def debughook(type, value, tb):
if hasattr(sys, 'ps1') or not sys.stderr.isatty():
# we are in interactive mode or we don't have a tty-like
# device, so we call the default hook
sys.__excepthook__(type, value, tb)
else:
# we are NOT in interactive mode, print the exception...
#traceback.print_exception(type, value, tb)
colorhook(type, value, tb)
frame = tb.tb_next.tb_frame
sh = InteractiveShellEmbed(
banner1=termcolor.colored("Custom Debug IPython Shell:\n", 'red'))
sh.confirm_exit = False
sh.mainloop(local_ns=frame.f_locals, global_ns=frame.f_globals)
def debughook(type, value, tb):
if hasattr(sys, 'ps1') or not sys.stderr.isatty():
# we are in interactive mode or we don't have a tty-like
# device, so we call the default hook
sys.__excepthook__(type, value, tb)
else:
# we are NOT in interactive mode, print the exception...
#traceback.print_exception(type, value, tb)
colorhook(type, value, tb)
frame = tb.tb_next.tb_frame
sh = InteractiveShellEmbed(
banner1=termcolor.colored(
"Custom Debug IPython Shell:\n", 'red'))
sh.confirm_exit = False
sh.mainloop(local_ns=frame.f_locals, global_ns=frame.f_globals)
def RunModeConsole(front_end, options):
"""Open up an iPython console.
Args:
options: the command line arguments (instance of argparse.Namespace).
"""
namespace = {}
hives, hive_collectors = front_end.GetHivesAndCollectors(options)
function_name_length = 23
banners = []
banners.append(frontend_utils.FormatHeader(
'Welcome to PREG - home of the Plaso Windows Registry Parsing.'))
banners.append('')
banners.append('Some of the commands that are available for use are:')
banners.append('')
banners.append(frontend_utils.FormatOutputString(
'cd key', 'Navigate the Registry like a directory structure.',
function_name_length))
banners.append(frontend_utils.FormatOutputString(
'ls [-v]', (
'List all subkeys and values of a Registry key. If called as '
'ls True then values of keys will be included in the output.'),
function_name_length))
banners.append(frontend_utils.FormatOutputString(
'parse -[v]', 'Parse the current key using all plugins.',
function_name_length))
banners.append(frontend_utils.FormatOutputString(
'pwd', 'Print the working "directory" or the path of the current key.',
function_name_length))
banners.append(frontend_utils.FormatOutputString(
'plugin [-h] plugin_name', (
'Run a particular key-based plugin on the loaded hive. The correct '
'Registry key will be loaded, opened and then parsed.'),
function_name_length))
banners.append('')
if len(hives) == 1:
hive = hives[0]
hives = []
else:
hive = None
if len(hive_collectors) == 1:
hive_collector = hive_collectors[0][1]
hive_collectors = []
else:
hive_collector = None
if hive and not hive_collectors:
OpenHive(hive, hive_collector)
if RegCache.hive and RegCache.GetHiveName() != 'N/A':
banners.append(
u'Registry hive: {0:s} is available and loaded.'.format(
RegCache.GetHiveName()))
elif hives:
banners.append('More than one Registry file ready for use.')
banners.append('')
banners.append('Registry files discovered:')
for number, hive in enumerate(hives):
banners.append(' - {0:d} {1:s}'.format(number, hive.location))
banners.append('')
banners.append('To load a hive use:')
text = 'OpenHive(hives[NR], collector)'
if hive_collectors:
banners.append('')
banners.append((
'There is more than one collector available. To use any of them '
'instead of the attribute "collector" in the OpenHive '
'function use the collectors attribute.\nThe available collectors '
'are:'))
counter = 0
for name, _ in hive_collectors:
if not name:
name = 'Current Value'
banners.append(' {0:d} = {1:s}'.format(counter, name))
counter += 1
banners.append(
'To use the collector use:\ncollector = collectors[NR][1]\nwhere '
'NR is the number as listed above.')
else:
banners.append(frontend_utils.FormatOutputString(text, (
'Collector is an available attribute and NR is a number ranging'
' from 0 to {0:d} (see above which files these numbers belong to).'
' To get the name of the loaded hive use RegCache.GetHiveName()'
' and RegCache.hive_type to get the '
'type.').format(len(hives) + 1), len(text)))
else:
# We have a single hive but many collectors.
banners.append(
'There is more than one collector available for the hive that was '
'discovered. To open up a hive use:\nOpenHive(hive, collectors[NR][1])'
'\nWhere NR is one of the following values:')
counter = 0
for name, _ in hive_collectors:
if not name:
name = 'Current Value'
banners.append(' {0:d} = {1:s}'.format(counter, name))
counter += 1
banners.append('')
banners.append('Happy command line console fu-ing.')
