PyPI - acquire - Versions diffs - 3.14.dev7__tar.gz → 3.14.dev8__tar.gz - Mend

acquire 3.14.dev7tar.gz → 3.14.dev8tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (63) hide show

{acquire-3.14.dev7/acquire.egg-info → acquire-3.14.dev8}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: acquire
-Version: 3.14.dev7
+Version: 3.14.dev8
 Summary: A tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container
 Author-email: Dissect Team <dissect@fox-it.com>
 License: Affero General Public License v3

{acquire-3.14.dev7 → acquire-3.14.dev8}/acquire/acquire.py RENAMED Viewed

@@ -3,7 +3,6 @@ import enum
 import functools
 import io
 import itertools
-import json
 import logging
 import os
 import platform
@@ -22,10 +21,9 @@ from dissect.target import Target, exceptions
 from dissect.target.filesystem import Filesystem
 from dissect.target.filesystems import ntfs
 from dissect.target.helpers import fsutil
-from dissect.target.loaders.remote import RemoteStreamConnection
-from dissect.target.loaders.targetd import TargetdLoader
 from dissect.target.plugins.apps.webserver import iis
 from dissect.target.plugins.os.windows.log import evt, evtx
+from dissect.target.tools.utils import args_to_uri
 from dissect.util.stream import RunlistStream
 from acquire.collector import Collector, get_full_formatted_report, get_report_summary
@@ -92,7 +90,6 @@ MODULE_LOOKUP = {}
 CLI_ARGS_MODULE = "cli-args"
 log = logging.getLogger("acquire")
 log.propagate = 0
 log_file_handler = None
@@ -1658,45 +1655,6 @@ def print_acquire_warning(target: Target) -> None:
         log.warning("========================================== WARNING ==========================================")
-def modargs2json(args: argparse.Namespace) -> dict:
-    json_opts = {}
-    for module in MODULES.values():
-        cli_arg = module.__cli_args__[-1:][0][1]
-        if opt := cli_arg.get("dest"):
-            json_opts[opt] = getattr(args, opt)
-    return json_opts
-def acquire_target(target: Target, *args, **kwargs) -> list[str]:
-    if isinstance(target._loader, TargetdLoader):
-        files = acquire_target_targetd(target, *args, **kwargs)
-    else:
-        files = acquire_target_regular(target, *args, **kwargs)
-    return files
-def acquire_target_targetd(target: Target, args: argparse.Namespace, output_ts: Optional[str] = None) -> list[str]:
-    files = []
-    # debug logs contain references to flow objects and will give errors
-    logging.getLogger().setLevel(logging.CRITICAL)
-    if not len(target.hostname()):
-        log.error("Unable to initialize targetd.")
-        return files
-    json_opts = modargs2json(args)
-    json_opts["profile"] = args.profile
-    json_opts["file"] = args.file
-    json_opts["directory"] = args.directory
-    json_opts["glob"] = args.glob
-    m = {"targetd-meta": "acquire", "args": json_opts}
-    json_str = json.dumps(m)
-    targetd = target._loader.instance.client
-    targetd.send_message(json_str.encode("utf-8"))
-    targetd.sync()
-    for stream in targetd.streams:
-        files.append(stream.out_file)
-    return files
 def _add_modules_for_profile(choice: str, operating_system: str, profile: dict, msg: str) -> Optional[dict]:
     modules_selected = dict()
@@ -1712,7 +1670,7 @@ def _add_modules_for_profile(choice: str, operating_system: str, profile: dict,
     return modules_selected
-def acquire_target_regular(target: Target, args: argparse.Namespace, output_ts: Optional[str] = None) -> list[str]:
+def acquire_target(target: Target, args: argparse.Namespace, output_ts: Optional[str] = None) -> list[str]:
     acquire_gui = GUI()
     files = []
     output_ts = output_ts or get_utc_now_str()
@@ -2092,7 +2050,7 @@ VOLATILE = {
 def main() -> None:
     parser = create_argument_parser(PROFILES, VOLATILE, MODULES)
-    args = parse_acquire_args(parser, config=CONFIG)
+    args, rest = parse_acquire_args(parser, config=CONFIG)
