dissect.hypervisor

View on GitHub

A Dissect module implementing parsers for various hypervisor disk and configuration files.

• Metadata descriptors

  • Hyper-V VMCX and friends (HyperVFile)

  • OVF (OVF)

  • VMX (VMX)

• Virtual disks

  • QCOW2 (QCow2)

  • VDI (VDI)

  • VHD (VHD)

  • VHDX (VHDX)

  • VMDK (VMDK)

• Miscellaneous

  • ESXi envelope (Envelope) and key store (KeyStore)

  • ESXi visortar/vmtar (vmtar)

Installation

dissect.hypervisor is available on PyPI.

$ pip install dissect.hypervisor

This module is also automatically installed if you install the dissect package.

Usage

This package is a library with a few CLI tools, so you primarily interact with it from Python. For example, to open a VMDK for reading:

from dissect.hypervisor.vmdk import VMDK

with open("/path/to/file.vmdk", "rb") as fh:
    disk = VMDK(fh)
    print(disk.read(512))

Many of the parsers in this package behave in a very similar way, so check the API reference to see how to utilize the parser you need.

Tools

envelope-decrypt - CLI interface

Utility to decrypt ESXi envelope files with a given keystore file.

envelope-decrypt [-h] -ks KEYSTORE -o OUTPUT envelope

envelope-decrypt positional arguments

• envelope - envelope file (default: None)

envelope-decrypt optional arguments

• -h, --help - show this help message and exit

• -ks KEYSTORE, --keystore KEYSTORE - keystore file (default: None)

• -o OUTPUT, --output OUTPUT - output file (default: None)

Reference

For more details, please refer to the API documentation of dissect.hypervisor.