# Adding variables in scope.
namespace.update(globals())
namespace.update({
'hives': hives,
'hive': hive,
'collector': hive_collector,
'collectors': hive_collectors})
# Starting the shell.
ipshell = InteractiveShellEmbed(
user_ns=namespace, banner1=u'\n'.join(banners), exit_msg='')
ipshell.confirm_exit = False
# Adding "magic" functions.
ipshell.register_magics(MyMagics)
# Registering command completion for the magic commands.
ipshell.set_hook('complete_command', CdCompleter, str_key='%cd')
ipshell.set_hook('complete_command', VerboseCompleter, str_key='%ls')
ipshell.set_hook('complete_command', VerboseCompleter, str_key='%parse')
ipshell.set_hook('complete_command', PluginCompleter, str_key='%plugin')
ipshell()
def Main():
"""Start the tool."""
usage = (
u'Run this tool against a single file to see how many events are '
u'extracted from it and which parsers recognize it.')
arg_parser = argparse.ArgumentParser(description=usage)
format_str = '[%(levelname)s] %(message)s'
logging.basicConfig(level=logging.INFO, format=format_str)
arg_parser.add_argument(
'-v', '--verbose', dest='verbose', action='store_true', default=False,
help=(
'Be extra verbose in the information printed out (include full '
'stats).'))
arg_parser.add_argument(
'-c', '--console', dest='console', action='store_true',
default=False, help='After processing drop to an interactive shell.')
arg_parser.add_argument(
'-p', '--parsers', dest='parsers', action='store', default='', type=str,
help='A list of parsers to include (see log2timeline documentation).')
arg_parser.add_argument(
'--proto', dest='proto_file', action='store', default='', type=unicode,
metavar='PROTO_FILE', help=(
'A file containing an ASCII PathSpec protobuf describing how to '
'open up the file for parsing.'))
arg_parser.add_argument(
'-s', '--storage', dest='storage', action='store', type=unicode,
metavar='PSORT_PARAMETER', default='', help=(
'Run the profiler against a storage file, with the parameters '
'provided with this option, eg: "-q -w /dev/null". The storage '
'file has to be passed in as the FILE_TO_PARSE argument to the '
'tool and filters are also optional. This is equivilant to calling '
'psort.py STORAGE_PARAMETER FILE_TO_PARSE [FILTER]. Where the '
'storage parameters are the ones defined with this parameter.'))
# TODO: Add the option of dropping into a python shell that contains the
# stats attribute and others, just print out basic information and do the
# profiling, then drop into a ipython shell that allows you to work with
# the stats object.
arg_parser.add_argument(
'file_to_parse', nargs='?', action='store', metavar='FILE_TO_PARSE',
default=None, help='A path to the file that is to be parsed.')
arg_parser.add_argument(
'filter', action='store', metavar='FILTER', nargs='?', default=None,
help=('A filter that can be used to filter the dataset before it '
'is written into storage. More information about the filters'
' and it\'s usage can be found here: http://plaso.kiddaland.'
'net/usage/filters'))
options = arg_parser.parse_args()
if not (options.file_to_parse or options.proto_file):
arg_parser.print_help()
print ''
arg_parser.print_usage()
print ''
logging.error('Not able to run without a file to process.')
return False
if options.file_to_parse and not os.path.isfile(options.file_to_parse):
logging.error(u'File [{0:s}] needs to exist.'.format(options.file_to_parse))
return False
PrintHeader(options)
# Stats attribute used for console sesssions.
# pylint: disable=unused-variable
if options.storage:
stats = ProcessStorage(options)
else:
stats = ProcessFile(options)
if options.console:
ipshell = InteractiveShellEmbed()
ipshell.confirm_exit = False
ipshell()
return True
def Main():
"""Start the tool."""
temp_location = tempfile.gettempdir()
options = putils.Options()
# Set the default options.
options.buffer_size = 0
options.debug = False
options.filename = '.'
options.file_filter = ''
options.filter = ''
options.image = False
options.image_offset = None
options.image_offset_bytes = None
options.old_preprocess = False
options.open_files = False
options.output = os.path.join(temp_location, 'wheredidmytimelinego.dump')
options.output_module = ''
options.parsers = ''
options.parse_vss = False
options.preprocess = False
options.recursive = False
options.single_process = False
options.timezone = 'UTC'
options.workers = 5
format_str = '[%(levelname)s] (%(processName)-10s) %(message)s'
logging.basicConfig(format=format_str)
front_end = PshellFrontend()
try:
front_end.ParseOptions(options, source_option='filename')
front_end.SetStorageFile(options.output)
except errors.BadConfigOption as exception:
logging.error(u'{0:s}'.format(exception))
# TODO: move to frontend object.
if options.image and options.image_offset_bytes is None:
if options.image_offset is not None:
bytes_per_sector = getattr(options, 'bytes_per_sector', 512)
options.image_offset_bytes = options.image_offset * bytes_per_sector
else:
options.image_offset_bytes = 0
namespace = {}
pre_obj = event.PreprocessObject()
namespace.update(globals())
namespace.update({
'frontend': front_end,
'pre_obj': pre_obj,
'options': options,
'find_all_output': FindAllOutputs,
'parse_file': ParseFile,
'timestamp_from_event': PrintTimestampFromEvent,
'message': formatters.manager.EventFormatterManager.GetMessageStrings})
