dissect.target 3.14.dev28__py3-none-any.whl → 3.15__py3-none-any.whl

dissect/target/tools/query.py

@@ -14,13 +14,15 @@ from dissect.target import Target
 from dissect.target.exceptions import (
     FatalError,
     PluginNotFoundError,
+    TargetError,
     UnsupportedPluginError,
 )
-from dissect.target.helpers import cache, hashutil
+from dissect.target.helpers import cache, record_modifier
 from dissect.target.loaders.targetd import ProxyLoader
 from dissect.target.plugin import PLUGINS, OSPlugin, Plugin, find_plugin_functions
 from dissect.target.report import ExecutionReport
 from dissect.target.tools.utils import (
+    args_to_uri,
     catch_sigpipe,
     configure_generic_arguments,
     execute_function_on_target,
@@ -80,6 +82,15 @@ def main():
         default=None,
         help="list (matching) available plugins and loaders",
     )
+
+    parser.add_argument(
+        "-L",
+        "--loader",
+        action="store",
+        default=None,
+        help="select a specific loader (i.e. vmx, raw)",
+    )
+
     parser.add_argument("-s", "--strings", action="store_true", help="print output as string")
     parser.add_argument("-d", "--delimiter", default=" ", action="store", metavar="','")
     parser.add_argument("-j", "--json", action="store_true", help="output records as json")
@@ -100,7 +111,8 @@ def main():
         ),
     )
     parser.add_argument("--cmdb", action="store_true")
-    parser.add_argument("--hash", action="store_true", help="hash all uri paths in records")
+    parser.add_argument("--hash", action="store_true", help="hash all paths in records")
+    parser.add_argument("--resolve", action="store_true", help="resolve all paths in records")
     parser.add_argument(
         "--report-dir",
         type=pathlib.Path,
@@ -110,6 +122,9 @@ def main():
 
     args, rest = parser.parse_known_args()
 
+    # If loader is specified then map to uri
+    targets = args_to_uri(args.targets, args.loader, rest) if args.loader else args.targets
+
     # Show help for target-query
     if not args.function and ("-h" in rest or "--help" in rest):
         parser.print_help()
@@ -134,7 +149,7 @@ def main():
 
     # Show help for a function or in general
     if "-h" in rest or "--help" in rest:
-        found_functions, _ = find_plugin_functions(Target(), args.function, False)
+        found_functions, _ = find_plugin_functions(None, args.function, compatibility=False)
         if not len(found_functions):
             parser.error("function(s) not found, see -l for available plugins")
         func = found_functions[0]
@@ -156,16 +171,16 @@ def main():
     if args.list:
         collected_plugins = {}
 
-        if args.targets:
-            for target in args.targets:
+        if targets:
+            for target in targets:
                 plugin_target = Target.open(target)
                 if isinstance(plugin_target._loader, ProxyLoader):
                     parser.error("can't list compatible plugins for remote targets.")
-                funcs, _ = find_plugin_functions(plugin_target, args.list, True, show_hidden=True)
+                funcs, _ = find_plugin_functions(plugin_target, args.list, compatibility=True, show_hidden=True)
                 for func in funcs:
                     collected_plugins[func.path] = func.plugin_desc
         else:
-            funcs, _ = find_plugin_functions(Target(), args.list, False, show_hidden=True)
+            funcs, _ = find_plugin_functions(Target(), args.list, compatibility=False, show_hidden=True)
             for func in funcs:
                 collected_plugins[func.path] = func.plugin_desc
 
@@ -178,13 +193,13 @@ def main():
             target.plugins(list(collected_plugins.values()))
 
         # No real targets specified, show the available loaders
-        if not args.targets:
+        if not targets:
             fparser = generate_argparse_for_bound_method(target.loaders, usage_tmpl=USAGE_FORMAT_TMPL)
             fargs, rest = fparser.parse_known_args(rest)
             target.loaders(**vars(fargs))
         parser.exit()
 
