artif: update artifact

CHANGELOG.md

@@ -6,15 +6,20 @@
 
 - files/applications/box_drive.yaml: Renamed to box.yaml.
 - files/applications/box.yaml: Added collection support for Box log files [macos].
-- files/applications/wget.yaml: Added collection support for wget hsts file. This file is used to store the HSTS cache for the wget utility [aix, esxi, freebsd, linux, macos, netbsd, openbsd, solaris].
-- files/system/etc.yaml: Added "master.passwd" and "spwd.db" to the exclude_name_pattern list as they contain the hashed passwords of local users [freebsd, netbsd, netscaler, openbsd].
-- files/system/etc.yaml: Added exclusion for the group shadow files 'gshadow' and 'gshadow-'. Those files contain password hashes for groups [linux].
+- files/applications/wget.yaml: Added collection support for wget hsts file. This file is used to store the HSTS cache for the wget utility [aix, esxi, freebsd, linux, macos, netbsd, openbsd, solaris] (by [firexfly](https://github.com/firexfly)).
+- files/browsers/brave.yaml: Updated collection support for Flatpak version [linux].
+- files/browsers/chrome.yaml: Updated collection support for Flatpak version [linux].
+- files/browsers/edge.yaml: Updated collection support for Flatpak version [linux].
+- files/browsers/opera.yaml: Updated collection support for Flatpak version [linux].
+- files/browsers/vivaldi.yaml: Updated collection support for Flatpak version [linux].
+- files/system/etc.yaml: Added "master.passwd" and "spwd.db" to the exclude_name_pattern list as they contain the hashed passwords of local users [freebsd, netbsd, netscaler, openbsd] (by [Herbert-Karl](https://github.com/Herbert-Karl)).
+- files/system/etc.yaml: Added exclusion for the group shadow files 'gshadow' and 'gshadow-'. Those files contain password hashes for groups [linux] (by [Herbert-Karl](https://github.com/Herbert-Karl)).
 - live_response/network/ss.yaml: Updated collection support for processes listening on UDP ports/sockets [android, linux].
 
 ### Profiles
 
-- profiles/offline.yaml: New 'offline' profile that can be used during offline collections.
+- profiles/offline.yaml: New 'offline' profile that can be used during offline collections (by [randomaccess3](https://github.com/randomaccess3)).
 
 ### Tools
 
-- ```statx``` source code was moved to a dedicated repository at https://github.com/tclahr/statx
+- statx source code was moved to a dedicated repository at https://github.com/tclahr/statx

LICENSES.md

@@ -5,4 +5,3 @@ Use of the following Third-Party Software is subject to the license agreements a
 |AVML|Use rights in accordance with the information displayed at: https://github.com/microsoft/avml/blob/main/LICENSE|https://github.com/microsoft/avml|
 |linux_procmemdump.sh|Use rights in accordance with the information displayed at: https://creativecommons.org/licenses/by-sa/4.0||
 |statx|Use rights in accordance with the information displayed at: https://github.com/tclahr/statx/blob/main/LICENSE|https://github.com/tclahr/statx|
-|zip|Use rights in accordance with the information displayed at: https://infozip.sourceforge.net/license.html|https://infozip.sourceforge.net|

README.md

@@ -27,15 +27,15 @@ Project documentation page: [https://tclahr.github.io/uac-docs](https://tclahr.g
 
 ## 🌟 Main Features
 
-- Runs everywhere with no dependencies (no installation required).
+- Run everywhere with no dependencies (no installation required).
 - Customizable and extensible collections and artifacts.
-- Respects the order of volatility during artifacts collection.
-- Collects information from processes running without a binary on disk.
-- Hashes running processes and executable files.
-- Extracts information from files and directories to create a bodyfile (including enhanced file attributes for ext4).
-- Collects user and system configuration files and logs.
-- Collects artifacts from applications.
-- Acquires volatile memory from Linux systems using different methods and tools.
+- Respect the order of volatility during artifact collection.
+- Collect information from processes running without a binary on disk.
+- Hash running processes and executable files.
+- Extract information from files and directories to create a bodyfile (including enhanced file attributes for ext4).
+- Collect user and system configuration files and logs.
+- Collect artifacts from applications.
+- Acquire volatile memory from Linux systems using different methods and tools.
 
