dissect.target 3.19.dev21__tar.gz → 3.19.dev23__tar.gz

Sign up to get free protection for your applications and to get access to all the features.
Files changed (597) hide show
  1. {dissect_target-3.19.dev21/dissect.target.egg-info → dissect_target-3.19.dev23}/PKG-INFO +1 -1
  2. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/helpers/network_managers.py +22 -7
  3. dissect_target-3.19.dev23/dissect/target/plugins/filesystem/yara.py +186 -0
  4. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/linux/_os.py +1 -1
  5. dissect_target-3.19.dev23/dissect/target/tools/yara.py +61 -0
  6. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23/dissect.target.egg-info}/PKG-INFO +1 -1
  7. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect.target.egg-info/SOURCES.txt +2 -0
  8. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect.target.egg-info/entry_points.txt +1 -0
  9. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/pyproject.toml +1 -0
  10. dissect_target-3.19.dev23/tests/plugins/filesystem/test_yara.py +89 -0
  11. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/unix/test_ips.py +77 -12
  12. dissect_target-3.19.dev23/tests/tools/test_yara.py +43 -0
  13. dissect_target-3.19.dev21/dissect/target/plugins/filesystem/yara.py +0 -63
  14. dissect_target-3.19.dev21/tests/plugins/filesystem/test_yara.py +0 -38
  15. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/COPYRIGHT +0 -0
  16. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/LICENSE +0 -0
  17. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/MANIFEST.in +0 -0
  18. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/README.md +0 -0
  19. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/__init__.py +0 -0
  20. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/container.py +0 -0
  21. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/containers/__init__.py +0 -0
  22. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/containers/asdf.py +0 -0
  23. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/containers/ewf.py +0 -0
  24. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/containers/fortifw.py +0 -0
  25. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/containers/hdd.py +0 -0
  26. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/containers/hds.py +0 -0
  27. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/containers/qcow2.py +0 -0
  28. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/containers/raw.py +0 -0
  29. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/containers/split.py +0 -0
  30. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/containers/vdi.py +0 -0
  31. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/containers/vhd.py +0 -0
  32. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/containers/vhdx.py +0 -0
  33. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/containers/vmdk.py +0 -0
  34. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/data/autocompletion/target_bash_completion.sh +0 -0
  35. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/exceptions.py +0 -0
  36. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/filesystem.py +0 -0
  37. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/filesystems/__init__.py +0 -0
  38. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/filesystems/ad1.py +0 -0
  39. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/filesystems/btrfs.py +0 -0
  40. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/filesystems/cb.py +0 -0
  41. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/filesystems/config.py +0 -0
  42. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/filesystems/cpio.py +0 -0
  43. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/filesystems/dir.py +0 -0
  44. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/filesystems/exfat.py +0 -0
  45. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/filesystems/extfs.py +0 -0
  46. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/filesystems/fat.py +0 -0
  47. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/filesystems/ffs.py +0 -0
  48. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/filesystems/itunes.py +0 -0
  49. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/filesystems/jffs.py +0 -0
  50. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/filesystems/ntfs.py +0 -0
  51. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/filesystems/overlay.py +0 -0
  52. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/filesystems/smb.py +0 -0
  53. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/filesystems/squashfs.py +0 -0
  54. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/filesystems/tar.py +0 -0
  55. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/filesystems/vmfs.py +0 -0
  56. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/filesystems/vmtar.py +0 -0
  57. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/filesystems/xfs.py +0 -0
  58. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/filesystems/zip.py +0 -0
  59. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/helpers/__init__.py +0 -0
  60. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/helpers/cache.py +0 -0
  61. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/helpers/compat/__init__.py +0 -0
  62. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/helpers/compat/path_310.py +0 -0
  63. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/helpers/compat/path_311.py +0 -0
  64. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/helpers/compat/path_312.py +0 -0
  65. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/helpers/compat/path_39.py +0 -0
  66. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/helpers/compat/path_common.py +0 -0
  67. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/helpers/config.py +0 -0
  68. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/helpers/configutil.py +0 -0
  69. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/helpers/cyber.py +0 -0
  70. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/helpers/data/windowsZones.xml +0 -0
  71. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/helpers/descriptor_extensions.py +0 -0
  72. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/helpers/docs.py +0 -0
  73. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/helpers/fsutil.py +0 -0
  74. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/helpers/hashutil.py +0 -0
  75. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/helpers/keychain.py +0 -0
  76. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/helpers/lazy.py +0 -0
  77. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/helpers/loaderutil.py +0 -0
  78. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/helpers/localeutil.py +0 -0
  79. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/helpers/mount.py +0 -0
  80. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/helpers/mui.py +0 -0
  81. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/helpers/polypath.py +0 -0
  82. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/helpers/protobuf.py +0 -0
  83. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/helpers/record.py +0 -0
  84. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/helpers/record_modifier.py +0 -0
  85. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/helpers/regutil.py +0 -0
  86. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/helpers/shell_folder_ids.py +0 -0
  87. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/helpers/targetd.py +0 -0
  88. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/helpers/utils.py +0 -0
  89. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/loader.py +0 -0
  90. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/loaders/__init__.py +0 -0
  91. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/loaders/ab.py +0 -0
  92. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/loaders/ad1.py +0 -0
  93. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/loaders/asdf.py +0 -0
  94. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/loaders/cb.py +0 -0
  95. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/loaders/cyber.py +0 -0
  96. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/loaders/dir.py +0 -0
  97. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/loaders/hyperv.py +0 -0
  98. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/loaders/itunes.py +0 -0
  99. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/loaders/kape.py +0 -0
  100. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/loaders/local.py +0 -0
  101. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/loaders/log.py +0 -0
  102. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/loaders/mqtt.py +0 -0
  103. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/loaders/multiraw.py +0 -0
  104. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/loaders/ova.py +0 -0
  105. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/loaders/overlay.py +0 -0
  106. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/loaders/ovf.py +0 -0
  107. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/loaders/phobos.py +0 -0
  108. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/loaders/profile.py +0 -0
  109. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/loaders/pvm.py +0 -0
  110. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/loaders/pvs.py +0 -0
  111. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/loaders/raw.py +0 -0
  112. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/loaders/remote.py +0 -0
  113. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/loaders/res.py +0 -0
  114. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/loaders/smb.py +0 -0
  115. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/loaders/tanium.py +0 -0
  116. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/loaders/tar.py +0 -0
  117. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/loaders/target.py +0 -0
  118. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/loaders/targetd.py +0 -0
  119. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/loaders/utm.py +0 -0
  120. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/loaders/vb.py +0 -0
  121. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/loaders/vbox.py +0 -0
  122. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/loaders/velociraptor.py +0 -0
  123. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/loaders/vma.py +0 -0
  124. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/loaders/vmwarevm.py +0 -0
  125. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/loaders/vmx.py +0 -0
  126. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/loaders/xva.py +0 -0
  127. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugin.py +0 -0
  128. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/__init__.py +0 -0
  129. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/apps/__init__.py +0 -0
  130. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/apps/av/__init__.py +0 -0
  131. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/apps/av/mcafee.py +0 -0
  132. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/apps/av/sophos.py +0 -0
  133. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/apps/av/symantec.py +0 -0
  134. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/apps/av/trendmicro.py +0 -0
  135. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/apps/browser/__init__.py +0 -0
  136. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/apps/browser/brave.py +0 -0
  137. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/apps/browser/browser.py +0 -0
  138. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/apps/browser/chrome.py +0 -0
  139. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/apps/browser/chromium.py +0 -0
  140. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/apps/browser/edge.py +0 -0
  141. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/apps/browser/firefox.py +0 -0
  142. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/apps/browser/iexplore.py +0 -0
  143. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/apps/container/__init__.py +0 -0
  144. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/apps/container/docker.py +0 -0
  145. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/apps/remoteaccess/__init__.py +0 -0
  146. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/apps/remoteaccess/anydesk.py +0 -0
  147. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/apps/remoteaccess/remoteaccess.py +0 -0
  148. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/apps/remoteaccess/teamviewer.py +0 -0
  149. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/apps/shell/__init__.py +0 -0
  150. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/apps/shell/powershell.py +0 -0
  151. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/apps/ssh/__init__.py +0 -0
  152. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/apps/ssh/openssh.py +0 -0
  153. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/apps/ssh/opensshd.py +0 -0