-    if not args.targets:
+    if not targets:
         parser.error("too few arguments")
 
     if not args.function:
@@ -203,13 +218,13 @@ def main():
     # The only scenario that might cause this is with
     # custom plugins with idiosyncratic output across OS-versions/branches.
     output_types = set()
-    funcs, invalid_funcs = find_plugin_functions(Target(), args.function, compatibility=False)
+    funcs, invalid_funcs = find_plugin_functions(None, args.function, compatibility=False)
 
     if any(invalid_funcs):
         parser.error(f"argument -f/--function contains invalid plugin(s): {', '.join(invalid_funcs)}")
 
     excluded_funcs, invalid_excluded_funcs = find_plugin_functions(
-        Target(),
+        None,
         args.excluded_functions,
         compatibility=False,
     )
@@ -219,10 +234,10 @@ def main():
             f"argument -xf/--excluded-functions contains invalid plugin(s): {', '.join(invalid_excluded_funcs)}",
         )
 
-    excluded_func_names = {excluded_func.name for excluded_func in excluded_funcs}
+    excluded_func_paths = {excluded_func.path for excluded_func in excluded_funcs}
 
     for func in funcs:
-        if func.name in excluded_func_names:
+        if func.path in excluded_func_paths:
             continue
         output_types.add(func.output_type)
 
@@ -240,124 +255,135 @@ def main():
     execution_report.set_cli_args(args)
     execution_report.set_event_callbacks(Target)
 
-    for target in Target.open_all(args.targets, args.children):
-        if args.child:
-            try:
-                target = target.open_child(args.child)
-            except Exception:
-                target.log.exception("Exception while opening child '%s'", args.child)
+    try:
+        for target in Target.open_all(targets, args.children):
+            if args.child:
+                try:
+                    target = target.open_child(args.child)
+                except Exception:
+                    target.log.exception("Exception while opening child '%s'", args.child)
 
-        if args.dry_run:
-            print(f"Dry run on: {target}")
+            if args.dry_run:
+                print(f"Dry run on: {target}")
 
-        record_entries = []
-        basic_entries = []
-        yield_entries = []
+            record_entries = []
+            basic_entries = []
+            yield_entries = []
 
-        # Keep a set of plugins that were already executed on the target.
-        executed_plugins = set()
+            # Keep a set of plugins that were already executed on the target.
+            executed_plugins = set()
 
-        first_seen_output_type = default_output_type
-        cli_params_unparsed = rest
+            first_seen_output_type = default_output_type
+            cli_params_unparsed = rest
 
-        func_defs, _ = find_plugin_functions(target, args.function, compatibility=False)
-        excluded_funcs, _ = find_plugin_functions(target, args.excluded_functions, compatibility=False)
-        excluded_func_names = {excluded_func.name for excluded_func in excluded_funcs}
+            func_defs, _ = find_plugin_functions(target, args.function, compatibility=False)
+            excluded_funcs, _ = find_plugin_functions(target, args.excluded_functions, compatibility=False)
+            excluded_func_paths = {excluded_func.path for excluded_func in excluded_funcs}
 
-        for func_def in func_defs:
-            if func_def.name in excluded_func_names:
-                continue
+            for func_def in func_defs:
+                if func_def.path in excluded_func_paths:
+                    continue
 
-            # Avoid executing same plugin for multiple OSes (like hostname)
-            if func_def.name in executed_plugins:
-                continue
-            executed_plugins.add(func_def.name)
-
-            # If the default type is record (meaning we skip everything else)
-            # and actual output type is not record, continue.
-            # We perform this check here because plugins that require output files/dirs
-            # will exit if we attempt to exec them without (because they are implied by the wildcard).
-            # Also this saves cycles of course.
-            if default_output_type == "record" and func_def.output_type != "record":
-                continue
+                # Avoid executing same plugin for multiple OSes (like hostname)
+                if func_def.name in executed_plugins:
+                    continue
+                executed_plugins.add(func_def.name)
 
-            if args.dry_run:
-                print(f"  execute: {func_def.name} ({func_def.path})")
-                continue
+                # If the default type is record (meaning we skip everything else)
+                # and actual output type is not record, continue.
+                # We perform this check here because plugins that require output files/dirs
+                # will exit if we attempt to exec them without (because they are implied by the wildcard).
+                # Also this saves cycles of course.
+                if default_output_type == "record" and func_def.output_type != "record":
+                    continue
 
-            try:
-                output_type, result, cli_params_unparsed = execute_function_on_target(
-                    target, func_def, cli_params_unparsed
-                )
-            except UnsupportedPluginError as e:
-                target.log.error(
-                    "Unsupported plugin for %s: %s",
-                    func_def.name,
-                    e.root_cause_str(),
-                )
-
-                target.log.debug("%s", func_def, exc_info=e)
-                continue
-            except PluginNotFoundError:
-                target.log.error("Cannot find plugin `%s`", func_def)
-                continue
-            except FatalError as fatal:
-                fatal.emit_last_message(target.log.error)
-                parser.exit(1)
-            except Exception:
-                target.log.error("Exception while executing function `%s`", func_def, exc_info=True)
-                continue
+                if args.dry_run:
+                    print(f"  execute: {func_def.name} ({func_def.path})")
+                    continue
 
-            if first_seen_output_type and output_type != first_seen_output_type:
-                target.log.error(
-                    (
-                        "Can't mix functions that generate different outputs: output type `%s` from `%s` "
-                        "does not match first seen output `%s`."
-                    ),
-                    output_type,
-                    func_def,
-                    first_seen_output_type,
-                )
-                parser.exit()
-
-            if not first_seen_output_type:
-                first_seen_output_type = output_type
-
-            if output_type == "record":
-                record_entries.append(result)
-            elif output_type == "yield":
-                yield_entries.append(result)
-            elif output_type == "none":
-                target.log.info("No result for function `%s` (output type is set to 'none')", func_def)
+                try:
+                    output_type, result, cli_params_unparsed = execute_function_on_target(
+                        target, func_def, cli_params_unparsed
+                    )
+                except UnsupportedPluginError as e:
+                    target.log.error(
+                        "Unsupported plugin for %s: %s",
+                        func_def.name,
+                        e.root_cause_str(),
+                    )
+
+                    target.log.debug("%s", func_def, exc_info=e)
+                    continue
+                except PluginNotFoundError:
+                    target.log.error("Cannot find plugin `%s`", func_def)
+                    continue
+                except FatalError as fatal:
+                    fatal.emit_last_message(target.log.error)
+                    parser.exit(1)
+                except Exception:
+                    target.log.error("Exception while executing function `%s`", func_def, exc_info=True)
+                    continue
+
+                if first_seen_output_type and output_type != first_seen_output_type:
+                    target.log.error(
+                        (
+                            "Can't mix functions that generate different outputs: output type `%s` from `%s` "
+                            "does not match first seen output `%s`."
+                        ),
+                        output_type,
+                        func_def,
+                        first_seen_output_type,
+                    )
+                    parser.exit()
+
+                if not first_seen_output_type:
+                    first_seen_output_type = output_type
+
+                if output_type == "record":
+                    record_entries.append(result)
+                elif output_type == "yield":
+                    yield_entries.append(result)
+                elif output_type == "none":
+                    target.log.info("No result for function `%s` (output type is set to 'none')", func_def)
+                    continue
+                else:
+                    basic_entries.append(result)
+
+            # Write basic functions
+            if len(basic_entries) > 0:
+                basic_entries_delim = args.delimiter.join(map(str, basic_entries))
+                if not args.cmdb:
+                    print(f"{target} {basic_entries_delim}")
+                else:
+                    print(f"{target.path}{args.delimiter}{basic_entries_delim}")
+
+            # Write yield functions
+            for entry in yield_entries:
+                for e in entry:
+                    print(e)
+
+            # Write records
+            count = 0
+            break_out = False
+
+            modifier_type = None
+
+            if args.resolve:
+                modifier_type = record_modifier.Modifier.RESOLVE
+
+            if args.hash:
+                modifier_type = record_modifier.Modifier.HASH
+
+            modifier_func = record_modifier.get_modifier_function(modifier_type)
+
+            if not record_entries:
                 continue
-            else:
-                basic_entries.append(result)
-
-        # Write basic functions
-        if len(basic_entries) > 0:
-            basic_entries_delim = args.delimiter.join(map(str, basic_entries))
-            if not args.cmdb:
-                print(f"{target} {basic_entries_delim}")
-            else:
-                print(f"{target.path}{args.delimiter}{basic_entries_delim}")
-
-        # Write yield functions
-        for entry in yield_entries:
-            for e in entry:
-                print(e)
-
-        # Write records
-        count = 0
-        break_out = False
-        if len(record_entries):
+
             rs = record_output(args.strings, args.json)
             for entry in record_entries:
                 try:
                     for record_entries in entry:
-                        if args.hash:
-                            rs.write(hashutil.hash_path_records(target, record_entries))
-                        else:
-                            rs.write(record_entries)
+                        rs.write(modifier_func(target, record_entries))
                         count += 1
                         if args.limit is not None and count >= args.limit:
                             break_out = True
@@ -366,12 +392,15 @@ def main():
                     # Ignore errors if multiple functions
                     if len(funcs) > 1:
                         target.log.error(f"Exception occurred while processing output of {func}", exc_info=e)
-                        pass
                     else:
                         raise e
 
