dissect.target.plugins.os.windows.regf.firewall
#
Module Contents#
Classes#
Plugin that parses firewall rules from the registry. |
Attributes#
- dissect.target.plugins.os.windows.regf.firewall.re_firewall#
- class dissect.target.plugins.os.windows.regf.firewall.FirewallPlugin(target: dissect.target.Target)#
Bases:
dissect.target.plugin.Plugin
Plugin that parses firewall rules from the registry.
- KEY = 'HKLM\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\FirewallRules'#
- FIELD_MAP#
- VALUE_MAP#
- check_compatible()#
Perform a compatibility check with the target.
This function should return
None
if the plugin is compatible with the current target (self.target
). For example, check if a certain file exists. Otherwise it should raise anUnsupportedPluginError
.- Raises:
UnsupportedPluginError – If the plugin could not be loaded.
- firewall()#
Return firewall rules saved in the registry.
For a Windows operating system, the Firewall rules are stored in the HKLMSYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyFirewallRules registry key.
- Yields dynamic records with usually the following fields:
hostname (string): The target hostname. domain (string): The target domain. key (string): The rule key name. version (string): The version field of the rule. action (string): The action of the rule. active (boolean): Whether the rule is active. dir (string): The direction of the rule. protocol (uint32): The specified protocol (UDP=17, TCP=6). lport (string): The listening port of the rule. rport (string): The receiving port of the rule. profile (string): The Profile field of the rule. app (string): The App field of the rule. svc (string): The Svc of the rule. name (string): The Name of the rule. desc (string): The Desc of the rule. embed_ctxt (string): The EmbedCtxt of the rule.