dissect.target 3.19.dev27__py3-none-any.whl → 3.19.dev29__py3-none-any.whl
Sign up to get free protection for your applications and to get access to all the features.
- dissect/target/plugins/apps/browser/firefox.py +77 -32
- dissect/target/plugins/filesystem/yara.py +3 -5
- dissect/target/plugins/general/users.py +14 -10
- dissect/target/target.py +1 -1
- dissect/target/tools/yara.py +2 -2
- {dissect.target-3.19.dev27.dist-info → dissect.target-3.19.dev29.dist-info}/METADATA +1 -1
- {dissect.target-3.19.dev27.dist-info → dissect.target-3.19.dev29.dist-info}/RECORD +12 -12
- {dissect.target-3.19.dev27.dist-info → dissect.target-3.19.dev29.dist-info}/COPYRIGHT +0 -0
- {dissect.target-3.19.dev27.dist-info → dissect.target-3.19.dev29.dist-info}/LICENSE +0 -0
- {dissect.target-3.19.dev27.dist-info → dissect.target-3.19.dev29.dist-info}/WHEEL +0 -0
- {dissect.target-3.19.dev27.dist-info → dissect.target-3.19.dev29.dist-info}/entry_points.txt +0 -0
- {dissect.target-3.19.dev27.dist-info → dissect.target-3.19.dev29.dist-info}/top_level.txt +0 -0
@@ -3,6 +3,7 @@ import json
|
|
3
3
|
import logging
|
4
4
|
from base64 import b64decode
|
5
5
|
from hashlib import pbkdf2_hmac, sha1
|
6
|
+
from itertools import chain
|
6
7
|
from typing import Iterator, Optional
|
7
8
|
|
8
9
|
from dissect.sql import sqlite3
|
@@ -14,7 +15,7 @@ from dissect.target.exceptions import FileNotFoundError, UnsupportedPluginError
|
|
14
15
|
from dissect.target.helpers.descriptor_extensions import UserRecordDescriptorExtension
|
15
16
|
from dissect.target.helpers.fsutil import TargetPath
|
16
17
|
from dissect.target.helpers.record import create_extended_descriptor
|
17
|
-
from dissect.target.plugin import export
|
18
|
+
from dissect.target.plugin import OperatingSystem, export
|
18
19
|
from dissect.target.plugins.apps.browser.browser import (
|
19
20
|
GENERIC_COOKIE_FIELDS,
|
20
21
|
GENERIC_DOWNLOAD_RECORD_FIELDS,
|
@@ -24,7 +25,7 @@ from dissect.target.plugins.apps.browser.browser import (
|
|
24
25
|
BrowserPlugin,
|
25
26
|
try_idna,
|
26
27
|
)
|
27
|
-
from dissect.target.plugins.general.users import
|
28
|
+
from dissect.target.plugins.general.users import UserRecord
|
28
29
|
|
29
30
|
try:
|
30
31
|
from asn1crypto import algos, core
|
@@ -44,7 +45,10 @@ try:
|
|
44
45
|
except ImportError:
|
45
46
|
HAS_CRYPTO = False
|
46
47
|
|
47
|
-
FIREFOX_EXTENSION_RECORD_FIELDS = [
|
48
|
+
FIREFOX_EXTENSION_RECORD_FIELDS = [
|
49
|
+
("uri", "source_uri"),
|
50
|
+
("string[]", "optional_permissions"),
|
51
|
+
]
|
48
52
|
|
49
53
|
log = logging.getLogger(__name__)
|
50
54
|
|
@@ -54,7 +58,7 @@ class FirefoxPlugin(BrowserPlugin):
|
|
54
58
|
|
55
59
|
__namespace__ = "firefox"
|
56
60
|
|
57
|
-
|
61
|