                 if break_out:
                     break
+    except TargetError as e:
+        log.error(e)
+        log.debug("", exc_info=e)
+        parser.exit(1)
 
     timestamp = datetime.utcnow()
 

dissect/target/tools/reg.py

@@ -6,7 +6,7 @@ import argparse
 import logging
 
 from dissect.target import Target
-from dissect.target.exceptions import RegistryError
+from dissect.target.exceptions import RegistryError, TargetError
 from dissect.target.tools.utils import (
     catch_sigpipe,
     configure_generic_arguments,
@@ -36,23 +36,28 @@ def main():
 
     process_generic_arguments(args)
 
-    for target in Target.open_all(args.targets):
-        try:
-            if args.value:
-                for key in target.registry.keys(args.key):
+    try:
+        for target in Target.open_all(args.targets):
+            try:
+                if args.value:
+                    for key in target.registry.keys(args.key):
+                        try:
+                            print(key.value(args.value))
+                        except RegistryError:
+                            continue
+                else:
                     try:
-                        print(key.value(args.value))
+                        print(target)
+                        for key in target.registry.keys(args.key):
+                            recursor(key, args.depth, 0)
                     except RegistryError:
-                        continue
-            else:
-                try:
-                    print(target)
-                    for key in target.registry.keys(args.key):
-                        recursor(key, args.depth, 0)
-                except RegistryError:
-                    log.exception("Failed to find registry value")
-        except Exception:
-            log.exception("Failed to iterate key")
+                        log.exception("Failed to find registry value")
+            except Exception:
+                log.exception("Failed to iterate key")
+    except TargetError as e:
+        log.error(e)
+        log.debug("", exc_info=e)
+        parser.exit(1)
 
 
 def recursor(key, depth, indent):

dissect/target/tools/shell.py

@@ -1,5 +1,6 @@
 import argparse
 import cmd
+import contextlib
 import datetime
 import fnmatch
 import io
@@ -28,9 +29,10 @@ from dissect.target.exceptions import (
     RegistryError,
     RegistryKeyNotFoundError,
     RegistryValueNotFoundError,
+    TargetError,
 )
 from dissect.target.filesystem import FilesystemEntry, RootFilesystemEntry
-from dissect.target.helpers import fsutil, regutil
+from dissect.target.helpers import cyber, fsutil, regutil
 from dissect.target.plugin import arg
 from dissect.target.target import Target
 from dissect.target.tools.info import print_target_info
@@ -164,7 +166,9 @@ class TargetCmd(cmd.Cmd):
         """
         pass
 
