def get_requirements( cls) -> List[interfaces.configuration.RequirementInterface]: # Since we're calling the plugin, make sure we have the plugin's requirements return [ requirements.ModuleRequirement( name='kernel', description='Windows kernel', architectures=["Intel32", "Intel64"]), requirements.VersionRequirement(name='pslist', component=pslist.PsList, version=(2, 0, 0)), requirements.VersionRequirement(name='info', component=info.Info, version=(1, 0, 0)), requirements.ListRequirement( name='pid', element_type=int, description= "Process IDs to include (all other processes are excluded)", optional=True), requirements.BooleanRequirement(name='dump', description="Extract listed DLLs", default=False, optional=True) ]
def get_requirements( cls) -> List[interfaces.configuration.RequirementInterface]: return [ requirements.TranslationLayerRequirement( name='primary', description='Memory layer for the kernel', architectures=["Intel32", "Intel64"]), requirements.IntRequirement( name='block_size', description="Size of blocks to copy over", default=cls.default_block_size, optional=True), requirements.BooleanRequirement( name='list', description='List available layers', default=False, optional=True), requirements.ListRequirement( name='layers', element_type=str, description= 'Names of layers to write (defaults to the highest non-mapped layer)', default=None, optional=True) ]
def get_requirements(cls): return [ requirements.ModuleRequirement( name='kernel', description='Windows kernel', architectures=["Intel32", "Intel64"]), requirements.PluginRequirement(name='pslist', plugin=pslist.PsList, version=(2, 0, 0)), requirements.VersionRequirement(name='info', component=info.Info, version=(1, 0, 0)), requirements.ListRequirement( name='pid', element_type=int, description= "Process ID to include (all other processes are excluded)", optional=True), requirements.BooleanRequirement( name='dump', description="Extract listed processes", default=False, optional=True), requirements.BooleanRequirement( name='physical', description="Display physical offset instead of virtual", default=False, optional=True) ]
def get_requirements(cls): # Since we're calling the plugin, make sure we have the plugin's requirements return [ requirements.TranslationLayerRequirement( name='primary', description='Memory layer for the kernel', architectures=["Intel32", "Intel64"]), requirements.SymbolTableRequirement( name="nt_symbols", description="Windows kernel symbols"), requirements.ListRequirement( name='pid', element_type=int, description= "Process IDs to include (all other processes are excluded)", optional=True), requirements.BooleanRequirement( name='dump', description="Extract injected VADs", default=False, optional=True), requirements.VersionRequirement(name='pslist', component=pslist.PsList, version=(2, 0, 0)), requirements.VersionRequirement(name='vadinfo', component=vadinfo.VadInfo, version=(2, 0, 0)) ]
def get_requirements( cls) -> List[interfaces.configuration.RequirementInterface]: # Since we're calling the plugin, make sure we have the plugin's requirements return [requirements.ModuleRequirement(name = 'kernel', description = 'Windows kernel', architectures = ["Intel32", "Intel64"]), # TODO: Convert this to a ListRequirement so that people can filter on sets of ranges requirements.IntRequirement(name = 'address', description = "Process virtual memory address to include " \ "(all other address ranges are excluded). This must be " \ "a base address, not an address within the desired range.", optional = True), requirements.ListRequirement(name = 'pid', description = 'Filter on specific process IDs', element_type = int, optional = True), requirements.PluginRequirement(name = 'pslist', plugin = pslist.PsList, version = (2, 0, 0)), requirements.BooleanRequirement(name = 'dump', description = "Extract listed memory ranges", default = False, optional = True), requirements.IntRequirement(name = 'maxsize', description = "Maximum size for dumped VAD sections " \ "(all the bigger sections will be ignored)", default = cls.MAXSIZE_DEFAULT, optional = True), ]
def get_requirements(cls): return [ requirements.TranslationLayerRequirement( name='primary', description='Memory layer for the kernel', architectures=["Intel32", "Intel64"]), requirements.SymbolTableRequirement( name="nt_symbols", description="Windows kernel symbols"), requirements.PluginRequirement(name='pslist', plugin=pslist.PsList, version=(2, 0, 0)), requirements.VersionRequirement(name='info', component=info.Info, version=(1, 0, 0)), requirements.ListRequirement( name='pid', element_type=int, description= "Process ID to include (all other processes are excluded)", optional=True), requirements.BooleanRequirement( name='dump', description="Extract listed processes", default=False, optional=True) ]
