jumplist_parser 0.1.0

A Rust library to parse Windows Jumplist files (automaticDestinations-ms and customDestinations-ms)
Documentation

Jumplist Parser

Crates.io Docs.rs License: MIT OR Apache-2.0

This repository is a Rust library and CLI tool for parsing Windows Jumplist artifacts

๐Ÿ” What Are Jumplists?

Windows Jumplists are Windows artifacts that provides quick access to recently or frequently used files per application. They are stored under:

%APPDATA%\Microsoft\Windows\Recent\AutomaticDestinations\*
%APPDATA%\Microsoft\Windows\Recent\CustomDestinations\*

These files contain structured metadata such as:

  • File paths and names
  • Timestamps (last accessed, modified)
  • Hostname where files were opened
  • LNK metadata (command-line arguments, working directory, etc)
  • Pinned items
  • And many more!

Jumplists are extremely useful in incident response, timeline analysis, and user activity reconstruction. If you want to know more about this artifact, I wrote a blog post about its structure here: u0041.co

๐Ÿ“ฆ Installation

Install the commandline tool using cargo:

cargo install jumplist_parser

Once installed, you can run the binary to see available arguments:

jumplist_parser --help


Created By: AbdulRhman Alfaifi <@A__ALFAIFI>
Version: v0.1.0

Reference: https://u0041.co/posts/articals/jumplist-files-artifacts/


Windows Jumplist Files Parser


Usage: jumplist_parser [OPTIONS]


Options:

  -p, --path <PATH>                    Path(s) to Jumplist files to be parsed - accepts glob (defaults to 'AutomaticDestinations' & 'CustomDestinations' for all users)
  -o, --output <FILE>                  The file path to write the output to [default: stdout]

      --output-format <output-format>  Output format [default: csv] [possible values: csv, jsonl, json]

      --no-headers                     Don't print headers when using CSV as the output format
      --normalize                      Normalize the result to the most important fields
  -h, --help                           Print help
  -V, --version                        Print version

Or you can download the latest version from the release section

๐Ÿงช Using the Library

1๏ธโƒฃ Add to Cargo.toml

[dependencies]

jumplist_parser = "0.1.0"

2๏ธโƒฃ Parse a Jumplist File

use jumplist_parser::JumplistParser;

fn main() -> Result<(), Box<dyn std::error::Error>> {
    let parser = JumplistParser::from_path("samples/win11/AutomaticDestinations/4cb9c5750d51c07f.automaticDestinations-ms")?;

    println!("App ID: {:?}", parser.app_id);
    println!("{:#?}", parser);

    Ok(())
}

๐Ÿ“ License

Licensed under either of:

  • MIT
  • Apache License, Version 2.0

๐Ÿ“š References