def Main():
"""Start the tool."""
temp_location = tempfile.gettempdir()
options = putils.Options()
# Set the default options.
options.buffer_size = 0
options.debug = False
options.filename = '.'
options.file_filter = ''
options.filter = ''
options.image = False
options.image_offset = None
options.image_offset_bytes = None
options.old_preprocess = False
options.open_files = False
options.output = os.path.join(temp_location, 'wheredidmytimelinego.dump')
options.output_module = ''
options.parsers = ''
options.parse_vss = False
options.preprocess = False
options.recursive = False
options.single_process = False
options.timezone = 'UTC'
options.workers = 5
format_str = '[%(levelname)s] (%(processName)-10s) %(message)s'
logging.basicConfig(format=format_str)
front_end = PshellFrontend()
try:
front_end.ParseOptions(options, source_option='filename')
front_end.SetStorageFile(options.output)
except errors.BadConfigOption as exception:
logging.error(u'{0:s}'.format(exception))
# TODO: move to frontend object.
if options.image and options.image_offset_bytes is None:
if options.image_offset is not None:
bytes_per_sector = getattr(options, 'bytes_per_sector', 512)
options.image_offset_bytes = options.image_offset * bytes_per_sector
else:
options.image_offset_bytes = 0
namespace = {}
pre_obj = event.PreprocessObject()
namespace.update(globals())
namespace.update({
'frontend': front_end,
'pre_obj': pre_obj,
'options': options,
'find_all_output': FindAllOutputs,
'parse_file': ParseFile,
'timestamp_from_event': PrintTimestampFromEvent,
'message': formatters.manager.EventFormatterManager.GetMessageStrings})
# Include few random phrases that get thrown in once the user exists the
# shell.
_my_random_phrases = [
u'I haven\'t seen timelines like this since yesterday.',
u'Timelining is super relaxing.',
u'Why did I not use the shell before?',
u'I like a do da cha cha',
u'I AM the Shogun of Harlem!',
(u'It doesn\'t matter if you win or lose, it\'s what you do with your '
u'dancin\' shoes'),
u'I have not had a night like that since the seventies.',
u'Baker Team. They\'re all dead, sir.',
(u'I could have killed \'em all, I could\'ve killed you. In town '
u'you\'re the law, out here it\'s me.'),
(u'Are you telling me that 200 of our men against your boy is a no-win '
u'situation for us?'),
u'Hunting? We ain\'t huntin\' him, he\'s huntin\' us!',
u'You picked the wrong man to push',
u'Live for nothing or die for something',
u'I am the Fred Astaire of karate.',
(u'God gave me a great body and it\'s my duty to take care of my '
u'physical temple.'),
u'This maniac should be wearing a number, not a badge',
u'Imagination is more important than knowledge.',
u'Do you hate being dead?',
u'You\'ve got 5 seconds... and 3 are up.',
u'He is in a gunfight right now. I\'m gonna have to take a message',
u'That would be better than losing your teeth',
u'The less you know, the more you make',
(u'A SQL query goes into a bar, walks up to two tables and asks, '
u'"Can I join you?"'),
u'This is your captor speaking.',
(u'If I find out you\'re lying, I\'ll come back and kill you in your '
u'own kitchen.'),
u'That would be better than losing your teeth',
(u'He\'s the kind of guy who would drink a gallon of gasoline so '
u'that he can p*ss into your campfire.'),
u'I\'m gonna take you to the bank, Senator Trent. To the blood bank!',
u'I missed! I never miss! They must have been smaller than I thought',
u'Nah. I\'m just a cook.',
u'Next thing I know, you\'ll be dating musicians.',
u'Another cold day in hell',
u'Yeah, but I bet you she doesn\'t see these boys in the choir.',
u'You guys think you\'re above the law... well you ain\'t above mine!',
(u'One thought he was invincible... the other thought he could fly... '
u'They were both wrong'),
u'To understand what recursion is, you must first understand recursion']
arg_description = (
u'pshell is the interactive session tool that can be used to'
u'MISSING')
arg_parser = argparse.ArgumentParser(description=arg_description)
arg_parser.add_argument(
