dissect.target 3.11.1__py3-none-any.whl → 3.11.2.dev1__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. dissect/target/plugins/apps/webhosting/__init__.py +0 -0
  2. dissect/target/plugins/apps/webhosting/cpanel.py +72 -0
  3. {dissect.target-3.11.1.dist-info → dissect.target-3.11.2.dev1.dist-info}/METADATA +1 -1
  4. {dissect.target-3.11.1.dist-info → dissect.target-3.11.2.dev1.dist-info}/RECORD +9 -7
  5. {dissect.target-3.11.1.dist-info → dissect.target-3.11.2.dev1.dist-info}/COPYRIGHT +0 -0
  6. {dissect.target-3.11.1.dist-info → dissect.target-3.11.2.dev1.dist-info}/LICENSE +0 -0
  7. {dissect.target-3.11.1.dist-info → dissect.target-3.11.2.dev1.dist-info}/WHEEL +0 -0
  8. {dissect.target-3.11.1.dist-info → dissect.target-3.11.2.dev1.dist-info}/entry_points.txt +0 -0
  9. {dissect.target-3.11.1.dist-info → dissect.target-3.11.2.dev1.dist-info}/top_level.txt +0 -0
dissect/target/plugins/apps/webhosting/__init__.py ADDED
File without changes
dissect/target/plugins/apps/webhosting/cpanel.py ADDED
@@ -0,0 +1,72 @@
1
+ import re
2
+ from datetime import datetime
3
+ from typing import Iterator
4
+
5
+ from dissect.target.exceptions import UnsupportedPluginError
6
+ from dissect.target.helpers.record import TargetRecordDescriptor
7
+ from dissect.target.plugin import Plugin, export
8
+
9
+ CPanelLastloginRecord = TargetRecordDescriptor(
10
+ "application/log/cpanel/lastlogin",
11
+ [
12
+ ("datetime", "ts"),
13
+ ("string", "user"),
14
+ ("net.ipaddress", "remote_ip"),
15
+ ],
16
+ )
17
+
18
+ CPANEL_LASTLOGIN = ".lastlogin"
19
+ CPANEL_LOGS_PATH = "/usr/local/cpanel/logs"
20
+ CPANEL_LASTLOGIN_PATTERN = re.compile(
21
+ r"([^\s]+) # ([0-9]{4}-[0-9]{2}-[0-9]{2}) ([0-9]{2}:[0-9]{2}:[0-9]{2}) ([+-][0-9]{4})"
22
+ )
23
+
24
+
25
+ class CPanelPlugin(Plugin):
26
+ # TODO: Parse other log files https://support.cartika.com/portal/en/kb/articles/whm-cpanel-log-files-and-locations
27
+ __namespace__ = "cpanel"
28
+
29
+ def check_compatible(self) -> None:
30
+ if not self.target.fs.path(CPANEL_LOGS_PATH).exists():
31
+ raise UnsupportedPluginError("No cPanel log path found")
32
+
33
+ @export(record=CPanelLastloginRecord)
34
+ def lastlogin(self) -> Iterator[CPanelLastloginRecord]:
35
+ """Return the content of the cPanel lastlogin file.
36
+
37
+ The lastlogin files tracks successful cPanel interface logons. New logon events are only tracked
38
+ if the IP-address of the logon changes.