# Include few random phrases that get thrown in once the user exists the
# shell.
_my_random_phrases = [
u'I haven\'t seen timelines like this since yesterday.',
u'Timelining is super relaxing.',
u'Why did I not use the shell before?',
u'I like a do da cha cha',
u'I AM the Shogun of Harlem!',
(u'It doesn\'t matter if you win or lose, it\'s what you do with your '
u'dancin\' shoes'),
u'I have not had a night like that since the seventies.',
u'Baker Team. They\'re all dead, sir.',
(u'I could have killed \'em all, I could\'ve killed you. In town '
u'you\'re the law, out here it\'s me.'),
(u'Are you telling me that 200 of our men against your boy is a no-win '
u'situation for us?'),
u'Hunting? We ain\'t huntin\' him, he\'s huntin\' us!',
u'You picked the wrong man to push',
u'Live for nothing or die for something',
u'I am the Fred Astaire of karate.',
(u'God gave me a great body and it\'s my duty to take care of my '
u'physical temple.'),
u'This maniac should be wearing a number, not a badge',
u'Imagination is more important than knowledge.',
u'Do you hate being dead?',
u'You\'ve got 5 seconds... and 3 are up.',
u'He is in a gunfight right now. I\'m gonna have to take a message',
u'That would be better than losing your teeth',
u'The less you know, the more you make',
(u'A SQL query goes into a bar, walks up to two tables and asks, '
u'"Can I join you?"'),
u'This is your captor speaking.',
(u'If I find out you\'re lying, I\'ll come back and kill you in your '
u'own kitchen.'),
u'That would be better than losing your teeth',
(u'He\'s the kind of guy who would drink a gallon of gasoline so '
u'that he can p*ss into your campfire.'),
u'I\'m gonna take you to the bank, Senator Trent. To the blood bank!',
u'I missed! I never miss! They must have been smaller than I thought',
u'Nah. I\'m just a cook.',
u'Next thing I know, you\'ll be dating musicians.',
u'Another cold day in hell',
u'Yeah, but I bet you she doesn\'t see these boys in the choir.',
u'You guys think you\'re above the law... well you ain\'t above mine!',
(u'One thought he was invincible... the other thought he could fly... '
u'They were both wrong'),
u'To understand what recursion is, you must first understand recursion']
arg_description = (
u'pshell is the interactive session tool that can be used to'
u'MISSING')
arg_parser = argparse.ArgumentParser(description=arg_description)
arg_parser.add_argument(
'-s', '--storage_file', '--storage-file', dest='storage_file',
type=unicode, default=u'', help=u'Path to a plaso storage file.',
action='store', metavar='PATH')
configuration = arg_parser.parse_args()
if configuration.storage_file:
store = OpenStorageFile(configuration.storage_file)
if store:
namespace.update({'store': store})
functions = [
FindAllOutputs, GetEventData, GetParserNames, GetParserObjects,
OpenOSFile, OpenStorageFile, OpenTskFile, OpenVssFile,
ParseFile, Pfile2File,
PrintTimestamp, PrintTimestampFromEvent]
functions_strings = []
for function in functions:
docstring, _, _ = function.__doc__.partition(u'\n')
docstring = u'\t{0:s} - {1:s}'.format(function.__name__, docstring)
functions_strings.append(docstring)
functions_strings = u'\n'.join(functions_strings)
banner = (
u'--------------------------------------------------------------\n'
u' Welcome to Plaso console - home of the Plaso adventure land.\n'
u'--------------------------------------------------------------\n'
u'This is the place where everything is allowed, as long as it is '
u'written in Python.\n\n'
u'Objects available:\n\toptions - set of options to the frontend.\n'
u'\tfrontend - A copy of the pshell frontend.\n'
u'\n'
u'All libraries have been imported and can be used, see help(frontend) '
u'or help(parser).\n'
u'\n'
u'Base methods:\n'
u'{0:s}'
u'\n\tmessage - Print message strings from an event object.'
u'\n'
u'\n'
u'p.s. typing in "pdb" and pressing enter puts the shell in debug'
u'mode which causes all exceptions being sent to pdb.\n'
u'Happy command line console fu-ing.\n\n').format(functions_strings)
exit_message = u'You are now leaving the winter wonderland.\n\n{}'.format(
random.choice(_my_random_phrases))
shell_config = Config()
# Make slight adjustments to the iPython prompt.
shell_config.PromptManager.out_template = (
r'{color.Normal}[{color.Red}\#{color.Normal}]<<< ')
shell_config.PromptManager.in_template = (
r'[{color.LightBlue}\T{color.Normal}] {color.LightPurple}\Y2\n'
r'{color.Normal}[{color.Red}\#{color.Normal}] \$ ')
shell_config.PromptManager.in2_template = r'.\D.>>>'
ipshell = InteractiveShellEmbed(
user_ns=namespace, config=shell_config, banner1=banner,
exit_msg=exit_message)
ipshell.confirm_exit = False
# Set autocall to two, making parenthesis not necessary when calling
# function names (although they can be used and are necessary sometimes,
# like in variable assignments, etc).
ipshell.autocall = 2
ipshell()
return True
def Main():
"""Start the tool."""
