Easy to use, right to the point, Windows Shortcut file (LNK) parser with Node JS
JS-LnkParser is a lightweight Node JS script that allows you to explore what's inside of a binary .lnk Windows file. Based on the Microsoft Shell Link specifications, the script will try to show you every bit of information it can find in the file.
For now, this project is at his very beginning and a lot of features are missing like :
- Reading Shell Item ID data
- Reading Extra Data
- Reading malformed files
- Create / Modify files
Keep in mind that it's still an early version, but you can always give it a try :)
Just get the index.js file and the Enums folder is the same directory, anywhere you want. No external dependency required (other than the defaults fs and path).
node index.js FILE [OUTPUT_FOLDER]
Where FILE is the absolute path to the .lnk file and OUTPUT_FOLDER (optional) is the absolute path to an output directory, where the JSON result will be saved.
In this repo, you will find an sample.lnk file that has already been read by the script. The sample.json file is the associated output.
For more information about LNK file forensics, you should look at the Windows MS-SHLLINK specifications and the forensicwiki.