regipy


Nameregipy JSON
Version 5.1.0 PyPI version JSON
download
home_pagehttps://github.com/mkorman90/regipy/
SummaryPython Registry Parser
upload_time2024-12-12 19:16:31
maintainerNone
docs_urlNone
authorMartin G. Korman
requires_pythonNone
licenseMIT
keywords python python3 registry windows registry registry parser
VCS
bugtrack_url
requirements construct attrs click inflection pytz tabulate pytest libfwsi-python libfwps-python
Travis-CI
coveralls test coverage No coveralls.
            
.. image:: https://travis-ci.com/mkorman90/regipy.svg?branch=master
    :target: https://travis-ci.com/mkorman90/regipy

regipy
==========
Regipy is a python library for parsing offline registry hives!

Features:

* Use as a library
* Recurse over the registry hive, from root or a given path and get all subkeys and values
* Read specific subkeys and values
* Apply transaction logs on a registry hive
* Command Line Tools:
    * Dump an entire registry hive to json
    * Apply transaction logs on a registry hive
    * Compare registry hives
    * Execute plugins from a robust plugin system (i.e: amcache, shimcache, extract computer name...)

:Project page: https://github.com/mkorman90/regipy

Using as a library:
--------------------
.. code:: python

    from regipy.registry import RegistryHive
    reg = RegistryHive('/Users/martinkorman/Documents/TestEvidence/Registry/Vibranium-NTUSER.DAT')

    # Iterate over a registry hive recursively:
    for entry in reg.recurse_subkeys(as_json=True):
        print(entry)

    # Iterate over a key and get all subkeys and their modification time:
    for sk in reg.get_key('Software').get_subkeys():
        print(sk.name, convert_wintime(sk.header.last_modified).isoformat())

    # Get values from a specific registry key:
    reg.get_key('Software\Microsoft\Internet Explorer\BrowserEmulation').get_values(as_json=True)

    # Use plugins:
    from regipy.plugins.ntuser.ntuser_persistence import NTUserPersistencePlugin
    NTUserPersistencePlugin(reg, as_json=True).run()

    # Run all supported plugins on a registry hive:
    run_relevant_plugins(reg, as_json=True)

Install
^^^^^^^
Install regipy and the command line tools dependencies:

``pip install regipy[cli]``


NOTE: using pip with ``regipy[cli]`` instead of the plain ``regipy`` is a
significant change from version 1.9.x

For using regipy as a library, install only ``regipy`` which comes with fewer
dependencies:

``pip install regipy``

            

