dissect.target 3.20.dev17__py3-none-any.whl → 3.20.dev19__py3-none-any.whl

dissect/target/plugins/apps/virtualization/vmware_workstation.py

@@ -0,0 +1,61 @@
+from typing import Iterator
+
+from dissect.target.exceptions import UnsupportedPluginError
+from dissect.target.helpers.descriptor_extensions import UserRecordDescriptorExtension
+from dissect.target.helpers.fsutil import TargetPath
+from dissect.target.helpers.record import create_extended_descriptor
+from dissect.target.plugin import Plugin, alias, export
+from dissect.target.plugins.general.users import UserDetails
+from dissect.target.target import Target
+
+VmwareDragAndDropRecord = create_extended_descriptor([UserRecordDescriptorExtension])(
+    "virtualization/vmware/clipboard",
+    [
+        ("datetime", "ts"),
+        ("path", "path"),
+    ],
+)
+
+VMWARE_DND_PATHS = [
+    # Windows
+    "AppData/Local/Temp/VmwareDND",
+    # Linux
+    ".cache/vmware/drag_and_drop",
+]
+
+
+class VmwareWorkstationPlugin(Plugin):
+    """VMware Workstation plugin."""
+
+    __namespace__ = "vmware"
+
+    def __init__(self, target: Target):
+        super().__init__(target)
+        self.dnd_dirs = list(self.find_dnd_dirs())
+
+    def check_compatible(self) -> None:
+        if not self.dnd_dirs:
+            raise UnsupportedPluginError("No VMware Workstation DnD artifact(s) found")
+
+    def find_dnd_dirs(self) -> Iterator[tuple[UserDetails, TargetPath]]:
+        for user_details in self.target.user_details.all_with_home():
+            for dnd_path in VMWARE_DND_PATHS:
+                if (dnd_dir := user_details.home_path.joinpath(dnd_path)).exists():
+                    yield user_details, dnd_dir
+
+    @alias("draganddrop")
+    @export(record=VmwareDragAndDropRecord)
+    def clipboard(self) -> Iterator[VmwareDragAndDropRecord]:
+        """Yield cached VMware Workstation drag-and-drop file artifacts."""
+
+        for user_details, dnd_dir in self.dnd_dirs:
+            for file in dnd_dir.rglob("*/*"):
+                if file.is_dir():
+                    continue
+
+                yield VmwareDragAndDropRecord(
+                    ts=file.lstat().st_mtime,
+                    path=file,
+                    _user=user_details.user,
+                    _target=self.target,
+                )

dissect/target/plugins/child/vmware_workstation.py

@@ -1,29 +1,44 @@
+from typing import Iterator
+
 from dissect.target.exceptions import UnsupportedPluginError
+from dissect.target.helpers.fsutil import TargetPath
 from dissect.target.helpers.record import ChildTargetRecord
 from dissect.target.plugin import ChildTargetPlugin
+from dissect.target.target import Target
+
+INVENTORY_PATHS = [
+    # Windows
+    "AppData/Roaming/VMware/inventory.vmls",
+    # Linux
+    ".vmware/inventory.vmls",
+]
+
+
+def find_vm_inventory(target: Target) -> Iterator[TargetPath]:
+    """Search for inventory.vmls files in user home folders.
 
+    Does not support older vmAutoStart.xml or vmInventory.xml formats."""
 
-def find_vm_inventory(target):
     for user_details in target.user_details.all_with_home():
-        inv_file = user_details.home_path.joinpath("AppData/Roaming/VMware/inventory.vmls")
-        if inv_file.exists():
-            yield inv_file
+        for inv_path in INVENTORY_PATHS:
+            if (inv_file := user_details.home_path.joinpath(inv_path)).exists():
+                yield inv_file
 
 
-class WorkstationChildTargetPlugin(ChildTargetPlugin):
+class VmwareWorkstationChildTargetPlugin(ChildTargetPlugin):
     """Child target plugin that yields from VMware Workstation VM inventory."""
 
     __type__ = "vmware_workstation"
 
-    def __init__(self, target):
+    def __init__(self, target: Target):
         super().__init__(target)
         self.inventories = list(find_vm_inventory(target))
 
     def check_compatible(self) -> None:
-        if not len(self.inventories):
+        if not self.inventories:
             raise UnsupportedPluginError("No VMWare inventories found")
 
-    def list_children(self):
+    def list_children(self) -> Iterator[ChildTargetRecord]:
         for inv in self.inventories:
             for line in inv.open("rt"):
                 line = line.strip()

dissect/target/tools/shell.py

@@ -96,6 +96,7 @@ class ExtendedCmd(cmd.Cmd):
 
     CMD_PREFIX = "cmd_"
     _runtime_aliases = {}
+    DEFAULT_RUNCOMMANDS_FILE = None
 
     def __init__(self, cyber: bool = False):
         cmd.Cmd.__init__(self)
@@ -121,6 +122,28 @@ class ExtendedCmd(cmd.Cmd):
 
         return object.__getattribute__(self, attr)
 
