The Volatility Framework
volatility.plugins.dumpcerts.DumpCerts Class Reference

Dump RSA private and public SSL keys. More...

Inheritance diagram for volatility.plugins.dumpcerts.DumpCerts:
volatility.plugins.procdump.ProcDump volatility.plugins.taskmods.DllList volatility.plugins.common.AbstractWindowsCommand volatility.cache.Testable volatility.commands.Command

Public Member Functions

def __init__ (self, config, args, kwargs)
 
def calculate (self)
 
def get_parsed_fields (self, openssl, fields=["O", OU)
 Get fields from the parsed openssl output. More...
 
def unified_output (self, data)
 
def generator (self, data)
 
def render_text (self, outfd, data)
 
- Public Member Functions inherited from volatility.plugins.procdump.ProcDump
def __init__ (self, config, args, kwargs)
 
def dump_pe (self, space, base, dump_file)
 Dump a PE from an AS into a file. More...
 
def calculate (self)
 
def unified_output (self, data)
 Renders the tasks to disk images, outputting progress as they go.
 
def generator (self, data)
 
def render_text (self, outfd, data)
 Renders the tasks to disk images, outputting progress as they go.
 
- Public Member Functions inherited from volatility.plugins.taskmods.DllList
def __init__ (self, config, args, kwargs)
 
def unified_output (self, data)
 
def generator (self, data)
 
def render_text (self, outfd, data)
 
def filter_tasks (self, tasks)
 Reduce the tasks based on the user selectable PIDS parameter. More...
 
def calculate (self)
 Produces a list of processes, or just a single process based on an OFFSET.
 
- Public Member Functions inherited from volatility.commands.Command
def __init__ (self, config, _args, _kwargs)
 Constructor uses args as an initializer. More...
 
def help (cls)
 This function returns a string that will be displayed when a user lists available plugins.
 
def calculate (self)
 This function is responsible for performing all calculations. More...
 
def execute (self)
 Executes the plugin command. More...
 
def format_value (self, value, fmt)
 Formats an individual field using the table formatting codes.
 
def table_header
 Table header renders the title row of a table. More...
 
def table_row (self, outfd, args)
 Outputs a single row of a table.
 
def text_cell_renderers (self, columns)
 Returns default renderers for the columns listed.
 
def unified_output (self, data)
 
def render_text (self, outfd, data)
 
def render_greptext (self, outfd, data)
 
def render_json (self, outfd, data)
 
def render_sqlite (self, outfd, data)
 
def render_dot (self, outfd, data)
 
def render_html (self, outfd, data)
 
def render_xlsx (self, outfd, data)
 
- Public Member Functions inherited from volatility.cache.Testable
def calculate (self)
 Empty function used to allow mixin.
 
def test (self)
 This forces the test to be memoised with a key name derived from the class name.
 

Static Public Attributes

dictionary rules = {}
 
tuple rules
 
dictionary type_map
 
- Static Public Attributes inherited from volatility.commands.Command
string op = ""
 
string opts = ""
 
string args = ""
 
string cmdname = ""
 
dictionary meta_info = {}
 
 elide_data = True
 
string tablesep = " "
 
 text_sort_column = None
 
dictionary text_stock_renderers
 

Additional Inherited Members

- Static Public Member Functions inherited from volatility.plugins.taskmods.DllList
def virtual_process_from_physical_offset (addr_space, offset)
 Returns a virtual process from a physical offset in memory.
 
- Static Public Member Functions inherited from volatility.plugins.common.AbstractWindowsCommand
def is_valid_profile (profile)
 
- Static Public Member Functions inherited from volatility.commands.Command
def register_options (config)
 Registers options into a config object provided.
 
def is_valid_profile (profile)
 

Detailed Description

Dump RSA private and public SSL keys.

Member Function Documentation

def volatility.plugins.dumpcerts.DumpCerts.get_parsed_fields (   self,
  openssl,
  fields = ["O",
  OU 
)

Get fields from the parsed openssl output.

Parameters
opensslthe output of an openssl command
fieldsfields of the SSL public or private key certificate that you want to get.
Returns
: a tuple of the field found and the field value.

Member Data Documentation

tuple volatility.plugins.dumpcerts.DumpCerts.rules
static
Initial value:
1 = yara.compile(sources = {
2  'x509' : 'rule x509 {strings: $a = {30 82 ?? ?? 30 82 ?? ??} condition: $a}',
3  'pkcs' : 'rule pkcs {strings: $a = {30 82 ?? ?? 02 01 00} condition: $a}',
4  })
dictionary volatility.plugins.dumpcerts.DumpCerts.type_map
static
Initial value:
1 = {
2  'x509' : '_X509_PUBLIC_CERT',
3  'pkcs' : '_PKCS_PRIVATE_CERT',
4  }

The documentation for this class was generated from the following file: