dissect.target.plugins.os.unix.bsd.citrix.history

Module Contents

Classes

CitrixCommandHistoryPlugin

Base class for plugins.

Attributes

RE_CITRIX_NETSCALER_BASH_HISTORY_DATE

CITRIX_NETSCALER_BASH_HISTORY_RE

dissect.target.plugins.os.unix.bsd.citrix.history.RE_CITRIX_NETSCALER_BASH_HISTORY_DATE
dissect.target.plugins.os.unix.bsd.citrix.history.CITRIX_NETSCALER_BASH_HISTORY_RE
class dissect.target.plugins.os.unix.bsd.citrix.history.CitrixCommandHistoryPlugin(target: dissect.target.Target)

Bases: dissect.target.plugins.os.unix.history.CommandHistoryPlugin

Base class for plugins.

Plugins can optionally be namespaced by specifying the __namespace__ class attribute. Namespacing results in your plugin needing to be prefixed with this namespace when being called. For example, if your plugin has specified test as namespace and a function called example, you must call your plugin with test.example:

A Plugin class has the following private class attributes:

  • __namespace__

  • __record_descriptors__

With the following three being assigned in register():

  • __plugin__

  • __functions__

  • __exports__

Additionally, the methods and attributes of Plugin receive more private attributes by using decorators.

The export() decorator adds the following private attributes

  • __exported__

  • __output__: Set with the export() decorator.

  • __record__: Set with the export() decorator.

The internal() decorator and InternalPlugin set the __internal__ attribute. Finally. args() decorator sets the __args__ attribute.

Parameters:

target – The Target object to load the plugin for.

COMMAND_HISTORY_ABSOLUTE_PATHS = (('citrix-netscaler-bash', '/var/log/bash.log*'),)
COMMAND_HISTORY_RELATIVE_PATHS
commandhistory() Iterator[dissect.target.plugins.os.unix.history.CommandHistoryRecord]

Return shell history for all users.

When using a shell, history of the used commands is kept on the system.

parse_netscaler_bash_history(path: dissect.target.helpers.fsutil.TargetPath) Iterator[dissect.target.plugins.os.unix.history.CommandHistoryRecord]

Parse bash.log* contents.

parse_netscaler_cli_history(history_file: dissect.target.helpers.fsutil.TargetPath, user: dissect.target.helpers.record.UnixUserRecord) Iterator[dissect.target.plugins.os.unix.history.CommandHistoryRecord]

Parses the history file of the Citrix Netscaler CLI.

The only difference compared to generic bash history files is that the first line will start with _HiStOrY_V2_, which we will skip.