temp_location = tempfile.gettempdir()
options = frontend.Options()
# Set the default options.
options.buffer_size = 0
options.debug = False
options.filename = '.'
options.file_filter = ''
options.filter = ''
options.image = False
options.image_offset = None
options.image_offset_bytes = None
options.old_preprocess = False
options.output = os.path.join(temp_location, 'wheredidmytimelinego.dump')
options.output_module = ''
options.parsers = ''
options.parse_vss = False
options.preprocess = False
options.recursive = False
options.scan_archives = False
options.single_process = False
options.timezone = 'UTC'
options.workers = 5
format_str = '[%(levelname)s] (%(processName)-10s) %(message)s'
logging.basicConfig(format=format_str)
front_end = pshell.PshellFrontend()
try:
front_end.ParseOptions(options, source_option='filename')
front_end.SetStorageFile(options.output)
except errors.BadConfigOption as exception:
logging.error(u'{0:s}'.format(exception))
# TODO: move to frontend object.
if options.image and options.image_offset_bytes is None:
if options.image_offset is not None:
bytes_per_sector = getattr(options, 'bytes_per_sector', 512)
options.image_offset_bytes = options.image_offset * bytes_per_sector
else:
options.image_offset_bytes = 0
namespace = {}
pre_obj = event.PreprocessObject()
namespace.update(globals())
namespace.update({
'frontend': front_end,
'pre_obj': pre_obj,
'options': options,
'find_all_output': FindAllOutputs,
'parse_file': ParseFile,
'timestamp_from_event': PrintTimestampFromEvent,
'message': GetMessageStringsForEventObject
})
# Include few random phrases that get thrown in once the user exists the
# shell.
_my_random_phrases = [
u'I haven\'t seen timelines like this since yesterday.',
u'Timelining is super relaxing.',
u'Why did I not use the shell before?', u'I like a do da cha cha',
u'I AM the Shogun of Harlem!',
(u'It doesn\'t matter if you win or lose, it\'s what you do with your '
u'dancin\' shoes'),
u'I have not had a night like that since the seventies.',
u'Baker Team. They\'re all dead, sir.',
(u'I could have killed \'em all, I could\'ve killed you. In town '
u'you\'re the law, out here it\'s me.'),
(u'Are you telling me that 200 of our men against your boy is a no-win '
u'situation for us?'),
u'Hunting? We ain\'t huntin\' him, he\'s huntin\' us!',
u'You picked the wrong man to push',
u'Live for nothing or die for something',
u'I am the Fred Astaire of karate.',
(u'God gave me a great body and it\'s my duty to take care of my '
u'physical temple.'),
u'This maniac should be wearing a number, not a badge',
u'Imagination is more important than knowledge.',
u'Do you hate being dead?', u'You\'ve got 5 seconds... and 3 are up.',
u'He is in a gunfight right now. I\'m gonna have to take a message',
u'That would be better than losing your teeth',
u'The less you know, the more you make',
(u'A SQL query goes into a bar, walks up to two tables and asks, '
u'"Can I join you?"'), u'This is your captor speaking.',
(u'If I find out you\'re lying, I\'ll come back and kill you in your '
u'own kitchen.'), u'That would be better than losing your teeth',
(u'He\'s the kind of guy who would drink a gallon of gasoline so '
u'that he can p*ss into your campfire.'),
u'I\'m gonna take you to the bank, Senator Trent. To the blood bank!',
u'I missed! I never miss! They must have been smaller than I thought',
u'Nah. I\'m just a cook.',
u'Next thing I know, you\'ll be dating musicians.',
u'Another cold day in hell',
u'Yeah, but I bet you she doesn\'t see these boys in the choir.',
u'You guys think you\'re above the law... well you ain\'t above mine!',
(u'One thought he was invincible... the other thought he could fly... '
u'They were both wrong'),
u'To understand what recursion is, you must first understand recursion'
]
arg_description = (
u'pshell is the interactive session tool that can be used to'
u'MISSING')
arg_parser = argparse.ArgumentParser(description=arg_description)
arg_parser.add_argument('-s',
'--storage_file',
'--storage-file',
dest='storage_file',
type=unicode,
default=u'',
help=u'Path to a plaso storage file.',
action='store',
metavar='PATH')
configuration = arg_parser.parse_args()
if configuration.storage_file:
store = OpenStorageFile(configuration.storage_file)
if store:
namespace.update({'store': store})
functions = [
FindAllOutputs, GetEventData, GetParserNames, GetParserObjects,
OpenOSFile, OpenStorageFile, OpenTskFile, OpenVssFile, ParseFile,
Pfile2File, PrintTimestamp, PrintTimestampFromEvent
]
functions_strings = []
for function in functions:
docstring, _, _ = function.__doc__.partition(u'\n')
docstring = u'\t{0:s} - {1:s}'.format(function.__name__, docstring)
functions_strings.append(docstring)
functions_strings = u'\n'.join(functions_strings)
banner = (
u'--------------------------------------------------------------\n'
u' Welcome to Plaso console - home of the Plaso adventure land.\n'
u'--------------------------------------------------------------\n'
u'This is the place where everything is allowed, as long as it is '
u'written in Python.\n\n'
u'Objects available:\n\toptions - set of options to the frontend.\n'
u'\tfrontend - A copy of the pshell frontend.\n'
u'\n'
u'All libraries have been imported and can be used, see help(frontend) '
u'or help(parser).\n'
u'\n'
u'Base methods:\n'
u'{0:s}'
u'\n\tmessage - Print message strings from an event object.'
