dissect.target 3.20.dev29__py3-none-any.whl → 3.20.dev31__py3-none-any.whl
Sign up to get free protection for your applications and to get access to all the features.
- dissect/target/plugins/apps/shell/wget.py +91 -0
- dissect/target/tools/shell.py +1 -1
- {dissect.target-3.20.dev29.dist-info → dissect.target-3.20.dev31.dist-info}/METADATA +1 -1
- {dissect.target-3.20.dev29.dist-info → dissect.target-3.20.dev31.dist-info}/RECORD +9 -8
- {dissect.target-3.20.dev29.dist-info → dissect.target-3.20.dev31.dist-info}/COPYRIGHT +0 -0
- {dissect.target-3.20.dev29.dist-info → dissect.target-3.20.dev31.dist-info}/LICENSE +0 -0
- {dissect.target-3.20.dev29.dist-info → dissect.target-3.20.dev31.dist-info}/WHEEL +0 -0
- {dissect.target-3.20.dev29.dist-info → dissect.target-3.20.dev31.dist-info}/entry_points.txt +0 -0
- {dissect.target-3.20.dev29.dist-info → dissect.target-3.20.dev31.dist-info}/top_level.txt +0 -0
@@ -0,0 +1,91 @@
|
|
1
|
+
from typing import Iterator
|
2
|
+
|
3
|
+
from dissect.target.exceptions import UnsupportedPluginError
|
4
|
+
from dissect.target.helpers.descriptor_extensions import UserRecordDescriptorExtension
|
5
|
+
from dissect.target.helpers.fsutil import TargetPath
|
6
|
+
from dissect.target.helpers.record import create_extended_descriptor
|
7
|
+
from dissect.target.plugin import Plugin, export
|
8
|
+
from dissect.target.plugins.general.users import UserDetails
|
9
|
+
from dissect.target.target import Target
|
10
|
+
|
11
|
+
WgetHstsRecord = create_extended_descriptor([UserRecordDescriptorExtension])(
|
12
|
+
"apps/shell/wget/hsts",
|
13
|
+
[
|
14
|
+
("datetime", "ts_created"),
|
15
|
+
("uri", "host"),
|
16
|
+
("boolean", "explicit_port"),
|
17
|
+
("boolean", "include_subdomains"),
|
18
|
+
("datetime", "max_age"),
|
19
|
+
("path", "source"),
|
20
|
+
],
|
21
|
+
)
|
22
|
+
|
23
|
+
|
24
|
+
class WgetPlugin(Plugin):
|
25
|
+
"""Wget shell plugin."""
|
26
|
+
|
27
|
+
__namespace__ = "wget"
|
28
|
+
|
29
|
+
def __init__(self, target: Target):
|
30
|
+
super().__init__(target)
|
31
|
+
self.artifacts = list(self._find_artifacts())
|
32
|
+
|
33
|
+
def _find_artifacts(self) -> Iterator[tuple[UserDetails, TargetPath]]:
|
34
|
+
for user_details in self.target.user_details.all_with_home():
|
35
|
+
if (hsts_file := user_details.home_path.joinpath(".wget-hsts")).exists():
|
36
|
+
yield hsts_file, user_details
|
37
|
+
|
38
|
+
def check_compatible(self) -> None:
|
39
|
+
if not self.artifacts:
|
40
|
+
raise UnsupportedPluginError("No .wget-hsts files found on target")
|
41
|
+
|
42
|
+
@export(record=WgetHstsRecord)
|
43
|
+
def hsts(self) -> Iterator[WgetHstsRecord]:
|
44
|
+
"""Yield domain entries found in wget HSTS files.
|
45
|
+
|
46
|
+
When using the ``wget`` command-line utility, a file named ``.wget-hsts`` is created in the user's home
|
47
|
+
directory by default. The ``.wget-hsts`` file records HTTP Strict Transport Security (HSTS) information for the
|
48
|
+
websites visited by the user via ``wget``.
