acquire 3.18.dev6__tar.gz → 3.18.dev9__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- acquire-3.18.dev9/.git-blame-ignore-revs +6 -0
- acquire-3.18.dev9/.gitattributes +1 -0
- {acquire-3.18.dev6/acquire.egg-info → acquire-3.18.dev9}/PKG-INFO +1 -1
- {acquire-3.18.dev6 → acquire-3.18.dev9}/acquire/acquire.py +22 -9
- {acquire-3.18.dev6 → acquire-3.18.dev9}/acquire/collector.py +4 -7
- {acquire-3.18.dev6 → acquire-3.18.dev9}/acquire/gui/win32.py +0 -1
- {acquire-3.18.dev6 → acquire-3.18.dev9}/acquire/hashes.py +2 -1
- {acquire-3.18.dev6 → acquire-3.18.dev9}/acquire/version.py +2 -2
- {acquire-3.18.dev6 → acquire-3.18.dev9/acquire.egg-info}/PKG-INFO +1 -1
- {acquire-3.18.dev6 → acquire-3.18.dev9}/acquire.egg-info/SOURCES.txt +8 -5
- {acquire-3.18.dev6/tests/docs → acquire-3.18.dev9/tests/_docs}/Makefile +1 -1
- acquire-3.18.dev9/tests/_docs/__init__.py +0 -0
- {acquire-3.18.dev6/tests/docs → acquire-3.18.dev9/tests/_docs}/conf.py +7 -0
- {acquire-3.18.dev6 → acquire-3.18.dev9}/tests/conftest.py +1 -1
- {acquire-3.18.dev6 → acquire-3.18.dev9}/tests/test_outputs_tar.py +1 -1
- {acquire-3.18.dev6 → acquire-3.18.dev9}/tests/test_outputs_zip.py +1 -1
- {acquire-3.18.dev6 → acquire-3.18.dev9}/tox.ini +4 -4
- {acquire-3.18.dev6 → acquire-3.18.dev9}/COPYRIGHT +0 -0
- {acquire-3.18.dev6 → acquire-3.18.dev9}/LICENSE +0 -0
- {acquire-3.18.dev6 → acquire-3.18.dev9}/MANIFEST.in +0 -0
- {acquire-3.18.dev6 → acquire-3.18.dev9}/README.md +0 -0
- {acquire-3.18.dev6 → acquire-3.18.dev9}/acquire/__init__.py +0 -0
- {acquire-3.18.dev6 → acquire-3.18.dev9}/acquire/crypt.py +0 -0
- {acquire-3.18.dev6 → acquire-3.18.dev9}/acquire/dynamic/__init__.py +0 -0
- {acquire-3.18.dev6 → acquire-3.18.dev9}/acquire/dynamic/windows/__init__.py +0 -0
- {acquire-3.18.dev6 → acquire-3.18.dev9}/acquire/dynamic/windows/collect.py +0 -0
- {acquire-3.18.dev6 → acquire-3.18.dev9}/acquire/dynamic/windows/exceptions.py +0 -0
- {acquire-3.18.dev6 → acquire-3.18.dev9}/acquire/dynamic/windows/handles.py +0 -0
- {acquire-3.18.dev6 → acquire-3.18.dev9}/acquire/dynamic/windows/named_objects.py +0 -0
- {acquire-3.18.dev6 → acquire-3.18.dev9}/acquire/dynamic/windows/ntdll.py +0 -0
- {acquire-3.18.dev6 → acquire-3.18.dev9}/acquire/dynamic/windows/types.py +0 -0
- {acquire-3.18.dev6 → acquire-3.18.dev9}/acquire/esxi.py +0 -0
- {acquire-3.18.dev6 → acquire-3.18.dev9}/acquire/gui/__init__.py +0 -0
- {acquire-3.18.dev6 → acquire-3.18.dev9}/acquire/gui/base.py +0 -0
- {acquire-3.18.dev6 → acquire-3.18.dev9}/acquire/log.py +0 -0
- {acquire-3.18.dev6 → acquire-3.18.dev9}/acquire/outputs/__init__.py +0 -0
- {acquire-3.18.dev6 → acquire-3.18.dev9}/acquire/outputs/base.py +0 -0