     # start GUI if requested through CLI / config
     flavour = None
@@ -2144,26 +2102,6 @@ def main() -> None:
         log.exception(err)
         parser.exit(1)
-    if args.targetd:
-        from targetd.tools.targetd import start_client
-        # set @auto hostname to real hostname
-        if args.targetd_hostname == "@auto":
-            args.targetd_hostname = f"/host/{Target.open('local').hostname}"
-        config = {
-            "function": args.targetd_func,
-            "topics": [args.targetd_hostname, args.targetd_groupname, args.targetd_globalname],
-            "link": args.targetd_link,
-            "address": args.targetd_ip,
-            "port": args.targetd_port,
-            "cacert_str": args.targetd_cacert,
-            "service": args.targetd_func == "agent",
-            "cacert": None,
-        }
-        start_client(args, presets=config)
-        return
     if args.upload:
         try:
             upload_files(args.upload, args.upload_plugin, args.no_proxy)
@@ -2171,43 +2109,44 @@ def main() -> None:
             log.exception("Failed to upload files")
         return
-    RemoteStreamConnection.configure(args.cagent_key, args.cagent_certificate)
-    target_path = args.target
-    if target_path == "local":
-        target_query = {}
-        if args.force_fallback:
-            target_query.update({"force-directory-fs": 1})
+    target_paths = []
+    for target_path in args.targets:
+        target_path = args_to_uri([target_path], args.loader, rest)[0] if args.loader else target_path
+        if target_path == "local":
+            target_query = {}
+            if args.force_fallback:
+                target_query.update({"force-directory-fs": 1})
-        if args.fallback:
-            target_query.update({"fallback-to-directory-fs": 1})
+            if args.fallback:
+                target_query.update({"fallback-to-directory-fs": 1})
-        target_query = urllib.parse.urlencode(target_query)
-        target_path = f"{target_path}?{target_query}"
-    log.info("Loading target %s", target_path)
+            target_query = urllib.parse.urlencode(target_query)
+            target_path = f"{target_path}?{target_query}"
+        target_paths.append(target_path)
     try:
-        target = Target.open(target_path)
-        log.info(target)
+        target_name = "Unknown"  # just in case open_all already fails
+        for target in Target.open_all(target_paths):
+            target_name = "Unknown"  # overwrite previous target name
+            target_name = target.name
+            log.info("Loading target %s", target_name)
+            log.info(target)
+            if target.os == "esxi" and target.name == "local":
+                # Loader found that we are running on an esxi host
+                # Perform operations to "enhance" memory
+                with esxi_memory_context_manager():
+                    acquire_children_and_targets(target, args)
+            else:
+                acquire_children_and_targets(target, args)
     except Exception:
         if not is_user_admin():
-            log.error("Failed to load target, try re-running as administrator/root.")
+            log.error("Failed to load target: %s, try re-running as administrator/root", target_name)
             acquire_gui.message("This application must be run as administrator.")
             acquire_gui.wait_for_quit()
             parser.exit(1)
-        log.exception("Failed to load target")
+        log.exception("Failed to load target: %s", target_name)
         raise
-    if target.os == "esxi" and target.name == "local":
-        # Loader found that we are running on an esxi host
-        # Perform operations to "enhance" memory
-        with esxi_memory_context_manager():
-            acquire_children_and_targets(target, args)
-    else:
-        acquire_children_and_targets(target, args)
 def load_child(target: Target, child_path: Path) -> None:
     log.info("")

