Releases: fox-it/dissect.target
Releases · fox-it/dissect.target
3.25.1
What's Changed
- Make NTDS path lookup not crash by @Matthijsy in #1572
- Automatically YARA scan compressed files by decompressing them by @yunzheng in #1552
- Fix MSSQL log parser bug by @qmadev in #1393
- Bump deps for 3.25a by @twiggler in #1576
Full Changelog: 3.25...3.25.1
Contributors
yunzheng, Matthijsy, and 2 other contributors
Assets 2
3.25
What's Changed
- Add new DirEntry class by @Schamper in #1389
- Fix output LNK plugin by @respondersGY in #1406
- Update requirements dissect.ntfs due to the DirEntry by @Miauwkeru in #1413
- Change python3.9 to python3.10 inside the on-demand-test pipeline by @Miauwkeru in #1404
- Unify webserver log path retrieval by @qmadev in #1287
- Add Defender MpCmdRun artifact parser by @JSCU-CNI in #1417
- Add support to zstd compress vmtar file and replace zstandard with backport.zstd by @william-billaud in #1380
- Fix record cache test by @Schamper in #1441
- Add support for dissect.apfs by @Schamper in #1365
- Fix bug in MsOffice plugin by @Poeloe in #1420
- Fix for empty RepoTags keyword in manifest.json for containers by @lhaagsma in #1449
- Add certlog plugin (ADCS database) by @william-billaud in #1443
- Add fingerprints to ssh plugin records by @JSCU-CNI in #1416
- Fix try_idna function in browser plugin in #1447
- Improve child detection for ESXi by @JSCU-CNI in #1440
- Add AD1 loader and filesystem by @JSCU-CNI in #1306
- Add magic helper module by @JSCU-CNI in #1387
- Improve Citrix Netscaler support by @JSCU-CNI in #1407
- Add loader for Netscaler techsupport collector files by @lhaagsma in #1373
- Add duplicate record name unit test by @B0TAxy in #1398
- Add target-inspect by @Schamper in #1374
- Add keychain support for decrypting FortiGate firmware files by @yunzheng in #1469
- Prevent target info crash by @william-billaud in #1470
- Fix issue with uac tar loader : add support for path starting with './' by @william-billaud in #1459
- Fix searching all namespaces for WMI consumer bindings and filters by @nbareil in #1383
- Use improved SQLite3 to automatically open sidecar WAL files by @PimSanders in #1454
- Add certificate parsing to webserver plugins by @JSCU-CNI in #1415
- Change the iis plugin log_dirs to check for the presence of W3SVC* directories by @Miauwkeru in #1460
- Make the cache compatible with iterators by @twiggler in #1482
- Fix ESXi configstore call in OS create method by @JSCU-CNI in #1499
- Add loader for ESXi vm-support by @william-billaud in #1492
- Normalize plugins Certificates output by @william-billaud in #1498
- Fix typo in Registry RunKey value for auto-start by @B0TAxy in #1503
- Fix invalid literals in activities cache by @twiggler in #1502
- Add compatibility for Firefox 147 by @JSCU-CNI in #1510
- Plugin for teamviewer incoming connections by @R3dP1ll in #701
- Skip nested objects of Velociraptor records by @respondersGY in #1480
- Add Microsoft Intune Management Extension log parsers by @d4ni-exe in #1399
- Fix duplicate mounting for virtual NTFS by @Politie-SOC in #1464
- Fix Symantec test by @JSCU-CNI in #1518
- Update vbox loader and virtualbox child for the VirtualBox descriptor update by @Miauwkeru in #1523
- Add individual hash command to target-shell by @skepppy in #1517
- Prevent fake NTFS filesystem mounts in target-mount by @Politie-SOC in #1520
- Search for additional command history on Citrix systems by @JSCU-CNI in #1501
- Fix ls output for files and make ls respect NO_COLOR by @skepppy in #1515
- Add support for --direct access for cim plugins by @william-billaud in #1437
- Update MacOS hostname parsing by @qmadev in #1536
- Fix mplog timestamp parsing to handle missing Z suffix and UTC offsets by @tuttimann in #1535
- Improve walkfs benchmark by @Schamper in #1537
- Fix #1538 : wget hsts plugin does not support explicit port number #1538 by @william-billaud in #1539
- Add tests data related to containers (EWF, VDI, VHD, VHDX and VMDK) by @william-billaud in #1495
- NTDS.dit Plugin by @B0TAxy in #1347
- Fix crash in
linux.environplugin whenenvironfile is missing by @B0TAxy in #1504 - Restructure windows credential plugins by @JSCU-CNI in #1544
- Raise RuntimeError when missing a decompression package in open_decompress by @Miauwkeru in #1525
- Stop
cmd_lsexecution if the given path does not exist by @JSCU-CNI in #1553 - Add file type to walkfs by @Matthijsy in #1533
- Add mimetype detection to walkfs by @JSCU-CNI in #1521
- Use the target path type inside walkfs.py by @Miauwkeru in #1556
- Add support for VDI changes by @Schamper in #1531
- Reduce memory consumption etc.etc plugin and remove ConfigurationFilesystem by @Miauwkeru in #1549
- Add NTDS filesystem by @Schamper in #1483
- Add NTDS Group Policy records by @Matthijsy in #1559
- Add Safari browser history plugin by @LarsBehrens in #1565
- Stop messages plugin from parsing directories by @twiggler in #1575
New Contributors
- @nbareil made their first contribution in #1383
- @PimSanders made their first contribution in #1454
- @R3dP1ll made their first contribution in #701
- @d4ni-exe made their first contribution in #1399
- @Politie-SOC made their first contribution in #1464
- @tuttimann made their first contribution in #1535
- @LarsBehrens made their first contribution in #1565
Full Changelog: 3.24...3.25
Contributors
nbareil, yunzheng, and 18 other contributors
Assets 2
3.24
What's Changed
- Fix moved dissect.ntfs import by @Schamper in #1322
- Use dependency groups and update Ruff by @Schamper in #1294
- Deduplicate DPAPI MasterKey decryption attempts by @JSCU-CNI in #1162
- Better error handling for invalid paths and broken loaders by @JSCU-CNI in #1319
- Small Sphinx rst improvements by @JSCU-CNI in #1325
- Add Apple Sparse Image Format (ASIF) container by @Schamper in #1324
- Improve parsing of systemd-logind fields in AuthPlugin by @JSCU-CNI in #1328
- Clarify Windows application installation date by @respondersGY in #1337
- Upgrade
flow.recordto version3.20by @respondersGY in #1339 - Add timestamp to MUIcache plugin by @respondersGY in #1336
- Find local hard disks when running inside a qemu/kvm virtual machine by @Miauwkeru in #1228
- Check whether the target_path is a symlink or not by @Miauwkeru in #1340
- Only output export functions
os_infoby @respondersGY in #1338 - Update pyproject.toml license settings and minimum python version by @Miauwkeru in #1333
- Reduce the memory consumption of the tests by @Miauwkeru in #1341
- Add Support for KAPEs that are in the VHD format by @Aevyz in #1327
- Add timestamp to yara plugin by @Matthijsy in #1344
- Used volume SERIAL as UUID when it didnt exist by @loaflover in #1303
- Extend child-support by @lhaagsma in #1133
- Make syslog parsing optional by @twiggler in #1305
- Improve ChromiumMixin performance by @JSCU-CNI in #1251
- Fix target-shell info cmd and add testcase by @lhaagsma in #1356
- Add CramFS implementation by @Horofic in #1308
- Add better exception handling for openssh key parsing by @JSCU-CNI in #1361
- Fix IIS compatibility by @qmadev in #1364
- Add VMware Workstation inventory parser function by @JSCU-CNI in #1274
- Add support for latest Firefox version by @JSCU-CNI in #1363
- Add output redirection to target-shell by @twiggler in #1351
- Make ESXi OS plugin compatible with live collection by @william-billaud in #1352
- Yield files inside recyclebin $R directories related to their $I entries by @Miauwkeru in #1377
- Add example VS Code debug configuration by @Schamper in #1379
- Add Windows Search Index plugin by @JSCU-CNI in #1254
- Add xattr, suid and capability functionality to WalkFsPlugin by @JSCU-CNI in #1144
- Support environment variable for keychain values by @twiggler in #1360
- Run keychain test isolated by @twiggler in #1394