-    def _exec(self, func: Callable[[list[str], TextIO], bool], command_args_str: str) -> Optional[bool]:
+    def _exec(
+        self, func: Callable[[list[str], TextIO], bool], command_args_str: str, no_cyber: bool = False
+    ) -> Optional[bool]:
         """Command execution helper that chains initial command and piped subprocesses (if any) together."""
 
         argparts = []
@@ -185,7 +189,12 @@ class TargetCmd(cmd.Cmd):
                     # in case of a failure in a subprocess
                     print(e)
             else:
-                return func(argparts, sys.stdout)
+                ctx = contextlib.nullcontext()
+                if self.target.props.get("cyber") and not no_cyber:
+                    ctx = cyber.cyber(color=None, run_at_end=True)
+
+                with ctx:
+                    return func(argparts, sys.stdout)
         except IOError:
             pass
 
@@ -201,7 +210,9 @@ class TargetCmd(cmd.Cmd):
                 return
             return cmdfunc(args, stdout)
 
-        return self._exec(_exec_, command_args_str)
+        # These commands enter a subshell, which doesn't work well with cyber
+        no_cyber = cmdfunc.__func__ in (TargetCli.cmd_registry, TargetCli.cmd_enter)
+        return self._exec(_exec_, command_args_str, no_cyber)
 
     def _exec_target(self, func: str, command_args_str: str) -> Optional[bool]:
         """Command exection helper for target plugins."""
@@ -254,6 +265,15 @@ class TargetCmd(cmd.Cmd):
         """clear the terminal screen"""
         os.system("cls||clear")
 
+    def do_cyber(self, line: str) -> Optional[bool]:
+        """cyber"""
+        self.target.props["cyber"] = not bool(self.target.props.get("cyber"))
+        word, color = {False: ("D I S E N", cyber.Color.RED), True: ("E N", cyber.Color.YELLOW)}[
+            self.target.props["cyber"]
+        ]
+        with cyber.cyber(color=color):
+            print(f"C Y B E R - M O D E - {word} G A G E D")
+
     def do_exit(self, line: str) -> Optional[bool]:
         """exit shell"""
         return True
@@ -491,7 +511,7 @@ class TargetCli(TargetCmd):
     @arg("-l", action="store_true")
     @arg("-a", "--all", action="store_true")  # ignored but included for proper argument parsing
     @arg("-h", "--human-readable", action="store_true")
-    def cmd_ls(self, args: argparse.Namespace, stdout) -> Optional[bool]:
+    def cmd_ls(self, args: argparse.Namespace, stdout: TextIO) -> Optional[bool]:
         """list directory contents"""
 
         path = self.resolve_path(args.path)
@@ -1214,7 +1234,11 @@ def main() -> None:
     if args.quiet:
         logging.getLogger("dissect").setLevel(level=logging.ERROR)
 
-    open_shell(args.targets, args.python, args.registry)
+    try:
+        open_shell(args.targets, args.python, args.registry)
+    except TargetError as e:
+        log.error(e)
+        log.debug("", exc_info=e)
 
 
 if __name__ == "__main__":

dissect/target/tools/utils.py

@@ -4,6 +4,8 @@ import inspect
 import json
 import os
 import sys
+import textwrap
+import urllib
 from datetime import datetime
 from functools import wraps
 from pathlib import Path
@@ -12,7 +14,9 @@ from typing import Any, Callable, Dict, Iterator, List, Optional, Tuple, Type, U
 from dissect.target import Target
 from dissect.target.exceptions import UnsupportedPluginError
 from dissect.target.helpers import docs, keychain
+from dissect.target.helpers.docs import get_docstring
 from dissect.target.helpers.targetd import CommandProxy
+from dissect.target.loader import LOADERS_BY_SCHEME
 from dissect.target.plugin import (
     OSPlugin,
     Plugin,
@@ -261,3 +265,27 @@ def catch_sigpipe(func: Callable) -> Callable:
             raise
 
