Releases: fox-it/dissect.target
Releases · fox-it/dissect.target
3.19
What's Changed
- Add username and password options to MQTT loader by @cecinestpasunepipe in #732
- Make ESXi Plugin work without crypto and fix vm_inventory by @Matthijsy in #697
- Fix visual bugs in cyber by @Schamper in #738
- Improve type hint in Defender plugin by @Schamper in #739
- Fix issue with MPLogs by @cecinestpasunepipe in #742
- Use target logger in etc-plugin by @cecinestpasunepipe in #741
- Fix TargetPath instances for configutil.parse by @Miauwkeru in #743
- Fix for using the correct volume name to mount filesystems in Unix by @Schamper in #677
- Fix NoneType AttributeError in firefox extension plugin by @M1ra1B0T in #713
- Fix issue with namespaced plugins in target-shell by @cecinestpasunepipe in #751
- Add retrieval browser data "Snapshots" folder by @mick-314 in #680
- Move helpers from './helpers/ssh.py' into './plugins/apps/ssh/ssh.py' by @Poeloe in #756
- Add support for passwd backup files by @JSCU-CNI in #760
- Improve AnyDesk plugin by @JSCU-CNI in #712
- Fix wrong log logic indicating a sysvol was not found by @pyrco in #762
- Add _target field to firefox and chromium plugins by @DevJoost in #764
- Fix directory argument for lnk plugin by @Poeloe in #757
- Add CSV-ish config parser by @cecinestpasunepipe in #754
- Add support for Android Backups by @Schamper in #419
- Fix UTM loader to skip non-disks by @Schamper in #769
- Add support for mounting by XFS label by @Schamper in #768
- Improve YARA plugin by @JSCU-CNI in #646
- Improve DHCP IP address parsing speed for journal by @JSCU-CNI in #687
- Rewrite Windows USB plugin by @JSCU-CNI in #766
- Add MACB aggregator to MFT by @cecinestpasunepipe in #767
- Add ls parameters to target-fs by @DevJoost in #716
- Fix MdVolumeSystem by @Miauwkeru in #782
- Add option to scan children in YARA plugin by @JSCU-CNI in #780
- Add support for Firefox Oculus VR browser by @Schamper in #752
- Fix ESXi OS when no local state exists yet by @Schamper in #784
- Add --root to the etc plugin by @Miauwkeru in #783
- Add loader option to target-info and target-yara by @JSCU-CNI in #781
- Make adding virtual NTFS filesystem more resilient by @Schamper in #691
- Add target-shell history by @JSCU-CNI in #786
- Cast custom --max-size to integer in yara plugin by @JSCU-CNI in #811
- Yield MFT segments in specified range by @Zawadidone in #672
- Add libvirt loader and QEMU child plugin by @Miauwkeru in #654
- Create base class for the network plugin by @Miauwkeru in #810
- Add symlink support to ZipFilesystem by @Schamper in #808
- Add st_birthtime_ns to fsutil.stat_result by @Poeloe in #814
- Refactor target-shell by @JSCU-CNI in #812
- Add Windows Jumplist plugin by @Zawadidone in #669
- Add Windows Update Agent history by @michoebey in #770
- Add parser for unsaved Windows Notepad tabs by @joost-j in #540
- Move notepad test files to LFS by @Schamper in #825
- Prevent unhandled filesystem exceptions in modify_record by @JSCU-CNI in #737
- Improve parsing speed of walkfs plugins by @JSCU-CNI in #749
- Fix relative symlinks within a mounted filesystem by @Schamper in #832
- Add notice for PyPy users by @cecinestpasunepipe in #829
- Move jumplist test data to correct location by @Schamper in #835
- Add MacOS and Linux paths to TeamViewer plugin by @Poeloe in #834
- Add unit test to ensure Git LFS consistency by @Schamper in #828
- Improve Linux OS detection by @Horofic in #809
- Add mutual exclusive plugin arguments by @cecinestpasunepipe in #836
- Generic locale fixes for RHEL by @JSCU-CNI in #840
- Fix 3.12 ET and datetime deprecation warnings by @JSCU-CNI in #842
- Improve DPAPI plugin by @JSCU-CNI in #711
- Bump the version of flow.record to 3.16 by @pyrco in #843
New Contributors
- @Matthijsy made their first contribution in #697
