edf-plasma-cli 1.0.0__py3-none-any.whl

edf_plasma_cli/__version__.py

@@ -0,0 +1,34 @@
+# file generated by setuptools-scm
+# don't change, don't track in version control
+
+__all__ = [
+    "__version__",
+    "__version_tuple__",
+    "version",
+    "version_tuple",
+    "__commit_id__",
+    "commit_id",
+]
+
+TYPE_CHECKING = False
+if TYPE_CHECKING:
+    from typing import Tuple
+    from typing import Union
+
+    VERSION_TUPLE = Tuple[Union[int, str], ...]
+    COMMIT_ID = Union[str, None]
+else:
+    VERSION_TUPLE = object
+    COMMIT_ID = object
+
+version: str
+__version__: str
+__version_tuple__: VERSION_TUPLE
+version_tuple: VERSION_TUPLE
+commit_id: COMMIT_ID
+__commit_id__: COMMIT_ID
+
+__version__ = version = '1.0.0'
+__version_tuple__ = version_tuple = (1, 0, 0)
+
+__commit_id__ = commit_id = 'gac0edb2f0'

edf_plasma_cli/command/__init__.py

@@ -0,0 +1,16 @@
+"""Command module"""
+
+from .abc import Format
+from .dissect import setup_command as setup_dissect_command
+from .list import setup_command as setup_list_command
+
+_COMMANDS = (
+    setup_dissect_command,
+    setup_list_command,
+)
+
+
+def setup_commands(cmd):
+    """Setup commands"""
+    for setup_command in _COMMANDS:
+        setup_command(cmd)

edf_plasma_cli/command/abc.py

@@ -0,0 +1,45 @@
+"""Base for command implementation"""
+
+from enum import Enum
+from json import dumps
+
+from rich.box import ROUNDED
+from rich.console import Console
+from rich.table import Column, Table
+
+CONSOLE = Console()
+
+
+class Format(Enum):
+    """Output format"""
+
+    RICH = 'rich'
+    JSON = 'json'
+
+
+class FileFormat(Enum):
+    """File format"""
+
+    CSV = 'csv'
+    JSONL = 'jsonl'
+
+
+def display_table(out_fmt: Format, headers, rows, **kwargs):
+    """Build and print table"""
+    final_kwargs = {
+        'box': ROUNDED,
+        'row_styles': ['dim', ''],
+    }
+    final_kwargs.update(kwargs)
+    if out_fmt == Format.RICH:
+        final_headers = [
+            Column(header) if isinstance(header, str) else Column(**header)
+            for header in headers
+        ]
+        table = Table(*final_headers, **final_kwargs)
+        for row in rows:
+            table.add_row(*row)
+        CONSOLE.print(table)
+        return
+    for row in rows:
+        print(dumps(dict(zip(headers, row))))