{acquire-3.14.dev7 → acquire-3.14.dev8}/acquire/utils.py RENAMED Viewed

@@ -17,20 +17,6 @@ from dissect.target import Target
 from acquire.outputs import OUTPUTS
 from acquire.uploaders.plugin_registry import UploaderRegistry
-# Acquire Configuration for CAgent and TargetD
-CAGENT_TARGETD_ATTRS = {
-    "cagent_key",
-    "cagent_certificate",
-    "targetd_func",
-    "targetd_cacert",
-    "targetd_ip",
-    "targetd_port",
-    "targetd_hostname",
-    "targetd_groupname",
-    "targetd_globalname",
-    "targetd_link",
-}
 class StrEnum(str, Enum):
     """Sortable and serializible string-based enum"""
@@ -78,13 +64,7 @@ def create_argument_parser(profiles: dict, volatile: dict, modules: dict) -> arg
         fromfile_prefix_chars="@",
     )
-    parser.add_argument(
-        "target",
-        metavar="TARGET",
-        default="local",
-        nargs="?",
-        help="target to load (default: local)",
-    )
+    parser.add_argument("targets", metavar="TARGETS", default=["local"], nargs="*", help="Targets to load")
     # Create a mutually exclusive group, such that only one of the output options can be used
     output_group = parser.add_mutually_exclusive_group()
     output_group.add_argument("-o", "--output", default=Path("."), type=Path, help="output directory")
@@ -102,11 +82,6 @@ def create_argument_parser(profiles: dict, volatile: dict, modules: dict) -> arg
         action="store_true",
         help="compress output (if supported by the output type)",
     )
-    parser.add_argument(
-        "--targetd",
-        action="store_true",
-        help="setup and install targetd agent",
-    )
     parser.add_argument(
         "--encrypt",
         action="store_true",
@@ -123,6 +98,13 @@ def create_argument_parser(profiles: dict, volatile: dict, modules: dict) -> arg
     parser.add_argument("--public-key", type=Path, help=argparse.SUPPRESS)
     parser.add_argument("-l", "--log", type=Path, help="log directory location")
     parser.add_argument("--no-log", action="store_true", help=argparse.SUPPRESS)
+    parser.add_argument(
+        "-L",
+        "--loader",
+        action="store",
+        default=None,
+        help="select a specific loader (i.e. vmx, raw)",
+    )
     parser.add_argument("-p", "--profile", choices=profiles.keys(), help="collection profile")
     parser.add_argument("--volatile-profile", choices=volatile.keys(), help="volatile profile")
@@ -178,7 +160,7 @@ def create_argument_parser(profiles: dict, volatile: dict, modules: dict) -> arg
 def parse_acquire_args(
     parser: argparse.ArgumentParser,
     config: dict[str, Any],
-) -> argparse.Namespace:
+) -> tuple[argparse.Namespace, list[str]]:
     """Parse and set the acquire command line arguments.
     The arguments are set to values supplied in ``config[arguments]``, when not
@@ -194,10 +176,10 @@ def parse_acquire_args(
     Returns:
         A command line arguments namespace
     """
-    command_line_args = parser.parse_args()
+    command_line_args, rest = parser.parse_known_args()
     _merge_args_and_config(parser, command_line_args, config)
-    return command_line_args
+    return command_line_args, rest
 def _merge_args_and_config(
@@ -264,10 +246,10 @@ def check_and_set_log_args(args: argparse.Namespace):
             # Logging to a single file is allowed, even if the file does not yet
             # exist, as it will be automatically created. However then the parent
             # directory must exist.
-            if args.children:
-                # If children are acquired, logging can only happen to separate
+            if args.children or len(args.targets) > 1:
+                # If children or multiple targets are acquired, logging can only happen to separate
                 # files, so log_path needs to be a directory.
-                raise ValueError("Log path must be a directory when using --children")
+                raise ValueError("Log path must be a directory when using multiple targets or --children")
         else:
             raise ValueError(f"Log path doesn't exist: {log_path}")
@@ -312,7 +294,7 @@ def check_and_set_acquire_args(
     if not args.upload:
         # check output related configuration
-        if args.children and args.output_file:
+        if (args.children or len(args.targets) > 1) and args.output_file:
             raise ValueError("--children can not be used with --output_file. Use --output instead")
         elif args.output_file and (not args.output_file.parent.is_dir() or args.output_file.is_dir()):
             raise ValueError("--output_file must be a path to a file in an existing directory")
@@ -328,10 +310,6 @@ def check_and_set_acquire_args(
                 raise ValueError("No public key available (embedded or argument)")
             setattr(args, "public_key", public_key)
-        # set cagent/targetd related configuration
-        for attr in CAGENT_TARGETD_ATTRS:
-            setattr(args, attr, args.config.get(attr))
     if not args.children and args.skip_parent:
         raise ValueError("--skip-parent can only be set with --children")

