do things manually

.envs/.local/.django

@@ -38,6 +38,16 @@ LOCAL_YARA_PATH=/yara
 DEFAULT_YARA_RULE_PATH=/yara/default.yara
 VOLATILITY_SYMBOL_DOWNLOAD_PATH=https://downloads.volatilityfoundation.org/volatility3/symbols
 LOCAL_UPLOAD_PATH=/uploads
+# $ from regipy.plugins.plugin import PLUGINS
+# $ [plugin.NAME for plugin in PLUGINS]
+# ['amcache', 'terminal_services_history', 'bootkey', 'last_logon_plugin', 'winscp_saved_sessions',
+# 'ras_tracing', 'active_control_set', 'timezone_data', 'safeboot_configuration', 'uac_plugin',
+# 'user_assist', 'word_wheel_query', 'print_demon_plugin', 'shimcache', 'usbstor_plugin', 'wdigest',
+# 'installed_programs_ntuser', 'software_classes_installer', 'installed_programs_software', 'background_activity_moderator',
+# 'ntuser_classes_installer', 'typed_urls', 'usrclass_shellbag_plugin', 'network_data', 'image_file_execution_options',
+# 'domain_sid', 'routes', 'boot_entry_list', 'ntuser_shellbag_plugin', 'typed_paths', 'services', 'local_sid',
+# 'host_domain_name', 'profilelist_plugin', 'winrar_plugin', 'ntuser_persistence', 'computer_name', 'network_drives_plugin', 'software_plugin']
+REGIPY_PLUGINS=computer_name,host_domain_name,network_drives_plugin
 
 # Debug
 # ------------------------------------------------------------------------------

config/settings/base.py

@@ -337,3 +337,5 @@
 VOLATILITY_SYMBOL_DOWNLOAD_PATH = env("VOLATILITY_SYMBOL_DOWNLOAD_PATH")
 # path of a remote folder with already uploaded files
 LOCAL_UPLOAD_PATH = env("LOCAL_UPLOAD_PATH")
+# Regipy plugins
+REGIPY_PLUGINS = env.list("REGIPY_PLUGINS")

orochi/utils/volatility_dask_elk.py

@@ -298,7 +298,8 @@ def run_regipy(filepath, plugins=False):
         with open(f"{filepath}.regipy.json", "w") as f:
             json.dump(json.loads(json.dumps(data).replace(r"\u0000", "")), f)
         if plugins:
-            for plugin_class in PLUGINS:
+            plugin_to_run = [x for x in PLUGINS if x.NAME in settings.REGIPY_PLUGINS]
+            for plugin_class in plugin_to_run:
                 plugin = plugin_class(registry_hive, as_json=True)
                 if plugin.can_run():
                     try:
@@ -308,7 +309,7 @@ def run_regipy(filepath, plugins=False):
                                 "hive": hive_name,
                                 "plugin": plugin.NAME,
                                 "data": json.loads(
-                                    json.dumps(data).replace(r"\u0000", "")
+                                    json.dumps(plugin.entries).replace(r"\u0000", "")
                                 ),
                             }
                             dump.regipy_plugins.append(info)