acquire 3.20.dev1__tar.gz → 3.20.dev2__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (70) hide show
  1. {acquire-3.20.dev1 → acquire-3.20.dev2}/PKG-INFO +1 -1
  2. {acquire-3.20.dev1 → acquire-3.20.dev2}/acquire/acquire.py +51 -19
  3. {acquire-3.20.dev1 → acquire-3.20.dev2}/acquire/version.py +2 -2
  4. {acquire-3.20.dev1 → acquire-3.20.dev2}/acquire.egg-info/PKG-INFO +1 -1
  5. {acquire-3.20.dev1 → acquire-3.20.dev2}/tests/test_volatile.py +1 -1
  6. {acquire-3.20.dev1 → acquire-3.20.dev2}/.git-blame-ignore-revs +0 -0
  7. {acquire-3.20.dev1 → acquire-3.20.dev2}/.gitattributes +0 -0
  8. {acquire-3.20.dev1 → acquire-3.20.dev2}/COPYRIGHT +0 -0
  9. {acquire-3.20.dev1 → acquire-3.20.dev2}/LICENSE +0 -0
  10. {acquire-3.20.dev1 → acquire-3.20.dev2}/MANIFEST.in +0 -0
  11. {acquire-3.20.dev1 → acquire-3.20.dev2}/README.md +0 -0
  12. {acquire-3.20.dev1 → acquire-3.20.dev2}/acquire/__init__.py +0 -0
  13. {acquire-3.20.dev1 → acquire-3.20.dev2}/acquire/collector.py +0 -0
  14. {acquire-3.20.dev1 → acquire-3.20.dev2}/acquire/crypt.py +0 -0
  15. {acquire-3.20.dev1 → acquire-3.20.dev2}/acquire/dynamic/__init__.py +0 -0
  16. {acquire-3.20.dev1 → acquire-3.20.dev2}/acquire/dynamic/windows/__init__.py +0 -0
  17. {acquire-3.20.dev1 → acquire-3.20.dev2}/acquire/dynamic/windows/collect.py +0 -0
  18. {acquire-3.20.dev1 → acquire-3.20.dev2}/acquire/dynamic/windows/exceptions.py +0 -0
  19. {acquire-3.20.dev1 → acquire-3.20.dev2}/acquire/dynamic/windows/handles.py +0 -0
  20. {acquire-3.20.dev1 → acquire-3.20.dev2}/acquire/dynamic/windows/named_objects.py +0 -0
  21. {acquire-3.20.dev1 → acquire-3.20.dev2}/acquire/dynamic/windows/ntdll.py +0 -0
  22. {acquire-3.20.dev1 → acquire-3.20.dev2}/acquire/dynamic/windows/types.py +0 -0
  23. {acquire-3.20.dev1 → acquire-3.20.dev2}/acquire/esxi.py +0 -0
  24. {acquire-3.20.dev1 → acquire-3.20.dev2}/acquire/gui/__init__.py +0 -0
  25. {acquire-3.20.dev1 → acquire-3.20.dev2}/acquire/gui/base.py +0 -0
  26. {acquire-3.20.dev1 → acquire-3.20.dev2}/acquire/gui/win32.py +0 -0
  27. {acquire-3.20.dev1 → acquire-3.20.dev2}/acquire/hashes.py +0 -0
  28. {acquire-3.20.dev1 → acquire-3.20.dev2}/acquire/log.py +0 -0
  29. {acquire-3.20.dev1 → acquire-3.20.dev2}/acquire/outputs/__init__.py +0 -0
  30. {acquire-3.20.dev1 → acquire-3.20.dev2}/acquire/outputs/base.py +0 -0
  31. {acquire-3.20.dev1 → acquire-3.20.dev2}/acquire/outputs/dir.py +0 -0
  32. {acquire-3.20.dev1 → acquire-3.20.dev2}/acquire/outputs/tar.py +0 -0
  33. {acquire-3.20.dev1 → acquire-3.20.dev2}/acquire/outputs/zip.py +0 -0
  34. {acquire-3.20.dev1 → acquire-3.20.dev2}/acquire/tools/__init__.py +0 -0
  35. {acquire-3.20.dev1 → acquire-3.20.dev2}/acquire/tools/decrypter.py +0 -0
  36. {acquire-3.20.dev1 → acquire-3.20.dev2}/acquire/uploaders/__init__.py +0 -0
  37. {acquire-3.20.dev1 → acquire-3.20.dev2}/acquire/uploaders/minio.py +0 -0
  38. {acquire-3.20.dev1 → acquire-3.20.dev2}/acquire/uploaders/plugin.py +0 -0
