Add linux sockscan plugin

[eve-mem]

Hello 👋

This PR adds a first attempt at a sockscan plugin. Based heavily on the vol2 netscan plugin by @atcuno. I've also added another method following the path from a file object as per the sockstat plugin by @gcmoreira, and to display the results this plugin makes heavy use of the great socket handling from sockstat.

I've tried to include scanning for all the types of sockets supported rather than just the INET ones used un the vol2 plugin. I've hard coded the symbols to search for, I think it has reasonably good coverage of most cases but I'd welcome any feedback.

I've tried adding a test case as well - hopefully I've done that correctly.

Thanks for taking the time to review this, and I look forward to and feedback you might have.

Thank you!

Here is a sample of the results:

Volatility 3 Framework 2.6.0

Sock Offset	Family	Type	Proto	Source Addr	Source Port	Destination Addr	Destination Port	State	Filter

0x4416880	AF_UNIX	STREAM	-	/tmp/pulse-JldaJj8OxQLa/native	14054	-	14053	ESTABLISHED	-
0x445a080	AF_UNIX	STREAM	-	-	10706	-	10705	ESTABLISHED	-
0x445a3c0	AF_UNIX	STREAM	-	-	10705	-	10706	ESTABLISHED	-
<snip>
0x1ad6fbc0	AF_INET	STREAM	TCP	0.0.0.0	901	0.0.0.0	0	LISTEN	-
0x1ad78780	AF_UNIX	STREAM	-	-	9767	/var/run/dbus/system_bus_socket	9768	ESTABLISHED	-
<snip>
0x1b5a5000	AF_NETLINK	RAW	NETLINK_KOBJECT_UEVENT	groups:0x00000002	2403	group:0x00000000	0	UNCONNECTED	filter_type=socket_filter,bpf_filter_type=cBPF
0x1b5c8000	AF_NETLINK	RAW	NETLINK_ROUTE	groups:0x000a0501	2363	group:0x00000000	0	UNCONNECTED	-
0x1b5c8400	AF_NETLINK	RAW	NETLINK_KOBJECT_UEVENT	groups:0x00000002	4294963067	group:0x00000000	0	UNCONNECTED	filter_type=socket_filter,bpf_filter_type=cBPF
<snip>
0x1c56bb80	AF_INET	STREAM	TCP	192.168.201.161	22	192.168.201.1	59982	ESTABLISHED	-
<snip>

[eve-mem]

Looks like I've not understood how the testing works, it's my own test that's failing. so I'll update that!

[digitalisx]

Thank you for work @eve-mem

[eve-mem]

Thanks for merging those changes in directly for me @ikelos, and for the suggested fix @digitalisx.

[eve-mem]

Hello @ikelos and @gcmoreira I've tried updating this to work with the various framework changes and updates. You won't have seen this in a little while so I expect you'll have a fair few comments on how I can make this better. Let me know what you think, thanks again for all the help! <3

🦊

[ikelos]

Thanks for being patient with my schedule! It looks like it's there, just a little bit of variable renaming! 5:D

[eve-mem]

Thanks @ikelos

[eve-mem]

@ikelos I've added those doc strings and used your suggestions for the variable names. Thank you for taking the time to look at this.

Sorry for the extra commits when accepting your suggestions, it took me a while to realize it was making a commit for each one 🫤

[ikelos]

Thanks, no problem about the number of changes, I just wanted to make it as easy as possible to apply the changes, lots of commit is no problem if it gets us a mergable result, which it has! 5:D

[eve-mem]

Thank you @ikelos !