dissect.target 3.8.dev32__py3-none-any.whl → 3.8.dev34__py3-none-any.whl

dissect/target/loaders/velociraptor.py

@@ -14,17 +14,21 @@ FILESYSTEMS_ROOT = "uploads"
 
 def find_fs_directories(path: Path) -> tuple[Optional[OperatingSystem], Optional[list[Path]]]:
     # As of Velociraptor version 0.6.7 the structure of the Velociraptor Offline Collector varies by operating system
-    # Generic.Collectors.File (Unix, OS-X) root filesystem is 'uploads/'
+    # Generic.Collectors.File (Linux and OS-X) root filesystem is 'uploads/file/'
     # Generic.Collectors.File (Windows) and Windows.KapeFiles.Targets (Windows) root filesystem is
     # 'uploads/<file-accessor>/<drive-name>/'
     fs_root = path.joinpath(FILESYSTEMS_ROOT)
-    os_type, dirs = find_dirs(fs_root)
-    if os_type in [OperatingSystem.LINUX, OperatingSystem.OSX]:
-        return os_type, [dirs[0]]
+
+    # Linux and OS-X
+    file_root = fs_root.joinpath("file")
+    if file_root.exists():
+        os_type, dirs = find_dirs(file_root)
+        if os_type in [OperatingSystem.LINUX, OperatingSystem.OSX]:
+            return os_type, [dirs[0]]
 
     # This suppports usage of the ntfs accessor 'uploads/mft/%5C%5C.%5CC%3A' not the accessors lazy_ntfs or auto
     mft_root = fs_root.joinpath("mft")
-    if not os_type and mft_root.exists():
+    if mft_root.exists():
         # If the `mft` directory exists, assume all the subdirectories are volumes
         return OperatingSystem.WINDOWS, list(mft_root.iterdir())
 

dissect/target/tools/shell.py

@@ -143,6 +143,15 @@ class TargetCmd(cmd.Cmd):
 
         return cmd.Cmd.default(self, line)
 
+    def emptyline(self):
+        """This function forces Python's cmd.Cmd module to behave like a regular shell.
+
+        When entering an empty command, the cmd module will by default repeat the previous command.
+        By defining an empty ``emptyline`` function we make sure no command is executed instead.
+        See https://stackoverflow.com/a/16479030
+        """
+        pass
+
     def _exec(self, func, command_args_str):
         """
         Command execution helper that chains initial command and piped
@@ -720,6 +729,20 @@ class TargetCli(TargetCmd):
             shutil.copyfileobj(fh, stdout)
             stdout.flush()
 
+    @arg("path")
+    def cmd_zcat(self, args, stdout):
+        """print file content from compressed files"""
+        paths = self.resolveglobpath(args.path)
+        stdout = stdout.buffer
+        for path in paths:
+            path = self.checkfile(path)
+            if not path:
+                continue
+
+            fh = fsutil.open_decompress(path)
+            shutil.copyfileobj(fh, stdout)
+            stdout.flush()
+
     @arg("path")
     def cmd_hexdump(self, args, stdout):
         """print a hexdump of the first X bytes"""
@@ -748,6 +771,15 @@ class TargetCli(TargetCmd):
 
         pydoc.pager(path.open("rt", errors="ignore").read(10 * 1024 * 1024))
 
+    @arg("path")
+    def cmd_zless(self, args, stdout):
+        """open the first 10 MB of a compressed file with zless"""
+        path = self.checkfile(args.path)
+        if not path:
+            return
+
+        pydoc.pager(fsutil.open_decompress(path, "rt").read(10 * 1024 * 1024))
+
     @arg("path", nargs="+")
     def cmd_readlink(self, args, stdout):
         """print resolved symbolic links or canonical file names"""

{dissect.target-3.8.dev32.dist-info → dissect.target-3.8.dev34.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: dissect.target
-Version: 3.8.dev32
+Version: 3.8.dev34
 Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
 Author-email: Dissect Team <dissect@fox-it.com>
 License: Affero General Public License v3