u'\n'
u'\n'
u'p.s. typing in "pdb" and pressing enter puts the shell in debug'
u'mode which causes all exceptions being sent to pdb.\n'
u'Happy command line console fu-ing.\n\n').format(functions_strings)
exit_message = u'You are now leaving the winter wonderland.\n\n{}'.format(
random.choice(_my_random_phrases))
shell_config = Config()
# Make slight adjustments to the iPython prompt.
shell_config.PromptManager.out_template = (
r'{color.Normal}[{color.Red}\#{color.Normal}]<<< ')
shell_config.PromptManager.in_template = (
r'[{color.LightBlue}\T{color.Normal}] {color.LightPurple}\Y2\n'
r'{color.Normal}[{color.Red}\#{color.Normal}] \$ ')
shell_config.PromptManager.in2_template = r'.\D.>>>'
ipshell = InteractiveShellEmbed(user_ns=namespace,
config=shell_config,
banner1=banner,
exit_msg=exit_message)
ipshell.confirm_exit = False
# Set autocall to two, making parenthesis not necessary when calling
# function names (although they can be used and are necessary sometimes,
# like in variable assignments, etc).
ipshell.autocall = 2
ipshell()
return True
def Main():
"""Start the tool."""
usage = (u'Run this tool against a single file to see how many events are '
u'extracted from it and which parsers recognize it.')
arg_parser = argparse.ArgumentParser(description=usage)
format_str = '[%(levelname)s] %(message)s'
logging.basicConfig(level=logging.INFO, format=format_str)
arg_parser.add_argument(
'-v',
'--verbose',
dest='verbose',
action='store_true',
default=False,
help=('Be extra verbose in the information printed out (include full '
'stats).'))
arg_parser.add_argument(
'-c',
'--console',
dest='console',
action='store_true',
default=False,
help='After processing drop to an interactive shell.')
arg_parser.add_argument(
'-p',
'--parsers',
dest='parsers',
action='store',
default='',
type=str,
help='A list of parsers to include (see log2timeline documentation).')
arg_parser.add_argument(
'--proto',
dest='proto_file',
action='store',
default='',
type=unicode,
metavar='PROTO_FILE',
help=('A file containing an ASCII PathSpec protobuf describing how to '
'open up the file for parsing.'))
arg_parser.add_argument(
'-s',
'--storage',
dest='storage',
action='store',
type=unicode,
metavar='PSORT_PARAMETER',
default='',
help=(
'Run the profiler against a storage file, with the parameters '
'provided with this option, eg: "-q -w /dev/null". The storage '
'file has to be passed in as the FILE_TO_PARSE argument to the '
'tool and filters are also optional. This is equivilant to calling '
'psort.py STORAGE_PARAMETER FILE_TO_PARSE [FILTER]. Where the '
'storage parameters are the ones defined with this parameter.'))
# TODO: Add the option of dropping into a python shell that contains the
# stats attribute and others, just print out basic information and do the
# profiling, then drop into a ipython shell that allows you to work with
# the stats object.
arg_parser.add_argument('file_to_parse',
nargs='?',
action='store',
metavar='FILE_TO_PARSE',
default=None,
help='A path to the file that is to be parsed.')
arg_parser.add_argument(
'filter',
action='store',
metavar='FILTER',
nargs='?',
default=None,
help=('A filter that can be used to filter the dataset before it '
'is written into storage. More information about the filters'
' and it\'s usage can be found here: http://plaso.kiddaland.'
'net/usage/filters'))
options = arg_parser.parse_args()
if not (options.file_to_parse or options.proto_file):
arg_parser.print_help()
print ''
arg_parser.print_usage()
print ''
logging.error('Not able to run without a file to process.')
return False
if options.file_to_parse and not os.path.isfile(options.file_to_parse):
logging.error(u'File [{0:s}] needs to exist.'.format(
options.file_to_parse))
return False
PrintHeader(options)
# Stats attribute used for console sessions.
# pylint: disable=unused-variable
if options.storage:
stats = ProcessStorage(options)
else:
stats = ProcessFile(options)
if options.console:
ipshell = InteractiveShellEmbed()
ipshell.confirm_exit = False
ipshell()
return True
def Run(self):
"""Runs the interactive console."""
