.. image:: https://travis-ci.com/mkorman90/regipy.svg?branch=master
:target: https://travis-ci.com/mkorman90/regipy
regipy
==========
Regipy is a python library for parsing offline registry hives!
Features:
* Use as a library
* Recurse over the registry hive, from root or a given path and get all subkeys and values
* Read specific subkeys and values
* Apply transaction logs on a registry hive
* Command Line Tools:
* Dump an entire registry hive to json
* Apply transaction logs on a registry hive
* Compare registry hives
* Execute plugins from a robust plugin system (i.e: amcache, shimcache, extract computer name...)
:Project page: https://github.com/mkorman90/regipy
Using as a library:
--------------------
.. code:: python
from regipy.registry import RegistryHive
reg = RegistryHive('/Users/martinkorman/Documents/TestEvidence/Registry/Vibranium-NTUSER.DAT')
# Iterate over a registry hive recursively:
for entry in reg.recurse_subkeys(as_json=True):
print(entry)
# Iterate over a key and get all subkeys and their modification time:
for sk in reg.get_key('Software').get_subkeys():
print(sk.name, convert_wintime(sk.header.last_modified).isoformat())
# Get values from a specific registry key:
reg.get_key('Software\Microsoft\Internet Explorer\BrowserEmulation').get_values(as_json=True)
# Use plugins:
from regipy.plugins.ntuser.ntuser_persistence import NTUserPersistencePlugin
NTUserPersistencePlugin(reg, as_json=True).run()
# Run all supported plugins on a registry hive:
run_relevant_plugins(reg, as_json=True)
Install
^^^^^^^
Install regipy and the command line tools dependencies:
``pip install regipy[cli]``
NOTE: using pip with ``regipy[cli]`` instead of the plain ``regipy`` is a
significant change from version 1.9.x
For using regipy as a library, install only ``regipy`` which comes with fewer
dependencies:
``pip install regipy``
Raw data
{
"_id": null,
"home_page": "https://github.com/mkorman90/regipy/",
"name": "regipy",
"maintainer": null,
"docs_url": null,
"requires_python": null,
"maintainer_email": null,
"keywords": "Python, Python3, registry, windows registry, registry parser",
"author": "Martin G. Korman",
"author_email": "martin@centauri.co.il",
"download_url": "https://files.pythonhosted.org/packages/99/03/e54da3d86e833d728322ffcf8d13d7af8aa1bc81c9b5f072e9496897628b/regipy-5.0.0.tar.gz",
"platform": null,
"description": "\n.. image:: https://travis-ci.com/mkorman90/regipy.svg?branch=master\n :target: https://travis-ci.com/mkorman90/regipy\n\nregipy\n==========\nRegipy is a python library for parsing offline registry hives!\n\nFeatures:\n\n* Use as a library\n* Recurse over the registry hive, from root or a given path and get all subkeys and values\n* Read specific subkeys and values\n* Apply transaction logs on a registry hive\n* Command Line Tools:\n * Dump an entire registry hive to json\n * Apply transaction logs on a registry hive\n * Compare registry hives\n * Execute plugins from a robust plugin system (i.e: amcache, shimcache, extract computer name...)\n\n:Project page: https://github.com/mkorman90/regipy\n\nUsing as a library:\n--------------------\n.. code:: python\n\n from regipy.registry import RegistryHive\n reg = RegistryHive('/Users/martinkorman/Documents/TestEvidence/Registry/Vibranium-NTUSER.DAT')\n\n # Iterate over a registry hive recursively:\n for entry in reg.recurse_subkeys(as_json=True):\n print(entry)\n\n # Iterate over a key and get all subkeys and their modification time:\n for sk in reg.get_key('Software').get_subkeys():\n print(sk.name, convert_wintime(sk.header.last_modified).isoformat())\n\n # Get values from a specific registry key:\n reg.get_key('Software\\Microsoft\\Internet Explorer\\BrowserEmulation').get_values(as_json=True)\n\n # Use plugins:\n from regipy.plugins.ntuser.ntuser_persistence import NTUserPersistencePlugin\n NTUserPersistencePlugin(reg, as_json=True).run()\n\n # Run all supported plugins on a registry hive:\n run_relevant_plugins(reg, as_json=True)\n\nInstall\n^^^^^^^\nInstall regipy and the command line tools dependencies:\n\n``pip install regipy[cli]``\n\n\nNOTE: using pip with ``regipy[cli]`` instead of the plain ``regipy`` is a\nsignificant change from version 1.9.x\n\nFor using regipy as a library, install only ``regipy`` which comes with fewer\ndependencies:\n\n``pip install regipy``\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "Python Registry Parser",
"version": "5.0.0",
"project_urls": {
"Homepage": "https://github.com/mkorman90/regipy/"
},
"split_keywords": [
"python",
" python3",
" registry",
" windows registry",
" registry parser"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "f3c2286dbfdbefb06fc6bb837eed80dda852f4a0338df5c9370745f2fdecccfd",
"md5": "2f7bfc7773e58f27469484e14560a6b5",
"sha256": "498b8b16a970a62a7e3831d098d62eb165f029444b491a3a153d7accc817084e"
},
"downloads": -1,
"filename": "regipy-5.0.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "2f7bfc7773e58f27469484e14560a6b5",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": null,
"size": 104079,
"upload_time": "2024-08-27T19:25:02",
"upload_time_iso_8601": "2024-08-27T19:25:02.604849Z",
"url": "https://files.pythonhosted.org/packages/f3/c2/286dbfdbefb06fc6bb837eed80dda852f4a0338df5c9370745f2fdecccfd/regipy-5.0.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "9903e54da3d86e833d728322ffcf8d13d7af8aa1bc81c9b5f072e9496897628b",
"md5": "135590e4ae42bd2eaa6a69abb9c7621e",
"sha256": "386470a3d4187e69bafbbfef6476aea439b5fd58d1e825df921d95ee81cc849a"
},
"downloads": -1,
"filename": "regipy-5.0.0.tar.gz",
"has_sig": false,
"md5_digest": "135590e4ae42bd2eaa6a69abb9c7621e",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 75657,
"upload_time": "2024-08-27T19:25:04",
"upload_time_iso_8601": "2024-08-27T19:25:04.143503Z",
"url": "https://files.pythonhosted.org/packages/99/03/e54da3d86e833d728322ffcf8d13d7af8aa1bc81c9b5f072e9496897628b/regipy-5.0.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-08-27 19:25:04",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "mkorman90",
"github_project": "regipy",
"travis_ci": true,
"coveralls": false,
"github_actions": true,
"circle": true,
"requirements": [],
"lcname": "regipy"
}