def get_requirements(cls): return [ requirements.TranslationLayerRequirement(name = 'primary', description = 'Memory layer for the kernel', architectures = ["Intel32", "Intel64"]), requirements.SymbolTableRequirement(name = "nt_symbols", description = "Windows kernel symbols"), requirements.VersionRequirement(name = 'poolscanner', component = poolscanner.PoolScanner, version = (1, 0, 0)), requirements.VersionRequirement(name = 'info', component = info.Info, version = (1, 0, 0)), requirements.BooleanRequirement( name = 'include-corrupt', description = "Radically eases result validation. This will show partially overwritten data. WARNING: the results are likely to include garbage and/or corrupt data. Be cautious!", default = False, optional = True), ]
def get_requirements(cls) -> List[interfaces.configuration.RequirementInterface]: return [ requirements.TranslationLayerRequirement(name = 'primary', description = 'Memory layer for the kernel', architectures = ["Intel32", "Intel64"]), requirements.SymbolTableRequirement(name = "nt_symbols", description = "Windows kernel symbols"), requirements.PluginRequirement(name = 'hivelist', plugin = hivelist.HiveList, version = (1, 0, 0)), requirements.IntRequirement(name = 'offset', description = "Hive Offset", default = None, optional = True), requirements.StringRequirement(name = 'key', description = "Key to start from", default = None, optional = True), requirements.BooleanRequirement(name = 'recurse', description = 'Recurses through keys', default = False, optional = True) ]
def get_requirements(cls): return [ requirements.TranslationLayerRequirement( name='primary', description='Kernel Address Space', architectures=["Intel32", "Intel64"]), requirements.SymbolTableRequirement(name="darwin", description="Mac Kernel"), requirements.PluginRequirement(name='pslist', plugin=pslist.PsList, version=(2, 0, 0)), requirements.ListRequirement( name='pid', description='Filter on specific process IDs', element_type=int, optional=True) ]
def get_requirements(cls) -> List[interfaces.configuration.RequirementInterface]: return [ requirements.TranslationLayerRequirement(name = 'primary', description = 'Memory layer for the kernel', architectures = ["Intel32", "Intel64"]), requirements.SymbolTableRequirement(name = "nt_symbols", description = "Windows kernel symbols"), requirements.StringRequirement(name = 'filter', description = "String to filter hive names returned", optional = True, default = None), requirements.PluginRequirement(name = 'hivescan', plugin = hivescan.HiveScan, version = (1, 0, 0)), requirements.BooleanRequirement(name = 'dump', description = "Extract listed registry hives", default = False, optional = True) ]
def get_requirements( cls) -> List[interfaces.configuration.RequirementInterface]: # Since we're calling the plugin, make sure we have the plugin's requirements return [ requirements.TranslationLayerRequirement( name='primary', description='Memory layer for the kernel', architectures=["Intel32", "Intel64"]), requirements.SymbolTableRequirement( name="nt_symbols", description="Windows kernel symbols"), requirements.PluginRequirement(name='pslist', plugin=pslist.PsList, version=(1, 0, 0)), requirements.PluginRequirement(name='netscan', plugin=pslist.PsList, version=(1, 0, 0)), ]
def get_requirements(cls): return [ requirements.TranslationLayerRequirement(name = 'primary', description = 'Memory layer for the kernel', architectures = ["Intel32", "Intel64"]), requirements.SymbolTableRequirement(name = "darwin", description = "Mac kernel symbols"), requirements.VersionRequirement(name = 'macutils', component = mac.MacUtilities, version = (1, 1, 0)), requirements.ChoiceRequirement(name = 'pslist_method', description = 'Method to determine for processes', choices = cls.pslist_methods, default = cls.pslist_methods[0], optional = True), requirements.ListRequirement(name = 'pid', description = 'Filter on specific process IDs', element_type = int, optional = True) ]
def get_requirements( cls) -> List[interfaces.configuration.RequirementInterface]: # Since we're calling the plugin, make sure we have the plugin's requirements return [ requirements.TranslationLayerRequirement( name='primary', description='Memory layer for the kernel', architectures=["Intel32", "Intel64"]), requirements.SymbolTableRequirement( name="nt_symbols", description="Windows kernel symbols"), requirements.StringRequirement( name='tags', description= "Comma separated list of pool tags to filter pools returned", optional=True, default=None) ]
