dissect.target 3.19.dev55__tar.gz → 3.19.dev57__tar.gz
Sign up to get free protection for your applications and to get access to all the features.
- {dissect_target-3.19.dev55/dissect.target.egg-info → dissect_target-3.19.dev57}/PKG-INFO +1 -1
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugin.py +10 -3
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/adpolicy.py +4 -1
- dissect_target-3.19.dev57/dissect/target/plugins/os/windows/credential/lsa.py +174 -0
- {dissect_target-3.19.dev55/dissect/target/plugins/os/windows → dissect_target-3.19.dev57/dissect/target/plugins/os/windows/credential}/sam.py +5 -2
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/dpapi/blob.py +3 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/dpapi/crypto.py +61 -23
- dissect_target-3.19.dev57/dissect/target/plugins/os/windows/dpapi/dpapi.py +188 -0
- dissect_target-3.19.dev57/dissect/target/plugins/os/windows/dpapi/keyprovider/credhist.py +21 -0
- dissect_target-3.19.dev57/dissect/target/plugins/os/windows/dpapi/keyprovider/empty.py +17 -0
- dissect_target-3.19.dev57/dissect/target/plugins/os/windows/dpapi/keyprovider/keychain.py +20 -0
- dissect_target-3.19.dev57/dissect/target/plugins/os/windows/dpapi/keyprovider/keyprovider.py +8 -0
- dissect_target-3.19.dev57/dissect/target/plugins/os/windows/dpapi/keyprovider/lsa.py +38 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/dpapi/master_key.py +3 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/regf/shimcache.py +2 -2
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/task_helpers/tasks_xml.py +1 -1
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/tools/query.py +2 -2
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57/dissect.target.egg-info}/PKG-INFO +1 -1
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect.target.egg-info/SOURCES.txt +14 -4
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/conftest.py +23 -77
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/apps/browser/test_chrome.py +70 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/apps/ssh/test_putty.py +4 -3
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/unix/test_generic.py +2 -2
- {dissect_target-3.19.dev55/tests/plugins/os/windows → dissect_target-3.19.dev57/tests/plugins/os/windows/credential}/test_credhist.py +4 -1
- dissect_target-3.19.dev57/tests/plugins/os/windows/credential/test_lsa.py +145 -0
- {dissect_target-3.19.dev55/tests/plugins/os/windows → dissect_target-3.19.dev57/tests/plugins/os/windows/credential}/test_sam.py +20 -23
- dissect_target-3.19.dev57/tests/plugins/os/windows/regf/__init__.py +0 -0
- dissect_target-3.19.dev57/tests/plugins/os/windows/test_dpapi.py +533 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/test_plugin.py +25 -0
- dissect_target-3.19.dev57/tests/tools/__init__.py +0 -0
- dissect_target-3.19.dev57/tests/volumes/__init__.py +0 -0
- dissect_target-3.19.dev55/dissect/target/plugins/os/windows/dpapi/dpapi.py +0 -194
- dissect_target-3.19.dev55/tests/plugins/os/windows/test_dpapi.py +0 -42
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/COPYRIGHT +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/LICENSE +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/MANIFEST.in +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/README.md +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/container.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/containers/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/containers/asdf.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/containers/ewf.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/containers/fortifw.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/containers/hdd.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/containers/hds.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/containers/qcow2.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/containers/raw.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/containers/split.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/containers/vdi.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/containers/vhd.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/containers/vhdx.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/containers/vmdk.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/data/autocompletion/target_bash_completion.sh +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/exceptions.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/filesystem.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/filesystems/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/filesystems/ad1.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/filesystems/btrfs.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/filesystems/cb.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/filesystems/config.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/filesystems/cpio.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/filesystems/dir.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/filesystems/exfat.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/filesystems/extfs.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/filesystems/fat.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/filesystems/ffs.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/filesystems/itunes.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/filesystems/jffs.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/filesystems/ntfs.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/filesystems/overlay.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/filesystems/smb.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/filesystems/squashfs.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/filesystems/tar.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/filesystems/vmfs.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/filesystems/vmtar.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/filesystems/xfs.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/filesystems/zip.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/helpers/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/helpers/cache.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/helpers/compat/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/helpers/compat/path_310.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/helpers/compat/path_311.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/helpers/compat/path_312.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/helpers/compat/path_39.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/helpers/compat/path_common.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/helpers/config.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/helpers/configutil.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/helpers/cyber.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/helpers/data/windowsZones.xml +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/helpers/descriptor_extensions.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/helpers/docs.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/helpers/fsutil.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/helpers/hashutil.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/helpers/keychain.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/helpers/lazy.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/helpers/loaderutil.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/helpers/localeutil.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/helpers/mount.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/helpers/mui.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/helpers/network_managers.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/helpers/polypath.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/helpers/protobuf.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/helpers/record.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/helpers/record_modifier.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/helpers/regutil.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/helpers/shell_application_ids.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/helpers/shell_folder_ids.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/helpers/targetd.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/helpers/utils.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/loader.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/loaders/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/loaders/ab.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/loaders/ad1.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/loaders/asdf.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/loaders/cb.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/loaders/cyber.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/loaders/dir.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/loaders/hyperv.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/loaders/itunes.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/loaders/kape.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/loaders/libvirt.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/loaders/local.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/loaders/log.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/loaders/mqtt.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/loaders/multiraw.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/loaders/ova.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/loaders/overlay.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/loaders/ovf.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/loaders/phobos.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/loaders/profile.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/loaders/pvm.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/loaders/pvs.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/loaders/raw.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/loaders/remote.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/loaders/res.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/loaders/smb.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/loaders/tanium.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/loaders/tar.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/loaders/target.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/loaders/targetd.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/loaders/utm.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/loaders/vb.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/loaders/vbox.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/loaders/velociraptor.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/loaders/vma.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/loaders/vmwarevm.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/loaders/vmx.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/loaders/xva.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/apps/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/apps/av/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/apps/av/mcafee.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/apps/av/sophos.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/apps/av/symantec.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/apps/av/trendmicro.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/apps/browser/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/apps/browser/brave.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/apps/browser/browser.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/apps/browser/chrome.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/apps/browser/chromium.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/apps/browser/edge.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/apps/browser/firefox.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/apps/browser/iexplore.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/apps/container/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/apps/container/docker.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/apps/remoteaccess/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/apps/remoteaccess/anydesk.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/apps/remoteaccess/remoteaccess.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/apps/remoteaccess/teamviewer.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/apps/shell/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/apps/shell/powershell.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/apps/ssh/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/apps/ssh/openssh.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/apps/ssh/opensshd.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/apps/ssh/putty.