dissect.target.plugins.apps.remoteaccess.rustdesk

Module Contents

Classes

RustdeskPlugin

Rustdesk plugin.

Attributes

RE_LOG_LINE

dissect.target.plugins.apps.remoteaccess.rustdesk.RE_LOG_LINE

class dissect.target.plugins.apps.remoteaccess.rustdesk.RustdeskPlugin(target: dissect.target.target.Target)

Bases: dissect.target.plugins.apps.remoteaccess.remoteaccess.RemoteAccessPlugin

Rustdesk plugin.

__namespace__ = 'rustdesk'

Defines the plugin namespace.

RemoteAccessLogRecord

SERVER_GLOBS = ('%windir%/ServiceProfiles/LocalService/AppData/Roaming/RustDesk/log/server/*.log',...

USER_GLOBS = ('AppData/Roaming/Rustdesk/log/*.log', '.local/share/logs/RustDesk/server/*.log',...

log_files: set[tuple[dissect.target.helpers.fsutil.TargetPath, dissect.target.plugins.general.users.UserDetails | None]]

check_compatible() → None

Perform a compatibility check with the target.

This function should return None if the plugin is compatible with the current target (self.target). For example, check if a certain file exists. Otherwise it should raise an UnsupportedPluginError.

Raises:

UnsupportedPluginError – If the plugin could not be loaded.

logs() → collections.abc.Iterator[RemoteAccessLogRecord]

Parse RustDesk log files.

Rustdesk is a remote desktop application that can be used to get (persistent) access to a machine. The project is open source and can be found at: https://github.com/rustdesk/rustdesk/

The log files are stored in different locations, based on the Target OS and client type. Unlike Anydesk, Rustdesk does carry a time zone designator (TZD).

References

• https://rustdesk.com/docs/en/self-host/rustdesk-server-pro/faq

• https://www.reddit.com/r/rustdesk/comments/1072zst/going_to_need_to_know_where_the_client_installer/

• https://github.com/IRB0T/Remote-Access-Tools—4N6/blob/main/RustDesk/README.md

• https://github.com/rustdesk/rustdesk/wiki/FAQ#access-logs