dissect.target 3.18.dev16__py3-none-any.whl → 3.19__py3-none-any.whl

dissect/target/tools/shell.py

@@ -1,45 +1,54 @@
+from __future__ import annotations
+
 import argparse
 import cmd
 import contextlib
-import datetime
 import fnmatch
 import io
 import itertools
 import logging
 import os
 import pathlib
+import platform
 import pydoc
 import random
 import re
 import shlex
 import shutil
-import stat
 import subprocess
 import sys
-import traceback
 from contextlib import contextmanager
-from typing import Any, BinaryIO, Callable, Iterator, Optional, TextIO, Union
+from datetime import datetime, timedelta, timezone
+from typing import Any, BinaryIO, Callable, Iterator, TextIO
 
 from dissect.cstruct import hexdump
 from flow.record import RecordOutput
 
 from dissect.target.exceptions import (
-    FileNotFoundError,
     PluginError,
     RegistryError,
     RegistryKeyNotFoundError,
     RegistryValueNotFoundError,
     TargetError,
 )
-from dissect.target.filesystem import FilesystemEntry, LayerFilesystemEntry
+from dissect.target.filesystem import FilesystemEntry
 from dissect.target.helpers import cyber, fsutil, regutil
-from dissect.target.plugin import arg
+from dissect.target.plugin import PluginFunction, alias, arg, clone_alias
 from dissect.target.target import Target
+from dissect.target.tools.fsutils import (
+    fmt_ls_colors,
+    ls_scandir,
+    print_ls,
+    print_stat,
+    print_xattr,
+)
 from dissect.target.tools.info import print_target_info
 from dissect.target.tools.utils import (
     args_to_uri,
     catch_sigpipe,
     configure_generic_arguments,
+    execute_function_on_target,
+    find_and_filter_plugins,
     generate_argparse_for_bound_method,
     process_generic_arguments,
 )
@@ -51,46 +60,23 @@ logging.raiseExceptions = False
 try:
     import readline
 
-    # remove `-` as an autocomplete delimeter on Linux
+    # remove `-`, `$` and `{` as an autocomplete delimeter on Linux
     # https://stackoverflow.com/questions/27288340/python-cmd-on-linux-does-not-autocomplete-special-characters-or-symbols
-    readline.set_completer_delims(readline.get_completer_delims().replace("-", "").replace("$", ""))
+    readline.set_completer_delims(readline.get_completer_delims().replace("-", "").replace("$", "").replace("{", ""))
+
+    # Fix autocomplete on macOS
+    # https://stackoverflow.com/a/7116997
+    if "libedit" in readline.__doc__:
+        readline.parse_and_bind("bind ^I rl_complete")
+    else:
+        readline.parse_and_bind("tab: complete")
 except ImportError:
     # Readline is not available on Windows
     log.warning("Readline module is not available")
+    readline = None
 
-# ['mode', 'addr', 'dev', 'nlink', 'uid', 'gid', 'size', 'atime', 'mtime', 'ctime']
-STAT_TEMPLATE = """  File: {path} {symlink}
-  Size: {size}          {filetype}
- Inode: {inode}   Links: {nlink}
-Access: ({modeord}/{modestr})  Uid: ( {uid} )   Gid: ( {gid} )
-Access: {atime}
-Modify: {mtime}
-Change: {ctime}"""
-
-FALLBACK_LS_COLORS = "rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=00:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32"  # noqa: E501
-
-
-def prepare_ls_colors() -> dict[str, str]:
-    """Parse the LS_COLORS environment variable so we can use it later."""
-    d = {}
-    ls_colors = os.environ.get("LS_COLORS", FALLBACK_LS_COLORS)
-    for line in ls_colors.split(":"):
-        if not line:
-            continue
-
-        ft, _, value = line.partition("=")
-        if ft.startswith("*"):
-            ft = ft[1:]
 
-        d[ft] = f"\x1b[{value}m{{}}\x1b[0m"
-
-    return d
-
-
-LS_COLORS = prepare_ls_colors()
-
-
-class TargetCmd(cmd.Cmd):
+class ExtendedCmd(cmd.Cmd):
     """Subclassed cmd.Cmd to provide some additional features.
 
     Add new simple commands by implementing:
@@ -110,17 +96,25 @@ class TargetCmd(cmd.Cmd):
 
     CMD_PREFIX = "cmd_"
 
-    def __init__(self, target: Target):
+    def __init__(self, cyber: bool = False):
         cmd.Cmd.__init__(self)
-        self.target = target
         self.debug = False
+        self.cyber = cyber
+        self.identchars += "."
+
+        self.register_aliases()
 
     def __getattr__(self, attr: str) -> Any:
         if attr.startswith("help_"):
             _, _, command = attr.partition("_")
+
+            def print_help(command: str, func: Callable) -> None:
+                parser = generate_argparse_for_bound_method(func, usage_tmpl=f"{command} {{usage}}")
+                parser.print_help()
+
             try:
                 func = getattr(self, self.CMD_PREFIX + command)
-                return lambda: print(func.__doc__)
+                return lambda: print_help(command, func)
             except AttributeError:
                 pass
 
@@ -130,6 +124,16 @@ class TargetCmd(cmd.Cmd):
     def check_compatible(target: Target) -> bool:
         return True
 
+    def register_aliases(self) -> None:
+        for name in self.get_names():
+            if name.startswith(self.CMD_PREFIX):
+                func = getattr(self.__class__, name)
+                for alias_name in getattr(func, "__aliases__", []):
+                    if not alias_name.startswith(self.CMD_PREFIX):
+                        alias_name = self.CMD_PREFIX + alias_name
+
+                    clone_alias(self.__class__, func, alias_name)
+
     def get_names(self) -> list[str]:
         names = cmd.Cmd.get_names(self)
 
@@ -141,44 +145,49 @@ class TargetCmd(cmd.Cmd):
 
         return names
 
-    def default(self, line: str) -> Optional[bool]:
+    def _handle_command(self, line: str) -> bool | None:
+        """Check whether custom handling of the cmd can be performed and if so, do it.
+
+        If a custom handling of the cmd was performed, return the result (a boolean indicating whether the shell should
+        exit). If not, return None. Can be overridden by subclasses to perform further / other 'custom command' checks.
+        """
         if line == "EOF":
             return True
 
-        # Override default command execution to first attempt complex
-        # command execution, and then target plugin command execution
+        # Override default command execution to first attempt complex command execution
         command, command_args_str, line = self.parseline(line)
 
-        try:
+        if hasattr(self, self.CMD_PREFIX + command):
             return self._exec_command(command, command_args_str)
-        except AttributeError:
-            pass
 
-        if self.target.has_function(command):
-            return self._exec_target(command, command_args_str)
+        # Return None if no custom command was found to be run
+        return None
 
-        return cmd.Cmd.default(self, line)
+    def default(self, line: str) -> bool:
+        if (should_exit := self._handle_command(line)) is not None:
+            return should_exit
+
+        # Fallback to default
+        cmd.Cmd.default(self, line)
+        return False
 
     def emptyline(self) -> None:
         """This function forces Python's cmd.Cmd module to behave like a regular shell.
 
