
+cmdagent.exe
+coreServiceShell.exe
+cpda.exe
+CSFalconContainer.exe
+CSFalconService.exe
+CylanceSvc.exe
+CylanceUI.exe
+DeepInstinctService.exe
+DeepInstinctTray.exe
+drweb32.exe
+egui.exe
+ekrn.exe
+elastic-agent.exe
+FortiEDRCollector.exe
+FortiEDRDaemon.exe
+freshclam.exe
+fsav32.exe
+fshoster32.exe
+fsorsp.exe
+HeimdalAgent.exe
+HeimdalThorAgent.exe
+iptray.exe
+kavsvc.exe
+masvc.exe
+mbam.exe
+mbamservice.exe
+mbamtray.exe
+mcshield.exe
+mfemms.exe
+mfetp.exe
+MsMpEng.exe
+nanoav.exe
+nanoavtray.exe
+NisSrv.exe
+nortonsecurity.exe
+ns.exe
+NTRTScan.exe
+openav.exe
+pavsrvx86.exe
+psanhost.exe
+Rav.exe
+RavMonD.exe
+repux.exe
+sched.exe
+seccenter.exe
+SentinelAgent.exe
+SentinelStaticEngine.exe
+sfc.exe
+sophoscleanservice.exe
+SophosFS.exe
+sophosfs.exe
+sophossps.exe
+SophosUI.exe
+sophosui.exe
+spideragent.exe
+spidernt.exe
+TmCCSF.exe
+tpas.exe
+tpasvc.exe
+trac.exe
+V3Main.exe
+V3Svc.exe
+vba32ldr.exe
+vba32utl.exe
+vsmon.exe
+vsserv.exe
+wrsa.exe
+xagt.exe
+zatray.exe
+MsMpEng.exe  
+MpCmdRun.exe  
+NisSrv.exe  
+AvastUI.exe  
+AvastSvc.exe  
+aswEngSrv.exe  
+aswidsagent.exe  
+avgui.exe  
+avgsrvx.exe  
+avgwdsvcx.exe  
+avp.exe  
+avpsus.exe  
+bdagent.exe  
+vsserv.exe  
+updatesrv.exe  
+ns.exe  
+nortonsecurity.exe  
+ccsvchst.exe  
+nis.exe  
+mcshield.exe  
+masvc.exe  
+mfemms.exe  
+egui.exe  
+ekrn.exe  
+SophosUI.exe  
+SophosScan.exe  
+SavService.exe  
+UfSeAgnt.exe  
+TmListen.exe  
+NTRtScan.exe  
+avcenter.exe  
+avgnt.exe  
+avguard.exe  
+PSANHost.exe  
+PSUAService.exe  
+mbam.exe  
+mbamservice.exe  
+cfp.exe  
+cmdagent.exe
+MsMpEng.exe
+MpCmdRun.exe
+MpUXSrv.exe
+NisSrv.exe
+SecurityHealthService.exe
+SecurityHealthSystray.exe
+AvastUI.exe
+AvastSvc.exe
+aswEngSrv.exe
+aswidsagent.exe
+avgui.exe
+avgsrvx.exe
+avgwdsvcx.exe
+avp.exe
+avpsus.exe
+kavtray.exe
+klnagent.exe
+bdagent.exe
+bdservicehost.exe
+bdlaunch.exe
+vsserv.exe
+updatesrv.exe
+ns.exe
+nortonsecurity.exe
+ccsvchst.exe
+nis.exe
+symerr.exe
+symlcsvc.exe
+mcshield.exe
+mcagent.exe
+masvc.exe
+mfemms.exe
+mcupdate.exe
+mfevtps.exe
+egui.exe
+eguiProxy.exe
+ekrn.exe
+SophosUI.exe
+SophosScan.exe
+SavService.exe
+ALMon.exe
+sophossps.exe
+UfSeAgnt.exe
+TmListen.exe
+NTRtScan.exe
+PccNTMon.exe
+avcenter.exe
+avgnt.exe
+avguard.exe
+sched.exe
+avscan.exe
+PSANHost.exe
+PSUAService.exe
+PandaSecurityTb.exe
+mbam.exe
+mbamtray.exe
+mbamservice.exe
+MBAMService.exe
+cfp.exe
+cmdagent.exe
+cis.exe
+cavwp.exe
+fshoster32.exe
+fsav32.exe
+fsgk32.exe
+WRSA.exe
+zlclient.exe
+vsmon.exe
+CSFalconService.exe
+CSFalconContainer.exe
+SentinelAgent.exe
+CbDefense.exe
+klnagent.exe
+klnagchk.exe
+klnagntf.exe
+klnagwds.exe
+klcsldcl.exe
+klcsngtgui.exe
+klcspxy.exe
+klshwmsg.exe
+kldumper.exe
+klmover.exe
+klwd.exe
+ksnproxy.exe
+klrirbtagt.exe
+avpdtagt.dll
+
+
+