+
USER_DIRS = [
|
58
62
|
# Windows
|
59
63
|
"AppData/Roaming/Mozilla/Firefox/Profiles",
|
60
64
|
"AppData/local/Mozilla/Firefox/Profiles",
|
@@ -66,6 +70,10 @@ class FirefoxPlugin(BrowserPlugin):
|
|
66
70
|
"Library/Application Support/Firefox",
|
67
71
|
]
|
68
72
|
|
73
|
+
SYSTEM_DIRS = [
|
74
|
+
"/data/data/org.mozilla.vrbrowser/files/mozilla",
|
75
|
+
]
|
76
|
+
|
69
77
|
BrowserHistoryRecord = create_extended_descriptor([UserRecordDescriptorExtension])(
|
70
78
|
"browser/firefox/history", GENERIC_HISTORY_RECORD_FIELDS
|
71
79
|
)
|
@@ -79,7 +87,8 @@ class FirefoxPlugin(BrowserPlugin):
|
|
79
87
|
)
|
80
88
|
|
81
89
|
BrowserExtensionRecord = create_extended_descriptor([UserRecordDescriptorExtension])(
|
82
|
-
"browser/firefox/extension",
|
90
|
+
"browser/firefox/extension",
|
91
|
+
GENERIC_EXTENSION_RECORD_FIELDS + FIREFOX_EXTENSION_RECORD_FIELDS,
|
83
92
|
)
|
84
93
|
|
85
94
|
BrowserPasswordRecord = create_extended_descriptor([UserRecordDescriptorExtension])(
|
@@ -88,27 +97,32 @@ class FirefoxPlugin(BrowserPlugin):
|
|
88
97
|
|
89
98
|
def __init__(self, target):
|
90
99
|
super().__init__(target)
|
91
|
-
self.
|
100
|
+
self.dirs: list[tuple[UserRecord, TargetPath]] = []
|
101
|
+
|
92
102
|
for user_details in self.target.user_details.all_with_home():
|
93
|
-
for directory in self.
|
103
|
+
for directory in self.USER_DIRS:
|
94
104
|
cur_dir = user_details.home_path.joinpath(directory)
|
95
105
|
if not cur_dir.exists():
|
96
106
|
continue
|
97
|
-
self.
|
107
|
+
self.dirs.append((user_details.user, cur_dir))
|
108
|
+
|
109
|
+
for directory in self.SYSTEM_DIRS:
|
110
|
+
if (cur_dir := target.fs.path(directory)).exists():
|
111
|
+
self.dirs.append((None, cur_dir))
|
98
112
|
|
99
113
|
def check_compatible(self) -> None:
|
100
|
-
if not len(self.
|
114
|
+
if not len(self.dirs):
|
101
115
|
raise UnsupportedPluginError("No Firefox directories found")
|
102
116
|
|
103
|
-
def _iter_profiles(self) -> Iterator[tuple[
|
117
|
+
def _iter_profiles(self) -> Iterator[tuple[UserRecord, TargetPath, TargetPath]]:
|
104
118
|
"""Yield user directories."""
|
105
|
-
for user, cur_dir in self.
|
119
|
+
for user, cur_dir in self.dirs:
|
106
120
|
for profile_dir in cur_dir.iterdir():
|
107
121
|
if not profile_dir.is_dir():
|
108
122
|
continue
|
109
123
|
yield user, cur_dir, profile_dir
|
110
124
|
|
111
|
-
def _iter_db(self, filename: str) -> Iterator[tuple[
|
125
|
+
def _iter_db(self, filename: str) -> Iterator[tuple[UserRecord, SQLite3]]:
|
112
126
|
"""Yield opened history database files of all users.
|
113
127
|
|
114
128
|
Args:
|
@@ -117,12 +131,24 @@ class FirefoxPlugin(BrowserPlugin):
|
|
117
131
|
Yields:
|
118
132
|
Opened SQLite3 databases.
