dissect.target.loaders.mqtt¶
Module Contents¶
Classes¶
Basic buffered stream that provides aligned reads. |
|
Load remote targets through a broker. |
Functions¶
Validates that the provided value is a strictly positive integer. |
|
Convert a string value to an integer representing a valid port number. |
|
Validates that the given value is a valid case name consisting of |
Attributes¶
- dissect.target.loaders.mqtt.HAS_PAHO = True¶
- dissect.target.loaders.mqtt.log¶
- dissect.target.loaders.mqtt.DISK_INDEX_OFFSET = 9¶
- dissect.target.loaders.mqtt.R¶
- dissect.target.loaders.mqtt.suppress(func: collections.abc.Callable[Ellipsis, R]) collections.abc.Callable[Ellipsis, R | None]¶
- class dissect.target.loaders.mqtt.InfoMessage¶
- disks: list[DiskMessage]¶
- class dissect.target.loaders.mqtt.DiskMessage¶
- index: int = 0¶
- sector_size: int = 0¶
- total_size: int = 0¶
- class dissect.target.loaders.mqtt.MqttTransferRatePerSecond(window_size: int = 10)¶
- window_size = 10¶
- timestamps = []¶
- bytes = []¶
- record(timestamp: float, byte_count: int) MqttTransferRatePerSecond¶
- class dissect.target.loaders.mqtt.MqttStream(stream: MqttConnection, disk_id: int, size: int | None = None)¶
Bases:
dissect.util.stream.AlignedStreamBasic buffered stream that provides aligned reads.
- Must be subclassed for various stream implementations. Subclasses can implement:
_read()_seek()
The offset and length for
_readare guaranteed to be aligned for streams of a known size. If your stream has an unknown size (i.e.size == None), reads of length-1(i.e. read until EOF) will be passed through to your implementation of_read. The only time that overriding_seekwould make sense is if there’s no known size of your stream, but still want to provideSEEK_ENDfunctionality.Most subclasses of
AlignedStreamtake one or more file-like objects as source. Operations on these subclasses, like reading, will modify the source file-like object as a side effect.- Parameters:
size – The size of the stream. This is used in read and seek operations.
Noneif unknown.align – The alignment size. Read operations are aligned on this boundary. Also determines buffer size.
- _read(offset: int, length: int, optimization_strategy: int = 0) bytes¶
Read method that backs this aligned stream.
- _seek(pos: int, whence: int = 0) int¶
Calculate and return the new stream position after a seek.
- stream¶
- disk_id¶
- class dissect.target.loaders.mqtt.MqttDiagnosticLine(connection: MqttConnection, total_peers: int)¶
- connection¶
- total_peers¶
- display() None¶
- start() None¶
- class dissect.target.loaders.mqtt.MqttConnection(broker: Broker, host: str)¶
- broker = None¶
- host = None¶
- prev = -1¶
- factor = 1¶
- prefetch_factor_inc = 10¶
- retries = 0¶
- info¶
- read¶
- topo(peers: int) list[str]¶
- class dissect.target.loaders.mqtt.Broker(broker: str, port: str, key: str, crt: str, ca: str, case: str, username: str, password: str, **kwargs)¶
- broker_host = None¶
- broker_port = None¶
- private_key_file = None¶
- certificate_file = None¶
- cacert_file = None¶
- mqtt_client = None¶
- connected = False¶
- case = None¶
- bytes_received = 0¶
- monitor = False¶
- username = None¶
- password = None¶
- diskinfo: ClassVar[dict]¶
- index: ClassVar[dict]¶
- topo: ClassVar[dict]¶
- factor = 1¶
- command¶
- clear_cache() None¶
- read(host: str, disk_id: int, seek_address: int, read_length: int) SeekMessage¶
- disk(host: str) DiskMessage¶
- peers(host: str) list[str]¶
- seek(host: str, disk_id: int, offset: int, flength: int, optimization_strategy: int) None¶
- info(host: str) None¶
- topology(host: str) None¶
- connect() None¶
- dissect.target.loaders.mqtt.strictly_positive(value: str) int¶
Validates that the provided value is a strictly positive integer.
This function is intended to be used as a type for argparse arguments.
- Parameters:
value (str) – The value to validate.
- Returns:
The validated integer value.
- Return type:
int
- Raises:
argparse.ArgumentTypeError – If the value is not a strictly positive integer.
- dissect.target.loaders.mqtt.port(value: str) int¶
Convert a string value to an integer representing a valid port number.
This function is intended to be used as a type for argparse arguments.
- Parameters:
value (str) – The string representation of the port number.
- Returns:
The port number as an integer.
- Return type:
int
- Raises:
argparse.ArgumentTypeError – If the port number is not an integer or out of the valid range (1-65535).
- dissect.target.loaders.mqtt.case(value: str) str¶
Validates that the given value is a valid case name consisting of alphanumeric characters and underscores only.
This function is intended to be used as a type for argparse arguments.
- Parameters:
value (str) – The case name to validate.
- Returns:
The validated case name if it matches the required pattern.
- Return type:
str
- Raises:
argparse.ArgumentTypeError – If the case name does not match the required pattern.
- class dissect.target.loaders.mqtt.MqttLoader(path: pathlib.Path, **kwargs)¶
Bases:
dissect.target.loader.LoaderLoad remote targets through a broker.
- connection = None¶
- broker = None¶
- peers: ClassVar[list] = []¶
- static detect(path: pathlib.Path) bool¶
Detects wether this
Loaderclass can load this specificpath.- Parameters:
path – The target path to check.
- Returns:
Trueif thepathcan be loaded by aLoaderinstance.Falseotherwise.
- static find_all(path: pathlib.Path, parsed_path: urllib.parse.ParseResult | None = None) collections.abc.Iterator[str]¶
Finds all targets to load from
path.This can be used to open multiple targets from a target path that doesn’t necessarily map to files on a disk. For example, a wildcard in a hostname a loader that opens targets from an API or Unix socket, such as the Carbon Black loader.
- Parameters:
path – The location to a target to try and open multiple paths from.
parsed_path – A URI parsed path to use.
- Returns:
All the target paths found from the source path.
- map(target: dissect.target.target.Target) None¶
Maps the loaded path into a
Target.- Parameters:
target – The target that we’re mapping into.