From 0e8136cea6f225a4be0e3c9e83cca1b5ef6b6801 Mon Sep 17 00:00:00 2001 From: wbi Date: Wed, 18 Feb 2026 13:31:54 +0100 Subject: [PATCH 01/13] Fix issue #33 --- dissect/database/ese/ntds/ntds.py | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/dissect/database/ese/ntds/ntds.py b/dissect/database/ese/ntds/ntds.py index 1dd4047..8f78b8c 100644 --- a/dissect/database/ese/ntds/ntds.py +++ b/dissect/database/ese/ntds/ntds.py @@ -1,5 +1,8 @@ from __future__ import annotations +import argparse +import json +from pathlib import Path from typing import TYPE_CHECKING, BinaryIO from dissect.database.ese.ntds.database import Database @@ -89,3 +92,27 @@ def computers(self) -> Iterator[Computer]: def trusts(self) -> Iterator[TrustedDomain]: """Get all trust objects from the database.""" yield from self.search(objectClass="trustedDomain") + + +def main() -> None: + parser = argparse.ArgumentParser( + description="dissect.database.ese NTDS parser", + usage="python3 -m dissect.database.ese.ntds.ntds -o User /path/to/ntds.dit", + ) + parser.add_argument("input", help="NTDS database to read") + parser.add_argument("-o", "--objectClass", help="show only 'object'", required=True) + parser.add_argument("-j", "--json", help="output in JSON format", action="store_true", default=False) + args = parser.parse_args() + + with Path(args.input).open("rb") as fh: + ntds = NTDS(fh) + + for record in ntds.search(objectClass=args.objectClass): + if args.json: + print(json.dumps(record.as_dict(), default=str)) + else: + print(record) + + +if __name__ == "__main__": + main() From ef3ccb0d6e0499f67ea1c7828c9104dc3a7c44be Mon Sep 17 00:00:00 2001 From: wbi Date: Thu, 19 Feb 2026 10:37:42 +0100 Subject: [PATCH 02/13] Add project.scripts --- README.md | 13 ++++++++++++- dissect/database/ese/ntds/ntds.py | 27 --------------------------- dissect/database/ese/ntds/tools.py | 29 +++++++++++++++++++++++++++++ pyproject.toml | 8 ++++++++ 4 files changed, 49 insertions(+), 28 deletions(-) create mode 100644 dissect/database/ese/ntds/tools.py diff --git a/README.md b/README.md index 4850822..4cf75e2 100644 --- a/README.md +++ b/README.md @@ -20,6 +20,17 @@ This module is also automatically installed if you install the `dissect` package ## Tools +Some cli tools, related to specific database exists. These tools allows to simply dump database content. + +| Commands | Description | +|---------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| dissect-db-ntds | Windows NTDS (Active directory database) | +| dissect-db-ual | Windows [User Access Logging](https://learn.microsoft.com/en-us/windows-server/administration/user-access-logging/get-started-with-user-access-logging) database | +| dissect-db-sru | Windows System Ressources And Usage Monitor database | +| dissect-db-certlog | Windows [AD CS database](https://learn.microsoft.com/en-us/windows-server/identity/ad-cs/active-directory-certificate-services-overview) | +| dissect-db-rpm | [Red Hat Package Manager](https://rpm.org/) database | +| dissect-db-impacket | Impacket compatibility shim for secretsdump.py | + ### Impacket compatibility shim for secretsdump.py Impacket does not ([yet](https://github.com/fortra/impacket/pull/1452)) have native support for `dissect.database`, @@ -27,7 +38,7 @@ so in the meantime a compatibility shim is provided. To use this shim, simply in instructions above, and execute `secretsdump.py` like so: ```bash -python -m dissect.database.ese.tools.impacket /path/to/impacket/examples/secretsdump.py -h +dissect-db-impacket /path/to/impacket/examples/secretsdump.py -h ``` Impacket `secretsdump.py` will now use `dissect.database` for parsing the `NTDS.dit` file, resulting in a significant performance improvement! diff --git a/dissect/database/ese/ntds/ntds.py b/dissect/database/ese/ntds/ntds.py index 8f78b8c..1dd4047 100644 --- a/dissect/database/ese/ntds/ntds.py +++ b/dissect/database/ese/ntds/ntds.py @@ -1,8 +1,5 @@ from __future__ import annotations -import argparse -import json -from pathlib import Path from typing import TYPE_CHECKING, BinaryIO from dissect.database.ese.ntds.database import Database @@ -92,27 +89,3 @@ def computers(self) -> Iterator[Computer]: def trusts(self) -> Iterator[TrustedDomain]: """Get all trust objects from the database.""" yield from self.search(objectClass="trustedDomain") - - -def main() -> None: - parser = argparse.ArgumentParser( - description="dissect.database.ese NTDS parser", - usage="python3 -m dissect.database.ese.ntds.ntds -o User /path/to/ntds.dit", - ) - parser.add_argument("input", help="NTDS database to read") - parser.add_argument("-o", "--objectClass", help="show only 'object'", required=True) - parser.add_argument("-j", "--json", help="output in JSON format", action="store_true", default=False) - args = parser.parse_args() - - with Path(args.input).open("rb") as fh: - ntds = NTDS(fh) - - for record in ntds.search(objectClass=args.objectClass): - if args.json: - print(json.dumps(record.as_dict(), default=str)) - else: - print(record) - - -if __name__ == "__main__": - main() diff --git a/dissect/database/ese/ntds/tools.py b/dissect/database/ese/ntds/tools.py new file mode 100644 index 0000000..27a57bb --- /dev/null +++ b/dissect/database/ese/ntds/tools.py @@ -0,0 +1,29 @@ +import argparse +import json +from pathlib import Path + +from dissect.database.ese.ntds import NTDS + + +def main() -> None: + parser = argparse.ArgumentParser( + description="dissect.database.ese NTDS parser", + usage="python3 -m dissect.database.ese.ntds.ntds -o User /path/to/ntds.dit", + ) + parser.add_argument("input", help="NTDS database to read") + parser.add_argument("-o", "--objectClass", help="show only 'object'", required=True) + parser.add_argument("-j", "--json", help="output in JSON format", action="store_true", default=False) + args = parser.parse_args() + + with Path(args.input).open("rb") as fh: + ntds = NTDS(fh) + + for record in ntds.search(objectClass=args.objectClass): + if args.json: + print(json.dumps(record.as_dict(), default=str)) + else: + print(record) + + +if __name__ == "__main__": + main() diff --git a/pyproject.toml b/pyproject.toml index 2fb6ff0..5e44a71 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -66,6 +66,14 @@ dev = [ {include-group = "debug"}, ] +[project.scripts] +dissect-db-ntds = "dissect.database.ese.ntds.tools:main" +dissect-db-ual = "dissect.database.ese.tools.ual:main" +dissect-db-sru = "dissect.database.ese.tools.sru:main" +dissect-db-certlog = "dissect.database.ese.tools.certlog:main" +dissect-db-rpm = "dissect.database.bsd.tools.rpm:main" +dissect-db-impacket = "dissect.database.ese.tools.impacket:main" + [tool.ruff] line-length = 120 required-version = ">=0.13.1" From 9a563ac886b63ca28fa5f8b1e3e3ec3f97febf88 Mon Sep 17 00:00:00 2001 From: william billaud <23636016+william-billaud@users.noreply.github.com> Date: Thu, 19 Feb 2026 11:50:53 +0100 Subject: [PATCH 03/13] Update pyproject.toml Co-authored-by: Erik Schamper <1254028+Schamper@users.noreply.github.com> --- pyproject.toml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index 5e44a71..dfe5035 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -67,12 +67,12 @@ dev = [ ] [project.scripts] -dissect-db-ntds = "dissect.database.ese.ntds.tools:main" -dissect-db-ual = "dissect.database.ese.tools.ual:main" -dissect-db-sru = "dissect.database.ese.tools.sru:main" -dissect-db-certlog = "dissect.database.ese.tools.certlog:main" -dissect-db-rpm = "dissect.database.bsd.tools.rpm:main" -dissect-db-impacket = "dissect.database.ese.tools.impacket:main" +dissect-ntds = "dissect.database.ese.ntds.tools:main" +dissect-ual = "dissect.database.ese.tools.ual:main" +dissect-sru = "dissect.database.ese.tools.sru:main" +dissect-certlog = "dissect.database.ese.tools.certlog:main" +dissect-rpm = "dissect.database.bsd.tools.rpm:main" +dissect-impacket = "dissect.database.ese.tools.impacket:main" [tool.ruff] line-length = 120 From 38c183c1c75e03ba412f3e89923a83d64f5ee7f2 Mon Sep 17 00:00:00 2001 From: william billaud <23636016+william-billaud@users.noreply.github.com> Date: Thu, 19 Feb 2026 11:51:01 +0100 Subject: [PATCH 04/13] Update README.md Co-authored-by: Erik Schamper <1254028+Schamper@users.noreply.github.com> --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 4cf75e2..52a03e6 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,7 @@ This module is also automatically installed if you install the `dissect` package ## Tools -Some cli tools, related to specific database exists. These tools allows to simply dump database content. +Some CLI tools related to specific databases exists. These tools allow you to dump or inspect database content. | Commands | Description | |---------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------| From 702c5170a5e4c074182e30c0beb696f4d707a8bf Mon Sep 17 00:00:00 2001 From: william billaud <23636016+william-billaud@users.noreply.github.com> Date: Thu, 19 Feb 2026 11:51:14 +0100 Subject: [PATCH 05/13] Update README.md Co-authored-by: Erik Schamper <1254028+Schamper@users.noreply.github.com> --- README.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 52a03e6..4c6c746 100644 --- a/README.md +++ b/README.md @@ -24,12 +24,12 @@ Some CLI tools related to specific databases exists. These tools allow you to du | Commands | Description | |---------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| dissect-db-ntds | Windows NTDS (Active directory database) | -| dissect-db-ual | Windows [User Access Logging](https://learn.microsoft.com/en-us/windows-server/administration/user-access-logging/get-started-with-user-access-logging) database | -| dissect-db-sru | Windows System Ressources And Usage Monitor database | -| dissect-db-certlog | Windows [AD CS database](https://learn.microsoft.com/en-us/windows-server/identity/ad-cs/active-directory-certificate-services-overview) | -| dissect-db-rpm | [Red Hat Package Manager](https://rpm.org/) database | -| dissect-db-impacket | Impacket compatibility shim for secretsdump.py | +| dissect-ntds | Windows NTDS (Active Directory database) | +| dissect-ual | Windows [User Access Logging](https://learn.microsoft.com/en-us/windows-server/administration/user-access-logging/get-started-with-user-access-logging) database | +| dissect-sru | Windows System Resources And Usage Monitor database | +| dissect-certlog | Windows [AD CS database](https://learn.microsoft.com/en-us/windows-server/identity/ad-cs/active-directory-certificate-services-overview) | +| dissect-rpm | [Red Hat Package Manager](https://rpm.org/) database | +| dissect-impacket | Impacket compatibility shim for `secretsdump.py` | ### Impacket compatibility shim for secretsdump.py From d41cab3918af846ef3dc80f0e7217b680be54b8a Mon Sep 17 00:00:00 2001 From: william billaud <23636016+william-billaud@users.noreply.github.com> Date: Thu, 19 Feb 2026 11:51:23 +0100 Subject: [PATCH 06/13] Update dissect/database/ese/ntds/tools.py Co-authored-by: Erik Schamper <1254028+Schamper@users.noreply.github.com> --- dissect/database/ese/ntds/tools.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dissect/database/ese/ntds/tools.py b/dissect/database/ese/ntds/tools.py index 27a57bb..abbef06 100644 --- a/dissect/database/ese/ntds/tools.py +++ b/dissect/database/ese/ntds/tools.py @@ -12,7 +12,7 @@ def main() -> None: ) parser.add_argument("input", help="NTDS database to read") parser.add_argument("-o", "--objectClass", help="show only 'object'", required=True) - parser.add_argument("-j", "--json", help="output in JSON format", action="store_true", default=False) + parser.add_argument("-j", "--json", action="store_true", default=False, help="output in JSON format") args = parser.parse_args() with Path(args.input).open("rb") as fh: From b3e85826ff0a356d98c3e95aa52821cfb9f8fe87 Mon Sep 17 00:00:00 2001 From: william billaud <23636016+william-billaud@users.noreply.github.com> Date: Thu, 19 Feb 2026 11:55:24 +0100 Subject: [PATCH 07/13] Update dissect/database/ese/ntds/tools.py Co-authored-by: Erik Schamper <1254028+Schamper@users.noreply.github.com> --- dissect/database/ese/ntds/tools.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dissect/database/ese/ntds/tools.py b/dissect/database/ese/ntds/tools.py index abbef06..2441eb2 100644 --- a/dissect/database/ese/ntds/tools.py +++ b/dissect/database/ese/ntds/tools.py @@ -11,7 +11,7 @@ def main() -> None: usage="python3 -m dissect.database.ese.ntds.ntds -o User /path/to/ntds.dit", ) parser.add_argument("input", help="NTDS database to read") - parser.add_argument("-o", "--objectClass", help="show only 'object'", required=True) + parser.add_argument("-o", "--objectClass", help="show only objects of this class", required=True) parser.add_argument("-j", "--json", action="store_true", default=False, help="output in JSON format") args = parser.parse_args() From d649dec7cc9b3902a1a8a20ddb84fad4d9d36f3c Mon Sep 17 00:00:00 2001 From: wbi Date: Thu, 19 Feb 2026 12:08:41 +0100 Subject: [PATCH 08/13] parser.add_argument("-j", "--json", action="store_true", default=False, help="output in JSON format") to all ese tools --- README.md | 18 +++++++++--------- dissect/__init__.py | 0 dissect/database/ese/ntds/tools/__init__.py | 0 .../ese/ntds/{tools.py => tools/ntds.py} | 2 +- dissect/database/ese/tools/sru.py | 16 +++++++++++----- dissect/database/ese/tools/ual.py | 7 ++++++- pyproject.toml | 2 +- 7 files changed, 28 insertions(+), 17 deletions(-) create mode 100644 dissect/__init__.py create mode 100644 dissect/database/ese/ntds/tools/__init__.py rename dissect/database/ese/ntds/{tools.py => tools/ntds.py} (93%) diff --git a/README.md b/README.md index 4c6c746..d5a20a4 100644 --- a/README.md +++ b/README.md @@ -22,14 +22,14 @@ This module is also automatically installed if you install the `dissect` package Some CLI tools related to specific databases exists. These tools allow you to dump or inspect database content. -| Commands | Description | -|---------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| dissect-ntds | Windows NTDS (Active Directory database) | -| dissect-ual | Windows [User Access Logging](https://learn.microsoft.com/en-us/windows-server/administration/user-access-logging/get-started-with-user-access-logging) database | -| dissect-sru | Windows System Resources And Usage Monitor database | -| dissect-certlog | Windows [AD CS database](https://learn.microsoft.com/en-us/windows-server/identity/ad-cs/active-directory-certificate-services-overview) | -| dissect-rpm | [Red Hat Package Manager](https://rpm.org/) database | -| dissect-impacket | Impacket compatibility shim for `secretsdump.py` | +| Commands | Description | +|------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| dissect-ntds | Windows NTDS (Active Directory database). | +| dissect-ual | Windows [User Access Logging](https://learn.microsoft.com/en-us/windows-server/administration/user-access-logging/get-started-with-user-access-logging) database. | +| dissect-sru | Windows System Resources And Usage Monitor database. | +| dissect-certlog | Windows [AD CS database](https://learn.microsoft.com/en-us/windows-server/identity/ad-cs/active-directory-certificate-services-overview) database. | +| dissect-rpm | [Red Hat Package Manager](https://rpm.org/) database. | +| dissect-impacket | Impacket compatibility shim for `secretsdump.py`. | ### Impacket compatibility shim for secretsdump.py @@ -38,7 +38,7 @@ so in the meantime a compatibility shim is provided. To use this shim, simply in instructions above, and execute `secretsdump.py` like so: ```bash -dissect-db-impacket /path/to/impacket/examples/secretsdump.py -h +dissect-impacket /path/to/impacket/examples/secretsdump.py -h ``` Impacket `secretsdump.py` will now use `dissect.database` for parsing the `NTDS.dit` file, resulting in a significant performance improvement! diff --git a/dissect/__init__.py b/dissect/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/dissect/database/ese/ntds/tools/__init__.py b/dissect/database/ese/ntds/tools/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/dissect/database/ese/ntds/tools.py b/dissect/database/ese/ntds/tools/ntds.py similarity index 93% rename from dissect/database/ese/ntds/tools.py rename to dissect/database/ese/ntds/tools/ntds.py index 2441eb2..0adfe4e 100644 --- a/dissect/database/ese/ntds/tools.py +++ b/dissect/database/ese/ntds/tools/ntds.py @@ -11,7 +11,7 @@ def main() -> None: usage="python3 -m dissect.database.ese.ntds.ntds -o User /path/to/ntds.dit", ) parser.add_argument("input", help="NTDS database to read") - parser.add_argument("-o", "--objectClass", help="show only objects of this class", required=True) + parser.add_argument("-c", "--objectClass", help="show only objects of this class", required=True) parser.add_argument("-j", "--json", action="store_true", default=False, help="output in JSON format") args = parser.parse_args() diff --git a/dissect/database/ese/tools/sru.py b/dissect/database/ese/tools/sru.py index 049612e..7426b28 100644 --- a/dissect/database/ese/tools/sru.py +++ b/dissect/database/ese/tools/sru.py @@ -1,6 +1,7 @@ from __future__ import annotations import argparse +import json from pathlib import Path from typing import TYPE_CHECKING, BinaryIO @@ -153,19 +154,24 @@ def main() -> None: parser = argparse.ArgumentParser(description="dissect.database.ese SRU parser") parser.add_argument("input", help="SRU database to read") parser.add_argument("-p", "--provider", help="filter records from this provider") + parser.add_argument("-j", "--json", action="store_true", default=False, help="output in JSON format") args = parser.parse_args() with Path(args.input).open("rb") as fh: parser = SRU(fh) if args.provider in NAME_TO_GUID_MAP: - for e in parser.get_table_entries(table_name=args.provider): - print(e) + generator = parser.get_table_entries(table_name=args.provider) elif args.provider: - for e in parser.get_table_entries(table_guid=args.provider): - print(e) + generator = parser.get_table_entries(table_guid=args.provider) else: - for e in parser.entries(): + generator = parser.entries() + for e in generator: + if args.json: + record_as_dict = e.record.as_dict() + record_as_dict["provider"] = e.table.name + print(json.dumps(record_as_dict, default=str)) + else: print(e) diff --git a/dissect/database/ese/tools/ual.py b/dissect/database/ese/tools/ual.py index 9cec70f..9f95fc1 100644 --- a/dissect/database/ese/tools/ual.py +++ b/dissect/database/ese/tools/ual.py @@ -1,6 +1,7 @@ import argparse import datetime import ipaddress +import json from collections.abc import Iterator from pathlib import Path from typing import BinaryIO @@ -89,6 +90,7 @@ def convert_day_num_to_date(year: int, day_num: int) -> datetime.datetime: def main() -> None: parser = argparse.ArgumentParser(description="dissect.database.ese UAL parser") + parser.add_argument("-j", "--json", action="store_true", default=False, help="output in JSON format") parser.add_argument("input", help="UAL database to read") args = parser.parse_args() @@ -100,7 +102,10 @@ def main() -> None: continue for record in parser.get_table_records(table.name): - print(record) + if args.json: + print(json.dumps(record, default=str)) + else: + print(record) if __name__ == "__main__": diff --git a/pyproject.toml b/pyproject.toml index dfe5035..e52db00 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -67,7 +67,7 @@ dev = [ ] [project.scripts] -dissect-ntds = "dissect.database.ese.ntds.tools:main" +dissect-ntds = "dissect.database.ese.ntds.tools.ntds:main" dissect-ual = "dissect.database.ese.tools.ual:main" dissect-sru = "dissect.database.ese.tools.sru:main" dissect-certlog = "dissect.database.ese.tools.certlog:main" From e1396919a0b22534f386963df01b6b405dd3553b Mon Sep 17 00:00:00 2001 From: william billaud <23636016+william-billaud@users.noreply.github.com> Date: Thu, 19 Feb 2026 13:08:15 +0100 Subject: [PATCH 09/13] Update dissect/database/ese/ntds/tools/ntds.py Co-authored-by: Erik Schamper <1254028+Schamper@users.noreply.github.com> --- dissect/database/ese/ntds/tools/ntds.py | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/dissect/database/ese/ntds/tools/ntds.py b/dissect/database/ese/ntds/tools/ntds.py index 0adfe4e..c6217d9 100644 --- a/dissect/database/ese/ntds/tools/ntds.py +++ b/dissect/database/ese/ntds/tools/ntds.py @@ -6,10 +6,7 @@ def main() -> None: - parser = argparse.ArgumentParser( - description="dissect.database.ese NTDS parser", - usage="python3 -m dissect.database.ese.ntds.ntds -o User /path/to/ntds.dit", - ) + parser = argparse.ArgumentParser(description="dissect.database.ese.ntds NTDS parser") parser.add_argument("input", help="NTDS database to read") parser.add_argument("-c", "--objectClass", help="show only objects of this class", required=True) parser.add_argument("-j", "--json", action="store_true", default=False, help="output in JSON format") From 5b81ab332a2521a37965c59409d3fbe480af9be9 Mon Sep 17 00:00:00 2001 From: william billaud <23636016+william-billaud@users.noreply.github.com> Date: Thu, 19 Feb 2026 13:09:00 +0100 Subject: [PATCH 10/13] Update dissect/database/ese/ntds/tools/ntds.py Co-authored-by: Erik Schamper <1254028+Schamper@users.noreply.github.com> --- dissect/database/ese/ntds/tools/ntds.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/dissect/database/ese/ntds/tools/ntds.py b/dissect/database/ese/ntds/tools/ntds.py index c6217d9..60d4741 100644 --- a/dissect/database/ese/ntds/tools/ntds.py +++ b/dissect/database/ese/ntds/tools/ntds.py @@ -1,3 +1,5 @@ +from __future__ import annotations + import argparse import json from pathlib import Path From e07162cca2b9170b90a0f64935d3fcfda9b75ee9 Mon Sep 17 00:00:00 2001 From: wbi Date: Thu, 19 Feb 2026 13:25:22 +0100 Subject: [PATCH 11/13] Add as_dict function to sru entrie --- dissect/database/ese/tools/sru.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/dissect/database/ese/tools/sru.py b/dissect/database/ese/tools/sru.py index 7426b28..54a3cbd 100644 --- a/dissect/database/ese/tools/sru.py +++ b/dissect/database/ese/tools/sru.py @@ -149,6 +149,11 @@ def __repr__(self) -> str: column_values = serialise_record_column_values(self.record) return f"" + def as_dict(self) -> dict: + ret = self.record.as_dict() + ret["provider"] = self.table.name + return ret + def main() -> None: parser = argparse.ArgumentParser(description="dissect.database.ese SRU parser") @@ -168,9 +173,7 @@ def main() -> None: generator = parser.entries() for e in generator: if args.json: - record_as_dict = e.record.as_dict() - record_as_dict["provider"] = e.table.name - print(json.dumps(record_as_dict, default=str)) + print(json.dumps(e.as_dict(), default=str)) else: print(e) From 2d78335a1647e1365a5f594fe82ec6d8adfc42d5 Mon Sep 17 00:00:00 2001 From: Erik Schamper <1254028+Schamper@users.noreply.github.com> Date: Thu, 19 Feb 2026 18:03:24 +0100 Subject: [PATCH 12/13] Delete dissect/__init__.py --- dissect/__init__.py | 0 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 dissect/__init__.py diff --git a/dissect/__init__.py b/dissect/__init__.py deleted file mode 100644 index e69de29..0000000 From 515806fbe7e49da18790c52152f66260f70ab20d Mon Sep 17 00:00:00 2001 From: Erik Schamper <1254028+Schamper@users.noreply.github.com> Date: Thu, 19 Feb 2026 18:04:45 +0100 Subject: [PATCH 13/13] Format commands table in README.md --- README.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index d5a20a4..5af021b 100644 --- a/README.md +++ b/README.md @@ -22,14 +22,14 @@ This module is also automatically installed if you install the `dissect` package Some CLI tools related to specific databases exists. These tools allow you to dump or inspect database content. -| Commands | Description | -|------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| dissect-ntds | Windows NTDS (Active Directory database). | -| dissect-ual | Windows [User Access Logging](https://learn.microsoft.com/en-us/windows-server/administration/user-access-logging/get-started-with-user-access-logging) database. | -| dissect-sru | Windows System Resources And Usage Monitor database. | -| dissect-certlog | Windows [AD CS database](https://learn.microsoft.com/en-us/windows-server/identity/ad-cs/active-directory-certificate-services-overview) database. | -| dissect-rpm | [Red Hat Package Manager](https://rpm.org/) database. | -| dissect-impacket | Impacket compatibility shim for `secretsdump.py`. | +| Commands | Description | +|--------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `dissect-ntds` | Windows NTDS (Active Directory database). | +| `dissect-ual` | Windows [User Access Logging](https://learn.microsoft.com/en-us/windows-server/administration/user-access-logging/get-started-with-user-access-logging) database. | +| `dissect-sru` | Windows System Resources And Usage Monitor database. | +| `dissect-certlog` | Windows [AD CS database](https://learn.microsoft.com/en-us/windows-server/identity/ad-cs/active-directory-certificate-services-overview) database. | +| `dissect-rpm` | [Red Hat Package Manager](https://rpm.org/) database. | +| `dissect-impacket` | Impacket compatibility shim for `secretsdump.py`. | ### Impacket compatibility shim for secretsdump.py