Extend webserver collection (#264)

qmadev · web-flow · commit 8690319c80ea · 2025-12-09T15:50:58.000+01:00
diff --git a/acquire/acquire.py b/acquire/acquire.py
@@ -17,15 +17,18 @@
 import urllib.request
 import warnings
 from collections import defaultdict
-from itertools import chain, product
+from itertools import product
 from pathlib import Path
 from typing import TYPE_CHECKING, BinaryIO, NamedTuple, NoReturn
 
 from dissect.target import Target
 from dissect.target.filesystems import ntfs
 from dissect.target.helpers import fsutil
 from dissect.target.loaders.local import _windows_get_devices
-from dissect.target.plugins.apps.webserver import iis
+from dissect.target.plugins.apps.webserver.apache import ApachePlugin
+from dissect.target.plugins.apps.webserver.caddy import CaddyPlugin
+from dissect.target.plugins.apps.webserver.iis import IISLogsPlugin
+from dissect.target.plugins.apps.webserver.nginx import NginxPlugin
 from dissect.target.plugins.os.windows.cam import CamPlugin
 from dissect.target.plugins.os.windows.log import evt, evtx
 from dissect.target.tools.utils.cli import args_to_uri
@@ -870,15 +873,36 @@ class IIS(Module):
 
     @classmethod
     def get_spec_additions(cls, target: Target, cli_args: argparse.Namespace) -> Iterator[tuple]:
-        spec = {
-            ("glob", "sysvol\\Windows\\System32\\LogFiles\\W3SVC*\\*.log"),
-            ("glob", "sysvol\\Windows.old\\Windows\\System32\\LogFiles\\W3SVC*\\*.log"),
-            ("glob", "sysvol\\inetpub\\logs\\LogFiles\\*.log"),
-            ("glob", "sysvol\\inetpub\\logs\\LogFiles\\W3SVC*\\*.log"),
-            ("glob", "sysvol\\Resources\\Directory\\*\\LogFiles\\Web\\W3SVC*\\*.log"),
-        }
-        iis_plugin = iis.IISLogsPlugin(target)
-        spec.update(("path", log_path) for log_path in chain(*iis_plugin.log_dirs.values()))
+        warnings.warn(
+            "--iis is deprecated in favor of --webserver-logs and will be removed in acquire 3.22",
+            DeprecationWarning,
+            stacklevel=2,
+        )
+        return Webserver.get_spec_additions(cls, target, cli_args)
+
+
+@register_module("--webserver")
+class Webserver(Module):
+    DESC = "Various webserver logs and configuration files"
+
+    @classmethod
+    def get_spec_additions(cls, target: Target, cli_args: argparse.Namespace) -> Iterator[tuple]:
+        spec = set()
+        subclasses = [
+            ApachePlugin,
+            CaddyPlugin,
+            IISLogsPlugin,
+            NginxPlugin,
+        ]
+
+        for subclass in subclasses:
+            if subclass.__name__ == "IISLogsPlugin" and target.os != "windows":
+                continue
+
+            webserver = subclass(target)
+            for log_path in webserver.get_all_paths():
+                spec.add(("path", log_path))
+
         return spec
 
 
diff --git a/pyproject.toml b/pyproject.toml
@@ -26,7 +26,7 @@ classifiers = [
 ]
 dependencies = [
     "dissect.cstruct>=4,<5",
-    "dissect.target>=3.24,<4",
+    "dissect.target>=3.25.dev,<4",  # TODO: update on release
 ]
 dynamic = ["version"]
 
@@ -47,7 +47,7 @@ full = [
 dev = [
     "acquire[full]",
     "dissect.cstruct>=4.0.dev,<5.0.dev",
-    "dissect.target[dev]>=3.24.dev,<4.0.dev",
+    "dissect.target[dev]>=3.25.dev,<4.0.dev",
 ]
 
 [dependency-groups]

Original file line number	Diff line number	Diff line change
`@@ -26,7 +26,7 @@ classifiers = [`
`26`	`26`	`]`
`27`	`27`	`dependencies = [`
`28`	`28`	`"dissect.cstruct>=4,<5",`
`29`		`- "dissect.target>=3.24,<4",`
	`29`	`+ "dissect.target>=3.25.dev,<4", # TODO: update on release`
`30`	`30`	`]`
`31`	`31`	`dynamic = ["version"]`
`32`	`32`
`@@ -47,7 +47,7 @@ full = [`
`47`	`47`	`dev = [`
`48`	`48`	`"acquire[full]",`
`49`	`49`	`"dissect.cstruct>=4.0.dev,<5.0.dev",`
`50`		`- "dissect.target[dev]>=3.24.dev,<4.0.dev",`
	`50`	`+ "dissect.target[dev]>=3.25.dev,<4.0.dev",`
`51`	`51`	`]`
`52`	`52`
`53`	`53`	`[dependency-groups]`