  154. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/apps/ssh/putty.py +0 -0
  155. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/apps/ssh/ssh.py +0 -0
  156. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/apps/vpn/__init__.py +0 -0
  157. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/apps/vpn/openvpn.py +0 -0
  158. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/apps/vpn/wireguard.py +0 -0
  159. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/apps/webhosting/__init__.py +0 -0
  160. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/apps/webhosting/cpanel.py +0 -0
  161. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/apps/webserver/__init__.py +0 -0
  162. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/apps/webserver/apache.py +0 -0
  163. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/apps/webserver/caddy.py +0 -0
  164. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/apps/webserver/citrix.py +0 -0
  165. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/apps/webserver/iis.py +0 -0
  166. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/apps/webserver/nginx.py +0 -0
  167. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/apps/webserver/webserver.py +0 -0
  168. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/child/__init__.py +0 -0
  169. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/child/docker.py +0 -0
  170. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/child/esxi.py +0 -0
  171. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/child/hyperv.py +0 -0
  172. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/child/virtuozzo.py +0 -0
  173. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/child/vmware_workstation.py +0 -0
  174. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/child/wsl.py +0 -0
  175. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/filesystem/__init__.py +0 -0
  176. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/filesystem/acquire_handles.py +0 -0
  177. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/filesystem/acquire_hash.py +0 -0
  178. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/filesystem/icat.py +0 -0
  179. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/filesystem/ntfs/__init__.py +0 -0
  180. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/filesystem/ntfs/mft.py +0 -0
  181. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/filesystem/ntfs/mft_timeline.py +0 -0
  182. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/filesystem/ntfs/usnjrnl.py +0 -0
  183. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/filesystem/ntfs/utils.py +0 -0
  184. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/filesystem/resolver.py +0 -0
  185. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/filesystem/unix/__init__.py +0 -0
  186. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/filesystem/unix/capability.py +0 -0
  187. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/filesystem/unix/suid.py +0 -0
  188. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/filesystem/walkfs.py +0 -0
  189. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/general/__init__.py +0 -0
  190. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/general/config.py +0 -0
  191. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/general/default.py +0 -0
  192. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/general/example.py +0 -0
  193. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/general/loaders.py +0 -0
  194. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/general/osinfo.py +0 -0
  195. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/general/plugins.py +0 -0
  196. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/general/scrape.py +0 -0
  197. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/general/users.py +0 -0
  198. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/__init__.py +0 -0
  199. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/__init__.py +0 -0
  200. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/_os.py +0 -0
  201. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/bsd/__init__.py +0 -0
  202. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/bsd/_os.py +0 -0
  203. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/bsd/citrix/__init__.py +0 -0
  204. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/bsd/citrix/_os.py +0 -0
  205. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/bsd/citrix/history.py +0 -0
  206. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/bsd/freebsd/__init__.py +0 -0
  207. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/bsd/freebsd/_os.py +0 -0
  208. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/bsd/ios/__init__.py +0 -0
  209. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/bsd/ios/_os.py +0 -0
  210. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/bsd/openbsd/__init__.py +0 -0
  211. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/bsd/openbsd/_os.py +0 -0
  212. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/bsd/osx/__init__.py +0 -0
  213. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/bsd/osx/_os.py +0 -0
  214. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/bsd/osx/user.py +0 -0
  215. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/cronjobs.py +0 -0
  216. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/datetime.py +0 -0
  217. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/esxi/__init__.py +0 -0
  218. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/esxi/_os.py +0 -0
  219. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/etc/__init__.py +0 -0
  220. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/etc/etc.py +0 -0
  221. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/etc.py +0 -0
  222. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/generic.py +0 -0
  223. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/history.py +0 -0
  224. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/linux/__init__.py +0 -0
  225. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/linux/android/__init__.py +0 -0
  226. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/linux/android/_os.py +0 -0
  227. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/linux/cmdline.py +0 -0
  228. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/linux/debian/__init__.py +0 -0
  229. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/linux/debian/_os.py +0 -0
  230. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/linux/debian/apt.py +0 -0
  231. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/linux/debian/dpkg.py +0 -0
  232. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/linux/debian/vyos/__init__.py +0 -0
  233. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/linux/debian/vyos/_os.py +0 -0
  234. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/linux/environ.py +0 -0
  235. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/linux/fortios/__init__.py +0 -0
  236. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/linux/fortios/_keys.py +0 -0
  237. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/linux/fortios/_os.py +0 -0
  238. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/linux/fortios/generic.py +0 -0
  239. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/linux/fortios/locale.py +0 -0
  240. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/linux/iptables.py +0 -0
  241. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/linux/modules.py +0 -0
  242. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/linux/netstat.py +0 -0
  243. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/linux/proc.py +0 -0
  244. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/linux/processes.py +0 -0
  245. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/linux/redhat/__init__.py +0 -0
  246. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/linux/redhat/_os.py +0 -0
  247. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/linux/redhat/yum.py +0 -0
  248. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/linux/services.py +0 -0
  249. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/linux/sockets.py +0 -0
  250. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/linux/suse/__init__.py +0 -0
  251. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/linux/suse/_os.py +0 -0
  252. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/linux/suse/zypper.py +0 -0
  253. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/locale.py +0 -0
  254. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/locate/__init__.py +0 -0
  255. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/locate/gnulocate.py +0 -0
  256. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/locate/locate.py +0 -0
  257. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/locate/mlocate.py +0 -0
  258. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/locate/plocate.py +0 -0
  259. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/log/__init__.py +0 -0
  260. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/log/atop.py +0 -0
  261. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/log/audit.py +0 -0
  262. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/log/auth.py +0 -0
  263. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/log/journal.py +0 -0
  264. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/log/lastlog.py +0 -0
  265. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/log/messages.py +0 -0
  266. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/log/utmp.py +0 -0
  267. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/packagemanager.py +0 -0
  268. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/shadow.py +0 -0
  269. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/__init__.py +0 -0
  270. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/_os.py +0 -0
  271. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/activitiescache.py +0 -0
  272. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/adpolicy.py +0 -0
  273. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/amcache.py +0 -0
  274. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/catroot.py +0 -0
  275. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/cim.py +0 -0
  276. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/clfs.py +0 -0
  277. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/credhist.py +0 -0
  278. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/datetime.py +0 -0
  279. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/defender.py +0 -0
  280. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/defender_helpers/__init__.py +0 -0
  281. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/defender_helpers/defender_patterns.py +0 -0
  282. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/defender_helpers/defender_records.py +0 -0
  283. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/dpapi/__init__.py +0 -0
  284. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/dpapi/blob.py +0 -0
  285. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/dpapi/crypto.py +0 -0
  286. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/dpapi/dpapi.py +0 -0
  287. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/dpapi/master_key.py +0 -0
  288. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/env.py +0 -0
  289. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/exchange/__init__.py +0 -0
  290. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/exchange/exchange.py +0 -0
  291. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/generic.py +0 -0
  292. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/lnk.py +0 -0
  293. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/locale.py +0 -0
  294. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/log/__init__.py +0 -0
  295. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/log/amcache.py +0 -0
  296. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/log/etl.py +0 -0
  297. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/log/evt.py +0 -0
  298. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/log/evtx.py +0 -0
  299. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/log/pfro.py +0 -0
  300. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/log/schedlgu.py +0 -0
  301. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/notifications.py +0 -0
  302. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/prefetch.py +0 -0
  303. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/recyclebin.py +0 -0
  304. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/regf/7zip.py +0 -0
  305. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/regf/__init__.py +0 -0
  306. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/regf/appxdebugkeys.py +0 -0
  307. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/regf/auditpol.py +0 -0
  308. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/regf/bam.py +0 -0
  309. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/regf/cit.py +0 -0
