Python loadPlist 예제들

예제 #1

파일: logHook.py 프로젝트: EntropyWorks/knockknock

	def scan(self):

		#results
		results = []

		#dbg
		utils.logMessage(utils.MODE_INFO, 'running scan')

		#init results
		# ->for for login hook
		results.append(self.initResults(LOGIN_HOOK_NAME, LOGIN_HOOK_DESCRIPTION))

		#init results
		# ->for logout hook
		results.append(self.initResults(LOGOUT_HOOK_NAME, LOGOUT_HOOK_DESCRIPTION))

		#load plist
		plistData = utils.loadPlist(LOGIN_WINDOW_FILE)

		#make sure plist loaded
		if plistData:

			#grab login hook
			if 'LoginHook' in plistData:

				#save into first index of result
				results[0]['items'].append(command.Command(plistData['LoginHook']))

			#grab logout hook
			if 'LogoutHook' in plistData:

				#save into second index of result
				results[1]['items'].append(command.Command(plistData['LogoutHook']))

		return results

예제 #2

파일: dylib.py 프로젝트: biggnou/knockknock

def scanPlists(plists, key, isLoaded=False):

    #results
    results = []

    #sanity check
    if not plists:

        #bail
        return None

    #iterate over all plist
    # ->check for 'DYLD_INSERT_LIBRARIES' enviroment variable
    for plist in plists:

        #wrap
        try:

            #load contents of plist if needed
            if not isLoaded:

                #save path
                plistPath = plist

                #load it and check
                loadedPlist = utils.loadPlist(plist)
                if not loadedPlist:

                    #skip
                    continue

            #otherwise it's already loaded
            # ->use as is
            else:

                #set
                loadedPlist = plist

                #get path
                plistPath = utils.getPathFromPlist(loadedPlist)

            #check for/extract 'DYLD_INSERT_LIBRARIES'
            if key in loadedPlist and 'DYLD_INSERT_LIBRARIES' in loadedPlist[
                    key]:

                #create file obj and append to results
                results.append(
                    file.File(loadedPlist[key]['DYLD_INSERT_LIBRARIES'],
                              plistPath))

        #ignore exceptions
        except Exception, e:

            #ignore
            pass

예제 #3

파일: dylib.py 프로젝트: EntropyWorks/knockknock

def scanPlists(plists, key, isLoaded=False):

	#results
	results = []

	#sanity check
	if not plists:

		#bail
		return None

	#iterate over all plist
	# ->check for 'DYLD_INSERT_LIBRARIES' enviroment variable
	for plist in plists:

		#wrap
		try:

			#load contents of plist if needed
			if not isLoaded:

				#save path
				plistPath = plist

				#load it and check
				loadedPlist = utils.loadPlist(plist)
				if not loadedPlist:

					#skip
					continue

			#otherwise it's already loaded
			# ->use as is
			else:

				#set
				loadedPlist = plist

				#get path
				plistPath = utils.getPathFromPlist(loadedPlist)

			#check for/extract 'DYLD_INSERT_LIBRARIES'
			if key in loadedPlist and 'DYLD_INSERT_LIBRARIES' in loadedPlist[key]:

				#create file obj and append to results
				results.append(file.File(loadedPlist[key]['DYLD_INSERT_LIBRARIES'], plistPath))

		#ignore exceptions
		except Exception, e:

			#ignore
			pass

예제 #4

파일: dylib.py 프로젝트: lroathe/knockknock

def scanPlists(plists, key, isLoaded=False):

    #results
    results = []

    #iterate over all plist
    # ->check 'RunAtLoad' (for true) and then extract the first item in the 'ProgramArguments'
    for plist in plists:

        #wrap
        try:

            #load contents of plist if needed
            if not isLoaded:

                #save path
                plistPath = plist

                #load it and check
                loadedPlist = utils.loadPlist(plist)
                if not loadedPlist:

                    #skip
                    continue

            #otherwise its already loaded
            # ->use as is
            else:

                #set
                loadedPlist = plist

                #get path
                plistPath = utils.getPathFromPlist(loadedPlist)

            #check for/extract 'DYLD_INSERT_LIBRARIES'
            if key in loadedPlist and 'DYLD_INSERT_LIBRARIES' in loadedPlist[
                    key]:

                #create file obj and append to results
                results.append(
                    file.File(loadedPlist[key]['DYLD_INSERT_LIBRARIES'],
                              plistPath))