         When entering an empty command, the cmd module will by default repeat the previous command.
         By defining an empty ``emptyline`` function we make sure no command is executed instead.
-        See https://stackoverflow.com/a/16479030
+        Resources:
+            - https://stackoverflow.com/a/16479030
+            - https://github.com/python/cpython/blob/3.12/Lib/cmd.py#L10
         """
         pass
 
-    def _exec(
-        self, func: Callable[[list[str], TextIO], bool], command_args_str: str, no_cyber: bool = False
-    ) -> Optional[bool]:
+    def _exec(self, func: Callable[[list[str], TextIO], bool], command_args_str: str, no_cyber: bool = False) -> bool:
         """Command execution helper that chains initial command and piped subprocesses (if any) together."""
 
         argparts = []
         if command_args_str is not None:
-            lexer = shlex.shlex(command_args_str, posix=True, punctuation_chars=True)
-            lexer.wordchars += "$"
-            lexer.whitespace_split = True
-            argparts = list(lexer)
+            argparts = arg_str_to_arg_list(command_args_str)
 
         if "|" in argparts:
             pipeidx = argparts.index("|")
@@ -189,15 +198,16 @@ class TargetCmd(cmd.Cmd):
             except OSError as e:
                 # in case of a failure in a subprocess
                 print(e)
+                return False
         else:
             ctx = contextlib.nullcontext()
-            if self.target.props.get("cyber") and not no_cyber:
+            if self.cyber and not no_cyber:
                 ctx = cyber.cyber(color=None, run_at_end=True)
 
             with ctx:
                 return func(argparts, sys.stdout)
 
-    def _exec_command(self, command: str, command_args_str: str) -> Optional[bool]:
+    def _exec_command(self, command: str, command_args_str: str) -> bool:
         """Command execution helper for ``cmd_`` commands."""
         cmdfunc = getattr(self, self.CMD_PREFIX + command)
         argparser = generate_argparse_for_bound_method(cmdfunc, usage_tmpl=f"{command} {{usage}}")
@@ -206,31 +216,123 @@ class TargetCmd(cmd.Cmd):
             try:
                 args = argparser.parse_args(argparts)
             except SystemExit:
-                return
+                return False
             return cmdfunc(args, stdout)
 
         # These commands enter a subshell, which doesn't work well with cyber
         no_cyber = cmdfunc.__func__ in (TargetCli.cmd_registry, TargetCli.cmd_enter)
         return self._exec(_exec_, command_args_str, no_cyber)
 
-    def _exec_target(self, func: str, command_args_str: str) -> Optional[bool]:
+    def do_man(self, line: str) -> bool:
+        """alias for help"""
+        return self.do_help(line)
+
+    def complete_man(self, *args) -> list[str]:
+        return cmd.Cmd.complete_help(self, *args)
+
+    def do_clear(self, line: str) -> bool:
+        """clear the terminal screen"""
+        os.system("cls||clear")
+        return False
+
+    def do_cls(self, line: str) -> bool:
+        """alias for clear"""
+        return self.do_clear(line)
+
+    def do_exit(self, line: str) -> bool:
+        """exit shell"""
+        return True
+
+    def do_cyber(self, line: str) -> bool:
+        """cyber"""
+        self.cyber = not self.cyber
+        word, color = {False: ("D I S E N", cyber.Color.RED), True: ("E N", cyber.Color.YELLOW)}[self.cyber]
+        with cyber.cyber(color=color):
+            print(f"C Y B E R - M O D E - {word} G A G E D")
+        return False
+
+    def do_debug(self, line: str) -> bool:
+        """toggle debug mode"""
+        self.debug = not self.debug
+        if self.debug:
+            print("Debug mode on")
+        else:
+            print("Debug mode off")
+        return False
+
+
+class TargetCmd(ExtendedCmd):
+    DEFAULT_HISTFILE = "~/.dissect_history"
+    DEFAULT_HISTFILESIZE = 10_000
+    DEFAULT_HISTDIR = None
+    DEFAULT_HISTDIRFMT = ".dissect_history_{uid}_{target}"
+
+    def __init__(self, target: Target):
+        self.target = target
+
+        # history file
+        self.histfilesize = getattr(target._config, "HISTFILESIZE", self.DEFAULT_HISTFILESIZE)
+        self.histdir = getattr(target._config, "HISTDIR", self.DEFAULT_HISTDIR)
+
+        if self.histdir:
+            self.histdirfmt = getattr(target._config, "HISTDIRFMT", self.DEFAULT_HISTDIRFMT)
+            self.histfile = pathlib.Path(self.histdir).resolve() / pathlib.Path(
+                self.histdirfmt.format(uid=os.getuid(), target=target.name)
+            )
+        else:
+            self.histfile = pathlib.Path(getattr(target._config, "HISTFILE", self.DEFAULT_HISTFILE)).expanduser()
+
+        # prompt format
+        if ps1 := getattr(target._config, "PS1", None):
+            if "{cwd}" in ps1 and "{base}" in ps1:
+                self.prompt_ps1 = ps1
+
+        elif getattr(target._config, "NO_COLOR", None) or os.getenv("NO_COLOR"):
+            self.prompt_ps1 = "{base}:{cwd}$ "
+
+        else:
+            self.prompt_ps1 = "\x1b[1;32m{base}\x1b[0m:\x1b[1;34m{cwd}\x1b[0m$ "
+
+        super().__init__(self.target.props.get("cyber"))
+
+    def preloop(self) -> None:
+        if readline and self.histfile.exists():
+            try:
+                readline.read_history_file(self.histfile)
+            except Exception as e:
+                log.debug("Error reading history file: %s", e)
+
+    def postloop(self) -> None:
+        if readline:
+            readline.set_history_length(self.histfilesize)
+            try:
+                readline.write_history_file(self.histfile)
+            except Exception as e:
+                log.debug("Error writing history file: %s", e)
+
+    def _handle_command(self, line: str) -> bool | None:
+        if (should_exit := super()._handle_command(line)) is not None:
+            return should_exit
+
+        # The parent class has already attempted complex command execution, we now attempt target plugin command
+        # execution
+        command, command_args_str, line = self.parseline(line)
+
+        if plugins := list(find_and_filter_plugins(self.target, command, [])):
+            return self._exec_target(plugins, command_args_str)
+
+        # We didn't execute a function on the target
+        return None
+
+    def _exec_target(self, funcs: list[PluginFunction], command_args_str: str) -> bool:
         """Command exection helper for target plugins."""
-        attr = self.target
-        for part in func.split("."):
-            attr = getattr(attr, part)
 