edf_plasma_cli/command/dissect.py

@@ -0,0 +1,156 @@
+"""dissect command implementation"""
+
+from pathlib import Path
+from platform import node
+
+from edf_plasma_core.helper.csv import write_csv_gz
+from edf_plasma_core.helper.filtering import Filter
+from edf_plasma_core.helper.json import write_jsonl_gz
+from edf_plasma_core.helper.logging import get_logger
+from edf_plasma_core.helper.matching import regexp
+from edf_plasma_core.dissector import (
+    DissectionContext,
+    Dissector,
+    DissectorList,
+    get_dissectors,
+)
+
+from .abc import FileFormat, display_table
+
+_LOGGER = get_logger('cli.command.dissect')
+_HOSTNAME_REPL_PATTERN = regexp(r'[^\w]+')
+_OUTPUT_FORMAT_STRATEGY = {
+    FileFormat.CSV: ('.csv.gz', write_csv_gz),
+    FileFormat.JSONL: (
+        '.jsonl.gz',
+        lambda filepath, _, records: write_jsonl_gz(filepath, records),
+    ),
+}
+_GETATTR_STRATEGY = {
+    'slug': lambda dissector: {dissector.slug},
+    'tags': lambda dissector: {tag.value for tag in dissector.tags},
+}
+
+
+def _select(filter_spec: str, dissectors: DissectorList) -> DissectorList:
+    attribute, values = filter_spec.split(':', 1)
+    filter_ = Filter(include=set(values.split(',')))
+    getattr_ = _GETATTR_STRATEGY[attribute]
+    return [
+        dissector
+        for dissector in dissectors
+        if filter_.accept(getattr_(dissector))
+    ]
+
+
+def _run_dissector(
+    dissector: Dissector,
+    target: Path,
+    hostname: str,
+    file_format: FileFormat,
+    prefix: bool,
+    output_directory: Path,
+) -> tuple[Path, Path]:
+    targets = [target]
+    if target.is_dir():
+        targets = list(dissector.select(target))
+    hostname = _HOSTNAME_REPL_PATTERN.sub('_', hostname).upper()
+    ctx_list = [
+        DissectionContext(
+            dissector=dissector.slug,
+            hostname=hostname,
+            source=str(target),
+            filepath=target,
+        )
+        for target in targets
+    ]
+    prefix = f'{hostname}_' if prefix else ''
+    output_directory.mkdir(parents=True, exist_ok=True)
+    extension, write_records_to_file = _OUTPUT_FORMAT_STRATEGY[file_format]
+    out_filepath = output_directory / f'{prefix}{dissector.slug}{extension}'
+    err_filepath = (
+        output_directory / f'{prefix}{dissector.slug}_error{extension}'
+    )
+    write_records_to_file(
+        out_filepath,
+        dissector.table_schema.names,
+        dissector.dissect_many(ctx_list),
+    )
+    write_records_to_file(
+        err_filepath,
+        dissector.error_table_schema.names,
+        dissector.process_errors(ctx_list),
+    )
+    return out_filepath, err_filepath
+
+
+def _dissect_cmd(args):
+    rows = []
+    dissectors = get_dissectors()
+    if args.filter:
+        try:
+            dissectors = _select(args.filter, dissectors)
+        except KeyError:
+            _LOGGER.error(
+                "invalid filter attribute, available attributes are %s",
+                list(_GETATTR_STRATEGY.keys()),
+            )
+            return
+    for dissector in dissectors:
+        file_format = FileFormat(args.file_format)
+        out_filepath, err_filepath = _run_dissector(
+            dissector,
+            args.target,
+            args.hostname,
+            file_format,
+            args.prefix,
+            args.output_directory,
+        )
+        rows.append(
+            [
+                dissector.slug,
+                str(out_filepath.resolve()),
+                str(err_filepath.resolve()),
+            ]
+        )
+    display_table(
+        args.format,
+        [
+            'dissector',
+            {'header': 'out_filepath', 'overflow': 'fold'},
+            {'header': 'err_filepath', 'overflow': 'fold'},
+        ],
+        rows,
+        show_header=False,
+    )
+
+
+def setup_command(cmd):
+    """Setup init command parser"""
+    dissect = cmd.add_parser('dissect', help="Run a single dissector")
+    dissect.add_argument(
+        '--file-format',
+        '--ff',
+        choices=[fmt.value for fmt in FileFormat],
+        default=FileFormat.CSV.value,
+        help="Output file format",
+    )
+    dissect.add_argument(
+        '--prefix',
+        action='store_true',
+        help="Prefix output file with hostname",
+    )
+    dissect.add_argument(
+        '--hostname', default=node(), help="Hostname for given artifact"
+    )
+    dissect.add_argument(
+        '--filter',
+        help="Dissector filter, e.g. 'tags:ios' or 'slug:microsoft_lnk,microsoft_mft'",
+    )
+    dissect.add_argument(
+        'target', type=Path, help="Filepath or directory to dissect"
+    )
+    dissect.add_argument(
+        'output_directory', type=Path, help="Dissector output directory"
+    )
+    dissect.set_defaults(func=_dissect_cmd)

edf_plasma_cli/command/list.py

@@ -0,0 +1,27 @@
+"""list command implementation"""
+
+from edf_plasma_core.dissector import get_dissectors
+
+from .abc import display_table
+
+
+def _list_cmd(args):
+    display_table(
+        args.format,
+        ['slug', 'tags', 'description'],
+        (
+            [
+                dissector.slug,
+                ','.join(sorted(tag.value for tag in dissector.tags)),
+                dissector.description,
+            ]
+            for dissector in get_dissectors()
+        ),
+        show_header=False,
+    )
+
+
+def setup_command(cmd):
+    """Setup init command parser"""
+    list_ = cmd.add_parser('list', aliases=['ls'], help="List dissectors")
+    list_.set_defaults(func=_list_cmd)

