dissect.target 3.20.dev13__py3-none-any.whl → 3.20.dev15__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -105,6 +105,7 @@ FilesystemMACBRecord = TargetRecordDescriptor(
105
105
  ("filesize", "filesize"),
106
106
  ("boolean", "resident"),
107
107
  ("boolean", "inuse"),
108
+ ("boolean", "ads"),
108
109
  ("string", "volume_uuid"),
109
110
  ],
110
111
  )
@@ -151,7 +152,7 @@ class MftPlugin(Plugin):
151
152
  "--macb",
152
153
  group="fmt",
153
154
  action="store_true",
154
- help="compacts the MFT entry timestamps into aggregated records with MACB bitfield",
155
+ help="compacts MFT timestamps into MACB bitfield (format: MACB[standard|ads]/MACB[filename])",
155
156
  )
156
157
  def mft(
157
158
  self, compact: bool = False, fs: int | None = None, start: int = 0, end: int = -1, macb: bool = False
@@ -342,12 +343,13 @@ def macb_aggr(records: list[Record]) -> Iterator[Record]:
342
343
  for record in records:
343
344
  found = False
344
345
 
345
- offset_std = int(record._desc.name == "filesystem/ntfs/mft/std") * 5
346
- offset_ads = (int(record.ads) * 10) if offset_std == 0 else 0
346
+ offset = 0
347
+ if not getattr(record, "ads", False):
348
+ offset = int(record._desc.name == "filesystem/ntfs/mft/filename") * 5
347
349
 
348
- field = "MACB".find(record.ts_type) + offset_std + offset_ads
350
+ field = "MACB".find(record.ts_type) + offset
349
351
  for macb in macbs:
350
- if macb.ts == record.ts:
352
+ if macb.ts == record.ts and macb.path == record.path:
351
353
  macb.macb = macb_set(macb.macb, field, record.ts_type)
352
354
  found = True
353
355
  break
@@ -356,7 +358,7 @@ def macb_aggr(records: list[Record]) -> Iterator[Record]:
356
358
  continue
357
359
 
358
360
  macb = FilesystemMACBRecord.init_from_record(record)
359
- macb.macb = "..../..../...."
361
+ macb.macb = "..../...."
360
362
  macb.macb = macb_set(macb.macb, field, record.ts_type)
361
363
 
362
364
  macbs.append(macb)
@@ -95,6 +95,7 @@ class ExtendedCmd(cmd.Cmd):
95
95
  """
96
96
 
97
97
  CMD_PREFIX = "cmd_"
98
+ _runtime_aliases = {}
98
99
 
99
100
  def __init__(self, cyber: bool = False):
100
101
  cmd.Cmd.__init__(self)
@@ -164,6 +165,11 @@ class ExtendedCmd(cmd.Cmd):
164
165
  return None
165
166
 
166
167
  def default(self, line: str) -> bool:
168
+ com, arg, _ = self.parseline(line)
169
+ if com in self._runtime_aliases:
170
+ expanded = " ".join([self._runtime_aliases[com], arg])
171
+ return self.onecmd(expanded)
172
+
167
173
  if (should_exit := self._handle_command(line)) is not None:
168
174
  return should_exit
169
175
 
@@ -230,6 +236,43 @@ class ExtendedCmd(cmd.Cmd):
230
236
  def complete_man(self, *args) -> list[str]:
231
237
  return cmd.Cmd.complete_help(self, *args)
232
238
 