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/apps/ssh/ssh.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/apps/texteditor/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/apps/texteditor/texteditor.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/apps/texteditor/windowsnotepad.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/apps/vpn/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/apps/vpn/openvpn.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/apps/vpn/wireguard.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/apps/webhosting/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/apps/webhosting/cpanel.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/apps/webserver/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/apps/webserver/apache.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/apps/webserver/caddy.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/apps/webserver/citrix.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/apps/webserver/iis.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/apps/webserver/nginx.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/apps/webserver/webserver.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/child/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/child/docker.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/child/esxi.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/child/hyperv.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/child/qemu.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/child/virtuozzo.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/child/vmware_workstation.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/child/wsl.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/filesystem/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/filesystem/acquire_handles.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/filesystem/acquire_hash.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/filesystem/icat.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/filesystem/ntfs/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/filesystem/ntfs/mft.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/filesystem/ntfs/mft_timeline.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/filesystem/ntfs/usnjrnl.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/filesystem/ntfs/utils.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/filesystem/resolver.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/filesystem/unix/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/filesystem/unix/capability.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/filesystem/unix/suid.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/filesystem/walkfs.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/filesystem/yara.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/general/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/general/config.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/general/default.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/general/example.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/general/loaders.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/general/network.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/general/osinfo.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/general/plugins.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/general/scrape.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/general/users.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/_os.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/bsd/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/bsd/_os.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/bsd/citrix/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/bsd/citrix/_os.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/bsd/citrix/history.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/bsd/freebsd/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/bsd/freebsd/_os.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/bsd/ios/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/bsd/ios/_os.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/bsd/openbsd/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/bsd/openbsd/_os.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/bsd/osx/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/bsd/osx/_os.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/bsd/osx/user.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/cronjobs.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/datetime.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/esxi/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/esxi/_os.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/etc/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/etc/etc.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/etc.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/generic.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/history.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/linux/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/linux/_os.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/linux/android/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/linux/android/_os.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/linux/cmdline.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/linux/debian/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/linux/debian/_os.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/linux/debian/apt.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/linux/debian/dpkg.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/linux/debian/vyos/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/linux/debian/vyos/_os.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/linux/environ.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/linux/fortios/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/linux/fortios/_keys.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/linux/fortios/_os.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/linux/fortios/generic.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/linux/fortios/locale.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/linux/iptables.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/linux/modules.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/linux/netstat.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/linux/proc.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/linux/processes.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/linux/redhat/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/linux/redhat/_os.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/linux/redhat/yum.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/linux/services.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/linux/sockets.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/linux/suse/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/linux/suse/_os.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/linux/suse/zypper.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/locale.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/locate/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/locate/gnulocate.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/locate/locate.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/locate/mlocate.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/locate/plocate.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/log/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/log/atop.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/log/audit.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/log/auth.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/log/journal.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/log/lastlog.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/log/messages.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/log/utmp.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/packagemanager.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/unix/shadow.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/_os.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/activitiescache.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/amcache.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/catroot.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/cim.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/clfs.py +0 -0
- {dissect_target-3.19.dev55/dissect/target/plugins/os/windows/defender_helpers → dissect_target-3.19.dev57/dissect/target/plugins/os/windows/credential}/__init__.py +0 -0
- {dissect_target-3.19.dev55/dissect/target/plugins/os/windows → dissect_target-3.19.dev57/dissect/target/plugins/os/windows/credential}/credhist.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/datetime.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/defender.py +0 -0
- {dissect_target-3.19.dev55/dissect/target/plugins/os/windows/dpapi → dissect_target-3.19.dev57/dissect/target/plugins/os/windows/defender_helpers}/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/defender_helpers/defender_patterns.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/defender_helpers/defender_records.py +0 -0
- {dissect_target-3.19.dev55/dissect/target/plugins/os/windows/exchange → dissect_target-3.19.dev57/dissect/target/plugins/os/windows/dpapi}/__init__.py +0 -0
- {dissect_target-3.19.dev55/dissect/target/plugins/os/windows/log → dissect_target-3.19.dev57/dissect/target/plugins/os/windows/dpapi/keyprovider}/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/env.py +0 -0
- {dissect_target-3.19.dev55/dissect/target/plugins/os/windows/regf → dissect_target-3.19.dev57/dissect/target/plugins/os/windows/exchange}/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/exchange/exchange.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/generic.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/jumplist.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/lnk.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/locale.py +0 -0
- {dissect_target-3.19.dev55/dissect/target/plugins/os/windows/task_helpers → dissect_target-3.19.dev57/dissect/target/plugins/os/windows/log}/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/log/amcache.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/log/etl.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/log/evt.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/log/evtx.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/log/pfro.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/log/schedlgu.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/notifications.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/prefetch.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/recyclebin.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/regf/7zip.py +0 -0
- {dissect_target-3.19.dev55/dissect/target/tools → dissect_target-3.19.dev57/dissect/target/plugins/os/windows/regf}/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/regf/appxdebugkeys.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/regf/auditpol.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/regf/bam.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/regf/cit.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/regf/clsid.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/regf/firewall.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/regf/mru.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/regf/muicache.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/regf/nethist.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/regf/recentfilecache.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/regf/regf.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/regf/runkeys.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/regf/shellbags.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/regf/trusteddocs.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/regf/usb.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/regf/userassist.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/registry.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/services.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/sru.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/startupinfo.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/syscache.py +0 -0
- {dissect_target-3.19.dev55/dissect/target/tools/dump → dissect_target-3.19.dev57/dissect/target/plugins/os/windows/task_helpers}/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/task_helpers/tasks_job.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/task_helpers/tasks_records.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/tasks.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/thumbcache.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/ual.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/wer.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/plugins/os/windows/wua_history.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/report.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/target.py +0 -0
