dissect.target 3.17.dev36__py3-none-any.whl → 3.18__py3-none-any.whl
Sign up to get free protection for your applications and to get access to all the features.
- dissect/target/exceptions.py +4 -0
- dissect/target/filesystem.py +0 -10
- dissect/target/helpers/cache.py +3 -1
- dissect/target/helpers/hashutil.py +0 -40
- dissect/target/helpers/protobuf.py +6 -10
- dissect/target/helpers/record_modifier.py +4 -1
- dissect/target/helpers/ssh.py +3 -4
- dissect/target/loaders/mqtt.py +147 -2
- dissect/target/loaders/raw.py +7 -0
- dissect/target/plugins/apps/av/mcafee.py +3 -0
- dissect/target/plugins/apps/av/sophos.py +6 -0
- dissect/target/plugins/apps/av/symantec.py +6 -0
- dissect/target/plugins/apps/av/trendmicro.py +8 -3
- dissect/target/plugins/apps/browser/chromium.py +12 -0
- dissect/target/plugins/apps/browser/firefox.py +13 -1
- dissect/target/plugins/apps/browser/iexplore.py +6 -0
- dissect/target/plugins/apps/container/docker.py +1 -1
- dissect/target/plugins/os/unix/etc/__init__.py +0 -0
- dissect/target/plugins/os/unix/etc/etc.py +77 -0
- dissect/target/plugins/os/unix/history.py +1 -1
- dissect/target/plugins/os/unix/linux/cmdline.py +3 -0
- dissect/target/plugins/os/unix/linux/environ.py +3 -0
- dissect/target/plugins/os/unix/linux/processes.py +3 -0
- dissect/target/plugins/os/unix/linux/sockets.py +15 -0
- dissect/target/plugins/os/unix/locate/gnulocate.py +1 -2
- dissect/target/plugins/os/unix/locate/mlocate.py +3 -4
- dissect/target/plugins/os/unix/locate/plocate.py +34 -25
- dissect/target/plugins/os/unix/log/atop.py +6 -4
- dissect/target/plugins/os/unix/log/journal.py +5 -4
- dissect/target/plugins/os/unix/log/lastlog.py +2 -3
- dissect/target/plugins/os/unix/log/utmp.py +6 -7
- dissect/target/plugins/os/windows/_os.py +17 -6
- dissect/target/plugins/os/windows/activitiescache.py +3 -0
- dissect/target/plugins/os/windows/adpolicy.py +3 -4
- dissect/target/plugins/os/windows/catroot.py +6 -0
- dissect/target/plugins/os/windows/credhist.py +1 -2
- dissect/target/plugins/os/windows/datetime.py +3 -4
- dissect/target/plugins/os/windows/defender.py +221 -5
- dissect/target/plugins/os/windows/defender_helpers/__init__.py +0 -0
- dissect/target/plugins/os/windows/defender_helpers/defender_patterns.py +282 -0
- dissect/target/plugins/os/windows/defender_helpers/defender_records.py +191 -0
- dissect/target/plugins/os/windows/dpapi/blob.py +1 -2
- dissect/target/plugins/os/windows/dpapi/master_key.py +2 -3
- dissect/target/plugins/os/windows/lnk.py +3 -0
- dissect/target/plugins/os/windows/log/etl.py +9 -0
- dissect/target/plugins/os/windows/log/evt.py +3 -0
- dissect/target/plugins/os/windows/log/evtx.py +3 -0
- dissect/target/plugins/os/windows/log/pfro.py +3 -0
- dissect/target/plugins/os/windows/log/schedlgu.py +5 -2
- dissect/target/plugins/os/windows/notifications.py +1 -2
- dissect/target/plugins/os/windows/prefetch.py +32 -27
- dissect/target/plugins/os/windows/recyclebin.py +13 -8
- dissect/target/plugins/os/windows/regf/appxdebugkeys.py +3 -0
- dissect/target/plugins/os/windows/regf/auditpol.py +4 -5
- dissect/target/plugins/os/windows/regf/bam.py +5 -3
