def GuessHistoryPaths(self, username):
"""Take a user and return guessed full paths to History files.
Args:
username: Username as string.
Returns:
A list of strings containing paths to look for history files in.
Raises:
OSError: On invalid system in the Schema
"""
client = data_store.REL_DB.ReadClientSnapshot(self.client_id)
system = client.knowledge_base.os
user_info = flow_utils.GetUserInfo(client.knowledge_base, username)
if not user_info:
self.Error("Could not find homedir for user {0}".format(username))
return
paths = []
if system == "Windows":
path = "{app_data}\\Mozilla\\Firefox\\Profiles/"
paths.append(path.format(app_data=user_info.appdata))
elif system == "Linux":
path = "hotexamples_com/.mozilla/firefox/"
paths.append(path.format(homedir=user_info.homedir))
elif system == "Darwin":
path = ("hotexamples_com/Library/Application Support/"
"Firefox/Profiles/")
paths.append(path.format(homedir=user_info.homedir))
else:
raise OSError("Invalid OS for Chrome History")
return paths
def GuessHistoryPaths(self, username):
"""Take a user and return guessed full paths to History files.
Args:
username: Username as string.
Returns:
A list of strings containing paths to look for history files in.
Raises:
OSError: On invalid system in the Schema
"""
fd = aff4.FACTORY.Open(self.client_id, token=self.token)
system = fd.Get(fd.Schema.SYSTEM)
user_info = flow_utils.GetUserInfo(fd, username)
if not user_info:
self.Error("Could not find homedir for user {0}".format(username))
return
paths = []
if system == "Windows":
path = "{app_data}\\Mozilla\\Firefox\\Profiles/"
paths.append(
path.format(app_data=user_info.special_folders.app_data))
elif system == "Linux":
path = "hotexamples_com/.mozilla/firefox/"
paths.append(path.format(homedir=user_info.homedir))
elif system == "Darwin":
path = ("hotexamples_com/Library/Application Support/"
"Firefox/Profiles/")
paths.append(path.format(homedir=user_info.homedir))
else:
raise OSError("Invalid OS for Chrome History")
return paths
def Start(self):
"""Redirect to start on the workers and not in the UI."""
# Figure out which paths we are going to check.
client = aff4.FACTORY.Open(self.client_id, token=self.token)
system = client.Get(client.Schema.SYSTEM)
paths = BROWSER_PATHS.get(system)
self.state.all_paths = []
if self.args.check_chrome:
self.state.all_paths += paths.get("Chrome", [])
if self.args.check_ie:
self.state.all_paths += paths.get("IE", [])
if self.args.check_firefox:
self.state.all_paths += paths.get("Firefox", [])
if not self.state.all_paths:
raise flow.FlowError("Unsupported system %s for CacheGrep" %
system)
self.state.users = []
for user in self.args.grep_users:
user_info = flow_utils.GetUserInfo(client, user)
if not user_info:
raise flow.FlowError("No such user %s" % user)
self.state.users.append(user_info)
self.CallState(next_state="StartRequests")
def GuessHistoryPaths(self, username):
"""Take a user and return guessed full paths to History files.
Args:
username: Username as string.
Returns:
A list of strings containing paths to look for history files in.
Raises:
OSError: On invalid system in the Schema
"""
if data_store.RelationalDBReadEnabled():
client = data_store.REL_DB.ReadClientSnapshot(self.client_id)
system = client.knowledge_base.os
user_info = flow_utils.GetUserInfo(client.knowledge_base, username)
else:
client = aff4.FACTORY.Open(self.client_id, token=self.token)
system = client.Get(client.Schema.SYSTEM)
kb = client.Get(client.Schema.KNOWLEDGE_BASE)
user_info = flow_utils.GetUserInfo(kb, username)
if not user_info:
self.Error("Could not find homedir for user {0}".format(username))
return
paths = []
if system == "Windows":
path = ("{app_data}\\{sw}\\User Data\\Default\\")
for sw_path in ["Google\\Chrome", "Chromium"]:
paths.append(
path.format(app_data=user_info.localappdata, sw=sw_path))
elif system == "Linux":
path = "hotexamples_com/.config/{sw}/Default/"
for sw_path in ["google-chrome", "chromium"]:
paths.append(path.format(homedir=user_info.homedir,
sw=sw_path))
elif system == "Darwin":
path = "hotexamples_com/Library/Application Support/{sw}/Default/"
for sw_path in ["Google/Chrome", "Chromium"]:
paths.append(path.format(homedir=user_info.homedir,
sw=sw_path))
else:
raise OSError("Invalid OS for Chrome History")
return paths
def Start(self):
"""Redirect to start on the workers and not in the UI."""
# Figure out which paths we are going to check.
if data_store.RelationalDBReadEnabled():
client = data_store.REL_DB.ReadClientSnapshot(self.client_id)
kb = client.knowledge_base
system = kb.os
else:
client = aff4.FACTORY.Open(self.client_id, token=self.token)
system = client.Get(client.Schema.SYSTEM)
kb = client.Get(client.Schema.KNOWLEDGE_BASE)
paths = BROWSER_PATHS.get(system)
self.state.all_paths = []
if self.args.check_chrome:
self.state.all_paths += paths.get("Chrome", [])
if self.args.check_ie:
self.state.all_paths += paths.get("IE", [])
if self.args.check_firefox:
self.state.all_paths += paths.get("Firefox", [])
if not self.state.all_paths:
raise flow.FlowError("Unsupported system %s for CacheGrep" %
system)
self.state.users = []
for user in self.args.grep_users:
user_info = flow_utils.GetUserInfo(kb, user)
if not user_info:
raise flow.FlowError("No such user %s" % user)
self.state.users.append(user_info)
usernames = [
"%s\\%s" % (u.userdomain, u.username) for u in self.state.users
]
usernames = [u.lstrip("\\")
for u in usernames] # Strip \\ if no domain.
condition = rdf_file_finder.FileFinderCondition(
condition_type=(
rdf_file_finder.FileFinderCondition.Type.CONTENTS_REGEX_MATCH),
contents_regex_match=rdf_file_finder.
FileFinderContentsRegexMatchCondition(
regex=self.args.data_regex,
mode=rdf_file_finder.FileFinderContentsRegexMatchCondition.
Mode.FIRST_HIT))
for path in self.state.all_paths:
full_paths = flow_utils.InterpolatePath(path, kb, users=usernames)
for full_path in full_paths:
self.CallFlow(
file_finder.FileFinder.__name__,
paths=[os.path.join(full_path, "**5")],
pathtype=self.args.pathtype,
conditions=[condition],
action=rdf_file_finder.FileFinderAction.Download(),
next_state="HandleResults")