{dissect.target-3.8.dev32.dist-info → dissect.target-3.8.dev34.dist-info}/RECORD

@@ -72,7 +72,7 @@ dissect/target/loaders/tar.py,sha256=55chcbh9CDTczSmSPJ3O1FrfpXaZTTPL28Oqih8rPOA
 dissect/target/loaders/target.py,sha256=mfkNz586eHb1PuzbwrvRPf9CcoPDLm5wPGFT1_rMH5s,662
 dissect/target/loaders/vb.py,sha256=CnQcn7bAkMzIB1y-lWLtPPXdIVsyeDaT6hTZEurjkV4,2072
 dissect/target/loaders/vbox.py,sha256=bOxsUiJ0IKx2GETs12FJkYChXBVatSkvWdLmhR5XPZc,691
-dissect/target/loaders/velociraptor.py,sha256=B6DrGhsHBgJBu1Wcd8eRTNTU5OsLvo9qNMEUM0p2caY,2143
+dissect/target/loaders/velociraptor.py,sha256=rfZXTDm3eSgz29n1GOOswArdRsOf2ctJmSHb8RvCRQ0,2240
 dissect/target/loaders/vma.py,sha256=sWjkQrdq3zAJyckInhvJVsVfihoU4wLM25RMT8L2KWo,519
 dissect/target/loaders/vmx.py,sha256=By8AmbBmVd3U13oIZs9_0mVV3tpWNPoJBLmHZXqs1GE,740
 dissect/target/loaders/xva.py,sha256=66rsZGPwrLOaHtzou5oicYuOdIWQOeKtvvXsGm89dqg,544
@@ -240,7 +240,7 @@ dissect/target/tools/logging.py,sha256=5ZnumtMWLyslxfrUGZ4ntRyf3obOOhmn8SBjKfdLc
 dissect/target/tools/mount.py,sha256=oPjE954wRPnuhiXavoTSoZkMGKa5GpH9cMWZ3-piQd8,2320
 dissect/target/tools/query.py,sha256=Btt_PMVAWIYHhPLg0b8u5e_TDdG8CG5xapxLu82dbSE,11466
 dissect/target/tools/reg.py,sha256=37g_Xdb5ZbYAkMgQFmZNdKM_wWP9Bcw2Kk6quo1gwZ4,2147
-dissect/target/tools/shell.py,sha256=-zr5QaekJi7vXEnS_u8ua4KBSJm5TSJTIy6KlzFTvso,34908
+dissect/target/tools/shell.py,sha256=HICeIN5kCZYyGmAm_riWO9xrGnQmOzSp-Oici4QeO6Y,36003
 dissect/target/tools/utils.py,sha256=i9gHb-_IK73NEiA9sKVCPkeY80lRj_RYpGXnsy_4Ak8,6727
 dissect/target/tools/dump/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/tools/dump/run.py,sha256=yHn9xl_VjasgiuLpjtZdnLW32QCbkwHfnnTPY6Ck_aw,9689
@@ -251,10 +251,10 @@ dissect/target/volumes/bde.py,sha256=gYGg5yF9MNARwNzEkrEfZmKkxyZW4rhLkpdnPJCbhGk
 dissect/target/volumes/disk.py,sha256=95grSsPt1BLVpKwTclwQYzPFGKTkFFqapIk0RoGWf38,968
 dissect/target/volumes/lvm.py,sha256=zXAfszxNR6tOGrKAtAa_E-JhjI-sXQyR4VYLXD-kqCw,1616
 dissect/target/volumes/vmfs.py,sha256=mlAJ8278tYaoRjk1u6tFFlCaDQUrVu5ZZE4ikiFvxi8,1707
-dissect.target-3.8.dev32.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
-dissect.target-3.8.dev32.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
-dissect.target-3.8.dev32.dist-info/METADATA,sha256=Xxk_a-9Tb-0_dvcelF-C5KTFviYGegIYrD76c9l0JVA,9752
-dissect.target-3.8.dev32.dist-info/WHEEL,sha256=pkctZYzUS4AYVn6dJ-7367OJZivF2e8RA9b_ZBjif18,92
-dissect.target-3.8.dev32.dist-info/entry_points.txt,sha256=tvFPa-Ap-gakjaPwRc6Fl6mxHzxEZ_arAVU-IUYeo_s,447
-dissect.target-3.8.dev32.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
-dissect.target-3.8.dev32.dist-info/RECORD,,
+dissect.target-3.8.dev34.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
+dissect.target-3.8.dev34.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
+dissect.target-3.8.dev34.dist-info/METADATA,sha256=w87iqHAzoUqr5rasT7zTj2DHOnBqHTJK0SFJctHj9l8,9752
+dissect.target-3.8.dev34.dist-info/WHEEL,sha256=pkctZYzUS4AYVn6dJ-7367OJZivF2e8RA9b_ZBjif18,92
+dissect.target-3.8.dev34.dist-info/entry_points.txt,sha256=tvFPa-Ap-gakjaPwRc6Fl6mxHzxEZ_arAVU-IUYeo_s,447
+dissect.target-3.8.dev34.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
+dissect.target-3.8.dev34.dist-info/RECORD,,