- dissect/target/plugins/os/windows/regf/cit.py +1 -2
- dissect/target/plugins/os/windows/regf/clsid.py +3 -0
- dissect/target/plugins/os/windows/regf/firewall.py +3 -0
- dissect/target/plugins/os/windows/regf/muicache.py +3 -0
- dissect/target/plugins/os/windows/regf/recentfilecache.py +6 -4
- dissect/target/plugins/os/windows/regf/regf.py +6 -0
- dissect/target/plugins/os/windows/regf/runkeys.py +9 -4
- dissect/target/plugins/os/windows/regf/shellbags.py +9 -7
- dissect/target/plugins/os/windows/regf/shimcache.py +5 -3
- dissect/target/plugins/os/windows/regf/trusteddocs.py +3 -0
- dissect/target/plugins/os/windows/regf/usb.py +3 -0
- dissect/target/plugins/os/windows/regf/userassist.py +8 -6
- dissect/target/plugins/os/windows/sam.py +7 -5
- dissect/target/plugins/os/windows/services.py +3 -0
- dissect/target/plugins/os/windows/task_helpers/tasks_job.py +3 -4
- dissect/target/plugins/os/windows/wer.py +3 -0
- dissect/target/target.py +6 -1
- dissect/target/tools/shell.py +30 -19
- {dissect.target-3.17.dev36.dist-info → dissect.target-3.18.dist-info}/METADATA +50 -25
- {dissect.target-3.17.dev36.dist-info → dissect.target-3.18.dist-info}/RECORD +80 -75
- {dissect.target-3.17.dev36.dist-info → dissect.target-3.18.dist-info}/WHEEL +1 -1
- {dissect.target-3.17.dev36.dist-info → dissect.target-3.18.dist-info}/COPYRIGHT +0 -0
- {dissect.target-3.17.dev36.dist-info → dissect.target-3.18.dist-info}/LICENSE +0 -0
- {dissect.target-3.17.dev36.dist-info → dissect.target-3.18.dist-info}/entry_points.txt +0 -0
- {dissect.target-3.17.dev36.dist-info → dissect.target-3.18.dist-info}/top_level.txt +0 -0
@@ -49,6 +49,9 @@ class RegfPlugin(Plugin):
|
|
49
49
|
Yields RegistryKeyRecords and RegistryValueRecords
|
50
50
|
|
51
51
|
RegistryKeyRecord fields:
|
52
|
+
|
53
|
+
.. code-block:: text
|
54
|
+
|
52
55
|
hostname (string): The target hostname.
|
53
56
|
domain (string): The target domain.
|
54
57
|
ts (datetime): The registry key last modified time.
|
@@ -57,6 +60,9 @@ class RegfPlugin(Plugin):
|
|
57
60
|
source (string): The hive file path.
|
58
61
|
|
59
62
|
RegistryValueRecord fields:
|
63
|
+
|
64
|
+
.. code-block:: text
|
65
|
+
|
60
66
|
hostname (string): The target hostname.
|
61
67
|
domain (string): The target domain.
|
62
68
|
ts (datetime): The registry key last modified time.
|
@@ -1,3 +1,5 @@
|
|
1
|
+
from typing import Iterator
|
2
|
+
|
1
3
|
from dissect.target.exceptions import UnsupportedPluginError
|
2
4
|
from dissect.target.helpers.descriptor_extensions import (
|
3
5
|
RegistryRecordDescriptorExtension,
|
@@ -11,7 +13,7 @@ RunKeyRecord = create_extended_descriptor([RegistryRecordDescriptorExtension, Us
|
|
11
13
|
[
|
12
14
|
("datetime", "ts"),
|
13
15
|
("wstring", "name"),
|
14
|
-
("
|
16
|
+
("command", "command"),
|
15
17
|
("string", "key"),
|
16
18
|
],
|
17
19
|
)
|
@@ -48,7 +50,7 @@ class RunKeysPlugin(Plugin):
|
|
48
50
|
raise UnsupportedPluginError("No registry run key found")
|
49
51
|
|
50
52
|
@export(record=RunKeyRecord)
|
51
|
-
def runkeys(self):
|
53
|
+
def runkeys(self) -> Iterator[RunKeyRecord]:
|
52
54
|
"""Iterate various run key locations. See source for all locations.