def get_requirements( cls) -> List[interfaces.configuration.RequirementInterface]: # Reuse the requirements from the plugins we use return [ requirements.PluginRequirement(name='pslist', plugin=pslist.PsList, version=(1, 0, 0)), requirements.PluginRequirement(name='modules', plugin=modules.Modules, version=(1, 0, 0)), requirements.TranslationLayerRequirement( name='primary', description='Memory layer for the kernel', architectures=["Intel32", "Intel64"]), requirements.SymbolTableRequirement( name="nt_symbols", description="Windows kernel symbols") ]
def get_requirements(cls): return [ requirements.TranslationLayerRequirement( name='primary', description='Memory layer for the kernel', architectures=["Intel32", "Intel64"]), requirements.SymbolTableRequirement( name="nt_symbols", description="Windows kernel symbols"), requirements.PluginRequirement( name='pslist', plugin=pslist.PsList, version=(1, 0, 0)), requirements.ListRequirement(name = 'pid', element_type = int, description = "Process ID to include (all other processes are excluded)", optional = True), ]
def get_requirements(cls): # Since we're calling the plugin, make sure we have the plugin's requirements return [ requirements.TranslationLayerRequirement(name = 'primary', description = 'Memory layer for the kernel', architectures = ["Intel32", "Intel64"]), requirements.SymbolTableRequirement(name = "nt_symbols", description = "Windows kernel symbols"), requirements.ListRequirement(name = 'pid', element_type = int, description = "Process IDs to include (all other processes are excluded)", optional = True), requirements.BooleanRequirement(name = 'dump', description = "Extract injected VADs", default = False, optional = True), requirements.VersionRequirement(name = 'pslist', component = pslist.PsList, version = (2, 0, 0)), requirements.VersionRequirement(name = 'vadinfo', component = vadinfo.VadInfo, version = (2, 0, 0)) ]
def get_requirements(cls) -> List[interfaces.configuration.RequirementInterface]: # Since we're calling the plugin, make sure we have the plugin's requirements return [requirements.TranslationLayerRequirement(name = 'primary', description = 'Memory layer for the kernel', architectures = ["Intel32", "Intel64"]), requirements.SymbolTableRequirement(name = "nt_symbols", description = "Windows kernel symbols"), # TODO: Convert this to a ListRequirement so that people can filter on sets of ranges requirements.IntRequirement(name = 'address', description = "Process virtual memory address to include " \ "(all other address ranges are excluded). This must be " \ "a base address, not an address within the desired range.", optional = True), requirements.IntRequirement( name = 'pid', description = "Process ID to include (all other processes are excluded)", optional = True), requirements.PluginRequirement(name = 'pslist', plugin = pslist.PsList, version = (1, 0, 0)), requirements.PluginRequirement(name = 'vadinfo', plugin = vadinfo.VadInfo, version = (1, 0, 0)), ]
def get_requirements(cls): # Since we're calling the plugin, make sure we have the plugin's requirements return [ requirements.TranslationLayerRequirement( name='primary', description='Memory layer for the kernel', architectures=["Intel32", "Intel64"]), requirements.SymbolTableRequirement( name="vmlinux", description="Linux kernel symbols"), requirements.PluginRequirement(name='pslist', plugin=pslist.PsList, version=(1, 0, 0)), requirements.ListRequirement( name='pid', description='Filter on specific process IDs', element_type=int, optional=True) ]
def get_requirements( cls) -> List[interfaces.configuration.RequirementInterface]: return [ requirements.TranslationLayerRequirement( name='primary', description='Memory layer for the kernel', architectures=["Intel32", "Intel64"]), requirements.SymbolTableRequirement( name="vmlinux", description="Linux kernel symbols"), requirements.PluginRequirement(name='pslist', plugin=pslist.PsList, version=(1, 0, 0)), requirements.ListRequirement( name='pid', description='Filter on specific process IDs', element_type=int, optional=True) ]
def get_requirements(cls): return [ requirements.TranslationLayerRequirement( name='primary', description='Memory layer for the kernel', architectures=["Intel32", "Intel64"]), requirements.SymbolTableRequirement(name="darwin", description="Mac kernel"), requirements.VersionRequirement(name='macutils', component=mac.MacUtilities, version=(1, 1, 0)), requirements.PluginRequirement(name='lsmod', plugin=lsmod.Lsmod, version=(1, 0, 0)), requirements.PluginRequirement(name='kauth_scopes', plugin=kauth_scopes.Kauth_scopes, version=(1, 0, 0)) ]
