def __init__(
self,
src: Arg(type=str, help='The meta variable name.'),
dst: Arg(type=str,
help='Optional name of the second meta variable.') = None):
super().__init__(src=check_variable_name(src),
dst=check_variable_name(dst))
def __init__(
self,
addresses: Arg(
type=sliceobj,
nargs='+',
metavar='start:count:align',
help=
('Use Python slice syntax to describe an area of virtual memory to read. If a chunksize is '
'specified, then the unit will always read a multiple of that number of bytes'
)),
ascii: Arg.Switch(
'-a', group='END',
help='Read ASCII strings; equivalent to -th:00') = False,
utf16: Arg.Switch(
'-u',
group='END',
help=
'Read UTF16 strings; equivalent to -th:0000 (also sets chunksize to 2)'
) = False,
until: Arg.Binary('-t',
group='END',
help='Read until sequence {varname} is read.') = B'',
base: Arg.Number(
'-b',
metavar='ADDR',
help='Optionally specify a custom base address B.') = None,
):
if sum(1 for t in (until, utf16, ascii) if t) > 1:
raise ValueError(
'Only one of utf16, ascii, and until can be specified.')
return super().__init__(addresses=addresses,
utf16=utf16,
ascii=ascii,
until=until,
base=base)
def __init__(
self,
*filenames: Arg(
metavar='FILEMASK',
nargs='+',
type=str,
help=(
'A list of file masks (with wildcard patterns). Each matching '
'file will be read from disk and emitted. In addition to glob '
'patterns, the file mask can include format string expressions '
'which will be substituted from the current meta variables.')),
list: Arg.Switch('-l', help='Only lists files with metadata.') = False,
meta: Arg.Switch(
'-m',
help=('Adds the atime, mtime, ctime, and size metadata variables.'
)) = False,
size: Arg.Number(
'-s',
help=(
'If specified, files will be read in chunks of size N and each '
'chunk is emitted as one element in the output list.')) = 0,
linewise: Arg.Switch(
'-w',
help=
('Read the file linewise. By default, one line is read at a time. '
'In line mode, the --size argument can be used to read the given '
'number of lines in each chunk.')) = False):
super().__init__(size=size,
list=list,
meta=meta,
linewise=linewise,
filenames=filenames)
def __init__(
self,
*commandline: Arg(
nargs='...',
type=str,
metavar='(all remaining)',
help=
('All remaining command line tokens form an arbitrary command line to be executed. Use format string syntax '
'to insert meta variables and incoming data chunks.')),
buffer: Arg.Switch(
'-b',
help=
'Buffer the command output for one execution rather than streaming it.'
) = False,
noerror: Arg(
'-e',
help=
'do not merge stdin and stderr; stderr will only be output if -v is also specified.'
) = False,
timeout: Arg(
'-t',
metavar='T',
help=
'Set an execution timeout as a floating point number in seconds, there is none by default.'
) = 0.0):
if not commandline:
raise ValueError('you need to provide a command line.')
super().__init__(commandline=commandline,
noerror=noerror,
buffer=buffer,
timeout=timeout)
def __init__(
self,
blocks: Arg.
Number(
'-B',
help=
'Group hexadecimal bytes in blocks of the given size; default is {default}.'
) = 1,
dense: Arg.Switch('-D',
help='Do not insert spaces in hexdump.') = False,
expand: Arg.Switch(
'-E',
help='Do not compress sequences of identical lines in hexdump'
) = False,
narrow: Arg.Switch(
'-N', help='Do not show addresses in hexdump') = False,
width: Arg.
Number(
'-W',
help=
'Specify the number of hexadecimal characters to use in preview.'
) = 0,
**kwargs):
super().__init__(blocks=blocks,
dense=dense,
expand=expand,
narrow=narrow,
width=width,
**kwargs)
def __init__(
self,
consecutive: Arg.Switch('-c', help='Assume that the repeating pattern is consecutive when observable.') = False,
align: Arg.Switch('-d', help='Assume that the pattern occurs at offsets that are multiples of its length.') = False,
min: Arg.Number('-n', help='Minimum size of the pattern to search for. Default is {default}.') = 1,
max: Arg.Number('-N', help='Maximum size of the pattern to search for. Default is {default}.') = INF,
len: Arg.Number('-l', help='Set the exact size of the pattern. This is equivalent to --min=N --max=N.') = None,
all: Arg.Switch('-a', help='Produce one output for each repeating pattern that was detected.') = False,
threshold: Arg.Number('-t', help='Patterns must match this performance threshold in percent, lest they be discarded.') = 20,
weight: Arg.Number('-w', help='Specifies how much longer patterns are favored over small ones. Default is {default}.') = 0,
buffer: Arg.Number('-b', group='BFR', help='Maximum number of bytes to inspect at once. The default is {default}.') = 1024,
chug : Arg.Switch('-g', group='BFR', help='Compute the prefix tree for the entire buffer instead of chunking it.') = False
):
if len is not None:
min = max = len
super().__init__(
min=min,
max=max,
all=all,
consecutive=consecutive,
align=align,
weight=weight,
buffer=buffer,
chug=chug,
threshold=threshold
)
def __init__(
self,
spec: Arg(type=str, help='Structure format as explained above.'),
*outputs: Arg(metavar='output',
type=str,
help='Output format as explained above.'),
multi: Arg.Switch(
'-m',
help=
('Read as many pieces of structured data as possible intead of just one.'