edf_plasma_cli/main.py

@@ -0,0 +1,70 @@
+"""Plasma main program"""
+
+from argparse import ArgumentParser
+from importlib.util import spec_from_file_location, module_from_spec
+from pathlib import Path
+from sys import modules, exit as sys_exit
+
+from edf_plasma_core.helper.logging import get_logger
+# load dissectors
+import edf_plasma_dissectors as _
+
+from .__version__ import version
+from .command import Format, setup_commands
+
+_LOGGER = get_logger('cli')
+
+
+def _parse_args():
+    _LOGGER.info("Plasma v%s", version)
+    parser = ArgumentParser(description=f"Plasma v{version}")
+    parser.add_argument(
+        '--plugin-directory',
+        '-p',
+        type=Path,
+        help="Plugin directory to register extra dissectors",
+    )
+    parser.add_argument(
+        '--format',
+        '-f',
+        choices=[fmt.value for fmt in Format],
+        default=Format.RICH.value,
+        help="Output format",
+    )
+    cmd = parser.add_subparsers(dest='cmd')
+    cmd.required = True
+    setup_commands(cmd)
+    args = parser.parse_args()
+    args.format = Format(args.format)
+    return args
+
+
+def _import_from_file(plugin: Path):
+    spec = spec_from_file_location(plugin.stem, plugin)
+    module = module_from_spec(spec)
+    modules[plugin.stem] = module
+    spec.loader.exec_module(module)
+
+
+def _import_from_directory(plugin_directory: Path):
+    if not plugin_directory:
+        return
+    if not plugin_directory.is_dir():
+        return
+    for plugin in plugin_directory.glob('*.py'):
+        if not plugin.is_file():
+            continue
+        _import_from_file(plugin)
+
+
+def app():
+    """Application entrypoint"""
+    args = _parse_args()
+    _import_from_directory(args.plugin_directory)
+    exit_code = 0
+    try:
+        args.func(args)
+    except:
+        _LOGGER.exception("exception caught in main handler!")
+        exit_code = 1
+    sys_exit(exit_code)