def get_requirements(cls): return [ requirements.TranslationLayerRequirement( name='primary', description='Memory layer for the kernel', architectures=["Intel32", "Intel64"]), requirements.SymbolTableRequirement( name="nt_symbols", description="Windows kernel symbols"), requirements.BooleanRequirement( name='physical', description='Display physical offsets instead of virtual', default=cls.PHYSICAL_DEFAULT, optional=True), requirements.ListRequirement( name='pid', element_type=int, description= "Process ID to include (all other processes are excluded)", optional=True), requirements.BooleanRequirement( name='dump', description="Extract listed processes", default=False, optional=True) ]
def get_requirements( cls) -> List[interfaces.configuration.RequirementInterface]: return [ requirements.StringRequirement( name='plugins', description="Comma separated list of plugins to run", optional=True, default=None), requirements.BooleanRequirement( name='record-config', description= "Whether to record the state of all the plugins once complete", optional=True, default=False), requirements.ListRequirement( name='plugin-filter', description="Only run plugins featuring this substring", element_type=str, optional=True, default=[]), requirements.BooleanRequirement( name='create-bodyfile', description= "Whether to create a body file whilst producing results", optional=True, default=False) ]
def get_requirements(cls) -> List[interfaces.configuration.RequirementInterface]: return [ requirements.ModuleRequirement(name = 'kernel', description = 'Linux kernel', architectures = ["Intel32", "Intel64"]), requirements.ListRequirement(name = 'pid', description = 'Filter on specific process IDs', element_type = int, optional = True) ]
def get_requirements( cls) -> List[interfaces.configuration.RequirementInterface]: return [ requirements.ListRequirement(name='pages', element_type=int, min_elements=1), requirements.TranslationLayerRequirement(name='base_layer'), requirements.IntRequirement(name='maximum_size') ]
def get_requirements(cls) -> List[interfaces.configuration.RequirementInterface]: return [ requirements.ModuleRequirement(name = 'kernel', description = 'Kernel module for the OS', architectures = ["Intel32", "Intel64"]), requirements.PluginRequirement(name = 'pslist', plugin = pslist.PsList, version = (3, 0, 0)), requirements.ListRequirement(name = 'pid', description = 'Filter on specific process IDs', element_type = int, optional = True) ]
def get_requirements(cls) -> List[interfaces.configuration.RequirementInterface]: return [ requirements.ModuleRequirement(name = 'kernel', description = 'Windows kernel', architectures = ["Intel32", "Intel64"]), requirements.PluginRequirement(name = 'pslist', plugin = pslist.PsList, version = (2, 0, 0)), requirements.ListRequirement(name = 'pid', element_type = int, description = "Process ID to include (all other processes are excluded)", optional = True), requirements.URIRequirement(name = "strings_file", description = "Strings file") ]
def get_requirements(cls) -> List[interfaces.configuration.RequirementInterface]: return [ requirements.ModuleRequirement(name = 'kernel', description = 'Linux kernel', architectures = ["Intel32", "Intel64"]), requirements.PluginRequirement(name = 'pslist', plugin = pslist.PsList, version = (2, 0, 0)), requirements.VersionRequirement(name = 'linuxutils', component = linux.LinuxUtilities, version = (2, 0, 0)), requirements.ListRequirement(name = 'pid', description = 'Filter on specific process IDs', element_type = int, optional = True) ]
def get_requirements(cls) -> List[interfaces.configuration.RequirementInterface]: """Returns the requirements of this plugin.""" return [ requirements.ListRequirement( name = "single_swap_locations", element_type = str, min_elements = 0, max_elements = 16, description = "Specifies a list of swap layer URIs for use with single-location", optional = True) ]
def get_requirements(cls) -> List[interfaces.configuration.RequirementInterface]: # Since we're calling the plugin, make sure we have the plugin's requirements return [ requirements.ModuleRequirement(name = 'kernel', description = 'Windows kernel', architectures = ["Intel32", "Intel64"]), requirements.PluginRequirement(name = 'pslist', plugin = pslist.PsList, version = (2, 0, 0)), requirements.ListRequirement(name = 'pid', element_type = int, description = "Process IDs to include (all other processes are excluded)", optional = True) ]
