acquire 3.18.dev3__tar.gz → 3.18.dev5__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (68) hide show
  1. {acquire-3.18.dev3/acquire.egg-info → acquire-3.18.dev5}/PKG-INFO +1 -1
  2. {acquire-3.18.dev3 → acquire-3.18.dev5}/acquire/acquire.py +31 -0
  3. {acquire-3.18.dev3 → acquire-3.18.dev5}/acquire/tools/decrypter.py +3 -2
  4. {acquire-3.18.dev3 → acquire-3.18.dev5}/acquire/version.py +2 -2
  5. {acquire-3.18.dev3 → acquire-3.18.dev5/acquire.egg-info}/PKG-INFO +1 -1
  6. {acquire-3.18.dev3 → acquire-3.18.dev5}/COPYRIGHT +0 -0
  7. {acquire-3.18.dev3 → acquire-3.18.dev5}/LICENSE +0 -0
  8. {acquire-3.18.dev3 → acquire-3.18.dev5}/MANIFEST.in +0 -0
  9. {acquire-3.18.dev3 → acquire-3.18.dev5}/README.md +0 -0
  10. {acquire-3.18.dev3 → acquire-3.18.dev5}/acquire/__init__.py +0 -0
  11. {acquire-3.18.dev3 → acquire-3.18.dev5}/acquire/collector.py +0 -0
  12. {acquire-3.18.dev3 → acquire-3.18.dev5}/acquire/crypt.py +0 -0
  13. {acquire-3.18.dev3 → acquire-3.18.dev5}/acquire/dynamic/__init__.py +0 -0
  14. {acquire-3.18.dev3 → acquire-3.18.dev5}/acquire/dynamic/windows/__init__.py +0 -0
  15. {acquire-3.18.dev3 → acquire-3.18.dev5}/acquire/dynamic/windows/collect.py +0 -0
  16. {acquire-3.18.dev3 → acquire-3.18.dev5}/acquire/dynamic/windows/exceptions.py +0 -0
  17. {acquire-3.18.dev3 → acquire-3.18.dev5}/acquire/dynamic/windows/handles.py +0 -0
  18. {acquire-3.18.dev3 → acquire-3.18.dev5}/acquire/dynamic/windows/named_objects.py +0 -0
  19. {acquire-3.18.dev3 → acquire-3.18.dev5}/acquire/dynamic/windows/ntdll.py +0 -0
  20. {acquire-3.18.dev3 → acquire-3.18.dev5}/acquire/dynamic/windows/types.py +0 -0
  21. {acquire-3.18.dev3 → acquire-3.18.dev5}/acquire/esxi.py +0 -0
  22. {acquire-3.18.dev3 → acquire-3.18.dev5}/acquire/gui/__init__.py +0 -0
  23. {acquire-3.18.dev3 → acquire-3.18.dev5}/acquire/gui/base.py +0 -0
  24. {acquire-3.18.dev3 → acquire-3.18.dev5}/acquire/gui/win32.py +0 -0
  25. {acquire-3.18.dev3 → acquire-3.18.dev5}/acquire/hashes.py +0 -0
  26. {acquire-3.18.dev3 → acquire-3.18.dev5}/acquire/log.py +0 -0
  27. {acquire-3.18.dev3 → acquire-3.18.dev5}/acquire/outputs/__init__.py +0 -0
  28. {acquire-3.18.dev3 → acquire-3.18.dev5}/acquire/outputs/base.py +0 -0
  29. {acquire-3.18.dev3 → acquire-3.18.dev5}/acquire/outputs/dir.py +0 -0
  30. {acquire-3.18.dev3 → acquire-3.18.dev5}/acquire/outputs/tar.py +0 -0
  31. {acquire-3.18.dev3 → acquire-3.18.dev5}/acquire/outputs/zip.py +0 -0
  32. {acquire-3.18.dev3 → acquire-3.18.dev5}/acquire/tools/__init__.py +0 -0
  33. {acquire-3.18.dev3 → acquire-3.18.dev5}/acquire/uploaders/__init__.py +0 -0
  34. {acquire-3.18.dev3 → acquire-3.18.dev5}/acquire/uploaders/minio.py +0 -0
  35. {acquire-3.18.dev3 → acquire-3.18.dev5}/acquire/uploaders/plugin.py +0 -0
  36. {acquire-3.18.dev3 → acquire-3.18.dev5}/acquire/uploaders/plugin_registry.py +0 -0
  37. {acquire-3.18.dev3 → acquire-3.18.dev5}/acquire/utils.py +0 -0