  310. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/regf/clsid.py +0 -0
  311. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/regf/firewall.py +0 -0
  312. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/regf/mru.py +0 -0
  313. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/regf/muicache.py +0 -0
  314. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/regf/nethist.py +0 -0
  315. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/regf/recentfilecache.py +0 -0
  316. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/regf/regf.py +0 -0
  317. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/regf/runkeys.py +0 -0
  318. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/regf/shellbags.py +0 -0
  319. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/regf/shimcache.py +0 -0
  320. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/regf/trusteddocs.py +0 -0
  321. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/regf/usb.py +0 -0
  322. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/regf/userassist.py +0 -0
  323. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/registry.py +0 -0
  324. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/sam.py +0 -0
  325. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/services.py +0 -0
  326. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/sru.py +0 -0
  327. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/startupinfo.py +0 -0
  328. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/syscache.py +0 -0
  329. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/task_helpers/__init__.py +0 -0
  330. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/task_helpers/tasks_job.py +0 -0
  331. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/task_helpers/tasks_records.py +0 -0
  332. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/task_helpers/tasks_xml.py +0 -0
  333. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/tasks.py +0 -0
  334. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/thumbcache.py +0 -0
  335. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/ual.py +0 -0
  336. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/windows/wer.py +0 -0
  337. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/report.py +0 -0
  338. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/target.py +0 -0
  339. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/tools/__init__.py +0 -0
  340. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/tools/build_pluginlist.py +0 -0
  341. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/tools/dd.py +0 -0
  342. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/tools/dump/__init__.py +0 -0
  343. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/tools/dump/run.py +0 -0
  344. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/tools/dump/state.py +0 -0
  345. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/tools/dump/utils.py +0 -0
  346. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/tools/fs.py +0 -0
  347. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/tools/info.py +0 -0
  348. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/tools/logging.py +0 -0
  349. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/tools/mount.py +0 -0
  350. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/tools/query.py +0 -0
  351. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/tools/reg.py +0 -0
  352. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/tools/shell.py +0 -0
  353. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/tools/utils.py +0 -0
  354. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/volume.py +0 -0
  355. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/volumes/__init__.py +0 -0
  356. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/volumes/bde.py +0 -0
  357. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/volumes/ddf.py +0 -0
  358. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/volumes/disk.py +0 -0
  359. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/volumes/luks.py +0 -0
  360. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/volumes/lvm.py +0 -0
  361. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/volumes/md.py +0 -0
  362. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/volumes/vmfs.py +0 -0
  363. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect.target.egg-info/dependency_links.txt +0 -0
  364. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect.target.egg-info/requires.txt +0 -0
  365. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect.target.egg-info/top_level.txt +0 -0
  366. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/setup.cfg +0 -0
  367. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/__init__.py +0 -0
  368. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/_docs/Makefile +0 -0
  369. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/_docs/conf.py +0 -0
  370. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/_docs/index.rst +0 -0
  371. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/_utils.py +0 -0
  372. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/conftest.py +0 -0
  373. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/containers/__init__.py +0 -0
  374. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/containers/test_fortifw.py +0 -0
  375. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/containers/test_split.py +0 -0
  376. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/filesystems/__init__.py +0 -0
  377. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/filesystems/test_cb.py +0 -0
  378. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/filesystems/test_config.py +0 -0
  379. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/filesystems/test_cpio.py +0 -0
  380. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/filesystems/test_dir.py +0 -0
  381. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/filesystems/test_exfat.py +0 -0
  382. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/filesystems/test_fat.py +0 -0
  383. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/filesystems/test_ntfs.py +0 -0
  384. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/filesystems/test_overlay.py +0 -0
  385. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/filesystems/test_smb.py +0 -0
  386. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/filesystems/test_tar.py +0 -0
  387. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/filesystems/test_vmtar.py +0 -0
  388. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/filesystems/test_zip.py +0 -0
  389. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/helpers/__init__.py +0 -0
  390. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/helpers/test_cache.py +0 -0
  391. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/helpers/test_config.py +0 -0
  392. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/helpers/test_configutil.py +0 -0
  393. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/helpers/test_docs.py +0 -0
  394. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/helpers/test_fsutil.py +0 -0
  395. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/helpers/test_hashutil.py +0 -0
  396. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/helpers/test_keychain.py +0 -0
  397. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/helpers/test_loaderutil.py +0 -0
  398. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/helpers/test_localeutil.py +0 -0
  399. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/helpers/test_modifier.py +0 -0
  400. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/helpers/test_protobuf.py +0 -0
  401. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/helpers/test_record.py +0 -0
  402. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/helpers/test_regutil.py +0 -0
  403. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/helpers/test_utils.py +0 -0
  404. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/loaders/__init__.py +0 -0
  405. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/loaders/test_ab.py +0 -0
  406. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/loaders/test_asdf.py +0 -0
  407. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/loaders/test_cb.py +0 -0
  408. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/loaders/test_dir.py +0 -0
  409. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/loaders/test_hyperv.py +0 -0
  410. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/loaders/test_kape.py +0 -0
  411. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/loaders/test_local.py +0 -0
  412. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/loaders/test_log.py +0 -0
  413. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/loaders/test_mqtt.py +0 -0
  414. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/loaders/test_multiraw.py +0 -0
  415. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/loaders/test_ova.py +0 -0
  416. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/loaders/test_overlay.py +0 -0
  417. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/loaders/test_ovf.py +0 -0
  418. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/loaders/test_phobos.py +0 -0
  419. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/loaders/test_pvm.py +0 -0
  420. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/loaders/test_pvs.py +0 -0
  421. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/loaders/test_remote.py +0 -0
  422. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/loaders/test_smb.py +0 -0
  423. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/loaders/test_tanium.py +0 -0
  424. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/loaders/test_tar.py +0 -0
  425. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/loaders/test_utm.py +0 -0
  426. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/loaders/test_vbox.py +0 -0
  427. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/loaders/test_velociraptor.py +0 -0
  428. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/loaders/test_vmwarevm.py +0 -0
  429. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/__init__.py +0 -0
  430. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/apps/__init__.py +0 -0
  431. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/apps/av/__init__.py +0 -0
  432. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/apps/av/test_mcafee.py +0 -0
  433. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/apps/av/test_sophos.py +0 -0
  434. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/apps/av/test_symantec.py +0 -0
  435. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/apps/av/test_trendmicro.py +0 -0
  436. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/apps/browser/__init__.py +0 -0
  437. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/apps/browser/test_brave.py +0 -0
  438. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/apps/browser/test_chrome.py +0 -0
  439. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/apps/browser/test_chromium.py +0 -0
  440. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/apps/browser/test_edge.py +0 -0
  441. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/apps/browser/test_firefox.py +0 -0
  442. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/apps/browser/test_iexplore.py +0 -0
  443. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/apps/container/__init__.py +0 -0
  444. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/apps/container/test_docker.py +0 -0
  445. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/apps/remoteaccess/__init__.py +0 -0
  446. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/apps/remoteaccess/test_anydesk.py +0 -0
  447. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/apps/remoteaccess/test_teamviewer.py +0 -0
  448. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/apps/shell/__init__.py +0 -0
  449. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/apps/shell/test_powershell.py +0 -0
  450. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/apps/ssh/__init__.py +0 -0
  451. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/apps/ssh/test_openssh.py +0 -0
  452. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/apps/ssh/test_opensshd.py +0 -0
  453. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/apps/ssh/test_putty.py +0 -0
  454. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/apps/vpn/__init__.py +0 -0
  455. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/apps/vpn/test_openvpn.py +0 -0
  456. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/apps/vpn/test_wireguard.py +0 -0
  457. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/apps/webhosting/__init__.py +0 -0
  458. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/apps/webhosting/test_cpanel.py +0 -0
  459. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/apps/webserver/__init__.py +0 -0
  460. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/apps/webserver/test_apache.py +0 -0