239
+ def do_unalias(self, line: str) -> bool:
240
+ """delete runtime alias"""
241
+ aliases = list(shlex.shlex(line, posix=True))
242
+ for aliased in aliases:
243
+ if aliased in self._runtime_aliases:
244
+ del self._runtime_aliases[aliased]
245
+ else:
246
+ print(f"alias {aliased} not found")
247
+ return False
248
+
249
+ def do_alias(self, line: str) -> bool:
250
+ """create a runtime alias"""
251
+ args = list(shlex.shlex(line, posix=True))
252
+
253
+ if not args:
254
+ for aliased, command in self._runtime_aliases.items():
255
+ print(f"alias {aliased}={command}")
256
+ return False
257
+
258
+ while args:
259
+ alias_name = args.pop(0)
260
+ try:
261
+ equals = args.pop(0)
262
+ # our parser works different, so we have to stop this
263
+ if equals != "=":
264
+ raise RuntimeError("Token not allowed")
265
+ expanded = args.pop(0) if args else "" # this is how it works in bash
266
+ self._runtime_aliases[alias_name] = expanded
267
+ except IndexError:
268
+ if alias_name in self._runtime_aliases:
269
+ print(f"alias {alias_name}={self._runtime_aliases[alias_name]}")
270
+ else:
271
+ print(f"alias {alias_name} not found")
272
+ pass
273
+
274
+ return False
275
+
233
276
  def do_clear(self, line: str) -> bool:
234
277
  """clear the terminal screen"""
235
278
  os.system("cls||clear")
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: dissect.target
3
- Version: 3.20.dev13
3
+ Version: 3.20.dev15
4
4
  Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
5
5
  Author-email: Dissect Team <dissect@fox-it.com>
6
6
  License: Affero General Public License v3
@@ -170,7 +170,7 @@ dissect/target/plugins/filesystem/resolver.py,sha256=HfyASUFV4F9uD-yFXilFpPTORAs
170
170
  dissect/target/plugins/filesystem/walkfs.py,sha256=rklbN805roy2fKAQe5L1JhTvI0qNgGS70ZNGFwevLB0,2740
171
171
  dissect/target/plugins/filesystem/yara.py,sha256=zh4hU3L_egddLqDeaHDVuCWYhTlNzPYPVak36Q6IMxI,6621
172
172
  dissect/target/plugins/filesystem/ntfs/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
173
- dissect/target/plugins/filesystem/ntfs/mft.py,sha256=6r2uQrvJsuHGpKxx4vQPBuZ9yGLj-d8RS5y289-VoZI,12384
173
+ dissect/target/plugins/filesystem/ntfs/mft.py,sha256=2YEkdPpMz4WcXHUD4SnB8kCkZgXRgeXgXf827F1nh3w,12429
174
174
  dissect/target/plugins/filesystem/ntfs/mft_timeline.py,sha256=vvNFAZbr7s3X2OTYf4ES_L6-XsouTXcTymfxnHfZ1Rw,6791
175
175
  dissect/target/plugins/filesystem/ntfs/usnjrnl.py,sha256=uiT1ipmcAo__6VIUi8R_vvIu22vdnjMACKwLSAbzYjs,3704
176
176
  dissect/target/plugins/filesystem/ntfs/utils.py,sha256=xG7Lgw9NX4tDDrZVRm0vycFVJTOM7j-HrjqzDh0f4uA,3136
@@ -350,7 +350,7 @@ dissect/target/tools/logging.py,sha256=5ZnumtMWLyslxfrUGZ4ntRyf3obOOhmn8SBjKfdLc
350
350
  dissect/target/tools/mount.py,sha256=8GRYnu4xEmFBHxuIZAYhOMyyTGX8fat1Ou07DNiUnW4,3945
351
351
  dissect/target/tools/query.py,sha256=e-yAN9zdQjuOiTuoOQoo17mVEQGGcOgaA9YkF4GYpkM,15394
352
352
  dissect/target/tools/reg.py,sha256=FDsiBBDxjWVUBTRj8xn82vZe-J_d9piM-TKS3PHZCcM,3193
353
- dissect/target/tools/shell.py,sha256=dmshIriwdd_UwrdUcTfWkcYD8Z0mjzbDqwyZG-snDdM,50482
353
+ dissect/target/tools/shell.py,sha256=7jur65pFugpZHyfA0MkaMPCYWZPUSFjhkFQZO8IBYXQ,52077
354
354
  dissect/target/tools/utils.py,sha256=JJZDSso1CEK2sv4Z3HJNgqxH6G9S5lbmV-C3h-XmcMo,12035
355
355
  dissect/target/tools/yara.py,sha256=70k-2VMulf1EdkX03nCACzejaOEcsFHOyX-4E40MdQU,2044
356
356
  dissect/target/tools/dump/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -365,10 +365,10 @@ dissect/target/volumes/luks.py,sha256=OmCMsw6rCUXG1_plnLVLTpsvE1n_6WtoRUGQbpmu1z
365
365
  dissect/target/volumes/lvm.py,sha256=wwQVR9I3G9YzmY6UxFsH2Y4MXGBcKL9aayWGCDTiWMU,2269
366
366
  dissect/target/volumes/md.py,sha256=7ShPtusuLGaIv27SvEETtgsuoQyAa4iAAeOR1NEaajI,1689
367
367
  dissect/target/volumes/vmfs.py,sha256=-LoUbn9WNwTtLi_4K34uV_-wDw2W5hgaqxZNj4UmqAQ,1730
368
- dissect.target-3.20.dev13.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
369
- dissect.target-3.20.dev13.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
370
- dissect.target-3.20.dev13.dist-info/METADATA,sha256=mpZi2V8jF1Sz3fTDHliJKuFMK5T3-EKFajMi30PNUrM,12897
371
- dissect.target-3.20.dev13.dist-info/WHEEL,sha256=GV9aMThwP_4oNCtvEC2ec3qUYutgWeAzklro_0m4WJQ,91
372
- dissect.target-3.20.dev13.dist-info/entry_points.txt,sha256=BWuxAb_6AvUAQpIQOQU0IMTlaF6TDht2AIZK8bHd-zE,492
373
- dissect.target-3.20.dev13.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
374
- dissect.target-3.20.dev13.dist-info/RECORD,,
368
+ dissect.target-3.20.dev15.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
369
+ dissect.target-3.20.dev15.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
370
+ dissect.target-3.20.dev15.dist-info/METADATA,sha256=Z0q9VoAwFjPPZnc3S6F_5bAUKanh-79WT4DZbPQ-0cs,12897
371
+ dissect.target-3.20.dev15.dist-info/WHEEL,sha256=GV9aMThwP_4oNCtvEC2ec3qUYutgWeAzklro_0m4WJQ,91
372
+ dissect.target-3.20.dev15.dist-info/entry_points.txt,sha256=BWuxAb_6AvUAQpIQOQU0IMTlaF6TDht2AIZK8bHd-zE,492
373
+ dissect.target-3.20.dev15.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
374
+ dissect.target-3.20.dev15.dist-info/RECORD,,