source_type = self.preg_tool.source_type
if source_type == dfvfs_definitions.SOURCE_TYPE_FILE:
registry_file_types = []
elif self.preg_tool.registry_file:
registry_file_types = [self.preg_tool.registry_file]
else:
# No Registry type specified use all available types instead.
registry_file_types = self.preg_tool.GetRegistryTypes()
registry_helpers = self.preg_tool.GetRegistryHelpers(
self.preg_tool.artifacts_registry,
plugin_names=self.preg_tool.plugin_names,
registry_file_types=registry_file_types)
for registry_helper in registry_helpers:
self.AddRegistryHelper(registry_helper)
# Adding variables in scope.
namespace = {}
namespace.update(globals())
namespace.update({
'console': self,
'get_current_key': self._CommandGetCurrentKey,
'get_key': self._CommandGetCurrentKey,
'get_value': self._CommandGetValue,
'get_value_data': self._CommandGetValueData,
'tool': self.preg_tool
})
ipshell_config = self.GetConfig()
if len(self._registry_helpers) == 1:
self.LoadRegistryFile(0)
registry_helper = self._currently_registry_helper
if registry_helper:
registry_file_path = registry_helper.name
else:
registry_file_path = 'NO HIVE LOADED'
self.SetPrompt(registry_file_path=registry_file_path,
configuration=ipshell_config)
# Starting the shell.
ipshell = InteractiveShellEmbed(user_ns=namespace,
config=ipshell_config,
banner1='',
exit_msg='')
ipshell.confirm_exit = False
self.PrintBanner()
# Adding "magic" functions.
ipshell.register_magics(PregMagics)
PregMagics.console = self
# Set autocall to two, making parenthesis not necessary when calling
# function names (although they can be used and are necessary sometimes,
# like in variable assignments, etc).
ipshell.autocall = 2
# Registering command completion for the magic commands.
ipshell.set_hook('complete_command', CommandCompleterCd, str_key='%cd')
ipshell.set_hook('complete_command',
CommandCompleterVerbose,
str_key='%ls')
ipshell.set_hook('complete_command',
CommandCompleterVerbose,
str_key='%parse')
ipshell.set_hook('complete_command',
CommandCompleterPlugins,
str_key='%plugin')
ipshell()
def RunModeConsole(front_end, options):
"""Open up an iPython console.
Args:
options: the command line arguments (instance of argparse.Namespace).
"""
namespace = {}
function_name_length = 23
banners = []
banners.append(frontend_utils.FormatHeader(
u'Welcome to PREG - home of the Plaso Windows Registry Parsing.'))
banners.append(u'')
banners.append(u'Some of the commands that are available for use are:')
banners.append(u'')
banners.append(frontend_utils.FormatOutputString(
u'cd key', u'Navigate the Registry like a directory structure.',
function_name_length))
banners.append(frontend_utils.FormatOutputString(
u'ls [-v]', (
u'List all subkeys and values of a Registry key. If called as '
u'ls True then values of keys will be included in the output.'),
function_name_length))
banners.append(frontend_utils.FormatOutputString(
u'parse -[v]', u'Parse the current key using all plugins.',
function_name_length))
banners.append(frontend_utils.FormatOutputString(
u'pwd', u'Print the working "directory" or the path of the current key.',
function_name_length))
banners.append(frontend_utils.FormatOutputString(
u'plugin [-h] plugin_name', (
u'Run a particular key-based plugin on the loaded hive. The correct '
u'Registry key will be loaded, opened and then parsed.'),
function_name_length))
banners.append(frontend_utils.FormatOutputString(
u'get_value value_name', (
u'Get a value from the currently loaded Registry key.')))
banners.append(frontend_utils.FormatOutputString(
u'get_value_data value_name', (
u'Get a value data from a value stored in the currently loaded '
u'Registry key.')))
banners.append(frontend_utils.FormatOutputString(
u'get_key', u'Return the currently loaded Registry key.'))
banners.append(u'')
# Build the global cache and prepare the tool.
hive_storage = preg.PregStorage()
shell_helper = preg.PregHelper(options, front_end, hive_storage)
parser_mediator = shell_helper.BuildParserMediator()
preg.PregCache.parser_mediator = parser_mediator
preg.PregCache.shell_helper = shell_helper
preg.PregCache.hive_storage = hive_storage
registry_types = getattr(options, 'regfile', None)
if isinstance(registry_types, basestring):
registry_types = registry_types.split(u',')
if not registry_types:
registry_types = [
'NTUSER', 'USRCLASS', 'SOFTWARE', 'SYSTEM', 'SAM', 'SECURITY']
preg.PregCache.shell_helper.Scan(registry_types)
if len(preg.PregCache.hive_storage) == 1:
preg.PregCache.hive_storage.SetOpenHive(0)
hive_helper = preg.PregCache.hive_storage.loaded_hive
banners.append(
u'Opening hive: {0:s} [{1:s}]'.format(
hive_helper.path, hive_helper.collector_name))
ConsoleConfig.SetPrompt(hive_path=hive_helper.path)
loaded_hive = preg.PregCache.hive_storage.loaded_hive
if loaded_hive and loaded_hive.name != u'N/A':
banners.append(
u'Registry hive: {0:s} is available and loaded.'.format(
loaded_hive.name))
else:
banners.append(u'More than one Registry file ready for use.')
banners.append(u'')
banners.append(preg.PregCache.hive_storage.ListHives())
banners.append(u'')
banners.append((
u'Use "hive open INDEX" to load a hive and "hive list" to see a '
u'list of available hives.'))
banners.append(u'')
banners.append(u'Happy command line console fu-ing.')