- @mick-314 made their first contribution in #680
- @michoebey made their first contribution in #770
- @joost-j made their first contribution in #540
Full Changelog: 3.18...3.19
Contributors
Schamper, Miauwkeru, and 12 other contributors
Assets 2
3.18
What's Changed
- Return descriptive error when target tools point to a non-existing file by @Poeloe in #702
- Format yields in docstring for rst generation by @Miauwkeru in #692
- Fix path parsing bug in plocate by @Horofic in #706
- Add generic error handler and debug mode by @cecinestpasunepipe in #705
- Indicate when cache is used by @narimantos in #710
- Add monitoring option to MQTT Loader by @cecinestpasunepipe in #709
- Compatibility with cstruct v4 by @Miauwkeru in #717
- Bump the version of virtualenv in tox.ini to pull in the correct version of pip by @pyrco in #720
- Remove deprecated features marked for removal in version 3.15 by @pyrco in #721
- Add MPLog parser to Defender plugin by @cecinestpasunepipe in #724
- Fixed KeyError when loading Windows targets over SMB by @Paradoxis in #726
- Add glob/dump function for config tree by @cecinestpasunepipe in #728
- Fix edge case where unix history path is a directory by @JSCU-CNI in #727
- Bump dissect.ctruct dependency to version 4 by @pyrco in #731
- Correctly detect Windows 11 builds by @JSCU-CNI in #714
- Fix EOF read error for char arrays in a BEEF0004 shellbag by @Miauwkeru in #730
Full Changelog: 3.17...3.18
Contributors
Miauwkeru, narimantos, and 6 other contributors
Assets 2
3.17
What's Changed
- Amend documentation for
noneplugin export type by @Poeloe in #570 - Refactor catroot plugin by @Poeloe in #559
- Add missing
__init__.pyfor bsd plugins by @Schamper in #572 - New RemoteLoader by @cecinestpasunepipe in #539
- Update openvpn configuration parsing by @Miauwkeru in #556
- Custom command support in MQTT-loader by @cecinestpasunepipe in #569
- Mock dependency in mqtt tests by @Schamper in #574
- Run CI on pushed tags by @Schamper in #577
- Add TOML support to the config parser by @Miauwkeru in #580
- Bump minimal tox version by @Schamper in #581
- Replace PyYAML with ruamel.yaml by @Schamper in #563
- Replaced hyphen in key by @Bopobopob in #647
- Target dump not handling namespaced plugins by @Miauwkeru in #579
- Change socket tests to use NetSocket plugin by @Horofic in #651
- Fix/simplify mqtt by @cecinestpasunepipe in #578
- Add support for reading Fortinet firmware files by @yunzheng in #652
- Fix gzip trailer_offset calculation in FortiFirmwareFile by @yunzheng in #657
- Update github action versions by @Miauwkeru in #658
- Add target-shell's ls command options by @mnrkbys in #431
- Create separate LayerFilesystem from RootFilesystem by @Schamper in #575
- Fix log message calls in network manager by @JSCU-CNI in #662
- Fallback mount sysvol to C: if not mounted to another drive letter by @Schamper in #671
- Add all test files to git LFS by @Schamper in #562
- Add a pull request template by @Miauwkeru in #674
- Fix TypeError in iexplore.downloads
down_pathby @JSCU-CNI in #676 - Add public key fingerprints to ssh plugins by @JSCU-CNI in #673
- Improve netplan and networkd support by @JSCU-CNI in #550
- Add prefetch to MQTT loader by @cecinestpasunepipe in #659
- Fix var resident to default to False by @narimantos in #686
- Add additional EFI path to Windows plugin by @Schamper in #663
- Fix typo in target-shell unit test by @Schamper in #675
- Add password extraction to browser plugins by @JSCU-CNI in #541
- Add support for docker containers as children by @JSCU-CNI in #441
- Allow multiple accessors in Velociraptor loader by @Schamper in #576
- Add windows credhist plugin by @JSCU-CNI in #566
- Add firefox extensions within firefox plugin by @M1ra1B0T in #689
- Split runkey path as command components by @Miauwkeru in #688