{acquire-3.14.dev7 → acquire-3.14.dev8}/acquire/version.py RENAMED Viewed

@@ -12,5 +12,5 @@ __version__: str
 __version_tuple__: VERSION_TUPLE
 version_tuple: VERSION_TUPLE
-__version__ = version = '3.14.dev7'
-__version_tuple__ = version_tuple = (3, 14, 'dev7')
+__version__ = version = '3.14.dev8'
+__version_tuple__ = version_tuple = (3, 14, 'dev8')

{acquire-3.14.dev7 → acquire-3.14.dev8/acquire.egg-info}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: acquire
-Version: 3.14.dev7
+Version: 3.14.dev8
 Summary: A tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container
 Author-email: Dissect Team <dissect@fox-it.com>
 License: Affero General Public License v3

{acquire-3.14.dev7 → acquire-3.14.dev8}/tests/test_acquire_command.py RENAMED Viewed

@@ -18,7 +18,7 @@ from acquire.acquire import (
 def acquire_parser_args(config: List, argument_list: List) -> Namespace:
     CONFIG["arguments"] = config
     with patch("argparse._sys.argv", [""] + argument_list):
-        return parse_acquire_args(create_argument_parser(PROFILES, VOLATILE, MODULES), config=CONFIG)
+        return parse_acquire_args(create_argument_parser(PROFILES, VOLATILE, MODULES), config=CONFIG)[0]
 @pytest.mark.parametrize("config, argument_list", [([], [])])
@@ -34,3 +34,8 @@ def test_one_config_default_argument(acquire_parser_args):
 @pytest.mark.parametrize("config, argument_list", [(["-f", "test"], ["-f", "best"])])
 def test_config_default_argument_override(acquire_parser_args):
     assert acquire_parser_args.file == ["best"]
+@pytest.mark.parametrize("config, argument_list", [([], ["target1", "target2"])])
+def test_local_target_fallbactargets(acquire_parser_args):
+    assert acquire_parser_args.targets == ["target1", "target2"]

{acquire-3.14.dev7 → acquire-3.14.dev8}/tests/test_utils.py RENAMED Viewed

@@ -110,7 +110,7 @@ def test_check_and_set_log_args(
 def test_check_and_set_log_args_fail_log_to_file_with_children() -> None:
     mock_path = get_mock_path(is_dir=False)
     args = get_args(log=mock_path, children=True)
-    with pytest.raises(ValueError, match="Log path must be a directory when using --children"):
+    with pytest.raises(ValueError, match="Log path must be a directory when using multiple targets or --children"):
         check_and_set_log_args(args)
@@ -141,11 +141,6 @@ def test_check_and_set_acquire_args_upload_auto_upload(arg_name: str) -> None:
     args = get_args(**{arg_name: True, "config": config})
     check_and_set_acquire_args(args, upload_plugins)
-    if arg_name == "upload":
-        assert "cagent_key" not in args
-    else:
-        assert args.cagent_key == cagent_key
 @pytest.mark.parametrize(
     "arg_name",
@@ -307,20 +302,6 @@ def test_check_and_set_acquire_args_encrypt_without_public_key_fail(public_key:
         check_and_set_acquire_args(args, MagicMock())
-def test_check_and_set_acquire_args_cagent() -> None:
-    cagent_key = "KEY"
-    cagent_certificate = "CERT"
-    config = {
-        "cagent_key": cagent_key,
-        "cagent_certificate": cagent_certificate,
-    }
-    args = get_args(config=config)
-    check_and_set_acquire_args(args, MagicMock())
-    assert args.cagent_key == cagent_key
-    assert args.cagent_certificate == cagent_certificate
 @pytest.mark.parametrize(
     "path, sysvol, resolve, lower_case, case_sensitive, os, result",
     [