# Adding variables in scope.
namespace.update(globals())
namespace.update({
'get_current_key': GetCurrentKey,
'get_key': GetCurrentKey,
'get_value': GetValue,
'get_value_data': GetValueData,
'number_of_hives': GetTotalNumberOfLoadedHives,
'range_of_hives': GetRangeForAllLoadedHives,
'options': options})
ipshell_config = ConsoleConfig.GetConfig()
if loaded_hive:
ConsoleConfig.SetPrompt(
hive_path=loaded_hive.name, config=ipshell_config)
else:
ConsoleConfig.SetPrompt(hive_path=u'NO HIVE LOADED', config=ipshell_config)
# Starting the shell.
ipshell = InteractiveShellEmbed(
user_ns=namespace, config=ipshell_config, banner1=u'\n'.join(banners),
exit_msg='')
ipshell.confirm_exit = False
# Adding "magic" functions.
ipshell.register_magics(MyMagics)
# Set autocall to two, making parenthesis not necessary when calling
# function names (although they can be used and are necessary sometimes,
# like in variable assignments, etc).
ipshell.autocall = 2
# Registering command completion for the magic commands.
ipshell.set_hook('complete_command', CdCompleter, str_key='%cd')
ipshell.set_hook('complete_command', VerboseCompleter, str_key='%ls')
ipshell.set_hook('complete_command', VerboseCompleter, str_key='%parse')
ipshell.set_hook('complete_command', PluginCompleter, str_key='%plugin')
ipshell()
def main():
my_parser = argparse.ArgumentParser()
my_parser.add_argument("-q",
dest="quiet",
default=False,
action="store_true",
help="be quiet [%(default)s]")
my_parser.add_argument("--logger",
type=str,
default="stdout",
choices=["stdout", "logserver"],
help="choose logging facility [%(default)s]")
my_parser.add_argument(
"--logall",
default=False,
action="store_true",
help="log all (no just warning / error), [%(default)s]")
my_parser.add_argument("args",
nargs=argparse.REMAINDER,
help="commands to execute")
opts = my_parser.parse_args()
if opts.args:
opts.quiet = True
if not opts.quiet:
print("Starting ICSW shell ... ", end="", flush=True)
os.environ.setdefault("DJANGO_SETTINGS_MODULE", "initat.cluster.settings")
try:
import django
if not opts.quiet:
print("django.setup() ... ", end="", flush=True)
django.setup()
except:
django = None
else:
from initat.cluster.backbone import db_tools
try:
if not db_tools.is_reachable():
django = None
except:
# when installing a newer icsw-client package on a machine with an old icsw-server package
django = None
from initat.icsw.magics import icsw_magics
# First import the embeddable shell class
from IPython.terminal.prompts import Prompts, Token
from IPython.terminal.embed import InteractiveShellEmbed
# Now create an instance of the embeddable shell. The first argument is a
# string with options exactly as you would type them if you were starting
# IPython at the system command line. Any parameters you want to define for
# configuration can thus be specified here.
ipshell = InteractiveShellEmbed(header="X", user_ns={"django": django})
class ICSWPrompt(Prompts):
def in_prompt_tokens(self, cli=None):
return [
(Token, "[CORVUS]"),
(Token.Prompt, ">"),
]
ipshell.prompts = ICSWPrompt(ipshell)
ipshell.mouse_support = True
ipshell.confirm_exit = False
ipshell.autocall = 2
# no banner
ipshell.banner1 = ""
ipshell.set_hook('complete_command',
icsw_magics.apt_completers,
str_key='icsw')
if False:
class st2(object):
def __dir__(self):
return ["bla", "blo"]
def abc(self, var):
print("*", var)
def _ipython_key_completions_(self):
return ["x", "y"]
def bla(self):
return "bla"
def __call__(self, *args):
return "C", args
xicsw = st2()
def stest(sthg):
print("stest:", sthg)
ipshell.register_magics(
icsw_magics.ICSWMagics(ipshell, True if django else False))
if opts.args:
if "--" in opts.args:
opts.args.remove("--")
_args = ["icsw"]
if opts.logall:
_args.append("--logall")
_args.append("--logger")
_args.append(opts.logger)
r = ipshell.run_cell(" ".join(_args + opts.args), silent=True)
sys.exit(r.result)
else:
if not opts.quiet:
print("done")
from initat.cluster.backbone.models import device, device_group
ipshell(header="Starting icsw", )
def embed():
from IPython.terminal.embed import InteractiveShellEmbed
ipshell = InteractiveShellEmbed(banner1=banner)
ipshell.confirm_exit = False
ipshell()
def RunModeConsole(front_end, options):
"""Open up an iPython console.
