dissect.target 3.17.dev29__py3-none-any.whl → 3.17.dev33__py3-none-any.whl
Sign up to get free protection for your applications and to get access to all the features.
- dissect/target/filesystems/dir.py +14 -1
- dissect/target/filesystems/overlay.py +103 -0
- dissect/target/helpers/compat/path_common.py +19 -5
- dissect/target/loader.py +1 -0
- dissect/target/loaders/itunes.py +3 -3
- dissect/target/loaders/overlay.py +31 -0
- dissect/target/plugins/apps/browser/brave.py +10 -0
- dissect/target/plugins/apps/browser/browser.py +43 -0
- dissect/target/plugins/apps/browser/chrome.py +10 -0
- dissect/target/plugins/apps/browser/chromium.py +234 -12
- dissect/target/plugins/apps/browser/edge.py +10 -0
- dissect/target/plugins/apps/browser/firefox.py +440 -19
- dissect/target/plugins/apps/browser/iexplore.py +1 -1
- dissect/target/plugins/apps/container/docker.py +24 -4
- dissect/target/plugins/apps/ssh/putty.py +10 -1
- dissect/target/plugins/child/docker.py +24 -0
- dissect/target/plugins/os/unix/linux/fortios/_os.py +6 -6
- dissect/target/plugins/os/windows/_os.py +1 -1
- dissect/target/plugins/os/windows/catroot.py +11 -2
- dissect/target/plugins/os/windows/dpapi/crypto.py +12 -1
- dissect/target/plugins/os/windows/dpapi/dpapi.py +62 -7
- dissect/target/plugins/os/windows/dpapi/master_key.py +22 -2
- dissect/target/plugins/os/windows/sam.py +10 -1
- {dissect.target-3.17.dev29.dist-info → dissect.target-3.17.dev33.dist-info}/METADATA +1 -1
- {dissect.target-3.17.dev29.dist-info → dissect.target-3.17.dev33.dist-info}/RECORD +30 -27
- {dissect.target-3.17.dev29.dist-info → dissect.target-3.17.dev33.dist-info}/COPYRIGHT +0 -0
- {dissect.target-3.17.dev29.dist-info → dissect.target-3.17.dev33.dist-info}/LICENSE +0 -0
- {dissect.target-3.17.dev29.dist-info → dissect.target-3.17.dev33.dist-info}/WHEEL +0 -0
- {dissect.target-3.17.dev29.dist-info → dissect.target-3.17.dev33.dist-info}/entry_points.txt +0 -0
- {dissect.target-3.17.dev29.dist-info → dissect.target-3.17.dev33.dist-info}/top_level.txt +0 -0
@@ -23,9 +23,9 @@ from dissect.target.target import Target
|
|
23
23
|
try:
|
24
24
|
from Crypto.Cipher import AES, ChaCha20
|
25
25
|
|
26
|
-
|
26
|
+
HAS_CRYPTO = True
|
27
27
|
except ImportError:
|
28
|
-
|
28
|
+
HAS_CRYPTO = False
|
29
29
|
|
30
30
|
FortiOSUserRecord = TargetRecordDescriptor(
|
31
31
|
"fortios/user",
|
@@ -442,8 +442,8 @@ def decrypt_password(input: str) -> str:
|
|
442
442
|
- https://www.fortiguard.com/psirt/FG-IR-19-007
|
443
443
|
"""
|
444
444
|
|
445
|
-
if not
|
446
|
-
raise RuntimeError("
|
445
|
+
if not HAS_CRYPTO:
|
446
|
+
raise RuntimeError("Missing pycryptodome dependency")
|
447
447
|
|
448
448
|
if input[:3] in ["SH2", "AK1"]:
|
449
449
|
raise ValueError("Password is a hash (SHA-256 or SHA-1) and cannot be decrypted.")
|
@@ -511,8 +511,8 @@ def decrypt_rootfs(fh: BinaryIO, key: bytes, iv: bytes) -> BinaryIO:
|
|
511
511
|
RuntimeError: When PyCryptodome is not available.
