acquire 3.20.dev5__tar.gz → 3.20.dev7__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {acquire-3.20.dev5 → acquire-3.20.dev7}/PKG-INFO +1 -1
- {acquire-3.20.dev5 → acquire-3.20.dev7}/acquire/acquire.py +20 -0
- acquire-3.20.dev7/acquire/version.py +34 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/acquire.egg-info/PKG-INFO +1 -1
- acquire-3.20.dev5/acquire/version.py +0 -21
- {acquire-3.20.dev5 → acquire-3.20.dev7}/.git-blame-ignore-revs +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/.gitattributes +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/COPYRIGHT +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/LICENSE +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/MANIFEST.in +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/README.md +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/acquire/__init__.py +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/acquire/collector.py +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/acquire/crypt.py +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/acquire/dynamic/__init__.py +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/acquire/dynamic/windows/__init__.py +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/acquire/dynamic/windows/collect.py +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/acquire/dynamic/windows/exceptions.py +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/acquire/dynamic/windows/handles.py +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/acquire/dynamic/windows/named_objects.py +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/acquire/dynamic/windows/ntdll.py +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/acquire/dynamic/windows/types.py +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/acquire/esxi.py +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/acquire/gui/__init__.py +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/acquire/gui/base.py +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/acquire/gui/win32.py +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/acquire/hashes.py +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/acquire/log.py +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/acquire/outputs/__init__.py +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/acquire/outputs/base.py +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/acquire/outputs/dir.py +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/acquire/outputs/tar.py +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/acquire/outputs/zip.py +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/acquire/tools/__init__.py +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/acquire/tools/decrypter.py +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/acquire/uploaders/__init__.py +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/acquire/uploaders/minio.py +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/acquire/uploaders/plugin.py +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/acquire/uploaders/plugin_registry.py +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/acquire/utils.py +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/acquire/volatilestream.py +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/acquire.egg-info/SOURCES.txt +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/acquire.egg-info/dependency_links.txt +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/acquire.egg-info/entry_points.txt +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/acquire.egg-info/requires.txt +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/acquire.egg-info/top_level.txt +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/pyproject.toml +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/setup.cfg +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/tests/__init__.py +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/tests/_data/private_key.pem +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/tests/_data/public_key.pem +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/tests/_docs/Makefile +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/tests/_docs/conf.py +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/tests/_docs/index.rst +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/tests/conftest.py +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/tests/test_acquire_command.py +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/tests/test_acquire_modules.py +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/tests/test_acquire_profiles.py +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/tests/test_collector.py +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/tests/test_decryptor_funcs.py +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/tests/test_esxi_memory.py +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/tests/test_file_sorting.py +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/tests/test_gui.py +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/tests/test_minio_uploader.py +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/tests/test_misc_users.py +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/tests/test_outputs_dir.py +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/tests/test_outputs_tar.py +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/tests/test_outputs_zip.py +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/tests/test_plugin.py +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/tests/test_utils.py +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/tests/test_volatile.py +0 -0