        #ignore exceptions
        except Exception, e:

            #ignore
            pass

예제 #5

파일: dylib.py 프로젝트: Marginal/knockknock

def scanPlists(plists, key, isLoaded=False):

	#results
	results = []

	#iterate over all plist
	# ->check 'RunAtLoad' (for true) and then extract the first item in the 'ProgramArguments'
	for plist in plists:

		#wrap
		try:

			#load contents of plist if needed
			if not isLoaded:

				#save path
				plistPath = plist

				#load it and check
				loadedPlist = utils.loadPlist(plist)
				if not loadedPlist:

					#skip
					continue

			#otherwise its already loaded
			# ->use as is
			else:

				#set
				loadedPlist = plist

				#get path
				plistPath = utils.getPathFromPlist(loadedPlist)

			#check for/extract 'DYLD_INSERT_LIBRARIES'
			if key in loadedPlist and 'DYLD_INSERT_LIBRARIES' in loadedPlist[key]:

				#create file obj and append to results
				results.append(file.File(loadedPlist[key]['DYLD_INSERT_LIBRARIES'], plistPath))

		#ignore exceptions
		except Exception, e:

			#ignore
			pass

예제 #6

    def getDisabledItems(self):

        #list of disabled items
        disabledItems = []

        #get all overrides plists
        overrides = glob.glob(OVERRIDES_DIRECTORY + '*/overrides.plist')

        #process
        # ->check all files for overrides
        for overide in overrides:

            #wrap
            try:

                #dbg msg
                utils.logMessage(utils.MODE_INFO, 'opening %s' % overide)

                #load plist and check
                plistData = utils.loadPlist(overide)
                if not plistData:

                    #skip
                    continue

                #now parse 'normal' overrides
                for overrideItem in plistData:

                    #check if item is disabled
                    if 'Disabled' in plistData[overrideItem] and plistData[
                            overrideItem]['Disabled']:

                        #save
                        disabledItems.append(overrideItem)

            #ignore exceptions
            except Exception, e:

                #skip
                continue

예제 #7

    def scan(self):

        #results
        results = []

        #dbg
        utils.logMessage(utils.MODE_INFO, 'running scan')

        #init results
        # ->for for login hook
        results.append(
            self.initResults(LOGIN_HOOK_NAME, LOGIN_HOOK_DESCRIPTION))

        #init results
        # ->for logout hook
        results.append(
            self.initResults(LOGOUT_HOOK_NAME, LOGOUT_HOOK_DESCRIPTION))

        #load plist
        plistData = utils.loadPlist(LOGIN_WINDOW_FILE)

        #make sure plist loaded
        if plistData:

            #grab login hook
            if 'LoginHook' in plistData:

                #save into first index of result
                results[0]['items'].append(
                    command.Command(plistData['LoginHook']))

            #grab logout hook
            if 'LogoutHook' in plistData:

                #save into second index of result
                results[1]['items'].append(
                    command.Command(plistData['LogoutHook']))

        return results

예제 #8

파일: launchDandA.py 프로젝트: EntropyWorks/knockknock

	def getDisabledItems(self):

		#list of disabled items
		disabledItems = []

		#get all overrides plists
		overrides = glob.glob(OVERRIDES_DIRECTORY + '*/overrides.plist')

		#process
		# ->check all files for overrides
		for overide in overrides:

			#wrap
			try:

				#dbg msg
				utils.logMessage(utils.MODE_INFO, 'opening %s' % overide)

				#load plist and check
				plistData = utils.loadPlist(overide)
				if not plistData:

					#skip
					continue

				#now parse 'normal' overrides
				for overrideItem in plistData:

					#check if item is disabled
					if 'Disabled' in plistData[overrideItem] and plistData[overrideItem]['Disabled']:

						#save
						disabledItems.append(overrideItem)

			#ignore exceptions
			except Exception, e:

				#skip
				continue

예제 #9

    def getOverriddenItems(self):

        #get all overrides plists
        overrides = glob.glob(OVERRIDES_DIRECTORY + '*/overrides.plist')

        #process
        # ->check all files for overrides
        for overide in overrides:

            #wrap
            try:

                #dbg msg
                utils.logMessage(utils.MODE_INFO, 'opening %s' % overide)

                #load plist and check
                plistData = utils.loadPlist(overide)
                if not plistData:

