Skip to main content

Python Registry Parser

Project description

https://travis-ci.com/mkorman90/regipy.svg?branch=master

regipy

Regipy is a python library for parsing offline registry hives!

Features:

  • Use as a library

  • Recurse over the registry hive, from root or a given path and get all subkeys and values

  • Read specific subkeys and values

  • Apply transaction logs on a registry hive

  • Command Line Tools:
    • Dump an entire registry hive to json

    • Apply transaction logs on a registry hive

    • Compare registry hives

    • Execute plugins from a robust plugin system (i.e: amcache, shimcache, extract computer name…)

Project page:

https://github.com/mkorman90/regipy

Using as a library:

from regipy.registry import RegistryHive
reg = RegistryHive('/Users/martinkorman/Documents/TestEvidence/Registry/Vibranium-NTUSER.DAT')

# Iterate over a registry hive recursively:
for entry in reg.recurse_subkeys(as_json=True):
    print(entry)

# Iterate over a key and get all subkeys and their modification time:
for sk in reg.get_key('Software').get_subkeys():
    print(sk.name, convert_wintime(sk.header.last_modified).isoformat())

# Get values from a specific registry key:
reg.get_key('Software\Microsoft\Internet Explorer\BrowserEmulation').get_values(as_json=True)

# Use plugins:
from regipy.plugins.ntuser.ntuser_persistence import NTUserPersistencePlugin
NTUserPersistencePlugin(reg, as_json=True).run()

# Run all supported plugins on a registry hive:
run_relevant_plugins(reg, as_json=True)

Install

Install regipy and the command line tools dependencies:

pip install regipy[cli]

NOTE: using pip with regipy[cli] instead of the plain regipy is a significant change from version 1.9.x

For using regipy as a library, install only regipy which comes with fewer dependencies:

pip install regipy

Project details


Release history Release notifications | RSS feed

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

regipy-5.2.0.tar.gz (77.2 kB view details)

Uploaded Source

Built Distribution

regipy-5.2.0-py3-none-any.whl (106.1 kB view details)

Uploaded Python 3

File details

Details for the file regipy-5.2.0.tar.gz.

File metadata

  • Download URL: regipy-5.2.0.tar.gz
  • Upload date:
  • Size: 77.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.9.22

File hashes

Hashes for regipy-5.2.0.tar.gz
Algorithm Hash digest
SHA256 cf1e977625e9dcf6fe4facb0cffa21ce6300bf585dee6d451e5f03b26fc61336
MD5 2b756cbad03bed060f71db88feb7301d
BLAKE2b-256 9a1527bdafd21f4cb822ac0520487bea7b822a0f299a0f2a3083c855d00653e7

See more details on using hashes here.

File details

Details for the file regipy-5.2.0-py3-none-any.whl.

File metadata

  • Download URL: regipy-5.2.0-py3-none-any.whl
  • Upload date:
  • Size: 106.1 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.9.22

File hashes

Hashes for regipy-5.2.0-py3-none-any.whl
Algorithm Hash digest
SHA256 bd00d067bb3643eea25d2da1250d58e31101e8d013499673bfd3c00fa28f77ef
MD5 68bc0ade0e5b2d71f775639ae65602bb
BLAKE2b-256 04e2b9c0ce7fbfc41b6de3a55af5a2f2c108f8c50f1ba41d372316fadd3cc14e

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page