def get_requirements(cls) -> List[interfaces.configuration.RequirementInterface]: return [ requirements.TranslationLayerRequirement(name = 'primary', description = 'Memory layer for the kernel', architectures = ["Intel32", "Intel64"]), requirements.SymbolTableRequirement(name = "vmlinux", description = "Linux kernel symbols"), requirements.PluginRequirement(name = 'pslist', plugin = pslist.PsList, version = (1, 0, 0)), requirements.ListRequirement(name = 'pid', description = 'Filter on specific process IDs', element_type = int, optional = True) ]
def get_requirements( cls) -> List[interfaces.configuration.RequirementInterface]: # This is not optional for the stacker to run, so optional must be marked as False return [ requirements.URIRequirement( name="single_location", description="Specifies a base location on which to stack", optional=True), requirements.ListRequirement(name="stackers", description="List of stackers", optional=True) ]
def get_requirements(cls): # Since we're calling the plugin, make sure we have the plugin's requirements return [ requirements.TranslationLayerRequirement(name = 'primary', description = 'Memory layer for the kernel', architectures = ["Intel32", "Intel64"]), requirements.SymbolTableRequirement(name = "vmlinux", description = "Linux kernel symbols"), requirements.PluginRequirement(name = 'pslist', plugin = pslist.PsList, version = (1, 0, 0)), requirements.ListRequirement(name = 'pid', description = 'Filter on specific process IDs', element_type = int, optional = True) ]
def get_requirements(cls): return [ requirements.ModuleRequirement(name = 'kernel', description = 'Windows kernel', architectures = ["Intel32", "Intel64"]), requirements.BooleanRequirement(name = 'physical', description = 'Display physical offsets instead of virtual', default = pslist.PsList.PHYSICAL_DEFAULT, optional = True), requirements.VersionRequirement(name = 'pslist', component = pslist.PsList, version = (2, 0, 0)), requirements.ListRequirement(name = 'pid', element_type = int, description = "Process ID to include (all other processes are excluded)", optional = True) ]
def get_requirements(cls): # Since we're calling the plugin, make sure we have the plugin's requirements return [ requirements.ModuleRequirement( name='kernel', description='Linux kernel', architectures=["Intel32", "Intel64"]), requirements.PluginRequirement(name='pslist', plugin=pslist.PsList, version=(2, 0, 0)), requirements.ListRequirement( name='pid', description='Filter on specific process IDs', element_type=int, optional=True) ]
def get_requirements(cls): return [ requirements.ModuleRequirement( name='kernel', description='Windows kernel', architectures=["Intel32", "Intel64"]), requirements.PluginRequirement(name='pslist', plugin=pslist.PsList, version=(2, 0, 0)), requirements.ListRequirement( name='pid', element_type=int, description= "Process IDs to include (all other processes are excluded)", optional=True) ]
def get_requirements(cls) -> List[interfaces.configuration.RequirementInterface]: # Since we're calling the plugin, make sure we have the plugin's requirements return [ requirements.TranslationLayerRequirement(name = 'primary', description = 'Memory layer for the kernel', architectures = ["Intel32", "Intel64"]), requirements.SymbolTableRequirement(name = "nt_symbols", description = "Windows kernel symbols"), requirements.ListRequirement(name = 'pid', description = 'Filter on specific process IDs', element_type = int, optional = True), requirements.BooleanRequirement(name = 'silent', description = 'Suppress common and non-persistent variables', optional = True), requirements.PluginRequirement(name = 'pslist', plugin = pslist.PsList, version = (2, 0, 0)), requirements.PluginRequirement(name = 'hivelist', plugin = hivelist.HiveList, version = (1, 0, 0)) ]
def get_requirements(cls): return [ requirements.ModuleRequirement(name = 'kernel', description = 'Windows kernel', architectures = ["Intel32", "Intel64"]), requirements.BooleanRequirement(name = 'physical', description = 'Display physical offsets instead of virtual', default = cls.PHYSICAL_DEFAULT, optional = True), requirements.ListRequirement(name = 'pid', element_type = int, description = "Process ID to include (all other processes are excluded)", optional = True), requirements.BooleanRequirement(name = 'dump', description = "Extract listed processes", default = False, optional = True) ]