  461. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/apps/webserver/test_caddy.py +0 -0
  462. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/apps/webserver/test_citrix.py +0 -0
  463. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/apps/webserver/test_iis.py +0 -0
  464. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/apps/webserver/test_nginx.py +0 -0
  465. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/apps/webserver/test_webserver.py +0 -0
  466. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/child/__init__.py +0 -0
  467. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/child/test_docker.py +0 -0
  468. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/child/test_hyperv.py +0 -0
  469. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/child/test_virtuozzo.py +0 -0
  470. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/child/test_wsl.py +0 -0
  471. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/filesystem/__init__.py +0 -0
  472. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/filesystem/ntfs/__init__.py +0 -0
  473. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/filesystem/ntfs/test_mft.py +0 -0
  474. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/filesystem/ntfs/test_usnjrnl.py +0 -0
  475. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/filesystem/test_acquire_handles.py +0 -0
  476. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/filesystem/test_acquire_hash.py +0 -0
  477. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/filesystem/test_icat.py +0 -0
  478. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/filesystem/test_resolver.py +0 -0
  479. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/filesystem/test_walkfs.py +0 -0
  480. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/filesystem/unix/__init__.py +0 -0
  481. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/filesystem/unix/test_capability.py +0 -0
  482. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/filesystem/unix/test_suid.py +0 -0
  483. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/general/__init__.py +0 -0
  484. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/general/test_config.py +0 -0
  485. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/general/test_default.py +0 -0
  486. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/general/test_plugins.py +0 -0
  487. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/general/test_scrape.py +0 -0
  488. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/general/test_users.py +0 -0
  489. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/__init__.py +0 -0
  490. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/unix/__init__.py +0 -0
  491. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/unix/bsd/__init__.py +0 -0
  492. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/unix/bsd/citrix/__init__.py +0 -0
  493. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/unix/bsd/citrix/test__os.py +0 -0
  494. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/unix/bsd/citrix/test_history.py +0 -0
  495. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/unix/bsd/osx/__init__.py +0 -0
  496. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/unix/bsd/osx/test__os.py +0 -0
  497. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/unix/bsd/osx/test_user.py +0 -0
  498. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/unix/esxi/__init__.py +0 -0
  499. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/unix/esxi/test__os.py +0 -0
  500. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/unix/linux/__init__.py +0 -0
  501. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/unix/linux/android/__init__.py +0 -0
  502. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/unix/linux/android/test__os.py +0 -0
  503. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/unix/linux/debian/__init__.py +0 -0
  504. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/unix/linux/debian/test_apt.py +0 -0
  505. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/unix/linux/debian/test_dpkg.py +0 -0
  506. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/unix/linux/fortios/test_keys.py +0 -0
  507. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/unix/linux/redhat/__init__.py +0 -0
  508. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/unix/linux/redhat/test_yum.py +0 -0
  509. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/unix/linux/suse/__init__.py +0 -0
  510. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/unix/linux/suse/test_zypper.py +0 -0
  511. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/unix/linux/test_cmdline.py +0 -0
  512. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/unix/linux/test_environ.py +0 -0
  513. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/unix/linux/test_iptables.py +0 -0
  514. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/unix/linux/test_modules.py +0 -0
  515. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/unix/linux/test_netstat.py +0 -0
  516. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/unix/linux/test_proc.py +0 -0
  517. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/unix/linux/test_processes.py +0 -0
  518. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/unix/linux/test_services.py +0 -0
  519. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/unix/linux/test_sockets.py +0 -0
  520. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/unix/locate/__init__.py +0 -0
  521. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/unix/locate/test_gnulocate.py +0 -0
  522. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/unix/locate/test_mlocate.py +0 -0
  523. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/unix/locate/test_plocate.py +0 -0
  524. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/unix/log/__init__.py +0 -0
  525. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/unix/log/test_atop.py +0 -0
  526. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/unix/log/test_audit.py +0 -0
  527. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/unix/log/test_auth.py +0 -0
  528. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/unix/log/test_lastlog.py +0 -0
  529. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/unix/log/test_messages.py +0 -0
  530. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/unix/log/test_utmp.py +0 -0
  531. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/unix/test__os.py +0 -0
  532. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/unix/test_generic.py +0 -0
  533. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/unix/test_history.py +0 -0
  534. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/unix/test_journal.py +0 -0
  535. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/unix/test_locale.py +0 -0
  536. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/unix/test_packagemanager.py +0 -0
  537. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/unix/test_shadow.py +0 -0
  538. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/unix/test_users.py +0 -0
  539. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/unix/test_version.py +0 -0
  540. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/windows/__init__.py +0 -0
  541. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/windows/log/test_etl.py +0 -0
  542. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/windows/log/test_evt.py +0 -0
  543. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/windows/log/test_evtx.py +0 -0
  544. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/windows/log/test_schedlgu.py +0 -0
  545. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/windows/regf/__init__.py +0 -0
  546. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/windows/regf/test_appxdebugkeys.py +0 -0
  547. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/windows/regf/test_cit.py +0 -0
  548. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/windows/regf/test_clsid.py +0 -0
  549. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/windows/regf/test_muicache.py +0 -0
  550. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/windows/regf/test_shellbags.py +0 -0
  551. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/windows/regf/test_trusteddocs.py +0 -0
  552. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/windows/regf/test_userassist.py +0 -0
  553. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/windows/test__os.py +0 -0
  554. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/windows/test_adpolicy.py +0 -0
  555. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/windows/test_amcache.py +0 -0
  556. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/windows/test_catroot.py +0 -0
  557. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/windows/test_clfs.py +0 -0
  558. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/windows/test_credhist.py +0 -0
  559. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/windows/test_datetime.py +0 -0
  560. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/windows/test_defender.py +0 -0
  561. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/windows/test_dpapi.py +0 -0
  562. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/windows/test_env.py +0 -0
  563. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/windows/test_generic.py +0 -0
  564. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/windows/test_lnk.py +0 -0
  565. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/windows/test_locale.py +0 -0
  566. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/windows/test_mru.py +0 -0
  567. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/windows/test_notifications.py +0 -0
  568. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/windows/test_prefetch.py +0 -0
  569. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/windows/test_recyclebin.py +0 -0
  570. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/windows/test_registry.py +0 -0
  571. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/windows/test_sam.py +0 -0
  572. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/windows/test_shimcache.py +0 -0
  573. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/windows/test_sru.py +0 -0
  574. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/windows/test_syscache.py +0 -0
  575. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/windows/test_tasks.py +0 -0
  576. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/windows/test_thumbcache.py +0 -0
  577. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/windows/test_ual.py +0 -0
  578. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/windows/test_wer.py +0 -0
  579. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/test_container.py +0 -0
  580. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/test_filesystem.py +0 -0
  581. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/test_plugin.py +0 -0
  582. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/test_registration.py +0 -0
  583. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/test_report.py +0 -0
  584. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/test_target.py +0 -0
  585. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/test_volume.py +0 -0
  586. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/tools/__init__.py +0 -0
  587. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/tools/test_dump.py +0 -0
  588. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/tools/test_fs.py +0 -0
  589. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/tools/test_mount.py +0 -0
  590. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/tools/test_query.py +0 -0
  591. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/tools/test_reg.py +0 -0
  592. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/tools/test_shell.py +0 -0
  593. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/tools/test_utils.py +0 -0
  594. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/volumes/__init__.py +0 -0
  595. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/volumes/test_bde.py +0 -0
  596. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/volumes/test_md.py +0 -0
  597. {dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tox.ini +0 -0
{dissect_target-3.19.dev21/dissect.target.egg-info → dissect_target-3.19.dev23}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: dissect.target
3
- Version: 3.19.dev21
3
+ Version: 3.19.dev23
4
4
  Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
5
5
  Author-email: Dissect Team <dissect@fox-it.com>
6
6
  License: Affero General Public License v3
{dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/helpers/network_managers.py RENAMED
@@ -7,12 +7,14 @@ from configparser import ConfigParser, MissingSectionHeaderError
7
7
  from io import StringIO
8
8
  from itertools import chain
9
9
  from re import compile, sub
10
- from typing import Any, Callable, Iterable, Match, Optional
10
+ from typing import Any, Callable, Iterable, Iterator, Match, Optional
11
11
 