39
+
40
+ References:
41
+ - https://forums.cpanel.net/threads/cpanel-control-panel-last-login-clarification.579221/
42
+ - https://forums.cpanel.net/threads/lastlogin.707557/
43
+ """
44
+ for user_details in self.target.user_details.all_with_home():
45
+ if (lastlogin := user_details.home_path.joinpath(CPANEL_LASTLOGIN)).exists():
46
+ try:
47
+ for index, line in enumerate(lastlogin.open("rt")):
48
+ line = line.strip()
49
+ if not line:
50
+ continue
51
+
52
+ if events := CPANEL_LASTLOGIN_PATTERN.findall(line):
53
+ for event in events:
54
+ remote_ip, date, time, utc_offset = event
55
+
56
+ timestamp = datetime.strptime(f"{date} {time} {utc_offset}", "%Y-%m-%d %H:%M:%S %z")
57
+
58
+ yield CPanelLastloginRecord(
59
+ ts=timestamp,
60
+ user=user_details.user.name,
61
+ remote_ip=remote_ip,
62
+ _target=self.target,
63
+ )
64
+ else:
65
+ self.target.log.warning(
66
+ "The cPanel lastlogin line number %s is malformed: %s", index + 1, lastlogin
67
+ )
68
+
69
+ except Exception:
70
+ self.target.log.warning(
71
+ "An error occurred parsing cPanel lastlogin line number %i in file: %s", index + 1, lastlogin
72
+ )
{dissect.target-3.11.1.dist-info → dissect.target-3.11.2.dev1.dist-info}/METADATA RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: dissect.target
3
- Version: 3.11.1
3
+ Version: 3.11.2.dev1
4
4
  Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
5
5
  Author-email: Dissect Team <dissect@fox-it.com>
6
6
  License: Affero General Public License v3
{dissect.target-3.11.1.dist-info → dissect.target-3.11.2.dev1.dist-info}/RECORD RENAMED
@@ -103,6 +103,8 @@ dissect/target/plugins/apps/ssh/openssh.py,sha256=bOtUj_jrie8ncTmtj_cCmFh169i4eW
103
103
  dissect/target/plugins/apps/vpns/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
104
104
  dissect/target/plugins/apps/vpns/openvpn.py,sha256=OP2dUIlAdVpMAW9OQycWQpigmemF1AJKIEUVNgTB7HQ,6622
105
105
  dissect/target/plugins/apps/vpns/wireguard.py,sha256=LpGwbABhrViMVUJ-QWS1leLHyjwVtIMIp-dzkvarE0c,5773
106
+ dissect/target/plugins/apps/webhosting/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
107
+ dissect/target/plugins/apps/webhosting/cpanel.py,sha256=OeFQnu9GmpffIlFyK-AR2Qf8tjyMhazWEAUyccDU5y0,2979
106
108
  dissect/target/plugins/apps/webservers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
107
109
  dissect/target/plugins/apps/webservers/apache.py,sha256=tEH65kRDzNnRkn_oy9pjGqzvP82gx-G4ZRVjyjY_rU4,7091
108
110
  dissect/target/plugins/apps/webservers/caddy.py,sha256=uwrH1pYkKaaa9GGueyCi2QO_4WT0msvm_ju7Ff3YxuU,6306
@@ -277,10 +279,10 @@ dissect/target/volumes/bde.py,sha256=gYGg5yF9MNARwNzEkrEfZmKkxyZW4rhLkpdnPJCbhGk
277
279
  dissect/target/volumes/disk.py,sha256=95grSsPt1BLVpKwTclwQYzPFGKTkFFqapIk0RoGWf38,968
278
280
  dissect/target/volumes/lvm.py,sha256=_kIB1mdRs1OFhRgoT4VEP5Fv8imQnI7oQ_ie4x710tQ,1814
279
281
  dissect/target/volumes/vmfs.py,sha256=mlAJ8278tYaoRjk1u6tFFlCaDQUrVu5ZZE4ikiFvxi8,1707
280
- dissect.target-3.11.1.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
281
- dissect.target-3.11.1.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
282
- dissect.target-3.11.1.dist-info/METADATA,sha256=wudvlAixkld0J1BHVGSJgy_Lt387ycWx6FD-Mhf7W44,10707
283
- dissect.target-3.11.1.dist-info/WHEEL,sha256=5sUXSg9e4bi7lTLOHcm6QEYwO5TIF1TNbTSVFVjcJcc,92
284
- dissect.target-3.11.1.dist-info/entry_points.txt,sha256=tvFPa-Ap-gakjaPwRc6Fl6mxHzxEZ_arAVU-IUYeo_s,447
285
- dissect.target-3.11.1.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
286
- dissect.target-3.11.1.dist-info/RECORD,,
282
+ dissect.target-3.11.2.dev1.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
283
+ dissect.target-3.11.2.dev1.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
284
+ dissect.target-3.11.2.dev1.dist-info/METADATA,sha256=Bpf8TdpjIStxlBta0fNZO6ytz6f2caTDAgXftEX4pqw,10712
285
+ dissect.target-3.11.2.dev1.dist-info/WHEEL,sha256=5sUXSg9e4bi7lTLOHcm6QEYwO5TIF1TNbTSVFVjcJcc,92
286
+ dissect.target-3.11.2.dev1.dist-info/entry_points.txt,sha256=tvFPa-Ap-gakjaPwRc6Fl6mxHzxEZ_arAVU-IUYeo_s,447
287
+ dissect.target-3.11.2.dev1.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
288
+ dissect.target-3.11.2.dev1.dist-info/RECORD,,