From d4acd4bc6096e351806fa518d00f1f256b560527 Mon Sep 17 00:00:00 2001 From: Miauwkeru Date: Thu, 20 Nov 2025 18:17:50 +0100 Subject: [PATCH 1/5] Replace dissect.esedb and dissect.sql with dissect.database --- .gitmodules | 11 +--- .../projects/dissect.database/index.rst | 62 +++++++++++++++++++ docs/source/projects/dissect.esedb/index.rst | 44 ------------- docs/source/projects/dissect.sql/index.rst | 45 -------------- submodules/dissect.database | 1 + submodules/dissect.esedb | 1 - submodules/dissect.sql | 1 - 7 files changed, 66 insertions(+), 99 deletions(-) create mode 100644 docs/source/projects/dissect.database/index.rst delete mode 100644 docs/source/projects/dissect.esedb/index.rst delete mode 100644 docs/source/projects/dissect.sql/index.rst create mode 160000 submodules/dissect.database delete mode 160000 submodules/dissect.esedb delete mode 160000 submodules/dissect.sql diff --git a/.gitmodules b/.gitmodules index 72aa8d7..6709e5c 100644 --- a/.gitmodules +++ b/.gitmodules @@ -6,10 +6,6 @@ branch = main path = submodules/dissect.cstruct url = https://github.com/fox-it/dissect.cstruct.git -[submodule "submodules/dissect.esedb"] - branch = main - path = submodules/dissect.esedb - url = https://github.com/fox-it/dissect.esedb.git [submodule "submodules/dissect.etl"] branch = main path = submodules/dissect.etl @@ -46,10 +42,6 @@ branch = main path = submodules/dissect.regf url = https://github.com/fox-it/dissect.regf.git -[submodule "submodules/dissect.sql"] - branch = main - path = submodules/dissect.sql - url = https://github.com/fox-it/dissect.sql.git [submodule "submodules/dissect.target"] branch = main path = submodules/dissect.target @@ -125,3 +117,6 @@ [submodule "submodules/dissect.cramfs"] path = submodules/dissect.cramfs url = https://github.com/fox-it/dissect.cramfs.git +[submodule "submodules/dissect.database"] + path = submodules/dissect.database + url = https://github.com/fox-it/dissect.database.git diff --git a/docs/source/projects/dissect.database/index.rst b/docs/source/projects/dissect.database/index.rst new file mode 100644 index 0000000..482d70a --- /dev/null +++ b/docs/source/projects/dissect.database/index.rst @@ -0,0 +1,62 @@ +dissect.database +================ + +.. button-link:: https://github.com/fox-it/dissect.database + :color: primary + :outline: + + :octicon:`mark-github` View on GitHub + +A Dissect module implementing parsers for various database formats, including: + +- Berkeley DB, used for older RPM databases +- Microsoft Extensible Storage Engine (ESE), used for example in Active Directory, Exchange and Windows Update +- SQLite3, commonly used by applications to store configuration data + +Installation +------------ + +``dissect.database`` is available on `PyPI `_. + +.. code-block:: console + + $ pip install dissect.database + +This module is also automatically installed if you install the ``dissect`` package. + +Usage +----- + +This package is a library with no CLI tools, so you can only interact with it from Python. +For example, to print all records of all tables of an SQLite database: + +.. code-block:: python + + from dissect.database.sqlite3 import SQLite3 + + with open("/path/to/file.db", "rb") as fh: + db = SQLite3(fh) + + for table in db.tables(): + for row in table.rows(): + print(row) + +Or to print all records of all tables of an ESE