modulepackage
0.0.0-20220130133323-3674dd00523c
Repository: https://github.com/codeyourweb/fastfinder.git
Documentation: pkg.go.dev
# README
Compiling instruction for FastFinder on Linux
FastFinder was originally designed for Windows platform but it also work perfectly on Linux. Unlike other Go programs, if you want to compile or run it from source, you will need to install some libraries and compilation tools. Indeed, FastFinder is strongly dependent of libyara, go-yara and CGO. Here's a little step by step guide:
Before installation
Please ensure having:
- Go >= 1.17
- GOPATH / GOOS / GOARCH correctly set
- administrator rights to insall
Compile YARA
1/ download YARA latest release source tarball (https://github.com/VirusTotal/yara)
2/ Make sure you have automake, libtool, make, gcc and pkg-config installed in your system.
2/ unzip and compile yara like this:
tar -zxf yara-<version>.tar.gz
cd <version>.
./bootstrap.sh
./configure
make
make install
3/ Run the test cases to make sure that everything is fine:
make check
Configure CGO
CGO will link libyara and compile C instructions used by Fastfinder (through go-yara project). Compiler and linker flags have to be set via the CGO_CFLAGS and CGO_LDFLAGS environment variables like this:
export CGO_CFLAGS="-I<YARA_SRC_PATH>/libyara/include"
export CGO_LDFLAGS="-L<YARA_SRC_PATH>/libyara/.libs -lyara"
You're ready to Go!
You can compile FastFinder with the following command:
go build -tags yara_static -a -ldflags '-s -w' .
# Functions
BuildSFX creates a self-extracting rar zip and embed the fastfinder executable / configuration file / yara rules.
CheckCurrentUserPermissions retieves the current user permissions and check if the program run with elevated privileges.
CheckFileChecksumAndContent check for pattern or checksum match in files slice.
CompileRules try to compile every rules from the given compiler.
CompileYaraRules return *yara.Rules result of yara files compilation.
Contains checks if a string is contained in a slice of strings.
CreateMutex creates a named mutex to avoid multiple instance run.
DriveEnumeration enumerate drives based on configuration parameters.
No description provided by the author
EnumerateYaraInFolders return a list of YARA rules path in the specified folders - if path already is a file or URL, it add it also.
EnumLogicalDrives returns a list of all logical drives letters on the system.
ExitProgram close file log handles and exit the program.
FastFinderInit return basic host informations / check for mutex and return current user permissions.
FileAnalyzeYaraMatch use yara to scan the specified file and return if it match to compiled rules or not.
FileCopy copy the specified file from src to dst path, and eventually encode its content to base64.
Get SHA256 checksum of the specified file.
FindInFiles check for pattern or checksum match in files slice.
FindInNetworkDrives uses df -aT and returns a list of all valid fuse mount.
GetCurrentDirectory returns the current directory.
GetEnvironmentVariables return a list of environment variables in []Env slice.
GetHostname returns the hostname of the current machine.
GetUsername returns the current user name.
HideConsoleWindow hide the process console window.
No description provided by the author
InitTriageScan convert fastfinder scan routine to triage infinite scan.
No description provided by the author
IsUSBStorage returns true if the given device is a USB storage based on udevadm linux command return.
IsValidUrl tests a string to determine if it is a well-structured url or not.
ListFilesRecursively returns a list of files in the specified path and its subdirectories.
ListFilesRecursively returns a list of files in the specified path and its subdirectories.
LoadYaraRules compile yara rules from specified paths and return a pointer to the yara compiler.
LogFatal use LogMessage and exit program.
LogMessage output message to the specific standard / error output.
No description provided by the author
LogToFile copy output log flow to the specified file according to the desired loglevel.
Lsblk returns a map of all disks and their properties.
MainFastfinderRoutine is used in every scan routine and based on config file directives.
MainWindow display application UI.
No description provided by the author
OpenFileDialog show a navigable tree view of the current directory.
PathsFinder try to match regular expressions in file paths slice.
PerformArchiveYaraScan try to decompress archive and YARA scan every file in it.
PerformYaraScan use provided YARA rules and search for match in the given byte slice.
No description provided by the author
RC4Cipher is used on Yara ciphered rules.
RenderFastfinderLogo is a (useless) function displaying fastfinder logo as ascii art.
RenderFastfinderVersion returns program and YARA version.
RetrivesFilesFromUserPath return a []string of available files from specified path (includeFileExtensions is available only if listFiles is true).
RunProgramWithParameters used specified argv and run fastfinder.
# Constants
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
# Variables
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
# Structs
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author