|
import sys |
|
import os |
|
import pickle |
|
import argparse |
|
|
|
|
|
DEFAULT_CACHE = os.path.expanduser("~/.cache/volatility3/linux_banners.cache") |
|
parser = argparse.ArgumentParser(description='Inspect and modify the Volatility Linux Banners Cache.') |
|
|
|
parser.add_argument('-c', dest='cache', type=str, default=DEFAULT_CACHE, |
|
help='list the contents of the cache') |
|
parser.add_argument('-l', dest='list', action='store_true', default=False, |
|
help='list the contents of the cache') |
|
parser.add_argument('-b', dest='banner', type=str, default=None, |
|
help='banner to map') |
|
|
|
parser.add_argument('-loc', dest='location', type=str, default=None, |
|
help='location to map the banner too') |
|
|
|
|
|
parser.add_argument('-ob', dest='obanner', type=str, default=None, |
|
help='other banner to map the too') |
|
|
|
|
|
|
|
if __name__ == "__main__": |
|
|
|
args = parser.parse_args() |
|
if not args.list and args.banner is None: |
|
parser.print_help() |
|
sys.exit() |
|
|
|
if args.list: |
|
po = open(args.cache, 'rb') |
|
data = pickle.load(po) |
|
for entry, value in data.items(): |
|
print("{}: ".format(entry.strip(b'\x00\n').strip())) |
|
v = ['\t{}\n'.format(x) for x in value] |
|
print("{}".format("".join(v))) |
|
|
|
f = open(args.cache, 'rb') |
|
emp = pickle.load(f) |
|
f.close() |
|
|
|
update = False |
|
|
|
if args.banner is not None and \ |
|
args.location is not None: |
|
update = True |
|
emp[args.banner.encode()+ b'\n\x00'] = [args.location] |
|
|
|
if args.banner is not None and \ |
|
args.obanner is not None: |
|
ob = args.obanner.encode() |
|
for k, v in emp.items(): |
|
if k.find(ob) > -1: |
|
update = True |
|
emp[args.banner.encode()+ b'\n\x00'] = [args.location] |
|
break |
|
|
|
|
|
if update: |
|
data = open(args.cache, 'rb').read() |
|
open(args.cache+'.backup', 'wb').write(data) |
|
po = open(args.cache, 'wb') |
|
pickle.dump(emp,po) |
|
po.close() |