|
49
|
+
|
50
|
+
Resources:
|
51
|
+
- https://www.gnu.org/software/wget
|
52
|
+
- https://gitlab.com/gnuwget/wget/-/blob/master/src/hsts.c
|
53
|
+
- https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
|
54
|
+
|
55
|
+
Yields ``WgetHstsRecord``s with the following fields:
|
56
|
+
|
57
|
+
.. code-block:: text
|
58
|
+
|
59
|
+
ts_created (datetime): When the host was first added to the HSTS file
|
60
|
+
host (uri): The host that was accessed over TLS by wget
|
61
|
+
explicit_port (boolean): If the TCP port for TLS should be checked
|
62
|
+
include_subdomains (boolean): If subdomains are included in the HSTS check
|
63
|
+
max_age (datetime): Time to live of the entry in the HSTS file
|
64
|
+
source (path): Location of the .wget-hsts file
|
65
|
+
"""
|
66
|
+
for hsts_file, user_details in self.artifacts:
|
67
|
+
if not hsts_file.is_file():
|
68
|
+
continue
|
69
|
+
|
70
|
+
for line in hsts_file.open("rt").readlines():
|
71
|
+
if not (line := line.strip()) or line.startswith("#"):
|
72
|
+
continue
|
73
|
+
|
74
|
+
try:
|
75
|
+
host, port, subdomain_count, created, max_age = line.split("\t")
|
76
|
+
|
77
|
+
except ValueError as e:
|
78
|
+
self.target.log.warning("Unexpected wget hsts line in file: %s", hsts_file)
|
79
|
+
self.target.log.debug("", exc_info=e)
|
80
|
+
continue
|
81
|
+
|
82
|
+
yield WgetHstsRecord(
|
83
|
+
ts_created=int(created),
|
84
|
+
host=host,
|
85
|
+
explicit_port=int(port),
|
86
|
+
include_subdomains=int(subdomain_count),
|
87
|
+
max_age=int(created) + int(max_age),
|
88
|
+
source=hsts_file,
|
89
|
+
_user=user_details.user,
|
90
|
+
_target=self.target,
|
91
|
+
)
|
dissect/target/tools/shell.py
CHANGED
@@ -1431,7 +1431,7 @@ def target_shell(targets: list[Target], cli_cls: type[TargetCmd], commands: list
|
|
1431
1431
|
run_cli(cli)
|
1432
1432
|
|
1433
1433
|
|
1434
|
-
def python_shell(targets: list[Target], commands: list[str] | None) -> None:
|
1434
|
+
def python_shell(targets: list[Target], commands: list[str] | None = None) -> None:
|
1435
1435
|
"""Helper method for starting a (I)Python shell with multiple targets."""
|
1436
1436
|
banner = "Loaded targets in 'targets' variable. First target is in 't'."
|
1437
1437
|
ns = {"targets": targets, "t": targets[0]}
|
@@ -1,6 +1,6 @@
|
|
1
1
|
Metadata-Version: 2.1
|
2
2
|
Name: dissect.target
|
3
|
-
Version: 3.20.