edf_plasma_cli-1.0.0.dist-info/METADATA

@@ -0,0 +1,236 @@
+Metadata-Version: 2.4
+Name: edf-plasma-cli
+Version: 1.0.0
+Summary: EDF Plasma CLI
+Author-email: CERT-EDF <cert@edf.fr>
+License-Expression: MIT
+Project-URL: Homepage, https://github.com/cert-edf/plasma
+Project-URL: Repository, https://github.com/cert-edf/plasma
+Project-URL: Bug Tracker, https://github.com/cert-edf/plasma/issues
+Keywords: edf,plasma,forensic,artifact,dissector,normalizer,cli
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Intended Audience :: End Users/Desktop
+Classifier: Operating System :: POSIX :: Linux
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3 :: Only
+Classifier: Topic :: Utilities
+Classifier: Topic :: Security
+Requires-Python: >=3.12
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: edf-plasma-dissectors~=1.0
+Dynamic: license-file
+
+# EDF Plasma CLI
+
+## Introduction
+
+This package implements a command line interface to perform dissection of forensics
+artifacts from the command line using Plasma Framework's dissectors.
+
+<br>
+
+## Setup
+
+```bash
+# first, install edf-plasma-dissectors dependencies
+apt install autoconf \
+            automake \
+            autopoint \
+            build-essential \
+            git \
+            libsystemd-dev \
+            libtool \
+            pkg-config \
+            python3-dev \
+            python3-venv
+# create a virtual environment
+python3 -m venv venv
+# install edf-plasma-cli (will also install edf-plasma-core and edf-plasma-dissectors)
+venv/bin/python -m pip install edf-plasma-cli
+# start dissecting artifacts using dissect command
+venv/bin/plasma -h
+```
+
+<br>
+
+## Usage
+
+> [!TIP]
+> - Use `-f` to switch from `rich` output to `json` output to allow piping into `jq` for automation purpose
+> - Use `-p` to load custom plugins from a directory
+
+<br>
+
+### List available dissectors
+
+```bash
+venv/bin/plasma list
+```
+```
+[2025-09-17T09:52:49] INFO     (plasma.cli): Plasma v1.0.0
+╭────────────────────────────┬───────────────────────┬─────────────────────────────────────────────────╮
+│ android_mvt_appops         │ android,mvt           │ Dissect MVT Android appops output               │
+│ android_mvt_files          │ android,mvt           │ Dissect MVT Android files output                │
+│ android_mvt_packages       │ android,mvt           │ Dissect MVT Android packages output             │
+│ android_mvt_packages_perms │ android,mvt           │ Dissect MVT Android packages permissions output │
+│ android_mvt_processes      │ android,mvt           │ Dissect MVT Android processes output            │
+│ android_mvt_sms            │ android,mvt           │ Dissect MVT Android sms output                  │
+│ elf_ctor_dtor              │ elf,linux             │ Dissect ELF constructors and destructors        │
+│ elf_export                 │ elf,linux             │ Dissect ELF binary exported symbols             │
+│ elf_import                 │ elf,linux             │ Dissect ELF binary imported symbols             │
+│ elf_info                   │ elf,linux             │ Dissect ELF information                         │
+│ elf_library                │ elf,linux             │ Dissect ELF binary needed libraries             │
+│ elf_section                │ elf,linux             │ Dissect ELF binary sections                     │
+│ elf_segment                │ elf,linux             │ Dissect ELF binary segments                     │
+│ generic_chromium_history   │ generic,linux,windows │ Dissect Chromium download and visit history     │
+│ generic_firefox_history    │ generic,linux,windows │ Dissect Firefox download and visit history      │
+│ generic_ssh_pub_key        │ generic,linux,windows │ Dissect SSH public key                          │
+│ ios_mvt_analytics_ad_daily │ ios,mvt               │ Dissect MVT iOS os analytics ad daily output    │
+│ ios_mvt_apps               │ ios,mvt               │ Dissect MVT iOS apps output                     │
+│ ios_mvt_datausage          │ ios,mvt               │ Dissect MVT iOS datausage output                │
+│ ios_mvt_manifest           │ ios,mvt               │ Dissect MVT iOS manifest output                 │
+│ ios_mvt_safari_history     │ ios,mvt               │ Dissect MVT iOS safari history output           │
+│ ios_mvt_safari_state       │ ios,mvt               │ Dissect MVT iOS safari state output             │
+│ ios_mvt_shortcuts          │ ios,mvt               │ Dissect MVT iOS shortcuts output                │
+│ ios_mvt_sms                │ ios,mvt               │ Dissect MVT iOS sms output                      │
+│ ios_mvt_tcc                │ ios,mvt               │ Dissect MVT iOS tcc output                      │
+│ ios_mvt_webkit_rsrc_load   │ ios,mvt               │ Dissect MVT iOS webkit resource load output     │
+│ ios_mvt_whatsapp           │ ios,mvt               │ Dissect MVT iOS whatsapp output                 │
+│ ios_sysdiag_bluetooth      │ ios,sysdiag           │ Dissect iOS sysdiagnose bluetooth status output │
+│ ios_sysdiag_disk           │ ios,sysdiag           │ Dissect iOS sysdiagnose disk output             │
+│ ios_sysdiag_mount          │ ios,sysdiag           │ Dissect iOS sysdiagnose mount output            │
+│ ios_sysdiag_ps             │ ios,sysdiag           │ Dissect iOS sysdiagnose ps output               │
+│ ios_sysdiag_remotectl      │ ios,sysdiag           │ Dissect iOS sysdiagnose remotectl output        │
+│ ios_sysdiag_shutdown       │ ios,sysdiag           │ Dissect iOS sysdiagnose shutdown output         │