database: + +.. code-block:: python + + from dissect.database.ese import ESE + + with open("/path/to/ese.db", "rb") as fh: + db = ESE(fh) + + for table in db.tables(): + for record in table.get_records(): + print(record) + + +Reference +--------- + +For more details, please refer to the API documentation of :mod:`dissect.database`. + diff --git a/docs/source/projects/dissect.esedb/index.rst b/docs/source/projects/dissect.esedb/index.rst deleted file mode 100644 index 1e6e4e8..0000000 --- a/docs/source/projects/dissect.esedb/index.rst +++ /dev/null @@ -1,44 +0,0 @@ -dissect.esedb -============= - -.. button-link:: https://github.com/fox-it/dissect.esedb - :color: primary - :outline: - - :octicon:`mark-github` View on GitHub - -A Dissect module implementing a parser for Microsoft's Extensible Storage Engine Database (ESEDB), used for example in -Active Directory, Exchange and Windows Update. - -Installation ------------- - -``dissect.esedb`` is available on `PyPI `_. - -.. code-block:: console - - $ pip install dissect.esedb - -This module is also automatically installed if you install the ``dissect`` package. - -Usage ------ - -This package is a library with no CLI tools, so you can only interact with it from Python. For example, to print all records of -all tables of an ESE database: - -.. code-block:: python - - from dissect.esedb import EseDB - - with open("/path/to/ese.db", "rb") as fh: - db = EseDB(fh) - - for table in db.tables(): - for record in table.get_records(): - print(record) - -Reference ---------- - -For more details, please refer to the API documentation of :mod:`dissect.esedb`. diff --git a/docs/source/projects/dissect.sql/index.rst b/docs/source/projects/dissect.sql/index.rst deleted file mode 100644 index 8be02ae..0000000 --- a/docs/source/projects/dissect.sql/index.rst +++ /dev/null @@ -1,45 +0,0 @@ -dissect.sql -=========== - -.. button-link:: https://github.com/fox-it/dissect.sql - :color: primary - :outline: - - :octicon:`mark-github` View on GitHub - -A Dissect module implementing a parsers for the SQLite database file format, commonly used by applications to store -configuration data. - -Installation ------------- - -``dissect.sql`` is available on `PyPI `_. - -.. code-block:: console - - $ pip install dissect.sql - -This module is also automatically installed if you install the ``dissect`` package. - -Usage ------ - -This package is a library with no CLI tools, so you can only interact with it from Python. For example, to print all -records of all tables of an SQLite database: - -.. code-block:: python - - from dissect.sql import SQLite3 - - with open("/path/to/file.db", "rb") as fh: - db = SQLite3(fh) - - for table in db.tables(): - for row in table.rows(): - print(row) - - -Reference ---------- - -For more details, please refer to the API documentation of :mod:`dissect.sql`. diff --git a/submodules/dissect.database b/submodules/dissect.database new file mode 160000 index 0000000..14741f8 --- /dev/null +++ b/submodules/dissect.database @@ -0,0 +1 @@ +Subproject commit 14741f81e50e5fe94014be606d6eb5754501d941 diff --git a/submodules/dissect.esedb b/submodules/dissect.esedb deleted file mode 160000 index d7ed551..0000000 --- a/submodules/dissect.esedb +++ /dev/null @@ -1 +0,0 @@ -Subproject commit d7ed5516a0fa2b96cd0b206404d9a573fa427217 diff --git a/submodules/dissect.sql