Releases: fox-it/dissect.target
Releases · fox-it/dissect.target
3.10
What's Changed
- Remove workarounds to map TargetPaths on path record fields by @pyrco in #258
- Add support for at.exe .job files in scheduled tasks by @Wouter-Jansen in #249
- Skip incompatible unit tests on Windows by @cecinestpasunepipe in #260
- Add loader documentation to list output by @Poeloe in #228
- Handle keyboard interrupts and os errors cleanly for dissect tools by @Miauwkeru in #255
- Implement attr()/lattr() in MappedFile and DirectoryFilesystemEntry by @pyrco in #261
- Update the Phobos loader to use the new NTFS API by @pyrco in #269
- Return correct amcache_install records by @Miauwkeru in #265
- Add ssl support to targetd loader by @cecinestpasunepipe in #268
- Refine plugin system by @cecinestpasunepipe in #259
- Remove Loaders from -f in bash autocompletion script by @Miauwkeru in #271
- Add useful trove classifiers to pyproject.toml by @pyrco in #279
- Add a plugin to extract AppX debug information registry keys by @pyrco in #277
- Fix sequential bug caused by copy-by-reference mistake in plugin system by @cecinestpasunepipe in #282
- Add support for Sophos Home and Sophos Hitman by @cecinestpasunepipe in #281
- Add IIS logs to LogLoader by @cecinestpasunepipe in #278
- Fix parsing WER files that do not have a BOM header by @yunzheng in #272
- Allow multiple plugins at once for targetd-loader by @cecinestpasunepipe in #276
- Normalize dev_id when mounting fat disks by @cobyge in #273
- Fix assumption in Hyper-V child plugin by @JSCU-CNI in #264
- Fix mounting ext filesystems for Unix targets by @Schamper in #285
- Add Journal Systemd plugin by @Zawadidone in #242
- Add gpo tasks to tasks plugin by @Poeloe in #267
- Fix the use of deprecated registry.iterkeys() by @pyrco in #287
- Fix resolving invalid symlinks on NTFS by @Schamper in #289
- Add OIDC publish step to workflow by @Miauwkeru in #288
- Change exception by @cecinestpasunepipe in #295
- Fix target-info time zone issue by @cecinestpasunepipe in #294
- Add fallback LS_COLORS scheme to target-shell by @Horofic in #296
- Make FilesystemEntry's is_dir(), is_file() and stat() follow_symlinks parameter aware by @pyrco in #302
- Fix false positive detection McAfee plugin by @cecinestpasunepipe in #297
- Add exclusions function to Windows Defender plugin by @MaxGroot in #301
- Add support for gpo tasks that are wrapped in other tasks by @cecinestpasunepipe in #298
New Contributors
Full Changelog: 3.9...3.10
3.9
What's Changed
- Targetd Loader/Plugin (DIS-1590) by @cecinestpasunepipe in #188
- Fix unix auth log plugin hostname regex by @JSCU-CNI in #208
- Improve unix services plugin by @JSCU-CNI in #198
- Improve reverse_readlines performance by @JSCU-CNI in #204
- Add test cases for case(in)sensitivity of the VirtualFilesystem by @pyrco in #214
- Improve Unix DHCP IP parsing by @JSCU-CNI in #213
- Fix logic bug in unix history plugin by @JSCU-CNI in #222
- Change Lnk(entry) to file-handle by @Horofic in #224
- Add .vmwarevm loader by @Schamper in #221
- Improve the help message for the adpolicy plugin by @pyrco in #225
- Fix ASDF loader by @Schamper in #219
- Add support for unix powershell history by @JSCU-CNI in #212
- Close targetd connection after use by @cecinestpasunepipe in #216
- Proposal processing directory target without wildcard by @cecinestpasunepipe in #218
- Fix ExfatFilesystem/ExfatFilesystemEntry by @pyrco in #217
- Set all import errors to log level info by @Miauwkeru in #230
- Replace tmpdir_name with tmp_path fixture by @Schamper in #232
- Skip empty registry hives by @Schamper in #233
- Fix VmaLoader variable name by @JSCU-CNI in #239
- Fix services plugin for broken symlinks by @JSCU-CNI in #238
- Mount all filesystems in target-mount by @Schamper in #237
- Add dissect.target[yara] as an optional dependency by @Miauwkeru in #229
- Add parser for extensions for chromium browsers by @Wouter-Jansen in #231
- Targetd windows controller by @cecinestpasunepipe in #235
- Fix LVM2 volume names containing hyphens by @Schamper in #245
- Add support for Parallels PVM/PVS/HDD/HDS by @Schamper in #220
- Expand adpolicy plugin to include missing GPO info by @cecinestpasunepipe in #246
- Add evt/evtx-loader by @cecinestpasunepipe in #234
- Fix user_details.find() to return users with uid 0 by @pyrco in #248