- {dissect_target-3.19.dev55/dissect/target/volumes → dissect_target-3.19.dev57/dissect/target/tools}/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/tools/build_pluginlist.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/tools/dd.py +0 -0
- {dissect_target-3.19.dev55/tests → dissect_target-3.19.dev57/dissect/target/tools/dump}/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/tools/dump/run.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/tools/dump/state.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/tools/dump/utils.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/tools/fs.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/tools/fsutils.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/tools/info.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/tools/logging.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/tools/mount.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/tools/reg.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/tools/shell.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/tools/utils.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/tools/yara.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/volume.py +0 -0
- {dissect_target-3.19.dev55/tests/containers → dissect_target-3.19.dev57/dissect/target/volumes}/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/volumes/bde.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/volumes/ddf.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/volumes/disk.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/volumes/luks.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/volumes/lvm.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/volumes/md.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect/target/volumes/vmfs.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect.target.egg-info/dependency_links.txt +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect.target.egg-info/entry_points.txt +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect.target.egg-info/requires.txt +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/dissect.target.egg-info/top_level.txt +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/pyproject.toml +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/setup.cfg +0 -0
- {dissect_target-3.19.dev55/tests/filesystems → dissect_target-3.19.dev57/tests}/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/_docs/Makefile +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/_docs/conf.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/_docs/index.rst +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/_utils.py +0 -0
- {dissect_target-3.19.dev55/tests/helpers → dissect_target-3.19.dev57/tests/containers}/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/containers/test_fortifw.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/containers/test_split.py +0 -0
- {dissect_target-3.19.dev55/tests/loaders → dissect_target-3.19.dev57/tests/filesystems}/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/filesystems/test_cb.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/filesystems/test_config.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/filesystems/test_cpio.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/filesystems/test_dir.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/filesystems/test_exfat.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/filesystems/test_fat.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/filesystems/test_ntfs.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/filesystems/test_overlay.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/filesystems/test_smb.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/filesystems/test_tar.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/filesystems/test_vmtar.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/filesystems/test_zip.py +0 -0
- {dissect_target-3.19.dev55/tests/plugins → dissect_target-3.19.dev57/tests/helpers}/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/helpers/test_cache.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/helpers/test_config.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/helpers/test_configutil.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/helpers/test_docs.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/helpers/test_fsutil.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/helpers/test_hashutil.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/helpers/test_keychain.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/helpers/test_loaderutil.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/helpers/test_localeutil.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/helpers/test_modifier.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/helpers/test_protobuf.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/helpers/test_record.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/helpers/test_regutil.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/helpers/test_utils.py +0 -0
- {dissect_target-3.19.dev55/tests/plugins/apps → dissect_target-3.19.dev57/tests/loaders}/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/loaders/test_ab.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/loaders/test_asdf.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/loaders/test_cb.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/loaders/test_dir.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/loaders/test_hyperv.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/loaders/test_kape.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/loaders/test_libvirt.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/loaders/test_local.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/loaders/test_log.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/loaders/test_mqtt.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/loaders/test_multiraw.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/loaders/test_ova.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/loaders/test_overlay.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/loaders/test_ovf.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/loaders/test_phobos.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/loaders/test_pvm.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/loaders/test_pvs.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/loaders/test_remote.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/loaders/test_smb.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/loaders/test_tanium.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/loaders/test_tar.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/loaders/test_utm.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/loaders/test_vbox.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/loaders/test_velociraptor.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/loaders/test_vmwarevm.py +0 -0
- {dissect_target-3.19.dev55/tests/plugins/apps/av → dissect_target-3.19.dev57/tests/plugins}/__init__.py +0 -0
- {dissect_target-3.19.dev55/tests/plugins/apps/browser → dissect_target-3.19.dev57/tests/plugins/apps}/__init__.py +0 -0
- {dissect_target-3.19.dev55/tests/plugins/apps/container → dissect_target-3.19.dev57/tests/plugins/apps/av}/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/apps/av/test_mcafee.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/apps/av/test_sophos.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/apps/av/test_symantec.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/apps/av/test_trendmicro.py +0 -0
- {dissect_target-3.19.dev55/tests/plugins/apps/remoteaccess → dissect_target-3.19.dev57/tests/plugins/apps/browser}/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/apps/browser/test_brave.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/apps/browser/test_chromium.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/apps/browser/test_edge.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/apps/browser/test_firefox.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/apps/browser/test_iexplore.py +0 -0
- {dissect_target-3.19.dev55/tests/plugins/apps/shell → dissect_target-3.19.dev57/tests/plugins/apps/container}/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/apps/container/test_docker.py +0 -0
- {dissect_target-3.19.dev55/tests/plugins/apps/ssh → dissect_target-3.19.dev57/tests/plugins/apps/remoteaccess}/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/apps/remoteaccess/test_anydesk.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/apps/remoteaccess/test_teamviewer.py +0 -0
- {dissect_target-3.19.dev55/tests/plugins/apps/texteditor → dissect_target-3.19.dev57/tests/plugins/apps/shell}/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/apps/shell/test_powershell.py +0 -0
- {dissect_target-3.19.dev55/tests/plugins/apps/vpn → dissect_target-3.19.dev57/tests/plugins/apps/ssh}/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/apps/ssh/test_openssh.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/apps/ssh/test_opensshd.py +0 -0
- {dissect_target-3.19.dev55/tests/plugins/apps/webhosting → dissect_target-3.19.dev57/tests/plugins/apps/texteditor}/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/apps/texteditor/test_texteditor.py +0 -0
- {dissect_target-3.19.dev55/tests/plugins/apps/webserver → dissect_target-3.19.dev57/tests/plugins/apps/vpn}/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/apps/vpn/test_openvpn.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/apps/vpn/test_wireguard.py +0 -0
- {dissect_target-3.19.dev55/tests/plugins/child → dissect_target-3.19.dev57/tests/plugins/apps/webhosting}/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/apps/webhosting/test_cpanel.py +0 -0
- {dissect_target-3.19.dev55/tests/plugins/filesystem → dissect_target-3.19.dev57/tests/plugins/apps/webserver}/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/apps/webserver/test_apache.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/apps/webserver/test_caddy.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/apps/webserver/test_citrix.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/apps/webserver/test_iis.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/apps/webserver/test_nginx.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/apps/webserver/test_webserver.py +0 -0
- {dissect_target-3.19.dev55/tests/plugins/filesystem/ntfs → dissect_target-3.19.dev57/tests/plugins/child}/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/child/test_docker.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/child/test_hyperv.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/child/test_qemu.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/child/test_virtuozzo.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/child/test_wsl.py +0 -0
- {dissect_target-3.19.dev55/tests/plugins/filesystem/unix → dissect_target-3.19.dev57/tests/plugins/filesystem}/__init__.py +0 -0
- {dissect_target-3.19.dev55/tests/plugins/general → dissect_target-3.19.dev57/tests/plugins/filesystem/ntfs}/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/filesystem/ntfs/test_mft.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/filesystem/ntfs/test_usnjrnl.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/filesystem/test_acquire_handles.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/filesystem/test_acquire_hash.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/filesystem/test_icat.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/filesystem/test_resolver.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/filesystem/test_walkfs.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/filesystem/test_yara.py +0 -0
- {dissect_target-3.19.dev55/tests/plugins/os → dissect_target-3.19.dev57/tests/plugins/filesystem/unix}/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/filesystem/unix/test_capability.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/filesystem/unix/test_suid.py +0 -0
- {dissect_target-3.19.dev55/tests/plugins/os/unix → dissect_target-3.19.dev57/tests/plugins/general}/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/general/test_config.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/general/test_default.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/general/test_network.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/general/test_plugins.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/general/test_scrape.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/general/test_users.py +0 -0