12
12
  from defusedxml import ElementTree
13
13
 
14
14
  from dissect.target.exceptions import PluginError
15
15
  from dissect.target.helpers.fsutil import TargetPath
16
+ from dissect.target.plugins.os.unix.log.journal import JournalRecord
17
+ from dissect.target.plugins.os.unix.log.messages import MessagesRecord
16
18
  from dissect.target.target import Target
17
19
 
18
20
  log = logging.getLogger(__name__)
@@ -509,14 +511,15 @@ class LinuxNetworkManager:
509
511
  return values
510
512
 
511
513
 
512
- def parse_unix_dhcp_log_messages(target) -> list[str]:
514
+ def parse_unix_dhcp_log_messages(target: Target, iter_all: bool = False) -> set[str]:
513
515
  """Parse local syslog, journal and cloud init-log files for DHCP lease IPs.
514
516
 
515
517
  Args:
516
518
  target: Target to discover and obtain network information from.
519
+ iter_all: Parse limited amount of journal messages (first 10000) or all of them.
517
520
 
518
521
  Returns:
519
- List of DHCP ip addresses.
522
+ A set of found DHCP IP addresses.
520
523
  """
521
524
  ips = set()
522
525
  messages = set()
@@ -530,9 +533,19 @@ def parse_unix_dhcp_log_messages(target) -> list[str]:
530
533
  if not messages:
531
534
  target.log.warning(f"Could not search for DHCP leases using {log_func}: No log entries found.")
532
535
 
533
- for record in messages:
536
+ def records_enumerate(iterable: Iterable) -> Iterator[tuple[int, JournalRecord | MessagesRecord]]:
537
+ count = 0
538
+ for rec in iterable:
539
+ if rec._desc.name == "linux/log/journal":
540
+ count += 1
541
+ yield count, rec
542
+
543
+ for count, record in records_enumerate(messages):
534
544
  line = record.message
535
545
 
546
+ if not line:
547
+ continue
548
+
536
549
  # Ubuntu cloud-init
537
550
  if "Received dhcp lease on" in line:
538
551
  interface, ip, netmask = re.search(r"Received dhcp lease on (\w{0,}) for (\S+)\/(\S+)", line).groups()
@@ -576,9 +589,11 @@ def parse_unix_dhcp_log_messages(target) -> list[str]:
576
589
  ips.add(ip)
577
590
  continue
578
591
 
579
- # Journals and syslogs can be large and slow to iterate,
580
- # so we stop if we have some results and have reached the journal plugin.
581
- if len(ips) >= 2 and record._desc.name == "linux/log/journal":
592
+ # The journal parser is relatively slow, so we stop when we have read 10000 journal entries,
593
+ # or if we have found at least one ip address. When `iter_all` is `True` we continue searching.
594
+ if not iter_all and (ips or count > 10_000):
595
+ if not ips:
596
+ target.log.warning("No DHCP IP addresses found in first 10000 journal entries.")
582
597
  break
583
598
 