Args:
options: the command line arguments (instance of argparse.Namespace).
"""
namespace = {}
function_name_length = 23
banners = []
banners.append(
frontend_utils.FormatHeader(
u'Welcome to PREG - home of the Plaso Windows Registry Parsing.'))
banners.append(u'')
banners.append(u'Some of the commands that are available for use are:')
banners.append(u'')
banners.append(
frontend_utils.FormatOutputString(
u'cd key', u'Navigate the Registry like a directory structure.',
function_name_length))
banners.append(
frontend_utils.FormatOutputString(
u'ls [-v]',
(u'List all subkeys and values of a Registry key. If called as '
u'ls True then values of keys will be included in the output.'),
function_name_length))
banners.append(
frontend_utils.FormatOutputString(
u'parse -[v]', u'Parse the current key using all plugins.',
function_name_length))
banners.append(
frontend_utils.FormatOutputString(
u'pwd',
u'Print the working "directory" or the path of the current key.',
function_name_length))
banners.append(
frontend_utils.FormatOutputString(u'plugin [-h] plugin_name', (
u'Run a particular key-based plugin on the loaded hive. The correct '
u'Registry key will be loaded, opened and then parsed.'),
function_name_length))
banners.append(
frontend_utils.FormatOutputString(
u'get_value value_name',
(u'Get a value from the currently loaded Registry key.')))
banners.append(
frontend_utils.FormatOutputString(
u'get_value_data value_name',
(u'Get a value data from a value stored in the currently loaded '
u'Registry key.')))
banners.append(
frontend_utils.FormatOutputString(
u'get_key', u'Return the currently loaded Registry key.'))
banners.append(u'')
# Build the global cache and prepare the tool.
hive_storage = preg.PregStorage()
shell_helper = preg.PregHelper(options, front_end, hive_storage)
parser_mediator = shell_helper.BuildParserMediator()
preg.PregCache.parser_mediator = parser_mediator
preg.PregCache.shell_helper = shell_helper
preg.PregCache.hive_storage = hive_storage
registry_types = getattr(options, 'regfile', None)
if isinstance(registry_types, basestring):
registry_types = registry_types.split(u',')
if not registry_types:
registry_types = [
'NTUSER', 'USRCLASS', 'SOFTWARE', 'SYSTEM', 'SAM', 'SECURITY'
]
preg.PregCache.shell_helper.Scan(registry_types)
if len(preg.PregCache.hive_storage) == 1:
preg.PregCache.hive_storage.SetOpenHive(0)
hive_helper = preg.PregCache.hive_storage.loaded_hive
banners.append(u'Opening hive: {0:s} [{1:s}]'.format(
hive_helper.path, hive_helper.collector_name))
ConsoleConfig.SetPrompt(hive_path=hive_helper.path)
loaded_hive = preg.PregCache.hive_storage.loaded_hive
if loaded_hive and loaded_hive.name != u'N/A':
banners.append(u'Registry hive: {0:s} is available and loaded.'.format(
loaded_hive.name))
else:
banners.append(u'More than one Registry file ready for use.')
banners.append(u'')
banners.append(preg.PregCache.hive_storage.ListHives())
banners.append(u'')
banners.append(
(u'Use "hive open INDEX" to load a hive and "hive list" to see a '
u'list of available hives.'))
banners.append(u'')
banners.append(u'Happy command line console fu-ing.')
# Adding variables in scope.
namespace.update(globals())
namespace.update({
'get_current_key': GetCurrentKey,
'get_key': GetCurrentKey,
'get_value': GetValue,
'get_value_data': GetValueData,
'number_of_hives': GetTotalNumberOfLoadedHives,
'range_of_hives': GetRangeForAllLoadedHives,
'options': options
})
ipshell_config = ConsoleConfig.GetConfig()
if loaded_hive:
ConsoleConfig.SetPrompt(hive_path=loaded_hive.name,
config=ipshell_config)
else:
ConsoleConfig.SetPrompt(hive_path=u'NO HIVE LOADED',
config=ipshell_config)
# Starting the shell.
ipshell = InteractiveShellEmbed(user_ns=namespace,
config=ipshell_config,
banner1=u'\n'.join(banners),
exit_msg='')
ipshell.confirm_exit = False
# Adding "magic" functions.
ipshell.register_magics(MyMagics)
# Set autocall to two, making parenthesis not necessary when calling
# function names (although they can be used and are necessary sometimes,
# like in variable assignments, etc).
ipshell.autocall = 2
# Registering command completion for the magic commands.
ipshell.set_hook('complete_command', CdCompleter, str_key='%cd')
ipshell.set_hook('complete_command', VerboseCompleter, str_key='%ls')
ipshell.set_hook('complete_command', VerboseCompleter, str_key='%parse')
ipshell.set_hook('complete_command', PluginCompleter, str_key='%plugin')
ipshell()