+│ ios_sysdiag_wifi           │ ios,sysdiag           │ Dissect iOS sysdiagnose disk output             │
+│ linux_apt_history          │ linux                 │ Dissect apt history log                         │
+│ linux_apt_sources          │ linux                 │ Dissect apt sources                             │
+│ linux_at_acl               │ linux                 │ Dissect at.allow and at.deny                    │
+│ linux_at_jobs              │ linux                 │ Dissect atjobs                                  │
+│ linux_auditd               │ linux                 │ Dissect auditd log                              │
+│ linux_authlog              │ linux                 │ Dissect auth.log* and secure* journals          │
+│ linux_crontab              │ linux                 │ Dissect crontabs                                │
+│ linux_dpkg                 │ linux                 │ Dissect dpkg                                    │
+│ linux_fslist               │ linux                 │ Dissect file list                               │
+│ linux_fstab                │ linux                 │ Dissect fstab                                   │
+│ linux_group                │ linux                 │ Dissect group                                   │
+│ linux_history              │ linux                 │ Dissect *_history files                         │
+│ linux_hosts                │ linux                 │ Dissect hosts                                   │
+│ linux_journal_auth         │ linux                 │ Dissect auth events from systemd journal        │
+│ linux_journal_cron         │ linux                 │ Dissect cron events from systemd journal        │
+│ linux_journal_ftp          │ linux                 │ Dissect ftp events from systemd journal         │
+│ linux_logrotate            │ linux                 │ Dissect logrotate                               │
+│ linux_netstat              │ linux                 │ Network connections                             │
+│ linux_passwd               │ linux                 │ Dissect passwd                                  │
+│ linux_resolv               │ linux                 │ Dissect resolv                                  │
+│ linux_shadow               │ linux                 │ Dissect shadow                                  │
+│ linux_systemd_service      │ linux                 │ Dissect systemd service                         │
+│ linux_systemd_timer        │ linux                 │ Dissect systemd timer                           │
+│ linux_udev_rules           │ linux                 │ Dissect udev rules                              │
+│ linux_usbguard_device      │ linux                 │ Dissect device events from usbguard log         │
+│ linux_usbguard_policy      │ linux                 │ Dissect policy events from usbguard log         │
+│ linux_wtmp_utmp            │ linux                 │ Dissect utmp, wtmp and btmp binary logs         │
+│ linux_xdg_autostart        │ linux                 │ Dissect xdg autostart                           │
+│ linux_yum_history          │ linux                 │ Dissect yum history log                         │
+│ linux_yum_sources          │ linux                 │ Dissect yum sources                             │
+│ pcap_dns_answers           │ pcap                  │ Dissect DNS answers from PCAP                   │
+│ pcap_dns_queries           │ pcap                  │ Dissect DNS queries from PCAP                   │
+│ pcap_http_requests         │ pcap                  │ Dissect DNS http requests from PCAP             │
+│ pcap_proto_stats           │ pcap                  │ Dissect protocols from PCAP                     │
+│ pcap_tcp_conv              │ pcap                  │ Dissect TCP conversations from PCAP             │
+│ pcap_tls_cert              │ pcap                  │ Dissect TLS certificates from PCAP              │
+│ pcap_tls_client_hello      │ pcap                  │ Dissect TLS client hello from PCAP              │
+│ pcap_tls_server_hello      │ pcap                  │ Dissect TLS server hello from PCAP              │
+│ pcap_udp_conv              │ pcap                  │ Dissect UDP conversations from PCAP             │
+│ pe_ctor_dtor               │ pe,windows            │ Dissect PE constructors and destructors         │
+│ pe_export                  │ pe,windows            │ Dissect PE exported symbols                     │
+│ pe_import                  │ pe,windows            │ Dissect PE imported symbols                     │
+│ pe_info                    │ pe,windows            │ Dissect PE information                          │
+│ pe_resource                │ pe,windows            │ Dissect PE resources                            │
+│ pe_rich                    │ pe,windows            │ Dissect PE rich header                          │
+│ pe_section                 │ pe,windows            │ Dissect PE sections                             │
+│ pe_signature               │ pe,windows            │ Dissect PE signatures                           │
+│ windows_appx               │ windows               │ Dissect AppX manifest files                     │
+│ windows_evtx               │ windows               │ Dissect events from EVTX files                  │
+│ windows_iis                │ windows               │ Dissect IIS journal entries                     │
+│ windows_lnk                │ windows               │ Dissect LNK                                     │
