def __init__(self, context: interfaces.context.ContextInterface, config_path: str, progress_callback: constants.ProgressCallback = None) -> None: """ Args: context: The context that the plugin will operate within config_path: The path to configuration data within the context configuration data progress_callback: A callable that can provide feedback at progress points """ super().__init__(context, config_path) self._progress_callback = progress_callback or (lambda f, s: None) # Plugins self validate on construction, it makes it more difficult to work with them, but then # the validation doesn't need to be repeated over and over again by externals if self.unsatisfied(context, config_path): vollog.warning("Plugin failed validation") raise exceptions.PluginRequirementException("The plugin configuration failed to validate") # Populate any optional defaults for requirement in self.get_requirements(): if requirement.name not in self.config: self.config[requirement.name] = requirement.default self._file_handler = FileHandlerInterface # type: Type[FileHandlerInterface] framework.require_interface_version(*self._required_framework_version)
def __init__(self, image_path, plugin_name, plugins_path): framework.require_interface_version(2, 0, 0) # import the plugin files failures = framework.import_files(volatility.plugins, True) # load the framework plugins list plugin_list = framework.list_plugins() plugin_info = self.getPlugin(plugin_name) if plugin_info is None: raise Exception("Plugin information for [" + plugin_name + "] not found") plugin_info['obj'] = plugin_list[plugin_info['name']] # image path file_name = os.path.abspath(image_path) if not os.path.exists(file_name): raise Exception("File does not exist: {}".format(file_name)) # set context self.ctx = contexts.Context() # Construct a blank context automagics = automagic.available(self.ctx) automagics = automagic.choose_automagic(automagics, plugin_info['obj']) single_location = "file:" + request.pathname2url(file_name) self.ctx.config[ 'automagic.LayerStacker.single_location'] = single_location # build plugin context base_config_path = os.path.abspath(plugins_path) progress_callback = PrintedProgress() constructed = plugins.construct_plugin( self.ctx, automagics, plugin_info['obj'], base_config_path, progress_callback, self.file_handler_class_factory()) # run the plugin and render the results to json treegrid = constructed.run() #renderers = dict([(x.name.lower(), x) for x in framework.class_subclasses(text_renderer.CLIRenderer)]) #renderers['quick']().render(treegrid) #print(treegrid) results = self.render(treegrid) #print(results) self.removeKeySpace(results) # go for the function that parse the json results to get clean output self.results = plugin_info['function'](results)
def run(self): """Executes the command line module, taking the system arguments, determining the plugin to run and then running it.""" sys.stdout.write("Volshell (Volatility 3 Framework) {}\n".format( constants.PACKAGE_VERSION)) framework.require_interface_version(1, 0, 0) parser = argparse.ArgumentParser( prog='volshell', description= "A tool for interactivate forensic analysis of memory images") parser.add_argument("-c", "--config", help="Load the configuration from a json file", default=None, type=str) parser.add_argument( "-e", "--extend", help="Extend the configuration with a new (or changed) setting", default=None, action='append') parser.add_argument( "-p", "--plugin-dirs", help="Semi-colon separated list of paths to find plugins", default="", type=str) parser.add_argument( "-s", "--symbol-dirs", help="Semi-colon separated list of paths to find symbols", default="", type=str) parser.add_argument("-v", "--verbosity", help="Increase output verbosity", default=0, action="count") parser.add_argument( "-o", "--output-dir", help="Directory in which to output any generated files", default=os.path.abspath( os.path.join(os.path.dirname(__file__), '..', '..')), type=str) parser.add_argument("-q", "--quiet", help="Remove progress feedback", default=False, action='store_true') parser.add_argument("--log", help="Log output to a file as well as the console", default=None, type=str) parser.add_argument( "-f", "--file", metavar='FILE', default=None, type=str, help= "Shorthand for --single-location=file:// if single-location is not defined" ) parser.add_argument( "--write-config", help="Write configuration JSON file out to config.json", default=False, action='store_true') parser.add_argument("--clear-cache", help="Clears out all short-term cached items", default=False, action='store_true') # Volshell specific flags os_specific = parser.add_mutually_exclusive_group(required=False) os_specific.add_argument("-w", "--windows", default=False, action="store_true", help="Run a Windows volshell") os_specific.add_argument("-l", "--linux", default=False, action="store_true", help="Run a Linux volshell") os_specific.add_argument("-m", "--mac", default=False, action="store_true", help="Run a Mac volshell") # We have to filter out help, otherwise parse_known_args will trigger the help message before having # processed the plugin choice or had the plugin subparser added. known_args = [ arg for arg in sys.argv if arg != '--help' and arg != '-h' ] partial_args, _ = parser.parse_known_args(known_args) if partial_args.plugin_dirs: volatility.plugins.__path__ = [ os.path.abspath(p) for p in partial_args.plugin_dirs.split(";") ] + constants.PLUGINS_PATH if partial_args.symbol_dirs: volatility.symbols.__path__ = [ os.path.abspath(p) for p in partial_args.symbol_dirs.split(";") ] + constants.SYMBOL_BASEPATHS vollog.info("Volatility plugins path: {}".format( volatility.plugins.__path__)) vollog.info("Volatility symbols path: {}".format( volatility.symbols.__path__)) if partial_args.log: file_logger = logging.FileHandler(partial_args.log) file_logger.setLevel(0) file_formatter = logging.Formatter( datefmt='%y-%m-%d %H:%M:%S', fmt='%(asctime)s %(name)-12s %(levelname)-8s %(message)s') file_logger.setFormatter(file_formatter) vollog.addHandler(file_logger) vollog.info("Logging started") if partial_args.verbosity < 3: console.setLevel(30 - (partial_args.verbosity * 10)) else: console.setLevel(10 - (partial_args.verbosity - 2)) if partial_args.clear_cache: for cache_filename in glob.glob( os.path.join(constants.CACHE_PATH, '*.cache')): os.unlink(cache_filename) # Do the initialization ctx = contexts.Context() # Construct a blank context failures = framework.import_files( volatility.plugins, True) # Will not log as console's default level is WARNING if failures: parser.epilog = "The following plugins could not be loaded (use -vv to see why): " + \ ", ".join(sorted(failures)) vollog.info(parser.epilog) automagics = automagic.available(ctx) # Initialize the list of plugins in case volshell needs it framework.list_plugins() seen_automagics = set() configurables_list = {} for amagic in automagics: if amagic in seen_automagics: continue seen_automagics.add(amagic) if isinstance(amagic, interfaces.configuration.ConfigurableInterface): self.populate_requirements_argparse(parser, amagic.__class__) configurables_list[amagic.__class__.__name__] = amagic # We don't list plugin arguments, because they can be provided within python volshell_plugin_list = { 'generic': generic.Volshell, 'windows': windows.Volshell } for plugin in volshell_plugin_list: subparser = parser.add_argument_group( title=plugin.capitalize(), description="Configuration options based on {} options".format( plugin.capitalize())) self.populate_requirements_argparse(subparser, volshell_plugin_list[plugin]) configurables_list[plugin] = volshell_plugin_list[plugin] ### # PASS TO UI ### # Hand the plugin requirements over to the CLI (us) and let it construct the config tree # Run the argparser args = parser.parse_args() vollog.log(constants.LOGLEVEL_VVV, "Cache directory used: {}".format(constants.CACHE_PATH)) plugin = generic.Volshell if args.windows: plugin = windows.Volshell if args.linux: plugin = linux.Volshell if args.mac: plugin = mac.Volshell base_config_path = "plugins" plugin_config_path = interfaces.configuration.path_join( base_config_path, plugin.__name__) # Special case the -f argument because people use is so frequently # It has to go here so it can be overridden by single-location if it's defined # NOTE: This will *BREAK* if LayerStacker, or the automagic configuration system, changes at all ### if args.file: file_name = os.path.abspath(args.file) if not os.path.exists(file_name): vollog.log(logging.INFO, "File does not exist: {}".format(file_name)) else: single_location = "file:" + request.pathname2url(file_name) ctx.config[ 'automagic.LayerStacker.single_location'] = single_location # UI fills in the config, here we load it from the config file and do it before we process the CL parameters if args.config: with open(args.config, "r") as f: json_val = json.load(f) ctx.config.splice( plugin_config_path, interfaces.configuration.HierarchicalDict(json_val)) self.populate_config(ctx, configurables_list, args, plugin_config_path) if args.extend: for extension in args.extend: if '=' not in extension: raise ValueError( "Invalid extension (extensions must be of the format \"conf.path.value='value'\")" ) address, value = extension[:extension.find('=')], json.loads( extension[extension.find('=') + 1:]) ctx.config[address] = value # It should be up to the UI to determine which automagics to run, so this is before BACK TO THE FRAMEWORK automagics = automagic.choose_automagic(automagics, plugin) self.output_dir = args.output_dir ### # BACK TO THE FRAMEWORK ### try: progress_callback = cli.PrintedProgress() if args.quiet: progress_callback = cli.MuteProgress() constructed = plugins.construct_plugin(ctx, automagics, plugin, base_config_path, progress_callback, self) if args.write_config: vollog.debug("Writing out configuration data to config.json") with open("config.json", "w") as f: json.dump(dict(constructed.build_configuration()), f, sort_keys=True, indent=2) # Construct and run the plugin constructed.run() except exceptions.UnsatisfiedException as excp: self.process_exceptions(excp) parser.exit( 1, "Unable to validate the plugin requirements: {}\n".format( [x for x in excp.unsatisfied]))
import cherrypy import volatility from volatility import framework, plugins from volatility.framework import constants, interfaces, contexts, automagic, exceptions from volatility.framework.configuration import requirements from volatility.framework.interfaces import configuration, renderers from volatility.framework.interfaces.configuration import HierarchicalDict from volatility.framework.renderers import ColumnSortKey from volumetric import jsonvol from volumetric.backqueue import BackgroundTaskQueue vollog = logging.getLogger('volatility') framework.require_interface_version(2, 0, 0) class Api: def __init__(self): self.plugins = PluginsApi() self.automagics = AutomagicApi() self.results = ResultsApi() self.jobs = JobsApi() @cherrypy.expose @cherrypy.tools.json_out() def volatility_version(self): return framework.constants.PACKAGE_VERSION