+    def _load_targetrc(self, path: pathlib.Path) -> None:
+        """Load and execute commands from the run commands file."""
+        try:
+            with path.open() as fh:
+                for line in fh:
+                    if (line := line.strip()) and not line.startswith("#"):  # Ignore empty lines and comments
+                        self.onecmd(line)
+        except FileNotFoundError:
+            # The .targetrc file is optional
+            pass
+        except Exception as e:
+            log.debug("Error processing .targetrc file: %s", e)
+
+    def _get_targetrc_path(self) -> pathlib.Path | None:
+        """Get the path to the run commands file. Can return ``None`` if ``DEFAULT_RUNCOMMANDS_FILE`` is not set."""
+        return pathlib.Path(self.DEFAULT_RUNCOMMANDS_FILE).expanduser() if self.DEFAULT_RUNCOMMANDS_FILE else None
+
+    def preloop(self) -> None:
+        super().preloop()
+        if targetrc_path := self._get_targetrc_path():
+            self._load_targetrc(targetrc_path)
+
     @staticmethod
     def check_compatible(target: Target) -> bool:
         return True
@@ -309,6 +332,8 @@ class TargetCmd(ExtendedCmd):
     DEFAULT_HISTFILESIZE = 10_000
     DEFAULT_HISTDIR = None
     DEFAULT_HISTDIRFMT = ".dissect_history_{uid}_{target}"
+    DEFAULT_RUNCOMMANDS_FILE = "~/.targetrc"
+    CONFIG_KEY_RUNCOMMANDS_FILE = "TARGETRCFILE"
 
     def __init__(self, target: Target):
         self.target = target
@@ -338,7 +363,15 @@ class TargetCmd(ExtendedCmd):
 
         super().__init__(self.target.props.get("cyber"))
 
+    def _get_targetrc_path(self) -> pathlib.Path:
+        """Get the path to the run commands file."""
+
+        return pathlib.Path(
+            getattr(self.target._config, self.CONFIG_KEY_RUNCOMMANDS_FILE, self.DEFAULT_RUNCOMMANDS_FILE)
+        ).expanduser()
+
     def preloop(self) -> None:
+        super().preloop()
         if readline and self.histfile.exists():
             try:
                 readline.read_history_file(self.histfile)
@@ -507,7 +540,6 @@ class TargetCli(TargetCmd):
         self.prompt_base = _target_name(target)
 
         TargetCmd.__init__(self, target)
-
         self._clicache = {}
         self.cwd = None
         self.chdir("/")
@@ -1144,6 +1176,10 @@ class UnixConfigTreeCli(TargetCli):
 class RegistryCli(TargetCmd):
     """CLI for browsing the registry."""
 
+    # Registry shell is incompatible with default shell, so override the default rc file and config key
+    DEFAULT_RUNCOMMANDS_FILE = "~/.targetrc.registry"
+    CONFIG_KEY_RUNCOMMANDS_FILE = "TARGETRCFILE_REGISTRY"
+
     def __init__(self, target: Target, registry: regutil.RegfHive | None = None):
         self.prompt_base = _target_name(target)
 

{dissect.target-3.20.dev17.dist-info → dissect.target-3.20.dev19.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: dissect.target
-Version: 3.20.dev17
+Version: 3.20.dev19
 Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
 Author-email: Dissect Team <dissect@fox-it.com>
 License: Affero General Public License v3

{dissect.target-3.20.dev17.dist-info → dissect.target-3.20.dev19.dist-info}/RECORD