+│ windows_jumplist           │ windows               │ Dissect jumplist entries                        │
+│ windows_mft                │ windows               │ Dissect entries from NTFS MFT                   │
+│ windows_mssql              │ windows               │ Dissect MSSQL ERRORLOG entries                  │
+│ windows_netstat            │ windows               │ Network connections                             │
+│ windows_powershell         │ windows               │ Dissect powershell command line history         │
+│ windows_prefetch           │ windows               │ Dissect prefetch                                │
+│ windows_registry           │ windows               │ Dissect registry hives                          │
+│ windows_srudb              │ windows               │ Dissect SRUDB.dat                               │
+│ windows_task               │ windows               │ Dissect scheduled tasks                         │
+│ windows_usnj               │ windows               │ Dissect NTFS USN journal                        │
+│ windows_webcache           │ windows               │ Dissect WebCacheV01.dat                         │
+│ windows_wmi                │ windows               │ WMI event filter/consumer bindings              │
+│ windows_zone_identifier    │ windows               │ Dissect Zone.Identifier ADS                     │
+╰────────────────────────────┴───────────────────────┴─────────────────────────────────────────────────╯
+```
+
+<br>
+
+### List available dissectors
+
+> [!TIP]
+> Use `--fiter` to select dissectors by `tags` or by `slug`
+
+```bash
+plasma dissect --filter 'slug:linux_authlog,linux_wtmp_utmp' /tmp/demo/target /tmp/demo/output
+```
+```
+[2025-09-17T10:06:13] INFO     (plasma.cli): Plasma v1.0.0
+                      INFO     (plasma.dissectors.abc): file selected: linux_authlog (filepath=/tmp/demo/target/auth.log.4.gz)
+                      INFO     (plasma.dissectors.abc): file selected: linux_authlog (filepath=/tmp/demo/target/auth.log.3.gz)
+                      INFO     (plasma.dissectors.abc): file selected: linux_authlog (filepath=/tmp/demo/target/auth.log)
+                      INFO     (plasma.dissectors.abc): file selected: linux_authlog (filepath=/tmp/demo/target/auth.log.2.gz)
+                      INFO     (plasma.dissectors.abc): file selected: linux_authlog (filepath=/tmp/demo/target/auth.log.1)
+                      INFO     (plasma.dissectors.abc): dissect many start: linux_authlog (files=5)
+                      INFO     (plasma.dissectors.abc): dissection start: linux_authlog (filepath=/tmp/demo/target/auth.log.4.gz)
+                      INFO     (plasma.dissectors.abc): dissection complete: linux_authlog (records=2307, errors=0, time=0:00:00.012953)
+                      INFO     (plasma.dissectors.abc): dissection start: linux_authlog (filepath=/tmp/demo/target/auth.log.3.gz)
+[2025-09-17T10:06:14] INFO     (plasma.dissectors.abc): dissection complete: linux_authlog (records=2151, errors=0, time=0:00:00.012987)
+                      INFO     (plasma.dissectors.abc): dissection start: linux_authlog (filepath=/tmp/demo/target/auth.log)
+                      INFO     (plasma.dissectors.abc): dissection complete: linux_authlog (records=785, errors=0, time=0:00:00.004493)
+                      INFO     (plasma.dissectors.abc): dissection start: linux_authlog (filepath=/tmp/demo/target/auth.log.2.gz)
+                      INFO     (plasma.dissectors.abc): dissection complete: linux_authlog (records=1726, errors=0, time=0:00:00.010326)
+                      INFO     (plasma.dissectors.abc): dissection start: linux_authlog (filepath=/tmp/demo/target/auth.log.1)
+                      INFO     (plasma.dissectors.abc): dissection complete: linux_authlog (records=4580, errors=0, time=0:00:00.024124)
+                      INFO     (plasma.dissectors.abc): dissection many complete: linux_authlog (files=5, errors=0, time=0:00:00.069889)
+                      INFO     (plasma.dissectors.abc): file selected: linux_wtmp_utmp (filepath=/tmp/demo/target/wtmp)
+                      INFO     (plasma.dissectors.abc): dissect many start: linux_wtmp_utmp (files=1)
+                      INFO     (plasma.dissectors.abc): dissection start: linux_wtmp_utmp (filepath=/tmp/demo/target/wtmp)
+                      INFO     (plasma.dissectors.abc): dissection complete: linux_wtmp_utmp (records=1842, errors=0, time=0:00:00.106052)
+                      INFO     (plasma.dissectors.abc): dissection many complete: linux_wtmp_utmp (files=1, errors=0, time=0:00:00.107151)
+╭─────────────────┬─────────────────────────────────────────┬───────────────────────────────────────────────╮
+│ linux_authlog   │ /tmp/demo/output/linux_authlog.csv.gz   │ /tmp/demo/output/linux_authlog_error.csv.gz   │
+│ linux_wtmp_utmp │ /tmp/demo/output/linux_wtmp_utmp.csv.gz │ /tmp/demo/output/linux_wtmp_utmp_error.csv.gz │
+╰─────────────────┴─────────────────────────────────────────┴───────────────────────────────────────────────╯
+```
+
+<br>
+
+## License
+
+Distributed under the [MIT License](LICENSE).
+
+<br>
+
+## Contributing
+
+Contributions are welcome. See [CONTRIBUTING.md](https://github.com/CERT-EDF/plasma/blob/main/CONTRIBUTING.md).
+
+## Past contributors (before open sourcing)
+
+- [koromodako](https://github.com/koromodako)
+- [SPToast](https://github.com/SPToast)
+- [alex532h](https://github.com/alex532h)
+
+<br>
+
+## Security
+
+To report a (suspected) security issue, see [SECURITY.md](https://github.com/CERT-EDF/plasma/blob/main/SECURITY.md).

