diff --git a/docs/_docs/user-guide/eldritch.md b/docs/_docs/user-guide/eldritch.md
index acc8e0aab..cf7471203 100644
--- a/docs/_docs/user-guide/eldritch.md
+++ b/docs/_docs/user-guide/eldritch.md
@@ -263,12 +263,6 @@ The file.download method downloads a file at the URI specified in `uri` t
The file.exists method checks if a file or directory exists at the path specified.
-### file.hash
-
-`file.hash(path: str) -> str`
-
-The file.hash method returns a sha256 hash of the file specified in `path`.
-
### file.is_dir
`file.is_dir(path: str) -> bool`
@@ -833,7 +827,7 @@ sys.shell("ls /nofile")
`sys.write_reg_hex(reghive: str, regpath: str, regname: str, regtype: str, regvalue: str) -> Bool`
-The sys.write_reg_hex method returns `True` if registry values are written to the requested registry path and accepts a hexstring as the value argument.
+The sys.write_reg_hex method returns `True` if registry values are written to the requested registry path and accepts a hexstring as the value argument.
An example is below:
```python
@@ -851,7 +845,7 @@ $> sys.write_reg_hex("HKEY_CURRENT_USER","SOFTWARE\\TEST1","FOO1","REG_DWORD_BIG
True
$> sys.write_reg_hex("HKEY_CURRENT_USER","SOFTWARE\\TEST1","FOO1","REG_LINK","deadbeef")
True
-$> sys.write_reg_hex("HKEY_CURRENT_USER","SOFTWARE\\TEST1","FOO1","REG_MULTI_SZ","dead,beef")
+$> sys.write_reg_hex("HKEY_CURRENT_USER","SOFTWARE\\TEST1","FOO1","REG_MULTI_SZ","dead,beef")
True
$> sys.write_reg_hex("HKEY_CURRENT_USER","SOFTWARE\\TEST1","FOO1","REG_RESOURCE_LIST","deadbeef")
True
@@ -859,7 +853,7 @@ $> sys.write_reg_hex("HKEY_CURRENT_USER","SOFTWARE\\TEST1","FOO1","REG_FULL_RESO
True
$> sys.write_reg_hex("HKEY_CURRENT_USER","SOFTWARE\\TEST1","FOO1","REG_RESOURCE_REQUIREMENTS_LIST","deadbeef")
True
-$> sys.write_reg_hex("HKEY_CURRENT_USER","SOFTWARE\\TEST1","FOO1","REG_QWORD","deadbeefdeadbeef")
+$> sys.write_reg_hex("HKEY_CURRENT_USER","SOFTWARE\\TEST1","FOO1","REG_QWORD","deadbeefdeadbeef")
True
```
@@ -885,7 +879,7 @@ $> sys.write_reg_int("HKEY_CURRENT_USER","SOFTWARE\\TEST1","FOO1","REG_DWORD_BIG
True
$> sys.write_reg_int("HKEY_CURRENT_USER","SOFTWARE\\TEST1","FOO1","REG_LINK",12345678)
True
-$> sys.write_reg_int("HKEY_CURRENT_USER","SOFTWARE\\TEST1","FOO1","REG_MULTI_SZ",12345678)
+$> sys.write_reg_int("HKEY_CURRENT_USER","SOFTWARE\\TEST1","FOO1","REG_MULTI_SZ",12345678)
True
$> sys.write_reg_int("HKEY_CURRENT_USER","SOFTWARE\\TEST1","FOO1","REG_RESOURCE_LIST",12345678)
True
@@ -893,7 +887,7 @@ $> sys.write_reg_int("HKEY_CURRENT_USER","SOFTWARE\\TEST1","FOO1","REG_FULL_RESO
True
$> sys.write_reg_int("HKEY_CURRENT_USER","SOFTWARE\\TEST1","FOO1","REG_RESOURCE_REQUIREMENTS_LIST",12345678)
True
-$> sys.write_reg_int("HKEY_CURRENT_USER","SOFTWARE\\TEST1","FOO1","REG_QWORD",12345678)
+$> sys.write_reg_int("HKEY_CURRENT_USER","SOFTWARE\\TEST1","FOO1","REG_QWORD",12345678)
True
```
@@ -901,7 +895,7 @@ True
`sys.write_reg_str(reghive: str, regpath: str, regname: str, regtype: str, regvalue: str) -> Bool`
-The sys.write_reg_str method returns `True` if registry values are written to the requested registry path and accepts a string as the value argument.
+The sys.write_reg_str method returns `True` if registry values are written to the requested registry path and accepts a string as the value argument.
