dissect.target 3.20.dev30__py3-none-any.whl → 3.20.dev31__py3-none-any.whl

dissect/target/plugins/apps/shell/wget.py

@@ -0,0 +1,91 @@
+from typing import Iterator
+
+from dissect.target.exceptions import UnsupportedPluginError
+from dissect.target.helpers.descriptor_extensions import UserRecordDescriptorExtension
+from dissect.target.helpers.fsutil import TargetPath
+from dissect.target.helpers.record import create_extended_descriptor
+from dissect.target.plugin import Plugin, export
+from dissect.target.plugins.general.users import UserDetails
+from dissect.target.target import Target
+
+WgetHstsRecord = create_extended_descriptor([UserRecordDescriptorExtension])(
+    "apps/shell/wget/hsts",
+    [
+        ("datetime", "ts_created"),
+        ("uri", "host"),
+        ("boolean", "explicit_port"),
+        ("boolean", "include_subdomains"),
+        ("datetime", "max_age"),
+        ("path", "source"),
+    ],
+)
+
+
+class WgetPlugin(Plugin):
+    """Wget shell plugin."""
+
+    __namespace__ = "wget"
+
+    def __init__(self, target: Target):
+        super().__init__(target)
+        self.artifacts = list(self._find_artifacts())
+
+    def _find_artifacts(self) -> Iterator[tuple[UserDetails, TargetPath]]:
+        for user_details in self.target.user_details.all_with_home():
+            if (hsts_file := user_details.home_path.joinpath(".wget-hsts")).exists():
+                yield hsts_file, user_details
+
+    def check_compatible(self) -> None:
+        if not self.artifacts:
+            raise UnsupportedPluginError("No .wget-hsts files found on target")
+
+    @export(record=WgetHstsRecord)
+    def hsts(self) -> Iterator[WgetHstsRecord]:
+        """Yield domain entries found in wget HSTS files.
+
+        When using the ``wget`` command-line utility, a file named ``.wget-hsts`` is created in the user's home
+        directory by default. The ``.wget-hsts`` file records HTTP Strict Transport Security (HSTS) information for the
+        websites visited by the user via ``wget``.
+
+        Resources:
+            - https://www.gnu.org/software/wget
+            - https://gitlab.com/gnuwget/wget/-/blob/master/src/hsts.c
+            - https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
+
+        Yields ``WgetHstsRecord``s with the following fields:
+
+        .. code-block:: text
+
+            ts_created          (datetime):  When the host was first added to the HSTS file
+            host                (uri):       The host that was accessed over TLS by wget
+            explicit_port       (boolean):   If the TCP port for TLS should be checked
+            include_subdomains  (boolean):   If subdomains are included in the HSTS check
+            max_age             (datetime):  Time to live of the entry in the HSTS file
+            source              (path):      Location of the .wget-hsts file
+        """
+        for hsts_file, user_details in self.artifacts:
+            if not hsts_file.is_file():
+                continue
+
+            for line in hsts_file.open("rt").readlines():
+                if not (line := line.strip()) or line.startswith("#"):
+                    continue
+
+                try:
+                    host, port, subdomain_count, created, max_age = line.split("\t")
+
+                except ValueError as e:
+                    self.target.log.warning("Unexpected wget hsts line in file: %s", hsts_file)
+                    self.target.log.debug("", exc_info=e)
+                    continue
+
+                yield WgetHstsRecord(
+                    ts_created=int(created),
+                    host=host,
+                    explicit_port=int(port),
+                    include_subdomains=int(subdomain_count),
+                    max_age=int(created) + int(max_age),
+                    source=hsts_file,
+                    _user=user_details.user,
+                    _target=self.target,
+                )

{dissect.target-3.20.dev30.dist-info → dissect.target-3.20.dev31.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: dissect.target
-Version: 3.20.dev30
+Version: 3.20.dev31
 Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
 Author-email: Dissect Team <dissect@fox-it.com>
 License: Affero General Public License v3

{dissect.target-3.20.dev30.dist-info → dissect.target-3.20.dev31.dist-info}/RECORD

@@ -134,6 +134,7 @@ dissect/target/plugins/apps/remoteaccess/remoteaccess.py,sha256=DWXkRDVUpFr1icK2
 dissect/target/plugins/apps/remoteaccess/teamviewer.py,sha256=tOg07gEqEmjfvoZmk1qxhKKXQyPS0jklh-IBCy5m8Mo,4987
 dissect/target/plugins/apps/shell/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/apps/shell/powershell.py,sha256=biPSMRWxPI6kRqP0-75yMtrw0Ti2Bzfl_xI3xbmmF48,2641
+dissect/target/plugins/apps/shell/wget.py,sha256=LyEy4RNl1eAWdsF2TW3xdLyHLjEu9NuWQy_HW6rmLzk,3717
 dissect/target/plugins/apps/ssh/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/apps/ssh/openssh.py,sha256=oaJeKmTvVMo4aePo4Ep7t0ludJPNuuokGEW07w4gAvQ,7216
 dissect/target/plugins/apps/ssh/opensshd.py,sha256=DaXKdgGF3GYHHA4buEvphcm6FF4C8YFjgD96Dv6rRnM,5510
@@ -369,10 +370,10 @@ dissect/target/volumes/luks.py,sha256=OmCMsw6rCUXG1_plnLVLTpsvE1n_6WtoRUGQbpmu1z
 dissect/target/volumes/lvm.py,sha256=wwQVR9I3G9YzmY6UxFsH2Y4MXGBcKL9aayWGCDTiWMU,2269
 dissect/target/volumes/md.py,sha256=7ShPtusuLGaIv27SvEETtgsuoQyAa4iAAeOR1NEaajI,1689
 dissect/target/volumes/vmfs.py,sha256=-LoUbn9WNwTtLi_4K34uV_-wDw2W5hgaqxZNj4UmqAQ,1730
-dissect.target-3.20.dev30.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
-dissect.target-3.20.dev30.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
-dissect.target-3.20.dev30.dist-info/METADATA,sha256=MmnIwD9iA43ivjxZv0F1VRMWpjOTNIv0NNnRqyq85C4,12897
-dissect.target-3.20.dev30.dist-info/WHEEL,sha256=GV9aMThwP_4oNCtvEC2ec3qUYutgWeAzklro_0m4WJQ,91
-dissect.target-3.20.dev30.dist-info/entry_points.txt,sha256=BWuxAb_6AvUAQpIQOQU0IMTlaF6TDht2AIZK8bHd-zE,492
-dissect.target-3.20.dev30.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
-dissect.target-3.20.dev30.dist-info/RECORD,,
+dissect.target-3.20.dev31.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
+dissect.target-3.20.dev31.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
+dissect.target-3.20.dev31.dist-info/METADATA,sha256=dxajIRMu3_ON9FATcZv5T2A4VGo63CentqV8LrQyGXg,12897
+dissect.target-3.20.dev31.dist-info/WHEEL,sha256=GV9aMThwP_4oNCtvEC2ec3qUYutgWeAzklro_0m4WJQ,91
+dissect.target-3.20.dev31.dist-info/entry_points.txt,sha256=BWuxAb_6AvUAQpIQOQU0IMTlaF6TDht2AIZK8bHd-zE,492
+dissect.target-3.20.dev31.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
+dissect.target-3.20.dev31.dist-info/RECORD,,