dissect.target 3.15.dev33__tar.gz → 3.15.dev38__tar.gz
Sign up to get free protection for your applications and to get access to all the features.
- {dissect.target-3.15.dev33/dissect.target.egg-info → dissect.target-3.15.dev38}/PKG-INFO +1 -1
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/linux/fortios/_os.py +180 -28
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/linux/fortios/generic.py +5 -3
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/linux/fortios/locale.py +14 -6
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/tasks.py +148 -2
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38/dissect.target.egg-info}/PKG-INFO +1 -1
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect.target.egg-info/SOURCES.txt +1 -0
- dissect.target-3.15.dev38/tests/plugins/os/windows/log/test_schedlgu.py +35 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/COPYRIGHT +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/LICENSE +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/MANIFEST.in +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/README.md +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/container.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/containers/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/containers/asdf.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/containers/ewf.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/containers/hdd.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/containers/hds.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/containers/qcow2.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/containers/raw.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/containers/split.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/containers/vdi.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/containers/vhd.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/containers/vhdx.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/containers/vmdk.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/data/autocompletion/target_bash_completion.sh +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/exceptions.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/filesystem.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/filesystems/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/filesystems/ad1.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/filesystems/btrfs.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/filesystems/cb.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/filesystems/config.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/filesystems/dir.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/filesystems/exfat.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/filesystems/extfs.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/filesystems/fat.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/filesystems/ffs.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/filesystems/itunes.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/filesystems/jffs.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/filesystems/ntfs.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/filesystems/smb.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/filesystems/squashfs.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/filesystems/tar.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/filesystems/vmfs.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/filesystems/xfs.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/filesystems/zip.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/helpers/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/helpers/cache.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/helpers/compat/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/helpers/compat/path_310.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/helpers/compat/path_311.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/helpers/compat/path_312.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/helpers/compat/path_39.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/helpers/compat/path_common.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/helpers/config.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/helpers/configutil.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/helpers/cyber.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/helpers/data/windowsZones.xml +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/helpers/descriptor_extensions.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/helpers/docs.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/helpers/fsutil.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/helpers/hashutil.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/helpers/keychain.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/helpers/lazy.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/helpers/loaderutil.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/helpers/localeutil.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/helpers/mount.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/helpers/network_managers.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/helpers/polypath.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/helpers/record.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/helpers/record_modifier.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/helpers/regutil.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/helpers/shell_folder_ids.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/helpers/ssh.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/helpers/targetd.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/helpers/utils.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/loader.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/loaders/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/loaders/ad1.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/loaders/asdf.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/loaders/cb.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/loaders/cyber.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/loaders/dir.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/loaders/hyperv.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/loaders/itunes.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/loaders/kape.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/loaders/local.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/loaders/log.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/loaders/multiraw.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/loaders/ova.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/loaders/ovf.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/loaders/phobos.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/loaders/profile.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/loaders/pvm.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/loaders/pvs.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/loaders/raw.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/loaders/remote.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/loaders/res.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/loaders/smb.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/loaders/tanium.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/loaders/tar.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/loaders/target.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/loaders/targetd.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/loaders/utm.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/loaders/vb.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/loaders/vbox.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/loaders/velociraptor.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/loaders/vma.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/loaders/vmwarevm.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/loaders/vmx.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/loaders/xva.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugin.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/apps/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/apps/av/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/apps/av/mcafee.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/apps/av/sophos.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/apps/av/symantec.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/apps/av/trendmicro.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/apps/browser/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/apps/browser/browser.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/apps/browser/chrome.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/apps/browser/chromium.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/apps/browser/edge.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/apps/browser/firefox.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/apps/browser/iexplore.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/apps/container/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/apps/container/docker.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/apps/remoteaccess/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/apps/remoteaccess/anydesk.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/apps/remoteaccess/remoteaccess.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/apps/remoteaccess/teamviewer.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/apps/shell/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/apps/shell/powershell.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/apps/ssh/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/apps/ssh/openssh.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/apps/ssh/opensshd.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/apps/ssh/putty.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/apps/ssh/ssh.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/apps/vpn/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/apps/vpn/openvpn.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/apps/vpn/wireguard.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/apps/webhosting/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/apps/webhosting/cpanel.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/apps/webserver/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/apps/webserver/apache.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/apps/webserver/caddy.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/apps/webserver/citrix.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/apps/webserver/iis.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/apps/webserver/nginx.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/apps/webserver/webserver.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/child/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/child/esxi.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/child/hyperv.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/child/virtuozzo.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/child/vmware_workstation.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/child/wsl.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/filesystem/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/filesystem/acquire_handles.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/filesystem/acquire_hash.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/filesystem/icat.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/filesystem/ntfs/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/filesystem/ntfs/mft.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/filesystem/ntfs/mft_timeline.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/filesystem/ntfs/usnjrnl.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/filesystem/ntfs/utils.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/filesystem/resolver.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/filesystem/unix/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/filesystem/unix/capability.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/filesystem/unix/suid.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/filesystem/walkfs.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/filesystem/yara.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/general/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/general/config.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/general/default.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/general/example.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/general/loaders.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/general/osinfo.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/general/plugins.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/general/scrape.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/general/users.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/_os.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/bsd/_os.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/bsd/citrix/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/bsd/citrix/_os.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/bsd/citrix/history.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/bsd/freebsd/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/bsd/freebsd/_os.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/bsd/ios/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/bsd/ios/_os.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/bsd/openbsd/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/bsd/openbsd/_os.