|
512
512
|
"""
|
513
513
|
|
514
|
-
if not
|
515
|
-
raise RuntimeError("
|
514
|
+
if not HAS_CRYPTO:
|
515
|
+
raise RuntimeError("Missing pycryptodome dependency")
|
516
516
|
|
517
517
|
# First 8 bytes = counter, last 8 bytes = nonce
|
518
518
|
# PyCryptodome interally divides this seek by 64 to get a (position, offset) tuple
|
@@ -41,7 +41,7 @@ class WindowsPlugin(OSPlugin):
|
|
41
41
|
|
42
42
|
if not sysvol.exists("boot/BCD"):
|
43
43
|
for fs in target.filesystems:
|
44
|
-
if fs.exists("boot")
|
44
|
+
if fs.exists("boot/BCD") or fs.exists("EFI/Microsoft/Boot/BCD"):
|
45
45
|
target.fs.mount("efi", fs)
|
46
46
|
|
47
47
|
return cls(target)
|
@@ -1,7 +1,5 @@
|
|
1
1
|
from typing import Iterator, Optional
|
2
2
|
|
3
|
-
from asn1crypto.cms import ContentInfo
|
4
|
-
from asn1crypto.core import Sequence
|
5
3
|
from dissect.esedb import EseDB
|
6
4
|
from flow.record.fieldtypes import digest
|
7
5
|
|
@@ -9,6 +7,14 @@ from dissect.target.exceptions import UnsupportedPluginError
|
|
9
7
|
from dissect.target.helpers.record import TargetRecordDescriptor
|
10
8
|
from dissect.target.plugin import Plugin, export
|
11
9
|
|
10
|
+
try:
|
11
|
+
from asn1crypto.cms import ContentInfo
|
12
|
+
from asn1crypto.core import Sequence
|
13
|
+
|
14
|
+
HAS_ASN1 = True
|
15
|
+
except ImportError:
|
16
|
+
HAS_ASN1 = False
|
17
|
+
|
12
18
|
HINT_NEEDLE = b"\x1e\x08\x00H\x00i\x00n\x00t"
|
13
19
|
PACKAGE_NAME_NEEDLE = b"\x06\n+\x06\x01\x04\x01\x827\x0c\x02\x01"
|
14
20
|
DIGEST_NEEDLES = {
|
@@ -77,6 +83,9 @@ class CatrootPlugin(Plugin):
|
|
77
83
|
self.catroot2_dir = self.target.fs.path("sysvol/windows/system32/catroot2")
|
78
84
|
|
79
85
|
def check_compatible(self) -> None:
|
86
|
+
if not HAS_ASN1:
|
87
|
+
raise UnsupportedPluginError("Missing asn1crypto dependency")
|
88
|
+
|
80
89
|
if next(self.catroot2_dir.rglob("catdb"), None) is None and next(self.catroot_dir.rglob("*.cat"), None) is None:
|
81
90
|
raise UnsupportedPluginError("No catroot files or catroot ESE databases found")
|
82
91
|
|
@@ -4,7 +4,12 @@ import hashlib
|
|
4
4
|
import hmac
|
5
5
|
from typing import Optional, Union
|
6
6
|
|
7
|
-
|
7
|
+
try:
|
8
|
+
from Crypto.Cipher import AES, ARC4
|
9
|
+
|
10
|
+
HAS_CRYPTO = True
|
11
|
+
except ImportError:
|
12
|
+
HAS_CRYPTO = False
|
8
13
|
|
9
14
|
CIPHER_ALGORITHMS: dict[Union[int, str], CipherAlgorithm] = {}
|
10
15
|
HASH_ALGORITHMS: dict[Union[int, str], HashAlgorithm] = {}
|
@@ -62,6 +67,9 @@ class _AES(CipherAlgorithm):
|
|
62
67
|
block_length = 128 // 8
|
63
68
|
|
64
69
|
def decrypt(self, data: bytes, key: bytes, iv: Optional[bytes] = None) -> bytes:
|
70
|
+
if not HAS_CRYPTO:
|
71
|
+
raise RuntimeError("Missing pycryptodome dependency")
|
72
|
+
|
65
73
|
cipher = AES.new(
|
66
74
|
key[: self.key_length], mode=AES.MODE_CBC, IV=iv[: self.iv_length] if iv else b"\x00" * self.iv_length
|
67
75
|
)
|
@@ -93,6 +101,9 @@ class _RC4(CipherAlgorithm):
|
|
93
101
|
block_length = 1 // 8
|
94
102
|
|
95
103
|
def decrypt(self, data: bytes, key: bytes, iv: Optional[bytes] = None) -> bytes:
|
104
|
+
if not HAS_CRYPTO:
|
105
|
+
raise RuntimeError("Missing pycryptodome dependency")
|
106
|
+
|
96
107
|
cipher = ARC4.new(key[: self.key_length])
|
97
108
|
return cipher.decrypt(data)
|
98
109
|
|
@@ -1,21 +1,27 @@
|
|
1
1
|
import hashlib
|
2
2
|
import re
|
3
|
-
from functools import cached_property
|
3
|
+
from functools import cache, cached_property
|
4
4
|
from pathlib import Path
|
5
5
|
|
6
|
-
|
6
|
+
try:
|
7
|
+
from Crypto.Cipher import AES
|
8
|
+
|
9
|
+
HAS_CRYPTO = True
|
10
|
+
except ImportError:
|
11
|
+
HAS_CRYPTO = False
|
12
|
+
|
7
13
|
|
8
|
-
from dissect.target import Target
|
9
14
|
from dissect.target.exceptions import UnsupportedPluginError
|
15
|
+
from dissect.target.helpers import keychain
|
10
16
|
from dissect.target.plugin import InternalPlugin
|
11
17
|
from dissect.target.plugins.os.windows.dpapi.blob import Blob as DPAPIBlob
|
12
18
|
from dissect.target.plugins.os.windows.dpapi.master_key import CredSystem, MasterKeyFile
|
19
|
+
from dissect.target.target import Target
|
13
20
|
|
14
21
|
|
15
22
|
class DPAPIPlugin(InternalPlugin):
|
16
23
|
__namespace__ = "dpapi"
|
17
24
|
|
18
|
-
# This matches master key file names
|
19
25
|
MASTER_KEY_REGEX = re.compile("^[0-9a-f]{8}(?:-[0-9a-f]{4}){3}-[0-9a-f]{12}$")
|
20
26
|
|
21
27
|
SECURITY_POLICY_KEY = "HKEY_LOCAL_MACHINE\\SECURITY\\Policy"
|
@@ -25,11 +31,26 @@ class DPAPIPlugin(InternalPlugin):
|
|
25
31
|
|
26
32
|
def __init__(self, target: Target):
|
27
33
|
super().__init__(target)
|
34
|
+
self.keychain = cache(self.keychain)
|
28
35
|
|
29
36
|
def check_compatible(self) -> None:
|
37
|
+
if not HAS_CRYPTO:
|
38
|
+
raise UnsupportedPluginError("Missing pycryptodome dependency")
|
39
|
+
|
30
40
|
if not list(self.target.registry.keys(self.SYSTEM_KEY)):
|
31
41
|
raise UnsupportedPluginError(f"Registry key not found: {self.SYSTEM_KEY}")
|
32
42
|
|
43
|
+
def keychain(self) -> set:
|
44
|
+
passwords = set()
|
45
|
+
|
46
|
+
for key in keychain.get_keys_for_provider("user") + keychain.get_keys_without_provider():
|
47
|
+
if key.key_type == keychain.KeyType.PASSPHRASE:
|
48
|
+
passwords.add(key.value)