-        def _exec_(argparts: list[str], stdout: TextIO) -> Optional[bool]:
-            if callable(attr):
-                argparser = generate_argparse_for_bound_method(attr)
-                try:
-                    args = argparser.parse_args(argparts)
-                except SystemExit:
-                    return False
-                value = attr(**vars(args))
-            else:
-                value = attr
+        def _exec_(argparts: list[str], stdout: TextIO) -> None:
+            try:
+                output, value, _ = execute_function_on_target(self.target, func, argparts)
+            except SystemExit:
+                return
 
-            output = getattr(attr, "__output__", "default")
             if output == "record":
                 # if the command results are piped to another process,
                 # the process will receive Record objects
@@ -251,39 +353,21 @@ class TargetCmd(cmd.Cmd):
             else:
                 print(value, file=stdout)
 
-        try:
-            return self._exec(_exec_, command_args_str)
-        except PluginError:
-            traceback.print_exc()
+        for func in funcs:
+            try:
+                self._exec(_exec_, command_args_str)
+            except PluginError as err:
+                if self.debug:
+                    raise err
+                self.target.log.error(err)
 
-    def do_python(self, line: str) -> Optional[bool]:
+        # Keep the shell open
+        return False
+
+    def do_python(self, line: str) -> bool:
         """drop into a Python shell"""
         python_shell([self.target])
-
-    def do_clear(self, line: str) -> Optional[bool]:
-        """clear the terminal screen"""
-        os.system("cls||clear")
-
-    def do_cyber(self, line: str) -> Optional[bool]:
-        """cyber"""
-        self.target.props["cyber"] = not bool(self.target.props.get("cyber"))
-        word, color = {False: ("D I S E N", cyber.Color.RED), True: ("E N", cyber.Color.YELLOW)}[
-            self.target.props["cyber"]
-        ]
-        with cyber.cyber(color=color):
-            print(f"C Y B E R - M O D E - {word} G A G E D")
-
-    def do_exit(self, line: str) -> Optional[bool]:
-        """exit shell"""
-        return True
-
-    def do_debug(self, line: str) -> Optional[bool]:
-        """toggle debug mode"""
-        self.debug = not self.debug
-        if self.debug:
-            print("Debug mode on")
-        else:
-            print("Debug mode off")
+        return False
 
 
 class TargetHubCli(cmd.Cmd):
@@ -306,24 +390,26 @@ class TargetHubCli(cmd.Cmd):
 
         self._clicache = {}
 
-    def default(self, line: str) -> Optional[bool]:
+    def default(self, line: str) -> bool:
         if line == "EOF":
             return True
 
-        return cmd.Cmd.default(self, line)
+        cmd.Cmd.default(self, line)
+        return False
 
     def emptyline(self) -> None:
         pass
 
-    def do_exit(self, line: str) -> Optional[bool]:
+    def do_exit(self, line: str) -> bool:
         """exit shell"""
         return True
 
-    def do_list(self, line: str) -> Optional[bool]:
+    def do_list(self, line: str) -> bool:
         """list the loaded targets"""
         print("\n".join([f"{i:2d}: {e}" for i, e in enumerate(self._names)]))
+        return False
 
-    def do_enter(self, line: str) -> Optional[bool]:
+    def do_enter(self, line: str) -> bool:
         """enter a target by number or name"""
 
         if line.isdigit():
@@ -333,24 +419,25 @@ class TargetHubCli(cmd.Cmd):
                 idx = self._names_lower.index(line.lower())
             except ValueError:
                 print("Unknown name")
-                return
+                return False
 
         if idx >= len(self.targets):
             print("Unknown target")
-            return
+            return False
 
         try:
             cli = self._clicache[idx]
         except KeyError:
             target = self.targets[idx]
             if not self._targetcli.check_compatible(target):
-                return
+                return False
 
             cli = self._targetcli(self.targets[idx])
             self._clicache[idx] = cli
 
         print(f"Entering {idx}: {self._names[idx]}")
         run_cli(cli)
+        return False
 
     def complete_enter(self, text: str, line: str, begidx: int, endidx: int) -> list[str]:
         if not text:
@@ -364,32 +451,41 @@ class TargetHubCli(cmd.Cmd):
 
         return compl
 
-    def do_python(self, line: str) -> Optional[bool]:
+    def do_python(self, line: str) -> bool:
         """drop into a Python shell"""
         python_shell(self.targets)
+        return False
 
 
 class TargetCli(TargetCmd):
     """CLI for interacting with a target and browsing the filesystem."""
 
     def __init__(self, target: Target):
+        self.prompt_base = _target_name(target)
+
         TargetCmd.__init__(self, target)
-        self.prompt_base = target.name
-        self._clicache = {}
 
+        self._clicache = {}
         self.cwd = None
         self.chdir("/")
 
     @property
     def prompt(self) -> str:
-        return f"{self.prompt_base} {self.cwd}> "
+        return self.prompt_ps1.format(base=self.prompt_base, cwd=self.cwd)
 
