def grr_ls_impl(path: Optional[Text] = None, cached: bool = False, path_type: Text = OS) -> pd.DataFrame: """Lists files in the specified directory or the current directory. Args: path: Directory path to ls. cached: If true, use cached filesystem instead of making call to a client. path_type: Path type to use (one of os, tsk, registry). Returns: A sequence of stat entries. Raises: NoClientSelectedError: Client is not selected to perform this operation. """ if _state.client is None: raise NoClientSelectedError() path = _build_absolute_path(path) if path else _state.cur_dir filesystem = _get_filesystem(path_type) if cached: return convert.from_sequence(filesystem.cached.ls(path)) return convert.from_sequence(filesystem.ls(path))
def grr_grep_impl(pattern: Text, path: Text, fixed_strings: bool = False, path_type: Text = OS, hex_string: bool = False) -> pd.DataFrame: """Greps for a given content of a specified file. Args: pattern: Pattern to search for. path: File path to grep. fixed_strings: If true, interpret pattern as a fixed string (literal). path_type: Path type to use (one of os, tsk, registry). hex_string: If true, interpret pattern as a hex-encoded byte string. Returns: A list of buffer references to the matched content. Raises: NoClientSelectedError: Client is not selected to perform this operation. """ if _state.client is None: raise NoClientSelectedError() if hex_string: byte_pattern = binascii.unhexlify(pattern) else: byte_pattern = pattern.encode('utf-8') path = _build_absolute_path(path) filesystem = _get_filesystem(path_type) if fixed_strings: return convert.from_sequence(filesystem.fgrep(path, byte_pattern)) return convert.from_sequence(filesystem.grep(path, byte_pattern))
def grr_fgrep_impl(literal, path, path_type=OS, hex_string=False): """Greps for a given literal content of a specified file. Is the same as running: %grr_grep -F Args: literal: Literal to search for. path: File path to grep. path_type: Path type to use (one of os, tsk, registry). hex_string: If true, interpret pattern as a hex-encoded byte string. Returns: A list of buffer references to the matched content. Raises: NoClientSelectedError: Client is not selected to perform this operation. """ if _state.client is None: raise NoClientSelectedError() if hex_string: byte_literal = binascii.unhexlify(literal) else: byte_literal = literal.encode('utf-8') path = _build_absolute_path(path) filesystem = _get_filesystem(path_type) return convert.from_sequence(filesystem.fgrep(path, byte_literal))
def grr_ls_impl(path=None, cached=False): """Lists files in the specified directory or the current directory. Args: path: Directory path to ls. cached: If true, use cached filesystem instead of making call to a client. Returns: A sequence of stat entries. Raises: NoClientSelectedError: Client is not selected to perform this operation. """ if _state.client is None: raise NoClientSelectedError() path = _build_absolute_path(path) if path else _state.cur_dir if cached: return convert.from_sequence(_state.client.cached.ls(path)) return convert.from_sequence(_state.client.ls(path))
def grr_ps_impl() -> pd.DataFrame: """Lists processes of the selected client. Returns: Sequence of processes. Raises: NoClientSelectedError: Client is not selected to perform this operation. """ if _state.client is None: raise NoClientSelectedError() return convert.from_sequence(_state.client.ps())
def grr_grep_impl(pattern, path, fixed_strings=False): """Greps for a given content of a specified file. Args: pattern: Pattern to search for. path: File path to grep. fixed_strings: If true, interpret pattern as a fixed string (literal). Returns: A list of buffer references to the matched content. Raises: NoClientSelectedError: Client is not selected to perform this operation. """ if _state.client is None: raise NoClientSelectedError() path = _build_absolute_path(path) if fixed_strings: return convert.from_sequence(_state.client.fgrep(path, pattern)) return convert.from_sequence(_state.client.grep(path, pattern))