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/bsd/osx/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/bsd/osx/_os.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/bsd/osx/user.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/cronjobs.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/datetime.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/esxi/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/esxi/_os.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/etc.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/generic.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/history.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/linux/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/linux/_os.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/linux/android/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/linux/android/_os.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/linux/cmdline.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/linux/debian/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/linux/debian/_os.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/linux/debian/apt.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/linux/debian/dpkg.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/linux/debian/vyos/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/linux/debian/vyos/_os.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/linux/environ.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/linux/fortios/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/linux/iptables.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/linux/modules.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/linux/netstat.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/linux/proc.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/linux/processes.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/linux/redhat/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/linux/redhat/_os.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/linux/redhat/yum.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/linux/services.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/linux/sockets.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/linux/suse/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/linux/suse/_os.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/linux/suse/zypper.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/locale.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/log/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/log/atop.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/log/audit.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/log/auth.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/log/journal.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/log/lastlog.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/log/messages.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/log/utmp.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/packagemanager.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/unix/shadow.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/_os.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/activitiescache.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/adpolicy.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/amcache.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/catroot.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/cim.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/clfs.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/datetime.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/defender.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/dpapi/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/dpapi/blob.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/dpapi/crypto.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/dpapi/dpapi.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/dpapi/master_key.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/env.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/exchange/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/exchange/exchange.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/generic.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/lnk.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/locale.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/log/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/log/amcache.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/log/etl.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/log/evt.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/log/evtx.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/log/pfro.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/notifications.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/prefetch.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/recyclebin.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/regf/7zip.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/regf/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/regf/appxdebugkeys.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/regf/auditpol.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/regf/bam.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/regf/cit.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/regf/clsid.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/regf/firewall.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/regf/mru.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/regf/muicache.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/regf/nethist.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/regf/recentfilecache.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/regf/regf.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/regf/runkeys.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/regf/shellbags.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/regf/shimcache.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/regf/trusteddocs.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/regf/usb.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/regf/userassist.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/registry.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/sam.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/services.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/sru.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/startupinfo.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/syscache.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/task_helpers/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/task_helpers/tasks_job.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/task_helpers/tasks_records.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/task_helpers/tasks_xml.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/thumbcache.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/ual.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/wer.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/report.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/target.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/tools/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/tools/build_pluginlist.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/tools/dd.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/tools/dump/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/tools/dump/run.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/tools/dump/state.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/tools/dump/utils.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/tools/fs.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/tools/info.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/tools/logging.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/tools/mount.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/tools/query.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/tools/reg.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/tools/shell.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/tools/utils.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/volume.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/volumes/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/volumes/bde.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/volumes/ddf.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/volumes/disk.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/volumes/luks.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/volumes/lvm.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/volumes/md.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/volumes/vmfs.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect.target.egg-info/dependency_links.txt +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect.target.egg-info/entry_points.txt +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect.target.egg-info/requires.txt +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect.target.egg-info/top_level.txt +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/pyproject.toml +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/setup.cfg +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/_docs/Makefile +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/_docs/conf.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/_docs/index.rst +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/_utils.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/conftest.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/containers/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/containers/test_split.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/filesystems/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/filesystems/test_cb.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/filesystems/test_config.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/filesystems/test_dir.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/filesystems/test_exfat.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/filesystems/test_fat.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/filesystems/test_ntfs.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/filesystems/test_smb.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/filesystems/test_tar.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/filesystems/test_zip.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/helpers/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/helpers/test_cache.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/helpers/test_config.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/helpers/test_configutil.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/helpers/test_docs.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/helpers/test_fsutil.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/helpers/test_hashutil.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/helpers/test_keychain.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/helpers/test_loaderutil.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/helpers/test_localeutil.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/helpers/test_modifier.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/helpers/test_record.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/helpers/test_regutil.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/helpers/test_utils.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/loaders/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/loaders/test_asdf.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/loaders/test_cb.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/loaders/test_dir.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/loaders/test_hyperv.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/loaders/test_kape.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/loaders/test_local.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/loaders/test_log.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/loaders/test_multiraw.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/loaders/test_ova.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/loaders/test_ovf.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/loaders/test_phobos.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/loaders/test_pvm.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/loaders/test_pvs.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/loaders/test_remote.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/loaders/test_smb.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/loaders/test_tanium.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/loaders/test_tar.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/loaders/test_utm.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/loaders/test_vbox.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/loaders/test_velociraptor.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/loaders/test_vmwarevm.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/apps/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/apps/av/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/apps/av/test_mcafee.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/apps/av/test_sophos.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/apps/av/test_symantec.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/apps/av/test_trendmicro.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/apps/browser/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/apps/browser/test_browser.