- {dissect_target-3.19.dev55/tests/plugins/os/unix/bsd → dissect_target-3.19.dev57/tests/plugins/os}/__init__.py +0 -0
- {dissect_target-3.19.dev55/tests/plugins/os/unix/bsd/citrix → dissect_target-3.19.dev57/tests/plugins/os/unix}/__init__.py +0 -0
- {dissect_target-3.19.dev55/tests/plugins/os/unix/bsd/osx → dissect_target-3.19.dev57/tests/plugins/os/unix/bsd}/__init__.py +0 -0
- {dissect_target-3.19.dev55/tests/plugins/os/unix/esxi → dissect_target-3.19.dev57/tests/plugins/os/unix/bsd/citrix}/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/unix/bsd/citrix/test__os.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/unix/bsd/citrix/test_history.py +0 -0
- {dissect_target-3.19.dev55/tests/plugins/os/unix/linux → dissect_target-3.19.dev57/tests/plugins/os/unix/bsd/osx}/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/unix/bsd/osx/test__os.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/unix/bsd/osx/test_user.py +0 -0
- {dissect_target-3.19.dev55/tests/plugins/os/unix/linux/android → dissect_target-3.19.dev57/tests/plugins/os/unix/esxi}/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/unix/esxi/test__os.py +0 -0
- {dissect_target-3.19.dev55/tests/plugins/os/unix/linux/debian → dissect_target-3.19.dev57/tests/plugins/os/unix/linux}/__init__.py +0 -0
- {dissect_target-3.19.dev55/tests/plugins/os/unix/linux/redhat → dissect_target-3.19.dev57/tests/plugins/os/unix/linux/android}/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/unix/linux/android/test__os.py +0 -0
- {dissect_target-3.19.dev55/tests/plugins/os/unix/linux/suse → dissect_target-3.19.dev57/tests/plugins/os/unix/linux/debian}/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/unix/linux/debian/test_apt.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/unix/linux/debian/test_dpkg.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/unix/linux/fortios/test_keys.py +0 -0
- {dissect_target-3.19.dev55/tests/plugins/os/unix/locate → dissect_target-3.19.dev57/tests/plugins/os/unix/linux/redhat}/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/unix/linux/redhat/test_yum.py +0 -0
- {dissect_target-3.19.dev55/tests/plugins/os/unix/log → dissect_target-3.19.dev57/tests/plugins/os/unix/linux/suse}/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/unix/linux/suse/test_zypper.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/unix/linux/test__os.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/unix/linux/test_cmdline.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/unix/linux/test_environ.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/unix/linux/test_iptables.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/unix/linux/test_modules.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/unix/linux/test_netstat.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/unix/linux/test_proc.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/unix/linux/test_processes.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/unix/linux/test_services.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/unix/linux/test_sockets.py +0 -0
- {dissect_target-3.19.dev55/tests/plugins/os/windows → dissect_target-3.19.dev57/tests/plugins/os/unix/locate}/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/unix/locate/test_gnulocate.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/unix/locate/test_mlocate.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/unix/locate/test_plocate.py +0 -0
- {dissect_target-3.19.dev55/tests/plugins/os/windows/regf → dissect_target-3.19.dev57/tests/plugins/os/unix/log}/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/unix/log/test_atop.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/unix/log/test_audit.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/unix/log/test_auth.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/unix/log/test_lastlog.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/unix/log/test_messages.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/unix/log/test_utmp.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/unix/test__os.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/unix/test_history.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/unix/test_ips.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/unix/test_journal.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/unix/test_locale.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/unix/test_packagemanager.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/unix/test_shadow.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/unix/test_users.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/unix/test_version.py +0 -0
- {dissect_target-3.19.dev55/tests/tools → dissect_target-3.19.dev57/tests/plugins/os/windows}/__init__.py +0 -0
- {dissect_target-3.19.dev55/tests/volumes → dissect_target-3.19.dev57/tests/plugins/os/windows/credential}/__init__.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/windows/log/test_etl.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/windows/log/test_evt.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/windows/log/test_evtx.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/windows/log/test_schedlgu.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/windows/regf/test_appxdebugkeys.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/windows/regf/test_cit.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/windows/regf/test_clsid.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/windows/regf/test_muicache.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/windows/regf/test_shellbags.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/windows/regf/test_trusteddocs.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/windows/regf/test_usb.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/windows/regf/test_userassist.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/windows/test__os.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/windows/test_adpolicy.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/windows/test_amcache.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/windows/test_catroot.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/windows/test_clfs.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/windows/test_datetime.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/windows/test_defender.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/windows/test_env.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/windows/test_generic.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/windows/test_jumplist.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/windows/test_lnk.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/windows/test_locale.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/windows/test_mru.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/windows/test_notifications.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/windows/test_prefetch.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/windows/test_recyclebin.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/windows/test_registry.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/windows/test_shimcache.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/windows/test_sru.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/windows/test_syscache.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/windows/test_tasks.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/windows/test_thumbcache.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/windows/test_ual.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/windows/test_wer.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/plugins/os/windows/test_wua_history.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/test_container.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/test_filesystem.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/test_registration.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/test_report.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/test_target.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/test_tests.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/test_volume.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/tools/test_dump.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/tools/test_fs.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/tools/test_fsutils.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/tools/test_info.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/tools/test_mount.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/tools/test_query.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/tools/test_reg.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/tools/test_shell.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/tools/test_utils.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/tools/test_yara.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/volumes/test_bde.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tests/volumes/test_md.py +0 -0
- {dissect_target-3.19.dev55 → dissect_target-3.19.dev57}/tox.ini +0 -0
@@ -1,6 +1,6 @@
|
|
1
1
|
Metadata-Version: 2.1
|
2
2
|
Name: dissect.target
|
3
|
-
Version: 3.19.
|
3
|
+
Version: 3.19.dev57
|
4
4
|
Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
|
5
5
|
Author-email: Dissect Team <dissect@fox-it.com>
|
6
6
|
License: Affero General Public License v3
|
@@ -142,7 +142,7 @@ def get_nonprivate_attributes(cls: Type[Plugin]) -> list[Any]:
|
|
142
142
|
|
143
143
|
def get_nonprivate_methods(cls: Type[Plugin]) -> list[Callable]:
|
144
144
|
"""Retrieve all public methods of a :class:`Plugin`."""
|
145
|
-
return [attr for attr in get_nonprivate_attributes(cls) if not isinstance(attr, property)]
|
145
|
+
return [attr for attr in get_nonprivate_attributes(cls) if not isinstance(attr, property) and callable(attr)]
|
146
146
|
|
147
147
|
|
148
148
|
def get_descriptors_on_nonprivate_methods(cls: Type[Plugin]) -> list[RecordDescriptor]:
|
@@ -1020,7 +1020,7 @@ class NamespacePlugin(Plugin):
|
|
1020
1020
|
continue
|
1021
1021
|
|
1022
1022
|
# The method needs to output records
|
1023
|
-
if getattr(subplugin_func, "__output__", None)
|
1023
|
+
if getattr(subplugin_func, "__output__", None) not in ["record", "yield"]:
|
1024
1024
|
continue
|
1025
1025
|
|
1026
1026
|
# The method may not be part of a parent class.
|
@@ -1106,6 +1106,9 @@ class NamespacePlugin(Plugin):
|
|
1106
1106
|
cls.__init_subclass_namespace__(cls, **kwargs)
|
1107
1107
|
|
1108
1108
|
|
1109
|
+
__COMMON_PLUGIN_METHOD_NAMES__ = {attr.__name__ for attr in get_nonprivate_methods(Plugin)}
|
1110
|
+
|
1111
|
+
|
1109
1112
|
class InternalPlugin(Plugin):
|
1110
1113
|
"""Parent class for internal plugins.
|
1111
1114
|
|
@@ -1115,13 +1118,17 @@ class InternalPlugin(Plugin):
|
|
1115
1118
|
|
1116
1119
|
def __init_subclass__(cls, **kwargs):
|
1117
1120
|
for method in get_nonprivate_methods(cls):
|
1118
|
-
if callable(method):
|
1121
|
+
if callable(method) and method.__name__ not in __COMMON_PLUGIN_METHOD_NAMES__:
|
1119
1122
|
method.__internal__ = True
|
1120
1123
|
|
1121
1124
|
super().__init_subclass__(**kwargs)
|
1122
1125
|
return cls
|
1123
1126
|
|
1124
1127
|
|
1128
|
+
class InternalNamespacePlugin(NamespacePlugin, InternalPlugin):
|
1129
|
+
pass
|
1130
|
+
|
1131
|
+
|
1125
1132
|
@dataclass(frozen=True, eq=True)
|
1126
1133
|
class PluginFunction:
|
1127
1134
|
name: str
|
@@ -69,7 +69,10 @@ class ADPolicyPlugin(Plugin):
|
|
69
69
|
xml = task_file.read_text()
|
70
70
|
tree = ElementTree.fromstring(xml)
|
71
71
|
for task in tree.findall(".//{*}Task"):
|
72
|
-
|
72
|
+
# https://github.com/python/cpython/issues/83122
|
73
|
+
if (properties := task.find("Properties")) is None:
|
74
|
+
properties = task
|
75
|
+
|
73
76
|
task_data = ElementTree.tostring(task)
|
74
77
|
yield ADPolicyRecord(
|
75
78
|
last_modification_time=task_file_stat.st_mtime,
|
@@ -0,0 +1,174 @@
|
|
1
|
+
from __future__ import annotations
|
2
|
+
|
3
|
+
import hashlib
|
4
|
+
from functools import cached_property
|
5
|
+
from typing import Iterator
|
6
|
+
|
7
|
+
from dissect.target.exceptions import RegistryKeyNotFoundError, UnsupportedPluginError
|
8
|
+
from dissect.target.helpers.record import TargetRecordDescriptor
|
9
|
+
from dissect.target.plugin import Plugin, export
|
10
|
+
|
11
|
+
try:
|
12
|
+
from Crypto.Cipher import AES, ARC4, DES
|
13
|
+
|
14
|
+
HAS_CRYPTO = True
|
15
|
+
except ImportError:
|
16
|
+
HAS_CRYPTO = False
|
17
|
+
|
18
|
+
|
19
|
+
LSASecretRecord = TargetRecordDescriptor(
|
20
|
+
"windows/credential/lsa",
|
21
|
+
[
|
22
|
+
("datetime", "ts"),
|
23
|
+
("string", "name"),
|
24
|
+
("string", "value"),
|
25
|
+
],
|
26
|
+
)
|
27
|
+
|
28
|
+
|
29
|
+
class LSAPlugin(Plugin):
|
30
|
+
"""Windows Local Security Authority (LSA) plugin.