|
119
133
|
"""
|
120
|
-
for user,
|
121
|
-
|
134
|
+
iter_system = ((None, system_dir, None) for user, system_dir in self.dirs if user is None)
|
135
|
+
|
136
|
+
for user, cur_dir, profile_dir in chain(iter_system, self._iter_profiles()):
|
137
|
+
if user is None and profile_dir is None:
|
138
|
+
db_file = cur_dir.parent.joinpath(filename)
|
139
|
+
# On some Android variants, some files may exist in the base directory (places.sqlite) but others
|
140
|
+
# in a nested profile directory (cookies.sqlite)
|
141
|
+
# /data/data/org.mozilla.vrbrowser/files/places.sqlite
|
142
|
+
# /data/data/org.mozilla.vrbrowser/files/mozilla/xxxxxx.default/cookies.sqlite
|
143
|
+
if not db_file.exists():
|
144
|
+
continue
|
145
|
+
else:
|
146
|
+
db_file = profile_dir.joinpath(filename)
|
147
|
+
|
122
148
|
try:
|
123
149
|
yield user, db_file, sqlite3.SQLite3(db_file.open())
|
124
150
|
except FileNotFoundError:
|
125
|
-
self.target.log.
|
151
|
+
self.target.log.info("Could not find %s file: %s", filename, db_file)
|
126
152
|
except SQLError as e:
|
127
153
|
self.target.log.warning("Could not open %s file: %s", filename, db_file)
|
128
154
|
self.target.log.debug("", exc_info=e)
|
@@ -151,6 +177,11 @@ class FirefoxPlugin(BrowserPlugin):
|
|
151
177
|
from_url (uri): URL of the "from" visit.
|
152
178
|
source: (path): The source file of the history record.
|
153
179
|
"""
|
180
|
+
if self.target.os == OperatingSystem.ANDROID:
|
181
|
+
from_timestamp = from_unix_ms
|
182
|
+
else:
|
183
|
+
from_timestamp = from_unix_us
|
184
|
+
|
154
185
|
for user, db_file, db in self._iter_db("places.sqlite"):
|
155
186
|
try:
|
156
187
|
places = {row.id: row for row in db.table("moz_places").rows()}
|
@@ -167,7 +198,7 @@ class FirefoxPlugin(BrowserPlugin):
|
|
167
198
|
from_visit, from_place = None, None
|
168
199
|
|
169
200
|
yield self.BrowserHistoryRecord(
|
170
|
-
ts=
|
201
|
+
ts=from_timestamp(row.visit_date),
|
171
202
|
browser="firefox",
|
172
203
|
id=row.id,
|
173
204
|
url=try_idna(place.url),
|
@@ -183,7 +214,7 @@ class FirefoxPlugin(BrowserPlugin):
|
|
183
214
|
from_url=try_idna(from_place.url) if from_place else None,
|
184
215
|
source=db_file,
|
185
216
|
_target=self.target,
|
186
|
-
_user=user
|
217
|
+
_user=user,
|
187
218
|
)
|
188
219
|
except SQLError as e:
|
189
220
|
self.target.log.warning("Error processing history file: %s", db_file, exc_info=e)
|
@@ -229,7 +260,7 @@ class FirefoxPlugin(BrowserPlugin):
|
|
229
260
|
same_site=bool(cookie.sameSite),
|
230
261
|
source=db_file,
|
231
262
|
_target=self.target,
|
232
|
-
_user=user
|
263
|
+
_user=user,
|
233
264
|
)
|
234
265
|
except SQLError as e:
|
235
266
|
self.target.log.warning("Error processing cookie file: %s", db_file, exc_info=e)
|
@@ -255,7 +286,10 @@ class FirefoxPlugin(BrowserPlugin):
|
|
255
286
|
for user, db_file, db in self._iter_db("places.sqlite"):
|
256
287
|
try:
|
257
288
|
places = {row.id: row for row in db.table("moz_places").rows()}
|
258
|
-
|
289
|
+
if not (moz_anno_attributes := db.table("moz_anno_attributes")):
|
290
|
+
continue
|
291
|
+
|
292
|
+
attributes = {row.id: row.name for row in moz_anno_attributes.rows()}
|
259
293
|
annotations = {}
|
260
294
|
|
261
295
|
for row in db.table("moz_annos"):
|
@@ -316,7 +350,7 @@ class FirefoxPlugin(BrowserPlugin):
|
|
316
350
|
state=state,
|
317
351
|
source=db_file,
|
318
352
|
_target=self.target,
|
319
|
-
_user=user
|
353
|
+
_user=user,
|
320
354
|
)
|
321
355
|
except SQLError as e:
|
322
356
|
self.target.log.warning("Error processing history file: %s", db_file, exc_info=e)
|
@@ -351,7 +385,9 @@ class FirefoxPlugin(BrowserPlugin):
|
|
351
385
|
|
352
386