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/apps/container/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/apps/container/test_docker.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/apps/remoteaccess/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/apps/remoteaccess/test_anydesk.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/apps/remoteaccess/test_teamviewer.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/apps/shell/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/apps/shell/test_powershell.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/apps/ssh/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/apps/ssh/test_openssh.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/apps/ssh/test_opensshd.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/apps/ssh/test_putty.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/apps/vpn/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/apps/vpn/test_openvpn.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/apps/vpn/test_wireguard.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/apps/webhosting/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/apps/webhosting/test_cpanel.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/apps/webserver/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/apps/webserver/test_apache.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/apps/webserver/test_caddy.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/apps/webserver/test_citrix.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/apps/webserver/test_iis.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/apps/webserver/test_nginx.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/apps/webserver/test_webserver.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/child/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/child/test_hyperv.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/child/test_virtuozzo.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/child/test_wsl.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/filesystem/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/filesystem/ntfs/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/filesystem/ntfs/test_mft.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/filesystem/ntfs/test_usnjrnl.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/filesystem/test_acquire_handles.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/filesystem/test_acquire_hash.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/filesystem/test_icat.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/filesystem/test_resolver.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/filesystem/test_walkfs.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/filesystem/test_yara.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/filesystem/unix/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/filesystem/unix/test_capability.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/filesystem/unix/test_suid.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/general/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/general/test_config.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/general/test_default.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/general/test_plugins.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/general/test_scrape.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/general/test_users.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/unix/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/unix/bsd/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/unix/bsd/citrix/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/unix/bsd/citrix/test__os.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/unix/bsd/citrix/test_history.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/unix/bsd/osx/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/unix/bsd/osx/test__os.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/unix/bsd/osx/test_user.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/unix/linux/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/unix/linux/android/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/unix/linux/android/test__os.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/unix/linux/debian/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/unix/linux/debian/test_apt.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/unix/linux/debian/test_dpkg.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/unix/linux/redhat/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/unix/linux/redhat/test_yum.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/unix/linux/suse/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/unix/linux/suse/test_zypper.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/unix/linux/test_cmdline.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/unix/linux/test_environ.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/unix/linux/test_iptables.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/unix/linux/test_modules.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/unix/linux/test_netstat.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/unix/linux/test_proc.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/unix/linux/test_processes.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/unix/linux/test_services.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/unix/linux/test_sockets.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/unix/log/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/unix/log/test_atop.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/unix/log/test_audit.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/unix/log/test_auth.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/unix/log/test_lastlog.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/unix/log/test_messages.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/unix/log/test_utmp.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/unix/test__os.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/unix/test_generic.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/unix/test_history.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/unix/test_ips.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/unix/test_journal.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/unix/test_locale.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/unix/test_packagemanager.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/unix/test_shadow.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/unix/test_users.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/unix/test_version.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/windows/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/windows/log/test_etl.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/windows/log/test_evt.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/windows/log/test_evtx.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/windows/regf/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/windows/regf/test_appxdebugkeys.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/windows/regf/test_cit.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/windows/regf/test_clsid.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/windows/regf/test_muicache.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/windows/regf/test_trusteddocs.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/windows/regf/test_userassist.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/windows/test__os.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/windows/test_adpolicy.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/windows/test_amcache.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/windows/test_clfs.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/windows/test_datetime.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/windows/test_defender.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/windows/test_dpapi.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/windows/test_env.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/windows/test_generic.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/windows/test_lnk.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/windows/test_locale.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/windows/test_mru.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/windows/test_notifications.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/windows/test_prefetch.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/windows/test_recyclebin.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/windows/test_registry.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/windows/test_sam.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/windows/test_shimcache.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/windows/test_sru.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/windows/test_syscache.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/windows/test_tasks.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/windows/test_thumbcache.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/windows/test_ual.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/plugins/os/windows/test_wer.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/test_container.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/test_filesystem.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/test_plugin.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/test_registration.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/test_report.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/test_target.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/test_volume.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/tools/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/tools/test_dump.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/tools/test_fs.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/tools/test_mount.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/tools/test_query.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/tools/test_shell.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/tools/test_utils.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/volumes/__init__.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/volumes/test_bde.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tests/volumes/test_md.py +0 -0
- {dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/tox.ini +0 -0
@@ -1,6 +1,6 @@
|
|
1
1
|
Metadata-Version: 2.1
|
2
2
|
Name: dissect.target
|
3
|
-
Version: 3.15.
|
3
|
+
Version: 3.15.dev38
|
4
4
|
Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
|
5
5
|
Author-email: Dissect Team <dissect@fox-it.com>
|
6
6
|
License: Affero General Public License v3
|
@@ -1,12 +1,13 @@
|
|
1
1
|
from __future__ import annotations
|
2
2
|
|
3
3
|
import gzip
|
4
|
+
import hashlib
|
4
5
|
from base64 import b64decode
|
5
6
|
from datetime import datetime
|
7
|
+
from io import BytesIO
|
6
8
|
from tarfile import ReadError
|
7
|
-
from typing import Iterator, Optional, TextIO, Union
|
9
|
+
from typing import BinaryIO, Iterator, Optional, TextIO, Union
|
8
10
|
|
9
|
-
from Crypto.Cipher import AES
|
10
11
|
from dissect.util import cpio
|
11
12
|
from dissect.util.compression import xz
|
12
13
|
|
@@ -18,6 +19,13 @@ from dissect.target.plugin import OperatingSystem, export
|
|
18
19
|
from dissect.target.plugins.os.unix.linux._os import LinuxPlugin
|
19
20
|
from dissect.target.target import Target
|
20
21
|
|
22
|
+
try:
|
23
|
+
from Crypto.Cipher import AES, ChaCha20
|
24
|
+
|
25
|
+
HAS_PYCRYPTODOME = True
|
26
|
+
except ImportError:
|
27
|
+
HAS_PYCRYPTODOME = False
|
28
|
+
|
21
29
|
FortiOSUserRecord = TargetRecordDescriptor(
|
22
30
|
"fortios/user",
|
23
31
|
[
|
@@ -39,7 +47,7 @@ class FortiOSPlugin(LinuxPlugin):
|
|
39
47
|
|
40
48
|
def _load_config(self) -> dict:
|
41
49
|
CONFIG_FILES = {
|
42
|
-
"/data/system.conf":
|
50
|
+
"/data/system.conf": "global-config", # FortiManager
|
43
51
|
"/data/config/daemon.conf.gz": "daemon", # FortiOS 4.x
|
44
52
|
"/data/config/sys_global.conf.gz": "global-config", # Seen in FortiOS 5.x - 7.x
|
45
53
|
"/data/config/sys_vd_root.conf.gz": "root-config", # FortiOS 4.x
|
@@ -55,7 +63,7 @@ class FortiOSPlugin(LinuxPlugin):
|
|
55
63
|
else:
|
56
64
|
fh = conf_path.open("rt")
|
57
65
|
|
58
|
-
if not self._version and section in [
|
66
|
+
if not self._version and section in ["global-config", "root-config"]:
|
59
67
|
self._version = fh.readline().split("=", 1)[1]
|
60
68
|
|
61
69
|
parsed = FortiOSConfig.from_fh(fh)
|
@@ -72,20 +80,31 @@ class FortiOSPlugin(LinuxPlugin):
|
|
72
80
|
|
73
81
|
@classmethod
|
74
82
|
def create(cls, target: Target, sysvol: Filesystem) -> FortiOSPlugin:
|
83
|
+
target.log.warning("Attempting to load rootfs.gz, this can take a while.")
|
75
84
|
rootfs = sysvol.path("/rootfs.gz")
|
85
|
+
vfs = None
|
76
86
|
|
77
87
|
try:
|
78
|
-
|
79
|
-
rfs_fh = open_decompress(rootfs)
|
80
|
-
if rfs_fh.read(4) == b"07" * 2:
|
88
|
+
if open_decompress(rootfs).read(4) == b"0707":
|
81
89
|
vfs = TarFilesystem(rootfs.open(), tarinfo=cpio.CpioInfo)
|
82
90
|
else:
|
83
91
|
vfs = TarFilesystem(rootfs.open())
|
92
|
+
except ReadError:
|
93
|
+
# The rootfs.gz file could be encrypted.
|
94
|
+
try:
|
95
|
+
rfs_fh = decrypt_rootfs(rootfs.open(), get_kernel_hash(sysvol))
|
96
|
+
vfs = TarFilesystem(rfs_fh, tarinfo=cpio.CpioInfo)
|
97
|
+
except RuntimeError:
|
98
|
+
target.log.warning("Could not decrypt rootfs.gz. Missing `pycryptodome` dependency.")
