acquire 3.18.dev2__tar.gz → 3.18.dev4__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {acquire-3.18.dev2/acquire.egg-info → acquire-3.18.dev4}/PKG-INFO +1 -1
- {acquire-3.18.dev2 → acquire-3.18.dev4}/acquire/acquire.py +58 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/acquire/version.py +2 -2
- {acquire-3.18.dev2 → acquire-3.18.dev4/acquire.egg-info}/PKG-INFO +1 -1
- {acquire-3.18.dev2 → acquire-3.18.dev4}/COPYRIGHT +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/LICENSE +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/MANIFEST.in +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/README.md +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/acquire/__init__.py +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/acquire/collector.py +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/acquire/crypt.py +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/acquire/dynamic/__init__.py +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/acquire/dynamic/windows/__init__.py +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/acquire/dynamic/windows/collect.py +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/acquire/dynamic/windows/exceptions.py +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/acquire/dynamic/windows/handles.py +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/acquire/dynamic/windows/named_objects.py +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/acquire/dynamic/windows/ntdll.py +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/acquire/dynamic/windows/types.py +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/acquire/esxi.py +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/acquire/gui/__init__.py +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/acquire/gui/base.py +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/acquire/gui/win32.py +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/acquire/hashes.py +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/acquire/log.py +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/acquire/outputs/__init__.py +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/acquire/outputs/base.py +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/acquire/outputs/dir.py +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/acquire/outputs/tar.py +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/acquire/outputs/zip.py +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/acquire/tools/__init__.py +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/acquire/tools/decrypter.py +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/acquire/uploaders/__init__.py +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/acquire/uploaders/minio.py +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/acquire/uploaders/plugin.py +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/acquire/uploaders/plugin_registry.py +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/acquire/utils.py +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/acquire/volatilestream.py +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/acquire.egg-info/SOURCES.txt +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/acquire.egg-info/dependency_links.txt +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/acquire.egg-info/entry_points.txt +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/acquire.egg-info/requires.txt +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/acquire.egg-info/top_level.txt +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/pyproject.toml +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/setup.cfg +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/tests/__init__.py +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/tests/conftest.py +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/tests/data/private_key.pem +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/tests/data/public_key.pem +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/tests/docs/Makefile +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/tests/docs/conf.py +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/tests/docs/index.rst +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/tests/test_acquire_command.py +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/tests/test_acquire_modules.py +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/tests/test_collector.py +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/tests/test_decryptor_funcs.py +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/tests/test_esxi_memory.py +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/tests/test_file_sorting.py +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/tests/test_gui.py +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/tests/test_minio_uploader.py +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/tests/test_misc_users.py +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/tests/test_outputs_dir.py +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/tests/test_outputs_tar.py +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/tests/test_outputs_zip.py +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/tests/test_plugin.py +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/tests/test_utils.py +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/tests/test_volatile.py +0 -0
- {acquire-3.18.dev2 → acquire-3.18.dev4}/tox.ini +0 -0
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.2
|
|
2
2
|
Name: acquire
|
|
3
|
-
Version: 3.18.