|
if not extension_file.exists():
|
353
387
|
self.target.log.warning(
|
354
|
-
"No 'extensions.json' addon file found for user %s in directory %s",
|
388
|
+
"No 'extensions.json' addon file found for user %s in directory %s",
|
389
|
+
user.name,
|
390
|
+
profile_dir,
|
355
391
|
)
|
356
392
|
continue
|
357
393
|
|
@@ -360,8 +396,8 @@ class FirefoxPlugin(BrowserPlugin):
|
|
360
396
|
|
361
397
|
for extension in extensions.get("addons", []):
|
362
398
|
yield self.BrowserExtensionRecord(
|
363
|
-
ts_install=extension.get("installDate", 0)
|
364
|
-
ts_update=extension.get("updateDate", 0)
|
399
|
+
ts_install=from_unix_ms(extension.get("installDate", 0)),
|
400
|
+
ts_update=from_unix_ms(extension.get("updateDate", 0)),
|
365
401
|
browser="firefox",
|
366
402
|
id=extension.get("id"),
|
367
403
|
name=(extension.get("defaultLocale", {}) or {}).get("name"),
|
@@ -377,12 +413,14 @@ class FirefoxPlugin(BrowserPlugin):
|
|
377
413
|
optional_permissions=(extension.get("optionalPermissions", {}) or {}).get("permissions"),
|
378
414
|
source=extension_file,
|
379
415
|
_target=self.target,
|
380
|
-
_user=user
|
416
|
+
_user=user,
|
381
417
|
)
|
382
418
|
|
383
419
|
except FileNotFoundError:
|
384
420
|
self.target.log.info(
|
385
|
-
"No 'extensions.json' addon file found for user %s in directory %s",
|
421
|
+
"No 'extensions.json' addon file found for user %s in directory %s",
|
422
|
+
user.name,
|
423
|
+
profile_dir,
|
386
424
|
)
|
387
425
|
except json.JSONDecodeError:
|
388
426
|
self.target.log.warning(
|
@@ -410,7 +448,9 @@ class FirefoxPlugin(BrowserPlugin):
|
|
410
448
|
|
411
449
|
if not login_file.exists():
|
412
450
|
self.target.log.warning(
|
413
|
-
"No 'logins.json' password file found for user %s in directory %s",
|
451
|
+
"No 'logins.json' password file found for user %s in directory %s",
|
452
|
+
user.name,
|
453
|
+
profile_dir,
|
414
454
|
)
|
415
455
|
continue
|
416
456
|
|
@@ -445,9 +485,9 @@ class FirefoxPlugin(BrowserPlugin):
|
|
445
485
|
break
|
446
486
|
|
447
487
|
yield self.BrowserPasswordRecord(
|
448
|
-
ts_created=login.get("timeCreated", 0)
|
449
|
-
ts_last_used=login.get("timeLastUsed", 0)
|
450
|
-
ts_last_changed=login.get("timePasswordChanged", 0)
|
488
|
+
ts_created=from_unix_ms(login.get("timeCreated", 0)),
|
489
|
+
ts_last_used=from_unix_ms(login.get("timeLastUsed", 0)),
|
490
|
+
ts_last_changed=from_unix_ms(login.get("timePasswordChanged", 0)),
|
451
491
|
browser="firefox",
|
452
492
|
id=login.get("id"),
|
453
493
|
url=login.get("hostname"),
|
@@ -457,14 +497,19 @@ class FirefoxPlugin(BrowserPlugin):
|
|
457
497
|
decrypted_password=decrypted_password,
|
458
498
|
source=login_file,
|
459
499
|
_target=self.target,
|
460
|
-
_user=user
|
500
|
+
_user=user,
|
461
501
|
)
|
462
502
|
|
463
503
|
except FileNotFoundError:
|
464
|
-
self.target.log.info(
|
504
|
+
self.target.log.info(
|
505
|
+
"No password file found for user %s in directory %s",
|
506
|
+
user.name,
|
507
|
+
profile_dir,
|
508
|
+
)
|
465
509
|
except json.JSONDecodeError:
|
466
510
|
self.target.log.warning(
|
467
|
-
"logins.json file in directory %s is malformed, consider inspecting the file manually",
|
511
|
+
"logins.json file in directory %s is malformed, consider inspecting the file manually",
|
512
|
+
profile_dir,
|
468
513
|
)
|
469
514
|
|
470
515
|
|
@@ -76,17 +76,15 @@ class YaraPlugin(Plugin):
|
|
76
76
|
if hasattr(compiled_rules, "warnings") and (num_warns := len(compiled_rules.warnings)) > 0:
|
77
77
|
self.target.log.warning("YARA generated %s warnings while compiling rules", num_warns)
|
78
78
|
for warning in compiled_rules.warnings:
|
79
|
-
self.target.log.