- {acquire-3.18.dev6 → acquire-3.18.dev9}/acquire/outputs/dir.py +0 -0
- {acquire-3.18.dev6 → acquire-3.18.dev9}/acquire/outputs/tar.py +0 -0
- {acquire-3.18.dev6 → acquire-3.18.dev9}/acquire/outputs/zip.py +0 -0
- {acquire-3.18.dev6 → acquire-3.18.dev9}/acquire/tools/__init__.py +0 -0
- {acquire-3.18.dev6 → acquire-3.18.dev9}/acquire/tools/decrypter.py +0 -0
- {acquire-3.18.dev6 → acquire-3.18.dev9}/acquire/uploaders/__init__.py +0 -0
- {acquire-3.18.dev6 → acquire-3.18.dev9}/acquire/uploaders/minio.py +0 -0
- {acquire-3.18.dev6 → acquire-3.18.dev9}/acquire/uploaders/plugin.py +0 -0
- {acquire-3.18.dev6 → acquire-3.18.dev9}/acquire/uploaders/plugin_registry.py +0 -0
- {acquire-3.18.dev6 → acquire-3.18.dev9}/acquire/utils.py +0 -0
- {acquire-3.18.dev6 → acquire-3.18.dev9}/acquire/volatilestream.py +0 -0
- {acquire-3.18.dev6 → acquire-3.18.dev9}/acquire.egg-info/dependency_links.txt +0 -0
- {acquire-3.18.dev6 → acquire-3.18.dev9}/acquire.egg-info/entry_points.txt +0 -0
- {acquire-3.18.dev6 → acquire-3.18.dev9}/acquire.egg-info/requires.txt +0 -0
- {acquire-3.18.dev6 → acquire-3.18.dev9}/acquire.egg-info/top_level.txt +0 -0
- {acquire-3.18.dev6 → acquire-3.18.dev9}/pyproject.toml +0 -0
- {acquire-3.18.dev6 → acquire-3.18.dev9}/setup.cfg +0 -0
- {acquire-3.18.dev6 → acquire-3.18.dev9}/tests/__init__.py +0 -0
- {acquire-3.18.dev6/tests/data → acquire-3.18.dev9/tests/_data}/private_key.pem +0 -0
- {acquire-3.18.dev6/tests/data → acquire-3.18.dev9/tests/_data}/public_key.pem +0 -0
- {acquire-3.18.dev6/tests/docs → acquire-3.18.dev9/tests/_docs}/index.rst +0 -0
- {acquire-3.18.dev6 → acquire-3.18.dev9}/tests/test_acquire_command.py +0 -0
- {acquire-3.18.dev6 → acquire-3.18.dev9}/tests/test_acquire_modules.py +0 -0
- {acquire-3.18.dev6 → acquire-3.18.dev9}/tests/test_collector.py +0 -0
- {acquire-3.18.dev6 → acquire-3.18.dev9}/tests/test_decryptor_funcs.py +0 -0
- {acquire-3.18.dev6 → acquire-3.18.dev9}/tests/test_esxi_memory.py +0 -0
- {acquire-3.18.dev6 → acquire-3.18.dev9}/tests/test_file_sorting.py +0 -0
- {acquire-3.18.dev6 → acquire-3.18.dev9}/tests/test_gui.py +0 -0
- {acquire-3.18.dev6 → acquire-3.18.dev9}/tests/test_minio_uploader.py +0 -0
- {acquire-3.18.dev6 → acquire-3.18.dev9}/tests/test_misc_users.py +0 -0
- {acquire-3.18.dev6 → acquire-3.18.dev9}/tests/test_outputs_dir.py +0 -0
- {acquire-3.18.dev6 → acquire-3.18.dev9}/tests/test_plugin.py +0 -0
- {acquire-3.18.dev6 → acquire-3.18.dev9}/tests/test_utils.py +0 -0
- {acquire-3.18.dev6 → acquire-3.18.dev9}/tests/test_volatile.py +0 -0
|
@@ -0,0 +1 @@
|
|
|
1
|
+
tests/_data/** filter=lfs diff=lfs merge=lfs -text
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.2
|
|
2
2
|
Name: acquire
|
|
3
|
-
Version: 3.18.