New Contributors
- @Bopobopob made their first contribution in #647
- @mnrkbys made their first contribution in #431
- @narimantos made their first contribution in #686
- @M1ra1B0T made their first contribution in #689
Full Changelog: 3.16...3.17
Contributors
yunzheng, Schamper, and 9 other contributors
Assets 2
3.16
What's Changed
- Add support for XML configuration files by @cecinestpasunepipe in #495
- Pin pytest to a version <8.0.0 for now by @pyrco in #517
- Fix hostname plugin for RedHat systems by @florisvanstal in #513
- Support Windows installations on alternative drive letters by @Schamper in #497
- Initial cookies implementation for Firefox and Chromium by @YoeriNijs in #453
- Only run CI on PR and main branch pushes by @Schamper in #512
- Fix iexplore download records to use a proper path by @pyrco in #521
- Add MUI support for timezone translations by @JSCU-CNI in #518
- Fix various unit tests with side-effects by @Schamper in #520
- Add option to add comments to keychain file by @Poeloe in #523
- Replace mimikatz binary in quarantine data with DUMMY_PAYLOAD by @Miauwkeru in #524
- Fix removing get_all_records() exports by plugin_function_index() by @pyrco in #527
- Small consistency fixes in browser plugins by @Schamper in #529
- Fix some issues with tests not being independent from other tests by @pyrco in #526
- Add mount by LABEL= for ext filesystems by @Miauwkeru in #532
- Fix escapes in Apache plugin docstring by @Schamper in #534
- Align cyber by @Schamper in #533
- Expand user home when passing a path as URI by @Schamper in #535
- Add decryption keys for FortiGate 7.0.14 and 7.4.3 by @JSCU-CNI in #536
- Add xampp paths to ApachePlugin by @JSCU-CNI in #537
- Add JSON and YAML support to configutil by @Miauwkeru in #528
- Add Brave browser plugin by @JSCU-CNI in #538
- Add docker logs plugin by @JSCU-CNI in #507
- Add Linux locate plugin by @JSCU-CNI in #505
- Add basic cpio filesystem by @JSCU-CNI in #531
- Fix bug in defender evtx that resulted in ts field value being None by @Poeloe in #543
- Apply bug workaround in plocate plugin to all PyPy versions by @Horofic in #546
- Revert back to yara-python by @Schamper in #545
- Add
map_dir_from_tarandmap_file_from_tarby @JSCU-CNI in #508 - Move lru_cache definitions to init by @Miauwkeru in #547
- Add a decryption function to use on a local esxi target by @Miauwkeru in #542
- Fix bug in WER plugin caused by special characters in field name by @Poeloe in #544
- Fix performance regression due to TarFilesystem by @Schamper in #552
- Fix mounting BDE GPT volumes by @Schamper in #551
- add tests for symlink logic MappedFile by @cecinestpasunepipe in #554
- Add filesystem support for vmtar by @Schamper in #553
- IIS plugin does not process logs in default dir without ApplicationHo… by @cecinestpasunepipe in #549
- Document supported configurations for the Velociraptor loader by @Zawadidone in #558
- Extend AllowedIPs in wireguard to accept multiple ip addresses by @Miauwkeru in #555
- Mount volumes to drive letters in Velociraptor loader by @Schamper in #560
- Fix consistency in
HAVE_/HAS_constants by @Schamper in #564 - Fix Carbon Black SDK dependency by @Schamper in #565
- Improve target registry tool by @JSCU-CNI in #561
- Add more FortiGate keys and decryption tests by @yunzheng in #568
- Add lru_cache for UsersPlugin's find method by @Poeloe in #567
New Contributors
- @florisvanstal made their first contribution in #513
- @YoeriNijs made their first contribution in #453
Full Changelog: 3.15...3.16
Contributors
yunzheng, Schamper, and 9 other contributors
Assets 2
3.15
What's Changed
- Add JFFS2 support to Dissect by @JSCU-CNI in #417
- Fix the retrieval of plugins by @pyrco in #476
- Fix finding namespace plugins that do not want to be findable by @pyrco in #487