584
599
  return ips
dissect_target-3.19.dev23/dissect/target/plugins/filesystem/yara.py ADDED
@@ -0,0 +1,186 @@
1
+ from __future__ import annotations
2
+
3
+ import hashlib
4
+ import logging
5
+ from io import BytesIO
6
+ from pathlib import Path
7
+ from typing import Iterator
8
+
9
+ from dissect.target.helpers import hashutil
10
+
11
+ try:
12
+ import yara
13
+
14
+ HAS_YARA = True
15
+
16
+ except ImportError:
17
+ HAS_YARA = False
18
+
19
+ from dissect.target.exceptions import FileNotFoundError, UnsupportedPluginError
20
+ from dissect.target.helpers.record import TargetRecordDescriptor
21
+ from dissect.target.plugin import Plugin, arg, export
22
+
23
+ log = logging.getLogger(__name__)
24
+
25
+ YaraMatchRecord = TargetRecordDescriptor(
26
+ "filesystem/yara/match",
27
+ [
28
+ ("path", "path"),
29
+ ("digest", "digest"),
30
+ ("string", "rule"),
31
+ ("string[]", "tags"),
32
+ ("string", "namespace"),
33
+ ],
34
+ )
35
+
36
+ DEFAULT_MAX_SCAN_SIZE = 10 * 1024 * 1024
37
+
38
+
39
+ class YaraPlugin(Plugin):
40
+ """Plugin to scan files against a local YARA rules file."""
41
+
42
+ def check_compatible(self) -> None:
43
+ if not HAS_YARA:
44
+ raise UnsupportedPluginError("Please install 'yara-python' to use the yara plugin.")
45
+
46
+ @arg("-r", "--rules", required=True, nargs="*", help="path(s) to YARA rule file(s) or folder(s)")
47
+ @arg("-p", "--path", default="/", help="path on target(s) to recursively scan")
48
+ @arg("-m", "--max-size", default=DEFAULT_MAX_SCAN_SIZE, help="maximum file size in bytes to scan")
49
+ @arg("-c", "--check", default=False, action="store_true", help="check if every YARA rule is valid")
50
+ @export(record=YaraMatchRecord)
51
+ def yara(
52
+ self,
53
+ rules: list[str | Path],
54
+ path: str = "/",
55
+ max_size: int = DEFAULT_MAX_SCAN_SIZE,
56
+ check: bool = False,
57
+ ) -> Iterator[YaraMatchRecord]:
58
+ """Scan files inside the target up to a given maximum size with YARA rule file(s).
59
+
60
+ Args:
61
+ rules: ``list`` of strings or ``Path`` objects pointing to rule files to use.
62
+ path: ``string`` of absolute target path to scan.
63
+ max_size: Files larger than this size will not be scanned.
64
+ check: Check if provided rules are valid, only compiles valid rules.
65
+
66
+ Returns:
67
+ Iterator yields ``YaraMatchRecord``.
68
+ """
69
+
70
+ compiled_rules = process_rules(rules, check)
71
+
72
+ if not rules:
73
+ self.target.log.error("No working rules found in '%s'", ",".join(rules))
74
+ return
75
+
76
+ if hasattr(compiled_rules, "warnings") and (num_warns := len(compiled_rules.warnings)) > 0:
77
+ self.target.log.warning("YARA generated %s warnings while compiling rules", num_warns)
78
+ for warning in compiled_rules.warnings:
79
+ self.target.log.debug(warning)
80
+
81
+ self.target.log.warning("Will not scan files larger than %s MB", max_size // 1024 // 1024)
82
+
83
+ for _, _, files in self.target.fs.walk_ext(path):
84
+ for file in files:
85
+ try:
86
+ if file_size := file.stat().st_size > max_size:
87
+ self.target.log.debug(
88
+ "Skipping file '%s' as it is larger than %s bytes (size is %s)", file, file_size, max_size
89
+ )
90
+ continue
91
+
92
+ buf = file.open().read()
93
+ for match in compiled_rules.match(data=buf):
94
+ yield YaraMatchRecord(
95
+ path=self.target.fs.path(file.path),
96
+ digest=hashutil.common(BytesIO(buf)),
97
+ rule=match.rule,
98
+ tags=match.tags,
99
+ namespace=match.namespace,
100
+ _target=self.target,
101
+ )
102
+
103
+ except FileNotFoundError:
104
+ continue
105
+ except RuntimeWarning as e:
106
+ self.target.log.warning("Runtime warning while scanning file '%s': %s", file, e)
107
+ except Exception as e:
108
+ self.target.log.error("Exception scanning file '%s'", file)
109
+ self.target.log.debug("", exc_info=e)
110
+
111
+
112
+ def process_rules(paths: list[str | Path], check: bool = False) -> yara.Rules | None:
113
+ """Generate compiled YARA rules from the given path(s).
114
+
115
+ Provide path to one (compiled) YARA file or directory containing YARA files.
116
+
117
+ Args:
118
+ paths: Path to file(s) or folder(s) containing YARA files.
119
+ check: Attempt to compile every rule file before appending to rules.
120
+
121
+ Returns:
122
+ Compiled YARA rules or None.
123
+ """
124
+ files = set()
125
+ compiled_rules = None
126
+
127
+ for rules_path in paths:
128
+ if isinstance(rules_path, str):
129
+ rules_path = Path(rules_path)
130
+
131
+ if not rules_path.exists():
132
+ log.warning("File %s does not exist!", rules_path)
133
+ continue
134
+
135
+ if rules_path.is_dir():
136
+ for file in rules_path.rglob("*"):
137
+ if not file.is_file():
138
+ continue
139
+ files.add(file)
140
+ else:
141
+ files.add(rules_path)
142
+
143
+ for file in set(files):
144
+ with file.open("rb") as fh:
145
+ magic = fh.read(4)
146
+
147
+ if magic == b"YARA":
148
+ if len(files) > 1:
149
+ log.error("Providing multiple compiled YARA files is not supported. Did not add %s", file)
150
+ continue
151
+ else:
152
+ log.info("Adding single compiled YARA file %s", file)
153
+ compiled_rules = compile_yara(file, is_compiled=True)
154
+ break
155
+
156
+ elif check and not is_valid_yara({"check_namespace": file}):
157
+ log.warning("File %s contains invalid rule(s)!", file)
158
+ files.remove(file)
159
+ continue
160
+
161
+ if files and not compiled_rules:
162
+ try:
163
+ compiled_rules = compile_yara({hashlib.md5(file.as_posix().encode()).hexdigest(): file for file in files})
164
+ except yara.Error as e:
165
+ log.error("Failed to compile YARA file(s): %s", e)
166
+
167
+ return compiled_rules
168
+
169
+
170
+ def compile_yara(files: dict[str, Path] | Path, is_compiled: bool = False) -> yara.Rules | None:
171
+ """Compile or load the given YARA file(s) to rules."""
172
+ if is_compiled and isinstance(files, Path):
173
+ return yara.load(files.as_posix())
174
+ else:
175
+ return yara.compile(filepaths={ns: Path(path).as_posix() for ns, path in files.items()})
176
+
177
+
178
+ def is_valid_yara(files: dict[str, Path] | Path, is_compiled: bool = False) -> bool:
179
+ """Determine if the given YARA file(s) compile without errors or warnings."""
180
+ try:
181
+ compile_yara(files, is_compiled)
182
+ return True
183
+
184
+ except (yara.SyntaxError, yara.WarningError, yara.Error) as e:
185
+ log.debug("Rule file(s) '%s' invalid: %s", files, e)
186
+ return False
{dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect/target/plugins/os/unix/linux/_os.py RENAMED
@@ -41,7 +41,7 @@ class LinuxPlugin(UnixPlugin, LinuxNetworkManager):
41
41
  for ip in ip_set:
42
42
  ips.append(ip)
43
43
 
44
- for ip in parse_unix_dhcp_log_messages(self.target):
44
+ for ip in parse_unix_dhcp_log_messages(self.target, iter_all=False):
45
45
  if ip not in ips:
46
46
  ips.append(ip)
47
47
 
dissect_target-3.19.dev23/dissect/target/tools/yara.py ADDED
@@ -0,0 +1,61 @@
1
+ #!/usr/bin/env python
2
+ # -*- coding: utf-8 -*-
3
+ import argparse
4
+ import logging
5
+
6
+ from dissect.target import Target
7
+ from dissect.target.exceptions import TargetError
8
+ from dissect.target.plugins.filesystem.yara import HAS_YARA, YaraPlugin
9
+ from dissect.target.tools.query import record_output
10
+ from dissect.target.tools.utils import (
11
+ catch_sigpipe,
12
+ configure_generic_arguments,
13
+ process_generic_arguments,
14
+ )
15
+
16
+ log = logging.getLogger(__name__)
17
+
18
+
19
+ @catch_sigpipe
20
+ def main():
21
+ help_formatter = argparse.ArgumentDefaultsHelpFormatter
22
+ parser = argparse.ArgumentParser(
23
+ description="target-yara",
24
+ fromfile_prefix_chars="@",
25
+ formatter_class=help_formatter,
26
+ )
27
+
28
+ parser.add_argument("targets", metavar="TARGETS", nargs="*", help="Targets to load")
29
+ parser.add_argument("-s", "--strings", default=False, action="store_true", help="print output as string")
30
+
31
+ for args, kwargs in getattr(YaraPlugin.yara, "__args__", []):
32
+ parser.add_argument(*args, **kwargs)
33
+
34
+ configure_generic_arguments(parser)
35
+
36
+ args = parser.parse_args()
37
+ process_generic_arguments(args)
38
+
39
+ if not HAS_YARA:
40
+ log.error("yara-python is not installed: pip install yara-python")
41
+ parser.exit(1)
42
+
43
+ if not args.targets:
44
+ log.error("No targets provided")
45
+ parser.exit(1)
46
+
47
+ try:
48
+ for target in Target.open_all(args.targets):
49
+ target.log.info("Scanning target")
50
+ rs = record_output(args.strings, False)
51
+ for record in target.yara(args.rules, args.path, args.max_size, args.check):
52
+ rs.write(record)
53
+
54
+ except TargetError as e:
55
+ log.error(e)
56
+ log.debug("", exc_info=e)
57
+ parser.exit(1)
58
+
59
+
60
+ if __name__ == "__main__":
61
+ main()
{dissect_target-3.19.dev21 → dissect_target-3.19.dev23/dissect.target.egg-info}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: dissect.target
3
- Version: 3.19.dev21
3
+ Version: 3.19.dev23
4
4
  Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
5
5
  Author-email: Dissect Team <dissect@fox-it.com>
6
6
  License: Affero General Public License v3
{dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect.target.egg-info/SOURCES.txt RENAMED
@@ -345,6 +345,7 @@ dissect/target/tools/query.py
345
345
  dissect/target/tools/reg.py
346
346
  dissect/target/tools/shell.py
347
347
  dissect/target/tools/utils.py
348
+ dissect/target/tools/yara.py
348
349
  dissect/target/tools/dump/__init__.py
349
350
  dissect/target/tools/dump/run.py
350
351
  dissect/target/tools/dump/state.py
@@ -586,6 +587,7 @@ tests/tools/test_query.py
586
587
  tests/tools/test_reg.py
587
588
  tests/tools/test_shell.py
588
589
  tests/tools/test_utils.py
590
+ tests/tools/test_yara.py
589
591
  tests/volumes/__init__.py
590
592
  tests/volumes/test_bde.py
591
593
  tests/volumes/test_md.py
{dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/dissect.target.egg-info/entry_points.txt RENAMED
@@ -8,3 +8,4 @@ target-mount = dissect.target.tools.mount:main
8
8
  target-query = dissect.target.tools.query:main
9
9
  target-reg = dissect.target.tools.reg:main
10
10
  target-shell = dissect.target.tools.shell:main
11
+ target-yara = dissect.target.tools.yara:main
{dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/pyproject.toml RENAMED
@@ -133,6 +133,7 @@ target-mount = "dissect.target.tools.mount:main"
133
133
  target-query = "dissect.target.tools.query:main"
134
134
  target-reg = "dissect.target.tools.reg:main"
135
135
  target-shell = "dissect.target.tools.shell:main"
136
+ target-yara = "dissect.target.tools.yara:main"
136
137
 