|
|
3
|
+
Version: 3.18.dev9
|
|
4
4
|
Summary: A tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container
|
|
5
5
|
Author-email: Dissect Team <dissect@fox-it.com>
|
|
6
6
|
License: Affero General Public License v3
|
|
@@ -302,6 +302,18 @@ class Proc(Module):
|
|
|
302
302
|
collector.collect(spec, follow=False, volatile=True)
|
|
303
303
|
|
|
304
304
|
|
|
305
|
+
@register_module("--proc-net")
|
|
306
|
+
@local_module
|
|
307
|
+
class ProcNet(Module):
|
|
308
|
+
DESC = "Procfs network files (live systems only)"
|
|
309
|
+
EXEC_ORDER = ExecutionOrder.BOTTOM
|
|
310
|
+
|
|
311
|
+
@classmethod
|
|
312
|
+
def _run(cls, target: Target, cli_args: argparse.Namespace, collector: Collector) -> None:
|
|
313
|
+
spec = [("dir", "/proc/net")]
|
|
314
|
+
collector.collect(spec, follow=False, volatile=True)
|
|
315
|
+
|
|
316
|
+
|
|
305
317
|
@register_module("-n", "--ntfs")
|
|
306
318
|
class NTFS(Module):
|
|
307
319
|
DESC = "NTFS filesystem metadata"
|
|
@@ -2090,27 +2102,28 @@ class VolatileProfile:
|
|
|
2090
2102
|
WinArpCache,
|
|
2091
2103
|
WinRDPSessions,
|
|
2092
2104
|
WinDnsClientCache,
|
|
2105
|
+
ProcNet,
|
|
2093
2106
|
)
|
|
2094
|
-
|
|
2107
|
+
FULL = (
|
|
2095
2108
|
Proc,
|
|
2096
2109
|
Sys,
|
|
2097
2110
|
)
|
|
2098
2111
|
|
|
2099
2112
|
|
|
2100
2113
|
VOLATILE = {
|
|
2101
|
-
"
|
|
2114
|
+
"full": {
|
|
2102
2115
|
"windows": VolatileProfile.DEFAULT,
|
|
2103
|
-
"linux":
|
|
2104
|
-
"bsd":
|
|
2105
|
-
"esxi":
|
|
2116
|
+
"linux": VolatileProfile.FULL,
|
|
2117
|
+
"bsd": VolatileProfile.FULL,
|
|
2118
|
+
"esxi": VolatileProfile.FULL,
|
|
2106
2119
|
"osx": [],
|
|
2107
2120
|
"proxmox": [],
|
|
2108
2121
|
},
|
|
2109
|
-
"
|
|
2122
|
+
"default": {
|
|
2110
2123
|
"windows": VolatileProfile.DEFAULT,
|
|
2111
|
-
"linux":
|
|
2112
|
-
"bsd":
|
|
2113
|
-
"esxi":
|
|
2124
|
+
"linux": [],
|
|
2125
|
+
"bsd": [],
|
|
2126
|
+
"esxi": [],
|
|
2114
2127
|
"osx": [],
|
|
2115
2128
|
"proxmox": [],
|
|
2116
2129
|
},
|
|
@@ -330,13 +330,10 @@ class Collector:
|
|
|
330
330
|
used.
|
|
331
331
|
base: A different base path to use to store the file, it is prepended to the given or
|
|
332
332
|
generated ``outpath``.
|
|
333
|
-
volatile: When this flag is set, the collection of a number of artefacts is
|
|
334
|
-
|
|
335
|
-
|
|
336
|
-
|
|
337
|
-
- files will be collected in a slower but more robust way, any errors while
|
|
338
|
-
reading the bytes will not fail the collection of the file and all bytes
|
|
339
|
-
already retrieved will be stored.
|
|
333
|
+
volatile: When this flag is set, the collection of a number of artefacts is performed slightly different.
|
|
334
|
+
Symlinks at the end of a path will not be collected, empty directories will be collected,
|
|
335
|
+
files will be collected in a slower but more robust way, any errors while reading the bytes
|
|
336
|
+
will not fail the collection of the file and all bytes already retrieved will be stored.
|
|
340
337
|
seen_paths: A list of normalized path strings, used when calling this function
|
|
341
338
|
recursively to collect directories to break out of symlink loops.
|
|
342
339
|
"""
|
|
@@ -162,7 +162,8 @@ def collect_hashes(
|
|
|
162
162
|
Walk through the paths, calculate hashes and return details per path.
|
|
163
163
|
|
|
164
164
|
Spec contains a path selector and a list of hash functions to compute against the paths.
|
|
165
|
-
For example
|
|
165
|
+
For example::
|
|
166
|
+
|
|
166
167
|
[
|
|
167
168
|
("dir", ("sysvol/Windows/", ("exe", "dll", "sys"))),
|
|
168
169
|
(HashFunc.MD5, HashFunc.SHA1)
|
|
@@ -12,5 +12,5 @@ __version__: str
|
|
|
12
12
|
__version_tuple__: VERSION_TUPLE
|
|
13
13
|
version_tuple: VERSION_TUPLE
|
|
14
14
|
|
|
15
|
-
__version__ = version = '3.18.
|
|
16
|
-
__version_tuple__ = version_tuple = (3, 18, '
|
|
15
|
+
__version__ = version = '3.18.dev9'
|
|
16
|
+
__version_tuple__ = version_tuple = (3, 18, 'dev9')
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.2
|
|
2
2
|
Name: acquire
|
|
3
|
-
Version: 3.18.
