Releases: codeyourweb/fastfinder
Releases · codeyourweb/fastfinder
v2.0.0
What's new?
[v 2.0.0]
- scan performance improvements (up to 40%)
- configuration and yara rules RC4 cipher
- cross-platform SFX deployment kit
- output and file logger complete rework
- advanced UI with openfiledialog and realtime logger view
- triage mode and file and directory watcher
- CI and unit testing
Ready for battle!
- fastfinder has been tested with several CERT, CSIRT and SOC use cases
- examples directory now include real malwares , suspect behaviors or vulnerability scan
Usage
==================================================
___ __ ___ ___ __ ___ __
|__ /\ /__` | |__ | |\ | | \ |__ |__)
| /~~\ .__/ | | | | \| |__/ |___ | \
2021-2022 | Jean-Pierre GARNIER | @codeyourweb
https://github.com/codeyourweb/fastfinder
==================================================
usage: fastfinder [-h|--help] [-c|--configuration "<value>"] [-b|--build
"<value>"] [-o|--output "<value>"] [-n|--no-window]
[-u|--no-userinterface] [-v|--verbosity <integer>]
[-t|--triage]
Incident Response - Fast suspicious file finder
Arguments:
-h --help Print help information
-c --configuration Fastfind configuration file. Default:
-b --build Output a standalone package with configuration and
rules in a single binary
-o --output Save fastfinder logs in the specified file
-n --no-window Hide fastfinder window
-u --no-userinterface Hide advanced user interface
-v --verbosity File log verbosity
| 4: Only alert
| 3: Alert and errors
| 2: Alerts,errors and I/O operations
| 1: Full verbosity)
. Default: 3
-t --triage Triage mode (infinite run - scan every new file in
the input path directories). Default: false
Scan and export file match according to your needs
configuration examples are available under examples/ folder
Future release
I don't plan to add any additional features right now. The next release will be focused on:
- Stability / performance improvements
- Unit testing / Code testing coverage / CI
- Build more examples based on live malwares tradecraft and threat actor campaigns
What's Changed
- 2.0.0 beta by @codeyourweb in #3
Full Changelog: 1.4.2...2.0.0
Contributors
codeyourweb
Assets 4
v1.4.2
What's new?
[v1.4.2]
- HTTP(S) distant config file
- distant yara files in configuration (example here)
- Github workflow and actions for future CI & CD
- Several minor fixes and performances improvements
- UI/UX and logging improvements
Ready for battle!
- fastfinder has been tested in real cases in multiple CERT, CSIRT and SOC
- examples directory now include real malwares , suspect behaviors or vulnerability scan
Usage
==================================================
___ __ ___ ___ __ ___ __
|__ /\ /__` | |__ | |\ | | \ |__ |__)
| /~~\ .__/ | | | | \| |__/ |___ | \
2021-2022 | Jean-Pierre GARNIER | @codeyourweb
https://github.com/codeyourweb/fastfinder
==================================================
usage: fastfinder [-h|--help] [-c|--configuration "<value>"] [-b|--build
"<value>"] [-o|--output "<value>"] [-n|--nowindow]
[-p|--showprogress] [-v|--version]
Incident Response - Fast suspicious file finder
Arguments:
-h --help Print help information
-c --configuration Fastfind configuration file. Default: configuration.yaml
-b --build Output a standalone package with configuration and rules
in a single binary
-o --output Save fastfinder logs in the specified file
-n --nowindow Hide fastfinder window
-p --showprogress Display I/O analysis progress
-v --version Display fastfinder version
Scan and export file match according to your needs
configuration examples are available under examples/ folder
Future release
I don't plan to add any additional features right now. The next release will be focused on:
- Stability / performance improvements
- Unit testing / Code testing coverage / CI
- Build more examples based on live malwares tradecraft and threat actor campaigns
Full Changelog: 1.4.1...1.4.2
v1.4.1
What's new?
[v1.4.0]
- Parse content and calculate checksum from files inside archives
[v1.4.1]
- final console output changes
Usage
usage: fastfinder [-h|--help] [-c|--configuration "<value>"] [-b|--build
"<value>"] [-o|--output "<value>"] [-n|--nowindow]
[-p|--showprogress] [-v|--version]
Incident Response - Fast suspicious file finder
Arguments:
-h --help Print help information
-c --configuration Fastfind configuration file. Default: configuration.yaml
-b --build Output a standalone package with configuration and rules
in a single binary
-o --output Save fastfinder logs in the specified file
-n --nowindow Hide fastfinder window
-p --showprogress Display I/O analysis progress
-v --version Display fastfinder version
Scan and export file match according to your needs
configuration examples are available under examples/ folder
Future release
I don't plan to add any additional features right now. The next release will be focused on:
- Stability / performance improvements
- Unit testing / Code testing coverage / CI
- Build more examples based on live malwares tradecraft and threat actor campaigns
Full Changelog: 1.4.0...1.4.1
v1.4.0
What's new?