'-s', '--storage_file', '--storage-file', dest='storage_file',
type=unicode, default=u'', help=u'Path to a plaso storage file.',
action='store', metavar='PATH')
configuration = arg_parser.parse_args()
if configuration.storage_file:
store = OpenStorageFile(configuration.storage_file)
if store:
namespace.update({'store': store})
functions = [
FindAllOutputs, GetEventData, GetParserNames, GetParserObjects,
OpenOSFile, OpenStorageFile, OpenTskFile, OpenVssFile,
ParseFile, Pfile2File,
PrintTimestamp, PrintTimestampFromEvent]
functions_strings = []
for function in functions:
docstring, _, _ = function.__doc__.partition(u'\n')
docstring = u'\t{0:s} - {1:s}'.format(function.__name__, docstring)
functions_strings.append(docstring)
functions_strings = u'\n'.join(functions_strings)
banner = (
u'--------------------------------------------------------------\n'
u' Welcome to Plaso console - home of the Plaso adventure land.\n'
u'--------------------------------------------------------------\n'
u'This is the place where everything is allowed, as long as it is '
u'written in Python.\n\n'
u'Objects available:\n\toptions - set of options to the frontend.\n'
u'\tfrontend - A copy of the pshell frontend.\n'
u'\n'
u'All libraries have been imported and can be used, see help(frontend) '
u'or help(parser).\n'
u'\n'
u'Base methods:\n'
u'{0:s}'
u'\n\tmessage - Print message strings from an event object.'
u'\n'
u'\n'
u'p.s. typing in "pdb" and pressing enter puts the shell in debug'
u'mode which causes all exceptions being sent to pdb.\n'
u'Happy command line console fu-ing.\n\n').format(functions_strings)
exit_message = u'You are now leaving the winter wonderland.\n\n{}'.format(
random.choice(_my_random_phrases))
shell_config = Config()
# Make slight adjustments to the iPython prompt.
shell_config.PromptManager.out_template = (
r'{color.Normal}[{color.Red}\#{color.Normal}]<<< ')
shell_config.PromptManager.in_template = (
r'[{color.LightBlue}\T{color.Normal}] {color.LightPurple}\Y2\n'
r'{color.Normal}[{color.Red}\#{color.Normal}] \$ ')
shell_config.PromptManager.in2_template = r'.\D.>>>'
ipshell = InteractiveShellEmbed(
user_ns=namespace, config=shell_config, banner1=banner,
exit_msg=exit_message)
ipshell.confirm_exit = False
# Set autocall to two, making parenthesis not necessary when calling
# function names (although they can be used and are necessary sometimes,
# like in variable assignments, etc).
ipshell.autocall = 2
ipshell()
return True
def Main():
"""Start the tool."""
temp_location = tempfile.gettempdir()
options = frontend.Options()
# Set the default options.
options.buffer_size = 0
options.debug = False
options.filename = '.'
options.file_filter = ''
options.filter = ''
options.image = False
options.image_offset = None
options.image_offset_bytes = None
options.old_preprocess = False
options.output = os.path.join(temp_location, 'wheredidmytimelinego.dump')
options.output_module = ''
options.parsers = ''
options.parse_vss = False
options.preprocess = False
options.recursive = False
options.scan_archives = False
options.single_process = False
options.timezone = 'UTC'
options.workers = 5
format_str = '[%(levelname)s] (%(processName)-10s) %(message)s'
logging.basicConfig(format=format_str)
front_end = pshell.PshellFrontend()
try:
front_end.ParseOptions(options, source_option='filename')
front_end.SetStorageFile(options.output)
except errors.BadConfigOption as exception:
logging.error(u'{0:s}'.format(exception))
# TODO: move to frontend object.
if options.image and options.image_offset_bytes is None:
if options.image_offset is not None:
bytes_per_sector = getattr(options, 'bytes_per_sector', 512)
options.image_offset_bytes = options.image_offset * bytes_per_sector
else:
options.image_offset_bytes = 0
namespace = {}
pre_obj = event.PreprocessObject()
namespace.update(globals())
namespace.update({
'frontend': front_end,
'pre_obj': pre_obj,
'options': options,
'find_all_output': FindAllOutputs,
'parse_file': ParseFile,
'timestamp_from_event': PrintTimestampFromEvent,
'message': GetMessageStringsForEventObject
})