- {acquire-3.20.dev5 → acquire-3.20.dev7}/tox.ini +0 -0
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: acquire
|
|
3
|
-
Version: 3.20.
|
|
3
|
+
Version: 3.20.dev7
|
|
4
4
|
Summary: A tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container
|
|
5
5
|
Author-email: Dissect Team <dissect@fox-it.com>
|
|
6
6
|
License: Affero General Public License v3
|
|
@@ -859,6 +859,24 @@ class IIS(Module):
|
|
|
859
859
|
return spec
|
|
860
860
|
|
|
861
861
|
|
|
862
|
+
@register_module("--sharepoint")
|
|
863
|
+
class SharePoint(Module):
|
|
864
|
+
DESC = "Windows SharePoint Server logs"
|
|
865
|
+
|
|
866
|
+
@classmethod
|
|
867
|
+
def get_spec_additions(cls, target: Target, cli_args: argparse.Namespace) -> Iterator[tuple]:
|
|
868
|
+
spec = set()
|
|
869
|
+
key = "HKLM\\SOFTWARE\\Microsoft\\Shared Tools\\Web Server Extensions\\*\\WSS"
|
|
870
|
+
|
|
871
|
+
for reg_key in target.registry.glob_ext(key):
|
|
872
|
+
try:
|
|
873
|
+
spec.add(("path", reg_key.value("LogDir").value))
|
|
874
|
+
except Exception: # noqa: PERF203
|
|
875
|
+
pass
|
|
876
|
+
|
|
877
|
+
return spec
|
|
878
|
+
|
|
879
|
+
|
|
862
880
|
@register_module("--prefetch")
|
|
863
881
|
class Prefetch(Module):
|
|
864
882
|
DESC = "Windows Prefetch files"
|
|
@@ -1073,6 +1091,7 @@ class AV(Module):
|
|
|
1073
1091
|
# McAfee
|
|
1074
1092
|
("path", "Application Data/McAfee/DesktopProtection", from_user_home),
|
|
1075
1093
|
("path", "sysvol/ProgramData/McAfee/DesktopProtection"),
|
|
1094
|
+
("path", "sysvol/ProgramData/McAfee/Endpoint Security/ATP"),
|
|
1076
1095
|
("path", "sysvol/ProgramData/McAfee/Endpoint Security/Logs"),
|
|
1077
1096
|
("path", "sysvol/ProgramData/McAfee/Endpoint Security/Logs_Old"),
|
|
1078
1097
|
("path", "sysvol/ProgramData/Mcafee/VirusScan"),
|
|
@@ -2113,6 +2132,7 @@ class WindowsProfile:
|
|
|
2113
2132
|
WindowsNotifications,
|
|
2114
2133
|
SSH,
|
|
2115
2134
|
IIS,
|
|
2135
|
+
SharePoint,
|
|
2116
2136
|
TextEditor,
|
|
2117
2137
|
Docker,
|
|
2118
2138
|
MSSQL,
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
# file generated by setuptools-scm
|
|
2
|
+
# don't change, don't track in version control
|
|
3
|
+
|
|
4
|
+
__all__ = [
|
|
5
|
+
"__version__",
|
|
6
|
+
"__version_tuple__",
|
|
7
|
+
"version",
|
|
8
|
+
"version_tuple",
|
|
9
|
+
"__commit_id__",
|
|
10
|
+
"commit_id",
|
|
11
|
+
]
|
|
12
|
+
|
|
13
|
+
TYPE_CHECKING = False
|
|
14
|
+
if TYPE_CHECKING:
|
|
15
|
+
from typing import Tuple
|
|
16
|
+
from typing import Union
|
|
17
|
+
|
|
18
|
+
VERSION_TUPLE = Tuple[Union[int, str], ...]
|
|
19
|
+
COMMIT_ID = Union[str, None]
|
|
20
|
+
else:
|
|
21
|
+
VERSION_TUPLE = object
|
|
22
|
+
COMMIT_ID = object
|
|
23
|
+
|
|
24
|
+
version: str
|
|
25
|
+
__version__: str
|
|
26
|
+
__version_tuple__: VERSION_TUPLE
|
|
27
|
+
version_tuple: VERSION_TUPLE
|
|
28
|
+
commit_id: COMMIT_ID
|
|
29
|
+
__commit_id__: COMMIT_ID
|
|
30
|
+
|
|
31
|
+
__version__ = version = '3.20.dev7'
|
|
32
|
+
__version_tuple__ = version_tuple = (3, 20, 'dev7')
|
|
33
|
+
|
|
34
|
+
__commit_id__ = commit_id = 'gc243af820'
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: acquire
|
|
3
|
-
Version: 3.20.
|
|
3
|
+
Version: 3.20.dev7
|
|
4
4
|
Summary: A tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container
|
|
5
5
|
Author-email: Dissect Team <dissect@fox-it.com>
|
|
6
6
|
License: Affero General Public License v3
|
|
@@ -1,21 +0,0 @@
|
|
|
1
|
-
# file generated by setuptools-scm
|
|
2
|
-
# don't change, don't track in version control
|
|
3
|
-
|
|
4
|
-
__all__ = ["__version__", "__version_tuple__", "version", "version_tuple"]
|
|
5
|
-
|
|
6
|
-
TYPE_CHECKING = False
|
|
7
|
-
if TYPE_CHECKING:
|
|
8
|
-
from typing import Tuple
|
|
9
|
-
from typing import Union
|
|
10
|
-
|
|
11
|
-
VERSION_TUPLE = Tuple[Union[int, str], ...]
|
|
12
|
-
else:
|
|
13
|
-
VERSION_TUPLE = object
|
|
14
|
-
|
|
15
|
-
version: str
|
|
16
|
-
__version__: str
|
|
17
|
-
__version_tuple__: VERSION_TUPLE
|
|
18
|
-
version_tuple: VERSION_TUPLE
|
|
19
|
-
|
|
20
|
-
__version__ = version = '3.20.dev5'
|
|
21
|
-
__version_tuple__ = version_tuple = (3, 20, 'dev5')
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|