Skip to content

Releases: codeyourweb/fastfinder

v2.0.0

30 Jan 13:46
Compare
Choose a tag to compare

What's new?

[v 2.0.0]

  • scan performance improvements (up to 40%)
  • configuration and yara rules RC4 cipher
  • cross-platform SFX deployment kit
  • output and file logger complete rework
  • advanced UI with openfiledialog and realtime logger view
  • triage mode and file and directory watcher
  • CI and unit testing

Ready for battle!

  • fastfinder has been tested with several CERT, CSIRT and SOC use cases
  • examples directory now include real malwares , suspect behaviors or vulnerability scan

Usage

==================================================
  ___       __  ___  ___         __   ___  __
 |__   /\  /__`  |  |__  | |\ | |  \ |__  |__)
 |    /~~\ .__/  |  |    | | \| |__/ |___ |  \

  2021-2022 | Jean-Pierre GARNIER | @codeyourweb
  https://github.com/codeyourweb/fastfinder
==================================================
usage: fastfinder [-h|--help] [-c|--configuration "<value>"] [-b|--build
                  "<value>"] [-o|--output "<value>"] [-n|--no-window]
                  [-u|--no-userinterface] [-v|--verbosity <integer>]
                  [-t|--triage]

                  Incident Response - Fast suspicious file finder

Arguments:

  -h  --help              Print help information
  -c  --configuration     Fastfind configuration file. Default:
  -b  --build             Output a standalone package with configuration and
                          rules in a single binary
  -o  --output            Save fastfinder logs in the specified file
  -n  --no-window         Hide fastfinder window
  -u  --no-userinterface  Hide advanced user interface
  -v  --verbosity         File log verbosity
                                 | 4: Only alert
                                 | 3: Alert and errors
                                 | 2: Alerts,errors and I/O operations
                                 | 1: Full verbosity)
                                . Default: 3
  -t  --triage            Triage mode (infinite run - scan every new file in
                          the input path directories). Default: false

Scan and export file match according to your needs

configuration examples are available under examples/ folder

Future release

I don't plan to add any additional features right now. The next release will be focused on:

  • Stability / performance improvements
  • Unit testing / Code testing coverage / CI
  • Build more examples based on live malwares tradecraft and threat actor campaigns

What's Changed

v1.4.2

05 Jan 22:13
Compare
Choose a tag to compare

What's new?

[v1.4.2]

  • HTTP(S) distant config file
  • distant yara files in configuration (example here)
  • Github workflow and actions for future CI & CD
  • Several minor fixes and performances improvements
  • UI/UX and logging improvements

Ready for battle!

  • fastfinder has been tested in real cases in multiple CERT, CSIRT and SOC
  • examples directory now include real malwares , suspect behaviors or vulnerability scan

Usage

==================================================
  ___       __  ___  ___         __   ___  __
 |__   /\  /__`  |  |__  | |\ | |  \ |__  |__)
 |    /~~\ .__/  |  |    | | \| |__/ |___ |  \

  2021-2022 | Jean-Pierre GARNIER | @codeyourweb
  https://github.com/codeyourweb/fastfinder
==================================================
usage: fastfinder [-h|--help] [-c|--configuration "<value>"] [-b|--build
                  "<value>"] [-o|--output "<value>"] [-n|--nowindow]
                  [-p|--showprogress] [-v|--version]

                  Incident Response - Fast suspicious file finder

Arguments:

  -h  --help           Print help information
  -c  --configuration  Fastfind configuration file. Default: configuration.yaml
  -b  --build          Output a standalone package with configuration and rules
                       in a single binary
  -o  --output         Save fastfinder logs in the specified file
  -n  --nowindow       Hide fastfinder window
  -p  --showprogress   Display I/O analysis progress
  -v  --version        Display fastfinder version

Scan and export file match according to your needs

configuration examples are available under examples/ folder

Future release

I don't plan to add any additional features right now. The next release will be focused on:

  • Stability / performance improvements
  • Unit testing / Code testing coverage / CI
  • Build more examples based on live malwares tradecraft and threat actor campaigns

Full Changelog: 1.4.1...1.4.2

v1.4.1

12 Dec 20:38
Compare
Choose a tag to compare

What's new?

[v1.4.0]

  • Parse content and calculate checksum from files inside archives

[v1.4.1]

  • final console output changes

Usage

usage: fastfinder [-h|--help] [-c|--configuration "<value>"] [-b|--build
                  "<value>"] [-o|--output "<value>"] [-n|--nowindow]
                  [-p|--showprogress] [-v|--version]

                  Incident Response - Fast suspicious file finder

Arguments:

  -h  --help           Print help information
  -c  --configuration  Fastfind configuration file. Default: configuration.yaml
  -b  --build          Output a standalone package with configuration and rules
                       in a single binary
  -o  --output         Save fastfinder logs in the specified file
  -n  --nowindow       Hide fastfinder window
  -p  --showprogress   Display I/O analysis progress
  -v  --version        Display fastfinder version

Scan and export file match according to your needs

configuration examples are available under examples/ folder

Future release

I don't plan to add any additional features right now. The next release will be focused on:

  • Stability / performance improvements
  • Unit testing / Code testing coverage / CI
  • Build more examples based on live malwares tradecraft and threat actor campaigns

Full Changelog: 1.4.0...1.4.1

v1.4.0

12 Dec 19:24
Compare
Choose a tag to compare

What's new?