|
53
55
|
|
54
56
|
Run keys (Run and RunOnce) are registry keys that make a program run when a user logs on. a Run key runs every
|
@@ -59,11 +61,14 @@ class RunKeysPlugin(Plugin):
|
|
59
61
|
- https://docs.microsoft.com/en-us/windows/win32/setupapi/run-and-runonce-registry-keys
|
60
62
|
|
61
63
|
Yields RunKeyRecords with fields:
|
64
|
+
|
65
|
+
.. code-block:: text
|
66
|
+
|
62
67
|
hostname (string): The target hostname.
|
63
68
|
domain (string): The target domain.
|
64
69
|
ts (datetime): The registry key last modified timestamp.
|
65
70
|
name (string): The run key name.
|
66
|
-
|
71
|
+
command (command): The run key command.
|
67
72
|
key (string): The source key for this run key.
|
68
73
|
"""
|
69
74
|
for key in self.KEYS:
|
@@ -73,7 +78,7 @@ class RunKeysPlugin(Plugin):
|
|
73
78
|
yield RunKeyRecord(
|
74
79
|
ts=r.ts,
|
75
80
|
name=entry.name,
|
76
|
-
|
81
|
+
command=entry.value,
|
77
82
|
key=key,
|
78
83
|
_target=self.target,
|
79
84
|
_key=r,
|
@@ -243,8 +243,7 @@ struct EXTENSION_BLOCK_HEADER {
|
|
243
243
|
uint32 signature;
|
244
244
|
};
|
245
245
|
"""
|
246
|
-
c_bag = cstruct()
|
247
|
-
c_bag.load(bag_def)
|
246
|
+
c_bag = cstruct().load(bag_def)
|
248
247
|
|
249
248
|
DELEGATE_ITEM_IDENTIFIER = b"\x74\x1a\x59\x5e\x96\xdf\xd3\x48\x8d\x67\x17\x33\xbc\xee\x28\xba"
|
250
249
|
|
@@ -908,17 +907,20 @@ class EXTENSION_BLOCK_BEEF0004(EXTENSION_BLOCK): # noqa
|
|
908
907
|
self.file_reference = c_bag.uint64(fh)
|
909
908
|
c_bag.uint64(fh)
|
910
909
|
if version >= 3:
|
911
|
-
|
910
|
+
# Start of strings
|
911
|
+
localized_name_offset = c_bag.uint16(fh)
|
912
912
|
if version >= 9:
|
913
913
|
c_bag.uint32(fh)
|
914
914
|
if version >= 8:
|
915
915
|
c_bag.uint32(fh)
|
916
916
|
if version >= 3:
|
917
917
|
self.long_name = c_bag.wchar[None](fh)
|
918
|
-
|
919
|
-
|
920
|
-
|
921
|
-
|
918
|
+
|
919
|
+
if 3 <= version < 7 and localized_name_offset > 0:
|
920
|
+
self.localized_name = c_bag.char[None](fh)
|
921
|
+
|
922
|
+
if version >= 7 and localized_name_offset > 0:
|
923
|
+
self.localized_name = c_bag.wchar[None](fh)
|
922
924
|
|
923
925
|
|
924
926
|
class EXTENSION_BLOCK_BEEF0005(EXTENSION_BLOCK): # noqa
|
@@ -21,7 +21,7 @@ ShimcacheRecord = TargetRecordDescriptor(
|
|
21
21
|
],
|
22
22
|
)
|
23
23
|
|
24
|
-
|
24
|
+
shim_def = """
|
25
25
|
struct NT61_HEADER {
|
26
26
|
uint32 magic;
|
27
27
|
uint32 num_entries;
|
@@ -99,8 +99,7 @@ struct WIN10_ENTRY_DATA {
|
|
99
99
|
uint64 ts;
|
100
100
|
};
|
101
101
|
"""
|
102
|
-
c_shim = cstruct()
|
103
|
-
c_shim.load(c_shimdef)
|
102
|
+
c_shim = cstruct().load(shim_def)
|
104
103
|
|
105
104
|
MAGIC_NT61 = 0xBADC0FEE
|
106
105
|
MAGIC_NT52 = 0xBADC0FFE
|
@@ -318,6 +317,9 @@ class ShimcachePlugin(Plugin):
|
|
318
317
|
- https://www.andreafortuna.org/2017/10/16/amcache-and-shimcache-in-forensic-analysis/
|
319
318
|
|
320
319
|
Yields ShimcacheRecords with the following fields:
|
320
|
+
|
321
|
+
.. code-block:: text
|
322
|
+
|
321
323
|
hostname (string): The target hostname.