b/submodules/dissect.sql deleted file mode 160000 index 86d14fc..0000000 --- a/submodules/dissect.sql +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 86d14fc68e1659b83bc4f7edccef159bfa76a359 From b0ca53a2c6df619650b167150ffba5e35c9e5876 Mon Sep 17 00:00:00 2001 From: Miauwkeru Date: Thu, 20 Nov 2025 17:44:21 +0100 Subject: [PATCH 2/5] Add dissect.apfs --- .gitmodules | 3 ++ docs/source/projects/dissect.apfs/index.rst | 43 +++++++++++++++++++++ submodules/dissect.apfs | 1 + 3 files changed, 47 insertions(+) create mode 100644 docs/source/projects/dissect.apfs/index.rst create mode 160000 submodules/dissect.apfs diff --git a/.gitmodules b/.gitmodules index 6709e5c..aa0c4fa 100644 --- a/.gitmodules +++ b/.gitmodules @@ -120,3 +120,6 @@ [submodule "submodules/dissect.database"] path = submodules/dissect.database url = https://github.com/fox-it/dissect.database.git +[submodule "submodules/dissect.apfs"] + path = submodules/dissect.apfs + url = https://github.com/fox-it/dissect.apfs.git diff --git a/docs/source/projects/dissect.apfs/index.rst b/docs/source/projects/dissect.apfs/index.rst new file mode 100644 index 0000000..466e15c --- /dev/null +++ b/docs/source/projects/dissect.apfs/index.rst @@ -0,0 +1,43 @@ +dissect.apfs +============ + +.. button-link:: https://github.com/fox-it/dissect.apfs + :color: primary + :outline: + + :octicon:`mark-github` View on GitHub + +A Dissect module implementing parsers for the APFS file system, a commonly used Apple file system. + +Installation +------------ + +``dissect.apfs`` is available on `PyPI `_. + +.. code-block:: console + + $ pip install dissect.apfs + +This module is also automatically installed if you install the ``dissect`` package. + +Usage +----- + +This package is a library with no CLI tool, so you can only interact with it from Python. +For example, to print a directory listing of the root directory and read a file: + +.. code-block:: python + + from dissect.apfs import APFS + + with open("path/to/apfs/file", "rb") as fh: + apfs = APFS(fh) + + volume = apfs.volume[0] + print(volume.get("/").listdir()) + + +Reference +--------- + +For more details, please refer to the API documentation of :mod:`dissect.apfs`. diff --git a/submodules/dissect.apfs b/submodules/dissect.apfs new file mode 160000 index 0000000..0a1a529 --- /dev/null +++ b/submodules/dissect.apfs @@ -0,0 +1 @@ +Subproject commit 0a1a529dbafe47848188e58748d86b7928fd7753 From 769a23ab1e7054f2e1e23f1f6938e27eb73afa4d Mon Sep 17 00:00:00 2001 From: Miauwkeru Date: Mon, 24 Nov 2025 11:57:04 +0100 Subject: [PATCH 3/5] Update projects --- submodules/acquire | 2 +- submodules/dissect.archive | 2 +- submodules/dissect.btrfs | 2 +- submodules/dissect.cim | 2 +- submodules/dissect.clfs | 2 +- submodules/dissect.cramfs | 2 +- submodules/dissect.cstruct | 2 +- submodules/dissect.etl | 2 +- submodules/dissect.eventlog | 2 +- submodules/dissect.evidence | 2 +- submodules/dissect.executable | 2 +- submodules/dissect.extfs | 2 +- submodules/dissect.fat | 2 +- submodules/dissect.ffs | 2 +- submodules/dissect.fve | 2 +- submodules/dissect.hypervisor | 2 +- submodules/dissect.jffs | 2 +- submodules/dissect.ntfs | 2 +- submodules/dissect.ole | 2 +- submodules/dissect.qnxfs | 2 +- submodules/dissect.regf | 2 +- submodules/dissect.shellitem | 2 +- submodules/dissect.squashfs | 2 +- submodules/dissect.target | 2 +- submodules/dissect.thumbcache | 2 +- submodules/dissect.util | 2 +- submodules/dissect.vmfs | 2 +- submodules/dissect.volume | 2 +- submodules/dissect.xfs | 2 +- submodules/flow.record | 2 +- 30 files changed, 30 insertions(+), 30 deletions(-) diff --git a/submodules/acquire b/submodules/acquire index bb04bb3..9a1e62f 160000 --- a/submodules/acquire +++ b/submodules/acquire @@ -1 +1 @@ -Subproject commit bb04bb3409b18d64f225af38d1b482770ace8781 +Subproject commit 9a1e62f0847278e78f2104c159ace998e52d8759 diff --git a/submodules/dissect.archive b/submodules/dissect.archive index 21ded21..c0c3ff3 160000 --- a/submodules/dissect.archive +++ b/submodules/dissect.archive @@ -1 +1 @@ -Subproject commit 21ded216ed9f9b37c51248bcf5888f9e768cd6ff +Subproject commit c0c3ff3dab2f8549edffec84aacf55b05bdf1be3 diff --git a/submodules/dissect.btrfs b/submodules/dissect.btrfs index ba66e80..315ef70 160000 --- a/submodules/dissect.btrfs +++ b/submodules/dissect.btrfs @@ -1 +1 @@ -Subproject commit ba66e80245d4605f0d3b4f6cc3ad1c1fdd338fab +Subproject commit 315ef7042a663aef6996be089fe66b46937b64c6 diff --git a/submodules/dissect.cim b/submodules/dissect.cim index 32693de..5642f99 160000 --- a/submodules/dissect.cim +++ b/submodules/dissect.cim @@ -1 +1 @@ -Subproject commit 32693de39b3a370cd431b96817f11b2db0914e97 +Subproject commit 5642f99d8ab1a84fd40b10425c7030644105702b diff --git a/submodules/dissect.clfs b/submodules/dissect.clfs index 75f1fbf..7ec7b06 160000 --- a/submodules/dissect.clfs +++ b/submodules/dissect.clfs @@ -1 +1 @@ -Subproject commit 75f1fbf6ed1bec0d49b50dfb0887ccd142727c4b +Subproject commit 7ec7b0638c01ebc00ce834d6f025d1f2d060b6ee diff --git a/submodules/dissect.cramfs b/submodules/dissect.cramfs index 5440481..1394881 160000 --- a/submodules/dissect.cramfs +++ b/submodules/dissect.cramfs @@ -1 +1 @@ -Subproject commit 5440481fe7cbd98b42321a8181a4c6c7e82d02d7 +Subproject commit 1394881cca2faf26212494a67b0e5c6d58ee8ec9 diff --git a/submodules/dissect.cstruct b/submodules/dissect.cstruct index f922343..194b1b5 160000 --- a/submodules/dissect.cstruct +++ b/submodules/dissect.cstruct @@ -1 +1 @@ -Subproject commit f9223430a9820e6b91b027b6cc70c38a34550f3b +Subproject commit 194b1b556c1474b501d9e120d4750d404786056b diff --git a/submodules/dissect.etl b/submodules/dissect.etl index f59d1d9..fa255a5 160000 --- a/submodules/dissect.etl +++ b/submodules/dissect.etl @@ -1 +1 @@ -Subproject commit f59d1d9e180f4a1255eeafe24eb8dbbfd738ee77 +Subproject commit fa255a5131a88da9e95d72b36d003534edce49ea diff --git a/submodules/dissect.eventlog b/submodules/dissect.eventlog index 76983d3..a298fbb 160000 --- a/submodules/dissect.eventlog +++ b/submodules/dissect.eventlog @@ -1 +1 @@ -Subproject commit 76983d3dd373004989e4504a9c691f4791017cc3 +Subproject commit a298fbb02eecc08a0aa3f028ecb57ee689f2759e diff --git a/submodules/dissect.evidence b/submodules/dissect.evidence index 0431af4..971b899 160000 --- a/submodules/dissect.evidence +++ b/submodules/dissect.evidence @@ -1 +1 @@ -Subproject commit 0431af4e8abb709dfdd42ae1fc641c1879652504 +Subproject commit 971b899f1f73bf7e5bb5a9258a7a235e668069d4 diff --git a/submodules/dissect.executable b/submodules/dissect.executable index aed839b..01df4c2 160000 --- a/submodules/dissect.executable +++ b/submodules/dissect.executable @@ -1 +1 @@ -Subproject