def get_requirements(cls): return [ requirements.TranslationLayerRequirement(name = 'primary', description = 'Memory layer for the kernel', architectures = ["Intel32", "Intel64"]), requirements.SymbolTableRequirement(name = "nt_symbols", description = "Windows kernel symbols"), requirements.BooleanRequirement(name = 'physical', description = 'Display physical offsets instead of virtual', default = cls.PHYSICAL_DEFAULT, optional = True), requirements.ListRequirement(name = 'pid', element_type = int, description = "Process ID to include (all other processes are excluded)", optional = True), requirements.BooleanRequirement(name = 'dump', description = "Extract listed processes", default = False, optional = True) ]
def get_requirements(cls): return [ requirements.TranslationLayerRequirement( name='primary', description='Memory layer for the kernel', architectures=["Intel32", "Intel64"]), requirements.SymbolTableRequirement( name="nt_symbols", description="Windows kernel symbols"), # TODO: Convert this to a ListRequirement so that people can filter on sets of pids requirements.BooleanRequirement( name='physical', description='Display physical offsets instead of virtual', default=cls.PHYSICAL_DEFAULT, optional=True), requirements.IntRequirement( name='pid', description= "Process ID to include (all other processes are excluded)", optional=True) ]
def get_requirements(cls): return [ requirements.TranslationLayerRequirement( name='primary', description='Memory layer for the kernel', architectures=["Intel32", "Intel64"]), requirements.SymbolTableRequirement(name="darwin", description="Mac kernel"), requirements.PluginRequirement(name='pslist', plugin=pslist.PsList, version=(2, 0, 0)), requirements.VersionRequirement(name='macutils', component=mac.MacUtilities, version=(1, 2, 0)), requirements.ListRequirement( name='pid', description='Filter on specific process IDs', element_type=int, optional=True) ]
def get_requirements( cls) -> List[interfaces.configuration.RequirementInterface]: # Since we're calling the plugin, make sure we have the plugin's requirements return [ requirements.TranslationLayerRequirement( name='primary', description='Memory layer for the kernel', architectures=["Intel32", "Intel64"]), requirements.SymbolTableRequirement( name="nt_symbols", description="Windows kernel symbols"), requirements.ListRequirement( name='pid', element_type=int, description= "Process IDs to include (all other processes are excluded)", optional=True), requirements.PluginRequirement(name='pslist', plugin=pslist.PsList, version=(2, 0, 0)) ]
def get_requirements(cls): return [ requirements.TranslationLayerRequirement( name='primary', description='Memory layer for the kernel', architectures=["Intel32", "Intel64"]), requirements.SymbolTableRequirement( name="nt_symbols", description="Windows kernel symbols"), requirements.VersionRequirement(name='poolerscanner', component=poolscanner.PoolScanner, version=(1, 0, 0)), requirements.VersionRequirement(name='dlllist', component=dlllist.DllList, version=(1, 0, 0)), requirements.BooleanRequirement( name='dump', description="Extract listed modules", default=False, optional=True) ]
def get_requirements(cls): # Since we're calling the plugin, make sure we have the plugin's requirements return [ requirements.TranslationLayerRequirement( name='primary', description='Memory layer for the kernel', architectures=["Intel32", "Intel64"]), requirements.SymbolTableRequirement( name="nt_symbols", description="Windows kernel symbols"), requirements.IntRequirement( name='pid', description= "Process ID to include (all other processes are excluded)", optional=True), requirements.PluginRequirement(name='pslist', plugin=pslist.PsList, version=(1, 0, 0)), requirements.PluginRequirement(name='vadinfo', plugin=vadinfo.VadInfo, version=(1, 0, 0)), ]
def get_requirements( cls) -> List[interfaces.configuration.RequirementInterface]: return [ requirements.TranslationLayerRequirement( name='primary', description='Memory layer for the kernel', architectures=["Intel32", "Intel64"]), requirements.SymbolTableRequirement( name="nt_symbols", description="Windows kernel symbols"), requirements.VersionRequirement(name='pslist', component=pslist.PsList, version=(2, 0, 0)), requirements.VersionRequirement(name='dlllist', component=dlllist.DllList, version=(2, 0, 0)), requirements.BooleanRequirement( name='dump', description="Extract listed modules", default=False, optional=True) ]
