dissect.target.loaders.mqtt

Module Contents

Classes

InfoMessage

DiskMessage

SeekMessage

MQTTStream

Basic buffered stream that provides easy aligned reads.

MQTTConnection

Broker

MQTTLoader

Load remote targets through a broker.

Functions

suppress

Attributes

log

DISK_INDEX_OFFSET

dissect.target.loaders.mqtt.log
dissect.target.loaders.mqtt.DISK_INDEX_OFFSET = 9
dissect.target.loaders.mqtt.suppress(func: Callable) Callable
class dissect.target.loaders.mqtt.InfoMessage
disks: list[DiskMessage]
class dissect.target.loaders.mqtt.DiskMessage
index: int = 0
sector_size: int = 0
total_size: int = 0
class dissect.target.loaders.mqtt.SeekMessage
data: bytes = b''
class dissect.target.loaders.mqtt.MQTTStream(stream: MQTTConnection, disk_id: int, size: int | None = None)

Bases: dissect.util.stream.AlignedStream

Basic buffered stream that provides easy aligned reads.

Must be subclassed for various stream implementations. Subclasses can implement:

  • _read(offset, length)

  • _seek(pos, whence=io.SEEK_SET)

The offset and length for _read are guaranteed to be aligned. The only time that overriding _seek would make sense is if there’s no known size of your stream, but still want to provide SEEK_END functionality.

Most subclasses of AlignedStream take one or more file-like objects as source. Operations on these subclasses, like reading, will modify the source file-like object as a side effect.

Parameters:

  • size – The size of the stream. This is used in read and seek operations. None if unknown.

  • align – The alignment size. Read operations are aligned on this boundary. Also determines buffer size.

class dissect.target.loaders.mqtt.MQTTConnection(broker: Broker, host: str)
broker
host
prev
factor = 1
prefetch_factor_inc = 10
topo(peers: int) list[str]
info() list[MQTTStream]
read(disk_id: int, offset: int, length: int, optimization_strategy: int) bytes
class dissect.target.loaders.mqtt.Broker(broker: Broker, port: str, key: str, crt: str, ca: str, case: str, **kwargs)
broker_host
broker_port
private_key_file
certificate_file
cacert_file
mqtt_client
connected = False
case
diskinfo
index
topo
factor = 1
clear_cache() None
read(host: str, disk_id: int, seek_address: int, read_length: int) SeekMessage
disk(host: str) DiskMessage
peers(host: str) list[str]
seek(host: str, disk_id: int, offset: int, flength: int, optimization_strategy: int) None
info(host: str) None
topology(host: str) None
connect() None
class dissect.target.loaders.mqtt.MQTTLoader(path: pathlib.Path | str, **kwargs)

Bases: dissect.target.loader.Loader

Load remote targets through a broker.

connection
broker
peers = []
static detect(path: pathlib.Path) bool

Detects wether this Loader class can load this specific path.

Parameters:

path – The target path to check.

Returns:

True if the path can be loaded by a Loader instance. False otherwise.

find_all(**kwargs) Iterator[str]

Finds all targets to load from path.

This can be used to open multiple targets from a target path that doesn’t necessarily map to files on a disk. For example, a wildcard in a hostname a loader that opens targets from an API or Unix socket, such as the Carbon Black loader.

Parameters:

path – The location to a target to try and open multiple paths from.

Returns:

All the target paths found from the source path.

map(target: dissect.target.target.Target) None

Maps the loaded path into a Target.

Parameters:

target – The target that we’re mapping into.