commit aed839b4ff7f2597492fa36189c0e45e5de00dc9 +Subproject commit 01df4c2e66227e7f084b98c5c2b97f0b40a8d4f5 diff --git a/submodules/dissect.extfs b/submodules/dissect.extfs index 1a862e3..b6d907c 160000 --- a/submodules/dissect.extfs +++ b/submodules/dissect.extfs @@ -1 +1 @@ -Subproject commit 1a862e35c4dee1f4e98523bdbd5642542a422d10 +Subproject commit b6d907c2019373bb79f1c96850cabd1a1c123ea0 diff --git a/submodules/dissect.fat b/submodules/dissect.fat index 468e002..569637f 160000 --- a/submodules/dissect.fat +++ b/submodules/dissect.fat @@ -1 +1 @@ -Subproject commit 468e00202143989fe4671d8890d065c2b4e69c4e +Subproject commit 569637f05520de9911747fe1d8aca0250515bbc4 diff --git a/submodules/dissect.ffs b/submodules/dissect.ffs index cca3288..bb30cb1 160000 --- a/submodules/dissect.ffs +++ b/submodules/dissect.ffs @@ -1 +1 @@ -Subproject commit cca328877afb4d94077394a9a3c9500c72261307 +Subproject commit bb30cb199847ca011daa79cf32c873bc8fa9ffb3 diff --git a/submodules/dissect.fve b/submodules/dissect.fve index e4364bf..964efee 160000 --- a/submodules/dissect.fve +++ b/submodules/dissect.fve @@ -1 +1 @@ -Subproject commit e4364bf98826c36031b43075588eb2e34e53d08b +Subproject commit 964efeebb731b878bb2c852c8bd030795073f137 diff --git a/submodules/dissect.hypervisor b/submodules/dissect.hypervisor index 2e2d0aa..0c89766 160000 --- a/submodules/dissect.hypervisor +++ b/submodules/dissect.hypervisor @@ -1 +1 @@ -Subproject commit 2e2d0aab5c214a99ce99ef4d5f29ca18ee88f1db +Subproject commit 0c8976613a369923e69022304b2f0ed587e997e2 diff --git a/submodules/dissect.jffs b/submodules/dissect.jffs index 3369100..5101fae 160000 --- a/submodules/dissect.jffs +++ b/submodules/dissect.jffs @@ -1 +1 @@ -Subproject commit 3369100d2134a08d2f7fc84fdb2c00d3b10a3cfd +Subproject commit 5101fae20ea60e761747c8a0b3ddc7e664176392 diff --git a/submodules/dissect.ntfs b/submodules/dissect.ntfs index ea6a0ae..cce5fd7 160000 --- a/submodules/dissect.ntfs +++ b/submodules/dissect.ntfs @@ -1 +1 @@ -Subproject commit ea6a0ae3118c0bd4daa98f392e5467db2385e12a +Subproject commit cce5fd7d7b1e3db15da8d12def9d899d88e924fc diff --git a/submodules/dissect.ole b/submodules/dissect.ole index a5e59e1..1ef4a24 160000 --- a/submodules/dissect.ole +++ b/submodules/dissect.ole @@ -1 +1 @@ -Subproject commit a5e59e1aa1a2142fecc6c0f934de8965449967ed +Subproject commit 1ef4a2415731d8a35eac376e44c833b1392511e2 diff --git a/submodules/dissect.qnxfs b/submodules/dissect.qnxfs index adee9ab..1749480 160000 --- a/submodules/dissect.qnxfs +++ b/submodules/dissect.qnxfs @@ -1 +1 @@ -Subproject commit adee9ab1338c2f7d366600aea2a140e050ce453a +Subproject commit 1749480046069461af00ff884f65aa3d0079fcda diff --git a/submodules/dissect.regf b/submodules/dissect.regf index c5b1aad..c0fc829 160000 --- a/submodules/dissect.regf +++ b/submodules/dissect.regf @@ -1 +1 @@ -Subproject commit c5b1aad5bccc7f507646d71d9d90a81401f58b86 +Subproject commit c0fc829a22a1bf753567bd776744f196a41f5b66 diff --git a/submodules/dissect.shellitem b/submodules/dissect.shellitem index a00e1bd..16bf53d 160000 --- a/submodules/dissect.shellitem +++ b/submodules/dissect.shellitem @@ -1 +1 @@ -Subproject commit a00e1bd282e322056d88fc596b76953f9c44b187 +Subproject commit 16bf53da8d5a31bee57e6788a54b04e761d55108 diff --git a/submodules/dissect.squashfs b/submodules/dissect.squashfs