|
79
|
+
self.target.log.info(warning)
|
80
80
|
|
81
81
|
self.target.log.warning("Will not scan files larger than %s MB", max_size // 1024 // 1024)
|
82
82
|
|
83
83
|
for _, _, files in self.target.fs.walk_ext(path):
|
84
84
|
for file in files:
|
85
85
|
try:
|
86
|
-
if file_size := file.stat().st_size > max_size:
|
87
|
-
self.target.log.
|
88
|
-
"Skipping file '%s' as it is larger than %s bytes (size is %s)", file, file_size, max_size
|
89
|
-
)
|
86
|
+
if (file_size := file.stat().st_size) > max_size:
|
87
|
+
self.target.log.info("Not scanning file of %s MB: '%s'", (file_size // 1024 // 1024), file)
|
90
88
|
continue
|
91
89
|
|
92
90
|
buf = file.open().read()
|
@@ -1,5 +1,7 @@
|
|
1
|
+
from __future__ import annotations
|
2
|
+
|
1
3
|
from functools import lru_cache
|
2
|
-
from typing import
|
4
|
+
from typing import Iterator, NamedTuple, Union
|
3
5
|
|
4
6
|
from dissect.target import Target
|
5
7
|
from dissect.target.exceptions import UnsupportedPluginError
|
@@ -7,10 +9,12 @@ from dissect.target.helpers.fsutil import TargetPath
|
|
7
9
|
from dissect.target.helpers.record import UnixUserRecord, WindowsUserRecord
|
8
10
|
from dissect.target.plugin import InternalPlugin
|
9
11
|
|
12
|
+
UserRecord = Union[UnixUserRecord, WindowsUserRecord]
|
13
|
+
|
10
14
|
|
11
15
|
class UserDetails(NamedTuple):
|
12
|
-
user:
|
13
|
-
home_path:
|
16
|
+
user: UserRecord
|
17
|
+
home_path: TargetPath | None
|
14
18
|
|
15
19
|
|
16
20
|
class UsersPlugin(InternalPlugin):
|
@@ -28,11 +32,11 @@ class UsersPlugin(InternalPlugin):
|
|
28
32
|
|
29
33
|
def find(
|
30
34
|
self,
|
31
|
-
sid:
|
32
|
-
uid:
|
33
|
-
username:
|
35
|
+
sid: str | None = None,
|
36
|
+
uid: str | None = None,
|
37
|
+
username: str | None = None,
|
34
38
|
force_case_sensitive: bool = False,
|
35
|
-
) ->
|
39
|
+
) -> UserDetails | None:
|
36
40
|
"""Find User record matching provided sid, uid or username and return UserDetails object"""
|
37
41
|
if all(map(lambda x: x is None, [sid, uid, username])):
|
38
42
|
raise ValueError("Either sid or uid or username is expected")
|
@@ -52,7 +56,7 @@ class UsersPlugin(InternalPlugin):
|
|
52
56
|
):
|
53
57
|
return self.get(user)
|
54
58
|
|
55
|
-
def get(self, user:
|
59
|
+
def get(self, user: UserRecord) -> UserDetails:
|
56
60
|
"""Return additional details about the user"""
|
57
61
|
# Resolving the user home can not use the user's environment variables,
|
58
62
|
# as those depend on the user's home to be known first. So we resolve
|
@@ -60,12 +64,12 @@ class UsersPlugin(InternalPlugin):
|
|
60
64
|
home_path = self.target.fs.path(self.target.resolve(str(user.home))) if user.home else None
|
61
65
|
return UserDetails(user=user, home_path=home_path)
|
62
66
|
|
63
|
-
def all(self) ->
|
67
|
+
def all(self) -> Iterator[UserDetails]:
|
64
68
|
"""Return UserDetails objects for all users found"""
|
65
69
|
for user in self.target.users():
|
66
70
|
yield self.get(user)
|
67
71
|
|
68
|
-
def all_with_home(self) ->
|
72
|
+
def all_with_home(self) -> Iterator[UserDetails]:
|
69
73
|
"""Return UserDetails objects for users that have existing directory set as home directory"""
|
70
74
|
for user in self.target.users():
|
71
75
|
if user.home:
|
dissect/target/target.py
CHANGED
@@ -344,7 +344,7 @@ class Target:
|
|
344
344
|
child_plugin.check_compatible()
|
345
345
|
self._child_plugins[child_plugin.__type__] = child_plugin
|
346
346
|
except PluginError as e:
|
347
|
-
self.log.