- Add default docstrings to OSPlugin subclass methods by @pyrco in #483
- Fix boolean parsing in OpenVPNPlugin by @Repsay in #479
- Explicit loader Option by @cecinestpasunepipe in #480
- Remove duplicate field in TaskRecord by @yunzheng in #486
- Fix EOFError in sam plugin on empty lm/nt hash by @JazzCore in #478
- Fix Velociraptor Loader Windows root filesystem detection by @Zawadidone in #490
- Fix yum year rollover unit test by @Schamper in #492
- Add --resolve to target-query by @Miauwkeru in #485
- Fix the glob_ext() filesystem globbing function by @pyrco in #489
- Improve sru plugin by @JSCU-CNI in #472
- Add PuTTY plugin (copy) by @JSCU-CNI in #491
- Refactor TargetPath and add support for Python 3.12 by @Schamper in #494
- Fix file handle exhaustion for EWF files with many chunks by @Schamper in #499
- Replace yara-python with yara-python-wheel for prebuilt wheels by @Schamper in #387
- Fix loading of anonymous filesystems in the TarLoader by @pyrco in #500
- Improve driveletter selection for windows disks by @pyrco in #498
- Cyber by @Schamper in #420
- Reduce log verbosity of wildcard keychain values by @Schamper in #501
- Fix NamespacePlugin function filtering by @MaxGroot in #463
- Add support for Citrix Netscaler access & error logs by @MaxGroot in #384
- Catch and re-raise errors when opening filesystems by @Schamper in #475
- Change plugin import failure message to info by @Schamper in #455
- Improve logging and error handling by @Schamper in #504
- Fix relative paths when using a URI as target by @Schamper in #502
- Citrix netscaler OS fixes and add support for netscaler cli history by @MaxGroot in #385
- DIS-2917 acquire-generate build fix by @Horofic in #506
- Add fuse3 support by @Miauwkeru in #493
- Initial FortiOS support by @Schamper in #503
- Add schedlgu.txt file parser by @Horofic in #511
- Add FortiOS rootfs.gz decrypt functionality by @JSCU-CNI in #510
- Move schedlgu plugin by @Horofic in #514
New Contributors
Full Changelog: 3.14...3.15
Contributors
yunzheng, Schamper, and 9 other contributors
Assets 2
3.14
What's Changed
- Do not package test data in the Python source distribution by @pyrco in #439
- Add Tab URL's and MIME type to download record by @Zawadidone in #429
- Restructure tests and some plugins by @Schamper in #426
- Fix support for unicode paths in target-shell (copy) by @pyrco in #440
- Fix typing issue in sshd plugin by @JSCU-CNI in #433
- Improve support for alpine linux by @JSCU-CNI in #442
- Fix handling of volumes at offset 0 by @Schamper in #443
- Unify type on filesystems and containers by @Schamper in #444
- Fix Symantec compatibility check by @cecinestpasunepipe in #445
- Add support for dissect.btrfs by @Schamper in #370
- Add _target to LnkRecord by @Poeloe in #449
- Make iexplore.downloads plugin more fail-safe by @Poeloe in #450
- Fix multiple datetime parsing issues in teamviewer plugin by @Poeloe in #448
- Put plugins in the proper unix or linux namespace by @pyrco in #447
- Use correct open method in several loaders by @Schamper in #452
- Mount all unmounted fsses under '$fs$/fs' by @Miauwkeru in #451
- Fix issues with targetd integration by @cecinestpasunepipe in #446
- Fix vermin issues with calendar.SUNDAY not in Py3.9 by @pyrco in #458
- Improve hash functionality by @Miauwkeru in #457
- Fix permission issues when tests are run on windows by @pyrco in #462
- Replace the internal walkfs_ext plugin with Target.fs.walk_ext by @pyrco in #459
- Fix most tests for windows computers by @Miauwkeru in #467
- Fixed support for unprivileged accounts for the SMB loader & minor bug fix by @Paradoxis in #466
- Further refine volume opening logic by @Schamper in #456
- Add systemd support to the config_parser utility by @Miauwkeru in #460
- Add support for birth timestamps in extfs / walkfs by @syzzer in #482