def grr_collect_impl(artifact: Text) -> pd.DataFrame: """Collects specified artifact. Args: artifact: A name of the artifact to collect. Returns: A list of results that artifact collection yielded. Raises: NoClientSelectedError: Client is not selected to perform this operation. """ if _state.client is None: raise NoClientSelectedError() return convert.from_sequence(_state.client.collect(artifact))
def grr_list_artifacts_impl() -> pd.DataFrame: """Lists all registered GRR artifacts. Returns: A list of artifact descriptors. """ df = convert.from_sequence(grr_colab.list_artifacts()) priority_columns = [ 'artifact.name', 'artifact.doc', 'artifact.supported_os', 'artifact.labels', ] df = convert.reindex_dataframe(df, priority_columns=priority_columns) return df
def grr_yara_impl(signature, pids=None, regex=None): """Scans processes using provided YARA rule. Args: signature: YARA rule to run. pids: List of pids of processes to scan. regex: A regex to match against the process name. Returns: A sequence of YARA matches. Raises: NoClientSelectedError: Client is not selected to perform this operation. """ if _state.client is None: raise NoClientSelectedError() return convert.from_sequence(_state.client.yara(signature, pids, regex))
def grr_stat_impl(path): """Stats the file specified. Accepts glob expressions as a file path. Args: path: File path to stat. Returns: A sequence of stat entries. Raises: NoClientSelectedError: Client is not selected to perform this operation. """ if _state.client is None: raise NoClientSelectedError() path = _build_absolute_path(path) return convert.from_sequence(_state.client.glob(path))
def grr_search_clients_impl( ip: Optional[Text] = None, mac: Optional[Text] = None, host: Optional[Text] = None, user: Optional[Text] = None, version: Optional[Text] = None, labels: Optional[List[Text]] = None) -> pd.DataFrame: """Searches for clients with specified keywords. Args: ip: IP address. mac: MAC address. host: Hostname. user: Username. version: Client version. labels: List of client labels. Returns: List of clients. """ clients = grr_colab.Client.search(ip=ip, mac=mac, host=host, user=user, version=version, labels=labels) clients_data = [_._client.data for _ in clients] # pylint: disable=protected-access df = convert.from_sequence(clients_data) _add_last_seen_column(df) _add_online_status_columns(df) priority_columns = [ 'online.pretty', 'online', 'client_id', 'last_seen_ago', 'last_seen_at.pretty', 'knowledge_base.fqdn', 'os_info.version' ] df = convert.reindex_dataframe(df, priority_columns=priority_columns) if 'last_seen_at' in df.columns: return df.sort_values(by='last_seen_at', ascending=False).reset_index(drop=True) return df
def grr_fgrep_impl(literal, path): """Greps for a given literal content of a specified file. Is the same as running: %grr_grep -F Args: literal: Literal to search for. path: File path to grep. Returns: A list of buffer references to the matched content. Raises: NoClientSelectedError: Client is not selected to perform this operation. """ if _state.client is None: raise NoClientSelectedError() path = _build_absolute_path(path) return convert.from_sequence(_state.client.fgrep(path, literal))
def grr_ifconfig_impl() -> pd.DataFrame: """Lists network interfaces of the selected client. Returns: Sequence of interfaces. Raises: NoClientSelectedError: Client is not selected to perform this operation. """ if _state.client is None: raise NoClientSelectedError() df = convert.from_sequence(_state.client.ifaces) if 'addresses' in df.columns: for i in range(len(df['addresses'])): if isinstance(df['addresses'][i], pd.DataFrame): df['addresses'][i] = _add_pretty_ipaddress_column( df['addresses'][i], 'packed_bytes') df = _add_pretty_mac_column(df, 'mac_address') return df
def grr_stat_impl(path: Text, path_type: Text = OS) -> pd.DataFrame: """Stats the file specified. Accepts glob expressions as a file path. Args: path: File path to stat. path_type: Path type to use (one of os, tsk, registry). Returns: A sequence of stat entries. Raises: NoClientSelectedError: Client is not selected to perform this operation. """ if _state.client is None: raise NoClientSelectedError() path = _build_absolute_path(path) filesystem = _get_filesystem(path_type) return convert.from_sequence(filesystem.glob(path))