                    #skip
                    continue

                #now parse 'normal' overrides
                for overrideItem in plistData:

                    #check if item has disabled flag (true/false)
                    if 'Disabled' in plistData[overrideItem]:

                        #save
                        self.overriddenItems[overrideItem] = plistData[
                            overrideItem]['Disabled']

            #ignore exceptions
            except Exception, e:

                #skip
                continue

예제 #10

파일: launchDandA.py 프로젝트: synack/knockknock

	def getOverriddenItems(self):

		#get all overrides plists
		overrides = glob.glob(OVERRIDES_DIRECTORY + '*/overrides.plist')

		#process
		# ->check all files for overrides
		for overide in overrides:

			#wrap
			try:

				#dbg msg
				utils.logMessage(utils.MODE_INFO, 'opening %s' % overide)

				#load plist and check
				plistData = utils.loadPlist(overide)
				if not plistData:

					#skip
					continue

				#now parse 'normal' overrides
				for overrideItem in plistData:

					#check if item has disabled flag (true/false)
					if 'Disabled' in plistData[overrideItem]:

						#save
						self.overriddenItems[overrideItem] = plistData[overrideItem]['Disabled']

			#ignore exceptions
			except Exception, e:

				#skip
				continue

예제 #11

파일: launchDandA.py 프로젝트: MrColon/knockknock

def autoRunBinaries(plists):

	#auto run binaries
	autoRunBins = []

	#iterate over all plist
	# ->check 'RunAtLoad' (for true) and then extract the first item in the 'ProgramArguments'
	for plist in plists:

		#wrap
		try:

			#program args from plist
			programArguments = []

			#load plist
			plistData = utils.loadPlist(plist)

			#skip binaries that aren't auto run
			if not 'RunAtLoad' in plistData or not plistData['RunAtLoad']:

				#skip
				continue

			#check for 'ProgramArguments' key
			if 'ProgramArguments' in plistData:

				#extract program arguments
				programArguments = plistData['ProgramArguments']

				#skip funky args
				if len(programArguments) < 1:

					#skip
					continue

				#extract launch item's binary
				# ->should be first item in args array
				binary = programArguments[0]

				#skip files that aren't found
				# ->e.g firmwaresyncd
				if not os.path.isfile(binary):

					#skip
					continue

			#also check for 'Program' key
			# ->e.g. /System/Library/LaunchAgents/com.apple.mrt.uiagent.plist
			elif 'Program' in plistData:

				#extract binary
				binary = plistData['Program']

				#skip files that aren't found
				# ->e.g firmwaresyncd
				if not os.path.isfile(plistData['Program']):

					#skip
					continue

			#save extracted launch daemon/agent binary
			if binary:

				#save
				autoRunBins.append([binary, plist])

		#ignore exceptions
		except Exception, e:

			#ignore
			pass

예제 #12

파일: launchDandA.py 프로젝트: whjvenyl/knockknock

	def autoRunBinaries(self, plists):

		#auto run binaries
		autoRunBins = []

		#iterate over all plist
		# ->check 'RunAtLoad' (for true) and then extract the first item in the 'ProgramArguments'
		for plist in plists:

			#wrap
			try:

				#program args from plist
				programArguments = []

				#load plist
				plistData = utils.loadPlist(plist)

				#skip files that couldn't be loaded
				if not plistData:

					#skip
					continue

				#skip non-autorun'd items
				if not self.isAutoRun(plistData):

					#skip
					continue

				#check for 'ProgramArguments' key
				if 'ProgramArguments' in plistData:

					#extract program arguments
					programArguments = plistData['ProgramArguments']

					#skip funky args
					if len(programArguments) < 1:

						#skip
						continue

					#extract launch item's binary
					# ->should be first item in args array
					binary = programArguments[0]

					#skip files that aren't found
					# ->will try 'which' to resolve things like 'bash', etc
					if not os.path.isfile(binary):

						#try which
						binary = utils.which(binary)
						if not binary:

							#skip
							continue

				#also check for 'Program' key
				# ->e.g. /System/Library/LaunchAgents/com.apple.mrt.uiagent.plist
				elif 'Program' in plistData:

					#extract binary
					binary = plistData['Program']

					#skip files that aren't found
					# ->will try 'which' to resolve things like 'bash', etc
					if not os.path.isfile(binary):

						#try which
						binary = utils.which(binary)
						if not binary:

							#skip
							continue

				#save extracted launch daemon/agent binary
				if binary:

					#save
					autoRunBins.append([binary, plist])

			#ignore exceptions
			except Exception, e:

				#ignore
				pass

예제 #13

파일: overRide.py 프로젝트: Marginal/knockknock

	def findBinaryForOveride(self, bundleID):

		#the binary
		binary = None

		#wrap
		try:

			#expand launch daemons and agents directories
			directories = utils.expandPaths(LAUNCH_D_AND_A_DIRECTORIES)

			#attempt to find bundle ID in any of the directories
			for directory in directories:

				#init candidate plist path
				plistPath = directory + bundleID + '.plist'

				#check if there if candidate plist exists
				if not os.path.exists(plistPath):

					#skip
					continue

				#load plist
				plistData = utils.loadPlist(plistPath)

				#check if 'ProgramArguments' exists
				if 'ProgramArguments' in plistData:

					#extract program arguments
					programArguments = plistData['ProgramArguments']

					#check if its a file
					if os.path.isfile(programArguments[0]):

						#happy, got binary for bundle id
						binary = programArguments[0]

						#bail
						break

				#check if 'Program' key contains binary
				# ->e.g. /System/Library/LaunchAgents/com.apple.mrt.uiagent.plist
				elif 'Program' in plistData:

					#check if its a file
					if os.path.isfile(plistData['Program']):

						#happy, got binary for bundle id
						binary = plistData['Program']

						#bail
						break

		#ignore exceptions
		except:

			#ignore
			pass

		return binary

예제 #14

파일: overRide.py 프로젝트: Marginal/knockknock

	def scan(self):

		#login items files
		overriddenItems = []

		#sandbox login items
		sandboxedLoginItems = None

		#dbg msg
		utils.logMessage(utils.MODE_INFO, 'running scan')

		#init results dictionary
		results = self.initResults(OVERRIDES_NAME, OVERRIDES_DESCRIPTION)

		#get all overrides plists
		overrides = glob.glob(OVERRIDES_DIRECTORY + '*/overrides.plist')

		#process
		# ->check all files for overrides
		for overide in overrides:

			#wrap
			try:

				#dbg msg
				utils.logMessage(utils.MODE_INFO, 'opening %s' % overide)

				#load plist and check
				plistData = utils.loadPlist(overide)

				#extract sandboxed login items
				# ->helper apps
				if '_com.apple.SMLoginItemBookmarks' in plistData:

					#extract all
					sandboxedLoginItemsBookmarks = plistData['_com.apple.SMLoginItemBookmarks']

					#iterate over all
					# ->extract from bookmark blob
					for sandboxedLoginItem in sandboxedLoginItemsBookmarks:

						#ignore disabled ones
						if not self.isOverrideEnabled(plistData, sandboxedLoginItem):

							#skip
							continue

						#parse bookmark blob
						# ->attempt to extract login item
						loginItem = self.parseBookmark(sandboxedLoginItemsBookmarks[sandboxedLoginItem])

						#save extracted login item
						if loginItem:

							#save
							results['items'].append(file.File(loginItem))

				#now parse 'normal' overrides
				for overrideItem in plistData:

					#skip the overrides that are also in the bookmark dictionary
					# ->these were already processed (above)
					if sandboxedLoginItemsBookmarks and overrideItem in sandboxedLoginItemsBookmarks:

						#skip
						continue

					#ignore disabled ones
					if not self.isOverrideEnabled(plistData, overrideItem):

						#skip
						continue

					#here, just got a bundle ID
					# ->try to get the binary for it by searching launch daemon and agents
					binaryForOveride = self.findBinaryForOveride(overrideItem)

					#save binaries
					if binaryForOveride:

						#save
						results['items'].append(file.File(binaryForOveride))

			#ignore exceptions
			except:

				#skip
				continue

		return results

예제 #15

	def scanExtensionsSafari(self):

		#results
		results = []

		#get list of all chrome's preferences file
		# ->these contain JSON w/ info about all extensions
		safariExtensionFiles = utils.expandPath(SAFARI_EXTENSION_DIRECTORY)

		#parse each for extensions
		for safariExtensionFile in safariExtensionFiles:

			#wrap
			try:

				#load extension file
				plistData = utils.loadPlist(safariExtensionFile)

				#ensure data looks ok
				if not plistData or 'Installed Extensions' not in plistData:

						#skip/try next
						continue

				#the list of extensions are stored in the 'settings' key
				extensions = plistData['Installed Extensions']

				#scan all extensions
				# ->skip ones that are disabled, white listed, etc
				for currentExtension in extensions:

					#dictionary for extension info
					extensionInfo = {}

					#skip disabled plugins
					if 'Enabled' in currentExtension and not currentExtension['Enabled']:

						#skip
						continue

					#extract path
					if 'Archive File Name' in currentExtension:

						#name
						extensionInfo['path'] = safariExtensionFile + '/' + currentExtension['Archive File Name']

					#extract name
					if 'Bundle Directory Name' in currentExtension:

						#path
						extensionInfo['name'] = currentExtension['Bundle Directory Name']

					#create and append
					results.append(extension.Extension(extensionInfo))

			#ignore exceptions
			except Exception, e:

				print e
				traceback.print_exc()


				#skip/try next
				continue

예제 #16

파일: overRide.py 프로젝트: lroathe/knockknock

    def scan(self):

        #login items files
        overriddenItems = []

        #sandbox login items
        sandboxedLoginItems = None

        #dbg msg
        utils.logMessage(utils.MODE_INFO, 'running scan')

        #init results dictionary
        results = self.initResults(OVERRIDES_NAME, OVERRIDES_DESCRIPTION)

        #get all overrides plists
        overrides = glob.glob(OVERRIDES_DIRECTORY + '*/overrides.plist')

        #process
        # ->check all files for overrides
        for overide in overrides:

            #wrap
            try:

                #dbg msg
                utils.logMessage(utils.MODE_INFO, 'opening %s' % overide)

                #load plist and check
                plistData = utils.loadPlist(overide)

                #extract sandboxed login items
                # ->helper apps
                if '_com.apple.SMLoginItemBookmarks' in plistData:

                    #extract all
                    sandboxedLoginItemsBookmarks = plistData[
                        '_com.apple.SMLoginItemBookmarks']

                    #iterate over all
                    # ->extract from bookmark blob
                    for sandboxedLoginItem in sandboxedLoginItemsBookmarks:

                        #ignore disabled ones
                        if not self.isOverrideEnabled(plistData,
                                                      sandboxedLoginItem):

                            #skip
                            continue

                        #parse bookmark blob
                        # ->attempt to extract login item
                        loginItem = self.parseBookmark(
                            sandboxedLoginItemsBookmarks[sandboxedLoginItem])

                        #save extracted login item
                        if loginItem:

                            #save
                            results['items'].append(file.File(loginItem))

                #now parse 'normal' overrides
                for overrideItem in plistData:

                    #skip the overrides that are also in the bookmark dictionary
                    # ->these were already processed (above)
                    if sandboxedLoginItemsBookmarks and overrideItem in sandboxedLoginItemsBookmarks:

                        #skip
                        continue

                    #ignore disabled ones
                    if not self.isOverrideEnabled(plistData, overrideItem):

                        #skip
                        continue

                    #here, just got a bundle ID
                    # ->try to get the binary for it by searching launch daemon and agents
                    binaryForOveride = self.findBinaryForOveride(overrideItem)

                    #save binaries
                    if binaryForOveride:

                        #save
                        results['items'].append(file.File(binaryForOveride))

            #ignore exceptions
            except:

                #skip
                continue

        return results

예제 #17

	def autoRunBinaries(self, plists):

		#auto run binaries
		autoRunBins = []

		#iterate over all plist
		# ->check 'RunAtLoad' (for true) and then extract the first item in the 'ProgramArguments'
		for plist in plists:

			#wrap
			try:

				#program args from plist
				programArguments = []

				#load plist
				plistData = utils.loadPlist(plist)

				#skip disabled launch items
				if 'Label' in plistData and plistData['Label'] in self.disabledItems:

					#skip
					continue

				#skip binaries that aren't auto run
				if not 'RunAtLoad' in plistData or not plistData['RunAtLoad']:

					#launch items can also be started with just 'KeepAlive'
					# ->so if 'RunAtLoad' wasn't found, check for this too
					if not 'KeepAlive' in plistData or not plistData['KeepAlive']:

						#skip
						# ->neither 'RunAtLoad' nor 'KeepAlive' is set
						continue

				#check for 'ProgramArguments' key
				if 'ProgramArguments' in plistData:

					#extract program arguments
					programArguments = plistData['ProgramArguments']

					#skip funky args
					if len(programArguments) < 1:

						#skip
						continue

					#extract launch item's binary
					# ->should be first item in args array
					binary = programArguments[0]

					#skip files that aren't found
					# ->e.g firmwaresyncd
					if not os.path.isfile(binary):

						#skip
						continue

				#also check for 'Program' key
				# ->e.g. /System/Library/LaunchAgents/com.apple.mrt.uiagent.plist
				elif 'Program' in plistData:

					#extract binary
					binary = plistData['Program']

					#skip files that aren't found
					# ->e.g firmwaresyncd
					if not os.path.isfile(plistData['Program']):

						#skip
						continue

				#save extracted launch daemon/agent binary
				if binary:

					#save
					autoRunBins.append([binary, plist])

			#ignore exceptions
			except Exception, e:

				print 'EX: %s' % e

				#ignore
				pass

예제 #18

파일: loginItem.py 프로젝트: MrColon/knockknock

	def scan(self):

		#login items files
		loginItems = []

		#dbg msg
		utils.logMessage(utils.MODE_INFO, 'running scan')

		#init results dictionary
		results = self.initResults(LOGIN_ITEM_NAME, LOGIN_ITEM_DESCRIPTION)

		#process
		# ->open file and read each line
		for userLoginItems in utils.expand(LOGIN_ITEM_FILE):

			#wrap
			try:

				#dbg msg
				utils.logMessage(utils.MODE_INFO, 'scanning %s' % userLoginItems)

				#load plist and check
				plistData = utils.loadPlist(userLoginItems)

				#extract sessions items
				sesssionItems = plistData['SessionItems']

				#extract custom list items
				customListItems = sesssionItems['CustomListItems']

				#iterate over all login items
				for customListItem in customListItems:

					#wrap it
					try:

						#extact alias data
						aliasData = list((customListItem['Alias']).bytes())

						#parse alias data
						loginItem = self.parseAliasData(aliasData)

						#save extracted login item
						if loginItem:

							#save
							results['items'].append(file.File(loginItem))

					#ignore exceptions
					except Exception, e:

						#skip
						continue

			#ignore exceptions
			except:

				#skip
				continue

		return results

예제 #19

파일: logHook.py 프로젝트: Noktec/knockknock

	def scan(self):

		#results
		results = []

		#dbg
		utils.logMessage(utils.MODE_INFO, 'running scan')

		#init results
		# ->for for login hook
		results.append(self.initResults(LOGIN_HOOK_NAME, LOGIN_HOOK_DESCRIPTION))

		#init results
		# ->for logout hook
		results.append(self.initResults(LOGOUT_HOOK_NAME, LOGOUT_HOOK_DESCRIPTION))

		#expand all login/out files
		logInOutFiles = utils.expandPaths(LOGIN_WINDOW_FILES)

		#scan each file
		for logInOutFile in logInOutFiles:

			#load plist
			plistData = utils.loadPlist(logInOutFile)

			#make sure plist loaded
			if plistData:

				#grab login hook
				if 'LoginHook' in plistData:

					#check if its a file
					if os.path.isfile(plistData['LoginHook']):

						#save file
						results[0]['items'].append(file.File(plistData['LoginHook']))

					#likely a command
					# ->could be file that doesn't exist, but ok to still report
					else:

						#save command
						results[0]['items'].append(command.Command(plistData['LoginHook'], logInOutFile))

				#grab logout hook
				if 'LogoutHook' in plistData:

					#check if its a file
					if os.path.isfile(plistData['LogoutHook']):

						#save file
						results[1]['items'].append(file.File(plistData['LogoutHook']))

					#likely a command
					# ->could be file that doesn't exist, but ok to still report
					else:

						#save command
						results[1]['items'].append(command.Command(plistData['LogoutHook'], logInOutFile))

		return results

예제 #20

파일: loginItem.py 프로젝트: whjvenyl/knockknock

    def scan(self):

        #login items files
        loginItems = []

        #dbg msg
        utils.logMessage(utils.MODE_INFO, 'running scan')

        #init results dictionary
        results = self.initResults(LOGIN_ITEM_NAME, LOGIN_ITEM_DESCRIPTION)

        #process
        # ->open file and read each line
        for userLoginItems in utils.expandPath(LOGIN_ITEM_FILE):

            #wrap
            try:

                #dbg msg
                utils.logMessage(utils.MODE_INFO,
                                 'scanning %s' % userLoginItems)