137
138
  [tool.black]
138
139
  line-length = 120
dissect_target-3.19.dev23/tests/plugins/filesystem/test_yara.py ADDED
@@ -0,0 +1,89 @@
1
+ from __future__ import annotations
2
+
3
+ import tempfile
4
+ from io import BytesIO
5
+ from pathlib import Path
6
+ from typing import Iterator
7
+
8
+ import pytest
9
+
10
+ from dissect.target import Target
11
+ from dissect.target.filesystem import VirtualFilesystem
12
+ from dissect.target.plugins.filesystem.yara import HAS_YARA, YaraPlugin, is_valid_yara
13
+ from tests._utils import absolute_path
14
+
15
+ if HAS_YARA:
16
+ import yara
17
+
18
+ rule_file = absolute_path("_data/plugins/filesystem/yara/rule.yar")
19
+ another_rule_file = absolute_path("_data/plugins/filesystem/yara/another.yar")
20
+ invalid_rule = absolute_path("_data/plugins/filesystem/yara/invalid.yar")
21
+ rule_dir = Path(rule_file).parent
22
+
23
+
24
+ @pytest.fixture
25
+ def target_yara(target_default: Target) -> Iterator[Target]:
26
+ vfs = VirtualFilesystem()
27
+ vfs.map_file_fh("test_file", BytesIO(b"test string"))
28
+ vfs.map_file_fh("/test/dir/to/test_file", BytesIO(b"test string"))
29
+ vfs.map_file_fh("should_not_hit", BytesIO(b"this is another file."))
30
+ target_default.fs.mount("/", vfs)
31
+ target_default.add_plugin(YaraPlugin)
32
+ yield target_default
33
+
34
+
35
+ @pytest.mark.skipif(not HAS_YARA, reason="requires python-yara")
36
+ def test_yara_plugin(target_yara: Target) -> None:
37
+ results = list(target_yara.yara(rules=[Path(rule_file)]))
38
+
39
+ assert len(results) == 2
40
+ assert results[0].path == "/test_file"
41
+ assert results[1].path == "/test/dir/to/test_file"
42
+ assert results[0].rule == "test_rule_name"
43
+
44
+
45
+ @pytest.mark.skipif(not HAS_YARA, reason="requires python-yara")
46
+ @pytest.mark.parametrize(
47
+ "rules,expected_hits,should_be_valid",
48
+ [
49
+ (["/does/not/exist"], 0, False),
50
+ ([rule_file, rule_file], 2, True),
51
+ ([rule_file, another_rule_file], 4, True),
52
+ ([rule_dir], 4, False), # contains invalid.yar
53
+ ([invalid_rule], 0, False),
54
+ ],
55
+ )
56
+ def test_yara_plugin_invalid_rules(
57
+ target_yara: Target, rules: list[str | Path], expected_hits: int, should_be_valid: bool
58
+ ) -> None:
59
+ assert is_valid_yara(files={str(file): file for file in rules}) == should_be_valid
60
+
61
+ results = list(target_yara.yara(rules=rules, check=True))
62
+ assert len(results) == expected_hits
63
+
64
+
65
+ @pytest.mark.skipif(not HAS_YARA, reason="requires python-yara")
66
+ def test_yara_plugin_invalid_rule_warn(target_yara: Target, caplog: pytest.CaptureFixture) -> None:
67
+ results = list(target_yara.yara(rules=[invalid_rule, another_rule_file], check=True))
68
+ assert "invalid.yar contains invalid rule(s)!" in caplog.text
69
+ assert len(results) == 2
70
+
71
+
72
+ @pytest.mark.skipif(not HAS_YARA, reason="requires python-yara")
73
+ def test_yara_plugin_compiled_rule(target_yara: Target, tmp_path: str) -> None:
74
+ with tempfile.NamedTemporaryFile(mode="w", dir=tmp_path, delete=False) as tf:
75
+ rules = yara.compile(rule_file)
76
+ rules.save(tf.name)
77
+ tf.close()
78
+
79
+ results = list(target_yara.yara(rules=[tf.name]))
80
+
81
+ assert len(results) == 2
82
+
83
+ assert results[0].path == "/test_file"
84
+ assert results[0].rule == "test_rule_name"
85
+ assert results[0].tags == ["tag1", "tag2", "tag3"]
86
+ assert results[0].namespace == "default"
87
+ assert results[0].digest.md5 == "6f8db599de986fab7a21625b7916589c"
88
+ assert results[0].digest.sha1 == "661295c9cbf9d6b2f6428414504a8deed3020641"
89
+ assert results[0].digest.sha256 == "d5579c46dfcc7f18207013e65b44e4cb4e2c2298f4ac457ba8f82743f31e930b"
{dissect_target-3.19.dev21 → dissect_target-3.19.dev23}/tests/plugins/os/unix/test_ips.py RENAMED
@@ -1,5 +1,6 @@
1
1
  import textwrap
2
2
  from io import BytesIO
3
+ from unittest.mock import patch
3
4
 
4
5
  import pytest
5
6
 
@@ -7,21 +8,40 @@ from dissect.target import Target
7
8
  from dissect.target.filesystem import VirtualFilesystem
8
9
  from dissect.target.helpers.network_managers import NetworkManager
9
10
  from dissect.target.plugins.os.unix.linux._os import LinuxPlugin
11
+ from dissect.target.tools.query import main as target_query
10
12
  from tests._utils import absolute_path
11
13
 