|
322
324
|
domain (string): The target domain.
|
323
325
|
last_modified (datetime): The last modified date.
|
@@ -61,6 +61,9 @@ class TrustedDocumentsPlugin(Plugin):
|
|
61
61
|
|
62
62
|
Yields records based on the values within the TrustRecords registry keys.
|
63
63
|
At least contains the following fields:
|
64
|
+
|
65
|
+
.. code-block:: text
|
66
|
+
|
64
67
|
application (string): Application name of the Office product that produced the TrustRecords registry key.
|
65
68
|
document_path (path): Path to the document for which a TrustRecords entry is created.
|
66
69
|
ts (datetime): The created time of the TrustRecord registry key.
|
@@ -93,6 +93,9 @@ class UsbPlugin(Plugin):
|
|
93
93
|
HKLM\\SYSTEM\\CurrentControlSet\\Enum\\USBSTOR registry key.
|
94
94
|
|
95
95
|
Yields UsbRegistryRecord with fields:
|
96
|
+
|
97
|
+
.. code-block:: text
|
98
|
+
|
96
99
|
hostname (string): The target hostname
|
97
100
|
domain (string): The target domain
|
98
101
|
type (string): Type of USB device
|
@@ -1,6 +1,6 @@
|
|
1
1
|
import codecs
|
2
2
|
|
3
|
-
from dissect import cstruct
|
3
|
+
from dissect.cstruct import cstruct
|
4
4
|
from dissect.util.ts import wintimestamp
|
5
5
|
|
6
6
|
from dissect.target.exceptions import RegistryValueNotFoundError, UnsupportedPluginError
|
@@ -14,13 +14,13 @@ from dissect.target.plugin import Plugin, export
|
|
14
14
|
|
15
15
|
userassist_def = """
|
16
16
|
struct VERSION5_ENTRY {
|
17
|
-
char
|
17
|
+
char padding0[4];
|
18
18
|
uint32 number_of_executions;
|
19
19
|
uint32 application_focus_count;
|
20
20
|
uint32 application_focus_duration;
|
21
|
-
char
|
21
|
+
char padding1[44];
|
22
22
|
uint64 timestamp;
|
23
|
-
char
|
23
|
+
char padding2[4];
|
24
24
|
};
|
25
25
|
|
26
26
|
struct VERSION3_ENTRY {
|
@@ -29,8 +29,7 @@ struct VERSION3_ENTRY {
|
|
29
29
|
uint64 timestamp;
|
30
30
|
};
|
31
31
|
"""
|
32
|
-
c_userassist = cstruct.
|
33
|
-
c_userassist.load(userassist_def)
|
32
|
+
c_userassist = cstruct().load(userassist_def)
|
34
33
|
|
35
34
|
UserAssistRecordDescriptor = create_extended_descriptor(
|
36
35
|
[
|
@@ -72,6 +71,9 @@ class UserAssistPlugin(Plugin):
|
|
72
71
|
- https://www.aldeid.com/wiki/Windows-userassist-keys
|
73
72
|
|
74
73
|
Yields UserAssistRecords with fields:
|
74
|
+
|
75
|
+
.. code-block:: text
|
76
|
+
|
75
77
|
hostname (string): The target hostname.
|
76
78
|
domain (string): The target domain.
|
77
79
|
ts (datetime): The entry timestamp.