- Fix MRUList assumption by @JSCU-CNI in #471
- Fix consumerbindings plugin by @JSCU-CNI in #473
- Fix unix activity plugin by @JSCU-CNI in #469
New Contributors
Full Changelog: 3.13...3.14
Contributors
Schamper, Miauwkeru, and 7 other contributors
Assets 2
3.13
What's Changed
- Fix an unstable ordering issue in the linux modules plugin test by @pyrco in #406
- Add support for .ova files by @Schamper in #402
- Make the wireguard plugin more robust against missing data by @pyrco in #407
- Improve robustness of target-info by @JSCU-CNI in #405
- Fix plugin lookups for the DefaultPlugin by @pyrco in #408
- Make configurationparser use ready by @Miauwkeru in #386
- Fix checks on non-existing or non-compatible plugins by @pyrco in #410
- Skip failing tests on Windows for now by @pyrco in #412
- Add the architecture function to OSPlugin by @pyrco in #414
- Add support for /dev/disk/by-uuid in fstab parsing by @Schamper in #409
- Add an option to exclude functions from executing in target-query by @pyrco in #424
- Add SSHD Contribution and more unix files for parsing by @Miauwkeru in #422
- Move FUSE error message to after argument parsing by @Schamper in #423
- Add a dry-run feature to target-query by @pyrco in #428
- Add LUKS volume support by @Schamper in #404
- Remove skips for timezone tests by @Miauwkeru in #425
- Change the RunKeyRecord path field to string by @pyrco in #430
- Add DDF volume system support by @Schamper in #403
- Fix small bugs in Android OS Plugin by @MaxGroot in #415
- Resolve windows path related tests by @Miauwkeru in #434
- Fix the hashutil functions to properly deal with path record field types by @pyrco in #432
- Update flow.record to 3.13 by @pyrco in #435
- Reset file position during container, volume and filesystem opening by @Schamper in #437
- Fix small inconsistency in Defender structs by @Schamper in #438
Full Changelog: 3.12...3.13
Contributors
Schamper, Miauwkeru, and 3 other contributors
Assets 2
3.12
What's Changed
- Add cPanel lastlogin parser by @Zawadidone in #317
- Update EWF container to reflect library updates by @Schamper in #343
- Add NamespacePlugin by @cecinestpasunepipe in #334
- Generic config_tree implementation by @Miauwkeru in #354
- Update Carbon Black loader to latest API by @sud0woodo in #244
- Added SMB filesystem support by @Paradoxis in #331
- Use lstat instead of stat in target-mount by @Schamper in #360
- Add additional AnyDesk paths by @DevJoost in #362
- Update Citrix _os.py for correct timezone detection by @RGlintmeijer in #363
- Fix Citrix NetScaler version check by @yunzheng in #365
- Update VelociraptorLoader based on version 0.7.0 by @Zawadidone in #358
- Add support for ufw by @JSCU-CNI in #366
- Improve tar loader for windows by @JSCU-CNI in #353
- Handle hardlink or regular file for /etc/localtime by @yunzheng in #367
- Fix UTMP misinterpretation of IPv6 addresses by @Zawadidone in #292
- Fix infinite loop in
reverse_readlinesby @Schamper in #359 - Fix incorrect record annotation iOS by @cecinestpasunepipe in #372
- Create generic quarantine records for non-files by @MaxGroot in #376
- Zip loader for Velociraptor packages by @OlafHaalstra in #355
- Fix/make journal plugin compatible with new expression parser by @cecinestpasunepipe in #377
- Add support for Symantec SEP by @cecinestpasunepipe in #374
- Fix st_nlinks for all filesystem implementations by @Schamper in #368
- Update to flow.record 3.12 by @pyrco in #378
- Mount volatile Linux directories when running on a local target by @pyrco in #375
- Add support for more history files by @JSCU-CNI in #321
- Add loader for UTM virtual machines by @Schamper in #379
- Change all remaining uri types to path by @Schamper in #373
- Harmonize Compatibility Checks by @cecinestpasunepipe in #382
- Improve remote loader test by @cecinestpasunepipe in #381