|
3
|
+
Version: 3.20.dev31
|
4
4
|
Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
|
5
5
|
Author-email: Dissect Team <dissect@fox-it.com>
|
6
6
|
License: Affero General Public License v3
|
@@ -134,6 +134,7 @@ dissect/target/plugins/apps/remoteaccess/remoteaccess.py,sha256=DWXkRDVUpFr1icK2
|
|
134
134
|
dissect/target/plugins/apps/remoteaccess/teamviewer.py,sha256=tOg07gEqEmjfvoZmk1qxhKKXQyPS0jklh-IBCy5m8Mo,4987
|
135
135
|
dissect/target/plugins/apps/shell/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
136
136
|
dissect/target/plugins/apps/shell/powershell.py,sha256=biPSMRWxPI6kRqP0-75yMtrw0Ti2Bzfl_xI3xbmmF48,2641
|
137
|
+
dissect/target/plugins/apps/shell/wget.py,sha256=LyEy4RNl1eAWdsF2TW3xdLyHLjEu9NuWQy_HW6rmLzk,3717
|
137
138
|
dissect/target/plugins/apps/ssh/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
138
139
|
dissect/target/plugins/apps/ssh/openssh.py,sha256=oaJeKmTvVMo4aePo4Ep7t0ludJPNuuokGEW07w4gAvQ,7216
|
139
140
|
dissect/target/plugins/apps/ssh/opensshd.py,sha256=DaXKdgGF3GYHHA4buEvphcm6FF4C8YFjgD96Dv6rRnM,5510
|
@@ -354,7 +355,7 @@ dissect/target/tools/logging.py,sha256=5ZnumtMWLyslxfrUGZ4ntRyf3obOOhmn8SBjKfdLc
|
|
354
355
|
dissect/target/tools/mount.py,sha256=8GRYnu4xEmFBHxuIZAYhOMyyTGX8fat1Ou07DNiUnW4,3945
|
355
356
|
dissect/target/tools/query.py,sha256=e-yAN9zdQjuOiTuoOQoo17mVEQGGcOgaA9YkF4GYpkM,15394
|
356
357
|
dissect/target/tools/reg.py,sha256=FDsiBBDxjWVUBTRj8xn82vZe-J_d9piM-TKS3PHZCcM,3193
|
357
|
-
dissect/target/tools/shell.py,sha256=
|
358
|
+
dissect/target/tools/shell.py,sha256=PUKlzJYG-xmbklpNm9Sm8YRMITQYrPzScnRs2Ut3GCA,54205
|
358
359
|
dissect/target/tools/utils.py,sha256=JJZDSso1CEK2sv4Z3HJNgqxH6G9S5lbmV-C3h-XmcMo,12035
|
359
360
|
dissect/target/tools/yara.py,sha256=70k-2VMulf1EdkX03nCACzejaOEcsFHOyX-4E40MdQU,2044
|
360
361
|
dissect/target/tools/dump/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
@@ -369,10 +370,10 @@ dissect/target/volumes/luks.py,sha256=OmCMsw6rCUXG1_plnLVLTpsvE1n_6WtoRUGQbpmu1z
|
|
369
370
|
dissect/target/volumes/lvm.py,sha256=wwQVR9I3G9YzmY6UxFsH2Y4MXGBcKL9aayWGCDTiWMU,2269
|
370
371
|
dissect/target/volumes/md.py,sha256=7ShPtusuLGaIv27SvEETtgsuoQyAa4iAAeOR1NEaajI,1689
|
371
372
|
dissect/target/volumes/vmfs.py,sha256=-LoUbn9WNwTtLi_4K34uV_-wDw2W5hgaqxZNj4UmqAQ,1730
|
372
|
-
dissect.target-3.20.
|
373
|
-
dissect.target-3.20.
|
374
|
-
dissect.target-3.20.
|
375
|
-
dissect.target-3.20.
|
376
|
-
dissect.target-3.20.
|
377
|
-
dissect.target-3.20.
|
378
|
-
dissect.target-3.20.
|
373
|
+
dissect.target-3.20.dev31.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
|
374
|
+
dissect.target-3.20.dev31.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
|
375
|
+
dissect.target-3.20.dev31.dist-info/METADATA,sha256=dxajIRMu3_ON9FATcZv5T2A4VGo63CentqV8LrQyGXg,12897
|
376
|
+
dissect.target-3.20.dev31.dist-info/WHEEL,sha256=GV9aMThwP_4oNCtvEC2ec3qUYutgWeAzklro_0m4WJQ,91
|
377
|
+
dissect.target-3.20.dev31.dist-info/entry_points.txt,sha256=BWuxAb_6AvUAQpIQOQU0IMTlaF6TDht2AIZK8bHd-zE,492
|
378
|
+
dissect.target-3.20.dev31.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
|
379
|
+
dissect.target-3.20.dev31.dist-info/RECORD,,
|
File without changes
|
File without changes
|
File without changes
|
{dissect.target-3.20.dev29.dist-info → dissect.target-3.20.dev31.dist-info}/entry_points.txt
RENAMED
File without changes
|
File without changes
|