  38. {acquire-3.18.dev3 → acquire-3.18.dev5}/acquire/volatilestream.py +0 -0
  39. {acquire-3.18.dev3 → acquire-3.18.dev5}/acquire.egg-info/SOURCES.txt +0 -0
  40. {acquire-3.18.dev3 → acquire-3.18.dev5}/acquire.egg-info/dependency_links.txt +0 -0
  41. {acquire-3.18.dev3 → acquire-3.18.dev5}/acquire.egg-info/entry_points.txt +0 -0
  42. {acquire-3.18.dev3 → acquire-3.18.dev5}/acquire.egg-info/requires.txt +0 -0
  43. {acquire-3.18.dev3 → acquire-3.18.dev5}/acquire.egg-info/top_level.txt +0 -0
  44. {acquire-3.18.dev3 → acquire-3.18.dev5}/pyproject.toml +0 -0
  45. {acquire-3.18.dev3 → acquire-3.18.dev5}/setup.cfg +0 -0
  46. {acquire-3.18.dev3 → acquire-3.18.dev5}/tests/__init__.py +0 -0
  47. {acquire-3.18.dev3 → acquire-3.18.dev5}/tests/conftest.py +0 -0
  48. {acquire-3.18.dev3 → acquire-3.18.dev5}/tests/data/private_key.pem +0 -0
  49. {acquire-3.18.dev3 → acquire-3.18.dev5}/tests/data/public_key.pem +0 -0
  50. {acquire-3.18.dev3 → acquire-3.18.dev5}/tests/docs/Makefile +0 -0
  51. {acquire-3.18.dev3 → acquire-3.18.dev5}/tests/docs/conf.py +0 -0
  52. {acquire-3.18.dev3 → acquire-3.18.dev5}/tests/docs/index.rst +0 -0
  53. {acquire-3.18.dev3 → acquire-3.18.dev5}/tests/test_acquire_command.py +0 -0
  54. {acquire-3.18.dev3 → acquire-3.18.dev5}/tests/test_acquire_modules.py +0 -0
  55. {acquire-3.18.dev3 → acquire-3.18.dev5}/tests/test_collector.py +0 -0
  56. {acquire-3.18.dev3 → acquire-3.18.dev5}/tests/test_decryptor_funcs.py +0 -0
  57. {acquire-3.18.dev3 → acquire-3.18.dev5}/tests/test_esxi_memory.py +0 -0
  58. {acquire-3.18.dev3 → acquire-3.18.dev5}/tests/test_file_sorting.py +0 -0
  59. {acquire-3.18.dev3 → acquire-3.18.dev5}/tests/test_gui.py +0 -0
  60. {acquire-3.18.dev3 → acquire-3.18.dev5}/tests/test_minio_uploader.py +0 -0
  61. {acquire-3.18.dev3 → acquire-3.18.dev5}/tests/test_misc_users.py +0 -0
  62. {acquire-3.18.dev3 → acquire-3.18.dev5}/tests/test_outputs_dir.py +0 -0
  63. {acquire-3.18.dev3 → acquire-3.18.dev5}/tests/test_outputs_tar.py +0 -0
  64. {acquire-3.18.dev3 → acquire-3.18.dev5}/tests/test_outputs_zip.py +0 -0
  65. {acquire-3.18.dev3 → acquire-3.18.dev5}/tests/test_plugin.py +0 -0
  66. {acquire-3.18.dev3 → acquire-3.18.dev5}/tests/test_utils.py +0 -0
  67. {acquire-3.18.dev3 → acquire-3.18.dev5}/tests/test_volatile.py +0 -0
  68. {acquire-3.18.dev3 → acquire-3.18.dev5}/tox.ini +0 -0
{acquire-3.18.dev3/acquire.egg-info → acquire-3.18.dev5}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.2
2
2
  Name: acquire
3
- Version: 3.18.dev3
3
+ Version: 3.18.dev5
4
4
  Summary: A tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container
5
5
  Author-email: Dissect Team <dissect@fox-it.com>
6
6
  License: Affero General Public License v3
{acquire-3.18.dev3 → acquire-3.18.dev5}/acquire/acquire.py RENAMED
@@ -770,6 +770,35 @@ class Exchange(Module):
770
770
  return spec
771
771
 
