Python Registry Parser

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for martink from gravatar.com martink

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: Martin G. Korman
  • Tags Python , Python3 , registry , windows registry , registry parser
Classifiers
Report project as malware

Project description

https://travis-ci.com/mkorman90/regipy.svg?branch=master

regipy

Regipy is a python library for parsing offline registry hives!

Features:

  • Use as a library

  • Recurse over the registry hive, from root or a given path and get all subkeys and values

  • Read specific subkeys and values

  • Apply transaction logs on a registry hive

  • Command Line Tools:

    • Dump an entire registry hive to json

    • Apply transaction logs on a registry hive

    • Compare registry hives

    • Execute plugins from a robust plugin system (i.e: amcache, shimcache, extract computer name…)

Project page:

https://github.com/mkorman90/regipy

Using as a library:

from regipy.registry import RegistryHive
reg = RegistryHive('/Users/martinkorman/Documents/TestEvidence/Registry/Vibranium-NTUSER.DAT')

# Iterate over a registry hive recursively:
for entry in reg.rec_subkeys(as_json=True):
    print(entry)

# Iterate over a key and get all subkeys and their modification time:
for sk in reg.get_key('Software').get_subkeys():
    print(sk.name, convert_wintime(sk.header.last_modified).isoformat())

# Get values from a specific registry key:
reg.get_key('Software\Microsoft\Internet Explorer\BrowserEmulation').get_values(as_json=True)

# Use plugins:
from regipy.plugins.ntuser.ntuser_persistence import NTUserPersistencePlugin
NTUserPersistencePlugin(reg, as_json=True).run()

# Run all supported plugins on a registry hive:
run_relevant_plugins(reg, as_json=True)

Install

pip install regipy

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for martink from gravatar.com martink

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: Martin G. Korman
  • Tags Python , Python3 , registry , windows registry , registry parser
Classifiers

Release history Release notifications | RSS feed

6.2.1

6.2.0

6.1.0

6.0.0

5.2.0

5.1.0

5.0.0

4.3.0

4.2.1

4.2.0

4.1.1

4.1.0

4.0.0

3.1.6

3.1.5

3.1.4

3.1.2

3.1.0

3.0.2

3.0.1

3.0.0

2.6.1

2.6.0

2.5.5

2.5.4

2.5.3

2.5.2

2.5.1

2.4.1

2.3.5

2.3.3

2.3.2

2.3.1

2.3.0

2.2.2

2.2.0

2.1.0

2.0.2

2.0.1

2.0.0

1.9.4

1.9.3

1.9.2

1.9.1

1.9.0

1.8.4

1.8.2

1.8.0

1.7.1

1.7.0

1.6.6

1.6.5

1.6.4

1.6.3

1.6.2

1.6.1

1.6.0

1.5.7

1.5.6

1.5.5

1.5.4

1.5.3

1.5.2

1.5.1

1.5.0

1.4.5

1.4.2

This version

1.4.0

1.3.6

1.3.5

1.3.3

1.3.2

1.3.0

1.2.5

1.2.3

1.2.2

1.2.1

1.2.0

1.1.4

1.1.3

1.1.2

1.1.1

1.1.0

1.0.5

1.0.4

1.0.3

1.0.2

1.0.1

1.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

regipy-1.4.0.tar.gz (30.6 kB view details)

Uploaded Source

File details

Details for the file regipy-1.4.0.tar.gz.

File metadata

  • Download URL: regipy-1.4.0.tar.gz
  • Upload date:
  • Size: 30.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/1.13.0 pkginfo/1.5.0.1 requests/2.20.0 setuptools/40.5.0 requests-toolbelt/0.9.1 tqdm/4.31.1 CPython/3.7.3

File hashes

Hashes for regipy-1.4.0.tar.gz
Algorithm Hash digest
SHA256 4f82533ff1e371b05ec513b1bf3e2faeb86cab72e2aefc694dcec5ac49456ca0
MD5 629a222a3f627e0a00e6b3b1ed4b5002
BLAKE2b-256 17241f9a241d09aa1387e806d0a8cd07e4132c78ce102b064fd115ca36cb8070

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page