- Parse content and calculate checksum from files inside archives
Usage
usage: fastfinder [-h|--help] [-c|--configuration "<value>"] [-b|--build
"<value>"] [-o|--output "<value>"] [-n|--nowindow]
[-p|--showprogress] [-v|--version]
Incident Response - Fast suspicious file finder
Arguments:
-h --help Print help information
-c --configuration Fastfind configuration file. Default: configuration.yaml
-b --build Output a standalone package with configuration and rules
in a single binary
-o --output Save fastfinder logs in the specified file
-n --nowindow Hide fastfinder window
-p --showprogress Display I/O analysis progress
-v --version Display fastfinder version
Scan and export file match according to your needs
configuration examples are available under examples/ folder
Future release
I don't plan to add any additional features right now. The next release will be focused on:
- Stability / performance improvements
- Unit testing / Code testing coverage / CI
- Build more examples based on live malwares tradecraft and threat actor campaigns
Full Changelog: 1.3.0...1.4.0
v1.3.0
What's new?
- Cross-platform compatibility (Windows / Linux)
- UI & scan progress rendering
- Performances enhancement
- Code refactoring and bug fixing
Usage
usage: fastfinder [-h|--help] [-c|--configuration "<value>"] [-b|--build
"<value>"] [-o|--output "<value>"] [-n|--nowindow]
[-p|--showprogress] [-v|--version]
Incident Response - Fast suspicious file finder
Arguments:
-h --help Print help information
-c --configuration Fastfind configuration file. Default: configuration.yaml
-b --build Output a standalone package with configuration and rules
in a single binary
-o --output Save fastfinder logs in the specified file
-n --nowindow Hide fastfinder window
-p --showprogress Display I/O analysis progress
-v --version Display fastfinder version
Scan and export file match according to your needs
configuration examples are available under examples/ folder
Future release
I don't plan to add any additional features right now. The next release will be focused on:
- Stability / performance improvements
- Unit testing / Code testing coverage / CI
- Build more examples based on live malwares tradecraft and threat actor campaigns
What's Changed
- update to 1.3 cross-platform by @codeyourweb in #2
Full Changelog: 1.2.0...1.3.0
Contributors
codeyourweb
Assets 4
v1.2.0
What's new?
This new version adds a lot of asked features uppon the v1.0 realease:
- MD5/SHA1/SHA256 checksum matching
- standard output and error can be redirected in a log file
- CD-ROM, archives and virtual images parsing
- ability to run fastfinder without rendering window
- fastfinder executable, configuration and detection rules packing
- bug bashing and performances improvement
Usage
usage: fastfinder [-h|--help] -c|--configuration "<value>" [-b|--build
"<value>"] [-o|--output "<value>"] [-n|--nowindow]
Arguments:
-h --help Print help information
-c --configuration Fastfind configuration file
-b --build Output a standalone package with configuration and rules in a single binary
-o --output Save fastfinder logs in the specified file
-n --nowindow Hide fastfinder window
Depending on where you are looking for files, FastFinder could be used with admin OR simple user rights.
Scan and export file match according to your needs
configuration examples are available under examples/ folder
input:
path: [] # match file path AND / OR file name based on simple string
content:
grep: [] # match literal string value inside file contente
yara: [] # use yara rule and specify rules path(s) for more complex pattern search (wildcards / regex / conditions)
checksum: [] # look for md5/sha1/sha256 file checksum match
options:
findInHardDrives: true # enumerate hard drives content
findInRemovableDrives: true # enumerate removable drives content
findInNetworkDrives: true # enumerate network drives content
findInCDRomDrives: true # enumerate physical / virtual cd-rom drives content
output:
base64Files: true # base64 matched content before copy
filesCopyPath: '' # empty value will copy matched files in the fastfinder.exe folder
Full Changelog: release...1.2.0
v1.0.0
Usage
fastfinder [-h|--help] -c|--string "<value>"
Arguments:
-h --help Print help information
-c --configuration fastfind configuration file
Depending on where you are looking for files, FastFinder could be used with admin OR simple user rights.
Scan and export file match according to your needs
a configuration file example is available here in this repository
input:
path: [] # match file path AND / OR file name based on simple string
content:
grep: [] # match literal string value inside file contente
yara: [] # use yara rule and specify rules path(s) for more complex pattern search (wildcards / regex / conditions)
options:
findInHardDrives: true # enumerate hard drive content
findInRemovableDrives: true # enumerate removable drive content
findInNetworkDrives: true # enumerate network drive content
output:
base64Files: true # base64 matched content before copy
filesCopyPath: '' # empty value will copy matched files in the fastfinder.exe folder