- Make Unix home path a Posix path by @Poeloe in #389
- Make source field value a posix path by @Poeloe in #391
- Improve OS X error handling by @Zawadidone in #383
- Prioritize OS specific plugins by @Schamper in #393
- Add support for Linux MD RAID by @Schamper in #327
- Don't warn on empty or missing RegBack hives by @Schamper in #388
- Set UTF-8 as default encoding for open_decompress by @Poeloe in #390
- Fix logging of incompatible plugins by @Schamper in #395
- Add plugins for volatile Linux artefacts by @Horofic in #241
- Add ZipFilesystem as an openable filesystem by @Schamper in #396
- Fix implicit cast in amcache.applications record by @pyrco in #400
- Add support for decrypting System DPAPI secrets by @cobyge in #305
- Dynamic targetd agent support (DIS-1914) by @cecinestpasunepipe in #392
- Get scheduled task display name with filename by @0x49736b in #401
- Allow DefaultOS to access all plugins by @cecinestpasunepipe in #398
- Support duplicate volume names in target-mount by @Schamper in #397
- Add a plugin to parse notifications from Windows appdb.dat by @pyrco in #394
- Update LVM volume system to reflect library update by @Schamper in #371
- Add Modules/Lsmod plugin by @DevJoost in #364
New Contributors
- @Paradoxis made their first contribution in #331
- @DevJoost made their first contribution in #362
- @RGlintmeijer made their first contribution in #363
- @OlafHaalstra made their first contribution in #355
- @0x49736b made their first contribution in #401
Full Changelog: 3.11.1...3.12
Contributors
yunzheng, Schamper, and 15 other contributors
Assets 2
3.11.1
3.11
What's Changed
- Add iptables plugin by @JSCU-CNI in #262
- Skip directories in _parse_os_release by @yunzheng in #308
- Make lazy import exception handler more broad by @Schamper in #309
- Update WSL plugin to use registry to find all WSL instances by @sulonl in #290
- Fix Dirloader to work with acquired dirs (-ot) by @cecinestpasunepipe in #307
- Support multipe tasks per XML file by @Poeloe in #311
- Add missing init by @cecinestpasunepipe in #316
- Fix 'test_fs_attrs_no_os_listxattr' on Darwin by @nrhtr in #315
- Improve empty response handling targetd by @cecinestpasunepipe in #310
- Add target-query improvements by @JSCU-CNI in #263
- Add Windows support for the ssh plugin by @Miauwkeru in #306
- Add a globbing function to the registry plugin by @pyrco in #313
- Support more log data types for etl by @Miauwkeru in #314
- Remove return in constructor by @JSCU-CNI in #323
- Only support simple assignments in config parser by @Schamper in #312
- Register squashfs filesystem by @JSCU-CNI in #324
- Clarify the relation between users and user hives by @pyrco in #326
- Fix child detection on Unix by @JSCU-CNI in #332
- Clean the systemd service configuration parser by @Miauwkeru in #325
target-fsalso load targets as directory by @Zawadidone in #333- Add OpenVPN configuration plugin by @cobyge in #275
- Disable threads in target-mount by @Schamper in #335
- Add OSX user plugins by @Zawadidone in #320
- Remove EWF loader in favor of the EWF container by @Schamper in #337
- Turn
interpolationoff for the systemd configparser by @Miauwkeru in #339 - Add
entercommand for entering sub-target shells by @Schamper in #328 - Add MultiRawLoader by @Schamper in #341
- Use hasattr(instance) to check for TargetdLoader by @Miauwkeru in #347
- Add OSX ips function by @Zawadidone in #348
- IIS only add logfiles if it exists in the xml by @Miauwkeru in #344
- Allow Default/None-OS to access plugins by @cecinestpasunepipe in #346
- Check for "instance" on the _loader variable by @Miauwkeru in #352
- Fix duplicate files upon saving dirs in target-shell by @cecinestpasunepipe in #349
New Contributors
Full Changelog: 3.10...3.11
Contributors
nrhtr, yunzheng, and 9 other contributors