PyPI - acquire - Versions diffs - 3.17.dev3__tar.gz → 3.17.dev6__tar.gz - Mend

acquire 3.17.dev3tar.gz → 3.17.dev6tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (67) hide show

{acquire-3.17.dev3/acquire.egg-info → acquire-3.17.dev6}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: acquire
-Version: 3.17.dev3
+Version: 3.17.dev6
 Summary: A tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container
 Author-email: Dissect Team <dissect@fox-it.com>
 License: Affero General Public License v3

{acquire-3.17.dev3 → acquire-3.17.dev6}/acquire/acquire.py RENAMED Viewed

@@ -1372,6 +1372,26 @@ class SSH(Module):
             super().run(target, cli_args, collector)
+@register_module("--docker")
+class Docker(Module):
+    DESC = "various Docker logs and configuration files"
+    SPEC = [
+        # Container log files
+        ("glob", "/var/lib/docker/containers/*/*-json.log"),
+        ("glob", "/var/lib/docker/containers/*/*.json"),
+        ("glob", "/var/lib/docker/containers/*/hostname"),
+        # Linux daemon configs
+        ("file", "/etc/docker/daemon.json"),
+        ("file", "/var/snap/docker/current/config/daemon.json"),
+        # Windows daemon configs
+        ("file", "sysvol/ProgramData/docker/config/daemon.json"),
+        # User-specific config files (MacOS/Linux/Windows)
+        ("file", ".docker/daemon.json", from_user_home),
+        # Repositories
+        ("file", "/var/lib/docker/image/overlay2/repositories.json"),
+    ]
 @register_module("--var")
 class Var(Module):
     SPEC = [
@@ -1676,17 +1696,20 @@ def print_acquire_warning(target: Target) -> None:
         log.warning("========================================== WARNING ==========================================")
-def _add_modules_for_profile(choice: str, operating_system: str, profile: dict, msg: str) -> Optional[dict]:
-    modules_selected = dict()
-    if choice and choice != "none":
-        profile_dict = profile[choice]
-        if operating_system not in profile_dict:
-            log.error(msg, operating_system, choice)
-            return None
+def _get_modules_for_profile(
+    profile_name: str,
+    operating_system: str,
+    profiles: dict[str, dict[str, list[type[Module]]]],
+    err_msg: str,
+) -> dict[str, type[Module]]:
+    modules_selected = {}
-        for mod in profile_dict[operating_system]:
-            modules_selected[mod.__modname__] = mod
+    if profile_name != "none":
+        if (profile := profiles.get(profile_name, {}).get(operating_system)) is not None:
+            for mod in profile:
+                modules_selected[mod.__modname__] = mod
+        else:
+            log.error(err_msg, operating_system, profile_name)
     return modules_selected
@@ -1755,24 +1778,23 @@ def acquire_target(target: Target, args: argparse.Namespace, output_ts: Optional
         profile = "default"
         log.info("")
-    profile_modules = _add_modules_for_profile(
-        profile, target.os, PROFILES, "No collection set for OS %s with profile %s"
+    normal_modules = _get_modules_for_profile(
+        profile, target.os, PROFILES, "No collection set for OS '%s' with profile '%s'"
     )
+    modules_selected.update(normal_modules)
     if not (volatile_profile := args.volatile_profile):
         volatile_profile = "none"
-    volatile_modules = _add_modules_for_profile(
-        volatile_profile, target.os, VOLATILE, "No collection set for OS %s with volatile profile %s"
+    volatile_modules = _get_modules_for_profile(
+        volatile_profile, target.os, VOLATILE, "No collection set for OS '%s' with volatile profile '%s'"
     )
-    if (profile_modules or volatile_modules) is None:
-        return files
-    modules_selected.update(profile_modules)
     modules_selected.update(volatile_modules)
-    log.info("Modules selected: %s", ", ".join(sorted(modules_selected)))
+    if not modules_selected:
+        log.warn("NO modules selected!")
+    else:
+        log.info("Modules selected: %s", ", ".join(sorted(modules_selected)))
     local_only_modules = {name: module for name, module in modules_selected.items() if hasattr(module, "__local__")}
     if target.path.name != "local" and local_only_modules:
@@ -1952,6 +1974,7 @@ class WindowsProfile:
         SSH,
         IIS,
         TextEditor,
+        Docker,
     ]
@@ -1966,6 +1989,7 @@ class LinuxProfile:
     DEFAULT = MINIMAL
     FULL = [
         *DEFAULT,
+        Docker,
         History,
         WebHosting,
     ]
@@ -2010,6 +2034,7 @@ class OSXProfile:
         *DEFAULT,
         History,
         SSH,
+        Docker,
     ]