-    def completedefault(self, text: str, line: str, begidx: int, endidx: int):
-        path = line[:begidx].rsplit(" ")[-1]
+    def completedefault(self, text: str, line: str, begidx: int, endidx: int) -> list[str]:
+        path = self.resolve_path(line[:begidx].rsplit(" ")[-1])
         textlower = text.lower()
 
-        r = [fname for _, fname in self.scandir(path) if fname.lower().startswith(textlower)]
-        return r
+        suggestions = []
+        for fpath, fname in ls_scandir(path):
+            if not fname.lower().startswith(textlower):
+                continue
+
+            # Add a trailing slash to directories, to allow for easier traversal of the filesystem
+            suggestion = f"{fname}/" if fpath.is_dir() else fname
+            suggestions.append(suggestion)
+        return suggestions
 
     def resolve_path(self, path: str) -> fsutil.TargetPath:
         if not path:
@@ -417,7 +513,7 @@ class TargetCli(TargetCmd):
                 # component
                 print(err)
 
-    def check_file(self, path: str) -> Optional[fsutil.TargetPath]:
+    def check_file(self, path: str) -> fsutil.TargetPath | None:
         path = self.resolve_path(path)
         if not path.exists():
             print(f"{path}: No such file")
@@ -433,7 +529,7 @@ class TargetCli(TargetCmd):
 
         return path
 
-    def check_dir(self, path: str) -> Optional[fsutil.TargetPath]:
+    def check_dir(self, path: str) -> fsutil.TargetPath | None:
         path = self.resolve_path(path)
         if not path.exists():
             print(f"{path}: No such directory")
@@ -449,70 +545,51 @@ class TargetCli(TargetCmd):
 
         return path
 
+    def check_path(self, path: str) -> fsutil.TargetPath | None:
+        path = self.resolve_path(path)
+        if not path.exists():
+            print(f"{path}: No such file or directory")
+            return
+
+        return path
+
     def chdir(self, path: str) -> None:
         """Change directory to the given path."""
         if path := self.check_dir(path):
             self.cwd = path
 
-    def scandir(self, path: str, color: bool = False) -> list[tuple[fsutil.TargetPath, str]]:
-        """List a directory for the given path."""
-        path = self.resolve_path(path)
-        result = []
-
-        if path.exists() and path.is_dir():
-            for file_ in path.iterdir():
-                file_type = None
-                if color:
-                    if file_.is_symlink():
-                        file_type = "ln"
-                    elif file_.is_dir():
-                        file_type = "di"
-                    elif file_.is_file():
-                        file_type = "fi"
-
-                result.append((file_, fmt_ls_colors(file_type, file_.name) if color else file_.name))
-
-                # If we happen to scan an NTFS filesystem see if any of the
-                # entries has an alternative data stream and also list them.
-                entry = file_.get()
-                if isinstance(entry, LayerFilesystemEntry):
-                    if entry.entries.fs.__type__ == "ntfs":
-                        attrs = entry.lattr()
-                        for data_stream in attrs.DATA:
-                            if data_stream.name != "":
-                                name = f"{file_.name}:{data_stream.name}"
-                                result.append((file_, fmt_ls_colors(file_type, name) if color else name))
-
-            result.sort(key=lambda e: e[0].name)
-
-        return result
-
-    def do_cd(self, line: str) -> Optional[bool]:
+    def do_cd(self, line: str) -> bool:
         """change directory"""
         self.chdir(line)
+        return False
 
-    def do_pwd(self, line: str) -> Optional[bool]:
+    def do_pwd(self, line: str) -> bool:
         """print current directory"""
         print(self.cwd)
+        return False
 
-    def do_disks(self, line: str) -> Optional[bool]:
+    def do_disks(self, line: str) -> bool:
         """print target disks"""
         for d in self.target.disks:
             print(str(d))
+        return False
 
-    def do_volumes(self, line: str) -> Optional[bool]:
+    def do_volumes(self, line: str) -> bool:
         """print target volumes"""
         for v in self.target.volumes:
             print(str(v))
+        return False
 
-    def do_filesystems(self, line: str) -> Optional[bool]:
+    def do_filesystems(self, line: str) -> bool:
         """print target filesystems"""
         for fs in self.target.filesystems:
             print(str(fs))
+        return False
 
-    def do_info(self, line: str) -> Optional[bool]:
+    def do_info(self, line: str) -> bool:
         """print target information"""
-        return print_target_info(self.target)
+        print_target_info(self.target)
+        return False
 
     @arg("path", nargs="?")
     @arg("-l", action="store_true")
@@ -521,129 +598,137 @@ class TargetCli(TargetCmd):
     @arg("-R", "--recursive", action="store_true", help="recursively list subdirectories encountered")
     @arg("-c", action="store_true", dest="use_ctime", help="show time when file status was last changed")
     @arg("-u", action="store_true", dest="use_atime", help="show time of last access")
-    def cmd_ls(self, args: argparse.Namespace, stdout: TextIO) -> Optional[bool]:
+    @alias("l")
+    @alias("dir")
+    def cmd_ls(self, args: argparse.Namespace, stdout: TextIO) -> bool:
         """list directory contents"""
 
         path = self.resolve_path(args.path)
 
         if args.use_ctime and args.use_atime:
             print("can't specify -c and -u at the same time")
-            return
+            return False
 
-        if not path or not path.exists():
-            return
+        if not path or not self.check_dir(path):
+            return False
 
-        self._print_ls(args, path, 0, stdout)
+        if path.is_file():
+            print(args.path)  # mimic ls behaviour
+            return False
 
-    def _print_ls(self, args: argparse.Namespace, path: fsutil.TargetPath, depth: int, stdout: TextIO) -> None:
-        path = self.resolve_path(path)
-        subdirs = []
+        print_ls(path, 0, stdout, args.l, args.human_readable, args.recursive, args.use_ctime, args.use_atime)
+        return False
 