{acquire-3.14.dev7 → acquire-3.14.dev8}/COPYRIGHT RENAMED Viewed

File without changes

{acquire-3.14.dev7 → acquire-3.14.dev8}/LICENSE RENAMED Viewed

File without changes

{acquire-3.14.dev7 → acquire-3.14.dev8}/MANIFEST.in RENAMED Viewed

File without changes

{acquire-3.14.dev7 → acquire-3.14.dev8}/README.md RENAMED Viewed

File without changes

{acquire-3.14.dev7 → acquire-3.14.dev8}/acquire/__init__.py RENAMED Viewed

File without changes

{acquire-3.14.dev7 → acquire-3.14.dev8}/acquire/collector.py RENAMED Viewed

File without changes

{acquire-3.14.dev7 → acquire-3.14.dev8}/acquire/crypt.py RENAMED Viewed

File without changes

{acquire-3.14.dev7 → acquire-3.14.dev8}/acquire/dynamic/__init__.py RENAMED Viewed

File without changes

{acquire-3.14.dev7 → acquire-3.14.dev8}/acquire/dynamic/windows/__init__.py RENAMED Viewed

File without changes

{acquire-3.14.dev7 → acquire-3.14.dev8}/acquire/dynamic/windows/collect.py RENAMED Viewed

File without changes

{acquire-3.14.dev7 → acquire-3.14.dev8}/acquire/dynamic/windows/exceptions.py RENAMED Viewed

File without changes

{acquire-3.14.dev7 → acquire-3.14.dev8}/acquire/dynamic/windows/handles.py RENAMED Viewed

File without changes

{acquire-3.14.dev7 → acquire-3.14.dev8}/acquire/dynamic/windows/named_objects.py RENAMED Viewed

File without changes

{acquire-3.14.dev7 → acquire-3.14.dev8}/acquire/dynamic/windows/ntdll.py RENAMED Viewed

File without changes

{acquire-3.14.dev7 → acquire-3.14.dev8}/acquire/dynamic/windows/types.py RENAMED Viewed

File without changes

{acquire-3.14.dev7 → acquire-3.14.dev8}/acquire/esxi.py RENAMED Viewed

File without changes

{acquire-3.14.dev7 → acquire-3.14.dev8}/acquire/gui/__init__.py RENAMED Viewed

File without changes

{acquire-3.14.dev7 → acquire-3.14.dev8}/acquire/gui/base.py RENAMED Viewed

File without changes

{acquire-3.14.dev7 → acquire-3.14.dev8}/acquire/gui/win32.py RENAMED Viewed

File without changes

{acquire-3.14.dev7 → acquire-3.14.dev8}/acquire/hashes.py RENAMED Viewed

File without changes

{acquire-3.14.dev7 → acquire-3.14.dev8}/acquire/log.py RENAMED Viewed

File without changes

{acquire-3.14.dev7 → acquire-3.14.dev8}/acquire/outputs/__init__.py RENAMED Viewed

File without changes

{acquire-3.14.dev7 → acquire-3.14.dev8}/acquire/outputs/base.py RENAMED Viewed

File without changes

{acquire-3.14.dev7 → acquire-3.14.dev8}/acquire/outputs/dir.py RENAMED Viewed

File without changes

{acquire-3.14.dev7 → acquire-3.14.dev8}/acquire/outputs/tar.py RENAMED Viewed

File without changes

{acquire-3.14.dev7 → acquire-3.14.dev8}/acquire/outputs/zip.py RENAMED Viewed

File without changes

{acquire-3.14.dev7 → acquire-3.14.dev8}/acquire/tools/__init__.py RENAMED Viewed

File without changes

{acquire-3.14.dev7 → acquire-3.14.dev8}/acquire/tools/decrypter.py RENAMED Viewed