|
31
|
+
|
32
|
+
Resources:
|
33
|
+
- https://learn.microsoft.com/en-us/windows/win32/secauthn/lsa-authentication
|
34
|
+
- https://moyix.blogspot.com/2008/02/decrypting-lsa-secrets.html (Windows XP)
|
35
|
+
- https://github.com/fortra/impacket/blob/master/impacket/examples/secretsdump.py
|
36
|
+
"""
|
37
|
+
|
38
|
+
__namespace__ = "lsa"
|
39
|
+
|
40
|
+
SECURITY_POLICY_KEY = "HKEY_LOCAL_MACHINE\\SECURITY\\Policy"
|
41
|
+
SYSTEM_KEY = "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\LSA"
|
42
|
+
|
43
|
+
def check_compatible(self) -> None:
|
44
|
+
if not HAS_CRYPTO:
|
45
|
+
raise UnsupportedPluginError("Missing pycryptodome dependency")
|
46
|
+
|
47
|
+
if not self.target.has_function("registry") or not list(self.target.registry.keys(self.SYSTEM_KEY)):
|
48
|
+
raise UnsupportedPluginError("Registry key not found: %s", self.SYSTEM_KEY)
|
49
|
+
|
50
|
+
@cached_property
|
51
|
+
def syskey(self) -> bytes:
|
52
|
+
"""Return byte value of Windows system SYSKEY, also called BootKey."""
|
53
|
+
lsa = self.target.registry.key(self.SYSTEM_KEY)
|
54
|
+
syskey_keys = ["JD", "Skew1", "GBG", "Data"]
|
55
|
+
# This magic value rotates the order of the data
|
56
|
+
alterator = [0x8, 0x5, 0x4, 0x2, 0xB, 0x9, 0xD, 0x3, 0x0, 0x6, 0x1, 0xC, 0xE, 0xA, 0xF, 0x7]
|
57
|
+
|
58
|
+
r = bytes.fromhex("".join([lsa.subkey(key).class_name for key in syskey_keys]))
|
59
|
+
return bytes(r[i] for i in alterator)
|
60
|
+
|
61
|
+
@cached_property
|
62
|
+
def lsakey(self) -> bytes:
|
63
|
+
"""Decrypt and return the LSA key of the Windows system."""
|
64
|
+
security_pol = self.target.registry.key(self.SECURITY_POLICY_KEY)
|
65
|
+
|
66
|
+
try:
|
67
|
+
# Windows Vista or newer
|
68
|
+
enc_key = security_pol.subkey("PolEKList").value("(Default)").value
|
69
|
+
lsa_key = _decrypt_aes(enc_key, self.syskey)
|
70
|
+
return lsa_key[68:100]
|
71
|
+
except RegistryKeyNotFoundError:
|
72
|
+
pass
|
73
|
+
|
74
|
+
try:
|
75
|
+
# Windows XP
|
76
|
+
enc_key = security_pol.subkey("PolSecretEncryptionKey").value("(Default)").value
|
77
|
+
lsa_key = _decrypt_rc4(enc_key, self.syskey)
|
78
|
+
return lsa_key[16:32]
|
79
|
+
except RegistryKeyNotFoundError:
|
80
|
+
pass
|
81
|
+
|
82
|
+
raise ValueError("Unable to determine LSA policy key location in registry")
|
83
|
+
|
84
|
+
@cached_property
|
85
|
+
def _secrets(self) -> dict[str, bytes] | None:
|
86
|
+
"""Return dict of Windows system decrypted LSA secrets."""
|
87
|
+
if not self.target.ntversion:
|
88
|
+
raise ValueError("Unable to determine Windows NT version")
|
89
|
+
|
90
|
+
result = {}
|
91
|
+
for subkey in self.target.registry.key(self.SECURITY_POLICY_KEY).subkey("Secrets").subkeys():
|
92
|
+
enc_data = subkey.subkey("CurrVal").value("(Default)").value
|
93
|
+
|
94
|
+
# Windows Vista or newer
|
95
|
+
if float(self.target.ntversion) >= 6.0:
|
96
|
+
secret = _decrypt_aes(enc_data, self.lsakey)
|
97
|
+
|
98
|
+
# Windows XP
|
99
|
+
else:
|
100
|
+
secret = _decrypt_des(enc_data, self.lsakey)
|
101
|
+
|
102
|
+
result[subkey.name] = secret
|
103
|
+
|
104
|
+
return result
|
105
|
+
|
106
|
+
@export(record=LSASecretRecord)
|
107
|
+
def secrets(self) -> Iterator[LSASecretRecord]:
|
108
|
+
"""Yield decrypted LSA secrets from a Windows target."""
|
109
|
+
for key, value in self._secrets.items():
|
110
|
+
yield LSASecretRecord(
|
111
|
+
ts=self.target.registry.key(f"{self.SECURITY_POLICY_KEY}\\Secrets\\{key}").ts,
|
112
|
+
name=key,
|
113
|
+
value=value.hex(),
|
114
|
+
_target=self.target,
|
115
|
+
)
|
116
|
+
|
117
|
+
|
118
|
+
def _decrypt_aes(data: bytes, key: bytes) -> bytes:
|
119
|
+
ctx = hashlib.sha256()
|
120
|
+
ctx.update(key)
|
121
|
+
for _ in range(1, 1000 + 1):
|
122
|
+
ctx.update(data[28:60])
|
123
|
+
|
124
|
+
ciphertext = data[60:]
|
125
|
+
plaintext = []
|
126
|
+
|
127
|
+
for i in range(0, len(ciphertext), 16):
|
128
|
+
cipher = AES.new(ctx.digest(), AES.MODE_CBC, iv=b"\x00" * 16)
|
129
|
+
plaintext.append(cipher.decrypt(ciphertext[i : i + 16].ljust(16, b"\x00")))
|
130
|
+
|
131
|
+
return b"".join(plaintext)
|
132
|
+
|
133
|
+
|
134
|
+
def _decrypt_rc4(data: bytes, key: bytes) -> bytes:
|
135
|
+
md5 = hashlib.md5()
|
136
|
+
md5.update(key)
|
137
|
+
for _ in range(1000):
|
138
|
+
md5.update(data[60:76])
|
139
|
+
rc4_key = md5.digest()
|
140
|
+
|
141
|
+
cipher = ARC4.new(rc4_key)
|
142
|
+
return cipher.decrypt(data[12:60])
|
143
|
+
|
144
|
+
|
145
|
+
def _decrypt_des(data: bytes, key: bytes) -> bytes:
|
146
|
+
plaintext = []
|
147
|
+
|
148
|
+
enc_size = int.from_bytes(data[:4], "little")
|
149
|
+
data = data[len(data) - enc_size :]
|
150
|
+
|
151
|
+
key0 = key
|
152
|
+
for _ in range(0, len(data), 8):
|
153
|
+
ciphertext = data[:8]
|
154
|
+
block_key = _transform_key(key0[:7])
|
155
|
+
|
156
|
+
cipher = DES.new(block_key, DES.MODE_ECB)
|
157
|
+
plaintext.append(cipher.decrypt(ciphertext))
|
158
|
+
|
159
|
+
key0 = key0[7:]
|
160
|
+
data = data[8:]
|
161
|
+
|
162
|
+
if len(key0) < 7:
|
163
|
+
key0 = key[len(key0) :]
|
164
|
+
|
165
|
+
return b"".join(plaintext)
|
166
|
+
|
167
|
+
|
168
|
+
def _transform_key(key: bytes) -> bytes:
|
169
|
+
new_key = []
|
170
|
+
new_key.append(((key[0] >> 0x01) << 1) & 0xFE)
|
171
|
+
for i in range(0, 6):
|
172
|
+
new_key.append((((key[i] & ((1 << (i + 1)) - 1)) << (6 - i) | (key[i + 1] >> (i + 2))) << 1) & 0xFE)
|
173
|
+
new_key.append(((key[6] & 0x7F) << 1) & 0xFE)
|
174
|
+
return bytes(new_key)
|
@@ -210,7 +210,7 @@ struct SAM_HASH_AES { /* size: >=24 */
|
|
210
210
|
c_sam = cstruct().load(sam_def)
|
211
211
|
|
212
212
|
SamRecord = TargetRecordDescriptor(
|
213
|
-
"windows/
|
213
|
+
"windows/credential/sam",
|
214
214
|
[
|
215
215
|
("uint32", "rid"),
|
216
216
|
("string", "fullname"),
|
@@ -303,6 +303,9 @@ class SamPlugin(Plugin):
|
|
303
303
|
if not HAS_CRYPTO:
|
304
304
|
raise UnsupportedPluginError("Missing pycryptodome dependency")
|
305
305
|
|
306
|
+
if not self.target.has_function("lsa"):
|
307
|
+
raise UnsupportedPluginError("LSA plugin is required for SAM plugin")
|
308
|
+
|
306
309
|
if not len(list(self.target.registry.keys(self.SAM_KEY))) > 0:
|
307
310
|
raise UnsupportedPluginError(f"Registry key not found: {self.SAM_KEY}")
|
308
311
|
|
@@ -374,7 +377,7 @@ class SamPlugin(Plugin):
|
|
374
377
|
nt (string): Parsed NT-hash.