An example is below:
```python
@@ -919,7 +913,7 @@ $> sys.write_reg_str("HKEY_CURRENT_USER","SOFTWARE\\TEST1","FOO1","REG_DWORD_BIG
True
$> sys.write_reg_str("HKEY_CURRENT_USER","SOFTWARE\\TEST1","FOO1","REG_LINK","A PLAIN STRING")
True
-$> sys.write_reg_str("HKEY_CURRENT_USER","SOFTWARE\\TEST1","FOO1","REG_MULTI_SZ","BAR1,BAR2,BAR3")
+$> sys.write_reg_str("HKEY_CURRENT_USER","SOFTWARE\\TEST1","FOO1","REG_MULTI_SZ","BAR1,BAR2,BAR3")
True
$> sys.write_reg_str("HKEY_CURRENT_USER","SOFTWARE\\TEST1","FOO1","REG_RESOURCE_LIST","DEADBEEF")
True
@@ -927,7 +921,7 @@ $> sys.write_reg_str("HKEY_CURRENT_USER","SOFTWARE\\TEST1","FOO1","REG_FULL_RESO
True
$> sys.write_reg_str("HKEY_CURRENT_USER","SOFTWARE\\TEST1","FOO1","REG_RESOURCE_REQUIREMENTS_LIST","DEADBEEF")
True
-$> sys.write_reg_str("HKEY_CURRENT_USER","SOFTWARE\\TEST1","FOO1","REG_QWORD","1234567812345678")
+$> sys.write_reg_str("HKEY_CURRENT_USER","SOFTWARE\\TEST1","FOO1","REG_QWORD","1234567812345678")
True
```
@@ -944,7 +938,7 @@ Some common formating methods are:
- "%Y-%m-%d %H:%M:%S" (24 Hour Time)
- "%Y-%m-%d %I:%M:%S %P" (AM/PM)
-For reference on all available format specifiers, see https://docs.rs/chrono/latest/chrono/format/strftime/index.html
+For reference on all available format specifiers, see
### time.format_to_readable
@@ -957,7 +951,7 @@ Some common formating methods are:
- "%Y-%m-%d %H:%M:%S" (24 Hour Time)
- "%Y-%m-%d %I:%M:%S %P" (AM/PM)
-For reference on all available format specifiers, see https://docs.rs/chrono/latest/chrono/format/strftime/index.html
+For reference on all available format specifiers, see
### time.now
@@ -970,4 +964,3 @@ The time.now method returns the time since UNIX EPOCH (Jan 01 1970). This
`time.sleep(secs: float)`
The time.sleep method sleeps the task for the given number of seconds.
-
diff --git a/implants/lib/eldritch/src/file.rs b/implants/lib/eldritch/src/file.rs
index 92c87deac..ef0b3746c 100644
--- a/implants/lib/eldritch/src/file.rs
+++ b/implants/lib/eldritch/src/file.rs
@@ -3,7 +3,7 @@ mod compress_impl;
mod copy_impl;
mod download_impl;
mod exists_impl;
-mod hash_impl;
+mod find_impl;
mod is_dir_impl;
mod is_file_impl;
mod list_impl;
@@ -16,7 +16,6 @@ mod replace_impl;
mod template_impl;
mod timestomp_impl;
mod write_impl;
-mod find_impl;
use allocative::Allocative;
use derive_more::Display;
@@ -121,10 +120,6 @@ fn methods(builder: &mut MethodsBuilder) {
if false { println!("Ignore unused this var. _this isn't allowed by starlark. {:?}", this); }
exists_impl::exists(path)
}
- fn hash(this: FileLibrary, path: String) -> anyhow::Result {
- if false { println!("Ignore unused this var. _this isn't allowed by starlark. {:?}", this); }
- hash_impl::hash(path)
- }
fn is_dir(this: FileLibrary, path: String) -> anyhow::Result {
if false { println!("Ignore unused this var. _this isn't allowed by starlark. {:?}", this); }
is_dir_impl::is_dir(path)
diff --git a/implants/lib/eldritch/src/file/hash_impl.rs b/implants/lib/eldritch/src/file/hash_impl.rs
deleted file mode 100644
index 090072f03..000000000
--- a/implants/lib/eldritch/src/file/hash_impl.rs
+++ /dev/null
@@ -1,37 +0,0 @@
-use std::path::Path;
-
-use anyhow::Result;
-use sha256::try_digest;
-
-pub fn hash(path: String) -> Result {
- let file_path = Path::new(&path);
- let val = try_digest(file_path)?;
- Ok(val)
-}
-
-#[cfg(test)]
-mod tests {
- use super::*;
- use std::io::prelude::*;
- use tempfile::NamedTempFile;
-
- #[test]
- fn test_hash() -> anyhow::Result<()> {
- // Create file
- let mut tmp_file = NamedTempFile::new()?;
- let path = String::from(tmp_file.path().to_str().unwrap());
-
- // Write to file
- tmp_file.write_all(b"aoeu")?;
-
- // Run our code
- let res = hash(path)?;
-
- assert_eq!(
- res,
- "bc4c24181ed3ce6666444deeb95e1f61940bffee70dd13972beb331f5d111e9b"
- );
-
- Ok(())
- }
-}
diff --git a/implants/lib/eldritch/src/lib.rs b/implants/lib/eldritch/src/lib.rs
index 59dd924c7..4781ccaa8 100644
--- a/implants/lib/eldritch/src/lib.rs
+++ b/implants/lib/eldritch/src/lib.rs
@@ -222,7 +222,7 @@ mod tests {
a.globals(globals);
a.all_true(
r#"
-dir(file) == ["append", "compress", "copy", "download", "exists", "find", "hash", "is_dir", "is_file", "list", "mkdir", "moveto", "read", "remove", "replace", "replace_all", "template", "timestomp", "write"]
+dir(file) == ["append", "compress", "copy", "download", "exists", "find", "is_dir", "is_file", "list", "mkdir", "moveto", "read", "remove", "replace", "replace_all", "template", "timestomp", "write"]
dir(process) == ["info", "kill", "list", "name", "netstat"]
dir(sys) == ["dll_inject", "dll_reflect", "exec", "get_env", "get_ip", "get_os", "get_pid", "get_reg", "get_user", "hostname", "is_linux", "is_macos", "is_windows", "shell", "write_reg_hex", "write_reg_int", "write_reg_str"]
dir(pivot) == ["arp_scan", "bind_proxy", "ncat", "port_forward", "port_scan", "smb_exec", "ssh_copy", "ssh_exec", "ssh_password_spray"]