File without changes

{acquire-3.14.dev7 → acquire-3.14.dev8}/acquire/uploaders/__init__.py RENAMED Viewed

File without changes

{acquire-3.14.dev7 → acquire-3.14.dev8}/acquire/uploaders/minio.py RENAMED Viewed

File without changes

{acquire-3.14.dev7 → acquire-3.14.dev8}/acquire/uploaders/plugin.py RENAMED Viewed

File without changes

{acquire-3.14.dev7 → acquire-3.14.dev8}/acquire/uploaders/plugin_registry.py RENAMED Viewed

File without changes

{acquire-3.14.dev7 → acquire-3.14.dev8}/acquire/volatilestream.py RENAMED Viewed

File without changes

{acquire-3.14.dev7 → acquire-3.14.dev8}/acquire.egg-info/SOURCES.txt RENAMED Viewed

File without changes

{acquire-3.14.dev7 → acquire-3.14.dev8}/acquire.egg-info/dependency_links.txt RENAMED Viewed

File without changes

{acquire-3.14.dev7 → acquire-3.14.dev8}/acquire.egg-info/entry_points.txt RENAMED Viewed

File without changes

{acquire-3.14.dev7 → acquire-3.14.dev8}/acquire.egg-info/requires.txt RENAMED Viewed

File without changes

{acquire-3.14.dev7 → acquire-3.14.dev8}/acquire.egg-info/top_level.txt RENAMED Viewed

File without changes

{acquire-3.14.dev7 → acquire-3.14.dev8}/pyproject.toml RENAMED Viewed

File without changes

{acquire-3.14.dev7 → acquire-3.14.dev8}/setup.cfg RENAMED Viewed

File without changes

{acquire-3.14.dev7 → acquire-3.14.dev8}/tests/__init__.py RENAMED Viewed

File without changes

{acquire-3.14.dev7 → acquire-3.14.dev8}/tests/conftest.py RENAMED Viewed

File without changes

{acquire-3.14.dev7 → acquire-3.14.dev8}/tests/docs/Makefile RENAMED Viewed

File without changes

{acquire-3.14.dev7 → acquire-3.14.dev8}/tests/docs/conf.py RENAMED Viewed

File without changes

{acquire-3.14.dev7 → acquire-3.14.dev8}/tests/docs/index.rst RENAMED Viewed

File without changes

{acquire-3.14.dev7 → acquire-3.14.dev8}/tests/test_acquire_modules.py RENAMED Viewed

File without changes

{acquire-3.14.dev7 → acquire-3.14.dev8}/tests/test_collector.py RENAMED Viewed

File without changes

{acquire-3.14.dev7 → acquire-3.14.dev8}/tests/test_decryptor_funcs.py RENAMED Viewed

File without changes

{acquire-3.14.dev7 → acquire-3.14.dev8}/tests/test_esxi_memory.py RENAMED Viewed

File without changes

{acquire-3.14.dev7 → acquire-3.14.dev8}/tests/test_file_sorting.py RENAMED Viewed

File without changes

{acquire-3.14.dev7 → acquire-3.14.dev8}/tests/test_minio_uploader.py RENAMED Viewed

File without changes

{acquire-3.14.dev7 → acquire-3.14.dev8}/tests/test_misc_users.py RENAMED Viewed

File without changes

{acquire-3.14.dev7 → acquire-3.14.dev8}/tests/test_outputs_dir.py RENAMED Viewed

File without changes

{acquire-3.14.dev7 → acquire-3.14.dev8}/tests/test_outputs_tar.py RENAMED Viewed

File without changes

{acquire-3.14.dev7 → acquire-3.14.dev8}/tests/test_plugin.py RENAMED Viewed

File without changes

{acquire-3.14.dev7 → acquire-3.14.dev8}/tox.ini RENAMED Viewed

File without changes

acquire 3.14.dev7__tar.gz → 3.14.dev8__tar.gz

acquire 3.14.dev7tar.gz → 3.14.dev8tar.gz