|
375
378
|
"""
|
376
379
|
|
377
|
-
syskey = self.target.
|
380
|
+
syskey = self.target.lsa.syskey # aka. bootkey
|
378
381
|
samkey = self.calculate_samkey(syskey) # aka. hashed bootkey or hbootkey
|
379
382
|
|
380
383
|
almpassword = b"LMPASSWORD\0"
|
@@ -2,17 +2,16 @@ from __future__ import annotations
|
|
2
2
|
|
3
3
|
import hashlib
|
4
4
|
import hmac
|
5
|
-
from typing import Optional, Union
|
6
5
|
|
7
6
|
try:
|
8
|
-
from Crypto.Cipher import AES, ARC4
|
7
|
+
from Crypto.Cipher import AES, ARC4, DES3
|
9
8
|
|
10
9
|
HAS_CRYPTO = True
|
11
10
|
except ImportError:
|
12
11
|
HAS_CRYPTO = False
|
13
12
|
|
14
|
-
CIPHER_ALGORITHMS: dict[
|
15
|
-
HASH_ALGORITHMS: dict[
|
13
|
+
CIPHER_ALGORITHMS: dict[int | str, CipherAlgorithm] = {}
|
14
|
+
HASH_ALGORITHMS: dict[int | str, HashAlgorithm] = {}
|
16
15
|
|
17
16
|
|
18
17
|
class CipherAlgorithm:
|
@@ -35,17 +34,27 @@ class CipherAlgorithm:
|
|
35
34
|
return CIPHER_ALGORITHMS[name]()
|
36
35
|
|
37
36
|
def derive_key(self, key: bytes, hash_algorithm: HashAlgorithm) -> bytes:
|
38
|
-
"""Mimics the corresponding native Microsoft function.
|
37
|
+
"""Mimics the corresponding native Microsoft function.
|
38
|
+
|
39
|
+
Resources:
|
40
|
+
- https://github.com/tijldeneut/DPAPIck3/blob/main/dpapick3/crypto.py#L185
|
41
|
+
"""
|
42
|
+
|
39
43
|
if len(key) > hash_algorithm.block_length:
|
40
44
|
key = hashlib.new(hash_algorithm.name, key).digest()
|
41
45
|
|
42
|
-
if len(key) >=
|
46
|
+
if len(key) >= self.key_length:
|
43
47
|
return key
|
44
48
|
|
45
49
|
key = key.ljust(hash_algorithm.block_length, b"\x00")
|
46
|
-
pad1 = bytes(c ^ 0x36 for c in key)
|
47
|
-
pad2 = bytes(c ^ 0x5C for c in key)
|
48
|
-
|
50
|
+
pad1 = bytes(c ^ 0x36 for c in key)[: hash_algorithm.block_length]
|
51
|
+
pad2 = bytes(c ^ 0x5C for c in key)[: hash_algorithm.block_length]
|
52
|
+
key = hashlib.new(hash_algorithm.name, pad1).digest() + hashlib.new(hash_algorithm.name, pad2).digest()
|
53
|
+
key = self.fixup_key(key)
|
54
|
+
return key
|
55
|
+
|
56
|
+
def fixup_key(self, key: bytes) -> bytes:
|
57
|
+
return key
|
49
58
|
|
50
59
|
def decrypt_with_hmac(
|
51
60
|
self, data: bytes, key: bytes, iv: bytes, hash_algorithm: HashAlgorithm, rounds: int
|
@@ -55,7 +64,7 @@ class CipherAlgorithm:
|
|
55
64
|
|
56
65
|
return self.decrypt(data, key, iv)
|
57
66
|
|
58
|
-
def decrypt(self, data: bytes, key: bytes, iv:
|
67
|
+
def decrypt(self, data: bytes, key: bytes, iv: bytes | None = None) -> bytes:
|
59
68
|
raise NotImplementedError()
|
60
69
|
|
61
70
|
|
@@ -66,7 +75,7 @@ class _AES(CipherAlgorithm):
|
|
66
75
|
iv_length = 128 // 8
|
67
76
|
block_length = 128 // 8
|
68
77
|
|
69
|
-
def decrypt(self, data: bytes, key: bytes, iv:
|
78
|
+
def decrypt(self, data: bytes, key: bytes, iv: bytes | None = None) -> bytes:
|
70
79
|
if not HAS_CRYPTO:
|
71
80
|
raise RuntimeError("Missing pycryptodome dependency")
|
72
81
|
|
@@ -100,7 +109,7 @@ class _RC4(CipherAlgorithm):
|
|
100
109
|
iv_length = 128 // 8
|
101
110
|
block_length = 1 // 8
|
102
111
|
|
103
|
-
def decrypt(self, data: bytes, key: bytes, iv:
|
112
|
+
def decrypt(self, data: bytes, key: bytes, iv: bytes | None = None) -> bytes:
|
104
113
|
if not HAS_CRYPTO:
|
105
114
|
raise RuntimeError("Missing pycryptodome dependency")
|
106
115
|
|
@@ -108,6 +117,34 @@ class _RC4(CipherAlgorithm):
|
|
108
117
|
return cipher.decrypt(data)
|
109
118
|
|
110
119
|
|
120
|
+
class _DES3(CipherAlgorithm):
|
121
|
+
id = 0x6603
|
122
|
+
name = "DES3"
|
123
|
+
key_length = 192 // 8
|
124
|
+
iv_length = 64 // 8
|
125
|
+
block_length = 64 // 8
|
126
|
+
|
127
|
+
def fixup_key(self, key: bytes) -> bytes:
|
128
|
+
nkey = []
|
129
|
+
for byte in key:
|
130
|
+
parity_bit = 0
|
131
|
+
for i in range(8):
|
132
|
+
parity_bit ^= (byte >> i) & 1
|
133
|
+
|
134
|
+
nkey.append(byte if parity_bit == 0 else byte | 1)
|
135
|
+
return bytes(nkey[: self.key_length])
|
136
|
+
|
137
|
+
def decrypt(self, data: bytes, key: bytes, iv: bytes | None = None) -> bytes:
|
138
|
+
if not HAS_CRYPTO:
|
139
|
+
raise RuntimeError("Missing pycryptodome dependency")
|
140
|
+
|
141
|
+
if len(key) != 24:
|
142
|
+
raise ValueError(f"Invalid DES3 CBC key length {len(key)}")
|
143
|
+
|
144
|
+
cipher = DES3.new(key, DES3.MODE_CBC, iv=iv if iv else b"\x00" * 8)
|
145
|
+
return cipher.decrypt(data)
|
146
|
+
|
147
|
+
|
111
148
|
class HashAlgorithm:
|
112
149
|
id: int
|
113
150
|
name: str
|
@@ -123,7 +160,7 @@ class HashAlgorithm:
|
|
123
160
|
return HASH_ALGORITHMS[id]()
|
124
161
|
|
125
162
|
@classmethod
|
126
|
-
def from_name(cls, name: str) ->
|
163
|
+
def from_name(cls, name: str) -> HashAlgorithm | None:
|
127
164
|
return HASH_ALGORITHMS[name]()
|
128
165
|
|
129
166
|
|
@@ -148,7 +185,7 @@ class _HMAC(_SHA1):
|
|
148
185
|
|
149
186
|
|
150
187
|
class _SHA256(HashAlgorithm):
|
151
|
-
id =
|
188
|
+
id = 0x800C
|
152
189
|
name = "sha256"
|
153
190
|
digest_length = 256 // 8
|
154
191
|
block_length = 512 // 8
|
@@ -197,12 +234,12 @@ def dpapi_hmac(pwd_hash: bytes, hmac_salt: bytes, value: bytes, hash_algorithm:
|
|
197
234
|
|
198
235
|
def crypt_session_key_type1(
|
199
236
|
master_key: bytes,
|
200
|
-
nonce:
|
237
|
+
nonce: bytes | None,
|
201
238
|
hash_algorithm: HashAlgorithm,
|
202
|
-
entropy:
|
203
|
-
strong_password:
|
204
|
-
smart_card_secret:
|
205
|
-
verify_blob:
|
239
|
+
entropy: bytes | None = None,
|
240
|
+
strong_password: str | None = None,
|
241
|
+
smart_card_secret: bytes | None = None,
|
242
|
+
verify_blob: bytes | None = None,
|
206
243
|
) -> bytes:
|
207
244
|
"""Computes the decryption key for Type1 DPAPI blob, given the master key and optional information.