+
+
+
+
+EndPoint Detection Response (EDR):
+Check Point
+CrowdStrike Falcon 
+IBM/HCL Notes Agent 
+McAfee Agent 
+Microsoft Defender
+
+
+Virtual Private Networks (VPN):
+Adguardvpn.exe
+airvpn.exe
+amnezia.exe
+Astrillvpn.exe
+AtlasVPN.exe
+AtlasVPNSetup.exe
+AvastSecureLine.exe
+azirevpn.exe
+bdvpnapp.exe
+beetvpn.exe
+Betternet.exe
+betternet.exe
+BetternetForWindows.exe
+bitdefendervpn.exe
+cactusvpn.exe
+celovpn.exe
+clearvpn.exe
+cryptostrom.exe
+CyberGhost.exe
+cyberghost.exe
+cyberghostvpn.exe
+cyberghostvpnsetup.exe
+dewvpn.exe
+encryptme.exe
+ExpressVPN.exe
+expressvpn.exe
+expressvpn-ui.exe
+f5fpc.exe
+f5fpclientW.exe
+fastestvpn.exe
+fastestvpn.exe
+FortiClient.exe
+freedome.exe
+fsecurefreedomevpn.exe
+goosevpn.exe
+hideme.exe
+hideme.exe
+hide.me-setup.exe
+hide.me VPN.exe
+hidemyass.exe
+hma-vpn.exe
+HMA-VPN-Setup.exe
+HotspotShield.exe
+hotspotshield.exe
+HSS-Installer.exe
+hsswd.exe
+ipsec.exe
+ipvanish.exe
+ipvanish.exe
+iTopVPN.exe
+ivacy.exe
+ivacy.exe
+IvacySetup.exe
+IvacyVPN.exe
+ivpn.exe
+kscvpn.exe
+letsvpn.exe
+limevpn.exe
+maskvpn.exe
+mullvad.exe
+musclevpn.exe
+nordlayer.exe
+NordVPN.exe
+nordvpn.exe
+NordVPNSetup.exe
+nortonsecurevpn.exe
+nortonsecurity.exe
+openconnect.exe
+OPenvpn.exe
+ovpn.exe
+paladinvpn.exe
+PanGPA.exe
+PanGPS.exe
+perfectprivacy.exe
+phantomvpn.exe
+phantomvpn.exe
+pia-client.exe
+pia-client.exe
+pia-installer.exe
+pritunl.exe
+privadovpn.exe
+privateinternetaccess.exe
+ProtonVPN.exe
+protonvpn.exe
+protonvpn.exe
+ProtonVPN_setup.exe
+proxygate.exe
+PulseSecure.exe
+PureVPN.exe
+purevpn.exe
+PureVPN_Windows_Setup.exe
+safeconnect.exe
+safervpn.exe
+shieldvpn.exe
+shinevpn.exe
+strongswan.exe
+StrongVPN.exe
+strongvpn.exe
+strongvpn.exe
+StrongVPN-Windows.exe
+Surfshark.exe
+surfshark.exe
+surfshark.exe
+SurfsharkSetup.exe
+swg.exe
+tailscaled.exe
+torguard.exe
+TracSrvWrapper.exe
+TunnelBear.exe
+tunnelbear.exe
+TunnelBear-Installer.exe
+turbovpn.exe
+urban-vpn.exe
+veepn.exe
+virtualshieldvpn.exe
+vpnac.exe
+vpnarea.exe
+vpnclient.exe
+vpnclient_x64.exe
+vpncli.exe
+vpn.exe
+vpnhub.exe
+vpnsecure.exe
+vpnserver.exe
+vpnserver_x64.exe
+vpnui.exe
+vpn-unlimited.exe
+vpnunlimited.exe
+vpn-unlimited-setup.exe
+vtund
+VyprVPN.exe
+vyprvpn.exe
+vyprvpn.exe
+VyprVPN-Installer.exe
+Windscribe.exe
+windscribe.exe
+windscribe.exe
+WindscribeSetup.exe
+wiresock-client.exe
+zenmate.exe
+zenmatevpn.exe
+ZoogVPN.exe
+zoogvpn.exe
+Vpnui.exe
+vpn.exe
+vpn
+nacvpn.exe
+termius.exe
+cudavpn_ndis62_x64.sys
+cudavpn_ndis64_x64.sys
+cudavpn_ndis65_x64.sys
+cudavpn_ndis68_arm64.sys
+cudavpn.sys
+brave_vpn_helper.exe
+brave_vpn_wireguard_service.exe
+anyconnect-win-4.9.04043-core-vpn-webdeploy-k9.exe
+nacvpn.exe
+vpnagent.exe
+vpncli.exe
+vpndownloader.exe
+vpnmgmttun.exe
+vpnui.exe
+vpnva64-6.sys
+com.docker.vpnkit.exe