edf_plasma_cli-1.0.0.dist-info/RECORD

@@ -0,0 +1,13 @@
+edf_plasma_cli/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+edf_plasma_cli/__version__.py,sha256=9YOwLYSyRvoACgH0BeOxo1c69BZ4K5TV7anyKnWRL8U,712
+edf_plasma_cli/main.py,sha256=DrF3WO0kEbA3DV8FuuhVA3GwBVqc5TJGrYqdm-gcngg,1828
+edf_plasma_cli/command/__init__.py,sha256=AworCEwsfpGIYx3ErZ_b-3DV1qfWx1d4fWRJLl0D8Tg,343
+edf_plasma_cli/command/abc.py,sha256=ng-8nwJ-_low08bXAHo7bDDRH_4bQslp9qZlhDD22tQ,985
+edf_plasma_cli/command/dissect.py,sha256=goAIhAS4thkUDmm0PSyJC_38Vkg07QzO8FSxYA1BHYI,4593
+edf_plasma_cli/command/list.py,sha256=HiHRmPEJIzcxQCoIlg2224EiehZZWbKFqJPmnuGiyJg,670
+edf_plasma_cli-1.0.0.dist-info/licenses/LICENSE,sha256=u7ksjywIwisybgov0N66RBD_mV-gct9GTm52932s2QU,1064
+edf_plasma_cli-1.0.0.dist-info/METADATA,sha256=HK-1I0GskFo67QMd_bcVwg29JZ38Kzzw350E0eJ6sEA,18156
+edf_plasma_cli-1.0.0.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+edf_plasma_cli-1.0.0.dist-info/entry_points.txt,sha256=444GwzUer_wKIa0u3qTSu9ojCRQBVSGuOf3AOuiVSOQ,51
+edf_plasma_cli-1.0.0.dist-info/top_level.txt,sha256=9NqR1kcilfFnRDLGSq9b8gJk-lIxmlea43S0dMGzLQQ,15
+edf_plasma_cli-1.0.0.dist-info/RECORD,,

edf_plasma_cli-1.0.0.dist-info/WHEEL

@@ -0,0 +1,5 @@
+Wheel-Version: 1.0
+Generator: setuptools (80.9.0)
+Root-Is-Purelib: true
+Tag: py3-none-any
+

edf_plasma_cli-1.0.0.dist-info/entry_points.txt

@@ -0,0 +1,2 @@
+[console_scripts]
+plasma = edf_plasma_cli.main:app

edf_plasma_cli-1.0.0.dist-info/licenses/LICENSE

@@ -0,0 +1,20 @@
+MIT License
+
+Copyright (c) 2024 CERT-EDF
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

edf_plasma_cli-1.0.0.dist-info/top_level.txt

@@ -0,0 +1 @@
+edf_plasma_cli