-        if path.is_dir():
-            contents = self.scandir(path, color=True)
-        elif path.is_file():
-            contents = [(path, path.name)]
-
-        if depth > 0:
-            print(f"\n{str(path)}:", file=stdout)
-
-        if not args.l:
-            for target_path, name in contents:
-                print(name, file=stdout)
-                if target_path.is_dir():
-                    subdirs.append(target_path)
-        else:
-            if len(contents) > 1:
-                print(f"total {len(contents)}", file=stdout)
-            for target_path, name in contents:
-                self.print_extensive_file_stat(args=args, stdout=stdout, target_path=target_path, name=name)
-                if target_path.is_dir():
-                    subdirs.append(target_path)
-
-        if args.recursive and subdirs:
-            for subdir in subdirs:
-                self._print_ls(args, subdir, depth + 1, stdout)
-
-    def print_extensive_file_stat(
-        self, args: argparse.Namespace, stdout: TextIO, target_path: fsutil.TargetPath, name: str
-    ) -> None:
-        """Print the file status."""
-        try:
-            entry = target_path.get()
-            stat = entry.lstat()
-            symlink = f" -> {entry.readlink()}" if entry.is_symlink() else ""
-            show_time = stat.st_mtime
-            if args.use_ctime:
-                show_time = stat.st_ctime
-            elif args.use_atime:
-                show_time = stat.st_atime
-            utc_time = datetime.datetime.utcfromtimestamp(show_time).isoformat()
-
-            print(
-                f"{stat_modestr(stat)} {stat.st_uid:4d} {stat.st_gid:4d} {stat.st_size:6d} {utc_time} {name}{symlink}",
-                file=stdout,
-            )
+    @arg("path", nargs="?")
+    def cmd_ll(self, args: argparse.Namespace, stdout: TextIO) -> bool:
+        """alias for ls -la"""
+        args = extend_args(args, self.cmd_ls)
+        args.l = True  # noqa: E741
+        args.a = True
+        return self.cmd_ls(args, stdout)
 
-        except FileNotFoundError:
-            print(
-                f"??????????    ?    ?      ? ????-??-??T??:??:??.?????? {name}",
-                file=stdout,
-            )
+    @arg("path", nargs="?")
+    def cmd_tree(self, args: argparse.Namespace, stdout: TextIO) -> bool:
+        """alias for ls -R"""
+        args = extend_args(args, self.cmd_ls)
+        args.recursive = True
+        return self.cmd_ls(args, stdout)
 
     @arg("path", nargs="?")
-    @arg("-name", default="*")
-    @arg("-iname")
-    def cmd_find(self, args: argparse.Namespace, stdout: TextIO) -> Optional[bool]:
+    @arg("-name", default="*", help="path to match with")
+    @arg("-iname", help="like -name, but the match is case insensitive")
+    @arg("-atime", type=int, help="file was last accessed n*24 hours ago")
+    @arg("-mtime", type=int, help="file was last modified n*24 hours ago")
+    @arg("-ctime", type=int, help="file (windows) or metadata (unix) was last changed n*24 hours ago")
+    @arg("-btime", type=int, help="file was born n*24 hours ago (ext4)")
+    def cmd_find(self, args: argparse.Namespace, stdout: TextIO) -> bool:
         """search for files in a directory hierarchy"""
         path = self.resolve_path(args.path)
-        if not path:
-            return
+        if not path or not self.check_dir(path):
+            return False
+
+        matches = []
+        now = datetime.now(tz=timezone.utc)
+        do_time_compare = any([args.mtime, args.atime])
 
         if args.iname:
             pattern = re.compile(fnmatch.translate(args.iname), re.IGNORECASE)
             for f in path.rglob("*"):
                 if pattern.match(f.name):
-                    print(f, file=stdout)
-
-        elif args.name:
+                    matches.append(f) if do_time_compare else print(f, file=stdout)
+        else:
             for f in path.rglob(args.name):
+                matches.append(f) if do_time_compare else print(f, file=stdout)
+
+        def compare(now: datetime, then_ts: float, offset: int) -> bool:
+            then = datetime.fromtimestamp(then_ts, tz=timezone.utc)
+            return now - timedelta(hours=offset * 24) > then
+
+        if do_time_compare:
+            for f in matches:
+                s = f.lstat()
+
+                if args.mtime and compare(now, s.st_mtime, offset=args.mtime):
+                    continue
+
+                if args.atime and compare(now, s.st_atime, offset=args.atime):
+                    continue
+
+                if args.ctime and compare(now, s.st_ctime, offset=args.ctime):
+                    continue
+
+                if args.btime and compare(now, s.st_birthtime, offset=args.btime):
+                    continue
+
                 print(f, file=stdout)
 
+        return False
+
     @arg("path")
     @arg("-L", "--dereference", action="store_true")
-    def cmd_stat(self, args: argparse.Namespace, stdout: TextIO) -> Optional[bool]:
+    def cmd_stat(self, args: argparse.Namespace, stdout: TextIO) -> bool:
         """display file status"""
         path = self.resolve_path(args.path)
-        if not path:
-            return
+        if not path or not self.check_path(path):
+            return False
+
+        print_stat(path, stdout, args.dereference)
+        return False
+
+    @arg("path")
+    @arg("-d", "--dump", action="store_true")
+    @arg("-R", "--recursive", action="store_true")
+    @alias("getfattr")
+    def cmd_attr(self, args: argparse.Namespace, stdout: TextIO) -> bool:
+        """display file attributes"""
+        path = self.resolve_path(args.path)
+        if not path or not self.check_path(path):
+            return False
+
+        try:
+            if attr := path.get().attr():
+                print_xattr(path.name, attr, stdout)
+        except Exception:
+            pass
+
+        if args.recursive:
+            for child in path.rglob("*"):
+                try:
+                    if child_attr := child.get().attr():
+                        print_xattr(child, child_attr, stdout)
+                        print()
+                except Exception:
+                    pass
 
-        symlink = f"-> {path.readlink()}" if path.is_symlink() else ""
-
-        s = path.stat() if args.dereference else path.lstat()
-
-        res = STAT_TEMPLATE.format(
-            path=path,
-            symlink=symlink,
-            size=s.st_size,
-            filetype="",
-            inode=s.st_ino,
-            nlink=s.st_nlink,
-            modeord=oct(stat.S_IMODE(s.st_mode)),
-            modestr=stat_modestr(s),
-            uid=s.st_uid,
-            gid=s.st_gid,
-            atime=datetime.datetime.utcfromtimestamp(s.st_atime).isoformat(),
-            mtime=datetime.datetime.utcfromtimestamp(s.st_mtime).isoformat(),
-            ctime=datetime.datetime.utcfromtimestamp(s.st_ctime).isoformat(),
-        )
-        print(res, file=stdout)
+        return False
 