+vpnkit-bridge.exe
+vpnkit.exe
+covpnv64.sys
+f5fpc.exe
+f5fpclientW.exe
+f5vpn_setup (1).exe
+f5vpn_setup.exe
+f5vpn.exe
+FortiClient.exe
+FortiSSLVPNdaemon.exe
+FortiSslVpnPluginApp.exe
+FortiSSLVPNsys.exe
+FortiVPNSt.exe
+sslvpn_inst_ZZDAT_Aija_Svede@vc.lm.gov.lv.exe
+sslvpn_inst_ZZDAT_Ilmars_Urbans@vc.lm.gov.lv.exe
+sslvpn_inst_ZZDAT_Valda_Branta@vc.lm.gov.lv.exe
+agilevpn.sys
+ipsec.exe
+agent_ovpnconnect.exe
+openvpn-gui.exe
+openvpn.exe
+OpenVPNConnect.exe
+openvpnserv.exe
+openvpnserv2.exe
+ovpn-dco.sys
+ovpnconnector.exe
+ovpnhelper_service.exe
+tap_ovpnconnect.sys
+ConnectVPN.exe
+PanGPA.exe
+PanGPS.exe
+phionvpn_ndis62_x64.sys
+phionvpn_ndis62_x86.sys
+phionvpn_ndis63_x64.sys
+phionvpn_ndis63_x86.sys
+phionvpn_ndis64_x64.sys
+phionvpn_ndis64_x86.sys
+phionvpn_ndis65_x64.sys
+phionvpn_ndis65_x86.sys
+phionvpn.sys
+scvpn.exe
+tailscaled.exe
+tor

backend/scripts/parse_tools_usage.py

@@ -0,0 +1,52 @@
+import csv
+import re
+import os
+from glob import glob
+
+# 1. Extract tool/process names from the Markdown file
+def extract_tools(md_path):
+    tools = set()
+    with open(md_path, encoding='utf-8') as f:
+        for line in f:
+            line = line.strip()
+            # Skip headers and empty lines
+            if not line or line.endswith(':') or line.startswith('<!--'):
+                continue
+            # Only keep lines that look like process/tool names
+            if re.match(r'^[\w\-.@]+(\.exe|\.dll|\.sys)?$', line, re.IGNORECASE):
+                tools.add(line.lower())
+    return tools
+
+# 2. Parse the CSV file and build mapping
+def parse_csv(csv_path, tools):
+    tool_hosts = {}
+    with open(csv_path, newline='', encoding='utf-8') as csvfile:
+        reader = csv.DictReader(csvfile)
+        for row in reader:
+            host = row.get('host') or row.get('hostname')
+            proc = row.get('process') or row.get('process_name') or row.get('image')
+            if not host or not proc:
+                continue
+            proc = proc.lower()
+            if proc in tools:
+                tool_hosts.setdefault(proc, set()).add(host)
+    return tool_hosts
+
+# 3. Output the breakdown
+def main():
+    md_path = r'd:\Dev\ThreatHunt\backend\lists\security-tools.md'
+    upload_dir = r'd:\Dev\ThreatHunt\uploaded'
+    tools = extract_tools(md_path)
+    csv_files = glob(os.path.join(upload_dir, '*.csv'))
+
+    for csv_path in csv_files:
+        print(f"\nResults for: {os.path.basename(csv_path)}")
+        tool_hosts = parse_csv(csv_path, tools)
+        if not tool_hosts:
+            print("  No known tools found.")
+            continue
+        for tool, hosts in sorted(tool_hosts.items()):
+            print(f"  {tool}: {', '.join(sorted(hosts))}")
+
+if __name__ == '__main__':
+    main()