Raw data

            {
    "_id": null,
    "home_page": "https://github.com/mkorman90/regipy/",
    "name": "regipy",
    "maintainer": null,
    "docs_url": null,
    "requires_python": null,
    "maintainer_email": null,
    "keywords": "Python, Python3, registry, windows registry, registry parser",
    "author": "Martin G. Korman",
    "author_email": "martin@centauri.co.il",
    "download_url": "https://files.pythonhosted.org/packages/92/7d/c6266028167cf368d496a0e90e257b5ac35e9241d5c8d5c0bfdb852c4162/regipy-5.1.0.tar.gz",
    "platform": null,
    "description": "\n.. image:: https://travis-ci.com/mkorman90/regipy.svg?branch=master\n    :target: https://travis-ci.com/mkorman90/regipy\n\nregipy\n==========\nRegipy is a python library for parsing offline registry hives!\n\nFeatures:\n\n* Use as a library\n* Recurse over the registry hive, from root or a given path and get all subkeys and values\n* Read specific subkeys and values\n* Apply transaction logs on a registry hive\n* Command Line Tools:\n    * Dump an entire registry hive to json\n    * Apply transaction logs on a registry hive\n    * Compare registry hives\n    * Execute plugins from a robust plugin system (i.e: amcache, shimcache, extract computer name...)\n\n:Project page: https://github.com/mkorman90/regipy\n\nUsing as a library:\n--------------------\n.. code:: python\n\n    from regipy.registry import RegistryHive\n    reg = RegistryHive('/Users/martinkorman/Documents/TestEvidence/Registry/Vibranium-NTUSER.DAT')\n\n    # Iterate over a registry hive recursively:\n    for entry in reg.recurse_subkeys(as_json=True):\n        print(entry)\n\n    # Iterate over a key and get all subkeys and their modification time:\n    for sk in reg.get_key('Software').get_subkeys():\n        print(sk.name, convert_wintime(sk.header.last_modified).isoformat())\n\n    # Get values from a specific registry key:\n    reg.get_key('Software\\Microsoft\\Internet Explorer\\BrowserEmulation').get_values(as_json=True)\n\n    # Use plugins:\n    from regipy.plugins.ntuser.ntuser_persistence import NTUserPersistencePlugin\n    NTUserPersistencePlugin(reg, as_json=True).run()\n\n    # Run all supported plugins on a registry hive:\n    run_relevant_plugins(reg, as_json=True)\n\nInstall\n^^^^^^^\nInstall regipy and the command line tools dependencies:\n\n``pip install regipy[cli]``\n\n\nNOTE: using pip with ``regipy[cli]`` instead of the plain ``regipy`` is a\nsignificant change from version 1.9.x\n\nFor using regipy as a library, install only ``regipy`` which comes with fewer\ndependencies:\n\n``pip install regipy``\n",
    "bugtrack_url": null,
    "license": "MIT",
    "summary": "Python Registry Parser",
    "version": "5.1.0",
    "project_urls": {
        "Homepage": "https://github.com/mkorman90/regipy/"
    },
    "split_keywords": [
        "python",
        " python3",
        " registry",
        " windows registry",
        " registry parser"
    ],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "21ef548e422998ca404e0d13ffd6545c12af68300ed90f179dea8d0fd40c6db0",
                "md5": "0067a663da4025c464a34475db650097",
                "sha256": "b212413678ad115b7ff9e0dc176bcd1cffc69cb6a1131848752673b629a4c53f"
            },
            "downloads": -1,
            "filename": "regipy-5.1.0-py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "0067a663da4025c464a34475db650097",
            "packagetype": "bdist_wheel",
            "python_version": "py3",
            "requires_python": null,
            "size": 105892,
            "upload_time": "2024-12-12T19:16:30",
            "upload_time_iso_8601": "2024-12-12T19:16:30.525332Z",
            "url": "https://files.pythonhosted.org/packages/21/ef/548e422998ca404e0d13ffd6545c12af68300ed90f179dea8d0fd40c6db0/regipy-5.1.0-py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        },
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "927dc6266028167cf368d496a0e90e257b5ac35e9241d5c8d5c0bfdb852c4162",
                "md5": "2a81c40fd08435a812efa4fc656b1eed",
                "sha256": "c2f7a468e5d21c376ac50097b7e148cd43fe17ccaf8b8a28b51dce26e6caf62e"
            },
            "downloads": -1,
            "filename": "regipy-5.1.0.tar.gz",
            "has_sig": false,
            "md5_digest": "2a81c40fd08435a812efa4fc656b1eed",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": null,
            "size": 77001,
            "upload_time": "2024-12-12T19:16:31",
            "upload_time_iso_8601": "2024-12-12T19:16:31.951036Z",
            "url": "https://files.pythonhosted.org/packages/92/7d/c6266028167cf368d496a0e90e257b5ac35e9241d5c8d5c0bfdb852c4162/regipy-5.1.0.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2024-12-12 19:16:31",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "github_user": "mkorman90",
    "github_project": "regipy",
    "travis_ci": true,
    "coveralls": false,
    "github_actions": true,
    "circle": true,
    "requirements": [
        {
            "name": "construct",
            "specs": [
                [
                    "==",
                    "2.10.68"
                ]
            ]
        },
        {
            "name": "attrs",
            "specs": [
                [
                    ">=",
                    "21.4.0"
                ]
            ]
        },
        {
            "name": "click",
            "specs": [
                [
                    "==",
                    "8.0.4"
                ]
            ]
        },
        {
            "name": "inflection",
            "specs": [
                [
                    "==",
                    "0.5.1"
                ]
            ]
        },
        {
            "name": "pytz",
            "specs": []
        },
        {
            "name": "tabulate",
            "specs": [
                [
                    "==",
                    "0.8.9"
                ]
            ]
        },
        {
            "name": "pytest",
            "specs": [
                [
                    "==",
                    "7.0.1"
                ]
            ]
        },
        {
            "name": "libfwsi-python",
            "specs": [
                [
                    "==",
                    "20240315"
                ]
            ]
        },
        {
            "name": "libfwps-python",
            "specs": [
                [
                    "==",
                    "20240310"
                ]
            ]
        }
    ],
    "lcname": "regipy"
}
        
Elapsed time: 0.44998s