{acquire-3.17.dev3 → acquire-3.17.dev6}/acquire/version.py RENAMED Viewed

@@ -12,5 +12,5 @@ __version__: str
 __version_tuple__: VERSION_TUPLE
 version_tuple: VERSION_TUPLE
-__version__ = version = '3.17.dev3'
-__version_tuple__ = version_tuple = (3, 17, 'dev3')
+__version__ = version = '3.17.dev6'
+__version_tuple__ = version_tuple = (3, 17, 'dev6')

{acquire-3.17.dev3 → acquire-3.17.dev6/acquire.egg-info}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: acquire
-Version: 3.17.dev3
+Version: 3.17.dev6
 Summary: A tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container
 Author-email: Dissect Team <dissect@fox-it.com>
 License: Affero General Public License v3

{acquire-3.17.dev3 → acquire-3.17.dev6}/COPYRIGHT RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/LICENSE RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/MANIFEST.in RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/README.md RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/acquire/__init__.py RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/acquire/collector.py RENAMED Viewed

@@ -518,6 +518,9 @@ class Collector:
                     self.report.add_symlink_collected(module_name, branch_path)
                     log.info("- Collecting symlink branch suceeded %s", branch_path)
+        except (FileNotFoundError, NotADirectoryError, NotASymlinkError, SymlinkRecursionError, ValueError):
+            self.report.add_path_missing(module_name, error_path)
+            log.error("- Path %s is not found (while collecting %s)", error_path, path)
         except OSError as error:
             if error.errno == errno.ENOENT:
                 self.report.add_path_missing(module_name, error_path)
@@ -528,9 +531,6 @@ class Collector:
             else:
                 self.report.add_path_failed(module_name, error_path)
                 log.error("- OSError while collecting path %s (while collecting %s)", error_path, path)
-        except (FileNotFoundError, NotADirectoryError, NotASymlinkError, SymlinkRecursionError, ValueError):
-            self.report.add_path_missing(module_name, error_path)
-            log.error("- Path %s is not found (while collecting %s)", error_path, path)
         except Exception:
             self.report.add_path_failed(module_name, error_path)
             log.error("- Failed to collect path %s (while collecting %s)", error_path, path, exc_info=True)

{acquire-3.17.dev3 → acquire-3.17.dev6}/acquire/crypt.py RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/acquire/dynamic/__init__.py RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/acquire/dynamic/windows/__init__.py RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/acquire/dynamic/windows/collect.py RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/acquire/dynamic/windows/exceptions.py RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/acquire/dynamic/windows/handles.py RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/acquire/dynamic/windows/named_objects.py RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/acquire/dynamic/windows/ntdll.py RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/acquire/dynamic/windows/types.py RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/acquire/esxi.py RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/acquire/gui/__init__.py RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/acquire/gui/base.py RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/acquire/gui/win32.py RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/acquire/hashes.py RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/acquire/log.py RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/acquire/outputs/__init__.py RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/acquire/outputs/base.py RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/acquire/outputs/dir.py RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/acquire/outputs/tar.py RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/acquire/outputs/zip.py RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/acquire/tools/__init__.py RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/acquire/tools/decrypter.py RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/acquire/uploaders/__init__.py RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/acquire/uploaders/minio.py RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/acquire/uploaders/plugin.py RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/acquire/uploaders/plugin_registry.py RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/acquire/utils.py RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/acquire/volatilestream.py RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/acquire.egg-info/SOURCES.txt RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/acquire.egg-info/dependency_links.txt RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/acquire.egg-info/entry_points.txt RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/acquire.egg-info/requires.txt RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/acquire.egg-info/top_level.txt RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/pyproject.toml RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/setup.cfg RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/tests/__init__.py RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/tests/conftest.py RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/tests/data/private_key.pem RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/tests/data/public_key.pem RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/tests/docs/Makefile RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/tests/docs/conf.py RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/tests/docs/index.rst RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/tests/test_acquire_command.py RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/tests/test_acquire_modules.py RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/tests/test_collector.py RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/tests/test_decryptor_funcs.py RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/tests/test_esxi_memory.py RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/tests/test_file_sorting.py RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/tests/test_gui.py RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/tests/test_minio_uploader.py RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/tests/test_misc_users.py RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/tests/test_outputs_dir.py RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/tests/test_outputs_tar.py RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/tests/test_outputs_zip.py RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/tests/test_plugin.py RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/tests/test_utils.py RENAMED Viewed

File without changes

{acquire-3.17.dev3 → acquire-3.17.dev6}/tox.ini RENAMED Viewed

File without changes

acquire 3.17.dev3__tar.gz → 3.17.dev6__tar.gz

acquire 3.17.dev3tar.gz → 3.17.dev6tar.gz