- Add workaround for pypy bytes(.) conversion bug by @twiggler in #1388
- Cleanup tools directory and add trace logging by @Schamper in #1370
- Bump flow.record to version 3.21 by @Miauwkeru in #1400
- Replace dissect.sql and dissect.esedb with dissect.database by @Schamper in #1346
- Bump dissect package dependencies by @Miauwkeru in #1401
New Contributors
- @Aevyz made their first contribution in #1327
- @loaflover made their first contribution in #1303
Full Changelog: 3.23.1...3.24
Contributors
Schamper, Miauwkeru, and 10 other contributors
Assets 2
3.23.1
What's Changed
- Fix incorrect timestamps of ZipInfo objects by @william-billaud in #1315
- Fix namespace function output being incorrectly set to
Noneby @Schamper in #1320
Full Changelog: 3.23...3.23.1
Contributors
Schamper and william-billaud
Assets 2
3.23
What's Changed
- Fix target-dump arguments parsing by @Miauwkeru in #1150
- Allow mounting btrfs subvolumes with target-mount by @Miauwkeru in #1149
- Add plugin to parse recentlyused.xbel files from Linux desktops by @syzzer in #715
- Fix log loader deprecation message by @twiggler in #1159
- Slightly better error messages for plugin function errors by @JSCU-CNI in #1161
- cam.registry assumed wrong part of path as device by @lhaagsma in #1157
- Fix processing empty commands in runkeys plugin by @twiggler in #1183
- Lower target mount cache by @twiggler in #1153
- Rename Prefetch Grouped Record by @YahavArm in #1176
- Add Winlogon DPAPI keyprovider by @JSCU-CNI in #1151
- Add os_tree function in OSPlugin by @Miauwkeru in #1188
- Add tests for SquashFSFilesystem by @JSCU-CNI in #1173
- Fix
is_tar_magicby @JSCU-CNI in #1170 - Autouse guarded keychain in tests by @Schamper in #1217
- Limit
parse_unix_dhcp_log_messagesin parsed syslog messages by @JSCU-CNI in #1205 - Add creation date to the
samplugin by @qmadev in #1210 - Make the usage of
--listconsistent by @Miauwkeru in #1196 - Fix/refactor tasks plugin output by @B0TAxy in #1184
- Stop consuming arguments for each plugin by @Miauwkeru in #1187
- Add enhancements for target-dump by @Miauwkeru in #1166
- Remove apps/database folder by @Horofic in #1198
- Add benchmark test for acquire tar by @Matthijsy in #1225
- Add Acquire collection loader by @Matthijsy in #935
- Added support for voidtools everything DB by @cobyge in #515
- Parse dynamic configuration data from /proc/net by @twiggler in #1177
- Search additional paths for home directories by @twiggler in #1207
- Add programmatic support for nested namespaces by @Miauwkeru in #1175
- Make lookup of Windows directory resilient by @twiggler in #1229
- Small shell improvements by @JSCU-CNI in #1174
- Add Splashtop plugin by @bobkarreman in #1233
- Fix inconsistent duplicate field mappings in various plugins (part 2) by @JSCU-CNI in #1189
- Add record field type tests by @JSCU-CNI in #1192
- Add loader for Unix-like Artifacts Collector by @william-billaud in #1243
- Add Podman and OCI container support by @JSCU-CNI in #1096
- Fix logic flaw in
_filter_compatibleby @JSCU-CNI in #1247 - Fix EOFError for small targets in VbkFilesystem.detect by @JSCU-CNI in #1256
- Add support for Hyper-V backups to VBK loader by @Zawadidone in #1204
- Only readline escape ANSI colors if we actually have readline by @Schamper in #1257
- Make target-shell disks, volumes and mounts output consistent by @Miauwkeru in #1248
- Move DPAPI keyproviders to nested namespaces by @JSCU-CNI in #1250
- Fix firefox tests for dissect.sql bugfix by @JSCU-CNI in #1258
- Add additional VBK tests by @Schamper in #1261
- Fix incorrect timestamps of
ZipInfoobjects by @respondersGY in #1270 - Fix
NamespacePluginusage and add tests by @JSCU-CNI in #1259 - s/Resources/References/g by @JSCU-CNI in #1273
- Refactor Windows Firewall plugin by @JSCU-CNI in #1142
- Add record output and regex needle support to qfind by @JSCU-CNI in #1103
- Add Windows product key plugin by @JSCU-CNI in #1239
