def get_requirements(cls) -> List[interfaces.configuration.RequirementInterface]: return [ requirements.TranslationLayerRequirement(name = 'primary', description = "Memory layer for the kernel", architectures = ["Intel32", "Intel64"]), requirements.BooleanRequirement(name = "insensitive", description = "Makes the search case insensitive", default = False, optional = True), requirements.BooleanRequirement(name = "wide", description = "Match wide (unicode) strings", default = False, optional = True), requirements.StringRequirement(name = "yara_rules", description = "Yara rules (as a string)", optional = True), requirements.URIRequirement(name = "yara_file", description = "Yara rules (as a file)", optional = True), # This additional requirement is to follow suit with upstream, who feel that compiled rules could potentially be used to execute malicious code # As such, there's a separate option to run compiled files, as happened with yara-3.9 and later requirements.URIRequirement(name = "yara_compiled_file", description = "Yara compiled rules (as a file)", optional = True), requirements.IntRequirement(name = "max_size", default = 0x40000000, description = "Set the maximum size (default is 1GB)", optional = True) ]
def get_requirements( cls) -> List[interfaces.configuration.RequirementInterface]: return [ requirements.TranslationLayerRequirement( name='primary', description="Memory layer for the kernel", architectures=["Intel32", "Intel64"]), requirements.SymbolTableRequirement( name="nt_symbols", description="Windows kernel symbols"), requirements.IntRequirement( name="max_size", default=0x40000000, description="Set the maximum size (default is 1GB)", optional=True), requirements.VersionRequirement(name='pslist', component=pslist.PsList, version=(2, 0, 0)), requirements.IntRequirement( name='pid', description= "Process ID to include (all other processes are excluded)", optional=True), requirements.URIRequirement(name="yara_file", description="Yara rules (as a file)", optional=True), requirements.PluginRequirement(name='vadyarascan', plugin=vadyarascan.VadYaraScan, version=(1, 0, 0)), requirements.VersionRequirement(name='vadinfo', component=vadinfo.VadInfo, version=(2, 0, 0)), ]
def get_requirements( cls) -> List[interfaces.configuration.RequirementInterface]: return [ requirements.TranslationLayerRequirement( name='primary', description="Memory layer for the kernel", architectures=["Intel32", "Intel64"]), requirements.BooleanRequirement( name="insensitive", description="Makes the search case insensitive", default=False, optional=True), requirements.BooleanRequirement( name="wide", description="Match wide (unicode) strings", default=False, optional=True), requirements.StringRequirement( name="yara_rules", description="Yara rules (as a string)", optional=True), requirements.URIRequirement(name="yara_file", description="Yara rules (as a file)", optional=True), requirements.IntRequirement( name="max_size", default=0x40000000, description="Set the maximum size (default is 1GB)", optional=True) ]
def get_requirements( cls) -> List[interfaces.configuration.RequirementInterface]: return [ requirements.TranslationLayerRequirement( name='primary', description="Memory layer for the kernel", architectures=["Intel32", "Intel64"]), requirements.SymbolTableRequirement( name="nt_symbols", description="Windows kernel symbols"), requirements.BooleanRequirement( name="wide", description="Match wide (unicode) strings", default=False, optional=True), requirements.StringRequirement( name="yara_rules", description="Yara rules (as a string)", optional=True), requirements.URIRequirement(name="yara_file", description="Yara rules (as a file)", optional=True), # This additional requirement is to follow suit with upstream, who feel that compiled rules could potentially be used to execute malicious code # As such, there's a separate option to run compiled files, as happened with yara-3.9 and later requirements.URIRequirement( name="yara_compiled_file", description="Yara compiled rules (as a file)", optional=True), requirements.IntRequirement( name="max_size", default=0x40000000, description="Set the maximum size (default is 1GB)", optional=True), requirements.PluginRequirement(name='pslist', plugin=pslist.PsList, version=(2, 0, 0)), requirements.VersionRequirement(name='yarascanner', component=yarascan.YaraScanner, version=(2, 0, 0)), requirements.ListRequirement( name='pid', element_type=int, description= "Process IDs to include (all other processes are excluded)", optional=True) ]