- Add documentation testing tooling by @martinvanhensbergen in #227
- Add a help message to mft --compact by @Miauwkeru in #247
- Remove unnecessary newline from tox.ini by @martinvanhensbergen in #251
- Add support for two additional Firefox file locations by @Wouter-Jansen in #250
- Fix etl.shutdown to actually return the ETL shutdown records by @pyrco in #253
- Update README.md by @martinvanhensbergen in #254
- Add LNK test by @Zawadidone in #226
- Fix services plugin failures on linux targets by @Miauwkeru in #252
- Update flow.record dependency to 3.10 by @pyrco in #257
Full Changelog: 3.8...3.9
3.8
What's Changed
- Clean up filesystem detection and add type hints by @Schamper in #168
- Clean up volume system detection by @Schamper in #169
- Change LoaderError to ImportError in target loader by @Schamper in #172
- Improve support for iTunes backup files by @Schamper in #170
- Add nginx, apache and caddy webserver log parsers by @JSCU-CNI in #127
- improve unix audit plugin by @JSCU-CNI in #173
- Fix XML parsing for the wicked networkmanager by @pyrco in #175
- Add open handles plugin by @Poeloe in #171
- Improve detection of system ip addresses on unix by @JSCU-CNI in #133
- Add support for symlinks to target-shell by @Horofic in #118
- Add support for older Hyper-V configurations by @Schamper in #177
- Add missing
__init__.py
to webservers directory by @Schamper in #178 - Fix RootFilesystemEntry's lattr() by @pyrco in #179
- Fix displaying Windows alternate data streams in target-shell by @pyrco in #181
- Print errors in target-shell when running with -q by @pyrco in #180
- Add support for NTFS reparse points by @Schamper in #176
- Add target-info by @JSCU-CNI in #136
- Fix target-info by @Schamper in #186
- Add support for extended zsh history files by @JSCU-CNI in #183
- New implementation of -l/-f/-h by @cecinestpasunepipe in #124
- Improve ssh plugin by @JSCU-CNI in #182
- Add unix package manager parsers by @JSCU-CNI in #128
- Fix windows plugins datetime by @Zawadidone in #187
- Backward compatibility fix for plugin namespaces by @cecinestpasunepipe in #192
- Fix TargetPath for CPython 3.11 by @Schamper in #193
- Fix tar loader for targets with '.' folder by @JSCU-CNI in #195
- Improve bash auto completion script by @JSCU-CNI in #197
- Fix namespace non findable plugins by @Zawadidone in #194
- Fix velociraptor loader c folder by @Zawadidone in #185
- Improve unix os-release parsing by @JSCU-CNI in #199
- Move to tox4 and pure pyproject packaging by @pyrco in #202
- Dis 426 add browser download history for each browser plugin by @Wouter-Jansen in #191
- Fix path file accessor by @Zawadidone in #206
- Improve target-shell by @JSCU-CNI in #196
- Make fsutil.open_decompress file extension agnostic by @pyrco in #207
- Remove unnecessary brackets by @Wouter-Jansen in #210
- Log parser for Trend Micro Worry-Free Suite by @cecinestpasunepipe in #205
- Fix external references in documentation by @martinvanhensbergen in #203
- Add McAfee SQLite log parser (DIS-1523) by @cecinestpasunepipe in #200
- Add UsnJrnl path to Velociraptor loader by @Zawadidone in #209
- Make importing and usage of the bz2 module conditional by @pyrco in #211
New Contributors
- @martinvanhensbergen made their first contribution in #203
Full Changelog: 3.7...3.8
3.7
What's Changed
- Fix lastlog struct by @JSCU-CNI in #107
- Add Defender Quarantine Recovery by @MaxGroot in #96
- Add Velociraptor loader by @Zawadidone in #114
- Use TarFilesystemEntry in TarLoader by @Schamper in #112
- Add wireguard config parser plugin by @JSCU-CNI in #111
- Make tasks plugin a bit more robust by @Schamper in #123
- Make mft and mft_timeline plugin a bit more robust by @Schamper in #122
- Add applaunches function to amcache plugin by @JSCU-CNI in #120
- Improve unix command history plugin by @JSCU-CNI in #110
- Add Atop plugin by @Zawadidone in #108
- Refactor chromium based browser plugin by @Wouter-Jansen in #105
- Improve OSPlugin loading by @pyrco in #129
- Add locale plugin for unix and windows by @JSCU-CNI in #116
- Fix missing dependencies for the full extra by @pyrco in #139
- Fix windows sam parsing by @JSCU-CNI in #121
- Update the Windows version and ntversion plugins by @pyrco in #125
- Make defusedxml a main dependency by @pyrco in #140
