add pypykatz

Author: daddycocoaman

plugins/pypykatz.py

@@ -0,0 +1,42 @@
+#
+# Author:
+#  Tamas Jos (@skelsec)
+#  Leron Gray (@daddycocoaman)
+#
+# Updated version of the pypykatz plugin for Volatility 3
+
+
+import logging
+from typing import List
+
+from volatility3.framework import interfaces, renderers
+from volatility3.framework.configuration import requirements
+from volatility3.plugins.windows import pslist
+
+from pypykatz.pypykatz import pypykatz as pparser
+
+vollog = logging.getLogger(__name__)
+
+
+class pypykatz(interfaces.plugins.PluginInterface):
+
+    _required_framework_version = (2, 0, 0)
+
+    @classmethod
+    def get_requirements(cls) -> List[interfaces.configuration.RequirementInterface]:
+        return [
+            requirements.TranslationLayerRequirement(
+                name="primary",
+                description="Memory layer for the kernel",
+                architectures=["Intel32", "Intel64"],
+            ),
+            requirements.SymbolTableRequirement(
+                name="nt_symbols", description="Windows kernel symbols"
+            ),
+            requirements.PluginRequirement(
+                name="pslist", plugin=pslist.PsList, version=(2, 0, 0)
+            ),
+        ]
+
+    def run(self):
+        return pparser.go_volatility3(self)

requirements.txt

@@ -1,2 +1,3 @@
 # Required for plugins handling certificate objects
-cryptography>=37.0.1
+cryptography>=37.0.1
+pypykatz>=0.6.6