def get_requirements(cls) -> List[interfaces.configuration.RequirementInterface]: return [ requirements.ModuleRequirement(name = 'kernel', description = 'Windows kernel', architectures = ["Intel32", "Intel64"]), requirements.PluginRequirement(name = 'pslist', plugin = pslist.PsList, version = (2, 0, 0)), requirements.ListRequirement(name = 'pid', element_type = int, description = "Process ID to include (all other processes are excluded)", optional = True), requirements.URIRequirement(name = "strings_file", description = "Strings file") ]
def get_requirements(cls) -> List[interfaces.configuration.RequirementInterface]: reqs: List[interfaces.configuration.RequirementInterface] = [] if cls == Volshell: reqs = [ requirements.URIRequirement(name = 'script', description = 'File to load and execute at start', default = None, optional = True) ] return reqs + [ requirements.TranslationLayerRequirement(name = 'primary', description = 'Memory layer for the kernel'), ]
def get_requirements( cls) -> List[interfaces.configuration.RequirementInterface]: # This is not optional for the stacker to run, so optional must be marked as False return [ requirements.URIRequirement( name="single_location", description="Specifies a base location on which to stack", optional=True), requirements.ListRequirement(name="stackers", description="List of stackers", optional=True) ]
def get_requirements( cls) -> List[interfaces.configuration.RequirementInterface]: return [ requirements.PluginRequirement(name='pslist', plugin=pslist.PsList, version=(2, 0, 0)), requirements.TranslationLayerRequirement( name='primary', description='Memory layer for the kernel', architectures=["Intel32", "Intel64"]), requirements.SymbolTableRequirement( name="nt_symbols", description="Windows kernel symbols"), requirements.URIRequirement(name="strings_file", description="Strings file") ]
def get_requirements( cls) -> List[interfaces.configuration.RequirementInterface]: return [ requirements.ListRequirement( name='filter', description= 'String that must be present in the file URI to display the ISF', optional=True, default=[]), requirements.URIRequirement( name='isf', description="Specific ISF file to process", default=None, optional=True), requirements.BooleanRequirement( name='validate', description='Validate against schema if possible', default=False, optional=True) ]
def get_requirements( cls) -> List[interfaces.configuration.RequirementInterface]: return [ requirements.PluginRequirement(name='pslist', plugin=pslist.PsList, version=(2, 0, 0)), requirements.TranslationLayerRequirement( name='primary', description='Memory layer for the kernel', architectures=["Intel32", "Intel64"]), requirements.SymbolTableRequirement( name="nt_symbols", description="Windows kernel symbols"), requirements.ListRequirement( name='pid', element_type=int, description= "Process ID to include (all other processes are excluded)", optional=True), requirements.URIRequirement(name="strings_file", description="Strings file") ]
def get_requirements( cls) -> List[interfaces.configuration.RequirementInterface]: return [ requirements.TranslationLayerRequirement( name='primary', description="Memory layer for the kernel", architectures=["Intel32", "Intel64"]), requirements.SymbolTableRequirement( name="nt_symbols", description="Windows kernel symbols"), requirements.BooleanRequirement( name="wide", description="Match wide (unicode) strings", default=False, optional=True), requirements.StringRequirement( name="yara_rules", description="Yara rules (as a string)", optional=True), requirements.URIRequirement(name="yara_file", description="Yara rules (as a file)", optional=True), requirements.IntRequirement( name="max_size", default=0x40000000, description="Set the maximum size (default is 1GB)", optional=True), requirements.PluginRequirement(name='pslist', plugin=pslist.PsList, version=(2, 0, 0)), requirements.VersionRequirement(name='yarascanner', component=yarascan.YaraScanner, version=(2, 0, 0)), requirements.ListRequirement( name='pid', element_type=int, description= "Process IDs to include (all other processes are excluded)", optional=True) ]