     @arg("path")
-    def cmd_file(self, args: argparse.Namespace, stdout: TextIO) -> Optional[bool]:
+    def cmd_file(self, args: argparse.Namespace, stdout: TextIO) -> bool:
         """determine file type"""
+
         path = self.check_file(args.path)
         if not path:
-            return
+            return False
 
         fh = path.open()
 
@@ -655,11 +740,12 @@ class TargetCli(TargetCmd):
         p.wait()
         filetype = p.stdout.read().decode().split(":", 1)[1].strip()
         print(f"{path}: {filetype}", file=stdout)
+        return False
 
     @arg("path", nargs="+")
     @arg("-o", "--out", default=".")
     @arg("-v", "--verbose", action="store_true")
-    def cmd_save(self, args: argparse.Namespace, stdout: TextIO) -> Optional[bool]:
+    def cmd_save(self, args: argparse.Namespace, stdout: TextIO) -> bool:
         """save a common file or directory to the host filesystem"""
         dst_path = pathlib.Path(args.out).resolve()
 
@@ -688,7 +774,7 @@ class TargetCli(TargetCmd):
             return diverging_path
 
         def save_path(
-            src_path: pathlib.Path, dst_path: pathlib.Path, create_dst_subdir: Optional[pathlib.Path] = None
+            src_path: pathlib.Path, dst_path: pathlib.Path, create_dst_subdir: pathlib.Path | None = None
         ) -> None:
             """Save a common file or directory in src_path to dst_path.
 
@@ -767,8 +853,8 @@ class TargetCli(TargetCmd):
             try:
                 first_src_path = next(src_paths)
             except StopIteration:
-                print(f"{path}: no such file or directory")
-                return
+                print(f"{path}: No such file or directory")
+                return False
 
             try:
                 second_src_path = next(src_paths)
@@ -789,10 +875,18 @@ class TargetCli(TargetCmd):
                         extra_dir = get_diverging_path(src_path, reference_path).parent
                         save_path(src_path, dst_path, create_dst_subdir=extra_dir)
 
+        return False
+
     @arg("path")
-    def cmd_cat(self, args: argparse.Namespace, stdout: TextIO) -> Optional[bool]:
+    @alias("type")
+    def cmd_cat(self, args: argparse.Namespace, stdout: TextIO) -> bool:
         """print file content"""
-        paths = self.resolve_glob_path(args.path)
+        paths = list(self.resolve_glob_path(args.path))
+
+        if not paths:
+            print(f"{args.path}: No such file or directory")
+            return False
+
         stdout = stdout.buffer
         for path in paths:
             path = self.check_file(path)
@@ -803,11 +897,17 @@ class TargetCli(TargetCmd):
             shutil.copyfileobj(fh, stdout)
             stdout.flush()
         print("")
+        return False
 
     @arg("path")
-    def cmd_zcat(self, args: argparse.Namespace, stdout: TextIO) -> Optional[bool]:
+    def cmd_zcat(self, args: argparse.Namespace, stdout: TextIO) -> bool:
         """print file content from compressed files"""
-        paths = self.resolve_glob_path(args.path)
+        paths = list(self.resolve_glob_path(args.path))
+
+        if not paths:
+            print(f"{args.path}: No such file or directory")
+            return False
+
         stdout = stdout.buffer
         for path in paths:
             path = self.check_file(path)
@@ -818,45 +918,70 @@ class TargetCli(TargetCmd):
             shutil.copyfileobj(fh, stdout)
             stdout.flush()
 
+        return False
+
     @arg("path")
-    def cmd_hexdump(self, args: argparse.Namespace, stdout: TextIO) -> Optional[bool]:
-        """print a hexdump of the first X bytes"""
+    @arg("-n", "--length", type=int, default=16 * 20, help="amount of bytes to read")
+    @arg("-s", "--skip", type=int, default=0, help="skip offset bytes from the beginning")
+    @arg("-p", "--hex", action="store_true", default=False, help="output in plain hexdump style")
+    @arg("-C", "--canonical", action="store_true")
+    @alias("xxd")
+    def cmd_hexdump(self, args: argparse.Namespace, stdout: TextIO) -> bool:
+        """print a hexdump of a file"""
         path = self.check_file(args.path)
         if not path:
-            return
+            return False
 
-        print(hexdump(path.open().read(16 * 20), output="string"), file=stdout)
+        fh = path.open("rb")
+        if args.skip > 0:
+            fh.seek(args.skip + 1)
+
+        if args.hex:
+            print(fh.read(args.length).hex(), file=stdout)
+        else:
+            print(hexdump(fh.read(args.length), output="string"), file=stdout)
+
+        return False
 
     @arg("path")
-    def cmd_hash(self, args: argparse.Namespace, stdout: TextIO) -> Optional[bool]:
+    @alias("digest")
+    @alias("shasum")
+    def cmd_hash(self, args: argparse.Namespace, stdout: TextIO) -> bool:
         """print the MD5, SHA1 and SHA256 hashes of a file"""
         path = self.check_file(args.path)
         if not path:
-            return
+            return False
 
         md5, sha1, sha256 = path.get().hash()
         print(f"MD5:\t{md5}\nSHA1:\t{sha1}\nSHA256:\t{sha256}", file=stdout)
+        return False
 
     @arg("path")
-    def cmd_less(self, args: argparse.Namespace, stdout: TextIO) -> Optional[bool]:
+    @alias("head")
+    @alias("more")
+    def cmd_less(self, args: argparse.Namespace, stdout: TextIO) -> bool:
         """open the first 10 MB of a file with less"""
         path = self.check_file(args.path)
         if not path:
-            return
+            return False
 
         pydoc.pager(path.open("rt", errors="ignore").read(10 * 1024 * 1024))
+        return False
 
     @arg("path")
-    def cmd_zless(self, args: argparse.Namespace, stdout: TextIO) -> Optional[bool]:
+    @alias("zhead")
+    @alias("zmore")
+    def cmd_zless(self, args: argparse.Namespace, stdout: TextIO) -> bool:
         """open the first 10 MB of a compressed file with zless"""
         path = self.check_file(args.path)
         if not path:
-            return
+            return False
 
         pydoc.pager(fsutil.open_decompress(path, "rt").read(10 * 1024 * 1024))
+        return False
 