12
14
 
13
- def test_ips_dhcp(target_unix_users: Target, fs_unix: VirtualFilesystem) -> None:
15
+ @pytest.mark.parametrize(
16
+ "expected_ips, messages",
17
+ [
18
+ (
19
+ ["10.13.37.1"],
20
+ "Jan 1 13:37:01 hostname NetworkManager[1]: <info> [1600000000.0000] dhcp4 (eth0): option ip_address => '10.13.37.1'", # noqa: E501
21
+ ),
22
+ (["10.13.37.2"], "Feb 2 13:37:02 test systemd-networkd[2]: eth0: DHCPv4 address 10.13.37.2/24 via 10.13.37.0"),
23
+ (
24
+ ["10.13.37.3"],
25
+ "Mar 3 13:37:03 localhost NetworkManager[3]: <info> [1600000000.0003] dhcp4 (eth0): address 10.13.37.3",
26
+ ),
27
+ (
28
+ ["10.13.37.4"],
29
+ "Apr 4 13:37:04 localhost dhclient[4]: bound to 10.13.37.4 -- renewal in 1337 seconds.",
30
+ ),
31
+ (
32
+ ["2001:db8::"],
33
+ (
34
+ "Jun 6 13:37:06 test systemd-networkd[5]: eth0: DHCPv6 address 2001:db8::/64 via 2001:db8:ffff:ffff:ffff:ffff:ffff:ffff\n" # noqa: E501
35
+ "May 5 13:37:05 test systemd-networkd[5]: eth0: DHCPv6 lease lost\n"
36
+ ),
37
+ ),
38
+ ],
39
+ )
40
+ def test_ips_dhcp(
41
+ target_unix_users: Target, fs_unix: VirtualFilesystem, expected_ips: list[str], messages: str
42
+ ) -> None:
14
43
  """Test DHCP lease messages from /var/log/syslog."""
15
44
 
16
- messages = """
17
- Jan 1 13:37:01 hostname NetworkManager[1]: <info> [1600000000.0000] dhcp4 (eth0): option ip_address => '10.13.37.1'
18
- Feb 2 13:37:02 test systemd-networkd[2]: eth0: DHCPv4 address 10.13.37.2/24 via 10.13.37.0
19
- Mar 3 13:37:03 localhost NetworkManager[3]: <info> [1600000000.0003] dhcp4 (eth0): address 10.13.37.3
20
- Apr 4 13:37:04 localhost dhclient[4]: bound to 10.13.37.4 -- renewal in 1337 seconds.
21
- May 5 13:37:05 test systemd-networkd[5]: eth0: DHCPv6 lease lost
22
- Jun 6 13:37:06 test systemd-networkd[5]: eth0: DHCPv6 address 2001:db8::/64 via 2001:db8:ffff:ffff:ffff:ffff:ffff:ffff
23
- """ # noqa E501
24
-
25
45
  fs_unix.map_file_fh(
26
46
  "/var/log/syslog",
27
47
  BytesIO(textwrap.dedent(messages).encode()),
@@ -30,8 +50,53 @@ def test_ips_dhcp(target_unix_users: Target, fs_unix: VirtualFilesystem) -> None
30
50
  target_unix_users.add_plugin(LinuxPlugin)
31
51
  results = target_unix_users.ips
32
52
  results.reverse()
33
- assert len(results) == 5
34
- assert sorted(results) == ["10.13.37.1", "10.13.37.2", "10.13.37.3", "10.13.37.4", "2001:db8::"]
53
+ assert len(results) == len(expected_ips)
54
+ assert sorted(results) == expected_ips
55
+
56
+
57
+ @pytest.mark.parametrize(
58
+ "flag, expected_out",
59
+ [
60
+ (None, "['10.13.37.2']"),
61
+ # ("--dhcp-all", "['10.13.37.2', '10.13.37.1']"),
62
+ # Temporarily disabled behaviour, for discussion see:
63
+ # https://github.com/fox-it/dissect.target/pull/687#discussion_r1698515269
64
+ ],
65
+ )
66
+ def test_ips_dhcp_arg(
67
+ target_unix: Target,
68
+ fs_unix: VirtualFilesystem,
69
+ flag: str,
70
+ expected_out: str,
71
+ capsys: pytest.CaptureFixture,
72
+ monkeypatch: pytest.MonkeyPatch,
73
+ ) -> None:
74
+ """Test --dhcp-all flag behaviour"""
75
+
76
+ fs_unix.map_file_fh("/etc/timezone", BytesIO(b"Europe/Amsterdam"))
77
+
78
+ messages = """
79
+ Apr 1 13:37:01 localhost dhclient[4]: bound to 10.13.37.1 -- renewal in 1337 seconds.
80
+ Apr 2 13:37:02 localhost foo[1]: some other message.
81
+ Apr 3 13:37:03 localhost dhclient[4]: bound to 10.13.37.2 -- renewal in 1337 seconds.
82
+ """
83
+
84
+ fs_unix.map_file_fh(
85
+ "/var/log/syslog",
86
+ BytesIO(textwrap.dedent(messages).encode()),
87
+ )
88
+ target_unix.add_plugin(LinuxPlugin)
89
+
90
+ argv = ["target-query", "foo", "-f", "ips"]
91
+ if flag:
92
+ argv.append(flag)
93
+
94
+ with patch("dissect.target.Target.open_all", return_value=[target_unix]):
95
+ with monkeypatch.context() as m:
96
+ m.setattr("sys.argv", argv)
97
+ target_query()
98
+ out, _ = capsys.readouterr()
99
+ assert expected_out in out
35
100
 
36
101
 
37
102
  def test_ips_cloud_init(target_unix_users: Target, fs_unix: VirtualFilesystem) -> None:
dissect_target-3.19.dev23/tests/tools/test_yara.py ADDED
@@ -0,0 +1,43 @@
1
+ from io import BytesIO
2
+ from unittest.mock import patch
3
+
4
+ import pytest
5
+
6
+ from dissect.target import Target
7
+ from dissect.target.filesystem import VirtualFilesystem
8
+ from dissect.target.tools.yara import HAS_YARA
9
+ from dissect.target.tools.yara import main as target_yara
10
+ from tests._utils import absolute_path
11
+
12
+
13
+ @pytest.mark.skipif(not HAS_YARA, reason="requires python-yara")
14
+ def test_yara(target_default: Target, monkeypatch: pytest.MonkeyPatch, capsys: pytest.CaptureFixture) -> None:
15
+ vfs = VirtualFilesystem()
16
+ vfs.map_file_fh("test_file", BytesIO(b"hello there this is a test string!"))
17
+ vfs.map_file_fh("/test/dir/to/test_file", BytesIO(b"this is another test string for YARA testing."))
18
+ vfs.map_file_fh("should_not_hit", BytesIO(b"this is another file."))
19
+ target_default.fs.mount("/", vfs)
20
+
21
+ with patch("dissect.target.Target.open_all", return_value=[target_default]), monkeypatch.context() as m:
22
+ m.setattr(
23
+ "sys.argv",
24
+ [
25
+ "target-yara",
26
+ "example.img",
27
+ "--rules",
28
+ absolute_path("_data/plugins/filesystem/yara/rule.yar"),
29
+ "--path",
30
+ "/",
31
+ "--check",
32
+ "-s",
33
+ ],
34
+ )
35
+ target_yara()
36
+
37
+ out, _ = capsys.readouterr()
38
+
39
+ hit1 = "<filesystem/yara/match hostname=None domain=None path='/test_file' digest=(md5=d690ba32b59d28614aebefe9b03c74d4, sha1=4b1ced217aabe37138e96fb93bf40026639b9d3b, sha256=7a644118588ff0dcf2fadbe198ae1f1629c29374bac491ba41d5cf957edf0dfc) rule='test_rule_name' tags=['tag1', 'tag2', 'tag3']" # noqa E501
40
+ hit2 = "<filesystem/yara/match hostname=None domain=None path='/test/dir/to/test_file' digest=(md5=bd7490dd2978ce983e2e1613ac8444c0, sha1=849a062cf09280f5c7dce4c7f87c69a1d9262e08, sha256=9bf7629a67c7ce8019910f1c1251fe44b61b3fff55a59a5e148af3c207dc102f) rule='test_rule_name' tags=['tag1', 'tag2', 'tag3']" # noqa E501
41
+
42
+ assert hit1 in out
43
+ assert hit2 in out