772
772
 
773
+ @register_module("--mssql")
774
+ class MSSQL(Module):
775
+ DESC = "MSSQL error logs"
776
+
777
+ SPEC = [("glob", "/var/opt/mssql/log/errorlog*")]
778
+
779
+ @classmethod
780
+ def get_spec_additions(cls, target: Target, cli_args: argparse.Namespace) -> Iterator[tuple[str, str]]:
781
+ log_paths = set()
782
+
783
+ if not target.has_function("registry"):
784
+ return
785
+
786
+ for reg_key in target.registry.glob_ext("HKLM\\SOFTWARE\\Microsoft\\Microsoft SQL Server\\*"):
787
+ try:
788
+ log_paths.add(reg_key.value("ErrorDumpDir").value)
789
+ except Exception:
790
+ pass
791
+
792
+ try:
793
+ subkey = reg_key.subkey("CPE")
794
+ log_paths.add(subkey.value("ErrorDumpDir").value)
795
+ except Exception:
796
+ pass
797
+
798
+ for log_path in log_paths:
799
+ yield ("glob", f"{log_path}/ERRORLOG*")
800
+
801
+
773
802
  @register_module("--iis")
774
803
  class IIS(Module):
775
804
  DESC = "IIS logs"
@@ -1984,6 +2013,7 @@ class WindowsProfile:
1984
2013
  IIS,
1985
2014
  TextEditor,
1986
2015
  Docker,
2016
+ MSSQL,
1987
2017
  ]
1988
2018
 
1989
2019
 
@@ -2001,6 +2031,7 @@ class LinuxProfile:
2001
2031
  Docker,
2002
2032
  History,
2003
2033
  WebHosting,
2034
+ MSSQL,
2004
2035
  ]
2005
2036
 
2006
2037
 
{acquire-3.18.dev3 → acquire-3.18.dev5}/acquire/tools/decrypter.py RENAMED
@@ -374,7 +374,7 @@ def setup_logging(logger: logging.Logger, verbosity: int) -> None:
374
374
  logger.setLevel(level)
375
375
 
376
376
 
377
- def main() -> None:
377
+ def main() -> int:
378
378
  parser = argparse.ArgumentParser()
379
379
  parser.add_argument("files", nargs="+", type=Path, help="paths to encrypted files")
380
380
  parser.add_argument("-o", "--output", type=Path, help="optional path to output file")
@@ -496,7 +496,8 @@ def main() -> None:
496
496
  # Else, if all were successful but there were still tasks to handle, return 3
497
497
  elif tasks:
498
498
  exit_code = 3
499
- exit(exit_code)
499
+
500
+ return exit_code
500
501
 
501
502
 
502
503
  def show_duplicates(output_directory: Path, files: list[Path]) -> None:
{acquire-3.18.dev3 → acquire-3.18.dev5}/acquire/version.py RENAMED
@@ -12,5 +12,5 @@ __version__: str
12
12
  __version_tuple__: VERSION_TUPLE
13
13
  version_tuple: VERSION_TUPLE
14
14
 
15
- __version__ = version = '3.18.dev3'
16
- __version_tuple__ = version_tuple = (3, 18, 'dev3')
15
+ __version__ = version = '3.18.dev5'
16
+ __version_tuple__ = version_tuple = (3, 18, 'dev5')
{acquire-3.18.dev3 → acquire-3.18.dev5/acquire.egg-info}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.2
2
2
  Name: acquire
3
- Version: 3.18.dev3
3
+ Version: 3.18.dev5
4
4
  Summary: A tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container
5
5
  Author-email: Dissect Team <dissect@fox-it.com>
6
6
  License: Affero General Public License v3
{acquire-3.18.dev3 → acquire-3.18.dev5}/COPYRIGHT RENAMED
File without changes
{acquire-3.18.dev3 → acquire-3.18.dev5}/LICENSE RENAMED
File without changes
{acquire-3.18.dev3 → acquire-3.18.dev5}/MANIFEST.in RENAMED
File without changes
{acquire-3.18.dev3 → acquire-3.18.dev5}/README.md RENAMED
File without changes
{acquire-3.18.dev3 → acquire-3.18.dev5}/acquire/esxi.py RENAMED
File without changes
{acquire-3.18.dev3 → acquire-3.18.dev5}/acquire/log.py RENAMED
File without changes
{acquire-3.18.dev3 → acquire-3.18.dev5}/pyproject.toml RENAMED
File without changes
{acquire-3.18.dev3 → acquire-3.18.dev5}/setup.cfg RENAMED
File without changes
{acquire-3.18.dev3 → acquire-3.18.dev5}/tox.ini RENAMED
File without changes