- Fix Linux process start time
TypeErrorby @qmadev in #1272 - Allow glob in path argument of target-fs by @Matthijsy in #1147
- Fix target-fs test poluting current working directory by @Schamper in #1279
- Improve webserver plugins by @respondersGY in #1277
- Change empty volume logging by @Schamper in #1211
- Move order of Velociraptor and ZIP loaders by @Matthijsy in #1283
- Add the description field to the Windows plugin services by @reynas in #1275
- Cross lookup windows user name from sam by @twiggler in #1252
- Improve robustness EVTX plugin by @respondersGY in #1268
- Sync RustDesk paths with Acquire by @qmadev in #1286
- Let QCow2Container init to pass fh directly as Path by @andreia-oca in #1160
- Compatibility with dissect.vmfs rewrite by @Schamper in #1208
- Allow plugins to re-use arguments from main tools by @Schamper in #1262
- Fix various loader and unit test inconsistencies by @Schamper in #1265
- Add
dissect.sqlto dependencies by @qmadev in #1298 - Improve robustness of lazy import by @Schamper in #1263
- Check for optional dependencies by @JSCU-CNI in #1194
- Update INode imports qnxfs by @Miauwkeru in #1304
- Pin zstandard and remove superfluous comment by @twiggler in #1307
- Fix linux services plugin by @JSCU-CNI in #1253
- Extend mru plugin to parse OpenSavePidlMRU and LastVisitedPidlMRU keys by @M1ra1B0T in #1061
- Move DHCP lease file parsing to new Linux Network plugin by @Horofic in #1240
- Fix extfs mock by @twiggler in #1310
- Enhance cim plugins (WMI) #1244 by @william-billaud in #1245
- Add string matches to yara output by @JSCU-CNI in #1313
- Include OSPlugin functions in
find_functionsoutput by @JSCU-CNI in #1135 - Bump dependencies by @twiggler in #1314
New Contributors
- @YahavArm made their first contribution in #1176
- @B0TAxy made their first contribution in #1184
- @bobkarreman made their first contribution in #1233
- @respondersGY made their first contribution in #1270
- @reynas made their first contribution in #1275
- @andreia-oca made their first contribution in #1160
Full Changelog: 3.22...3.23
Contributors
bobkarreman, Schamper, and 17 other contributors
Assets 2
3.22
What's Changed
- Add container image support by @JSCU-CNI in #1000
- Improve ApachePlugin log file discovery by @JSCU-CNI in #980
- feature: add nlink support for jffs stat by @twiggler in #1064
- Add Apache VirtualHost parsing by @JSCU-CNI in #1077
- Add support for leap days in year_rollover_helper by @JSCU-CNI in #1081
- Add Cellebrite UFDX and UFD loader by @JSCU-CNI in #1086
- Add Windows MSN plugin by @JSCU-CNI in #1084
- Add fixes for target-shell prompt by @Miauwkeru in #943
- Replace ip and network with ipinterface inside interface records by @Miauwkeru in #1057
- Nfs filesystem by @twiggler in #1022
- Improve GenericTarSubloader for Windows-like tarballs by @JSCU-CNI in #1076
- Add
pytest-xdisttotoxand run multi-threaded by @JSCU-CNI in #1089 - Improve various Windows LSA and DPAPI internals by @JSCU-CNI in #1071
- Improve target-query exception handling and logging by @JSCU-CNI in #1062
- Improve Linux authlog IP address parsing by @JSCU-CNI in #1072
- Add order field to command history records by @JSCU-CNI in #1068
- Improve NGINX plugin by @JSCU-CNI in #1073
- Add Windows RDP bitmap cache plugin by @JSCU-CNI in #1080
- Add
unlock_with_fvekto BitlockerVolumeSystem by @JSCU-CNI in #1092 - Translate empty Windows evtx value to
Noneby @JSCU-CNI in #1058 - Fix TeamViewer timezone parsing by @JSCU-CNI in #1069
- Target reload by @twiggler in #1090
- Add Oracle VirtualBox child support by @JSCU-CNI in #1095
- Added new
mft.bodyplugin by @qmadev in #1063 - Improve RedHat OS detection by @JSCU-CNI in #1079
- Improve robustness of Sophos plugin by @Zawadidone in #1083
- Improve detection for iOS targets by @JSCU-CNI in #1085
- Add support for Anydesk filetransfertrace files by @lhaagsma in #1098
- Allow namespaces to accept arguments by @Schamper in #1101