|
347
|
+
self.log.debug("Child plugin reported itself as incompatible: %s (%s)", plugin_desc["class"], e)
|
348
348
|
except Exception:
|
349
349
|
self.log.exception(
|
350
350
|
"An exception occurred while checking for child plugin compatibility: %s", plugin_desc["class"]
|
dissect/target/tools/yara.py
CHANGED
@@ -27,6 +27,7 @@ def main():
|
|
27
27
|
|
28
28
|
parser.add_argument("targets", metavar="TARGETS", nargs="*", help="Targets to load")
|
29
29
|
parser.add_argument("-s", "--strings", default=False, action="store_true", help="print output as string")
|
30
|
+
parser.add_argument("--children", action="store_true", help="include children")
|
30
31
|
|
31
32
|
for args, kwargs in getattr(YaraPlugin.yara, "__args__", []):
|
32
33
|
parser.add_argument(*args, **kwargs)
|
@@ -45,8 +46,7 @@ def main():
|
|
45
46
|
parser.exit(1)
|
46
47
|
|
47
48
|
try:
|
48
|
-
for target in Target.open_all(args.targets):
|
49
|
-
target.log.info("Scanning target")
|
49
|
+
for target in Target.open_all(args.targets, args.children):
|
50
50
|
rs = record_output(args.strings, False)
|
51
51
|
for record in target.yara(args.rules, args.path, args.max_size, args.check):
|
52
52
|
rs.write(record)
|
@@ -1,6 +1,6 @@
|
|
1
1
|
Metadata-Version: 2.1
|
2
2
|
Name: dissect.target
|
3
|
-
Version: 3.19.
|
3
|
+
Version: 3.19.dev29
|
4
4
|
Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
|
5
5
|
Author-email: Dissect Team <dissect@fox-it.com>
|
6
6
|
License: Affero General Public License v3
|
@@ -5,7 +5,7 @@ dissect/target/filesystem.py,sha256=G1gbOUpnQZyovubYGEUKgaDV0eHH5vE83-0gTc5PZAM,
|
|
5
5
|
dissect/target/loader.py,sha256=I8WNzDA0SMy42F7zfyBcSKj_VKNv64213WUvtGZ77qE,7374
|
6
6
|
dissect/target/plugin.py,sha256=HAN8maaDt-Rlqt8Rr1IW7gXQpzNQZjCVz-i4aSPphSw,48677
|
7
7
|
dissect/target/report.py,sha256=06uiP4MbNI8cWMVrC1SasNS-Yg6ptjVjckwj8Yhe0Js,7958
|
8
|
-
dissect/target/target.py,sha256=
|
8
|
+
dissect/target/target.py,sha256=KZ3vDsMjrXxEP6sQE1kOlxMNjqFFsxnivYhoX26GBEY,32363
|
9
9
|
dissect/target/volume.py,sha256=aQZAJiny8jjwkc9UtwIRwy7nINXjCxwpO-_UDfh6-BA,15801
|
10
10
|
dissect/target/containers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
11
11
|
dissect/target/containers/asdf.py,sha256=DJp0QEFwUjy2MFwKYcYqIR_BS1fQT1Yi9Kcmqt0aChM,1366
|
@@ -124,7 +124,7 @@ dissect/target/plugins/apps/browser/browser.py,sha256=rBIwcgdl73gm-8APwx2jEUAYXR
|
|
124
124
|
dissect/target/plugins/apps/browser/chrome.py,sha256=DMONTYE95sI_jcmyQOapHwWQWwrezfYMllVCCPwhEP0,3117