|
@@ -9,14 +9,14 @@ try:
|
|
9
9
|
except ImportError:
|
10
10
|
HAS_CRYPTO = False
|
11
11
|
|
12
|
-
from dissect import cstruct
|
12
|
+
from dissect.cstruct import cstruct
|
13
13
|
from dissect.util import ts
|
14
14
|
|
15
15
|
from dissect.target.exceptions import UnsupportedPluginError
|
16
16
|
from dissect.target.helpers.record import TargetRecordDescriptor
|
17
17
|
from dissect.target.plugin import Plugin, export
|
18
18
|
|
19
|
-
|
19
|
+
sam_def = """
|
20
20
|
struct user_F {
|
21
21
|
char unknown1[8];
|
22
22
|
uint64 t_last_login; /* Time of last login */
|
@@ -166,7 +166,7 @@ struct DOMAIN_ACCOUNT_F {
|
|
166
166
|
uint16 min_password_length; /* 0x50 */
|
167
167
|
uint16 password_history_length; /* 0x52 */
|
168
168
|
uint16 lockout_threshold; /* 0x54 */
|
169
|
-
uint16
|
169
|
+
uint16 unknown1_3; /* 0x56 */
|
170
170
|
uint32 server_state; /* 0x58 */
|
171
171
|
uint16 server_role; /* 0x5c */
|
172
172
|
uint16 uas_compability_required; /* 0x5e */
|
@@ -207,8 +207,7 @@ struct SAM_HASH_AES { /* size: >=24 */
|
|
207
207
|
};
|
208
208
|
"""
|
209
209
|
|
210
|
-
c_sam = cstruct.
|
211
|
-
c_sam.load(c_sam_def)
|
210
|
+
c_sam = cstruct().load(sam_def)
|
212
211
|
|
213
212
|
SamRecord = TargetRecordDescriptor(
|
214
213
|
"windows/registry/sam",
|
@@ -356,6 +355,9 @@ class SamPlugin(Plugin):
|
|
356
355
|
- https://en.wikipedia.org/wiki/Security_Account_Manager
|
357
356
|
|
358
357
|
Yields SamRecords with fields:
|
358
|
+
|
359
|
+
.. code-block:: text
|
360
|
+
|
359
361
|
rid (uint32): The RID.
|
360
362
|
fullname (string): Parsed fullname.
|
361
363
|
username (string): Parsed username.
|
@@ -72,6 +72,9 @@ class ServicesPlugin(Plugin):
|
|
72
72
|
- https://artifacts-kb.readthedocs.io/en/latest/sources/windows/ServicesAndDrivers.html
|
73
73
|
|
74
74
|
Yields ServiceRecords with fields:
|
75
|
+
|
76
|
+
.. code-block:: text
|
77
|
+
|
75
78
|
hostname (string): The target hostname.
|
76
79
|
domain (string): The target domain.
|
77
80
|
ts (datatime): The last modified timestamp of the registry key.
|
@@ -2,7 +2,7 @@ import datetime
|
|
2
2
|
import warnings
|
3
3
|
from typing import Iterator, Optional
|
4
4
|
|
5
|
-
from dissect import cstruct
|
5
|
+
from dissect.cstruct import cstruct
|
6
6
|
from flow.record import GroupedRecord
|
7
7
|
|
8
8
|
from dissect.target.exceptions import InvalidTaskError
|
@@ -135,8 +135,7 @@ struct ATJOB_DATA {
|
|
135
135
|
// uint8 job_signature[64 * s_ver * c_ver]; /* - calculated job signature. */
|
136
136
|
};
|
137
137
|
"""
|
138
|
-
|
139
|
-
atjob.load(atjob_def)
|
138
|
+
c_atjob = cstruct().load(atjob_def)
|
140
139
|
|
141
140
|
|
142
141
|
class AtTask:
|
@@ -149,7 +148,7 @@ class AtTask:
|
|
149
148
|
|
150
149
|
def __init__(self, job_file: TargetPath, target: Target):
|
151
150
|
try:
|
152
|
-
self.at_data =
|
151
|
+
self.at_data = c_atjob.ATJOB_DATA(job_file.open())
|
153
152
|
except Exception as e:
|
154
153
|
raise InvalidTaskError(e)
|
155
154
|
|
@@ -155,6 +155,9 @@ class WindowsErrorReportingPlugin(Plugin):
|
|
155
155
|
|
156
156
|
Yields dynamically created records based on the fields in the files. A record at least contains the following
|
157
157
|
fields:
|
158
|
+
|
159
|
+
.. code-block:: text
|
160
|
+
|
158
161
|
ts (datetime): The moment in time when the error event took place.
|
159
162
|
version (string): WER file version.
|
160
163
|
event_type (string): WER file event type.