|
49
|
+
|
50
|
+
# It is possible to encrypt using an empty passphrase.
|
51
|
+
passwords.add("")
|
52
|
+
return passwords
|
53
|
+
|
33
54
|
@cached_property
|
34
55
|
def syskey(self) -> bytes:
|
35
56
|
lsa = self.target.registry.key(self.SYSTEM_KEY)
|
@@ -84,6 +105,10 @@ class DPAPIPlugin(InternalPlugin):
|
|
84
105
|
|
85
106
|
return result
|
86
107
|
|
108
|
+
@cached_property
|
109
|
+
def _users(self) -> dict[str, dict[str, str]]:
|
110
|
+
return {u.name: {"sid": u.sid} for u in self.target.users()}
|
111
|
+
|
87
112
|
def _load_master_keys_from_path(self, username: str, path: Path) -> dict[str, MasterKeyFile]:
|
88
113
|
if not path.exists():
|
89
114
|
return {}
|
@@ -104,21 +129,51 @@ class DPAPIPlugin(InternalPlugin):
|
|
104
129
|
if not mkf.decrypted:
|
105
130
|
raise Exception("Failed to decrypt System master key")
|
106
131
|
|
132
|
+
if user := self._users.get(username):
|
133
|
+
for mk_pass in self.keychain():
|
134
|
+
if mkf.decrypt_with_password(user["sid"], mk_pass):
|
135
|
+
break
|
136
|
+
|
137
|
+
try:
|
138
|
+
if mkf.decrypt_with_hash(user["sid"], bytes.fromhex(mk_pass)) is True:
|
139
|
+
break
|
140
|
+
except ValueError:
|
141
|
+
pass
|
142
|
+
|
143
|
+
if not mkf.decrypted:
|
144
|
+
self.target.log.warning("Could not decrypt DPAPI master key for username '%s'", username)
|
145
|
+
|
107
146
|
result[file.name] = mkf
|
108
147
|
|
109
148
|
return result
|
110
149
|
|
111
150
|
def decrypt_system_blob(self, data: bytes) -> bytes:
|
151
|
+
"""Decrypt the given bytes using the System master key."""
|
152
|
+
return self.decrypt_user_blob(data, self.SYSTEM_USERNAME)
|
153
|
+
|
154
|
+
def decrypt_user_blob(self, data: bytes, username: str) -> bytes:
|
155
|
+
"""Decrypt the given bytes using the master key of the given user."""
|
112
156
|
blob = DPAPIBlob(data)
|
113
157
|
|
114
|
-
if not (mk := self.master_keys.get(
|
115
|
-
raise ValueError("Blob UUID is unknown to
|
158
|
+
if not (mk := self.master_keys.get(username, {}).get(blob.guid)):
|
159
|
+
raise ValueError(f"Blob UUID is unknown to {username} master keys")
|
116
160
|
|
117
161
|
if not blob.decrypt(mk.key):
|
118
|
-
raise ValueError("Failed to decrypt
|
162
|
+
raise ValueError(f"Failed to decrypt blob for user {username}")
|
119
163
|
|
120
164
|
return blob.clear_text
|
121
165
|
|
166
|
+
def decrypt_blob(self, data: bytes) -> bytes:
|
167
|
+
"""Attempt to decrypt the given bytes using any of the available master keys."""
|
168
|
+
blob = DPAPIBlob(data)
|
169
|
+
|
170
|
+
for user in self.master_keys:
|
171
|
+
for mk in self.master_keys[user].values():
|
172
|
+
if blob.decrypt(mk.key):
|
173
|
+
return blob.clear_text
|
174
|
+
|
175
|
+
raise ValueError("Failed to decrypt blob")
|
176
|
+
|
122
177
|
|
123
178
|
def _decrypt_aes(data: bytes, key: bytes) -> bytes:
|
124
179
|
ctx = hashlib.sha256()
|
@@ -1,4 +1,5 @@
|
|
1
1
|
import hashlib
|
2
|
+
import logging
|
2
3
|
from io import BytesIO
|
3
4
|
from typing import BinaryIO
|
4
5
|
|
@@ -11,6 +12,16 @@ from dissect.target.plugins.os.windows.dpapi.crypto import (
|
|
11
12
|
dpapi_hmac,
|
12
13
|
)
|
13
14
|
|
15
|
+
try:
|
16
|
+
from Crypto.Hash import MD4
|
17
|
+
|
18
|
+
HAS_CRYPTO = True
|
19
|
+
except ImportError:
|
20
|
+
HAS_CRYPTO = False
|
21
|
+
|
22
|
+
log = logging.getLogger(__name__)
|
23
|
+
|
24
|
+
|
14
25
|
master_key_def = """
|
15
26
|
struct DomainKey {
|
16
27
|
DWORD dwVersion;
|
@@ -85,9 +96,18 @@ class MasterKey:
|
|
85
96
|
|
86
97
|
def decrypt_with_password(self, user_sid: str, pwd: str) -> bool:
|
87
98
|
"""Decrypts the master key with the given user's password and SID."""
