dissect.target
dissect.target copied to clipboard
fox-it
Create class for macOS network interface plugin
Task 3/4 for network interface plugin
- Create macOS OS-specific class
- Below is the design scheme with notes for macOS:
windows/
_os.py
network.py
_os.py:
Still has the ips export for backwards compatibility
network.py
Can take inspiration from datetime namespace plugin.
Define a NetworkPlugin based on a base class with some defined exports.
It should be defined in plugins/general/network.py, so that the Default OS plugin can also make use of it.
The exported functions can just return empty iterators.
Should also have some @internal functions for interface lookup (similar to user_details)
- interfaces
- InterfaceRecord
- Base record for common stuff, OS specialized fields where applicable
- Can take inspiration from UserRecord/Browser*Record
- Fields (in no particular order):
- Type (TUN/TAP/Physical)
- Name
- Enabled/disabled
- MAC (optional)
- IP / subnet
- VLAN? (macOS/windows)
- Gateway
- DNS server / Search domain (Windows/macOS specific?)
- Proxy (at least macOS specific)
- Metric (Windows specific)
- Interface service order (macOS)
- Last connected (maybe only Windows?)
- Config source (similar to how we use the source field in other records)
- ips -> shorthand for getting all ips
- gateways/mac/dns/other common fields -> idem as ^
macOS notes:
- Most of this information is stored in a plist (/Library/Preferences/SystemConfiguration/preferences.plist)
- scutil can be used for exploration
- Maybe not initially, but maybe nice to research if there's dynamic information available in macOS log files