# Include few random phrases that get thrown in once the user exists the
# shell.
_my_random_phrases = [
u'I haven\'t seen timelines like this since yesterday.',
u'Timelining is super relaxing.',
u'Why did I not use the shell before?', u'I like a do da cha cha',
u'I AM the Shogun of Harlem!',
(u'It doesn\'t matter if you win or lose, it\'s what you do with your '
u'dancin\' shoes'),
u'I have not had a night like that since the seventies.',
u'Baker Team. They\'re all dead, sir.',
(u'I could have killed \'em all, I could\'ve killed you. In town '
u'you\'re the law, out here it\'s me.'),
(u'Are you telling me that 200 of our men against your boy is a no-win '
u'situation for us?'),
u'Hunting? We ain\'t huntin\' him, he\'s huntin\' us!',
u'You picked the wrong man to push',
u'Live for nothing or die for something',
u'I am the Fred Astaire of karate.',
(u'God gave me a great body and it\'s my duty to take care of my '
u'physical temple.'),
u'This maniac should be wearing a number, not a badge',
u'Imagination is more important than knowledge.',
u'Do you hate being dead?', u'You\'ve got 5 seconds... and 3 are up.',
u'He is in a gunfight right now. I\'m gonna have to take a message',
u'That would be better than losing your teeth',
u'The less you know, the more you make',
(u'A SQL query goes into a bar, walks up to two tables and asks, '
u'"Can I join you?"'), u'This is your captor speaking.',
(u'If I find out you\'re lying, I\'ll come back and kill you in your '
u'own kitchen.'), u'That would be better than losing your teeth',
(u'He\'s the kind of guy who would drink a gallon of gasoline so '
u'that he can p*ss into your campfire.'),
u'I\'m gonna take you to the bank, Senator Trent. To the blood bank!',
u'I missed! I never miss! They must have been smaller than I thought',
u'Nah. I\'m just a cook.',
u'Next thing I know, you\'ll be dating musicians.',
u'Another cold day in hell',
u'Yeah, but I bet you she doesn\'t see these boys in the choir.',
u'You guys think you\'re above the law... well you ain\'t above mine!',
(u'One thought he was invincible... the other thought he could fly... '
u'They were both wrong'),
u'To understand what recursion is, you must first understand recursion'
]
arg_description = (
u'pshell is the interactive session tool that can be used to'
u'MISSING')
arg_parser = argparse.ArgumentParser(description=arg_description)
arg_parser.add_argument('-s',
'--storage_file',
'--storage-file',
dest='storage_file',
type=unicode,
default=u'',
help=u'Path to a plaso storage file.',
action='store',
metavar='PATH')
configuration = arg_parser.parse_args()
if configuration.storage_file:
store = OpenStorageFile(configuration.storage_file)
if store:
namespace.update({'store': store})
functions = [
FindAllOutputs, GetEventData, GetParserNames, GetParserObjects,
OpenOSFile, OpenStorageFile, OpenTskFile, OpenVssFile, ParseFile,
Pfile2File, PrintTimestamp, PrintTimestampFromEvent
]
functions_strings = []
for function in functions:
docstring, _, _ = function.__doc__.partition(u'\n')
docstring = u'\t{0:s} - {1:s}'.format(function.__name__, docstring)
functions_strings.append(docstring)
functions_strings = u'\n'.join(functions_strings)
banner = (
u'--------------------------------------------------------------\n'
u' Welcome to Plaso console - home of the Plaso adventure land.\n'
u'--------------------------------------------------------------\n'
u'This is the place where everything is allowed, as long as it is '
u'written in Python.\n\n'
u'Objects available:\n\toptions - set of options to the frontend.\n'
u'\tfrontend - A copy of the pshell frontend.\n'
u'\n'
u'All libraries have been imported and can be used, see help(frontend) '
u'or help(parser).\n'
u'\n'
u'Base methods:\n'
u'{0:s}'
u'\n\tmessage - Print message strings from an event object.'