  • Parse content and calculate checksum from files inside archives

Usage

usage: fastfinder [-h|--help] [-c|--configuration "<value>"] [-b|--build
                  "<value>"] [-o|--output "<value>"] [-n|--nowindow]
                  [-p|--showprogress] [-v|--version]

                  Incident Response - Fast suspicious file finder

Arguments:

  -h  --help           Print help information
  -c  --configuration  Fastfind configuration file. Default: configuration.yaml
  -b  --build          Output a standalone package with configuration and rules
                       in a single binary
  -o  --output         Save fastfinder logs in the specified file
  -n  --nowindow       Hide fastfinder window
  -p  --showprogress   Display I/O analysis progress
  -v  --version        Display fastfinder version

Scan and export file match according to your needs

configuration examples are available under examples/ folder

Future release

I don't plan to add any additional features right now. The next release will be focused on:

  • Stability / performance improvements
  • Unit testing / Code testing coverage / CI
  • Build more examples based on live malwares tradecraft and threat actor campaigns

Full Changelog: 1.3.0...1.4.0

v1.3.0

07 Dec 22:12
Compare
Choose a tag to compare

What's new?

  • Cross-platform compatibility (Windows / Linux)
  • UI & scan progress rendering
  • Performances enhancement
  • Code refactoring and bug fixing

Usage

usage: fastfinder [-h|--help] [-c|--configuration "<value>"] [-b|--build
                  "<value>"] [-o|--output "<value>"] [-n|--nowindow]
                  [-p|--showprogress] [-v|--version]

                  Incident Response - Fast suspicious file finder

Arguments:

  -h  --help           Print help information
  -c  --configuration  Fastfind configuration file. Default: configuration.yaml
  -b  --build          Output a standalone package with configuration and rules
                       in a single binary
  -o  --output         Save fastfinder logs in the specified file
  -n  --nowindow       Hide fastfinder window
  -p  --showprogress   Display I/O analysis progress
  -v  --version        Display fastfinder version

Scan and export file match according to your needs

configuration examples are available under examples/ folder

Future release

I don't plan to add any additional features right now. The next release will be focused on:

  • Stability / performance improvements
  • Unit testing / Code testing coverage / CI
  • Build more examples based on live malwares tradecraft and threat actor campaigns

What's Changed

Full Changelog: 1.2.0...1.3.0

v1.2.0

05 Dec 14:24
Compare
Choose a tag to compare

What's new?

This new version adds a lot of asked features uppon the v1.0 realease:

  • MD5/SHA1/SHA256 checksum matching
  • standard output and error can be redirected in a log file
  • CD-ROM, archives and virtual images parsing
  • ability to run fastfinder without rendering window
  • fastfinder executable, configuration and detection rules packing
  • bug bashing and performances improvement

Usage

usage: fastfinder [-h|--help] -c|--configuration "<value>" [-b|--build
                  "<value>"] [-o|--output "<value>"] [-n|--nowindow]

Arguments:

  -h  --help                Print help information
  -c  --configuration   Fastfind configuration file
  -b  --build               Output a standalone package with configuration and rules in a single binary
  -o  --output            Save fastfinder logs in the specified file
  -n  --nowindow       Hide fastfinder window

Depending on where you are looking for files, FastFinder could be used with admin OR simple user rights.

Scan and export file match according to your needs

configuration examples are available under examples/ folder

input:
    path: [] # match file path AND / OR file name based on simple string 
    content:
        grep: [] # match literal string value inside file contente
        yara: [] # use yara rule and specify rules path(s) for more complex pattern search (wildcards / regex / conditions) 
        checksum: [] # look for md5/sha1/sha256 file checksum match
options:
    findInHardDrives: true	# enumerate hard drives content
    findInRemovableDrives: true # enumerate removable drives content 
    findInNetworkDrives: true # enumerate network drives content
    findInCDRomDrives: true # enumerate physical / virtual cd-rom drives content
output:
    base64Files: true # base64 matched content before copy
    filesCopyPath: '' # empty value will copy matched files in the fastfinder.exe folder

Full Changelog: release...1.2.0

v1.0.0

29 Nov 23:29
Compare
Choose a tag to compare

Usage

fastfinder [-h|--help] -c|--string "<value>"

Arguments:

  -h  --help    Print help information
  -c  --configuration  fastfind configuration file

Depending on where you are looking for files, FastFinder could be used with admin OR simple user rights.

Scan and export file match according to your needs

a configuration file example is available here in this repository

input:
    path: [] # match file path AND / OR file name based on simple string 
    content:
        grep: [] # match literal string value inside file contente
        yara: [] # use yara rule and specify rules path(s) for more complex pattern search (wildcards / regex / conditions) 
options:
    findInHardDrives: true	# enumerate hard drive content
    findInRemovableDrives: true # enumerate removable drive content 
    findInNetworkDrives: true # enumerate network drive content
output:
    base64Files: true # base64 matched content before copy
    filesCopyPath: '' # empty value will copy matched files in the fastfinder.exe folder