)) = False,
count: Arg.Number(
'-n',
help=
('A limit on the number of chunks to read in multi mode; default is {default}.'
)) = INF,
until: Arg(
'-u',
metavar='E',
type=str,
help=
('An expression evaluated on each chunk in multi mode. New chunks will be parsed '
'only if the result is nonzero.')) = None,
):
outputs = outputs or [F'{{{_SHARP}}}']
super().__init__(spec=spec,
outputs=outputs,
until=until,
count=count,
multi=multi)
def __init__(
self,
base: Arg(
type=numseq,
metavar='base|alphabet',
help=
(R'Either the base to be used or an alphabet. If an explicit alphabet is given, its length '
R'determines the base. The default base 0 treats the input as a Python integer literal. If '
F'a numeric base is given, digits from the alphabet "{_DEFAULT_ALPH_STR}" are used. '
)) = 0,
strip_padding: Arg.Switch(
'-s', help='Do not add leading zeros to the output.') = False,
little_endian: Arg.Switch(
'-e', help='Use little endian byte order instead of big endian.'
) = False,
strict_digits: Arg.Switch(
'-d', help='Check that all input digits are part of the alphabet.'
) = False,
):
super().__init__(
base=base,
strip_padding=strip_padding,
little_endian=little_endian,
strict_digits=strict_digits,
)
def __init__(
self, key: Arg(
help='Secure string encryption 16-byte AES key; the default are the bytes from 1 to 16.'
) = bytes(range(1, 17)),
iv: Arg('-i', help='Optionally specify an IV to use for encryption.') = None
):
super().__init__(key=key, iv=iv)
def __init__(
self,
level: Arg.Number(
'-l',
bound=(0, 0X9),
help='Specify a compression level between 0 and 9.') = 9,
window: Arg.Number(
'-w',
bound=(8, 0XF),
help='Manually specify the window size between 8 and 15.') = 15,
force: Arg.Switch(
'-f',
help='Decompress as far as possible, even if all known methods fail.'
) = False,
zlib_header: Arg.Switch('-z', group='MODE',
help='Use a ZLIB header.') = False,
gzip_header: Arg.Switch('-g', group='MODE',
help='Use a GZIP header.') = False):
if zlib_header and gzip_header:
raise ValueError(
'You can only specify one header type (ZLIB or GZIP).')
return super().__init__(level=level,
window=window,
force=force,
zlib_header=zlib_header,
gzip_header=gzip_header)
def __init__(
self,
name: Arg(help='The name of the variable to be used.', type=str),
value: Arg(
help=
'The value for the variable. If no value is given, the entire current chunk is stored.',
type=functools.partial(numseq, typecheck=False)) = None):
super().__init__(name=check_variable_name(name), value=value)
def __init__(
self, key,
nonce: Arg(help='The nonce. Default is the string {default}.') = B'REFINERY',
magic: Arg('-m', help='The magic constant; depends on the key size by default.') = B'',
offset: Arg.Number('-x', help='Optionally specify the stream index, default is {default}.') = 0,
rounds: Arg.Number('-r', help='The number of rounds. Has to be an even number.') = 20,
):
super().__init__(key=key, nonce=nonce, magic=magic, offset=offset, rounds=rounds)
def __init__(
self,
certificate: Arg.Switch('--no-cert', '-c',
help='Do not include digital signatures for the size computation.') = True,
directories: Arg.Switch('--no-dirs', '-d',
help='Do not include any data directories for size computation (implies --no-cert).') = True,
memdump: Arg.Switch('-m', help='Assume that the file data was a memory-mapped PE file.') = False,
):
super().__init__(certificate=certificate, directories=directories, memdump=memdump)
def __init__(
self, size: Arg.Number('size', help='Chop data into chunks of this size.'),
truncate: Arg.Switch('-t', help=(
'Truncate possible excess bytes at the end of the input, by default they are appended as a single chunk.')) = False,
into: Arg.Switch('-i', help=(
'If this flag is specified, the size parameter determines the number of blocks to be produced rather than the size '
'of each block. In this case, truncation is performed before the data is split.')) = False
):
return super().__init__(size=size, into=into, truncate=truncate)
def __init__(
self,
public: Arg.Switch(
'-p', help='Force public key output even if the input is private.'
) = False,
output: Arg(
help=
'Select an output format (PEM/DER/XKMS/TEXT/JSON), default is PEM.'
) = RSAFormat.PEM):
super().__init__(public=public, output=Arg.AsOption(output, RSAFormat))
def __init__(
self,
slices: Arg(help='Specify start:stop:step in Python slice syntax.') = [
slice(None, None)
],
remove: Arg.Switch(
'-r',
help='Remove the slices from the input rather than selecting them.'