|
|
3
|
+
Version: 3.18.dev4
|
|
4
4
|
Summary: A tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container
|
|
5
5
|
Author-email: Dissect Team <dissect@fox-it.com>
|
|
6
6
|
License: Affero General Public License v3
|
|
@@ -770,6 +770,35 @@ class Exchange(Module):
|
|
|
770
770
|
return spec
|
|
771
771
|
|
|
772
772
|
|
|
773
|
+
@register_module("--mssql")
|
|
774
|
+
class MSSQL(Module):
|
|
775
|
+
DESC = "MSSQL error logs"
|
|
776
|
+
|
|
777
|
+
SPEC = [("glob", "/var/opt/mssql/log/errorlog*")]
|
|
778
|
+
|
|
779
|
+
@classmethod
|
|
780
|
+
def get_spec_additions(cls, target: Target, cli_args: argparse.Namespace) -> Iterator[tuple[str, str]]:
|
|
781
|
+
log_paths = set()
|
|
782
|
+
|
|
783
|
+
if not target.has_function("registry"):
|
|
784
|
+
return
|
|
785
|
+
|
|
786
|
+
for reg_key in target.registry.glob_ext("HKLM\\SOFTWARE\\Microsoft\\Microsoft SQL Server\\*"):
|
|
787
|
+
try:
|
|
788
|
+
log_paths.add(reg_key.value("ErrorDumpDir").value)
|
|
789
|
+
except Exception:
|
|
790
|
+
pass
|
|
791
|
+
|
|
792
|
+
try:
|
|
793
|
+
subkey = reg_key.subkey("CPE")
|
|
794
|
+
log_paths.add(subkey.value("ErrorDumpDir").value)
|
|
795
|
+
except Exception:
|
|
796
|
+
pass
|
|
797
|
+
|
|
798
|
+
for log_path in log_paths:
|
|
799
|
+
yield ("glob", f"{log_path}/ERRORLOG*")
|
|
800
|
+
|
|
801
|
+
|
|
773
802
|
@register_module("--iis")
|
|
774
803
|
class IIS(Module):
|
|
775
804
|
DESC = "IIS logs"
|
|
@@ -1307,6 +1336,8 @@ class Boot(Module):
|
|
|
1307
1336
|
("glob", "/boot/grub*"),
|
|
1308
1337
|
("glob", "/boot/init*"),
|
|
1309
1338
|
("glob", "/boot/system*"),
|
|
1339
|
+
# Proxmox specific file
|
|
1340
|
+
("glob", "/boot/pve*"),
|
|
1310
1341
|
]
|
|
1311
1342
|
|
|
1312
1343
|
|
|
@@ -1410,6 +1441,10 @@ class Var(Module):
|
|
|
1410
1441
|
("dir", "/var/audit"),
|
|
1411
1442
|
("dir", "/var/cron"),
|
|
1412
1443
|
("dir", "/var/run"),
|
|
1444
|
+
# Proxmox specific files
|
|
1445
|
+
("dir", "/var/lib/pve-cluster"),
|
|
1446
|
+
("dir", "/var/lib/pve-firewall"),
|
|
1447
|
+
("dir", "/var/lib/pve-manager"),
|
|
1413
1448
|
# some OS-X specific files
|
|
1414
1449
|
("dir", "/private/var/at"),
|
|
1415
1450
|
("dir", "/private/var/db/diagnostics"),
|
|
@@ -1978,6 +2013,7 @@ class WindowsProfile:
|
|
|
1978
2013
|
IIS,
|
|
1979
2014
|
TextEditor,
|
|
1980
2015
|
Docker,
|
|
2016
|
+
MSSQL,
|
|
1981
2017
|
]
|
|
1982
2018
|
|
|
1983
2019
|
|
|
@@ -1995,6 +2031,7 @@ class LinuxProfile:
|
|
|
1995
2031
|
Docker,
|
|
1996
2032
|
History,
|
|
1997
2033
|
WebHosting,
|
|
2034
|
+
MSSQL,
|
|
1998
2035
|
]
|
|
1999
2036
|
|
|
2000
2037
|
|
|
@@ -2041,6 +2078,22 @@ class OSXProfile:
|
|
|
2041
2078
|
]
|
|
2042
2079
|
|
|
2043
2080
|
|
|
2081
|
+
class ProxmoxProfile:
|
|
2082
|
+
MINIMAL = [
|
|
2083
|
+
Etc,
|
|
2084
|
+
Boot,
|
|
2085
|
+
Home,
|
|
2086
|
+
SSH,
|
|
2087
|
+
Var,
|
|
2088
|
+
]
|
|
2089
|
+
DEFAULT = MINIMAL
|
|
2090
|
+
FULL = [
|
|
2091
|
+
*DEFAULT,
|
|
2092
|
+
History,
|
|
2093
|
+
WebHosting,
|
|
2094
|
+
]
|
|
2095
|
+
|
|
2096
|
+
|
|
2044
2097
|
PROFILES = {
|
|
2045
2098
|
"full": {
|
|
2046
2099
|
"windows": WindowsProfile.FULL,
|
|
@@ -2048,6 +2101,7 @@ PROFILES = {
|
|
|
2048
2101
|
"bsd": BsdProfile.FULL,
|
|
2049
2102
|
"esxi": ESXiProfile.FULL,
|
|
2050
2103
|
"osx": OSXProfile.FULL,
|
|
2104
|
+
"proxmox": ProxmoxProfile.FULL,
|
|
2051
2105
|
},
|
|
2052
2106
|
"default": {
|
|
2053
2107
|
"windows": WindowsProfile.DEFAULT,
|
|
@@ -2055,6 +2109,7 @@ PROFILES = {
|
|
|
2055
2109
|
"bsd": BsdProfile.DEFAULT,
|
|
2056
2110
|
"esxi": ESXiProfile.DEFAULT,
|
|
2057
2111
|
"osx": OSXProfile.DEFAULT,
|
|
2112
|
+
"proxmox": ProxmoxProfile.DEFAULT,
|
|
2058
2113
|
},
|
|
2059
2114
|
"minimal": {
|
|
2060
2115
|
"windows": WindowsProfile.MINIMAL,
|
|
@@ -2062,6 +2117,7 @@ PROFILES = {
|
|
|
2062
2117
|
"bsd": BsdProfile.MINIMAL,
|
|
2063
2118
|
"esxi": ESXiProfile.MINIMAL,
|
|
2064
2119
|
"osx": OSXProfile.MINIMAL,
|
|
2120
|
+
"proxmox": ProxmoxProfile.MINIMAL,
|
|
2065
2121
|
},
|
|
2066
2122
|
"none": None,
|
|
2067
2123
|
}
|
|
@@ -2090,6 +2146,7 @@ VOLATILE = {
|
|
|
2090
2146
|
"bsd": [],
|
|
2091
2147
|
"esxi": [],
|
|
2092
2148
|
"osx": [],
|
|
2149
|
+
"proxmox": [],
|
|
2093
2150
|
},
|
|
2094
2151
|
"extensive": {
|
|
2095
2152
|
"windows": VolatileProfile.DEFAULT,
|
|
@@ -2097,6 +2154,7 @@ VOLATILE = {
|
|
|
2097
2154
|
"bsd": VolatileProfile.EXTENSIVE,
|
|
2098
2155
|
"esxi": VolatileProfile.EXTENSIVE,
|
|
2099
2156
|
"osx": [],
|
|
2157
|
+
"proxmox": [],
|
|
2100
2158
|
},
|
|
2101
2159
|
"none": None,
|
|
2102
2160
|
}
|
|
@@ -12,5 +12,5 @@ __version__: str
|
|
|
12
12
|
__version_tuple__: VERSION_TUPLE
|
|
13
13
|
version_tuple: VERSION_TUPLE
|
|
14
14
|
|
|
15
|
-
__version__ = version = '3.18.
|
|
16
|
-
__version_tuple__ = version_tuple = (3, 18, '
|
|
15
|
+
__version__ = version = '3.18.dev4'
|
|
16
|
+
__version_tuple__ = version_tuple = (3, 18, 'dev4')
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.2
|
|
2
2
|
Name: acquire
|
|
3
|
-
Version: 3.18.
|
|
3
|
+
Version: 3.18.dev4
|
|
4
4
|
Summary: A tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container
|
|
5
5
|
Author-email: Dissect Team <dissect@fox-it.com>
|
|
6
6
|
License: Affero General Public License v3
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|