- Add rustdesk (resolved feedback on previous PR) by @lhaagsma in #1104
- Change linter to Ruff by @Schamper in #1097
- Add
.git-blame-ignore-revsfile by @Schamper in #1105 - Fix multiple namespace plugins in same file by @Schamper in #1102
- Clear cached functions on every test by @Schamper in #1110
- Add other Windows Defender quarantine file stream IDs by @skepppy in #1108
- Add support for dissect.qnxfs by @Schamper in #454
- Improve UNIX domain parsing by @JSCU-CNI in #1114
- Improve Apache log format detection by @JSCU-CNI in #1116
- Mount NFS shares on ESXi by @twiggler in #1094
- Add children argument to target-info tool by @JSCU-CNI in #1113
- Add parser for
PcaGeneralDb*.txtfiles by @Schamper in #1100 - Fix bug in kape loader when using with target-mount by @william-billaud in #1106
- Add loader for VBK files by @Matthijsy in #1012
- Fix
lsa.secretsplugin and improve tests by @JSCU-CNI in #1120 - Add workaround for ANSI codes target-shell tests by @JSCU-CNI in #1117
- Remove UTC class usage in exFAT code by @Schamper in #1125
- Improve pytest warning on missing test data by @Schamper in #1119
- Add Rapid7 Velociraptor artifacts plugin by @Zawadidone in #698
- Improve plugin arguments by @JSCU-CNI in #1070
- Add support for decrypting Chrome and Edge
v20cookies and passwords by @JSCU-CNI in #1121 - Single (log) files, take two by @twiggler in #1082
- Compatibility with refactored dissect.regf by @Schamper in #1131
- Add Capability History plugin by @lhaagsma in #1112
- Raise a NotADirectoryError inside the NFSFilesystemEntry.get when it is a file by @Miauwkeru in #1109
- Add some benchmarks by @JSCU-CNI in #1129
- Fix default Docker daemon data directories by @Zawadidone in #1138
- Add Colima children plugin by @Zawadidone in #1139
- Add checks for a windows UTC timezone inside windows datetime by @Miauwkeru in #1141
- Fix invalid IP address assignment in Windows network plugin by @JSCU-CNI in #1143
- Return an empty dict if the plistnetwork happened to be None by @Miauwkeru in #1145
- Support systemd drop files by @twiggler in #1136
- Update pyproject.toml for release by @Miauwkeru in #1148
New Contributors
- @lhaagsma made their first contribution in #1098
- @skepppy made their first contribution in #1108
- @william-billaud made their first contribution in #1106
Full Changelog: 3.21...3.22
Contributors
Schamper, Miauwkeru, and 8 other contributors
Assets 2
3.21
What's Changed
- Improve SQLite table exist checks by @JSCU-CNI in #958
- Add support for ISO 8601 timestamps in syslogs by @JSCU-CNI in #907
- Improve cit plugin exception handling by @JSCU-CNI in #961
- Improve catroot plugin exception handling by @JSCU-CNI in #962
- Improve lnk plugin exception handling by @JSCU-CNI in #963
- Add target-diff by @JSCU-CNI in #664
- Fix Sphinx warnings by @JSCU-CNI in #942
- Strip trailing dir separator for translated file paths in ITunesLoader by @Poeloe in #952
- Parse hostname from /proc/sys/kernel/hostname by @CinisSec in #704
- Add support for Fortinet AES encrypted firmware images by @yunzheng in #969
- Remove paho from mqqt unit test by @twiggler in #967
- Fix URL-encoded filesystem entries in the Velociraptor loader by @Zawadidone in #700
- Add Unix DHCP lease file parser for
target.ipsby @JSCU-CNI in #965 - Make Mssql errorlog plugin more robust by @Horofic in #978
- Unify digest field names across the project by @JSCU-CNI in #982
- Continue parsing tasks after invalid Windows XML Task by @Horofic in #986
- Fix argument checks in env plugin by @JSCU-CNI in #988
- Add None checks around read_sid by @JSCU-CNI in #989
- Add New Capability Access Manager plugin by @qmadev in #979
- Add warning for OBJECT_UNUSED in journal plugin by @JSCU-CNI in #971
- Fix inconsistent duplicate field mappings in various plugins by @JSCU-CNI in #990
- Fix file header detection in open_decompress by @yunzheng in #998