) = False):
super().__init__(slices=slices, remove=remove)
def __init__(
self,
separator: Arg(help='Separator; the default is a line break.') = B'\n',
scoped: Arg.Switch(
'-s',
help=
('Maintain chunk scope; i.e. do not turn all input chunks visible.'
)) = False):
super().__init__(separator=separator, scoped=scoped)
self.separate = False
def __init__(
self,
indent: Arg.Number(
'-i',
help=
('Controls the amount of space characters used for indentation in the output. Default is 4.'
)) = 4,
header: Arg.Switch(
'-x', help='Add an XML header to the formatted output.') = False):
super().__init__(indent=indent, header=header)
def __init__(
self,
search: Arg(help='This is the search term.'),
replace: Arg(
help=
'The substitution string. Leave this empty to remove all occurrences of the search term.'
) = B'',
count: Arg.Number(
'-n', help='Only replace the given number of occurrences') = -1):
super().__init__(search=search, replace=replace, count=count)
def __init__(
self,
format: Arg(
help=
'Specify the output format as a strftime-like string, using ISO by default.'
) = '%Y-%m-%d %H:%M:%S',
dos: Arg(
'-d',
help='Parse timestamps in DOS rather than Unix format.') = False):
super().__init__(format=format, dos=dos)
def __init__(
self,
variable: Arg(
help='The variable which is used as the accumulator') = 'count',
relative: Arg.Switch(
'-r',
help='Normalize the accumulator to a number between 0 and 1.'
) = False):
super().__init__(variable=variable, relative=relative)
self._trunk = None
self._store = collections.defaultdict(int)
def __init__(
self,
tabular: Arg.Switch(
'-t',
group='OUT',
help='Convert JSON input into a flattened table.') = False,
indent: Arg.Number(
'-i',
group='OUT',
help='Number of spaces used for indentation. Default is {default}.'
) = 4):
return super().__init__(indent=indent, tabular=tabular)
def __init__(
self,
parts: Arg(
'parts',
nargs='?',
type=str,
help=
('A string containing any ordering of the letters R, G, B, and A (case-insensitive). '
'These pixel components will be extracted from every pixel in the given order. The '
'default value is {default}.')) = 'RGB'):
super().__init__(parts=tuple(
Arg.AsOption(p, PIXEL_PART) for p in parts))
def __init__(
self, regex: Arg(type=regexp, help='Regular expression to match.'),
multiline: Arg.Switch('-M',
help='Caret and dollar match the beginning and end of a line, a dot does not match line breaks.') = False,
ignorecase: Arg.Switch('-I',
help='Ignore capitalization for alphabetic characters.') = False,
count: Arg.Number('-c', help='Specify the maximum number of operations to perform.') = 0,
**keywords
):
flags = re.MULTILINE if multiline else re.DOTALL
if ignorecase:
flags |= re.IGNORECASE
super().__init__(regex=regex, flags=flags, count=count, **keywords)
def __init__(
self,
width: Arg(
'width',
help=
'Optionally specify the width, by default the current terminal width is used.'
) = 0,
delta: Arg.Number(
'-d',
help='Subtract this number from the calculated width (0 by default).'
) = 0,
):
super().__init__(width=width, delta=delta)
def __init__(
self,
count: Arg.NumSeq(help=(
'Defines the number of outputs to generate for each input. The default is {default}. '
'You can specify any multibin expression that defines an integer iterable here: Each '
'input chunk will be replicated once for each element of that sequence.'
)) = 2,
label: Arg(
type=str,
help=
('If specified, the meta variable with this name will be populated with the index of '
'the replicated chunk. When the count parameter is an integer, this label will be '
'equivalent to the index meta variable.')) = None):
super().__init__(count=count, label=label)
def __init__(
self,
url_only: Arg.Switch(
'-u',
help='Only defang URLs, do not look for domains or IPs.') = False,
url_protocol: Arg.Switch('-p',
help='Escape the protocol in URLs.') = False,
dot_only: Arg.Switch(
'-d', help='Do not escape the protocol colon in URLs.') = False,
quote_md: Arg.Switch(
'-q',
help='Wrap all indicators in backticks for markdown code.') = False
):
self.superinit(super(), **vars())
def __init__(
self,
*junk: Arg(
help=
'Binary strings to be removed, default are all whitespace characters.'
),
left: Arg.Switch('-r',
'--right-only',
group='SIDE',
help='Do not trim left.') = True,
right: Arg.Switch('-l',
'--left-only',
group='SIDE',
help='Do not trim right.') = True):
super().__init__(junk=junk, left=left, right=right)
def __init__(
self,
user: Arg.Switch('-m',
'--meta',
off=True,
group='HEAP',
help='Only extract from #Strings.') = True,
meta: Arg.Switch('-u',
'--user',
off=True,
group='HEAP',
help='Only extract from #US.') = True,
):
if not meta and not user:
raise ValueError('Either ascii or utf16 strings must be enabled.')
super().__init__(meta=meta, user=user)
def __init__(
self,
text: Arg('-t',
help='Output a hexadecimal representation of the hash.'
) = False,
**kwargs):
super().__init__(text=text, **kwargs)