dissect.target.plugins.os.unix.bsd.citrix.history

Module Contents

Classes

CitrixCommandHistoryPlugin

Citrix command history plugin.

Attributes

RE_CITRIX_NETSCALER_BASH_HISTORY_DATE
CITRIX_NETSCALER_BASH_HISTORY_RE

dissect.target.plugins.os.unix.bsd.citrix.history.RE_CITRIX_NETSCALER_BASH_HISTORY_DATE

dissect.target.plugins.os.unix.bsd.citrix.history.CITRIX_NETSCALER_BASH_HISTORY_RE

class dissect.target.plugins.os.unix.bsd.citrix.history.CitrixCommandHistoryPlugin(target: dissect.target.target.Target)

Bases: dissect.target.plugins.os.unix.history.CommandHistoryPlugin

Citrix command history plugin.

COMMAND_HISTORY_ABSOLUTE_PATHS = (('citrix-netscaler-bash', '/var/log/bash.log*'),)

COMMAND_HISTORY_RELATIVE_PATHS = (('bash', '.bash_history'), ('fish', '.local/share/fish/fish_history'), ('mongodb', '.dbshell'),...

commandhistory() → collections.abc.Iterator[dissect.target.plugins.os.unix.history.CommandHistoryRecord]

Return shell history for all Citrix users.

Some entries are returned in reverse chronological order and can contain negative command order integers due to the way Citrix stores bash history commands.

parse_netscaler_bash_history(path: dissect.target.helpers.fsutil.TargetPath) → collections.abc.Iterator[dissect.target.plugins.os.unix.history.CommandHistoryRecord]

Parse bash.log* contents.

parse_netscaler_cli_history(history_file: dissect.target.helpers.fsutil.TargetPath, user: dissect.target.helpers.record.UnixUserRecord) → collections.abc.Iterator[dissect.target.plugins.os.unix.history.CommandHistoryRecord]

Parses the history file of the Citrix Netscaler CLI.

The only difference compared to generic bash history files is that the first line will start with _HiStOrY_V2_, which we will skip.