|
dissect/target/target.py
CHANGED
@@ -14,6 +14,7 @@ from dissect.target.exceptions import (
|
|
14
14
|
PluginError,
|
15
15
|
PluginNotFoundError,
|
16
16
|
TargetError,
|
17
|
+
TargetPathNotFoundError,
|
17
18
|
UnsupportedPluginError,
|
18
19
|
VolumeSystemError,
|
19
20
|
)
|
@@ -284,7 +285,11 @@ class Target:
|
|
284
285
|
try:
|
285
286
|
ldr = loader_cls(sub_entry, parsed_path=parsed_path)
|
286
287
|
except Exception as e:
|
287
|
-
|
288
|
+
message = "Failed to initiate loader: %s"
|
289
|
+
if isinstance(e, TargetPathNotFoundError):
|
290
|
+
message = "%s"
|
291
|
+
|
292
|
+
getlogger(sub_entry).error(message, e)
|
288
293
|
getlogger(sub_entry).debug("", exc_info=e)
|
289
294
|
continue
|
290
295
|
|
dissect/target/tools/shell.py
CHANGED
@@ -113,6 +113,7 @@ class TargetCmd(cmd.Cmd):
|
|
113
113
|
def __init__(self, target: Target):
|
114
114
|
cmd.Cmd.__init__(self)
|
115
115
|
self.target = target
|
116
|
+
self.debug = False
|
116
117
|
|
117
118
|
def __getattr__(self, attr: str) -> Any:
|
118
119
|
if attr.startswith("help_"):
|
@@ -179,25 +180,22 @@ class TargetCmd(cmd.Cmd):
|
|
179
180
|
lexer.whitespace_split = True
|
180
181
|
argparts = list(lexer)
|
181
182
|
|
182
|
-
|
183
|
-
|
184
|
-
|
185
|
-
|
186
|
-
|
187
|
-
|
188
|
-
|
189
|
-
|
190
|
-
|
191
|
-
|
192
|
-
|
193
|
-
|
194
|
-
|
195
|
-
ctx = cyber.cyber(color=None, run_at_end=True)
|
183
|
+
if "|" in argparts:
|
184
|
+
pipeidx = argparts.index("|")
|
185
|
+
argparts, pipeparts = argparts[:pipeidx], argparts[pipeidx + 1 :]
|
186
|
+
try:
|
187
|
+
with build_pipe_stdout(pipeparts) as pipe_stdin:
|
188
|
+
return func(argparts, pipe_stdin)
|
189
|
+
except OSError as e:
|
190
|
+
# in case of a failure in a subprocess
|
191
|
+
print(e)
|
192
|
+
else:
|
193
|
+
ctx = contextlib.nullcontext()
|
194
|
+
if self.target.props.get("cyber") and not no_cyber:
|
195
|
+
ctx = cyber.cyber(color=None, run_at_end=True)
|
196
196
|
|
197
|
-
|
198
|
-
|
199
|
-
except IOError:
|
200
|
-
pass
|
197
|
+
with ctx:
|
198
|
+
return func(argparts, sys.stdout)
|
201
199
|
|
202
200
|
def _exec_command(self, command: str, command_args_str: str) -> Optional[bool]:
|
203
201
|
"""Command execution helper for ``cmd_`` commands."""
|
@@ -279,6 +277,14 @@ class TargetCmd(cmd.Cmd):
|
|
279
277
|
"""exit shell"""
|
280
278
|
return True
|
281
279
|
|
280
|
+
def do_debug(self, line: str) -> Optional[bool]:
|
281
|
+
"""toggle debug mode"""
|
282
|
+
self.debug = not self.debug
|
283
|
+
if self.debug:
|
284
|
+
print("Debug mode on")
|
285
|
+
else:
|
286
|
+
print("Debug mode off")
|
287
|
+
|
282
288
|
|
283
289
|
class TargetHubCli(cmd.Cmd):
|
284
290
|
"""Hub Cli for interacting with multiple targets."""
|
@@ -1241,7 +1247,12 @@ def run_cli(cli: cmd.Cmd) -> None:
|
|
1241
1247
|
print()
|
1242
1248
|
pass
|
1243
1249
|
except Exception as e:
|
1244
|
-
|
1250
|
+
if cli.debug:
|
1251
|
+
log.exception(e)
|
1252
|
+
else:
|
1253
|
+
log.info(e)
|
1254
|
+
print(f"*** Unhandled error: {e}")
|
1255
|
+
print("If you wish to see the full debug trace, enable debug mode.")