- Use defusedxml instead of the build in xml module by @pyrco in #141
- Use only .py files when loading plugins by @pyrco in #138
- Improve unix users and passwords parsing by @JSCU-CNI in #126
- Add installdate function for unix and windows by @JSCU-CNI in #132
- Add docker container plugin by @JSCU-CNI in #115
- Make IIS parser more robust by @cecinestpasunepipe in #137
- Add compact flag to mft plugin by @Miauwkeru in #142
- Improve target-fs command line error handling by @pyrco in #143
- Add rudimentary support for zip files by @JSCU-CNI in #117
- Add folder as package by @Zawadidone in #146
- Defender add
DefenderBehaviorQuarantineRecord
to export by @Zawadidone in #152 - Add
IndexRecord
to export thumbcache functions by @Zawadidone in #154 - Small fixes to zip filesystem by @Schamper in #153
- Fix tar filesystem by @JSCU-CNI in #144
- Improve unix messages plugin by @JSCU-CNI in #131
- Improve bash autocompletion script by @Miauwkeru in #151
- Fix incorrect MappedFile behavior by @Schamper in #155
- Run black to satisfy new rules by @Schamper in #156
- Improve the robustness of the InternetExplorerPlugin by @pyrco in #157
- Add auth.log and secure log parsing for unix systems by @JSCU-CNI in #134
- Add WSL child plugin by @JSCU-CNI in #148
- Change path type of ChildTargetRecord by @Schamper in #160
- Change execution report log to debug by @Schamper in #159
- Improve locale for unix and windows by @JSCU-CNI in #150
- Correctly set volume in filesystems by @Schamper in #162
- Update style and pin on black v23.1.0 by @pyrco in #163
- Add isort to flake8 linting by @pyrco in #164
- Update the flow.record dependency to 3.9 by @pyrco in #165
- Fix TarFilesystem regression for relative lookups by @Schamper in #166
New Contributors
Full Changelog: 3.6...3.7
3.6
3.5
What's Changed
- Improve handing of dollar sign in Target Shell by @cecinestpasunepipe in #101
- Make the driveletter case insensitive using the TarLoader by @Miauwkeru in #102
Full Changelog: 3.4...3.5
3.4
What's Changed
- Update setup.cfg with a description field by @pyrco in #58
- Fix links to the documentation by @Miauwkeru in #57
- Fix obtaining user for each key and typehinting by @Poeloe in #51
- Use paths from %path% in Windows path resolver by @pyrco in #50
- Fallback container detection to fh if path fails by @Schamper in #62
- Add option to RemoteLoader to use custom CA by @cecinestpasunepipe in #65
- Add an on-demand test workflow by @pyrco in #66
- Fix ESXi hostname and domain if not configured by @Schamper in #67
- Add Windows Error Reporting plugin by @Poeloe in #60
- Fix VBOX-Loader by @cecinestpasunepipe in #69
- Configure the minimum python version by @pyrco in #72
- Fix typo in OperatingSystem enum by @Miauwkeru in #73
- Improve target-mount usability and performance by @Schamper in #71
- Replace second RemoteLoader with TargetLoader by @lesander in #74
- Update chrome.py by @cobyge in #75
- Firefox: Added path to snap directories by @cobyge in #70
- Add linting for minimal supported Python version by @pyrco in #76
- Add thumbcache plugin by @Miauwkeru in #68
- Allow remote loader to use embedded certificates (DIS-1518) by @cecinestpasunepipe in #77
- Open volume through partition instead of ourselves by @Schamper in #78
- Remove duplicate registration of vmdk and ewf by @Schamper in #79
- Fix birthtime for FFS1 filesystems by @Schamper in #81
- Move stacktrace from warning message to debug by @Schamper in #82
- Refactor filesystem code by @pyrco in #83
- Add USN Journal path acquired by Velociraptor by @Zawadidone in #59
- Add index of Shimcache entry to ShimcacheRecord by @Zawadidone in #64
- Add WordWheelQuery key to MRU plugin by @Miauwkeru in #80
- Add Virtuozzo as child target by @Zawadidone in #85
- Improve Defender records by @cecinestpasunepipe in #86
- Return individual visits for browser history by @Schamper in #92
- Virtuozzo return bool whether target is compatible by @Zawadidone in #89
- Skip emulation drives in local loader by @cecinestpasunepipe in #94
- Adhere to the correct path separators by @pyrco in #90
- Add browser history plugin for Edge by @Wouter-Jansen in #93
- Use the correct volume in the tar loader by @pyrco in #91
- Add MUIcache plugin by @Zawadidone in #87
- Update the version of flow.record to 3.7 by @pyrco in #99
New Contributors
Full Changelog: 3.3...3.4