 ***
 
@@ -80,7 +80,7 @@ Common usage scenarios may include the following:
 ./uac -a live_response/\*,bodyfile/bodyfile.yaml .
 ```
 
-**Collect all artifacts based on the ```full``` profile, but excludes the ```bodyfile/bodyfile.yaml``` artifact, and create the output file in ```/tmp```.**
+**Collect all artifacts based on the ```full``` profile, but exclude the ```bodyfile/bodyfile.yaml``` artifact, and create the output file in ```/tmp```.**
 
 ```shell
 ./uac -p full -a \!bodyfile/bodyfile.yaml /tmp

artifacts/files/browsers/brave.yaml

@@ -1,4 +1,4 @@
-version: 2.0
+version: 3.0
 artifacts:
   -
     description: Collect Brave browser files.
@@ -17,6 +17,23 @@ artifacts:
     file_type: d
     ignore_date_range: true
     exclude_nologin_users: true
+  -
+    description: Collect Brave browser files (Flatpak version).
+    supported_os: [linux]
+    collector: file
+    path: /%user_home%/.var/app/com.brave.Browser
+    name_pattern: ["Bookmarks*", "Cookies*", "DownloadMetadata", "Extension Cookies*", "Favicons*", "History*", "Login Data*", "Media History*", "Network Action Predictor*", "Network Persistent State", "Preferences", "QuotaManager*", "Reporting and NEL*", "SecurePreferences", "Shortcuts*", "SyncData.sqlite3", "Top Sites*", "Trust Tokens*", "Visited Links", "Web Data*"]
+    ignore_date_range: true
+    exclude_nologin_users: true
+  -
+    description: Collect Brave browser directories (Flatpak version).
+    supported_os: [linux]
+    collector: file
+    path: /%user_home%/.var/app/com.brave.Browser
+    name_pattern: ["Extensions", "File System", "Sessions"]
+    file_type: d
+    ignore_date_range: true
+    exclude_nologin_users: true
   -
     description: Collect Brave browser files (Snap version).
     supported_os: [linux]

artifacts/files/browsers/chrome.yaml

@@ -1,4 +1,4 @@
-version: 2.0
+version: 3.0
 artifacts:
   -
     description: Collect Chrome browser files.
@@ -17,6 +17,23 @@ artifacts:
     file_type: d
     ignore_date_range: true
     exclude_nologin_users: true
+  -
+    description: Collect Chrome browser files (Flatpak version).
+    supported_os: [linux]
+    collector: file
+    path: /%user_home%/.var/app/com.google.Chrome
+    name_pattern: ["Bookmarks*", "Cookies*", "DownloadMetadata", "Extension Cookies*", "Favicons*", "History*", "Login Data*", "Media History*", "Network Action Predictor*", "Network Persistent State", "Preferences", "QuotaManager*", "Reporting and NEL*", "SecurePreferences", "Shortcuts*", "SyncData.sqlite3", "Top Sites*", "Trust Tokens*", "Visited Links", "Web Data*"]
+    ignore_date_range: true
+    exclude_nologin_users: true
+  -
+    description: Collect Chrome browser directories (Flatpak version).
+    supported_os: [linux]
+    collector: file
+    path: /%user_home%/.var/app/com.google.Chrome
+    name_pattern: ["Extensions", "File System", "Sessions"]
+    file_type: d
+    ignore_date_range: true
+    exclude_nologin_users: true
   -
     description: Collect Chrome browser files.
     supported_os: [macos]