|
125
125
|
dissect/target/plugins/apps/browser/chromium.py,sha256=V08Hq8GHMPd7snynh5RKQl4YHlhtwmlMsodLZeOnf_4,28103
|
126
126
|
dissect/target/plugins/apps/browser/edge.py,sha256=tuuIbm4s8nNstA6nIOEfU0LG0jt20a8gf3rve2SXtdM,2953
|
127
|
-
dissect/target/plugins/apps/browser/firefox.py,sha256=
|
127
|
+
dissect/target/plugins/apps/browser/firefox.py,sha256=mZBBagFfIdiz9kUyK4Hi989I4g3CWrClBbmpaGMRKxg,32472
|
128
128
|
dissect/target/plugins/apps/browser/iexplore.py,sha256=g_xw0toaiyjevxO8g9XPCOqc-CXZp39FVquRhPFGdTE,8801
|
129
129
|
dissect/target/plugins/apps/container/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
130
130
|
dissect/target/plugins/apps/container/docker.py,sha256=KxQRbKGgxkf3YFBMa7fjeJ7qo8qjFys7zEmfQhDTnLw,15305
|
@@ -164,7 +164,7 @@ dissect/target/plugins/filesystem/acquire_hash.py,sha256=OVxI19-Bl1tdqCiFMscFMLm
|
|
164
164
|
dissect/target/plugins/filesystem/icat.py,sha256=bOMi04IlljnKwxTWTZJKtK7RxKnabFu3WcXyUwzkE-4,4090
|
165
165
|
dissect/target/plugins/filesystem/resolver.py,sha256=HfyASUFV4F9uD-yFXilFpPTORAsRDvdmTvuYHgOaOWg,4776
|
166
166
|
dissect/target/plugins/filesystem/walkfs.py,sha256=e8HEZcV5Wiua26FGWL3xgiQ_PIhcNvGI5KCdsAx2Nmo,2298
|
167
|
-
dissect/target/plugins/filesystem/yara.py,sha256=
|
167
|
+
dissect/target/plugins/filesystem/yara.py,sha256=w9kJ8trua0rhcpaN18erc0vGIFsJJeqaV6y5lMRl8JQ,6611
|
168
168
|
dissect/target/plugins/filesystem/ntfs/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
169
169
|
dissect/target/plugins/filesystem/ntfs/mft.py,sha256=2ibCLJA7yUrZshFSPKdjoNt3TpfwTtk-DaErghe91CM,11445
|
170
170
|
dissect/target/plugins/filesystem/ntfs/mft_timeline.py,sha256=vvNFAZbr7s3X2OTYf4ES_L6-XsouTXcTymfxnHfZ1Rw,6791
|
@@ -181,7 +181,7 @@ dissect/target/plugins/general/loaders.py,sha256=6iUxhlSAgo7qSE8_XFxgiihK8sdMiP-
|
|
181
181
|
dissect/target/plugins/general/osinfo.py,sha256=RdK5mw3-H9H3sGXz8yP8U_p3wUG1Ww7_HBKZpFdsbTE,1358
|
182
182
|
dissect/target/plugins/general/plugins.py,sha256=4URjS6DN1Ey6Cqlbyx6NfFGgQZpWDrqxl8KLcZFODGE,4479
|
183
183
|
dissect/target/plugins/general/scrape.py,sha256=Fz7BNXflvuxlnVulyyDhLpyU8D_hJdH6vWVtER9vjTg,6651
|
184
|
-
dissect/target/plugins/general/users.py,sha256=
|
184
|
+
dissect/target/plugins/general/users.py,sha256=yy9gvRXfN9BT71v4Xqo5hpwfgN9he9Otu8TBPZ_Tegs,3009
|
185
185
|
dissect/target/plugins/os/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
186
186
|
dissect/target/plugins/os/unix/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