def get_requirements( cls) -> List[interfaces.configuration.RequirementInterface]: ## TODO: we might add a regex option on the name later, but otherwise we're good ## TODO: and we don't want any CLI options from pslist, modules, or moddump return [ requirements.PluginRequirement(name='pslist', plugin=pslist.PsList, version=(1, 0, 0)), requirements.PluginRequirement(name='modules', plugin=modules.Modules, version=(1, 0, 0)), requirements.PluginRequirement(name='moddump', plugin=moddump.ModDump, version=(1, 0, 0)), requirements.TranslationLayerRequirement( name='primary', description='Memory layer for the kernel', architectures=["Intel32", "Intel64"]), requirements.SymbolTableRequirement( name="nt_symbols", description="Windows kernel symbols"), ]
def get_requirements( cls) -> List[interfaces.configuration.RequirementInterface]: return [ requirements.TranslationLayerRequirement( name='primary', description="Memory layer for the kernel", architectures=["Intel32", "Intel64"]), requirements.SymbolTableRequirement( name="nt_symbols", description="Windows kernel symbols"), requirements.BooleanRequirement( name="wide", description="Match wide (unicode) strings", default=False, optional=True), requirements.StringRequirement( name="yara_rules", description="Yara rules (as a string)", optional=True), requirements.URIRequirement(name="yara_file", description="Yara rules (as a file)", optional=True), requirements.IntRequirement( name="max_size", default=0x40000000, description="Set the maximum size (default is 1GB)", optional=True), requirements.PluginRequirement(name='pslist', plugin=pslist.PsList, version=(2, 0, 0)), requirements.VersionRequirement(name='yarascanner', component=yarascan.YaraScanner, version=(2, 0, 0)), requirements.ListRequirement( name='pid', element_type=int, description= "Process IDs to include (all other processes are excluded)", optional=True) ]
def get_requirements( cls) -> List[interfaces.configuration.RequirementInterface]: # Since we're calling the plugin, make sure we have the plugin's requirements return [ requirements.TranslationLayerRequirement( name='primary', description='Memory layer for the kernel', architectures=["Intel32", "Intel64"]), requirements.SymbolTableRequirement( name="nt_symbols", description="Windows kernel symbols"), requirements.BooleanRequirement( name='PARSE_ALL', description='Parse every directory under the root dir', optional=True), requirements.StringRequirement( name='SUPPLY_ADDR', description='Parse directories under specific addresses', optional=True), requirements.StringRequirement( name='FULL_PATH', description='Parse a directory found by full path location', optional=True), ]
def get_requirements( cls) -> List[interfaces.configuration.RequirementInterface]: # Since we're calling the plugin, make sure we have the plugin's requirements return [ requirements.TranslationLayerRequirement( name='primary', description='Memory layer for the kernel', architectures=["Intel32", "Intel64"]), requirements.SymbolTableRequirement( name="nt_symbols", description="Windows kernel symbols"), #requirements.VersionRequirement(name = 'info', component = info.Info, version = (1, 0, 0)), requirements.ListRequirement( name='pid', element_type=str, description= "Process IDs to include (all other processes are excluded)", optional=True), requirements.BooleanRequirement( name='include-corrupt', description="Include non-valid records (substitutions)", default=False, optional=True), ]
def get_requirements(cls): # Since we're calling the plugin, make sure we have the plugin's requirements return [ requirements.TranslationLayerRequirement( name='primary', description='Memory layer for the kernel', architectures=["Intel32", "Intel64"]), requirements.SymbolTableRequirement( name="nt_symbols", description="Windows kernel symbols"), requirements.IntRequirement( name='pid', description= "Process ID to include (all other processes are excluded)", optional=True), requirements.StringRequirement( name="ssdeep", description="Search single ssdeep value", optional=True), requirements.StringRequirement( name="ssdeeplist", description="Search ssdeep list file", optional=True), requirements.StringRequirement( name="exefile", description="Comparing the PE file or direcroty", optional=True), requirements.IntRequirement( name='threshold', description="Ssdeep threshold (Default 30)", optional=True), requirements.PluginRequirement(name='pslist', plugin=pslist.PsList, version=(1, 0, 0)), requirements.PluginRequirement(name='vadinfo', plugin=vadinfo.VadInfo, version=(1, 0, 0)), ]
def get_requirements(cls): return (super().get_requirements() + [ requirements.SymbolTableRequirement(name = "vmlinux", description = "Linux kernel symbols"), requirements.PluginRequirement(name = 'pslist', plugin = pslist.PsList, version = (1, 0, 0)), requirements.IntRequirement(name = 'pid', description = "Process ID", optional = True) ])