|
99
|
+
pwd = pwd.encode("utf-16-le")
|
100
|
+
|
88
101
|
for algo in ["sha1", "md4"]:
|
89
|
-
|
90
|
-
|
102
|
+
if algo in hashlib.algorithms_available:
|
103
|
+
pwd_hash = hashlib.new(algo, pwd)
|
104
|
+
elif HAS_CRYPTO and algo == "md4":
|
105
|
+
pwd_hash = MD4.new(pwd)
|
106
|
+
else:
|
107
|
+
log.warning("No cryptography capabilities for algorithm %s", algo)
|
108
|
+
continue
|
109
|
+
|
110
|
+
self.decrypt_with_key(derive_password_hash(pwd_hash.digest(), user_sid))
|
91
111
|
if self.decrypted:
|
92
112
|
break
|
93
113
|
|
@@ -2,7 +2,13 @@ from hashlib import md5, sha256
|
|
2
2
|
from struct import pack
|
3
3
|
from typing import Iterator
|
4
4
|
|
5
|
-
|
5
|
+
try:
|
6
|
+
from Crypto.Cipher import AES, ARC4, DES
|
7
|
+
|
8
|
+
HAS_CRYPTO = True
|
9
|
+
except ImportError:
|
10
|
+
HAS_CRYPTO = False
|
11
|
+
|
6
12
|
from dissect import cstruct
|
7
13
|
from dissect.util import ts
|
8
14
|
|
@@ -295,6 +301,9 @@ class SamPlugin(Plugin):
|
|
295
301
|
SAM_KEY = "HKEY_LOCAL_MACHINE\\SAM\\SAM\\Domains\\Account"
|
296
302
|
|
297
303
|
def check_compatible(self) -> None:
|
304
|
+
if not HAS_CRYPTO:
|
305
|
+
raise UnsupportedPluginError("Missing pycryptodome dependency")
|
306
|
+
|
298
307
|
if not len(list(self.target.registry.keys(self.SAM_KEY))) > 0:
|
299
308
|
raise UnsupportedPluginError(f"Registry key not found: {self.SAM_KEY}")
|
300
309
|
|
@@ -1,6 +1,6 @@
|
|
1
1
|
Metadata-Version: 2.1
|
2
2
|
Name: dissect.target
|
3
|
-
Version: 3.17.
|
3
|
+
Version: 3.17.dev33
|
4
4
|
Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
|
5
5
|
Author-email: Dissect Team <dissect@fox-it.com>
|
6
6
|
License: Affero General Public License v3
|
@@ -2,7 +2,7 @@ dissect/target/__init__.py,sha256=Oc7ounTgq2hE4nR6YcNabetc7SQA40ldSa35VEdZcQU,63
|
|
2
2
|
dissect/target/container.py,sha256=0YcwcGmfJjhPXUB6DEcjWEoSuAtTDxMDpoTviMrLsxM,9353
|
3
3
|
dissect/target/exceptions.py,sha256=VVW_Rq_vQinapz-2mbJ3UkxBEZpb2pE_7JlhMukdtrY,2877
|
4
4
|
dissect/target/filesystem.py,sha256=1i-lToeTX-HgQXQOYxPXH-90M_eq43W4FFzNDRdpgpk,60094
|
5
|
-
dissect/target/loader.py,sha256=
|
5
|
+
dissect/target/loader.py,sha256=hjKInZAEcv43RiqxZJ0yBI4Y2YZ2-nrsKWu_BKrgba4,7336
|
6
6
|
dissect/target/plugin.py,sha256=HAN8maaDt-Rlqt8Rr1IW7gXQpzNQZjCVz-i4aSPphSw,48677
|
7
7
|
dissect/target/report.py,sha256=06uiP4MbNI8cWMVrC1SasNS-Yg6ptjVjckwj8Yhe0Js,7958
|
8
8
|
dissect/target/target.py,sha256=jq0Ii8073GOfwfqRj7UMuJT5jTVvQ_FD9Vrl9TMGpVc,32180
|
@@ -27,7 +27,7 @@ dissect/target/filesystems/btrfs.py,sha256=5MBi193ZvclkEQcxDr_sDHfj_FYU_hyYNRL4Y
|
|
27
27
|
dissect/target/filesystems/cb.py,sha256=6LcoJiwsYu1Han31IUzVpZVDTifhTLTx_gLfNpB_p6k,5329
|
28
28
|
dissect/target/filesystems/config.py,sha256=C2JnzBzMqbAjchGFDwURItCeUY7uxkhw1Gen-6cGkAc,11432
|
29
29
|
dissect/target/filesystems/cpio.py,sha256=ssVCjkAtLn2FqmNxeo6U5boyUdSYFxLWfXpytHYGPqs,641
|
30
|
-
dissect/target/filesystems/dir.py,sha256=
|
30
|
+
dissect/target/filesystems/dir.py,sha256=rKEreX3A7CI6a3pMssrO9F-9i5pkxCn_Ucs_dMtHxxA,4574
|
31
31
|
dissect/target/filesystems/exfat.py,sha256=PRkZPUVN5NlgB1VetFtywdNgF6Yj5OBtF5a25t-fFvw,5917
|
32
32
|
dissect/target/filesystems/extfs.py,sha256=9Cke-H0CL-SPd3-xvdAgfc3YA5hYso0sq6hm0C9vGII,4640
|
33
33
|
dissect/target/filesystems/fat.py,sha256=ZSw-wS57vo5eIXJndfI1rZkGu_qh-vyioMzCZFZ_UTE,4611
|
