acquire 3.20.2.dev2__tar.gz → 3.20.2.dev4__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/PKG-INFO +1 -1
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/acquire/acquire.py +13 -11
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/acquire/utils.py +12 -1
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/acquire/version.py +3 -3
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/acquire.egg-info/PKG-INFO +1 -1
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/.git-blame-ignore-revs +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/.gitattributes +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/COPYRIGHT +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/LICENSE +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/MANIFEST.in +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/README.md +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/acquire/__init__.py +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/acquire/collector.py +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/acquire/crypt.py +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/acquire/dynamic/__init__.py +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/acquire/dynamic/windows/__init__.py +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/acquire/dynamic/windows/collect.py +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/acquire/dynamic/windows/exceptions.py +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/acquire/dynamic/windows/handles.py +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/acquire/dynamic/windows/named_objects.py +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/acquire/dynamic/windows/ntdll.py +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/acquire/dynamic/windows/types.py +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/acquire/esxi.py +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/acquire/gui/__init__.py +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/acquire/gui/base.py +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/acquire/gui/win32.py +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/acquire/hashes.py +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/acquire/log.py +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/acquire/outputs/__init__.py +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/acquire/outputs/base.py +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/acquire/outputs/dir.py +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/acquire/outputs/tar.py +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/acquire/outputs/zip.py +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/acquire/tools/__init__.py +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/acquire/tools/decrypter.py +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/acquire/uploaders/__init__.py +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/acquire/uploaders/minio.py +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/acquire/uploaders/plugin.py +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/acquire/uploaders/plugin_registry.py +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/acquire/volatilestream.py +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/acquire.egg-info/SOURCES.txt +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/acquire.egg-info/dependency_links.txt +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/acquire.egg-info/entry_points.txt +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/acquire.egg-info/requires.txt +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/acquire.egg-info/top_level.txt +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/pyproject.toml +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/setup.cfg +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/tests/__init__.py +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/tests/_data/private_key.pem +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/tests/_data/public_key.pem +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/tests/_docs/Makefile +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/tests/_docs/conf.py +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/tests/_docs/index.rst +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/tests/conftest.py +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/tests/test_acquire_command.py +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/tests/test_acquire_modules.py +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/tests/test_acquire_profiles.py +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/tests/test_collector.py +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/tests/test_decryptor_funcs.py +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/tests/test_esxi_memory.py +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/tests/test_file_sorting.py +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/tests/test_gui.py +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/tests/test_minio_uploader.py +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/tests/test_misc_users.py +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/tests/test_outputs_dir.py +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/tests/test_outputs_tar.py +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/tests/test_outputs_zip.py +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/tests/test_plugin.py +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/tests/test_utils.py +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/tests/test_volatile.py +0 -0
- {acquire-3.20.2.dev2 → acquire-3.20.2.dev4}/tox.ini +0 -0
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: acquire
|
|
3
|
-
Version: 3.20.2.