|
99
|
+
except ValueError as e:
|
100
|
+
target.log.warning("Could not decrypt rootfs.gz. Unsupported kernel version.")
|
101
|
+
target.log.debug("", exc_info=e)
|
102
|
+
except ReadError as e:
|
103
|
+
target.log.warning("Could not mount rootfs.gz. It could be corrupt.")
|
104
|
+
target.log.debug("", exc_info=e)
|
105
|
+
|
106
|
+
if vfs:
|
84
107
|
target.fs.mount("/", vfs)
|
85
|
-
except ReadError as e:
|
86
|
-
# Since FortiOS version ~7.4.1 the rootfs.gz file is encrypted.
|
87
|
-
target.log.warning("Could not mount FortiOS `/rootfs.gz`. It could be encrypted or corrupt.")
|
88
|
-
target.log.debug("", exc_info=e)
|
89
108
|
|
90
109
|
target.fs.mount("/data", sysvol)
|
91
110
|
|
@@ -93,13 +112,21 @@ class FortiOSPlugin(LinuxPlugin):
|
|
93
112
|
if (datafs_tar := sysvol.path("/datafs.tar.gz")).exists():
|
94
113
|
target.fs.add_layer().mount("/data", TarFilesystem(datafs_tar.open("rb")))
|
95
114
|
|
96
|
-
# Additional FortiGate tars with corrupt XZ streams
|
97
|
-
|
98
|
-
|
115
|
+
# Additional FortiGate or FortiManager tars with corrupt XZ streams
|
116
|
+
target.log.warning("Attempting to load XZ files, this can take a while.")
|
117
|
+
for path in (
|
118
|
+
"bin.tar.xz",
|
119
|
+
"usr.tar.xz",
|
120
|
+
"migadmin.tar.xz",
|
121
|
+
"node-scripts.tar.xz",
|
122
|
+
"docker.tar.xz",
|
123
|
+
"syntax.tar.xz",
|
124
|
+
):
|
125
|
+
if (tar := target.fs.path(path)).exists() or (tar := sysvol.path(path)).exists():
|
99
126
|
fh = xz.repair_checksum(tar.open("rb"))
|
100
127
|
target.fs.add_layer().mount("/", TarFilesystem(fh))
|
101
128
|
|
102
|
-
# FortiAnalyzer
|
129
|
+
# FortiAnalyzer and FortiManager
|
103
130
|
if (rootfs_ext_tar := sysvol.path("rootfs-ext.tar.xz")).exists():
|
104
131
|
target.fs.add_layer().mount("/", TarFilesystem(rootfs_ext_tar.open("rb")))
|
105
132
|
|
@@ -117,9 +144,18 @@ class FortiOSPlugin(LinuxPlugin):
|
|
117
144
|
target.fs.mount("/boot", fs)
|
118
145
|
|
119
146
|
# data2 partition
|
120
|
-
if fs.__type__ == "ext" and
|
147
|
+
if fs.__type__ == "ext" and (
|
148
|
+
(fs.path("/new_alert_msg").exists() and fs.path("/template").exists()) # FortiGate
|
149
|
+
or (fs.path("/swapfile").exists() and fs.path("/old_fmversion").exists()) # FortiManager
|
150
|
+
):
|
121
151
|
target.fs.mount("/data2", fs)
|
122
152
|
|
153
|
+
# Symlink unix-like paths
|
154
|
+
unix_paths = [("/data/passwd", "/etc/passwd")]
|
155
|
+
for src, dst in unix_paths:
|
156
|
+
if target.fs.path(src).exists() and not target.fs.path(dst).exists():
|
157
|
+
target.fs.symlink(src, dst)
|
158
|
+
|
123
159
|
return cls(target)
|
124
160
|
|
125
161
|
@export(property=True)
|
@@ -158,8 +194,11 @@ class FortiOSPlugin(LinuxPlugin):
|
|
158
194
|
def dns(self) -> list[str]:
|
159
195
|
"""Return configured WAN DNS servers."""
|
160
196
|
entries = []
|
161
|
-
|
162
|
-
|
197
|
+
try:
|
198
|
+
for entry in self._config["global-config"]["system"]["dns"].values():
|
199
|
+
entries.append(entry[0])
|
200
|
+
except KeyError:
|
201
|
+
pass
|
163
202
|
return entries
|
164
203
|
|
165
204
|
@export(property=True)
|
@@ -176,7 +215,7 @@ class FortiOSPlugin(LinuxPlugin):
|
|
176
215
|
# Possible unix-like users
|
177
216
|
yield from super().users()
|
178
217
|
|
179
|
-
#
|
218
|
+
# FortiGate administrative users
|
180
219
|
try:
|
181
220
|
for username, entry in self._config["global-config"]["system"]["admin"].items():
|
182
221
|
yield FortiOSUserRecord(
|
@@ -190,13 +229,27 @@ class FortiOSPlugin(LinuxPlugin):
|
|
190
229
|
self.target.log.warning("Exception while parsing FortiOS admin users")
|
191
230
|
self.target.log.debug("", exc_info=e)
|
192
231
|
|
232
|
+
# FortiManager administrative users
|
233
|
+
try:
|
234
|
+
for username, entry in self._config["global-config"]["system"]["admin"]["user"].items():
|
235
|
+
yield FortiOSUserRecord(
|
236
|
+
name=username,
|
237
|
+
password=":".join(entry.get("password", [])),
|
238
|
+
groups=[entry["profileid"][0]],
|
239
|
+
home="/root",
|
240
|
+
_target=self.target,
|
241
|
+
)
|
242
|
+
except KeyError as e:
|
243
|
+
self.target.log.warning("Exception while parsing FortiManager admin users")
|
244
|
+
self.target.log.debug("", exc_info=e)
|
245
|
+
|
193
246
|
# Local users
|
194
247
|
try:
|
195
248
|
local_groups = local_groups_to_users(self._config["root-config"]["user"]["group"])
|
196
249
|
for username, entry in self._config["root-config"]["user"].get("local", {}).items():
|
197
250
|
try:
|
198
251
|
password = decrypt_password(entry["passwd"][-1])
|
199
|
-
except ValueError:
|
252
|
+
except (ValueError, RuntimeError):
|
200
253
|
password = ":".join(entry.get("passwd", []))
|
201
254
|
|
202
255
|
yield FortiOSUserRecord(
|
@@ -215,7 +268,7 @@ class FortiOSPlugin(LinuxPlugin):
|
|
215
268
|
for _, entry in self._config["root-config"]["user"]["group"].get("guestgroup", {}).get("guest", {}).items():
|
216
269
|
try:
|
217
270
|
password = decrypt_password(entry.get("password")[-1])
|
218
|
-
except ValueError:
|
271
|
+
except (ValueError, RuntimeError):
|
219
272
|
password = ":".join(entry.get("password"))
|
220
273
|
|
221
274
|
yield FortiOSUserRecord(
|
@@ -236,7 +289,10 @@ class FortiOSPlugin(LinuxPlugin):
|
|
236
289
|
@export(property=True)
|
237
290
|
def architecture(self) -> Optional[str]:
|
238
291
|
"""Return architecture FortiOS runs on."""