@@ -35,6 +35,7 @@ dissect/target/filesystems/ffs.py,sha256=Wu8sS1jjmD0QXXcAaD2h_zzfvinjco8qvj0hEru
|
|
35
35
|
dissect/target/filesystems/itunes.py,sha256=6LPUHSf2qpHacMgA4bdlEKUIV_BaLxmIxyLESXqNexI,6345
|
36
36
|
dissect/target/filesystems/jffs.py,sha256=Ceqa5Em2pepnXMH_XZFmSNjQyWPo1uWTthBFSMWfKRo,3926
|
37
37
|
dissect/target/filesystems/ntfs.py,sha256=fGgCKjdO5GrPC21DDr0SwIxmwR7KruNIqGUzysboirA,7068
|
38
|
+
dissect/target/filesystems/overlay.py,sha256=-dqWuMWLcq3usKbJYh0MW-qyp4dfLlOAh2z6FjNPu9I,4314
|
38
39
|
dissect/target/filesystems/smb.py,sha256=uxfcOWwEoDCw8Qpsa94T5Pn-SKd4WXs4OOrzVVI55d8,6406
|
39
40
|
dissect/target/filesystems/squashfs.py,sha256=ehzlThXB7n96XUvQnsK5tWLsA9HIxYN-Zxl7aO9D7ts,3921
|
40
41
|
dissect/target/filesystems/tar.py,sha256=kQNhcEDPX005svse039OeR2AGSDigGuGz2AKoVrgg84,5692
|
@@ -72,7 +73,7 @@ dissect/target/helpers/compat/path_310.py,sha256=PsLDIodlp3Hv5u-w7GDl6_LnTtchBYc
|
|
72
73
|
dissect/target/helpers/compat/path_311.py,sha256=2aydxCMWu1pN8PTBCo8HUbHRMC1xO-hj013j4QxaogE,18182
|
73
74
|
dissect/target/helpers/compat/path_312.py,sha256=oYa9SzcUI6FZmayQSy-HHPiIdPk5FX0XAQjnjGLsjCc,15223
|
74
75
|
dissect/target/helpers/compat/path_39.py,sha256=FIyZ3sb-XQhJnm02jVdOc6ncjCWa9OVxlCb_yap8A1o,18638
|
75
|
-
dissect/target/helpers/compat/path_common.py,sha256=
|
76
|
+
dissect/target/helpers/compat/path_common.py,sha256=X9mAPoP6E5e_1idiZz7-FPRsOwcAjQ5FP70k30s_yMA,7739
|
76
77
|
dissect/target/helpers/data/windowsZones.xml,sha256=4OijeR7oxI0ZwPTSwCkmtcofOsUCjSnbZ4dQxVOM_4o,50005
|
77
78
|
dissect/target/loaders/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
78
79
|
dissect/target/loaders/ad1.py,sha256=1_VmPZckDzXVvNF-HNtoUZqabnhCKBLUD3vVaitHQ00,571
|
@@ -81,13 +82,14 @@ dissect/target/loaders/cb.py,sha256=EGhdytBKBdofTd89juavDZZbmupEZmMBadeUXvVIK20,
|
|
81
82
|
dissect/target/loaders/cyber.py,sha256=Ip2hI7L98ZP7gUZuHQr0GxBdmbTzD-PntXmLJ5KpBuQ,1533
|
82
83
|
dissect/target/loaders/dir.py,sha256=Q5oVS48SuI0vA_QKgzWBiAFsQ4aQaW3tr-701vLk3AQ,5245
|
83
84
|
dissect/target/loaders/hyperv.py,sha256=_IOUJEO0BXaCBZ6sjIX0DZTkG9UNW5Vs9VcNHYv073w,5928
|
84
|
-
dissect/target/loaders/itunes.py,sha256=
|
85
|
+
dissect/target/loaders/itunes.py,sha256=rKOhlDRypQBGkuSZudMDS1Mlb9XV6BD5FRvM7tGq9jU,13128
|
85
86
|
dissect/target/loaders/kape.py,sha256=t5TfrGLqPeIpUUpXzIl6aHsqXMEGDqJ5YwDCs07DiBA,1237
|
86
87
|
dissect/target/loaders/local.py,sha256=Ul-LCd_fY7SyWOVR6nH-NqbkuNpxoZVmffwrkvQElU8,16453
|
87
88
|
dissect/target/loaders/log.py,sha256=cCkDIRS4aPlX3U-n_jUKaI2FPSV3BDpfqKceaU7rBbo,1507
|
88
89
|
dissect/target/loaders/mqtt.py,sha256=D8AmdOz2atD92z8bhjVFi3tC1H7pYmP4UrOCtMgfwMY,10396
|
89
90
|
dissect/target/loaders/multiraw.py,sha256=4a3ZST0NwjnfPDxHkcEfAcX2ddUlT_C-rcrMHNg1wp4,1046
|
90
91
|
dissect/target/loaders/ova.py,sha256=6h4O-7i87J394C6KgLsPkdXRAKNwtPubzLNS3vBGs7U,744
|
92
|
+
dissect/target/loaders/overlay.py,sha256=tj99HKvNG5_JbGfb1WCv4KNSbXXSnEcPQY5XT-JUxn8,992
|
91
93
|
dissect/target/loaders/ovf.py,sha256=ELMq6J2y6cPKbp7pjWAqMMnFYefWxXNqzIiAQdvGGXQ,1061
|
92
94
|
dissect/target/loaders/phobos.py,sha256=XtxF7FZXfZrXJruFUZUQzxlREyfc86dTxph7BNoNMvw,2277
|
93
95
|
dissect/target/loaders/profile.py,sha256=5ylgmzEEGyBFW3izvb-BZ7dGByXN9OFyRnnggR98P9w,1667
|
@@ -117,15 +119,15 @@ dissect/target/plugins/apps/av/sophos.py,sha256=gSfTvjBZMuT0hsL-p4oYxuYmakbqApoO
|
|
117
119
|
dissect/target/plugins/apps/av/symantec.py,sha256=RFLyNW6FyuoGcirJ4xHbQM8oGjua9W4zXmC7YDF-H20,14109