u'\n'
u'\n'
u'p.s. typing in "pdb" and pressing enter puts the shell in debug'
u'mode which causes all exceptions being sent to pdb.\n'
u'Happy command line console fu-ing.\n\n').format(functions_strings)
exit_message = u'You are now leaving the winter wonderland.\n\n{}'.format(
random.choice(_my_random_phrases))
shell_config = Config()
# Make slight adjustments to the iPython prompt.
shell_config.PromptManager.out_template = (
r'{color.Normal}[{color.Red}\#{color.Normal}]<<< ')
shell_config.PromptManager.in_template = (
r'[{color.LightBlue}\T{color.Normal}] {color.LightPurple}\Y2\n'
r'{color.Normal}[{color.Red}\#{color.Normal}] \$ ')
shell_config.PromptManager.in2_template = r'.\D.>>>'
ipshell = InteractiveShellEmbed(user_ns=namespace,
config=shell_config,
banner1=banner,
exit_msg=exit_message)
ipshell.confirm_exit = False
# Set autocall to two, making parenthesis not necessary when calling
# function names (although they can be used and are necessary sometimes,
# like in variable assignments, etc).
ipshell.autocall = 2
ipshell()
return True
def Run(self):
"""Runs the interactive console."""
source_type = self.preg_tool.source_type
if source_type == dfvfs_definitions.SOURCE_TYPE_FILE:
registry_file_types = []
elif self.preg_tool.registry_file:
registry_file_types = [self.preg_tool.registry_file]
else:
# No Registry type specified use all available types instead.
registry_file_types = self.preg_tool.GetRegistryTypes()
registry_helpers = self.preg_tool.GetRegistryHelpers(
self.preg_tool.artifacts_registry,
plugin_names=self.preg_tool.plugin_names,
registry_file_types=registry_file_types)
for registry_helper in registry_helpers:
self.AddRegistryHelper(registry_helper)
# Adding variables in scope.
namespace = {}
namespace.update(globals())
namespace.update({
'console': self,
'get_current_key': self._CommandGetCurrentKey,
'get_key': self._CommandGetCurrentKey,
'get_value': self._CommandGetValue,
'get_value_data': self._CommandGetValueData,
'tool': self.preg_tool
})
ipshell_config = self.GetConfig()
if len(self._registry_helpers) == 1:
self.LoadRegistryFile(0)
registry_helper = self._currently_registry_helper
if registry_helper:
registry_file_path = registry_helper.name
else:
registry_file_path = 'NO HIVE LOADED'
self.SetPrompt(registry_file_path=registry_file_path,
configuration=ipshell_config)
# Starting the shell.
ipshell = InteractiveShellEmbed(user_ns=namespace,
config=ipshell_config,
banner1='',
exit_msg='')
ipshell.confirm_exit = False
self.PrintBanner()
# Adding "magic" functions.
ipshell.register_magics(PregMagics)
PregMagics.console = self
# Set autocall to two, making parenthesis not necessary when calling
# function names (although they can be used and are necessary sometimes,
# like in variable assignments, etc).
ipshell.autocall = 2
# Registering command completion for the magic commands.
ipshell.set_hook('complete_command', CommandCompleterCd, str_key='%cd')
ipshell.set_hook('complete_command',
CommandCompleterVerbose,
str_key='%ls')
ipshell.set_hook('complete_command',
CommandCompleterVerbose,
str_key='%parse')
ipshell.set_hook('complete_command',
CommandCompleterPlugins,
str_key='%plugin')
ipshell()
def RunModeConsole(front_end, options):
"""Open up an iPython console.
Args:
options: the command line arguments (instance of argparse.Namespace).