index f9d3827..1629277 160000 --- a/submodules/dissect.squashfs +++ b/submodules/dissect.squashfs @@ -1 +1 @@ -Subproject commit f9d3827d0b23bb547b87fa7ef27c0c004084f594 +Subproject commit 162927738da7b6be9c13d3cf249e8cf9949df1ce diff --git a/submodules/dissect.target b/submodules/dissect.target index 8f87679..73dd16d 160000 --- a/submodules/dissect.target +++ b/submodules/dissect.target @@ -1 +1 @@ -Subproject commit 8f876799b51ccdc865b2702761c65980fa1c5773 +Subproject commit 73dd16d197442368ad42e6e2117c047e6a946b4f diff --git a/submodules/dissect.thumbcache b/submodules/dissect.thumbcache index 6abc1ab..291100e 160000 --- a/submodules/dissect.thumbcache +++ b/submodules/dissect.thumbcache @@ -1 +1 @@ -Subproject commit 6abc1ab131723973bc6ab51e81abb6f3ff680df6 +Subproject commit 291100eea29a4ea587731e128b49cd142cb64772 diff --git a/submodules/dissect.util b/submodules/dissect.util index 615b7a7..94da877 160000 --- a/submodules/dissect.util +++ b/submodules/dissect.util @@ -1 +1 @@ -Subproject commit 615b7a7b4576868615a198084705c194aeb8cc6c +Subproject commit 94da877c3c3992bb42d1da449069335fa28d4779 diff --git a/submodules/dissect.vmfs b/submodules/dissect.vmfs index 3f2fa59..a7e4b6b 160000 --- a/submodules/dissect.vmfs +++ b/submodules/dissect.vmfs @@ -1 +1 @@ -Subproject commit 3f2fa59b157be6d500cc6eacb2b870e7f7535092 +Subproject commit a7e4b6be860f18c11ac07783cb1124d60e875012 diff --git a/submodules/dissect.volume b/submodules/dissect.volume index 148aa42..711c231 160000 --- a/submodules/dissect.volume +++ b/submodules/dissect.volume @@ -1 +1 @@ -Subproject commit 148aa420c1c7902a011fe623aa66be3f2c5f0fbe +Subproject commit 711c2314ae2fc1957c3da5c61a7a3f9ebdbd3bde diff --git a/submodules/dissect.xfs b/submodules/dissect.xfs index d828e46..ed0ce9f 160000 --- a/submodules/dissect.xfs +++ b/submodules/dissect.xfs @@ -1 +1 @@ -Subproject commit d828e46c6e6568ed9197435a6dfb2d94279aac91 +Subproject commit ed0ce9fc526c1b1e3eccfbf4e57f2a538e2924a1 diff --git a/submodules/flow.record b/submodules/flow.record index f4eba70..b0cb20a 160000 --- a/submodules/flow.record +++ b/submodules/flow.record @@ -1 +1 @@ -Subproject commit f4eba70f65e0f9a268f5e1421b06df1612a3acee +Subproject commit b0cb20acb0fff515db7b814b9917b9548a380dd9 From bdc1972bc6f930764bbaa6055a08e3b94141fb25 Mon Sep 17 00:00:00 2001 From: Miauwkeru Date: Mon, 24 Nov 2025 13:01:55 +0100 Subject: [PATCH 4/5] Fix target-dump import path --- docs/source/tools/target-dump.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/source/tools/target-dump.rst b/docs/source/tools/target-dump.rst index e530486..a6ab91c 100644 --- a/docs/source/tools/target-dump.rst +++ b/docs/source/tools/target-dump.rst @@ -15,7 +15,7 @@ Usage ----- .. sphinx_argparse_cli:: - :module: dissect.target.tools.dump.run + :module: dissect.target.tools.dump :func: main :prog: target-dump :hook: From a1dc09b61bd3a4001dbf5ffb58100f50c085ae81 Mon Sep 17 00:00:00 2001 From: Miauwkeru Date: Tue, 25 Nov 2025 10:56:05 +0100 Subject: [PATCH 5/5] Use python3.10 for building docs --- .readthedocs.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.readthedocs.yaml b/.readthedocs.yaml index 6cb23b7..6d65f74 100644 --- a/.readthedocs.yaml +++ b/.readthedocs.yaml @@ -3,7 +3,7 @@ version: 2 build: os: ubuntu-22.04 tools: - python: "3.9" + python: "3.10" apt_packages: - git - libfuse2