|
208
245
|
|
@@ -218,6 +255,7 @@ def crypt_session_key_type1(
|
|
218
255
|
strong_password: Optional password used for decryption or the blob itself.
|
219
256
|
smart_card_secret: Optional MS Next Gen Crypto secret (e.g. from PIN code).
|
220
257
|
verify_blob: Optional encrypted blob used for integrity check.
|
258
|
+
|
221
259
|
Returns:
|
222
260
|
decryption key
|
223
261
|
"""
|
@@ -258,10 +296,10 @@ def crypt_session_key_type2(
|
|
258
296
|
masterkey: bytes,
|
259
297
|
nonce: bytes,
|
260
298
|
hash_algorithm: HashAlgorithm,
|
261
|
-
entropy:
|
262
|
-
strong_password:
|
263
|
-
smart_card_secret:
|
264
|
-
verify_blob:
|
299
|
+
entropy: bytes | None = None,
|
300
|
+
strong_password: str | None = None,
|
301
|
+
smart_card_secret: bytes | None = None,
|
302
|
+
verify_blob: bytes | None = None,
|
265
303
|
) -> bytes:
|
266
304
|
"""Computes the decryption key for Type2 DPAPI blob, given the masterkey and optional information.
|
267
305
|
|
@@ -0,0 +1,188 @@
|
|
1
|
+
from __future__ import annotations
|
2
|
+
|
3
|
+
import re
|
4
|
+
from functools import cache, cached_property
|
5
|
+
from pathlib import Path
|
6
|
+
from typing import Iterator
|
7
|
+
|
8
|
+
from dissect.target.exceptions import UnsupportedPluginError
|
9
|
+
from dissect.target.plugin import InternalPlugin
|
10
|
+
from dissect.target.plugins.os.windows.dpapi.blob import Blob as DPAPIBlob
|
11
|
+
from dissect.target.plugins.os.windows.dpapi.master_key import CredSystem, MasterKeyFile
|
12
|
+
from dissect.target.target import Target
|
13
|
+
|
14
|
+
|
15
|
+
class DPAPIPlugin(InternalPlugin):
|
16
|
+
"""Windows Data Protection API (DPAPI) plugin.
|
17
|
+
|
18
|
+
Resources:
|
19
|
+
- Reversing ``Crypt32.dll``
|
20
|
+
- https://learn.microsoft.com/en-us/windows/win32/api/dpapi/
|
21
|
+
- https://github.com/fortra/impacket/blob/master/examples/dpapi.py
|
22
|
+
- https://github.com/tijldeneut/DPAPIck3
|
23
|
+
- https://www.passcape.com/index.php?section=docsys&cmd=details&id=28
|
24
|
+
"""
|
25
|
+
|
26
|
+
__namespace__ = "dpapi"
|
27
|
+
|
28
|
+
RE_MASTER_KEY = re.compile("^[0-9a-f]{8}(?:-[0-9a-f]{4}){3}-[0-9a-f]{12}$")
|
29
|
+
SYSTEM_SID = "S-1-5-18"
|
30
|
+
|
31
|
+
def __init__(self, target: Target):
|
32
|
+
super().__init__(target)
|
33
|
+
self.keychain = cache(self.keychain)
|
34
|
+
|
35
|
+
def check_compatible(self) -> None:
|
36
|
+
if not self.target.has_function("lsa"):
|
37
|
+
raise UnsupportedPluginError("Windows registry and LSA plugins are required for DPAPI decryption")
|
38
|
+
|
39
|
+
def keychain(self) -> set:
|
40
|
+
return set(self.target._dpapi_keyprovider.keys())
|
41
|
+
|
42
|
+
@cached_property
|
43
|
+
def master_keys(self) -> dict[str, dict[str, MasterKeyFile]]:
|
44
|
+
"""Returns dict of found DPAPI master keys on the Windows target for SYSTEM and regular users."""
|
45
|
+
master_keys = {}
|
46
|
+
|
47
|
+
# Search for SYSTEM master keys
|
48
|
+
master_keys[self.SYSTEM_SID] = {}
|
49
|
+
|
50
|
+
system_master_key_path = self.target.fs.path(f"sysvol/Windows/System32/Microsoft/Protect/{self.SYSTEM_SID}")
|
51
|
+
system_user_master_key_path = system_master_key_path.joinpath("User")
|
52
|
+
|
53
|
+
for dir in [system_master_key_path, system_user_master_key_path]:
|
54
|
+
user_mks = self._load_master_keys_from_path(self.SYSTEM_SID, dir)
|
55
|
+
master_keys[self.SYSTEM_SID].update(user_mks)
|
56
|
+
|
57
|
+
# Search for user master keys, generally located at $HOME/AppData/Roaming/Microsoft/Protect/{user_sid}/{mk_guid}
|
58
|
+
PROTECT_DIRS = [
|
59
|
+
# Windows Vista and newer
|
60
|
+
"AppData/Roaming/Microsoft/Protect",
|
61
|
+
# Windows XP
|
62
|
+
"Application Data/Microsoft/Protect",
|
63
|
+
]
|
64
|
+
|
65
|
+
for user in self.target.user_details.all_with_home():
|
66
|
+
sid = user.user.sid
|
67
|
+
master_keys.setdefault(sid, {})
|
68
|
+
|
69
|
+
for protect_dir in PROTECT_DIRS:
|
70
|
+
path = user.home_path.joinpath(protect_dir).joinpath(sid)
|
71
|
+
if user_mks := self._load_master_keys_from_path(sid, path):
|
72
|
+
master_keys[sid] |= user_mks
|
73
|
+
|
74
|
+
return master_keys
|
75
|
+
|
76
|
+
def _load_master_keys_from_path(self, sid: str, path: Path) -> Iterator[tuple[str, MasterKeyFile]]:
|
77
|
+
"""Iterate over the provided ``path`` and search for master key files for the given user SID."""