|
1245
1256
|
pass
|
1246
1257
|
|
1247
1258
|
|
@@ -1,6 +1,6 @@
|
|
1
1
|
Metadata-Version: 2.1
|
2
2
|
Name: dissect.target
|
3
|
-
Version: 3.
|
3
|
+
Version: 3.18
|
4
4
|
Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
|
5
5
|
Author-email: Dissect Team <dissect@fox-it.com>
|
6
6
|
License: Affero General Public License v3
|
@@ -23,36 +23,61 @@ Description-Content-Type: text/markdown
|
|
23
23
|
License-File: LICENSE
|
24
24
|
License-File: COPYRIGHT
|
25
25
|
Requires-Dist: defusedxml
|
26
|
-
Requires-Dist: dissect.cstruct <4
|
27
|
-
Requires-Dist: dissect.eventlog <4
|
28
|
-
Requires-Dist: dissect.evidence <4
|
29
|
-
Requires-Dist: dissect.hypervisor <4
|
30
|
-
Requires-Dist: dissect.ntfs <4
|
31
|
-
Requires-Dist: dissect.regf <4
|
32
|
-
Requires-Dist: dissect.util <4
|
33
|
-
Requires-Dist: dissect.volume <4
|
34
|
-
Requires-Dist: flow.record ~=3.
|
26
|
+
Requires-Dist: dissect.cstruct <5,>=4
|
27
|
+
Requires-Dist: dissect.eventlog <4,>=3
|
28
|
+
Requires-Dist: dissect.evidence <4,>=3
|
29
|
+
Requires-Dist: dissect.hypervisor <4,>=3
|
30
|
+
Requires-Dist: dissect.ntfs <4,>=3.4
|
31
|
+
Requires-Dist: dissect.regf <4,>=3.3
|
32
|
+
Requires-Dist: dissect.util <4,>=3
|
33
|
+
Requires-Dist: dissect.volume <4,>=2
|
34
|
+
Requires-Dist: flow.record ~=3.15.0
|
35
35
|
Requires-Dist: structlog
|
36
36
|
Provides-Extra: cb
|
37
37
|
Requires-Dist: dissect.target[full] ; extra == 'cb'
|
38
38
|
Requires-Dist: carbon-black-cloud-sdk ~=1.4.3 ; extra == 'cb'
|
39
|
+
Provides-Extra: dev
|
40
|
+
Requires-Dist: dissect.target[full,mqtt,yara] ; extra == 'dev'
|
41
|
+
Requires-Dist: dissect.btrfs[dev] <2.0.dev,>=1.0.dev ; extra == 'dev'
|
42
|
+
Requires-Dist: dissect.cim[dev] <4.0.dev,>=3.0.dev ; extra == 'dev'
|
43
|
+
Requires-Dist: dissect.clfs[dev] <2.0.dev,>=1.0.dev ; extra == 'dev'
|
44
|
+
Requires-Dist: dissect.cstruct <5.0.dev,>=4.0.dev ; extra == 'dev'
|
45
|
+
Requires-Dist: dissect.esedb[dev] <4.0.dev,>=3.0.dev ; extra == 'dev'
|
46
|
+
Requires-Dist: dissect.etl[dev] <4.0.dev,>=3.0.dev ; extra == 'dev'
|
47
|
+
Requires-Dist: dissect.eventlog[dev] <4.0.dev,>=3.0.dev ; extra == 'dev'
|
48
|
+
Requires-Dist: dissect.evidence[dev] <4.0.dev,>=3.0.dev ; extra == 'dev'
|
49
|
+
Requires-Dist: dissect.extfs[dev] <4.0.dev,>=3.0.dev ; extra == 'dev'
|
50
|
+
Requires-Dist: dissect.fat[dev] <4.0.dev,>=3.0.dev ; extra == 'dev'
|
51
|
+
Requires-Dist: dissect.ffs[dev] <4.0.dev,>=3.0.dev ; extra == 'dev'
|
52
|
+
Requires-Dist: dissect.hypervisor[dev] <4.0.dev,>=3.0.dev ; extra == 'dev'
|
53
|
+
Requires-Dist: dissect.jffs[dev] <2.0.dev,>=1.0.dev ; extra == 'dev'