- Fix crash in unix users plugins if GID or UID is empty by @wbi-ocd in #996
- Fix ANSI color prompt in target-shell by @yunzheng in #1004
- Add Windows 11 Prefetch version by @Horofic in #1005
- Don't attempt to load child targets when initial target loading fails by @JSCU-CNI in #987
- Normalize UTC timezone names for unix and windows targets by @JSCU-CNI in #1001
- Initial commit for plugin internals refactor by @Schamper in #763
- Prevent enumerating entire non-ISO formatted syslog files in
is_iso_fmtby @JSCU-CNI in #972 - Add Kape VHDX loader by @qmadev in #993
- Improve compatibility checks on various plugins by @JSCU-CNI in #1008
- Attempt to load previous snapshot VMDK when missing snapshot disks by @Schamper in #1011
- Microsoft Office add-in detection by @twiggler in #966
- POC: Pure Python NFS client by @twiggler in #997
- Improve target-diff tool by @JSCU-CNI in #1014
- Add FortiGate decryption keys up to v7.0.17, v7.2.10, v7.4.6 and v7.6.1 by @yunzheng in #1016
- Move 7-Zip and WinRAR plugins to productivity namespace by @JSCU-CNI in #1017
- Fix compatibility with latest flow.record by @JSCU-CNI in #1018
- Fix sphinx docs warnings by @JSCU-CNI in #1020
- Improve Linux detection by @JSCU-CNI in #1023
- Add support for plugin directories by @Schamper in #788
- Parse recycle bins from non
sysvolvolumes by @Zawadidone in #1026 - Fix parent plugin namespaces by @Schamper in #1024
- Add proper datetime conversion for StartTime and EndTime in the sru plugin by @Miauwkeru in #1025
- Move tasks and defender plugin into plugin directories by @Schamper in #1028
- Add additional profile parsing to Chromium browsers by @qmadev in #1031
- Unify -L loader argument as a generic argument by @Schamper in #1033
- Revert "Fix ANSI color prompt in target-shell" by @yunzheng in #1040
- Bump the flow.record dependency to version 3.19 by @Miauwkeru in #1037
- Add Python 3.13 compatibility by @JSCU-CNI in #897
- Add exception to Kape VHDX loader by @qmadev in #1047
- Refactor unix cronjob plugin by @JSCU-CNI in #1009
- Add "alias" to FunctionDescriptor and "required" field to arguments by @JSCU-CNI in #1043
- Add support for kernel log entries in syslog by @JSCU-CNI in #1050
- Improve Linux services parsing by @JSCU-CNI in #1049
- Clean up some files by @Schamper in #1052
- Add retrieval of runtime information to plugin descriptors by @Schamper in #1007
- Sanitize linux and windows hostnames by @JSCU-CNI in #1051
- Fix compatible plugins filter by @JSCU-CNI in #1054
- Improve Android OS detection by @JSCU-CNI in #1053
- Parse Docker container environment variables by @JSCU-CNI in #1055
- Add readline ignore sequences to PS1 prompt by @yunzheng in #1041
- Add qfind plugin and tool by @Schamper in #1035
- Fix compatible plugins filter (2) by @JSCU-CNI in #1059
New Contributors
Full Changelog: 3.20.1...3.21
Contributors
yunzheng, Schamper, and 9 other contributors
Assets 2
3.20.1
What's Changed
- Add more FortiGate firmware decryption keys by @yunzheng in #954
- Linux network plugin: NetworkManager & systemd-networkd by @twiggler in #932
- Fix issue with pathless config items by @cecinestpasunepipe in #785
- Add support for mounted GNOME Trash folders by @JSCU-CNI in #906
- Allow RegfValue.type to fall back to int by @JSCU-CNI in #956
- Fix error in windows network plugins by @wbi-ocd in #955
New Contributors
Full Changelog: 3.20...3.20.1
Contributors
yunzheng, twiggler, and 3 other contributors
Assets 2
3.20
What's Changed
- Add birthtime_ns and nr of blocks and blocksize to btrfs stat output by @Miauwkeru in #838
- Add option to unset allow_other option for FUSE for target-mount by @Poeloe in #844
- Dis 3281/improved security scheme by @twiggler in #847
- [Bug] Add missing _target field to record for Defender exclusion plugin by @DevJoost in #845
- Add Windows network interface plugin by @narimantos in #830
- Improve argument parsing of the mqtt loader by @twiggler in #850