|
239
|
-
|
292
|
+
paths = ["/lib/libav.so", "/bin/ctr"]
|
293
|
+
for path in paths:
|
294
|
+
if self.target.fs.path(path).exists():
|
295
|
+
return self._get_architecture(path=path)
|
240
296
|
|
241
297
|
|
242
298
|
class ConfigNode(dict):
|
@@ -344,7 +400,7 @@ def parse_version(input: str) -> str:
|
|
344
400
|
}
|
345
401
|
|
346
402
|
try:
|
347
|
-
version_str = input.split(":", 1)[0]
|
403
|
+
version_str = input.split(":", 1)[0].strip()
|
348
404
|
type, version, _, build_num, build_date = version_str.rsplit("-", 4)
|
349
405
|
|
350
406
|
build_num = build_num.replace("build", "build ", 1)
|
@@ -368,15 +424,111 @@ def local_groups_to_users(config_groups: dict) -> dict:
|
|
368
424
|
return user_groups
|
369
425
|
|
370
426
|
|
371
|
-
def decrypt_password(
|
372
|
-
"""Decrypt FortiOS
|
427
|
+
def decrypt_password(input: str) -> str:
|
428
|
+
"""Decrypt FortiOS encrypted secrets.
|
429
|
+
|
430
|
+
Works for FortiGate 5.x, 6.x and 7.x (CVE-2019-6693).
|
431
|
+
|
432
|
+
NOTE:
|
433
|
+
- FortiManager uses a 16-byte IV and is not supported (CVE-2020-9289).
|
434
|
+
- FortiGate 4.x uses DES and a static 8-byte key and is not supported.
|
435
|
+
|
436
|
+
Returns decoded plaintext or original input ciphertext when decryption failed.
|
437
|
+
|
438
|
+
Resources:
|
439
|
+
- https://www.fortiguard.com/psirt/FG-IR-19-007
|
440
|
+
"""
|
441
|
+
|
442
|
+
if not HAS_PYCRYPTODOME:
|
443
|
+
raise RuntimeError("PyCryptodome module not available")
|
373
444
|
|
374
|
-
if
|
445
|
+
if input[:3] in ["SH2", "AK1"]:
|
375
446
|
raise ValueError("Password is a hash (SHA-256 or SHA-1) and cannot be decrypted.")
|
376
447
|
|
377
|
-
ciphertext = b64decode(
|
448
|
+
ciphertext = b64decode(input)
|
378
449
|
iv = ciphertext[:4] + b"\x00" * 12
|
379
450
|
key = b"Mary had a littl"
|
380
451
|
cipher = AES.new(key, iv=iv, mode=AES.MODE_CBC)
|
381
452
|
plaintext = cipher.decrypt(ciphertext[4:])
|
382
|
-
|
453
|
+
|
454
|
+
try:
|
455
|
+
return plaintext.split(b"\x00", 1)[0].decode()
|
456
|
+
except UnicodeDecodeError:
|
457
|
+
return "ENC:" + input
|
458
|
+
|
459
|
+
|
460
|
+
def decrypt_rootfs(fh: BinaryIO, kernel_hash: str) -> BinaryIO:
|
461
|
+
"""Attempt to decrypt an encrypted ``rootfs.gz`` file.
|
462
|
+
|
463
|
+
FortiOS releases as of 7.4.1 / 2023-08-31, have ChaCha20 encrypted ``rootfs.gz`` files.
|
464
|
+
This function attempts to decrypt a ``rootfs.gz`` file using a static key and IV
|
465
|
+
which can be found in the kernel.
|
466
|
+
|
467
|
+
Currently supported versions (each release has a new key):
|
468
|
+
- FortiGate VM 7.0.13
|
469
|
+
- FortiGate VM 7.4.1
|
470
|
+
- FortiGate VM 7.4.2
|
471
|
+
|
472
|
+
Resources:
|
473
|
+
- https://docs.fortinet.com/document/fortimanager/7.4.2/release-notes/519207/special-notices
|
474
|
+
- Reversing kernel (fgt_verifier_iv, fgt_verifier_decrypt, fgt_verifier_initrd)
|
475
|
+
"""
|
476
|
+
|
477
|
+
if not HAS_PYCRYPTODOME:
|
478
|
+
raise RuntimeError("PyCryptodome module not available")
|
479
|
+
|
480
|
+
# SHA256 hashes of kernel files
|
481
|
+
KERNEL_KEY_MAP = {
|
482
|
+
# FortiGate VM 7.0.13
|
483
|
+
"25cb2c8a419cde1f42d38fc6cbc95cf8b53db41096d0648015674d8220eba6bf": (
|
484
|
+
bytes.fromhex("c87e13e1f7d21c1aca81dc13329c3a948d6e420d3a859f3958bd098747873d08"),
|
485
|
+
bytes.fromhex("87486a24637e9a66f09ec182eee25594"),
|
486
|
+
),
|
487
|
+
# FortiGate VM 7.4.1
|
488
|
+
"a008b47327293e48502a121ee8709f243ad5da4e63d6f663c253db27bd01ea28": _kdf_7_4_x(
|
489
|
+
"366486c0f2c6322ec23e4f33a98caa1b19d41c74bb4f25f6e8e2087b0655b30f"
|
490
|
+
),
|
491
|
+
# FortiGate VM 7.4.2
|
492
|
+
"c392cf83ab484e0b2419b2711b02cdc88a73db35634c10340037243394a586eb": _kdf_7_4_x(
|
493
|
+
"480767be539de28ee773497fa731dd6368adc9946df61da8e1253fa402ba0302"
|
494
|
+
),
|
495
|
+
}
|
496
|
+
|
497
|
+
if not (key_data := KERNEL_KEY_MAP.get(kernel_hash)):
|
498
|
+
raise ValueError("Failed to decrypt: Unknown kernel hash.")
