dissect.hypervisor#

View on GitHub

A Dissect module implementing parsers for various hypervisor disk, backup and configuration files.

  • Backup formats

  • Metadata descriptors

  • Virtual disks

    • QCOW2 (QCow2)

    • VDI (VDI)

    • VHD (VHD)

    • VHDX (VHDX)

    • VMDK (VMDK)

  • Miscellaneous

Installation#

dissect.hypervisor is available on PyPI.

$ pip install dissect.hypervisor

This module is also automatically installed if you install the dissect package.

Usage#

This package is a library with a few CLI tools, so you primarily interact with it from Python. For example, to open a VMDK for reading:

from dissect.hypervisor.vmdk import VMDK

with open("/path/to/file.vmdk", "rb") as fh:
    disk = VMDK(fh)
    print(disk.read(512))

Many of the parsers in this package behave in a very similar way, so check the API reference to see how to utilize the parser you need.

Tools#

vma-extract - CLI interface#

Utility to extract all files contained in a VMA backup.

vma-extract [-h] -o OUTPUT [-v] input

vma-extract positional arguments#

  • input - path to vma file (default: None)

vma-extract optional arguments#

  • -h, --help - show this help message and exit

  • -o OUTPUT, --output OUTPUT - path to output directory (default: None)

  • -v, --verbose - increase output verbosity (default: 3)

envelope-decrypt - CLI interface#

Utility to decrypt ESXi envelope files with a given keystore file.

envelope-decrypt [-h] -ks KEYSTORE -o OUTPUT envelope

envelope-decrypt positional arguments#

  • envelope - envelope file (default: None)

envelope-decrypt optional arguments#

  • -h, --help - show this help message and exit

  • -ks KEYSTORE, --keystore KEYSTORE - keystore file (default: None)

  • -o OUTPUT, --output OUTPUT - output file (default: None)

Reference#

For more details, please refer to the API documentation of dissect.hypervisor.