def get_requirements(cls): return [ requirements.TranslationLayerRequirement( name='primary', description='Memory layer for the kernel', architectures=["Intel32", "Intel64"]), requirements.SymbolTableRequirement(name="darwin", description="Mac kernel"), requirements.PluginRequirement(name='pslist', plugin=pslist.PsList, version=(2, 0, 0)), requirements.ListRequirement( name='pid', description='Filter on specific process IDs', element_type=int, optional=True) ]
def get_requirements(cls) -> List[interfaces.configuration.RequirementInterface]: return [ requirements.ModuleRequirement(name = 'kernel', description = 'Linux kernel', architectures = ["Intel32", "Intel64"]), requirements.ListRequirement(name = 'pid', description = 'Filter on specific process IDs', element_type = int, optional = True), requirements.BooleanRequirement(name="threads", description="Include user threads", optional=True, default=False), requirements.BooleanRequirement(name="decorate_comm", description="Show `user threads` comm in curly brackets, and `kernel threads` comm in square brackets", optional=True, default=False), ]
def get_requirements( cls) -> List[interfaces.configuration.RequirementInterface]: return [ requirements.TranslationLayerRequirement( name='primary', description="Memory layer for the kernel", architectures=["Intel32", "Intel64"]), requirements.SymbolTableRequirement( name="nt_symbols", description="Windows kernel symbols"), requirements.BooleanRequirement( name="wide", description="Match wide (unicode) strings", default=False, optional=True), requirements.StringRequirement( name="yara_rules", description="Yara rules (as a string)", optional=True), requirements.URIRequirement(name="yara_file", description="Yara rules (as a file)", optional=True), # This additional requirement is to follow suit with upstream, who feel that compiled rules could potentially be used to execute malicious code # As such, there's a separate option to run compiled files, as happened with yara-3.9 and later requirements.URIRequirement( name="yara_compiled_file", description="Yara compiled rules (as a file)", optional=True), requirements.IntRequirement( name="max_size", default=0x40000000, description="Set the maximum size (default is 1GB)", optional=True), requirements.PluginRequirement(name='pslist', plugin=pslist.PsList, version=(2, 0, 0)), requirements.VersionRequirement(name='yarascanner', component=yarascan.YaraScanner, version=(2, 0, 0)), requirements.ListRequirement( name='pid', element_type=int, description= "Process IDs to include (all other processes are excluded)", optional=True) ]
def get_requirements(cls): return [ requirements.ModuleRequirement( name='kernel', description='Kernel module for the OS', architectures=["Intel32", "Intel64"]), requirements.VersionRequirement(name='macutils', component=mac.MacUtilities, version=(1, 0, 0)), requirements.PluginRequirement(name='pslist', plugin=pslist.PsList, version=(3, 0, 0)), requirements.ListRequirement( name='pid', description='Filter on specific process IDs', element_type=int, optional=True) ]
def get_requirements( cls) -> List[interfaces.configuration.RequirementInterface]: # Since we're calling the plugin, make sure we have the plugin's requirements return [ requirements.TranslationLayerRequirement( name='primary', description='Memory layer for the kernel', architectures=["Intel32", "Intel64"]), requirements.SymbolTableRequirement( name="nt_symbols", description="Windows kernel symbols"), requirements.ListRequirement( name='pid', element_type=int, description= "Process IDs to include (all other processes are excluded)", optional=True), requirements.PluginRequirement(name='pslist', plugin=pslist.PsList, version=(2, 0, 0)) ]
def get_requirements( cls) -> List[interfaces.configuration.RequirementInterface]: return [ requirements.ListRequirement( name='filter', description= 'String that must be present in the file URI to display the ISF', optional=True, default=[]), requirements.URIRequirement( name='isf', description="Specific ISF file to process", default=None, optional=True), requirements.BooleanRequirement( name='validate', description='Validate against schema if possible', default=False, optional=True) ]
def get_requirements(cls): return [ requirements.TranslationLayerRequirement( name='primary', description='Kernel Address Space', architectures=["Intel32", "Intel64"]), requirements.SymbolTableRequirement(name="darwin", description="Mac Kernel"), requirements.PluginRequirement(name='pslist', plugin=pslist.PsList, version=(2, 0, 0)), requirements.VersionRequirement(name='macutils', component=mac.MacUtilities, version=(1, 0, 0)), requirements.ListRequirement( name='pid', description='Filter on specific process IDs', element_type=int, optional=True) ]