|
118
120
|
dissect/target/plugins/apps/av/trendmicro.py,sha256=jloy_N4hHAqF1sVIEeD5Q7LRYal3_os14Umk-hGaAR4,4613
|
119
121
|
dissect/target/plugins/apps/browser/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
120
|
-
dissect/target/plugins/apps/browser/brave.py,sha256=
|
121
|
-
dissect/target/plugins/apps/browser/browser.py,sha256=
|
122
|
-
dissect/target/plugins/apps/browser/chrome.py,sha256=
|
123
|
-
dissect/target/plugins/apps/browser/chromium.py,sha256=
|
124
|
-
dissect/target/plugins/apps/browser/edge.py,sha256=
|
125
|
-
dissect/target/plugins/apps/browser/firefox.py,sha256=
|
126
|
-
dissect/target/plugins/apps/browser/iexplore.py,sha256=
|
122
|
+
dissect/target/plugins/apps/browser/brave.py,sha256=EW1ubL10swHeV9CscfpE-SrNZozul_Ewj48LNRaG5Kg,2865
|
123
|
+
dissect/target/plugins/apps/browser/browser.py,sha256=rBIwcgdl73gm-8APwx2jEUAYXRniXkqcdMr2UYj_tS8,4118
|
124
|
+
dissect/target/plugins/apps/browser/chrome.py,sha256=hxS8gqpBwoCrPaxNpllIa6K9DtsSGzn6XXcUaHyes6w,3048
|
125
|
+
dissect/target/plugins/apps/browser/chromium.py,sha256=1oaQhMN5mJysw0VIVpTEmRCAifgv-mUQxZwrGmGHqAQ,27875
|
126
|
+
dissect/target/plugins/apps/browser/edge.py,sha256=woXzZtHPWmfcV8vbxGKHELKru5JRb32MAXs43_b4K4E,2883
|
127
|
+
dissect/target/plugins/apps/browser/firefox.py,sha256=Y8QdSgPZktYy4IF36aI1Jfbw_ucysx82PNljnyUCmRY,27025
|
128
|
+
dissect/target/plugins/apps/browser/iexplore.py,sha256=MqMonoaM5lj0ZFqGwS4F-P1eLmnLvX7VQGE9S3hxXag,8739
|
127
129
|
dissect/target/plugins/apps/container/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
128
|
-
dissect/target/plugins/apps/container/docker.py,sha256=
|
130
|
+
dissect/target/plugins/apps/container/docker.py,sha256=67Eih9AfUbqsP-HlnlwoHi4rSAnVCZWM76sEyO_1m18,15316
|
129
131
|
dissect/target/plugins/apps/remoteaccess/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
130
132
|
dissect/target/plugins/apps/remoteaccess/anydesk.py,sha256=lHtgINWXfVpPuCTRyQmT2ZO-1vkoqiXZ7coj8cZ8p4c,3185
|
131
133
|
dissect/target/plugins/apps/remoteaccess/remoteaccess.py,sha256=UQDmDC4Y-KxYl_8kaAh6SG_BLJZ6SeGnxG0gyD8tzaE,833
|
@@ -135,7 +137,7 @@ dissect/target/plugins/apps/shell/powershell.py,sha256=biPSMRWxPI6kRqP0-75yMtrw0
|
|
135
137
|
dissect/target/plugins/apps/ssh/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
136
138
|
dissect/target/plugins/apps/ssh/openssh.py,sha256=yt3bX93Q9wfF25_vG9APMwfZWUUqCPyLlVJdhu20syI,7250
|
137
139
|
dissect/target/plugins/apps/ssh/opensshd.py,sha256=DaXKdgGF3GYHHA4buEvphcm6FF4C8YFjgD96Dv6rRnM,5510
|
138
|
-
dissect/target/plugins/apps/ssh/putty.py,sha256=
|
140
|
+
dissect/target/plugins/apps/ssh/putty.py,sha256=EmsXr2NbOB13-EWS5AkpEPMUhOkVl6FAy8JGUiaDhxk,10133
|
139
141
|
dissect/target/plugins/apps/ssh/ssh.py,sha256=tTA87u0B8yY1yVCPV0VJdRUct6ggkir_pIziP-eKnVo,3009
|
140
142
|
dissect/target/plugins/apps/vpn/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
141
143
|
dissect/target/plugins/apps/vpn/openvpn.py,sha256=d-DGINTIHP_bvv3T09ZwbezHXGctvCyAhJ482m2_-a0,7654
|
@@ -150,6 +152,7 @@ dissect/target/plugins/apps/webserver/iis.py,sha256=fnVF6npYXbVfg9SYvFOFMM1c7dT8
|
|
150
152
|
dissect/target/plugins/apps/webserver/nginx.py,sha256=WA5soi1FU1c44oHRcyOoHK3gH8Jzc_Qi5uXcimDYukw,4129
|
151
153
|
dissect/target/plugins/apps/webserver/webserver.py,sha256=a7a2lLrhsa9c1AXnwiLP-tqVv-IUbmaVaSZI5S0fKa8,1500
|