  39. {acquire-3.20.dev1 → acquire-3.20.dev2}/acquire/uploaders/plugin_registry.py +0 -0
  40. {acquire-3.20.dev1 → acquire-3.20.dev2}/acquire/utils.py +0 -0
  41. {acquire-3.20.dev1 → acquire-3.20.dev2}/acquire/volatilestream.py +0 -0
  42. {acquire-3.20.dev1 → acquire-3.20.dev2}/acquire.egg-info/SOURCES.txt +0 -0
  43. {acquire-3.20.dev1 → acquire-3.20.dev2}/acquire.egg-info/dependency_links.txt +0 -0
  44. {acquire-3.20.dev1 → acquire-3.20.dev2}/acquire.egg-info/entry_points.txt +0 -0
  45. {acquire-3.20.dev1 → acquire-3.20.dev2}/acquire.egg-info/requires.txt +0 -0
  46. {acquire-3.20.dev1 → acquire-3.20.dev2}/acquire.egg-info/top_level.txt +0 -0
  47. {acquire-3.20.dev1 → acquire-3.20.dev2}/pyproject.toml +0 -0
  48. {acquire-3.20.dev1 → acquire-3.20.dev2}/setup.cfg +0 -0
  49. {acquire-3.20.dev1 → acquire-3.20.dev2}/tests/__init__.py +0 -0
  50. {acquire-3.20.dev1 → acquire-3.20.dev2}/tests/_data/private_key.pem +0 -0
  51. {acquire-3.20.dev1 → acquire-3.20.dev2}/tests/_data/public_key.pem +0 -0
  52. {acquire-3.20.dev1 → acquire-3.20.dev2}/tests/_docs/Makefile +0 -0
  53. {acquire-3.20.dev1 → acquire-3.20.dev2}/tests/_docs/conf.py +0 -0
  54. {acquire-3.20.dev1 → acquire-3.20.dev2}/tests/_docs/index.rst +0 -0
  55. {acquire-3.20.dev1 → acquire-3.20.dev2}/tests/conftest.py +0 -0
  56. {acquire-3.20.dev1 → acquire-3.20.dev2}/tests/test_acquire_command.py +0 -0
  57. {acquire-3.20.dev1 → acquire-3.20.dev2}/tests/test_acquire_modules.py +0 -0
  58. {acquire-3.20.dev1 → acquire-3.20.dev2}/tests/test_collector.py +0 -0
  59. {acquire-3.20.dev1 → acquire-3.20.dev2}/tests/test_decryptor_funcs.py +0 -0
  60. {acquire-3.20.dev1 → acquire-3.20.dev2}/tests/test_esxi_memory.py +0 -0
  61. {acquire-3.20.dev1 → acquire-3.20.dev2}/tests/test_file_sorting.py +0 -0
  62. {acquire-3.20.dev1 → acquire-3.20.dev2}/tests/test_gui.py +0 -0
  63. {acquire-3.20.dev1 → acquire-3.20.dev2}/tests/test_minio_uploader.py +0 -0
  64. {acquire-3.20.dev1 → acquire-3.20.dev2}/tests/test_misc_users.py +0 -0
  65. {acquire-3.20.dev1 → acquire-3.20.dev2}/tests/test_outputs_dir.py +0 -0
  66. {acquire-3.20.dev1 → acquire-3.20.dev2}/tests/test_outputs_tar.py +0 -0
  67. {acquire-3.20.dev1 → acquire-3.20.dev2}/tests/test_outputs_zip.py +0 -0
  68. {acquire-3.20.dev1 → acquire-3.20.dev2}/tests/test_plugin.py +0 -0
  69. {acquire-3.20.dev1 → acquire-3.20.dev2}/tests/test_utils.py +0 -0
  70. {acquire-3.20.dev1 → acquire-3.20.dev2}/tox.ini +0 -0
{acquire-3.20.dev1 → acquire-3.20.dev2}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: acquire
3
- Version: 3.20.dev1
3
+ Version: 3.20.dev2
4
4
  Summary: A tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container
5
5
  Author-email: Dissect Team <dissect@fox-it.com>
6
6
  License: Affero General Public License v3
{acquire-3.20.dev1 → acquire-3.20.dev2}/acquire/acquire.py RENAMED
@@ -281,28 +281,56 @@ class Module:
281
281
 