     return wrapper
+
+
+def args_to_uri(targets: list[str], loader_name: str, rest: list[str]) -> list[str]:
+    """Converts argument-style ``-L`` to URI-style.
+
+    Turns:
+        ``target-query /evtxs/* -L log --log-hint="evtx" -f evtx``
+    into:
+        ``target-query "log:///evtxs/*?hint=evtx" -f evtx``
+
+    For loaders providing ``@arg()`` arguments.
+    """
+    loader = LOADERS_BY_SCHEME.get(loader_name, None)
+
+    parser = argparse.ArgumentParser(
+        argument_default=argparse.SUPPRESS, description="\n".join(textwrap.wrap(get_docstring(loader)))
+    )
+    for load_arg in getattr(loader, "__args__", []):
+        parser.add_argument(*load_arg[0], **load_arg[1])
+    args = vars(parser.parse_known_args(rest)[0])
+    uris = []
+    for target in targets:
+        uris.append(f"{loader_name}://{target}" + (("?" + urllib.parse.urlencode(args)) if args else ""))
+    return uris

dissect/target/volumes/bde.py

@@ -52,23 +52,26 @@ class BitlockerVolumeSystem(EncryptedVolumeSystem):
             **volume_details,
         )
 
-    def unlock_with_passphrase(self, passphrase: str) -> None:
+    def unlock_with_passphrase(self, passphrase: str, is_wildcard: bool = False) -> None:
         try:
             self.bde.unlock_with_passphrase(passphrase)
             log.debug("Unlocked BDE volume with provided passphrase")
         except ValueError:
-            log.exception("Failed to unlock BDE volume with provided passphrase")
+            if not is_wildcard:
+                log.exception("Failed to unlock BDE volume with provided passphrase")
 
-    def unlock_with_recovery_key(self, recovery_key: str) -> None:
+    def unlock_with_recovery_key(self, recovery_key: str, is_wildcard: bool = False) -> None:
         try:
             self.bde.unlock_with_recovery_password(recovery_key)
             log.debug("Unlocked BDE volume with recovery key")
         except ValueError:
-            log.exception("Failed to unlock BDE volume with recovery password")
+            if not is_wildcard:
+                log.exception("Failed to unlock BDE volume with recovery password")
 
-    def unlock_with_bek_file(self, bek_file: pathlib.Path) -> None:
+    def unlock_with_bek_file(self, bek_file: pathlib.Path, is_wildcard: bool = False) -> None:
         if not bek_file.exists():
-            log.error("Provided BEK file does not exist: %s", bek_file)
+            if not is_wildcard:
+                log.error("Provided BEK file does not exist: %s", bek_file)
             return
 
         with bek_file.open(mode="rb") as fh:
@@ -76,7 +79,8 @@ class BitlockerVolumeSystem(EncryptedVolumeSystem):
                 self.bde.unlock_with_bek(fh)
                 log.debug("Unlocked BDE volume with BEK file %s", bek_file)
             except ValueError:
-                log.exception("Failed to unlock BDE volume with BEK file %s", bek_file)
+                if not is_wildcard:
+                    log.exception("Failed to unlock BDE volume with BEK file %s", bek_file)
 
     def unlock_volume(self) -> AlignedStream:
         if self.bde.has_clear_key():
@@ -87,12 +91,12 @@ class BitlockerVolumeSystem(EncryptedVolumeSystem):
 
             for key in keys:
                 if key.key_type == KeyType.PASSPHRASE and self.bde.has_passphrase():
-                    self.unlock_with_passphrase(key.value)
+                    self.unlock_with_passphrase(key.value, key.is_wildcard)
                 elif key.key_type == KeyType.RECOVERY_KEY and self.bde.has_recovery_password():
-                    self.unlock_with_recovery_key(key.value)
+                    self.unlock_with_recovery_key(key.value, key.is_wildcard)
                 elif key.key_type == KeyType.FILE:
                     bek_file = pathlib.Path(key.value)
-                    self.unlock_with_bek_file(bek_file)
+                    self.unlock_with_bek_file(bek_file, key.is_wildcard)
 
                 if self.bde.unlocked:
                     log.info("Volume %s with identifiers %s unlocked with %s", self.fh, identifiers, key)