                #load plist and check
                plistData = utils.loadPlist(userLoginItems)

                #extract sessions items
                sesssionItems = plistData['SessionItems']

                #extract custom list items
                customListItems = sesssionItems['CustomListItems']

                #iterate over all login items
                for customListItem in customListItems:

                    #wrap it
                    try:

                        #extact alias data
                        aliasData = list((customListItem['Alias']).bytes())

                        #parse alias data
                        loginItem = self.parseAliasData(aliasData)

                        #save extracted login item
                        if loginItem:

                            #save
                            results['items'].append(file.File(loginItem))

                    #ignore exceptions
                    except Exception, e:

                        #skip
                        continue

            #ignore exceptions
            except:

                #skip
                continue

        return results

예제 #21

파일: overRide.py 프로젝트: whjvenyl/knockknock

    def findBinaryForOveride(self, bundleID):

        #the binary
        binary = None

        #wrap
        try:

            #expand launch daemons and agents directories
            directories = utils.expandPaths(LAUNCH_D_AND_A_DIRECTORIES)

            #attempt to find bundle ID in any of the directories
            for directory in directories:

                #init candidate plist path
                plistPath = directory + bundleID + '.plist'

                #check if there if candidate plist exists
                if not os.path.exists(plistPath):

                    #skip
                    continue

                #load plist
                plistData = utils.loadPlist(plistPath)

                #check if 'ProgramArguments' exists
                if 'ProgramArguments' in plistData:

                    #extract program arguments
                    programArguments = plistData['ProgramArguments']

                    #check if its a file
                    if os.path.isfile(programArguments[0]):

                        #happy, got binary for bundle id
                        binary = programArguments[0]

                        #bail
                        break

                #check if 'Program' key contains binary
                # ->e.g. /System/Library/LaunchAgents/com.apple.mrt.uiagent.plist
                elif 'Program' in plistData:

                    #check if its a file
                    if os.path.isfile(plistData['Program']):

                        #happy, got binary for bundle id
                        binary = plistData['Program']

                        #bail
                        break

        #ignore exceptions
        except:

            #ignore
            pass

        return binary

예제 #22

파일: overRide.py 프로젝트: whjvenyl/knockknock

    def scan(self):

        #overrides
        overrides = []

        #login items files
        overriddenItems = []

        #sandbox login items
        sandboxedLoginItems = None

        #dbg msg
        utils.logMessage(utils.MODE_INFO, 'running scan')

        #init results dictionary
        results = self.initResults(OVERRIDES_NAME, OVERRIDES_DESCRIPTION)

        #get all overrides plists
        for overrideDirectory in OVERRIDES_DIRECTORIES:

            #get all
            overrides.extend(glob.glob(overrideDirectory +
                                       '*/overrides.plist'))

        #process
        # ->check all files for overrides
        for override in overrides:

            #wrap
            try:

                #load plist and check
                plistData = utils.loadPlist(override)

                #skip any plist files that couldn't be loaded
                if not plistData:

                    #skip
                    continue

                #extract sandboxed login items
                # ->helper apps
                if '_com.apple.SMLoginItemBookmarks' in plistData:

                    #extract all
                    # ->'_com.apple.SMLoginItemBookmarks' is key
                    sandboxedLoginItemsBookmarks = plistData[
                        '_com.apple.SMLoginItemBookmarks']

                    #iterate over all
                    # ->extract from bookmark blob
                    for sandboxedLoginItem in sandboxedLoginItemsBookmarks:

                        #wrap
                        # ->here, allows just single item to be skipped
                        try:

                            #print 'sandboxed item from SMLoginItemBookmarks: %s' % sandboxedLoginItem

                            #print self.parseBookmark(sandboxedLoginItemsBookmarks[sandboxedLoginItem])

                            #ignore disabled ones
                            if not self.isOverrideEnabled(
                                    plistData, sandboxedLoginItem):

                                #dbg msg
                                #print '%s is disabled!!' % sandboxedLoginItem

                                #skip
                                continue

                            #parse bookmark blob
                            # ->attempt to extract login item
                            loginItem = self.parseBookmark(
                                sandboxedLoginItemsBookmarks[
                                    sandboxedLoginItem])

                            #ignore files that don't exist
                            # ->some apps that don't cleanly uninstall leave entries here
                            if not os.path.exists(loginItem):