|
499
|
+
|
500
|
+
key, iv = key_data
|
501
|
+
# First 8 bytes = counter, last 8 bytes = nonce
|
502
|
+
# PyCryptodome interally divides this seek by 64 to get a (position, offset) tuple
|
503
|
+
# We're interested in updating the position in the ChaCha20 internal state, so to make
|
504
|
+
# PyCryptodome "OpenSSL-compatible" we have to multiply the counter by 64
|
505
|
+
cipher = ChaCha20.new(key=key, nonce=iv[8:])
|
506
|
+
cipher.seek(int.from_bytes(iv[:8], "little") * 64)
|
507
|
+
result = cipher.decrypt(fh.read())
|
508
|
+
|
509
|
+
if result[0:2] != b"\x1f\x8b":
|
510
|
+
raise ValueError("Failed to decrypt: No gzip magic header found.")
|
511
|
+
|
512
|
+
return BytesIO(result)
|
513
|
+
|
514
|
+
|
515
|
+
def _kdf_7_4_x(key_data: Union[str, bytes]) -> tuple[bytes, bytes]:
|
516
|
+
"""Derive 32 byte key and 16 byte IV from 32 byte seed.
|
517
|
+
|
518
|
+
As the IV needs to be 16 bytes, we return the first 16 bytes of the sha256 hash.
|
519
|
+
"""
|
520
|
+
|
521
|
+
if isinstance(key_data, str):
|
522
|
+
key_data = bytes.fromhex(key_data)
|
523
|
+
|
524
|
+
key = hashlib.sha256(key_data[4:32] + key_data[:4]).digest()
|
525
|
+
iv = hashlib.sha256(key_data[5:32] + key_data[:5]).digest()[:16]
|
526
|
+
return key, iv
|
527
|
+
|
528
|
+
|
529
|
+
def get_kernel_hash(sysvol: Filesystem) -> Optional[str]:
|
530
|
+
"""Return the SHA256 hash of the (compressed) kernel."""
|
531
|
+
kernel_files = ["flatkc", "vmlinuz", "vmlinux"]
|
532
|
+
for k in kernel_files:
|
533
|
+
if sysvol.path(k).exists():
|
534
|
+
return sysvol.sha256(k)
|
@@ -16,13 +16,15 @@ class GenericPlugin(Plugin):
|
|
16
16
|
@export(property=True)
|
17
17
|
def install_date(self) -> Optional[datetime]:
|
18
18
|
"""Return the likely install date of FortiOS."""
|
19
|
-
|
20
|
-
|
19
|
+
files = ["/data/etc/cloudinit.log", "/data/.vm_provisioned", "/data/etc/ssh/ssh_host_dsa_key"]
|
20
|
+
for file in files:
|
21
|
+
if (fp := self.target.fs.path(file)).exists():
|
22
|
+
return ts.from_unix(fp.stat().st_mtime)
|
21
23
|
|
22
24
|
@export(property=True)
|
23
25
|
def activity(self) -> Optional[datetime]:
|
24
26
|
"""Return last seen activity based on filesystem timestamps."""
|
25
|
-
log_dirs = ["/var/log/log/root", "/var/log/root"]
|
27
|
+
log_dirs = ["/var/log/log/root", "/var/log/root", "/data"]
|
26
28
|
for log_dir in log_dirs:
|
27
29
|
if (var_log := self.target.fs.path(log_dir)).exists():
|
28
30
|
return calculate_last_activity(var_log)
|
@@ -1,3 +1,5 @@
|
|
1
|
+
from typing import Optional
|
2
|
+
|
1
3
|
from dissect.target.exceptions import UnsupportedPluginError
|
2
4
|
from dissect.target.plugin import Plugin, export
|
3
5
|
|
@@ -8,13 +10,16 @@ class LocalePlugin(Plugin):
|
|
8
10
|
raise UnsupportedPluginError("FortiOS specific plugin loaded on non-FortiOS target")
|
9
11
|
|
10
12
|
@export(property=True)
|
11
|
-
def timezone(self) -> str:
|
13
|
+
def timezone(self) -> Optional[str]:
|
12
14
|
"""Return configured UI/system timezone."""
|
13
|
-
|
14
|
-
|
15
|
+
try:
|
16
|
+
timezone_num = self.target._os._config["global-config"]["system"]["global"]["timezone"][0]
|
17
|
+
return translate_timezone(timezone_num)
|
18
|
+
except KeyError:
|
19
|
+
pass
|
15
20
|
|
16
21
|
@export(property=True)
|
17
|
-
def language(self) -> str:
|
22
|
+
def language(self) -> Optional[str]:
|
18
23
|
"""Return configured UI language."""