"""
namespace = {}
function_name_length = 23
banners = []
banners.append(frontend_utils.FormatHeader(
u'Welcome to PREG - home of the Plaso Windows Registry Parsing.'))
banners.append(u'')
banners.append(u'Some of the commands that are available for use are:')
banners.append(u'')
banners.append(frontend_utils.FormatOutputString(
u'cd key', u'Navigate the Registry like a directory structure.',
function_name_length))
banners.append(frontend_utils.FormatOutputString(
u'ls [-v]', (
u'List all subkeys and values of a Registry key. If called as '
u'ls True then values of keys will be included in the output.'),
function_name_length))
banners.append(frontend_utils.FormatOutputString(
u'parse -[v]', u'Parse the current key using all plugins.',
function_name_length))
banners.append(frontend_utils.FormatOutputString(
u'pwd', u'Print the working "directory" or the path of the current key.',
function_name_length))
banners.append(frontend_utils.FormatOutputString(
u'plugin [-h] plugin_name', (
u'Run a particular key-based plugin on the loaded hive. The correct '
u'Registry key will be loaded, opened and then parsed.'),
function_name_length))
banners.append(frontend_utils.FormatOutputString(
u'get_value value_name', (
u'Get a value from the currently loaded Registry key.')))
banners.append(frontend_utils.FormatOutputString(
u'get_value_data value_name', (
u'Get a value data from a value stored in the currently loaded '
u'Registry key.')))
banners.append(frontend_utils.FormatOutputString(
u'get_key', u'Return the currently loaded Registry key.'))
banners.append(u'')
# Build the global cache and prepare the tool.
hive_storage = preg.PregStorage()
shell_helper = preg.PregHelper(options, front_end, hive_storage)
parser_mediator = shell_helper.BuildParserMediator()
preg.PregCache.parser_mediator = parser_mediator
preg.PregCache.shell_helper = shell_helper
preg.PregCache.hive_storage = hive_storage
registry_types = getattr(options, 'regfile', None)
if isinstance(registry_types, basestring):
registry_types = registry_types.split(u',')
if not registry_types:
registry_types = [
'NTUSER', 'USRCLASS', 'SOFTWARE', 'SYSTEM', 'SAM', 'SECURITY']
preg.PregCache.shell_helper.Scan(registry_types)
if len(preg.PregCache.hive_storage) == 1:
preg.PregCache.hive_storage.SetOpenHive(0)
hive_helper = preg.PregCache.hive_storage.loaded_hive
banners.append(
u'Opening hive: {0:s} [{1:s}]'.format(
hive_helper.path, hive_helper.collector_name))
ConsoleConfig.SetPrompt(hive_path=hive_helper.path)
loaded_hive = preg.PregCache.hive_storage.loaded_hive
if loaded_hive and loaded_hive.name != u'N/A':
banners.append(
u'Registry hive: {0:s} is available and loaded.'.format(
loaded_hive.name))
else:
banners.append(u'More than one Registry file ready for use.')
banners.append(u'')
banners.append(preg.PregCache.hive_storage.ListHives())
banners.append(u'')
banners.append((
u'Use "hive open INDEX" to load a hive and "hive list" to see a '
u'list of available hives.'))
banners.append(u'')
banners.append(u'Happy command line console fu-ing.')
# Adding variables in scope.
namespace.update(globals())
namespace.update({
'get_current_key': GetCurrentKey,
'get_key': GetCurrentKey,
'get_value': GetValue,
'get_value_data': GetValueData,
'number_of_hives': GetTotalNumberOfLoadedHives,
'range_of_hives': GetRangeForAllLoadedHives,
'options': options})
ipshell_config = ConsoleConfig.GetConfig()
if loaded_hive:
ConsoleConfig.SetPrompt(
hive_path=loaded_hive.name, config=ipshell_config)
else:
ConsoleConfig.SetPrompt(hive_path=u'NO HIVE LOADED', config=ipshell_config)
# Starting the shell.
ipshell = InteractiveShellEmbed(
user_ns=namespace, config=ipshell_config, banner1=u'\n'.join(banners),
exit_msg='')
ipshell.confirm_exit = False
# Adding "magic" functions.
ipshell.register_magics(MyMagics)
# Set autocall to two, making parenthesis not necessary when calling
# function names (although they can be used and are necessary sometimes,
# like in variable assignments, etc).
ipshell.autocall = 2
# Registering command completion for the magic commands.
ipshell.set_hook('complete_command', CdCompleter, str_key='%cd')
ipshell.set_hook('complete_command', VerboseCompleter, str_key='%ls')
ipshell.set_hook('complete_command', VerboseCompleter, str_key='%parse')
ipshell.set_hook('complete_command', PluginCompleter, str_key='%plugin')
ipshell()
def main():
my_parser = argparse.ArgumentParser()
my_parser.add_argument("-q",
dest="quiet",
default=False,
action="store_true",
help="be quiet [%(default)s]")
my_parser.add_argument("--logger",
type=str,
default="stdout",
choices=["stdout", "logserver"],
help="choose logging facility [%(default)s]")
my_parser.add_argument(
"--logall",
default=False,
action="store_true",
help="log all (no just warning / error), [%(default)s]")
my_parser.add_argument("args",
nargs=argparse.REMAINDER,
help="commands to execute")
opts = my_parser.parse_args()
if opts.args:
opts.quiet = True
if not opts.quiet:
print("Starting ICSW shell ... ", end="", flush=True)
os.environ.setdefault("DJANGO_SETTINGS_MODULE", "initat.cluster.settings")
try:
import django
if not opts.quiet:
print("django.setup() ... ", end="", flush=True)
django.setup()
except:
django = None
else:
from initat.cluster.backbone import db_tools
try:
if not db_tools.is_reachable():
django = None
except:
# when installing a newer icsw-client package on a machine with an old icsw-server package
django = None
from initat.icsw.magics import icsw_magics
# First import the embeddable shell class
from IPython.terminal.prompts import Prompts, Token
from IPython.terminal.embed import InteractiveShellEmbed
# Now create an instance of the embeddable shell. The first argument is a
# string with options exactly as you would type them if you were starting
# IPython at the system command line. Any parameters you want to define for
# configuration can thus be specified here.
ipshell = InteractiveShellEmbed(header="X", user_ns={"django": django})
class ICSWPrompt(Prompts):
def in_prompt_tokens(self, cli=None):
return [
(Token, "[CORVUS]"),
(Token.Prompt, ">"),
]
ipshell.prompts = ICSWPrompt(ipshell)
ipshell.mouse_support = True
ipshell.confirm_exit = False
ipshell.autocall = 2
# no banner
ipshell.banner1 = ""
ipshell.set_hook('complete_command',
icsw_magics.apt_completers,
str_key='icsw')
if False:
class st2(object):
def __dir__(self):
return ["bla", "blo"]
def abc(self, var):
print("*", var)
def _ipython_key_completions_(self):
return ["x", "y"]
def bla(self):
return "bla"
def __call__(self, *args):
return "C", args
xicsw = st2()
def stest(sthg):
print("stest:", sthg)
ipshell.register_magics(
icsw_magics.ICSWMagics(ipshell, True if django else False))
if opts.args:
if "--" in opts.args:
opts.args.remove("--")
_args = ["icsw"]
if opts.logall:
_args.append("--logall")
_args.append("--logger")
_args.append(opts.logger)
r = ipshell.run_cell(" ".join(_args + opts.args), silent=True)
sys.exit(r.result)
else:
if not opts.quiet:
print("done")
from initat.cluster.backbone.models import device, device_group
ipshell(header="Starting icsw", )
def RunModeConsole(front_end, options):
"""Open up an iPython console.
Args:
options: the command line arguments (instance of argparse.Namespace).
"""
namespace = {}
function_name_length = 23
banners = []
banners.append(
frontend_utils.FormatHeader(
u'Welcome to PREG - home of the Plaso Windows Registry Parsing.'))