187
187
|
dissect/target/plugins/os/unix/_os.py,sha256=u7m97qASdm_l90k4i7dzMtu2kcF6fVPKutx4_ISQTSg,14606
|
@@ -333,7 +333,7 @@ dissect/target/tools/query.py,sha256=ONHu2FVomLccikb84qBrlhNmEfRoHYFQMcahk_y2c9A
|
|
333
333
|
dissect/target/tools/reg.py,sha256=FDsiBBDxjWVUBTRj8xn82vZe-J_d9piM-TKS3PHZCcM,3193
|
334
334
|
dissect/target/tools/shell.py,sha256=_widEuIRqZhYzcFR52NYI8O2aPFm6tG5Uiv-AIrC32U,45155
|
335
335
|
dissect/target/tools/utils.py,sha256=sQizexY3ui5vmWw4KOBLg5ecK3TPFjD-uxDqRn56ZTY,11304
|
336
|
-
dissect/target/tools/yara.py,sha256=
|
336
|
+
dissect/target/tools/yara.py,sha256=SZ0lKshWJ0TFTDUYONVKF04TgwmtDAttUPws9j9YSvk,1806
|
337
337
|
dissect/target/tools/dump/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
338
338
|
dissect/target/tools/dump/run.py,sha256=aD84peRS4zHqC78fH7Vd4ni3m1ZmVP70LyMwBRvoDGY,9463
|
339
339
|
dissect/target/tools/dump/state.py,sha256=YYgCff0kZZ-tx27lJlc9LQ7AfoGnLK5Gyi796OnktA8,9205
|
@@ -346,10 +346,10 @@ dissect/target/volumes/luks.py,sha256=OmCMsw6rCUXG1_plnLVLTpsvE1n_6WtoRUGQbpmu1z
|
|
346
346
|
dissect/target/volumes/lvm.py,sha256=wwQVR9I3G9YzmY6UxFsH2Y4MXGBcKL9aayWGCDTiWMU,2269
|
347
347
|
dissect/target/volumes/md.py,sha256=7ShPtusuLGaIv27SvEETtgsuoQyAa4iAAeOR1NEaajI,1689
|
348
348
|
dissect/target/volumes/vmfs.py,sha256=-LoUbn9WNwTtLi_4K34uV_-wDw2W5hgaqxZNj4UmqAQ,1730
|
349
|
-
dissect.target-3.19.
|
350
|
-
dissect.target-3.19.
|
351
|
-
dissect.target-3.19.
|
352
|
-
dissect.target-3.19.
|
353
|
-
dissect.target-3.19.
|
354
|
-
dissect.target-3.19.
|
355
|
-
dissect.target-3.19.
|
349
|
+
dissect.target-3.19.dev29.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
|
350
|
+
dissect.target-3.19.dev29.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
|
351
|
+
dissect.target-3.19.dev29.dist-info/METADATA,sha256=mE32WDUFrARni26ZPIFtiWS3iHI51FCZBoIz4IVFVL4,12719
|
352
|
+
dissect.target-3.19.dev29.dist-info/WHEEL,sha256=R0nc6qTxuoLk7ShA2_Y-UWkN8ZdfDBG2B6Eqpz2WXbs,91
|
353
|
+
dissect.target-3.19.dev29.dist-info/entry_points.txt,sha256=BWuxAb_6AvUAQpIQOQU0IMTlaF6TDht2AIZK8bHd-zE,492
|
354
|
+
dissect.target-3.19.dev29.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
|
355
|
+
dissect.target-3.19.dev29.dist-info/RECORD,,
|
File without changes
|
File without changes
|
File without changes
|
{dissect.target-3.19.dev27.dist-info → dissect.target-3.19.dev29.dist-info}/entry_points.txt
RENAMED
File without changes
|
File without changes
|