152
154
|
dissect/target/plugins/child/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
155
|
+
dissect/target/plugins/child/docker.py,sha256=frBZ8UUzbtkT9VrK1fwUzXDAdkHESdPCb-QI_OP9Jj4,872
|
153
156
|
dissect/target/plugins/child/esxi.py,sha256=GfgQzxntcHcyxAE2QjMJ-TrFhklweSXLbYh0uuv-klg,693
|
154
157
|
dissect/target/plugins/child/hyperv.py,sha256=R2qVeu4p_9V53jO-65znN0LwX9v3FVA-9jbbtOQcEz8,2236
|
155
158
|
dissect/target/plugins/child/virtuozzo.py,sha256=Mx4ZxEl21g7IYkzraw4FBZup5EfrkFDv4WuTE3hxguw,1206
|
@@ -227,7 +230,7 @@ dissect/target/plugins/os/unix/linux/debian/vyos/__init__.py,sha256=47DEQpj8HBSa
|
|
227
230
|
dissect/target/plugins/os/unix/linux/debian/vyos/_os.py,sha256=TPjcfv1n68RCe3Er4aCVQwQDCZwJT-NLvje3kPjDfhk,1744
|
228
231
|
dissect/target/plugins/os/unix/linux/fortios/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
229
232
|
dissect/target/plugins/os/unix/linux/fortios/_keys.py,sha256=jDDHObfsUn9BGoIir9p4J_-rg9rI1rgoOfnL3R3lg4o,123358
|
230
|
-
dissect/target/plugins/os/unix/linux/fortios/_os.py,sha256=
|
233
|
+
dissect/target/plugins/os/unix/linux/fortios/_os.py,sha256=Cyw6KyGNc-uZn2WDlD-7G9K7swe_ofxwykIZeQRGYKU,19416
|
231
234
|
dissect/target/plugins/os/unix/linux/fortios/generic.py,sha256=tT4-lE0Z_DeDIN3zHrQbE8JB3cRJop1_TiEst-Au0bs,1230
|
232
235
|
dissect/target/plugins/os/unix/linux/fortios/locale.py,sha256=VDdk60sqe2JTfftssO05C667-_BpI3kcqKOTVzO3ueU,5209
|
233
236
|
dissect/target/plugins/os/unix/linux/redhat/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
@@ -250,11 +253,11 @@ dissect/target/plugins/os/unix/log/lastlog.py,sha256=eL_dbB1sPoy0tyavIjT457ZLVfX
|
|
250
253
|
dissect/target/plugins/os/unix/log/messages.py,sha256=CXA-SkMPLaCgnTQg9nzII-7tO8Il_ENQmuYvDxo33rI,4698
|
251
254
|
dissect/target/plugins/os/unix/log/utmp.py,sha256=21tvzG977LqzRShV6uAoU-83WDcLUrI_Tv__2ZVi9rw,7756
|
252
255
|
dissect/target/plugins/os/windows/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
253
|
-
dissect/target/plugins/os/windows/_os.py,sha256=
|
256
|
+
dissect/target/plugins/os/windows/_os.py,sha256=g5XGtruvyWx4YAhMpGZnAaIFWQqLNQpee_Ot7ROmD8w,12606
|
254
257
|
dissect/target/plugins/os/windows/activitiescache.py,sha256=yY41YdCZk9e97Q8_rjZHknMUeOVDxgBG9VtXQHANUsQ,6710
|
255
258
|
dissect/target/plugins/os/windows/adpolicy.py,sha256=rvsvywChfms7d2kMwXRVHZaf8zJ46WmMwYplGAYEax8,6984
|
256
259
|
dissect/target/plugins/os/windows/amcache.py,sha256=ZZNOs3bILTf0AGkDkhoatndl0j39DXkstN7oOyxJECU,27188
|
257
|
-
dissect/target/plugins/os/windows/catroot.py,sha256=
|
260
|
+
dissect/target/plugins/os/windows/catroot.py,sha256=eSfVqXvWWZpXoxKB1FT_evjXXNmlD7wHhA3lYpfQDeQ,11043
|
258
261
|
dissect/target/plugins/os/windows/cim.py,sha256=jsrpu6TZpBUh7VWI9AV2Ib5bebTwsvqOwRfa5gjJd7c,3056
|
259
262
|
dissect/target/plugins/os/windows/clfs.py,sha256=begVsZ-CY97Ksh6S1g03LjyBgu8ERY2hfNDWYPj0GXI,4872
|
260
263
|
dissect/target/plugins/os/windows/datetime.py,sha256=tuBOkewmbCW8sFXcYp5p82oM5RCsVwmtC79BDCTLz8k,9472
|
@@ -267,7 +270,7 @@ dissect/target/plugins/os/windows/notifications.py,sha256=64xHHueHwtJCc8RTAF70oa
|
|
267
270
|
dissect/target/plugins/os/windows/prefetch.py,sha256=5hRxdIP9sIV5Q9TAScMjLbl_mImZ37abvdE_pAd6rh4,10398
|
268
271
|
dissect/target/plugins/os/windows/recyclebin.py,sha256=4GSj0Q3YvONufnqANbnG0ffiMQyToCiL5s35Wmu4JOQ,4898
|
269
272
|