     @arg("path", nargs="+")
-    def cmd_readlink(self, args: argparse.Namespace, stdout: TextIO) -> Optional[bool]:
+    def cmd_readlink(self, args: argparse.Namespace, stdout: TextIO) -> bool:
         """print resolved symbolic links or canonical file names"""
         for path in args.path:
             path = self.resolve_path(path)
@@ -865,12 +990,14 @@ class TargetCli(TargetCmd):
 
             print(path.get().readlink(), file=stdout)
 
+        return False
+
     @arg("path", nargs="?", help="load a hive from the given path")
-    def cmd_registry(self, args: argparse.Namespace, stdout: TextIO) -> Optional[bool]:
+    def cmd_registry(self, args: argparse.Namespace, stdout: TextIO) -> bool:
         """drop into a registry shell"""
         if self.target.os == "linux":
             run_cli(UnixConfigTreeCli(self.target))
-            return
+            return False
 
         hive = None
 
@@ -878,7 +1005,7 @@ class TargetCli(TargetCmd):
         if args.path:
             path = self.check_file(args.path)
             if not path:
-                return
+                return False
 
             hive = regutil.RegfHive(path)
             clikey = f"registry_{path}"
@@ -887,26 +1014,26 @@ class TargetCli(TargetCmd):
             cli = self._clicache[clikey]
         except KeyError:
             if not hive and not RegistryCli.check_compatible(self.target):
-                return
+                return False
 
             cli = RegistryCli(self.target, hive)
             self._clicache[clikey] = cli
 
         run_cli(cli)
-
-        # Print an additional empty newline after exit
         print()
+        return False
 
     @arg("targets", metavar="TARGETS", nargs="*", help="targets to load")
     @arg("-p", "--python", action="store_true", help="(I)Python shell")
     @arg("-r", "--registry", action="store_true", help="registry shell")
-    def cmd_enter(self, args: argparse.Namespace, stdout: TextIO) -> None:
+    def cmd_enter(self, args: argparse.Namespace, stdout: TextIO) -> bool:
         """load one or more files as sub-targets and drop into a sub-shell"""
         paths = [self.resolve_path(path) for path in args.targets]
 
         if args.python:
             # Quick path that doesn't require CLI caching
-            return open_shell(paths, args.python, args.registry)
+            open_shell(paths, args.python, args.registry)
+            return False
 
         clikey = tuple(str(path) for path in paths)
         try:
@@ -915,33 +1042,32 @@ class TargetCli(TargetCmd):
             targets = list(Target.open_all(paths))
             cli = create_cli(targets, RegistryCli if args.registry else TargetCli)
             if not cli:
-                return
+                return False
 
             self._clicache[clikey] = cli
 
         run_cli(cli)
-
-        # Print an additional empty newline after exit
         print()
+        return False
 
 
 class UnixConfigTreeCli(TargetCli):
     def __init__(self, target: Target):
         TargetCmd.__init__(self, target)
         self.config_tree = target.etc()
-        self.prompt_base = target.name
+        self.prompt_base = _target_name(target)
 
         self.cwd = None
         self.chdir("/")
 
     @property
     def prompt(self) -> str:
-        return f"{self.prompt_base}/config_tree {self.cwd}> "
+        return f"(config tree) {self.prompt_base}:{self.cwd}$ "
 
     def check_compatible(target: Target) -> bool:
         return target.has_function("etc")
 
-    def resolve_path(self, path: Optional[Union[str, fsutil.TargetPath]]) -> fsutil.TargetPath:
+    def resolve_path(self, path: str | fsutil.TargetPath | None) -> fsutil.TargetPath:
         if not path:
             return self.cwd
 
@@ -975,12 +1101,12 @@ class UnixConfigTreeCli(TargetCli):
 class RegistryCli(TargetCmd):
     """CLI for browsing the registry."""
 
-    def __init__(self, target: Target, registry: Optional[regutil.RegfHive] = None):
-        TargetCmd.__init__(self, target)
-        self.registry = registry or target.registry
+    def __init__(self, target: Target, registry: regutil.RegfHive | None = None):
+        self.prompt_base = _target_name(target)
 
-        self.prompt_base = target.name
+        TargetCmd.__init__(self, target)
 
+        self.registry = registry or target.registry
         self.cwd = None
         self.chdir("\\")
 
@@ -993,8 +1119,7 @@ class RegistryCli(TargetCmd):
 
     @property
     def prompt(self) -> str:
-        prompt_end = self.cwd.strip("\\")
-        return f"{self.prompt_base}/registry {prompt_end}> "
+        return "(registry) " + self.prompt_ps1.format(base=self.prompt_base, cwd=self.cwd)
 
     def completedefault(self, text: str, line: str, begidx: int, endidx: int) -> list[str]:
         path = line[:begidx].rsplit(" ")[-1]
@@ -1034,9 +1159,7 @@ class RegistryCli(TargetCmd):
         if self.check_key(path):
             self.cwd = "\\" + path.strip("\\")
 
-    def scandir(
-        self, path: str, color: bool = False
-    ) -> list[tuple[Union[regutil.RegistryKey, regutil.RegistryValue], str]]:
+    def scandir(self, path: str, color: bool = False) -> list[tuple[regutil.RegistryKey | regutil.RegistryValue, str]]:
         try:
             key = self.resolve_key(path)
         except RegistryError:
@@ -1052,56 +1175,95 @@ class RegistryCli(TargetCmd):
         r.sort(key=lambda e: e[0].name)
         return r
 
-    def do_cd(self, line: str) -> Optional[bool]:
+    def do_cd(self, line: str) -> bool:
         """change subkey"""
+        if line == "..":
+            try:
+                self.resolve_key(self.cwd + "\\..")
+            except RegistryError:
+                self.do_up(line)
+                return False
+
         self.chdir(line)
+        return False
 
-    def do_up(self, line: str) -> Optional[bool]:
+    def do_up(self, line: str) -> bool:
         """go up a subkey"""
         parent = self.cwd.rpartition("\\")[0]
         if not parent:
             parent = "\\"
         self.chdir(parent)
+        return False
 