- Move source field of COMMON_INTERFACE_ELEMENTS to the bottom by @Miauwkeru in #862
- Improve running docker container parsing by @JSCU-CNI in #853
- Correctly mount file mount points in Overlay2Filesystem by @JSCU-CNI in #858
- Add macOS network interface plugin by @cecinestpasunepipe in #839
- Add Unix trash plugin by @JSCU-CNI in #852
- Make cloud-init log line regex more strict by @JSCU-CNI in #864
- Mark OSX home directory as a posix path by @twiggler in #867
- Unfold ADS macb records by @cecinestpasunepipe in #861
- Add support for runtime aliases to target_shell by @cecinestpasunepipe in #871
- Move helpers/network_manager.py to plugins/os/unix/linux/network_manager.py by @Miauwkeru in #869
- Add Parallels child detection by @JSCU-CNI in #855
- Add support for targetrc file to execute commands when a target shell is spawned by @twiggler in #859
- Add improvements for VMware Workstation by @JSCU-CNI in #854
- Add -c argument to target-shell by @cecinestpasunepipe in #873
- Add birthtime_ns to ExtFilesystemEntry.lstat by @Miauwkeru in #876
- Explicitly mark home directories as having a posix or windows flavor by @twiggler in #892
- Add XFS metadata: number of blocks per file. by @twiggler in #874
- Add birthtime, blocksize and blks to stat output for NTFS by @Miauwkeru in #848
- Improve shellbags plugin by @JSCU-CNI in #470
- Add binary configuration parser by @cecinestpasunepipe in #893
- Add Env ConfigurationParser by @JSCU-CNI in #733
- Map all registry value types to a standardized enum in regutil by @cecinestpasunepipe in #899
- Fix broken python command in target-shell by @JSCU-CNI in #905
- Add wget hsts plugin by @JSCU-CNI in #868
- Improve robustness of journal plugin by @JSCU-CNI in #872
- Add support for compressed cloud-init file log parsing by @JSCU-CNI in #902
- Support st_blksize and st_blocks on JFFS2 by @twiggler in #912
- Small log improvements by @JSCU-CNI in #857
- Add missing init file by @JSCU-CNI in #916
- Improve exported plugin docstrings and annotations by @JSCU-CNI in #725
- Fix registry for legacy Windows versions by @cecinestpasunepipe in #914
- Restructure editor plugin namespace by @JSCU-CNI in #915
- Add Unix and Windows application plugins by @JSCU-CNI in #851
- Update Windows timezone db to version 2024b by @JSCU-CNI in #919
- Add json output to target-query --list by @JSCU-CNI in #841
- Add Proxmox support by @Schamper in #837
- Add blksize, nblocks, and birthtime_ns to stat for FFS by @twiggler in #917
- Refactor AuthLogPlugin by @Poeloe in #860
- Improve Linux utmp plugin by @JSCU-CNI in #923
- Improve FortiManager OS support by @JSCU-CNI in #921
- Fix inconsistency of target.ips output by @JSCU-CNI in #870
- Remove Python 2 compatible exception code by @Schamper in #930
- Fix default argument for following symlinks in JFFS by @Schamper in #925
- Add computer SID for Windows systems by @fox-evv in #824
- Make filesystem exceptions subclass from standard library exceptions by @Schamper in #928
- Fix AttributeError in syscache plugin by @JazzCore in #913
- Reflect move of XVA and VMA to dissect.archive by @Schamper in #937
- Make WER file field names with non-ascii characters usable by @pyrco in #938
- Add
st_blocksandst_blksizeto stat output for FAT by @cecinestpasunepipe in #941 - Fix parsing journal entries when the value is 'None' by @h0ckeyst1ck in #944
- Fix a regression bug inside windows network_manager by @Miauwkeru in #936
- Added support for MSSQL error log files by @fox-evv in #823
- Add FortiOS test by @JSCU-CNI in #945
- Bump the flow.record dependency to version 3.18 by @pyrco in #946
- Add a dependency on dissect.fve for the full extra by @pyrco in #949
New Contributors
Full Changelog: 3.19...3.20
Contributors
Schamper, JazzCore, and 10 other contributors
Assets 2
3.19
What's Changed
- Add username and password options to MQTT loader by @cecinestpasunepipe in #732