|
19
24
|
LANG_MAP = {
|
20
25
|
"english": "en_US",
|
@@ -26,8 +31,11 @@ class LocalePlugin(Plugin):
|
|
26
31
|
"simch": "zh_CN",
|
27
32
|
"korean": "ko_KR",
|
28
33
|
}
|
29
|
-
|
30
|
-
|
34
|
+
try:
|
35
|
+
lang_str = self.target._os._config["global-config"]["system"]["global"].get("language", ["english"])[0]
|
36
|
+
return LANG_MAP.get(lang_str, lang_str)
|
37
|
+
except KeyError:
|
38
|
+
pass
|
31
39
|
|
32
40
|
|
33
41
|
def translate_timezone(timezone_num: str) -> str:
|
{dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/plugins/os/windows/tasks.py
RENAMED
@@ -1,16 +1,23 @@
|
|
1
|
+
from __future__ import annotations
|
2
|
+
|
3
|
+
import logging
|
4
|
+
import re
|
1
5
|
import warnings
|
2
|
-
from
|
6
|
+
from dataclasses import dataclass
|
7
|
+
from datetime import datetime
|
8
|
+
from typing import Iterator, Optional, Union
|
3
9
|
|
4
10
|
from flow.record import GroupedRecord
|
5
11
|
|
12
|
+
from dissect.target import Target
|
6
13
|
from dissect.target.exceptions import UnsupportedPluginError
|
7
14
|
from dissect.target.helpers.record import DynamicDescriptor, TargetRecordDescriptor
|
8
15
|
from dissect.target.plugin import Plugin, export
|
9
16
|
from dissect.target.plugins.os.windows.task_helpers.tasks_job import AtTask
|
10
17
|
from dissect.target.plugins.os.windows.task_helpers.tasks_xml import ScheduledTasks
|
11
|
-
from dissect.target.target import Target
|
12
18
|
|
13
19
|
warnings.simplefilter(action="ignore", category=FutureWarning)
|
20
|
+
log = logging.getLogger(__name__)
|
14
21
|
|
15
22
|
TaskRecord = TargetRecordDescriptor(
|
16
23
|
"filesystem/windows/task",
|
@@ -71,6 +78,92 @@ TaskRecord = TargetRecordDescriptor(
|
|
71
78
|
],
|
72
79
|
)
|
73
80
|
|
81
|
+
SchedLgURecord = TargetRecordDescriptor(
|
82
|
+
"windows/tasks/log/schedlgu",
|
83
|
+
[
|
84
|
+
("datetime", "ts"),
|
85
|
+
("string", "job"),
|
86
|
+
("string", "command"),
|
87
|
+
("string", "status"),
|
88
|
+
("uint32", "exit_code"),
|
89
|
+
("string", "version"),
|
90
|
+
],
|
91
|
+
)
|
92
|
+
|
93
|
+
JOB_REGEX_PATTERN = re.compile(r"\"(.*?)\" \((.*?)\)")
|
94
|
+
SCHEDLGU_REGEX_PATTERN = re.compile(r"\".+\n.+\n\s{4}.+\n|\".+\n.+", re.MULTILINE)
|
95
|
+
|
96
|
+
|
97
|
+
@dataclass(order=True)
|
98
|
+
class SchedLgU:
|
99
|
+
ts: datetime = None
|
100
|
+
job: str = None
|
101
|
+
status: str = None
|
102
|
+
command: str = None
|
103
|
+
exit_code: int = None
|
104
|
+
version: str = None
|
105
|
+
|
106
|
+
@staticmethod
|
107
|
+
def _sanitize_ts(ts: str) -> datetime:
|
108
|
+
# sometimes "at" exists before the timestamp
|
109
|
+
ts = ts.strip("at ")
|
110
|
+
try:
|
111
|
+
ts = datetime.strptime(ts, "%m/%d/%Y %I:%M:%S %p")
|
112
|
+
except ValueError:
|
113
|
+
ts = datetime.strptime(ts, "%d-%m-%Y %H:%M:%S")
|
114
|
+
|
115
|
+
return ts
|
116
|
+
|
117
|
+
@staticmethod
|
118
|
+
def _parse_job(line: str) -> tuple[str, Optional[str]]:
|
119
|
+
matches = JOB_REGEX_PATTERN.match(line)
|
120
|
+
if matches:
|
121
|
+
return matches.groups()
|
122
|
+
|
123
|
+
log.warning("SchedLgU failed to parse job and command from line: '%s'. Returning line.", line)
|
124
|
+
return line, None
|
125
|
+
|
126
|
+
@classmethod
|
127
|
+
def from_line(cls, line: str) -> SchedLgU:
|
128
|
+
"""Parse a group of SchedLgU.txt lines."""
|
129
|
+
event = cls()
|
130
|
+
lines = line.splitlines()
|
131
|
+
|
132
|
+
# Events can have 2 or 3 lines as a group in total. An example of a complete task job event is:
|
133
|
+
# "Symantec NetDetect.job" (NDETECT.EXE)
|
134
|
+
# Finished 14-9-2003 13:21:01
|
135
|
+
# Result: The task completed with an exit code of (65).
|
136
|
+
if len(lines) == 3:
|
137
|
+
event.job, event.command = cls._parse_job(lines[0])
|
138
|
+
event.status, event.ts = lines[1].split(maxsplit=1)
|
139
|
+
event.exit_code = int(lines[2].split("(")[1].rstrip(")."))
|
140
|
+
|
141
|
+
# Events that have 2 lines as a group can be started task job event or the Task Scheduler Service. Examples:
|
142
|
+
# "Symantec NetDetect.job" (NDETECT.EXE)
|
143
|
+
# Started at 14-9-2003 13:26:00
|
144
|
+
elif len(lines) == 2 and ".job" in lines[0]:
|
145
|
+
event.job, event.command = cls._parse_job(lines[0])
|
146
|
+
event.status, event.ts = lines[1].split(maxsplit=1)
|
147
|
+
|
148
|
+
# Events without a task job event are the Task Scheduler Service events. Which can look like this:
|
149
|
+
# "Task Scheduler Service"
|
150
|
+
# Exited at 14-9-2003 13:40:24
|
151
|
+
# OR
|
152
|
+
# "Task Scheduler Service"
|
153
|
+
# 6.0.6000.16386 (vista_rtm.061101-2205)
|
154
|
+
elif len(lines) == 2:
|
155
|
+
event.job = lines[0].strip('"')
|
156
|
+
|
157
|
+
if lines[1].startswith("\t") or lines[1].startswith(" "):
|
158
|
+
event.status, event.ts = lines[1].split(maxsplit=1)
|
159
|
+
else:
|
160
|
+
event.version = lines[1]
|
161
|
+
|
162
|
+
if event.ts:
|
163
|
+
event.ts = cls._sanitize_ts(event.ts)
|
164
|
+
|
165
|
+
return event
|
166
|
+
|
74
167
|
|
75
168
|
class TasksPlugin(Plugin):
|
76
169
|
"""Plugin for retrieving scheduled tasks on a Windows system.
|
@@ -149,3 +242,56 @@ class TasksPlugin(Plugin):
|
|
149
242
|
for trigger in task_object.get_triggers():
|
150
243
|
grouped = GroupedRecord("filesystem/windows/task/grouped", [record, trigger])
|
151
244
|
yield grouped
|
245
|
+
|
246
|
+
|
247
|
+
class SchedLgUPlugin(Plugin):
|
248
|
+
"""Plugin for parsing the Task Scheduler Service transaction log file (SchedLgU.txt)."""