artifacts/files/browsers/edge.yaml

@@ -1,4 +1,4 @@
-version: 2.0
+version: 3.0
 artifacts:
   -
     description: Collect Edge browser files.
@@ -17,6 +17,23 @@ artifacts:
     file_type: d
     ignore_date_range: true
     exclude_nologin_users: true
+  -
+    description: Collect Edge browser files (Flatpak version).
+    supported_os: [linux]
+    collector: file
+    path: /%user_home%/.var/app/com.microsoft.Edge
+    name_pattern: ["Bookmarks*", "Cookies*", "DownloadMetadata", "Extension Cookies*", "Favicons*", "History*", "Login Data*", "Media History*", "Network Action Predictor*", "Network Persistent State", "Preferences", "QuotaManager*", "Reporting and NEL*", "SecurePreferences", "Shortcuts*", "SyncData.sqlite3", "Top Sites*", "Trust Tokens*", "Visited Links", "Web Data*"]
+    ignore_date_range: true
+    exclude_nologin_users: true
+  -
+    description: Collect Edge browser directories (Flatpak version).
+    supported_os: [linux]
+    collector: file
+    path: /%user_home%/.var/app/com.microsoft.Edge
+    name_pattern: ["Extensions", "File System", "Sessions"]
+    file_type: d
+    ignore_date_range: true
+    exclude_nologin_users: true
   -
     description: Collect Edge browser files.
     supported_os: [macos]

artifacts/files/browsers/opera.yaml

@@ -1,4 +1,4 @@
-version: 2.0
+version: 3.0
 artifacts:
   -
     description: Collect Opera browser files.
@@ -17,6 +17,23 @@ artifacts:
     file_type: d
     ignore_date_range: true
     exclude_nologin_users: true
+  -
+    description: Collect Opera browser files (Flatpak version).
+    supported_os: [linux]
+    collector: file
+    path: /%user_home%/.var/app/com.opera.Opera
+    name_pattern: ["Bookmarks*", "Cookies*", "DownloadMetadata", "Extension Cookies*", "Favicons*", "History*", "Login Data*", "Media History*", "Network Action Predictor*", "Network Persistent State", "Preferences", "QuotaManager*", "Reporting and NEL*", "SecurePreferences", "Shortcuts*", "SyncData.sqlite3", "Top Sites*", "Trust Tokens*", "Visited Links", "Web Data*"]
+    ignore_date_range: true
+    exclude_nologin_users: true
+  -
+    description: Collect Opera browser directories (Flatpak version).
+    supported_os: [linux]
+    collector: file
+    path: /%user_home%/.var/app/com.opera.Opera
+    name_pattern: ["Extensions", "File System", "Sessions"]
+    file_type: d
+    ignore_date_range: true
+    exclude_nologin_users: true
   -
     description: Collect Opera browser files (Snap version).
     supported_os: [linux]

artifacts/files/browsers/vivaldi.yaml

@@ -1,4 +1,4 @@
-version: 2.0
+version: 3.0
 artifacts:
   -
     description: Collect Vivaldi browser files.
@@ -17,6 +17,23 @@ artifacts:
     file_type: d
     ignore_date_range: true
     exclude_nologin_users: true
+  -
+    description: Collect Vivaldi browser files (Flatpak version).
+    supported_os: [linux]
+    collector: file
+    path: /%user_home%/.var/app/com.vivaldi.Vivaldi
+    name_pattern: ["Bookmarks*", "Cookies*", "DownloadMetadata", "Extension Cookies*", "Favicons*", "History*", "Login Data*", "Media History*", "Network Action Predictor*", "Network Persistent State", "Preferences", "QuotaManager*", "Reporting and NEL*", "SecurePreferences", "Shortcuts*", "SyncData.sqlite3", "Top Sites*", "Trust Tokens*", "Visited Links", "Web Data*"]
+    ignore_date_range: true
+    exclude_nologin_users: true
+  -
+    description: Collect Vivaldi browser directories (Flatpak version).
+    supported_os: [linux]
+    collector: file
+    path: /%user_home%/.var/app/com.vivaldi.Vivaldi
+    name_pattern: ["Extensions", "File System", "Sessions"]
+    file_type: d
+    ignore_date_range: true
+    exclude_nologin_users: true
   -
     description: Collect Vivaldi browser files.
     supported_os: [macos]