|
54
|
+
Requires-Dist: dissect.ntfs[dev] <4.0.dev,>=3.4.dev ; extra == 'dev'
|
55
|
+
Requires-Dist: dissect.regf[dev] <4.0.dev,>=3.3.dev ; extra == 'dev'
|
56
|
+
Requires-Dist: dissect.shellitem[dev] <4.0.dev,>=3.0.dev ; extra == 'dev'
|
57
|
+
Requires-Dist: dissect.sql[dev] <4.0.dev,>=3.0.dev ; extra == 'dev'
|
58
|
+
Requires-Dist: dissect.squashfs[dev] <2.0.dev,>=1.0.dev ; extra == 'dev'
|
59
|
+
Requires-Dist: dissect.thumbcache[dev] <2.0.dev,>=1.0.dev ; extra == 'dev'
|
60
|
+
Requires-Dist: dissect.util <4.0.dev,>=3.0.dev ; extra == 'dev'
|
61
|
+
Requires-Dist: dissect.vmfs[dev] <4.0.dev,>=3.0.dev ; extra == 'dev'
|
62
|
+
Requires-Dist: dissect.volume[dev] <4.0.dev,>=3.0.dev ; extra == 'dev'
|
63
|
+
Requires-Dist: dissect.xfs[dev] <4.0.dev,>=3.0.dev ; extra == 'dev'
|
39
64
|
Provides-Extra: full
|
40
65
|
Requires-Dist: asn1crypto ; extra == 'full'
|
41
|
-
Requires-Dist: dissect.btrfs <2
|
42
|
-
Requires-Dist: dissect.cim <4
|
43
|
-
Requires-Dist: dissect.clfs <2
|
44
|
-
Requires-Dist: dissect.esedb <4
|
45
|
-
Requires-Dist: dissect.etl <4
|
46
|
-
Requires-Dist: dissect.extfs <4
|
47
|
-
Requires-Dist: dissect.fat <4
|
48
|
-
Requires-Dist: dissect.ffs <4
|
49
|
-
Requires-Dist: dissect.jffs <2
|
50
|
-
Requires-Dist: dissect.shellitem <4
|
51
|
-
Requires-Dist: dissect.squashfs <2
|
52
|
-
Requires-Dist: dissect.sql <4
|
53
|
-
Requires-Dist: dissect.thumbcache <2
|
54
|
-
Requires-Dist: dissect.vmfs <4
|
55
|
-
Requires-Dist: dissect.xfs <4
|
66
|
+
Requires-Dist: dissect.btrfs <2,>=1 ; extra == 'full'
|
67
|
+
Requires-Dist: dissect.cim <4,>=3 ; extra == 'full'
|
68
|
+
Requires-Dist: dissect.clfs <2,>=1 ; extra == 'full'
|
69
|
+
Requires-Dist: dissect.esedb <4,>=3 ; extra == 'full'
|
70
|
+
Requires-Dist: dissect.etl <4,>=3 ; extra == 'full'
|
71
|
+
Requires-Dist: dissect.extfs <4,>=3 ; extra == 'full'
|
72
|
+
Requires-Dist: dissect.fat <4,>=3 ; extra == 'full'
|
73
|
+
Requires-Dist: dissect.ffs <4,>=3 ; extra == 'full'
|
74
|
+
Requires-Dist: dissect.jffs <2,>=1 ; extra == 'full'
|
75
|
+
Requires-Dist: dissect.shellitem <4,>=3 ; extra == 'full'
|
76
|
+
Requires-Dist: dissect.squashfs <2,>=1 ; extra == 'full'
|
77
|
+
Requires-Dist: dissect.sql <4,>=3 ; extra == 'full'
|
78
|
+
Requires-Dist: dissect.thumbcache <2,>=1 ; extra == 'full'
|
79
|
+
Requires-Dist: dissect.vmfs <4,>=3 ; extra == 'full'
|
80
|
+
Requires-Dist: dissect.xfs <4,>=3 ; extra == 'full'
|
56
81
|
Requires-Dist: ipython ; extra == 'full'
|
57
82
|
Requires-Dist: fusepy ; extra == 'full'
|
58
83
|
Requires-Dist: pycryptodome ; extra == 'full'
|