banners.append(u'')
banners.append(u'Some of the commands that are available for use are:')
banners.append(u'')
banners.append(
frontend_utils.FormatOutputString(
u'cd key', u'Navigate the Registry like a directory structure.',
function_name_length))
banners.append(
frontend_utils.FormatOutputString(
u'ls [-v]',
(u'List all subkeys and values of a Registry key. If called as '
u'ls True then values of keys will be included in the output.'),
function_name_length))
banners.append(
frontend_utils.FormatOutputString(
u'parse -[v]', u'Parse the current key using all plugins.',
function_name_length))
banners.append(
frontend_utils.FormatOutputString(
u'pwd',
u'Print the working "directory" or the path of the current key.',
function_name_length))
banners.append(
frontend_utils.FormatOutputString(u'plugin [-h] plugin_name', (
u'Run a particular key-based plugin on the loaded hive. The correct '
u'Registry key will be loaded, opened and then parsed.'),
function_name_length))
banners.append(
frontend_utils.FormatOutputString(
u'get_value value_name',
(u'Get a value from the currently loaded Registry key.')))
banners.append(
frontend_utils.FormatOutputString(
u'get_value_data value_name',
(u'Get a value data from a value stored in the currently loaded '
u'Registry key.')))
banners.append(
frontend_utils.FormatOutputString(
u'get_key', u'Return the currently loaded Registry key.'))
banners.append(u'')
# Build the global cache and prepare the tool.
hive_storage = preg.PregStorage()
shell_helper = preg.PregHelper(options, front_end, hive_storage)
parser_mediator = shell_helper.BuildParserMediator()
preg.PregCache.parser_mediator = parser_mediator
preg.PregCache.shell_helper = shell_helper
preg.PregCache.hive_storage = hive_storage
registry_types = getattr(options, 'regfile', None)
if isinstance(registry_types, basestring):
registry_types = registry_types.split(u',')
if not registry_types:
registry_types = [
'NTUSER', 'USRCLASS', 'SOFTWARE', 'SYSTEM', 'SAM', 'SECURITY'
]
preg.PregCache.shell_helper.Scan(registry_types)
if len(preg.PregCache.hive_storage) == 1:
preg.PregCache.hive_storage.SetOpenHive(0)
hive_helper = preg.PregCache.hive_storage.loaded_hive
banners.append(u'Opening hive: {0:s} [{1:s}]'.format(
hive_helper.path, hive_helper.collector_name))
ConsoleConfig.SetPrompt(hive_path=hive_helper.path)
loaded_hive = preg.PregCache.hive_storage.loaded_hive
if loaded_hive and loaded_hive.name != u'N/A':
banners.append(u'Registry hive: {0:s} is available and loaded.'.format(
loaded_hive.name))
else:
banners.append(u'More than one Registry file ready for use.')
banners.append(u'')
banners.append(preg.PregCache.hive_storage.ListHives())
banners.append(u'')
banners.append(
(u'Use "hive open INDEX" to load a hive and "hive list" to see a '
u'list of available hives.'))
banners.append(u'')
banners.append(u'Happy command line console fu-ing.')
# Adding variables in scope.
namespace.update(globals())
namespace.update({
'get_current_key': GetCurrentKey,
'get_key': GetCurrentKey,
'get_value': GetValue,
'get_value_data': GetValueData,
'number_of_hives': GetTotalNumberOfLoadedHives,
'range_of_hives': GetRangeForAllLoadedHives,
'options': options
})
ipshell_config = ConsoleConfig.GetConfig()
if loaded_hive:
ConsoleConfig.SetPrompt(hive_path=loaded_hive.name,
config=ipshell_config)
else:
ConsoleConfig.SetPrompt(hive_path=u'NO HIVE LOADED',
config=ipshell_config)
# Starting the shell.
ipshell = InteractiveShellEmbed(user_ns=namespace,
config=ipshell_config,
banner1=u'\n'.join(banners),
exit_msg='')
ipshell.confirm_exit = False
# Adding "magic" functions.
ipshell.register_magics(MyMagics)
# Set autocall to two, making parenthesis not necessary when calling
# function names (although they can be used and are necessary sometimes,
# like in variable assignments, etc).
ipshell.autocall = 2
# Registering command completion for the magic commands.
ipshell.set_hook('complete_command', CdCompleter, str_key='%cd')
ipshell.set_hook('complete_command', VerboseCompleter, str_key='%ls')
ipshell.set_hook('complete_command', VerboseCompleter, str_key='%parse')
ipshell.set_hook('complete_command', PluginCompleter, str_key='%plugin')
ipshell()