282
282
 
283
283
  @register_module("--sys")
284
+ @module_arg(
285
+ "--full-sys",
286
+ action=argparse.BooleanOptionalAction,
287
+ help="acquire all Sysfs (/sys) entries",
288
+ )
284
289
  @local_module
285
290
  class Sys(Module):
286
- DESC = "Sysfs files (live systems only)"
291
+ DESC = """all or a subset of Sysfs (/sys) entries (live systems only). Defaults to a subset.
292
+ Use --full-sys to acquire all entries."""
287
293
  EXEC_ORDER = ExecutionOrder.BOTTOM
288
294
 
289
295
  @classmethod
290
296
  def _run(cls, target: Target, cli_args: argparse.Namespace, collector: Collector) -> None:
291
- spec = [("path", "/sys")]
297
+ spec_path = "/sys" if cli_args.full_sys else "/sys/module"
298
+ spec = [("path", spec_path)]
299
+
292
300
  collector.collect(spec, follow=False, volatile=True)
293
301
 
294
302
 
295
303
  @register_module("--proc")
304
+ @module_arg(
305
+ "--full-proc",
306
+ action=argparse.BooleanOptionalAction,
307
+ help="acquire all Procfs (/proc) entries",
308
+ )
296
309
  @local_module
297
310
  class Proc(Module):
298
- DESC = "Procfs files (live systems only)"
311
+ DESC = """all or a subset of Procfs (/proc) entries (live systems only). Defaults to a subset.
312
+ Use --full-proc to acquire all entries."""
299
313
  EXEC_ORDER = ExecutionOrder.BOTTOM
300
314
 
301
315
  @classmethod
302
316
  def _run(cls, target: Target, cli_args: argparse.Namespace, collector: Collector) -> None:
303
- spec = [("path", "/proc")]
317
+ if cli_args.full_proc:
318
+ spec = [("path", "/proc")]
319
+ else:
320
+ spec = [
321
+ ("path", "/proc/sys/kernel/hostname"),
322
+ ("path", "/proc/uptime"),
323
+ ("path", "/proc/stat"),
324
+ ]
325
+ spec = itertools.chain(spec, cls._get_proc_specs(target))
304
326
  collector.collect(spec, follow=False, volatile=True)
305
327
 
328
+ @classmethod
329
+ def _get_proc_specs(cls, target: Target) -> Iterator[tuple[str, str]]:
330
+ pid_paths = ["status", "stat", "environ"]
331
+ for proc, part in itertools.product(target.proc.iter_proc(), pid_paths):
332
+ yield ("path", proc / part)
333
+
306
334
 
307
335
  @register_module("--proc-net")
308
336
  @local_module
@@ -312,7 +340,14 @@ class ProcNet(Module):
312
340
 
313
341
  @classmethod
314
342
  def _run(cls, target: Target, cli_args: argparse.Namespace, collector: Collector) -> None:
315
- spec = [("path", "/proc/net")]
343
+ # With network namespaces, /proc/net is a references to /proc/<pid>/net,
344
+ # It contains the same information as /proc/net, however it only shows the information from the
345
+ # namespace where the process is the member of.
346
+ # TODO: Research about network namespaces
347
+ spec = [
348
+ ("path", "/proc/net/"),
349
+ ("path", "/proc/self/net/"),
350
+ ]
316
351
  collector.collect(spec, follow=False, volatile=True)
317
352
 