@@ -141,6 +141,8 @@ dissect/target/plugins/apps/ssh/ssh.py,sha256=d3U8PJbtMvOV3K0wV_9KzGt2oRs-mfNQz1
 dissect/target/plugins/apps/texteditor/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/apps/texteditor/texteditor.py,sha256=h-tF1x2hLlgeNM3W-0Z9g0mjjkb9ietT1D5c-9GaMr8,543
 dissect/target/plugins/apps/texteditor/windowsnotepad.py,sha256=BXGhcwWIW6zlQyD_nHpc1r5Lxt6WMvhfqY2PWf0A6pw,14852
+dissect/target/plugins/apps/virtualization/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+dissect/target/plugins/apps/virtualization/vmware_workstation.py,sha256=7G-MRZCMN6aSYfs5NpaW2wkezqlx_EXq9-GzdbvtRrk,2088
 dissect/target/plugins/apps/vpn/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/apps/vpn/openvpn.py,sha256=d-DGINTIHP_bvv3T09ZwbezHXGctvCyAhJ482m2_-a0,7654
 dissect/target/plugins/apps/vpn/wireguard.py,sha256=SoAMED_bwWJQ3nci5qEY-qV4wJKSSDZQ8K7DoJRYq0k,6521
@@ -160,7 +162,7 @@ dissect/target/plugins/child/hyperv.py,sha256=R2qVeu4p_9V53jO-65znN0LwX9v3FVA-9j
 dissect/target/plugins/child/parallels.py,sha256=jeBT_NvTQbQBaUjqGWTy2I5Q5OWlrogoyWHRXjOhLis,2255
 dissect/target/plugins/child/qemu.py,sha256=vNzQwzFO964jYaI67MlX8vpWyHxpegjIU5F29zHKOGI,791
 dissect/target/plugins/child/virtuozzo.py,sha256=Mx4ZxEl21g7IYkzraw4FBZup5EfrkFDv4WuTE3hxguw,1206
-dissect/target/plugins/child/vmware_workstation.py,sha256=8wkA_tSufvBUyp4XQHzRzFETf5ROlyyO_MVS3TExyfw,1570
+dissect/target/plugins/child/vmware_workstation.py,sha256=eLvgi_aFUaMN1tC5X4RN85nKQdsuRQygrFYtNMAERTc,2030
 dissect/target/plugins/child/wsl.py,sha256=IssQgYET1T-XR5ZX2lGlNFJ_u_3QECpMF_7kXu09HTE,2469
 dissect/target/plugins/filesystem/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/filesystem/acquire_handles.py,sha256=-pX_akH5GrYe0HofXOa2Il75knZH6ZKgru4BFcrElkM,1731
@@ -351,7 +353,7 @@ dissect/target/tools/logging.py,sha256=5ZnumtMWLyslxfrUGZ4ntRyf3obOOhmn8SBjKfdLc
 dissect/target/tools/mount.py,sha256=8GRYnu4xEmFBHxuIZAYhOMyyTGX8fat1Ou07DNiUnW4,3945
 dissect/target/tools/query.py,sha256=e-yAN9zdQjuOiTuoOQoo17mVEQGGcOgaA9YkF4GYpkM,15394
 dissect/target/tools/reg.py,sha256=FDsiBBDxjWVUBTRj8xn82vZe-J_d9piM-TKS3PHZCcM,3193
-dissect/target/tools/shell.py,sha256=7jur65pFugpZHyfA0MkaMPCYWZPUSFjhkFQZO8IBYXQ,52077
+dissect/target/tools/shell.py,sha256=0RqcPmOmFEQ0-5Efqm8ZdGbTeZw2OXFFaCGNyCCzUVs,53714
 dissect/target/tools/utils.py,sha256=JJZDSso1CEK2sv4Z3HJNgqxH6G9S5lbmV-C3h-XmcMo,12035
 dissect/target/tools/yara.py,sha256=70k-2VMulf1EdkX03nCACzejaOEcsFHOyX-4E40MdQU,2044
 dissect/target/tools/dump/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -366,10 +368,10 @@ dissect/target/volumes/luks.py,sha256=OmCMsw6rCUXG1_plnLVLTpsvE1n_6WtoRUGQbpmu1z
 dissect/target/volumes/lvm.py,sha256=wwQVR9I3G9YzmY6UxFsH2Y4MXGBcKL9aayWGCDTiWMU,2269
 dissect/target/volumes/md.py,sha256=7ShPtusuLGaIv27SvEETtgsuoQyAa4iAAeOR1NEaajI,1689
 dissect/target/volumes/vmfs.py,sha256=-LoUbn9WNwTtLi_4K34uV_-wDw2W5hgaqxZNj4UmqAQ,1730
-dissect.target-3.20.dev17.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
-dissect.target-3.20.dev17.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
-dissect.target-3.20.dev17.dist-info/METADATA,sha256=b-FuP0zAaieA2KU6NYBKK1oQK45_bIreeC9TCgCLHvE,12897
-dissect.target-3.20.dev17.dist-info/WHEEL,sha256=GV9aMThwP_4oNCtvEC2ec3qUYutgWeAzklro_0m4WJQ,91
-dissect.target-3.20.dev17.dist-info/entry_points.txt,sha256=BWuxAb_6AvUAQpIQOQU0IMTlaF6TDht2AIZK8bHd-zE,492
-dissect.target-3.20.dev17.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
-dissect.target-3.20.dev17.dist-info/RECORD,,
+dissect.target-3.20.dev19.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
+dissect.target-3.20.dev19.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
+dissect.target-3.20.dev19.dist-info/METADATA,sha256=I3DYNx-CfW04SXNH44iwl9Gtaq5jIdEfhdukyOAp9GM,12897
+dissect.target-3.20.dev19.dist-info/WHEEL,sha256=GV9aMThwP_4oNCtvEC2ec3qUYutgWeAzklro_0m4WJQ,91
+dissect.target-3.20.dev19.dist-info/entry_points.txt,sha256=BWuxAb_6AvUAQpIQOQU0IMTlaF6TDht2AIZK8bHd-zE,492
+dissect.target-3.20.dev19.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
+dissect.target-3.20.dev19.dist-info/RECORD,,