|
|
3
|
+
Version: 3.20.2.dev4
|
|
4
4
|
Summary: A tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container
|
|
5
5
|
Author-email: Dissect Team <dissect@fox-it.com>
|
|
6
6
|
License-Expression: AGPL-3.0-or-later
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
from __future__ import annotations
|
|
2
2
|
|
|
3
3
|
import argparse
|
|
4
|
+
import contextlib
|
|
4
5
|
import enum
|
|
5
6
|
import functools
|
|
6
7
|
import io
|
|
@@ -2416,19 +2417,20 @@ def main() -> None:
|
|
|
2416
2417
|
target_path = f"{target_path}?{target_query}"
|
|
2417
2418
|
target_paths.append(target_path)
|
|
2418
2419
|
|
|
2420
|
+
# Use esxi_memory_context_manager only if running on ESXi host
|
|
2421
|
+
if platform.system().lower() == "vmkernel":
|
|
2422
|
+
context_mgr = esxi_memory_context_manager()
|
|
2423
|
+
else:
|
|
2424
|
+
context_mgr = contextlib.nullcontext()
|
|
2425
|
+
|
|
2419
2426
|
try:
|
|
2420
2427
|
target_name = "Unknown" # just in case open_all already fails
|
|
2421
|
-
|
|
2422
|
-
|
|
2423
|
-
|
|
2424
|
-
|
|
2425
|
-
|
|
2426
|
-
|
|
2427
|
-
# Loader found that we are running on an esxi host
|
|
2428
|
-
# Perform operations to "enhance" memory
|
|
2429
|
-
with esxi_memory_context_manager():
|
|
2430
|
-
files_to_upload = acquire_children_and_targets(target, args)
|
|
2431
|
-
else:
|
|
2428
|
+
with context_mgr:
|
|
2429
|
+
for target in Target.open_all(target_paths):
|
|
2430
|
+
target_name = "Unknown" # overwrite previous target name
|
|
2431
|
+
target_name = target.name
|
|
2432
|
+
log.info("Loading target %s", target_name)
|
|
2433
|
+
log.info(target)
|
|
2432
2434
|
files_to_upload = acquire_children_and_targets(target, args)
|
|
2433
2435
|
except Exception:
|
|
2434
2436
|
log.error("Failed to acquire target: %s", target_name) # noqa: TRY400
|
|
@@ -15,6 +15,7 @@ from pathlib import Path
|
|
|
15
15
|
from typing import TYPE_CHECKING, Any
|
|
16
16
|
|
|
17
17
|
from dissect.target.helpers import keychain
|
|
18
|
+
from dissect.target.tools.utils import _OverrideRequiredAction, list_children
|
|
18
19
|
|
|
19
20
|
from acquire.outputs import (
|
|
20
21
|
COMPRESSION_METHODS,
|
|
@@ -139,7 +140,12 @@ def create_argument_parser(profiles: dict, volatile: dict, modules: dict) -> arg
|
|
|
139
140
|
|
|
140
141
|
parser.add_argument("--disable-report", action="store_true", help="disable acquisition report file")
|
|
141
142
|
|
|
142
|
-
parser.add_argument(
|
|
143
|
+
parser.add_argument(
|
|
144
|
+
"--list-children", action=_OverrideRequiredAction, help="list all children indices and paths, then exit"
|
|
145
|
+
)
|
|
146
|
+
parser.add_argument("--recursive", action="store_true", help="make --list-children behave recursively")
|
|
147
|
+
|
|
148
|
+
parser.add_argument("--child", help="only collect specific child based on index or path, see --list-children")
|
|
143
149
|
parser.add_argument(
|
|
144
150
|
"--children",
|
|
145
151
|
action=argparse.BooleanOptionalAction,
|
|
@@ -214,6 +220,11 @@ def parse_acquire_args(
|
|
|
214
220
|
args, rest = parser.parse_known_args()
|
|
215
221
|
_merge_args_and_config(parser, args, config)
|
|
216
222
|
|
|
223
|
+
if args.list_children:
|
|
224
|
+
# List found children on targets and exit
|
|
225
|
+
list_children(args)
|
|
226
|
+
parser.exit(0)
|
|
227
|
+
|
|
217
228
|
return args, rest
|
|
218
229
|
|
|
219
230
|
|
|
@@ -28,7 +28,7 @@ version_tuple: VERSION_TUPLE
|
|
|
28
28
|
commit_id: COMMIT_ID
|
|
29
29
|
__commit_id__: COMMIT_ID
|
|
30
30
|
|
|
31
|
-
__version__ = version = '3.20.2.
|
|
32
|
-
__version_tuple__ = version_tuple = (3, 20, 2, '
|
|
31
|
+
__version__ = version = '3.20.2.dev4'
|
|
32
|
+
__version_tuple__ = version_tuple = (3, 20, 2, 'dev4')
|
|
33
33
|
|
|
34
|
-
__commit_id__ = commit_id = '
|
|
34
|
+
__commit_id__ = commit_id = 'gca78bce15'
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: acquire
|
|
3
|
-
Version: 3.20.2.
|
|
3
|
+
Version: 3.20.2.dev4
|
|
4
4
|
Summary: A tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container
|
|
5
5
|
Author-email: Dissect Team <dissect@fox-it.com>
|
|
6
6
|
License-Expression: AGPL-3.0-or-later
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|