- Make ESXi Plugin work without crypto and fix vm_inventory by @Matthijsy in #697
- Fix visual bugs in cyber by @Schamper in #738
- Improve type hint in Defender plugin by @Schamper in #739
- Fix issue with MPLogs by @cecinestpasunepipe in #742
- Use target logger in etc-plugin by @cecinestpasunepipe in #741
- Fix TargetPath instances for configutil.parse by @Miauwkeru in #743
- Fix for using the correct volume name to mount filesystems in Unix by @Schamper in #677
- Fix NoneType AttributeError in firefox extension plugin by @M1ra1B0T in #713
- Fix issue with namespaced plugins in target-shell by @cecinestpasunepipe in #751
- Add retrieval browser data "Snapshots" folder by @mick-314 in #680
- Move helpers from './helpers/ssh.py' into './plugins/apps/ssh/ssh.py' by @Poeloe in #756
- Add support for passwd backup files by @JSCU-CNI in #760
- Improve AnyDesk plugin by @JSCU-CNI in #712
- Fix wrong log logic indicating a sysvol was not found by @pyrco in #762
- Add _target field to firefox and chromium plugins by @DevJoost in #764
- Fix directory argument for lnk plugin by @Poeloe in #757
- Add CSV-ish config parser by @cecinestpasunepipe in #754
- Add support for Android Backups by @Schamper in #419
- Fix UTM loader to skip non-disks by @Schamper in #769
- Add support for mounting by XFS label by @Schamper in #768
- Improve YARA plugin by @JSCU-CNI in #646
- Improve DHCP IP address parsing speed for journal by @JSCU-CNI in #687
- Rewrite Windows USB plugin by @JSCU-CNI in #766
- Add MACB aggregator to MFT by @cecinestpasunepipe in #767
- Add ls parameters to target-fs by @DevJoost in #716
- Fix MdVolumeSystem by @Miauwkeru in #782
- Add option to scan children in YARA plugin by @JSCU-CNI in #780
- Add support for Firefox Oculus VR browser by @Schamper in #752
- Fix ESXi OS when no local state exists yet by @Schamper in #784
- Add --root to the etc plugin by @Miauwkeru in #783
- Add loader option to target-info and target-yara by @JSCU-CNI in #781
- Make adding virtual NTFS filesystem more resilient by @Schamper in #691
- Add target-shell history by @JSCU-CNI in #786
- Cast custom --max-size to integer in yara plugin by @JSCU-CNI in #811
- Yield MFT segments in specified range by @Zawadidone in #672
- Add libvirt loader and QEMU child plugin by @Miauwkeru in #654
- Create base class for the network plugin by @Miauwkeru in #810
- Add symlink support to ZipFilesystem by @Schamper in #808
- Add st_birthtime_ns to fsutil.stat_result by @Poeloe in #814
- Refactor target-shell by @JSCU-CNI in #812
- Add Windows Jumplist plugin by @Zawadidone in #669
- Add Windows Update Agent history by @michoebey in #770
- Add parser for unsaved Windows Notepad tabs by @joost-j in #540
- Move notepad test files to LFS by @Schamper in #825
- Prevent unhandled filesystem exceptions in modify_record by @JSCU-CNI in #737
- Improve parsing speed of walkfs plugins by @JSCU-CNI in #749
- Fix relative symlinks within a mounted filesystem by @Schamper in #832
- Add notice for PyPy users by @cecinestpasunepipe in #829
- Move jumplist test data to correct location by @Schamper in #835
- Add MacOS and Linux paths to TeamViewer plugin by @Poeloe in #834
- Add unit test to ensure Git LFS consistency by @Schamper in #828
- Improve Linux OS detection by @Horofic in #809
- Add mutual exclusive plugin arguments by @cecinestpasunepipe in #836
- Generic locale fixes for RHEL by @JSCU-CNI in #840
- Fix 3.12 ET and datetime deprecation warnings by @JSCU-CNI in #842
- Improve DPAPI plugin by @JSCU-CNI in #711
- Bump the version of flow.record to 3.16 by @pyrco in #843
New Contributors
- @Matthijsy made their first contribution in #697
- @mick-314 made their first contribution in #680
- @michoebey made their first contribution in #770
- @joost-j made their first contribution in #540
Full Changelog: 3.18...3.19
Contributors
Schamper, Miauwkeru, and 12 other contributors