|
78
|
+
|
79
|
+
if not path.exists():
|
80
|
+
self.target.log.info("Unable to load master keys from path as it does not exist: %s", path)
|
81
|
+
return
|
82
|
+
|
83
|
+
for file in path.iterdir():
|
84
|
+
if not self.RE_MASTER_KEY.findall(file.name):
|
85
|
+
continue
|
86
|
+
|
87
|
+
with file.open() as fh:
|
88
|
+
mkf = MasterKeyFile(fh)
|
89
|
+
|
90
|
+
# Decrypt SYSTEM master key using the DPAPI_SYSTEM LSA secret.
|
91
|
+
if sid == self.SYSTEM_SID:
|
92
|
+
if "DPAPI_SYSTEM" not in self.target.lsa._secrets:
|
93
|
+
self.target.log.warning("Unable to decrypt SYSTEM master key: LSA secret missing")
|
94
|
+
continue
|
95
|
+
|
96
|
+
# Windows XP
|
97
|
+
if float(self.target.ntversion) < 6.0:
|
98
|
+
secret_offset = 8
|
99
|
+
|
100
|
+
# Windows Vista and newer
|
101
|
+
else:
|
102
|
+
secret_offset = 16
|
103
|
+
|
104
|
+
dpapi_system = CredSystem(self.target.lsa._secrets["DPAPI_SYSTEM"][secret_offset:])
|
105
|
+
mkf.decrypt_with_key(dpapi_system.machine_key)
|
106
|
+
mkf.decrypt_with_key(dpapi_system.user_key)
|
107
|
+
|
108
|
+
# Decrypting the System master key should always succeed
|
109
|
+
if not mkf.decrypted:
|
110
|
+
self.target.log.error("Failed to decrypt SYSTEM master key!")
|
111
|
+
continue
|
112
|
+
|
113
|
+
yield file.name, mkf
|
114
|
+
|
115
|
+
# Decrypt user master key
|
116
|
+
else:
|
117
|
+
# Iterate over every master key password we have from the keychain
|
118
|
+
for provider, mk_pass in self.keychain():
|
119
|
+
try:
|
120
|
+
if mkf.decrypt_with_password(sid, mk_pass):
|
121
|
+
self.target.log.info(
|
122
|
+
"Decrypted user master key with password '%s' from provider %s", mk_pass, provider
|
123
|
+
)
|
124
|
+
break
|
125
|
+
except ValueError:
|
126
|
+
pass
|
127
|
+
|
128
|
+
try:
|
129
|
+
if mkf.decrypt_with_hash(sid, bytes.fromhex(mk_pass)):
|
130
|
+
self.target.log.info(
|
131
|
+
"Decrypted SID %s master key with hash '%s' from provider %s", sid, mk_pass, provider
|
132
|
+
)
|
133
|
+
break
|
134
|
+
except ValueError:
|
135
|
+
pass
|
136
|
+
|
137
|
+
if not mkf.decrypted:
|
138
|
+
self.target.log.warning("Could not decrypt master key '%s' for SID '%s'", file.name, sid)
|
139
|
+
|
140
|
+
yield file.name, mkf
|
141
|
+
|
142
|
+
@cached_property
|
143
|
+
def _users(self) -> dict[str, str]:
|
144
|
+
"""Cached map of username to SID."""
|
145
|
+
return {user.name: user.sid for user in self.target.users()}
|
146
|
+
|
147
|
+
def decrypt_system_blob(self, data: bytes) -> bytes:
|
148
|
+
"""Decrypt the given bytes using the SYSTEM master key."""
|
149
|
+
return self.decrypt_user_blob(data, sid=self.SYSTEM_SID)
|
150
|
+
|
151
|
+
def decrypt_user_blob(self, data: bytes, username: str | None = None, sid: str | None = None) -> bytes:
|
152
|
+
"""Decrypt the given bytes using the master key of the given SID or username."""
|
153
|
+
|
154
|
+
if not sid and not username:
|
155
|
+
raise ValueError("Either sid or username argument is required")
|
156
|
+
|
157
|
+
if not sid and username:
|
158
|
+
sid = self._users.get(username)
|
159
|
+
|
160
|
+
if not sid:
|
161
|
+
raise ValueError("No SID provided or no SID found")
|
162
|
+
|
163
|
+
try:
|
164
|
+
blob = DPAPIBlob(data)
|
165
|
+
except EOFError as e:
|
166
|
+
raise ValueError(f"Failed to parse DPAPI blob: {e}")
|
167
|
+
|
168
|
+
if not (mk := self.master_keys.get(sid, {}).get(blob.guid)):
|
169
|
+
raise ValueError(f"Blob is encrypted using master key {blob.guid} that we do not have for SID {sid}")
|
170
|
+
|
171
|
+
if not blob.decrypt(mk.key):
|
172
|
+
raise ValueError(f"Failed to decrypt blob for SID {sid}")
|
173
|
+
|
174
|
+
return blob.clear_text
|
175
|
+
|
176
|
+
def decrypt_blob(self, data: bytes) -> bytes:
|
177
|
+
"""Attempt to decrypt the given bytes using any of the available master keys."""
|
178
|
+
try:
|
179
|
+
blob = DPAPIBlob(data)
|
180
|
+
except EOFError as e:
|
181
|
+
raise ValueError(f"Failed to parse DPAPI blob: {e}")
|
182
|
+
|
183
|
+
for user in self.master_keys:
|
184
|
+
for mk in self.master_keys[user].values():
|
185
|
+
if blob.decrypt(mk.key):
|
186
|
+
return blob.clear_text
|
187
|
+
|
188
|
+
raise ValueError("Failed to decrypt blob using any available master key")
|
@@ -0,0 +1,21 @@
|
|
1
|
+
from typing import Iterator
|
2
|
+
|
3
|
+
from dissect.target.exceptions import UnsupportedPluginError
|
4
|
+
from dissect.target.plugin import export
|
5
|
+
from dissect.target.plugins.os.windows.dpapi.keyprovider.keyprovider import (
|
6
|
+
KeyProviderPlugin,
|
7
|
+
)
|
8
|
+
|
9
|
+
|
10
|
+
class CredHistKeyProviderPlugin(KeyProviderPlugin):
|
11
|
+
__namespace__ = "_dpapi_keyprovider_credhist"
|
12
|
+
|
13
|
+
def check_compatible(self) -> None:
|
14
|
+
if not self.target.has_function("credhist"):
|
15
|
+
raise UnsupportedPluginError("CREDHIST plugin not available on target")
|
16
|
+
|
17
|
+
@export(output="yield")
|
18
|
+
def keys(self) -> Iterator[tuple[str, str]]:
|
19
|
+
for credhist in self.target.credhist():
|
20
|
+
if value := getattr(credhist, "sha1"):
|
21
|
+
yield self.__namespace__, value
|
@@ -0,0 +1,17 @@
|
|
1
|
+
from typing import Iterator
|
2
|
+
|
3
|
+
from dissect.target.plugin import export
|
4
|
+
from dissect.target.plugins.os.windows.dpapi.keyprovider.keyprovider import (
|
5
|
+
KeyProviderPlugin,
|
6
|
+
)
|
7
|
+
|
8
|
+
|
9
|
+
class EmptyKeyProviderPlugin(KeyProviderPlugin):
|
10
|
+
__namespace__ = "_dpapi_keyprovider_empty"
|
11
|
+
|
12
|
+
def check_compatible(self) -> None:
|
13
|
+
return
|
14
|
+
|
15
|
+
@export(output="yield")
|
16
|
+
def keys(self) -> Iterator[tuple[str, str]]:
|
17
|
+
yield self.__namespace__, ""
|