def Start(self):
"""Redirect to start on the workers and not in the UI."""
# Figure out which paths we are going to check.
client = aff4.FACTORY.Open(self.client_id, token=self.token)
system = client.Get(client.Schema.SYSTEM)
paths = BROWSER_PATHS.get(system)
self.state.Register("all_paths", [])
if self.args.check_chrome:
self.state.all_paths += paths.get("Chrome", [])
if self.args.check_ie:
self.state.all_paths += paths.get("IE", [])
if self.args.check_firefox:
self.state.all_paths += paths.get("Firefox", [])
if not self.state.all_paths:
raise flow.FlowError("Unsupported system %s for CacheGrep" % system)
self.state.Register("users", [])
for user in self.args.grep_users:
user_info = flow_utils.GetUserInfo(client, user)
if not user_info:
raise flow.FlowError("No such user %s" % user)
self.state.users.append(user_info)
self.CallState(next_state="StartRequests")
def GuessHistoryPaths(self, username):
"""Take a user and return guessed full paths to History files.
Args:
username: Username as string.
Returns:
A list of strings containing paths to look for history files in.
Raises:
OSError: On invalid system in the Schema
"""
fd = aff4.FACTORY.Open(self.client_id, token=self.token)
system = fd.Get(fd.Schema.SYSTEM)
user_info = flow_utils.GetUserInfo(fd, username)
if not user_info:
self.Error("Could not find homedir for user {0}".format(username))
return
paths = []
if system == "Windows":
path = "{app_data}\\Mozilla\\Firefox\\Profiles/"
paths.append(path.format(
app_data=user_info.special_folders.app_data))
elif system == "Linux":
path = "hotexamples_com/.mozilla/firefox/"
paths.append(path.format(homedir=user_info.homedir))
elif system == "Darwin":
path = ("hotexamples_com/Library/Application Support/"
"Firefox/Profiles/")
paths.append(path.format(homedir=user_info.homedir))
else:
raise OSError("Invalid OS for Chrome History")
return paths
def GuessExtensionPaths(self, user):
"""Take a user and return guessed full paths to Extension files.
Args:
user: Username as string.
Returns:
A list of strings containing paths to look for extension files in.
Raises:
OSError: On invalid system in the Schema.
"""
client = aff4.FACTORY.Open(self.client_id, token=self.token)
system = client.Get(client.Schema.SYSTEM)
paths = []
profile_path = "Default"
user_pb = flow_utils.GetUserInfo(client, user)
if not user_pb:
logging.error("User not found")
return []
if system == "Windows":
path = ("%(local_app_data)s/%(sw)s/User Data/%(profile)s")
for p in ["Google/Chrome", "Chromium"]:
paths.append(
path % {
"local_app_data":
user_pb.special_folders.local_app_data,
"sw": p,
"profile": profile_path
})
elif system == "Linux":
path = "%(home_path)s/.config/%(sw)s/%(profile)s"
for p in ["google-chrome", "chromium"]:
paths.append(path % {
"home_path": user_pb.homedir,
"sw": p,
"profile": profile_path
})
elif system == "Darwin":
path = "%(home_path)s/Library/Application Support/%(sw)s/%(profile)s"
for p in ["Google/Chrome", "Chromium"]:
paths.append(path % {
"home_path": user_pb.homedir,
"sw": p,
"profile": profile_path
})
else:
logging.error("Invalid OS for Chrome extensions")
raise OSError
return paths
def Start(self):
"""Validate parameters and do the actual work."""
if not self.username:
raise RuntimeError("Please supply a valid user name.")
if self.use_tsk:
self.path_type = rdfvalue.PathSpec.PathType.TSK
else:
self.path_type = rdfvalue.PathSpec.PathType.OS
client = aff4.FACTORY.Open(self.client_id, token=self.token)
self.user_pb = flow_utils.GetUserInfo(client, self.username)
if not self.user_pb:
self.Error("Could not find homedir for user %s" % self.username)
raise RuntimeError("No homedir found for user %s" % self.username)
if self.get_browser_history:
self.CallFlow("FirefoxHistory",
pathtype=self.path_type,
username=self.user,
next_state="FinishFlow")
self.CallFlow("ChromeHistory",
pathtype=self.path_type,
username=self.user,
next_state="FinishFlow")
if self.recursive_list_homedir:
homedir = self.user_pb.homedir
self.CallFlow("RecursiveListDirectory",
pathtype=self.path_type,
path=homedir,
max_depth=int(self.recursive_list_homedir),
next_state="FinishFlow")
if self.recursive_list_user_registry:
regdir = "HKEY_USERS/%s" % self.user_pb.sid
max_depth = int(self.recursive_list_user_registry)
self.CallFlow("RecursiveListDirectory",
pathtype=rdfvalue.PathSpec.PathType.REGISTRY,
path=regdir,
max_depth=max_depth,
next_state="FinishFlow")
if self.artifact_list:
self.CallFlow("ArtifactCollectorFlow",
artifact_list=list(self.artifact_list),
use_tsk=self.use_tsk,
next_state="FinishFlow")
def GuessHistoryPaths(self, username):
"""Take a user and return guessed full paths to History files.
Args:
username: Username as string.
Returns:
A list of strings containing paths to look for history files in.
Raises:
OSError: On invalid system in the Schema
"""
client = aff4.FACTORY.Open(self.client_id, token=self.token)
system = client.Get(client.Schema.SYSTEM)
user_info = flow_utils.GetUserInfo(client, username)
if not user_info:
self.Error("Could not find homedir for user {0}".format(username))
return
paths = []
if system == "Windows":
path = ("{app_data}\\{sw}\\User Data\\Default\\")
for sw_path in ["Google\\Chrome", "Chromium"]:
paths.append(
path.format(
app_data=user_info.special_folders.local_app_data,
sw=sw_path))
elif system == "Linux":
path = "hotexamples_com/.config/{sw}/Default/"
for sw_path in ["google-chrome", "chromium"]:
paths.append(path.format(homedir=user_info.homedir,
sw=sw_path))
elif system == "Darwin":
path = "hotexamples_com/Library/Application Support/{sw}/Default/"
for sw_path in ["Google/Chrome", "Chromium"]:
paths.append(path.format(homedir=user_info.homedir,
sw=sw_path))
else:
raise OSError("Invalid OS for Chrome History")
return paths
