This PR adds a plugin to parse outlook pst files

artifacts/definitions/Windows/Applications/outlook/emailheader.yaml

@@ -0,0 +1,37 @@
+name: Windows.Applications.Outlook.PST.Header
+author: "Sikha Puthanveedu @SikhaMohan"
+description: |
+  This artifact fetch emails and header details such as SPF, DMARC and DKIM from outlook PST file.
+parameters:
+  - name: outlookPSTfile
+    type: .pst
+    description: Full path to the outlook .pst file (For example - D:/MyPST/MyOutlookDataFile.pst)
+
+sources:
+  - precondition:
+      SELECT OS FROM info() WHERE OS = 'windows'
+    query: |
+
+            LET PSTInfo = SELECT Sender as Sender,
+                 Receiver as Receiver,
+                 Subject as Subject,
+                 Message as Message,
+                 DateandTime as DeliveryTime,
+                 Attachments as AttachmentNames,
+                 Body as Body
+            from parse_pst(filename=outlookPSTfile)
+
+            SELECT  
+               Sender,
+               Receiver,
+               parse_string_with_regex(regex='spf=(\\w+)', string=Body).g1 AS SPF,
+               parse_string_with_regex(regex='dkim=(\\w+)', string=Body).g1 AS DKIM,
+               parse_string_with_regex(regex='dmarc=(\\w+)', string=Body).g1 AS DMARC,
+               parse_string_with_regex(regex='Return-Path: <(.*?)>', string=Body).g1 AS ReturnPath,
+               Subject,
+               DeliveryTime,
+               AttachmentNames,
+               Message,
+               parse_string_with_regex(regex='internet_message_id:"<(.*?)>"', string=Body).g1 AS msgId,
+               parse_string_with_regex(regex='Content-Type:(.*?);', string=Body).g1 AS ContentType
+            FROM PSTInfo 

artifacts/definitions/Windows/Applications/outlook/pstparser.yaml

@@ -0,0 +1,36 @@
+name: Windows.Applications.Outlook.PST
+author: "Sikha Puthanveedu @SikhaMohan"
+description: |
+  This artifact fetch emails and attachments from outlook PST file.
+  This artifact parse for outlook pst files and display the details and save 
+  all attachments to user specified directory.
+parameters:
+  - name: outlookPSTfile
+    type: .pst
+    description: Full path to the outlook .pst file (For example - D:/MyPST/MyOutlookDataFile.pst)
+  - name: AttachmentFolder
+    type: directory path
+    description: If selected it will save all the attachments from emails to the specified directory.
+
+sources:
+  - precondition:
+      SELECT OS FROM info() WHERE OS = 'windows'
+    query: |
+
+            LET PSTInfo = SELECT Sender as Sender,
+                 Receiver as Receiver,
+                 Subject as Subject,
+                 Message as Message,
+                 DateandTime as DeliveryTime,
+                 Attachments as AttachmentNames,
+                 Body as Body
+            from parse_pst(filename=outlookPSTfile, FolderPath=AttachmentFolder)
+
+            SELECT  
+               Sender,
+               Receiver,
+               Subject,
+               DeliveryTime,
+               AttachmentNames,
+               Message 
+            FROM PSTInfo

artifacts/testdata/server/testcases/pstparser.yaml

@@ -0,0 +1,37 @@
+name: Windows.Applications.Outlook.PST
+author: "Sikha Puthanveedu"
+description: |
+  This artifact fetch emails and attachments from outlook PST file.
+  This artifact parse for outlook pst files and display the details and save 
+  all attachments to user specified directory.
+parameters:
+  - name: outlookPSTfile
+    type: .pst
+    description: Full path to the outlook .pst file (For example - D:/MyPST/MyOutlookDataFile.pst)
+  - name: AttachmentFolder
+    type: directory path
+    description: If selected it will save all the attachments from emails to the specified directory.
+
+sources:
+  - precondition:
+      SELECT OS FROM info() WHERE OS = 'windows'
+    query: |
+
+            LET PSTInfo = SELECT Sender as Sender,
+                 Receiver as Receiver,
+                 Subject as Subject,
+                 Message as Message,
+                 DateandTime as DeliveryTime,
+                 Attachments as AttachmentNames,
+                 AttachmentId as AttachmentId,
+                 Body as Body
+            from parse_pst(filename=outlookPSTfile, FolderPath=AttachmentFolder)
+
+            SELECT  
+               Sender,
+               Receiver,
+               Subject,
+               DeliveryTime,
+               AttachmentNames,
+               Message 
+            FROM PSTInfo

go.mod

@@ -83,7 +83,7 @@ require (
 	golang.org/x/mod v0.10.0
 	golang.org/x/net v0.10.0
 	golang.org/x/sys v0.8.0
-	golang.org/x/text v0.9.0 // indirect
+	golang.org/x/text v0.10.0 // indirect
 	golang.org/x/time v0.3.0
 	google.golang.org/api v0.126.0
 	google.golang.org/genproto v0.0.0-20230530153820-e85fd2cbaebc // indirect
@@ -158,7 +158,10 @@ require (
 	github.com/danwakefield/fnmatch v0.0.0-20160403171240-cbb64ac3d964 // indirect
 	github.com/dlclark/regexp2 v1.7.0 // indirect
 	github.com/dustmop/soup v1.1.2-0.20190516214245-38228baa104e // indirect
+	github.com/emersion/go-message v0.16.0 // indirect
+	github.com/emersion/go-textwrapper v0.0.0-20200911093747-65d896831594 // indirect
 	github.com/geoffgarside/ber v1.1.0 // indirect
+	github.com/godzie44/go-uring v0.0.0-20220926161041-69611e8b13d5 // indirect
 	github.com/golang/gddo v0.0.0-20210115222349-20d68f94ee1f // indirect
 	github.com/golang/glog v1.1.0 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
@@ -176,22 +179,28 @@ require (
 	github.com/klauspost/pgzip v1.2.5 // indirect
 	github.com/kr/fs v0.1.0 // indirect
 	github.com/lestrrat-go/strftime v1.0.5 // indirect
+	github.com/libp2p/go-sockaddr v0.1.1 // indirect
 	github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 // indirect
 	github.com/mattermost/xml-roundtrip-validator v0.1.0 // indirect
 	github.com/mattn/go-runewidth v0.0.14 // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
 	github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
 	github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 // indirect
+	github.com/mooijtech/go-pst/v6 v6.0.2 // indirect
 	github.com/paulmach/orb v0.1.5 // indirect
+	github.com/philhofer/fwd v1.1.2 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c // indirect
 	github.com/prometheus/common v0.44.0 // indirect
 	github.com/prometheus/procfs v0.9.0 // indirect
 	github.com/rivo/uniseg v0.4.2 // indirect
+	github.com/rotisserie/eris v0.5.4 // indirect
 	github.com/russellhaering/goxmldsig v1.3.0 // indirect
 	github.com/shopspring/decimal v1.2.0 // indirect
 	github.com/spf13/cast v1.3.1 // indirect
+	github.com/tidwall/btree v1.6.0 // indirect
+	github.com/tinylib/msgp v1.1.8 // indirect
 	github.com/tklauser/go-sysconf v0.3.9 // indirect
 	github.com/tklauser/numcpus v0.3.0 // indirect
 	github.com/ulikunitz/xz v0.5.10 // indirect