-    def do_pwd(self, line: str) -> Optional[bool]:
+    def do_pwd(self, line: str) -> bool:
         """print current path"""
-        print(self.cwd)
+        print(self.cwd.lstrip("\\"))
+        return False
 
-    def do_recommend(self, line: str) -> Optional[bool]:
+    def do_recommend(self, line: str) -> bool:
         """recommend a key"""
         print(random.choice([name for _, name in self.scandir(None)]))
+        return False
 
     @arg("path", nargs="?")
-    def cmd_ls(self, args: argparse.Namespace, stdout: TextIO) -> Optional[bool]:
+    def cmd_ls(self, args: argparse.Namespace, stdout: TextIO) -> bool:
         key = self.check_key(args.path)
         if not key:
-            return
+            return False
 
         r = self.scandir(key, color=True)
         print("\n".join([name for _, name in r]), file=stdout)
+        return False
 
     @arg("value")
-    def cmd_cat(self, args: argparse.Namespace, stdout: TextIO) -> Optional[bool]:
+    def cmd_cat(self, args: argparse.Namespace, stdout: TextIO) -> bool:
         value = self.check_value(args.value)
         if not value:
-            return
+            return False
 
         print(repr(value.value), file=stdout)
+        return False
 
+    @arg("value")
+    @arg("-p", "--hex", action="store_true")
+    @alias("xxd")
+    def cmd_hexdump(self, args: argparse.Namespace, stdout: TextIO) -> bool:
+        value = self.check_value(args.value)
+        if not value:
+            return False
 
-def fmt_ls_colors(ft: str, name: str) -> str:
-    """Helper method to colorize strings according to LS_COLORS."""
-    try:
-        return LS_COLORS[ft].format(name)
-    except KeyError:
-        pass
+        if args.hex:
+            print(value.value.hex(), file=stdout)
+        else:
+            print(hexdump(value.value, output="string"), file=stdout)
 
-    try:
-        return LS_COLORS[fsutil.splitext(name)[1]].format(name)
-    except KeyError:
-        pass
+        return False
+
+
+def arg_str_to_arg_list(args: str) -> list[str]:
+    """Convert a commandline string to a list of command line arguments."""
+    lexer = shlex.shlex(args, posix=True, punctuation_chars=True)
+    lexer.wordchars += "$"
+    lexer.whitespace_split = True
+    return list(lexer)
+
+
+def extend_args(args: argparse.Namespace, func: Callable) -> argparse.Namespace:
+    """Extend the arguments of the given ``func`` with the provided ``argparse.Namespace``."""
+    for short, kwargs in func.__args__:
+        name = kwargs.get("dest", short[-1]).lstrip("-").replace("-", "_")
+        if not hasattr(args, name):
+            setattr(args, name, None)
+    return args
 
-    return name
+
+def _target_name(target: Target) -> str:
+    """Return a target name for cmd.Cmd base prompts."""
+
+    if target.has_function("domain") and target.domain:
+        return f"{target.name}.{target.domain}"
+
+    return target.name
 
 
 @contextmanager
@@ -1169,15 +1331,7 @@ def build_pipe_stdout(pipe_parts: list[str]) -> Iterator[TextIO]:
         yield pipe_stdin
 
 
-def stat_modestr(st: fsutil.stat_result) -> str:
-    """Helper method for generating a mode string from a numerical mode value."""
-    is_dir = "d" if stat.S_ISDIR(st.st_mode) else "-"
-    dic = {"7": "rwx", "6": "rw-", "5": "r-x", "4": "r--", "0": "---"}
-    perm = str(oct(st.st_mode)[-3:])
-    return is_dir + "".join(dic.get(x, x) for x in perm)
-
-
-def open_shell(targets: list[Union[str, pathlib.Path]], python: bool, registry: bool) -> None:
+def open_shell(targets: list[str | pathlib.Path], python: bool, registry: bool) -> None:
     """Helper method for starting a regular, Python or registry shell for one or multiple targets."""
     targets = list(Target.open_all(targets))
 
@@ -1215,7 +1369,7 @@ def python_shell(targets: list[Target]) -> None:
         print()
 
 
-def create_cli(targets: list[Target], cli_cls: type[TargetCmd]) -> Optional[cmd.Cmd]:
+def create_cli(targets: list[Target], cli_cls: type[TargetCmd]) -> cmd.Cmd | None:
     """Helper method for instatiating the appropriate CLI."""
     if len(targets) == 1:
         target = targets[0]
@@ -1242,10 +1396,14 @@ def run_cli(cli: cmd.Cmd) -> None:
             # Print an empty newline on exit
             print()
             return
+
         except KeyboardInterrupt:
+            # Run postloop so the interrupted command is added to the history file
+            cli.postloop()
+
             # Add a line when pressing ctrl+c, so the next one starts at a new line
             print()
-            pass
+
         except Exception as e:
             if cli.debug:
                 log.exception(e)
@@ -1253,7 +1411,8 @@ def run_cli(cli: cmd.Cmd) -> None:
                 log.info(e)
                 print(f"*** Unhandled error: {e}")
                 print("If you wish to see the full debug trace, enable debug mode.")
-            pass
+
+            cli.postloop()
 
 
 @catch_sigpipe
@@ -1280,11 +1439,24 @@ def main() -> None:
     args.targets = args_to_uri(args.targets, args.loader, rest) if args.loader else args.targets
     process_generic_arguments(args)
 
-    # For the shell tool we want -q to log slightly more then just CRITICAL
-    # messages.
+    # For the shell tool we want -q to log slightly more then just CRITICAL messages.
     if args.quiet:
         logging.getLogger("dissect").setLevel(level=logging.ERROR)
 
+    # PyPy < 3.10.14 readline is stuck in Python 2.7
+    if platform.python_implementation() == "PyPy":
+        major, minor, patch = tuple(map(int, platform.python_version_tuple()))
+        if major <= 3 and minor <= 10 and patch < 14:
+            print(
+                "\n".join(
+                    [
+                        "Note for users of PyPy < 3.10.14:",
+                        "Autocomplete might not work due to an outdated version of pyrepl/readline.py",
+                        "To fix this, please update your version of PyPy.",
+                    ]
+                )
+            )
+
     try:
         open_shell(args.targets, args.python, args.registry)
     except TargetError as e: