def get_requirements(cls): # Since we're calling the plugin, make sure we have the plugin's requirements return [ requirements.TranslationLayerRequirement( name='primary', description='Memory layer for the kernel', architectures=["Intel32", "Intel64"]), requirements.SymbolTableRequirement( name="nt_symbols", description="Windows kernel symbols"), requirements.IntRequirement( name='pid', description= "Process ID to include (all other processes are excluded)", optional=True), requirements.StringRequirement( name="imphash", description="Search single imphash value", optional=True), requirements.StringRequirement( name="imphashlist", description="Search imphash list file", optional=True), requirements.PluginRequirement(name='pslist', plugin=pslist.PsList, version=(1, 0, 0)), requirements.PluginRequirement(name='vadinfo', plugin=vadinfo.VadInfo, version=(1, 0, 0)), ]
def get_requirements( cls) -> List[interfaces.configuration.RequirementInterface]: return [ requirements.TranslationLayerRequirement( name='primary', description="Memory layer for the kernel", architectures=["Intel32", "Intel64"]), requirements.BooleanRequirement( name="insensitive", description="Makes the search case insensitive", default=False, optional=True), requirements.BooleanRequirement( name="wide", description="Match wide (unicode) strings", default=False, optional=True), requirements.StringRequirement( name="yara_rules", description="Yara rules (as a string)", optional=True), requirements.URIRequirement(name="yara_file", description="Yara rules (as a file)", optional=True), requirements.IntRequirement( name="max_size", default=0x40000000, description="Set the maximum size (default is 1GB)", optional=True) ]
def get_requirements( cls) -> List[interfaces.configuration.RequirementInterface]: return [ requirements.StringRequirement( name='plugins', description="Comma separated list of plugins to run", optional=True, default=None), requirements.BooleanRequirement( name='record-config', description= "Whether to record the state of all the plugins once complete", optional=True, default=False), requirements.ListRequirement( name='plugin-filter', description="Only run plugins featuring this substring", element_type=str, optional=True, default=[]), requirements.BooleanRequirement( name='create-bodyfile', description= "Whether to create a body file whilst producing results", optional=True, default=False) ]
def get_requirements( cls) -> List[interfaces.configuration.RequirementInterface]: return [ requirements.TranslationLayerRequirement( name='primary', description='Memory layer for the kernel', architectures=["Intel32", "Intel64"]), requirements.SymbolTableRequirement( name="nt_symbols", description="Windows kernel symbols"), requirements.PluginRequirement(name='hivelist', plugin=hivelist.HiveList, version=(1, 0, 0)), requirements.IntRequirement(name='offset', description="Hive Offset", default=None, optional=True), requirements.StringRequirement(name='key', description="Key to start from", default=None, optional=True), requirements.BooleanRequirement( name='recurse', description='Recurses through keys', default=False, optional=True) ]
def get_requirements(cls) -> List[interfaces.configuration.RequirementInterface]: return [ requirements.TranslationLayerRequirement(name = 'primary', description = "Memory layer for the kernel", architectures = ["Intel32", "Intel64"]), requirements.SymbolTableRequirement(name = "nt_symbols", description = "Windows kernel symbols"), requirements.BooleanRequirement(name = "wide", description = "Match wide (unicode) strings", default = False, optional = True), requirements.StringRequirement(name = "yara_rules", description = "Yara rules (as a string)", optional = True), requirements.URIRequirement(name = "yara_file", description = "Yara rules (as a file)", optional = True), requirements.IntRequirement(name = "max_size", default = 0x40000000, description = "Set the maximum size (default is 1GB)", optional = True), requirements.PluginRequirement(name = 'pslist', plugin = pslist.PsList, version = (1, 0, 0)), requirements.VersionRequirement(name = 'yarascanner', component = yarascan.YaraScanner, version = (2, 0, 0)), requirements.ListRequirement(name = 'pid', element_type = int, description = "Process IDs to include (all other processes are excluded)", optional = True) ]
def get_requirements( cls) -> List[interfaces.configuration.RequirementInterface]: return [ requirements.TranslationLayerRequirement( name='primary', description='Memory layer for the kernel', architectures=["Intel32", "Intel64"]), requirements.SymbolTableRequirement( name="vmlinux", description="Linux kernel symbols"), requirements.PluginRequirement(name='pslist', plugin=pslist.PsList, version=(1, 0, 0)), requirements.ListRequirement( name='pid', element_type=int, description= "Process IDs to include (all other processes are excluded)", optional=True), requirements.ListRequirement( name='name', element_type=str, description= "Process name to include (all other processes are excluded)", optional=True), requirements.StringRequirement(name='out', description="JSON output file", optional=True) ]
def get_requirements(cls) -> List[interfaces.configuration.RequirementInterface]: return [ requirements.TranslationLayerRequirement(name = 'memory_layer', optional = False), requirements.LayerListRequirement(name = 'swap_layers', optional = True), requirements.IntRequirement(name = 'page_map_offset', optional = False), requirements.IntRequirement(name = 'kernel_virtual_offset', optional = True), requirements.StringRequirement(name = 'kernel_banner', optional = True) ]
def get_requirements( cls) -> List[interfaces.configuration.RequirementInterface]: return super().get_requirements() + [ requirements.StringRequirement( "isf_url", description= "JSON file containing the symbols encoded in the Intermediate Symbol Format" ), ]
def get_requirements( cls) -> List[interfaces.configuration.RequirementInterface]: return [ requirements.StringRequirement(name='reference', optional=True), requirements.BooleanRequirement(name='location', optional=True), requirements.BooleanRequirement(name='preload', optional=True), # requirements.TranslationLayerRequirement(name='base_layer', optional=False), # requirements.TranslationLayerRequirement(name='meta_layer', optional=False), ]
def get_requirements(cls) -> List[interfaces.configuration.RequirementInterface]: # Since we're calling the plugin, make sure we have the plugin's requirements return [ requirements.TranslationLayerRequirement(name = 'primary', description = 'Memory layer for the kernel', architectures = ["Intel32", "Intel64"]), requirements.SymbolTableRequirement(name = "nt_symbols", description = "Windows kernel symbols"), requirements.StringRequirement(name = 'tags', description = "Comma separated list of pool tags to filter pools returned", optional = True, default = None) ]
def get_requirements( cls) -> List[interfaces.configuration.RequirementInterface]: # Since we're calling the plugin, make sure we have the plugin's requirements return [ requirements.TranslationLayerRequirement( name='primary', description='Memory layer for the kernel', architectures=["Intel32", "Intel64"]), requirements.SymbolTableRequirement( name="nt_symbols", description="Windows kernel symbols"), requirements.BooleanRequirement( name='PARSE_ALL', description='Parse every directory under the root dir', optional=True), requirements.StringRequirement( name='SUPPLY_ADDR', description='Parse directories under specific addresses', optional=True), requirements.StringRequirement( name='FULL_PATH', description='Parse a directory found by full path location', optional=True), ]
def get_requirements( cls) -> List[interfaces.configuration.RequirementInterface]: return [ requirements.TranslationLayerRequirement( name='primary', description='Memory layer for the kernel', architectures=["Intel32", "Intel64"]), requirements.StringRequirement( name='layer_name', description='Name of the layer to write out', default=None, optional=True), requirements.StringRequirement( name='output', description='Filename to output the chosen layer', optional=True, default=cls.default_output_name), requirements.IntRequirement( name='block_size', description="Size of blocks to copy over", default=cls.default_block_size, optional=True) ]
def get_requirements( cls) -> List[interfaces.configuration.RequirementInterface]: return [ requirements.StringRequirement( name='plugins', description="Comma separated list of plugins to run", optional=True, default=None), requirements.BooleanRequirement( name='record-config', description= "Whether to record the state of all the plugins once complete", optional=True, default=False) ]
def get_requirements( cls) -> List[interfaces.configuration.RequirementInterface]: return [ requirements.TranslationLayerRequirement( name='primary', description='Memory layer for the kernel', architectures=["Intel32", "Intel64"]), requirements.SymbolTableRequirement( name="nt_symbols", description="Windows kernel symbols"), requirements.StringRequirement( name='filter', description="String to filter hive names returned", optional=True, default=None) ]
def get_requirements(cls) -> List[interfaces.configuration.RequirementInterface]: return [ requirements.TranslationLayerRequirement(name = 'primary', description = 'Memory layer for the kernel', architectures = ["Intel32", "Intel64"]), requirements.SymbolTableRequirement(name = "nt_symbols", description = "Windows kernel symbols"), requirements.StringRequirement(name = 'filter', description = "String to filter hive names returned", optional = True, default = None), requirements.PluginRequirement(name = 'hivescan', plugin = hivescan.HiveScan, version = (1, 0, 0)), requirements.BooleanRequirement(name = 'dump', description = "Extract listed registry hives", default = False, optional = True) ]
def get_requirements( cls) -> List[interfaces.configuration.RequirementInterface]: return [ requirements.StringRequirement(name='location', optional=False) ]