dissect/target/plugins/os/windows/registry.py,sha256=EfqUkgbzaqTuq1kIPYNG1TfvJxhJE5X-TEjV3K_xsPU,12814
|
270
|
-
dissect/target/plugins/os/windows/sam.py,sha256=
|
273
|
+
dissect/target/plugins/os/windows/sam.py,sha256=ESQjaCIC17mKSU2y4GlLzkzJbsMJECPYlnVES36InQA,15447
|
271
274
|
dissect/target/plugins/os/windows/services.py,sha256=_6YkuoZD8LUxk72R3n1p1bOBab3A1wszdB1NuPavIGM,6037
|
272
275
|
dissect/target/plugins/os/windows/sru.py,sha256=sOM7CyMkW8XIXzI75GL69WoqUrSK2X99TFIfdQR2D64,17767
|
273
276
|
dissect/target/plugins/os/windows/startupinfo.py,sha256=kl8Y7M4nVfmJ71I33VCegtbHj-ZOeEsYAdlNbgwtUOA,3406
|
@@ -278,9 +281,9 @@ dissect/target/plugins/os/windows/ual.py,sha256=TYF-R46klEa_HHb86UJd6mPrXwHlAMOU
|
|
278
281
|
dissect/target/plugins/os/windows/wer.py,sha256=1kwkBvgmEU1QRCLWVmUFNIWAqXEEGtAj2c8uj0iusOE,8625
|
279
282
|
dissect/target/plugins/os/windows/dpapi/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
280
283
|
dissect/target/plugins/os/windows/dpapi/blob.py,sha256=oFhksgx2BAaeAbpPwOM-o0Dw5MKaMLGMF6ETdxIS708,5051
|
281
|
-
dissect/target/plugins/os/windows/dpapi/crypto.py,sha256=
|
282
|
-
dissect/target/plugins/os/windows/dpapi/dpapi.py,sha256=
|
283
|
-
dissect/target/plugins/os/windows/dpapi/master_key.py,sha256=
|
284
|
+
dissect/target/plugins/os/windows/dpapi/crypto.py,sha256=_F1F2j1chQw-KLqfWvgL2mCkF3HSvdVnM78OZ0ph9hc,9337
|
285
|
+
dissect/target/plugins/os/windows/dpapi/dpapi.py,sha256=NrLtx61m8PXsB3CzxUQgc1BKkaAVBOre1oEfGvqgtuw,7130
|
286
|
+
dissect/target/plugins/os/windows/dpapi/master_key.py,sha256=nq6IpNLxE2UwuCTfc5BdKkn17g6AlVL4rpPUfwWf_8I,6127
|
284
287
|
dissect/target/plugins/os/windows/exchange/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
285
288
|
dissect/target/plugins/os/windows/exchange/exchange.py,sha256=ofoapuDQXefIX4sTzwNboyk5RztN2JEyw1OWl5cx-wo,1564
|
286
289
|
dissect/target/plugins/os/windows/log/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
@@ -336,10 +339,10 @@ dissect/target/volumes/luks.py,sha256=OmCMsw6rCUXG1_plnLVLTpsvE1n_6WtoRUGQbpmu1z
|
|
336
339
|
dissect/target/volumes/lvm.py,sha256=wwQVR9I3G9YzmY6UxFsH2Y4MXGBcKL9aayWGCDTiWMU,2269
|
337
340
|
dissect/target/volumes/md.py,sha256=j1K1iKmspl0C_OJFc7-Q1BMWN2OCC5EVANIgVlJ_fIE,1673
|
338
341
|
dissect/target/volumes/vmfs.py,sha256=-LoUbn9WNwTtLi_4K34uV_-wDw2W5hgaqxZNj4UmqAQ,1730
|
339
|
-
dissect.target-3.17.
|
340
|
-
dissect.target-3.17.
|
341
|
-
dissect.target-3.17.
|
342
|
-
dissect.target-3.17.
|
343
|
-
dissect.target-3.17.
|
344
|
-
dissect.target-3.17.
|
345
|
-
dissect.target-3.17.
|
342
|
+
dissect.target-3.17.dev33.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
|
343
|
+
dissect.target-3.17.dev33.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
|
344
|
+
dissect.target-3.17.dev33.dist-info/METADATA,sha256=O6Od8zLhbjTimLupfsgID3ll7FFs13NO3G6boYbvr4w,11300
|
345
|
+
dissect.target-3.17.dev33.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
|
346
|
+
dissect.target-3.17.dev33.dist-info/entry_points.txt,sha256=tvFPa-Ap-gakjaPwRc6Fl6mxHzxEZ_arAVU-IUYeo_s,447
|
347
|
+
dissect.target-3.17.dev33.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
|
348
|
+
dissect.target-3.17.dev33.dist-info/RECORD,,
|
File without changes
|
File without changes
|
File without changes
|
{dissect.target-3.17.dev29.dist-info → dissect.target-3.17.dev33.dist-info}/entry_points.txt
RENAMED
File without changes
|
File without changes
|