|
249
|
+
|
250
|
+
PATHS = {
|
251
|
+
"sysvol/SchedLgU.txt",
|
252
|
+
"sysvol/windows/SchedLgU.txt",
|
253
|
+
"sysvol/windows/tasks/SchedLgU.txt",
|
254
|
+
"sysvol/winnt/tasks/SchedLgU.txt",
|
255
|
+
}
|
256
|
+
|
257
|
+
def __init__(self, target: Target) -> None:
|
258
|
+
self.target = target
|
259
|
+
self.paths = [self.target.fs.path(path) for path in self.PATHS if self.target.fs.path(path).exists()]
|
260
|
+
|
261
|
+
def check_compatible(self) -> None:
|
262
|
+
if len(self.paths) == 0:
|
263
|
+
raise UnsupportedPluginError("No SchedLgU.txt file found.")
|
264
|
+
|
265
|
+
@export(record=SchedLgURecord)
|
266
|
+
def schedlgu(self) -> Iterator[SchedLgURecord]:
|
267
|
+
"""Return all events in the Task Scheduler Service transaction log file (SchedLgU.txt).
|
268
|
+
|
269
|
+
Older Windows systems may log ``.job`` tasks that get started remotely in the SchedLgU.txt file.
|
270
|
+
In addition, this log file records when the Task Scheduler service starts and stops.
|
271
|
+
|
272
|
+
Adversaries may use malicious ``.job`` files to gain persistence on a system.
|
273
|
+
|
274
|
+
Yield:
|
275
|
+
ts (datetime): The timestamp of the event.
|
276
|
+
job (str): The name of the ``.job`` file.
|
277
|
+
command (str): The command executed.
|
278
|
+
status (str): The status of the event (finished, completed, exited, stopped).
|
279
|
+
exit_code (int): The exit code of the event.
|
280
|
+
version (str): The version of the Task Scheduler service.
|
281
|
+
"""
|
282
|
+
|
283
|
+
for path in self.paths:
|
284
|
+
content = path.read_text(encoding="UTF-16", errors="surrogateescape")
|
285
|
+
|
286
|
+
for match in re.findall(SCHEDLGU_REGEX_PATTERN, content):
|
287
|
+
event = SchedLgU.from_line(match)
|
288
|
+
|
289
|
+
yield SchedLgURecord(
|
290
|
+
ts=event.ts,
|
291
|
+
job=event.job,
|
292
|
+
command=event.command,
|
293
|
+
status=event.status,
|
294
|
+
exit_code=event.exit_code,
|
295
|
+
version=event.version,
|
296
|
+
_target=self.target,
|
297
|
+
)
|
@@ -1,6 +1,6 @@
|
|
1
1
|
Metadata-Version: 2.1
|
2
2
|
Name: dissect.target
|
3
|
-
Version: 3.15.
|
3
|
+
Version: 3.15.dev38
|
4
4
|
Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
|
5
5
|
Author-email: Dissect Team <dissect@fox-it.com>
|
6
6
|
License: Affero General Public License v3
|
@@ -522,6 +522,7 @@ tests/plugins/os/windows/test_wer.py
|
|
522
522
|
tests/plugins/os/windows/log/test_etl.py
|
523
523
|
tests/plugins/os/windows/log/test_evt.py
|
524
524
|
tests/plugins/os/windows/log/test_evtx.py
|
525
|
+
tests/plugins/os/windows/log/test_schedlgu.py
|
525
526
|
tests/plugins/os/windows/regf/__init__.py
|
526
527
|
tests/plugins/os/windows/regf/test_appxdebugkeys.py
|
527
528
|
tests/plugins/os/windows/regf/test_cit.py
|
@@ -0,0 +1,35 @@
|
|
1
|
+
from flow.record.fieldtypes import datetime
|
2
|
+
|
3
|
+
from dissect.target.plugins.os.windows.tasks import SchedLgUPlugin, SchedLgURecord
|
4
|
+
from tests._utils import absolute_path
|
5
|
+
|
6
|
+
|
7
|
+
def test_shedlgu(target_win, fs_win):
|
8
|
+
shedlgu_file = absolute_path("_data/plugins/os/windows/log/schedlgu/schedlgu.txt")
|
9
|
+
fs_win.map_file("Windows/SchedLgU.Txt", shedlgu_file)
|
10
|
+
|
11
|
+
target_win.add_plugin(SchedLgUPlugin)
|
12
|
+
|
13
|
+
records = list(target_win.schedlgu())
|
14
|
+
task_scheduler_started_event = records[0]
|
15
|
+
task_scheduler_version_event = records[1]
|
16
|
+
task_scheduler_exited_event = records[2]
|
17
|
+
job_task_event = records[58]
|
18
|
+
|
19
|
+
assert any(isinstance(record, type(SchedLgURecord())) for record in records)
|
20
|
+
assert task_scheduler_started_event.ts == datetime("2006-11-02 07:35:17+00:00")
|
21
|
+
assert task_scheduler_started_event.job == "Task Scheduler Service"
|
22
|
+
assert task_scheduler_started_event.status == "Started"
|
23
|
+
|
24
|
+
assert task_scheduler_version_event.job == "Task Scheduler Service"
|
25
|
+
assert task_scheduler_version_event.version == "6.0.6000.16386 (vista_rtm.061101-2205)"
|
26
|
+
|
27
|
+
assert task_scheduler_exited_event.job == "Task Scheduler Service"
|
28
|
+
assert task_scheduler_exited_event.ts == datetime("2006-11-02 07:55:10+00:00")
|
29
|
+
assert task_scheduler_exited_event.status == "Exited"
|
30
|
+
|
31
|
+
assert job_task_event.ts == datetime("2003-09-14 13:01:00+00:00")
|
32
|
+
assert job_task_event.job == "Symantec NetDetect.job"
|
33
|
+
assert job_task_event.command == "NDETECT.EXE"
|
34
|
+
assert job_task_event.status == "Finished"
|
35
|
+
assert job_task_event.exit_code == 65
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
{dissect.target-3.15.dev33 → dissect.target-3.15.dev38}/dissect/target/containers/__init__.py
RENAMED
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|