                                #skip
                                continue

                            #save extracted login item
                            if loginItem:

                                #save
                                results['items'].append(file.File(loginItem))

                        #ignore exceptions
                        # ->just try next time
                        except:

                            #skip
                            continue

                #now parse 'normal' overrides
                for overrideItem in plistData:

                    #wrap
                    # ->here, allows just single item to be skipped
                    try:

                        #skip the overrides that are also in the bookmark dictionary
                        # ->these were already processed (above)
                        if sandboxedLoginItemsBookmarks and overrideItem in sandboxedLoginItemsBookmarks:

                            #skip
                            continue

                        #ignore disabled ones
                        if not self.isOverrideEnabled(plistData, overrideItem):

                            #skip
                            continue

                        #here, just got a bundle ID
                        # ->try to get the binary for it by searching launch daemon and agents
                        binaryForOveride = self.findBinaryForOveride(
                            overrideItem)

                        #save binaries
                        if binaryForOveride:

                            #save
                            results['items'].append(
                                file.File(binaryForOveride))

                    #ignore exceptions
                    # ->just try next time
                    except:

                        #skip
                        continue

            #ignore exceptions
            except Exception, e:

                #print e

                #skip
                continue

예제 #23

파일: overRide.py 프로젝트: Noktec/knockknock

	def scan(self):

		#overrides
		overrides = []

		#login items files
		overriddenItems = []

		#sandbox login items
		sandboxedLoginItems = None

		#dbg msg
		utils.logMessage(utils.MODE_INFO, 'running scan')

		#init results dictionary
		results = self.initResults(OVERRIDES_NAME, OVERRIDES_DESCRIPTION)

		#get all overrides plists
		for overrideDirectory in OVERRIDES_DIRECTORIES:

			#get all
			overrides.extend(glob.glob(overrideDirectory + '*/overrides.plist'))

		#process
		# ->check all files for overrides
		for override in overrides:

			#wrap
			try:

				#load plist and check
				plistData = utils.loadPlist(override)

				#skip any plist files that couldn't be loaded
				if not plistData:

					#skip
					continue

				#extract sandboxed login items
				# ->helper apps
				if '_com.apple.SMLoginItemBookmarks' in plistData:

					#extract all
					# ->'_com.apple.SMLoginItemBookmarks' is key
					sandboxedLoginItemsBookmarks = plistData['_com.apple.SMLoginItemBookmarks']

					#iterate over all
					# ->extract from bookmark blob
					for sandboxedLoginItem in sandboxedLoginItemsBookmarks:

						#wrap
						# ->here, allows just single item to be skipped
						try:

							#print 'sandboxed item from SMLoginItemBookmarks: %s' % sandboxedLoginItem

							#print self.parseBookmark(sandboxedLoginItemsBookmarks[sandboxedLoginItem])

							#ignore disabled ones
							if not self.isOverrideEnabled(plistData, sandboxedLoginItem):

								#dbg msg
								#print '%s is disabled!!' % sandboxedLoginItem

								#skip
								continue

							#parse bookmark blob
							# ->attempt to extract login item
							loginItem = self.parseBookmark(sandboxedLoginItemsBookmarks[sandboxedLoginItem])

							#ignore files that don't exist
							# ->some apps that don't cleanly uninstall leave entries here
							if not os.path.exists(loginItem):

								#skip
								continue

							#save extracted login item
							if loginItem:

								#save
								results['items'].append(file.File(loginItem))

						#ignore exceptions
						# ->just try next time
						except:

							#skip
							continue


				#now parse 'normal' overrides
				for overrideItem in plistData:

					#wrap
					# ->here, allows just single item to be skipped
					try:


						#skip the overrides that are also in the bookmark dictionary
						# ->these were already processed (above)
						if sandboxedLoginItemsBookmarks and overrideItem in sandboxedLoginItemsBookmarks:

							#skip
							continue


						#ignore disabled ones
						if not self.isOverrideEnabled(plistData, overrideItem):

							#skip
							continue

						#here, just got a bundle ID
						# ->try to get the binary for it by searching launch daemon and agents
						binaryForOveride = self.findBinaryForOveride(overrideItem)

						#save binaries
						if binaryForOveride:

							#save
							results['items'].append(file.File(binaryForOveride))

					#ignore exceptions
					# ->just try next time
					except:

						#skip
						continue

			#ignore exceptions
			except Exception, e:

				#print e

				#skip
				continue