dissect.target.loaders.profile#

Module Contents#

Classes#

ProfileLoader

A base class for loading a specific path and coupling it to a Target.

ProfileOSPlugin

Base class for OS plugins.
class dissect.target.loaders.profile.ProfileLoader(path, **kwargs)#

Bases: dissect.target.loader.Loader

A base class for loading a specific path and coupling it to a Target.

Implementors of this class are responsible for mapping any type of source data to a Target. Whether that’s to map all VMDK files from a VMX or mapping the contents of a zip file to a virtual filesystem, if it’s something that can be translated to a “disk”, “volume” or “filesystem”, you can write a loader that maps it into a target.

You can do anything you want to manipulate the Target object in your map function, but generally you do one of the following:

  • open a Container and add it to target.disks.

  • open a Volume and add it to target.volumes.

  • open a VirtualFilesystem, add your files into it and add it to target.filesystems.

You don’t need to manually parse volumes or filesystems in your loader, just add the highest level object you have (e.g. a Container of a VMDK file) to the target. However, sometimes you need to get creative. Take a look at the ITunesLoader and TarLoader for some creative examples.

Parameters:

path – The target path to load.

static detect(path)#

Detects wether this Loader class can load this specific path.

Parameters:

path – The target path to check.

Returns:

True if the path can be loaded by a Loader instance. False otherwise.

map(target)#

Maps the loaded path into a Target.

Parameters:

target – The target that we’re mapping into.

class dissect.target.loaders.profile.ProfileOSPlugin(target: dissect.target.Target)#

Bases: dissect.target.plugin.OSPlugin

Base class for OS plugins.

This provides a base class for certain common functions of OS’s, which each OS plugin has to implement separately.

For example, it provides an interface for retrieving the hostname and users of a target.

classmethod detect(target)#

Provide detection of this OSPlugin on a given filesystem.

Note: must be implemented as a classmethod.

Parameters:

fsFilesystem to detect the OS on.

Returns:

The root filesystem / sysvol when found.

classmethod create(target, sysvol)#

Initiate this OSPlugin with the given target and detected filesystem.

Note: must be implemented as a classmethod.

Parameters:

  • target – The Target object.

  • sysvol – The filesystem that was detected in the detect() function.

Returns:

An instantiated version of the OSPlugin.

hostname()#

Required OS function.

Implementations must be decorated with @export(property=True).

Returns:

The hostname as string.

ips()#

Required OS function.

Implementations must be decorated with @export(property=True).

Returns:

The IPs as list.

version()#

Required OS function.

Implementations must be decorated with @export(property=True).

Returns:

The OS version as string.

users()#

Required OS function.

Implementations must be decorated with @export.

Returns:

A list of user records.

os()#

Required OS function.

Implementations must be decorated with @export(property=True)

Returns:

A slug of the OS name, e.g. ‘windows’ or ‘linux’.