|
|
3
|
+
Version: 3.18.dev9
|
|
4
4
|
Summary: A tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container
|
|
5
5
|
Author-email: Dissect Team <dissect@fox-it.com>
|
|
6
6
|
License: Affero General Public License v3
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
.git-blame-ignore-revs
|
|
2
|
+
.gitattributes
|
|
1
3
|
COPYRIGHT
|
|
2
4
|
LICENSE
|
|
3
5
|
MANIFEST.in
|
|
@@ -59,8 +61,9 @@ tests/test_outputs_zip.py
|
|
|
59
61
|
tests/test_plugin.py
|
|
60
62
|
tests/test_utils.py
|
|
61
63
|
tests/test_volatile.py
|
|
62
|
-
tests/
|
|
63
|
-
tests/
|
|
64
|
-
tests/
|
|
65
|
-
tests/
|
|
66
|
-
tests/
|
|
64
|
+
tests/_data/private_key.pem
|
|
65
|
+
tests/_data/public_key.pem
|
|
66
|
+
tests/_docs/Makefile
|
|
67
|
+
tests/_docs/__init__.py
|
|
68
|
+
tests/_docs/conf.py
|
|
69
|
+
tests/_docs/index.rst
|
|
File without changes
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
project = "acquire"
|
|
2
|
+
|
|
1
3
|
extensions = [
|
|
2
4
|
"autoapi.extension",
|
|
3
5
|
"sphinx.ext.autodoc",
|
|
@@ -32,3 +34,8 @@ autodoc_typehints = "signature"
|
|
|
32
34
|
autodoc_member_order = "groupwise"
|
|
33
35
|
|
|
34
36
|
autosectionlabel_prefix_document = True
|
|
37
|
+
|
|
38
|
+
suppress_warnings = [
|
|
39
|
+
# https://github.com/readthedocs/sphinx-autoapi/issues/285
|
|
40
|
+
"autoapi.python_import_resolution",
|
|
41
|
+
]
|
|
@@ -56,7 +56,7 @@ def test_tar_output_encrypt(mock_fs: VirtualFilesystem, public_key: bytes, tmp_p
|
|
|
56
56
|
tar_output.write_entry(entry_name, entry)
|
|
57
57
|
tar_output.close()
|
|
58
58
|
|
|
59
|
-
encrypted_stream = EncryptedFile(tar_output.path.open("rb"), Path("tests/
|
|
59
|
+
encrypted_stream = EncryptedFile(tar_output.path.open("rb"), Path("tests/_data/private_key.pem"))
|
|
60
60
|
decrypted_path = tmp_path / "decrypted.tar"
|
|
61
61
|
# Direct streaming is not an option because tarfile needs seek when reading from encrypted files directly
|
|
62
62
|
Path(decrypted_path).write_bytes(encrypted_stream.read())
|
|
@@ -60,7 +60,7 @@ def test_zip_output_encrypt(mock_fs: VirtualFilesystem, public_key: bytes, tmp_p
|
|
|
60
60
|
zip_output.write_entry(entry_name, entry)
|
|
61
61
|
zip_output.close()
|
|
62
62
|
|
|
63
|
-
encrypted_stream = EncryptedFile(zip_output.path.open("rb"), Path("tests/
|
|
63
|
+
encrypted_stream = EncryptedFile(zip_output.path.open("rb"), Path("tests/_data/private_key.pem"))
|
|
64
64
|
decrypted_path = tmp_path / "decrypted.zip"
|
|
65
65
|
# Direct streaming is not an option because zipfile needs seek when reading from encrypted files directly
|
|
66
66
|
Path(decrypted_path).write_bytes(encrypted_stream.read())
|
|
@@ -55,12 +55,12 @@ deps =
|
|
|
55
55
|
sphinx-design
|
|
56
56
|
furo
|
|
57
57
|
commands =
|
|
58
|
-
make -C tests/
|
|
59
|
-
make -C tests/
|
|
58
|
+
make -C tests/_docs clean
|
|
59
|
+
make -C tests/_docs html
|
|
60
60
|
|
|
61
61
|
[testenv:docs-linkcheck]
|
|
62
62
|
allowlist_externals = make
|
|
63
63
|
deps = {[testenv:docs-build]deps}
|
|
64
64
|
commands =
|
|
65
|
-
make -C tests/
|
|
66
|
-
make -C tests/
|
|
65
|
+
make -C tests/_docs clean
|
|
66
|
+
make -C tests/_docs linkcheck
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|