318
353
 
@@ -2174,29 +2209,20 @@ class VolatileProfile:
2174
2209
  WinRDPSessions,
2175
2210
  WinDnsClientCache,
2176
2211
  ProcNet,
2177
- )
2178
- FULL = (
2179
2212
  Proc,
2180
2213
  Sys,
2181
2214
  )
2182
2215
 
2183
2216
 
2184
2217
  VOLATILE = {
2185
- "full": {
2186
- "windows": VolatileProfile.DEFAULT,
2187
- "linux": VolatileProfile.FULL,
2188
- "bsd": VolatileProfile.FULL,
2189
- "esxi": VolatileProfile.FULL,
2190
- "macos": [],
2191
- "proxmox": [],
2192
- },
2193
2218
  "default": {
2194
2219
  "windows": VolatileProfile.DEFAULT,
2195
- "linux": [],
2196
- "bsd": [],
2197
- "esxi": [],
2220
+ "linux": VolatileProfile.DEFAULT,
2221
+ "bsd": VolatileProfile.DEFAULT,
2222
+ "esxi": VolatileProfile.DEFAULT,
2198
2223
  "macos": [],
2199
- "proxmox": [],
2224
+ # proxmox is debian based
2225
+ "proxmox": VolatileProfile.DEFAULT,
2200
2226
  },
2201
2227
  "none": None,
2202
2228
  }
@@ -2258,6 +2284,12 @@ def main() -> None:
2258
2284
  DeprecationWarning,
2259
2285
  stacklevel=2,
2260
2286
  )
2287
+ if "--proc-net" in sys.argv:
2288
+ warnings.warn(
2289
+ "--proc-net will be merged with --proc and will be removed in acquire 3.23",
2290
+ DeprecationWarning,
2291
+ stacklevel=2,
2292
+ )
2261
2293
 
2262
2294
  # start GUI if requested through CLI / config
2263
2295
  flavour = None
{acquire-3.20.dev1 → acquire-3.20.dev2}/acquire/version.py RENAMED
@@ -17,5 +17,5 @@ __version__: str
17
17
  __version_tuple__: VERSION_TUPLE
18
18
  version_tuple: VERSION_TUPLE
19
19
 
20
- __version__ = version = '3.20.dev1'
21
- __version_tuple__ = version_tuple = (3, 20, 'dev1')
20
+ __version__ = version = '3.20.dev2'
21
+ __version_tuple__ = version_tuple = (3, 20, 'dev2')
{acquire-3.20.dev1 → acquire-3.20.dev2}/acquire.egg-info/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: acquire
3
- Version: 3.20.dev1
3
+ Version: 3.20.dev2
4
4
  Summary: A tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container
5
5
  Author-email: Dissect Team <dissect@fox-it.com>
6
6
  License: Affero General Public License v3
{acquire-3.20.dev1 → acquire-3.20.dev2}/tests/test_volatile.py RENAMED
@@ -7,7 +7,7 @@ import pytest
7
7
  from acquire.volatilestream import timeout
8
8
 
9
9
 
10
- def test_timeout() -> None:
10
+ def test_volatile_stream_timeout() -> None:
11
11
  def snooze() -> None:
12
12
  sleep(10)
13
13
 
{acquire-3.20.dev1 → acquire-3.20.dev2}/.gitattributes RENAMED
File without changes
{acquire-3.20.dev1 → acquire-3.20.dev2}/COPYRIGHT RENAMED
File without changes
{acquire-3.20.dev1 → acquire-3.20.dev2}/LICENSE RENAMED
File without changes
{acquire-3.20.dev1 → acquire-3.20.dev2}/MANIFEST.in RENAMED
File without changes
{acquire-3.20.dev1 → acquire-3.20.dev2}/README.md RENAMED
File without changes
{acquire-3.20.dev1 → acquire-3.20.dev2}/acquire/esxi.py RENAMED
File without changes
{acquire-3.20.dev1 → acquire-3.20.dev2}/acquire/log.py RENAMED
File without changes
{acquire-3.20.dev1 → acquire-3.20.dev2}/pyproject.toml RENAMED
File without changes
{acquire-3.20.dev1 → acquire-3.20.dev2}/setup.cfg RENAMED
File without changes
{acquire-3.20.dev1 → acquire-3.20.dev2}/tox.ini RENAMED
File without changes