{"id":28486155,"url":"https://github.com/fox-it/flow.record","last_synced_at":"2025-07-22T16:06:18.265Z","repository":{"id":60776829,"uuid":"515990145","full_name":"fox-it/flow.record","owner":"fox-it","description":"Recordization library","archived":false,"fork":false,"pushed_at":"2025-06-30T11:37:15.000Z","size":455,"stargazers_count":9,"open_issues_count":7,"forks_count":13,"subscribers_count":10,"default_branch":"main","last_synced_at":"2025-07-07T21:47:58.847Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fox-it.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2022-07-20T13:19:13.000Z","updated_at":"2025-06-30T11:37:19.000Z","dependencies_parsed_at":"2023-10-25T16:53:26.630Z","dependency_job_id":"ad18f0a1-a47e-487c-9123-6f3156d2437a","html_url":"https://github.com/fox-it/flow.record","commit_stats":{"total_commits":48,"total_committers":9,"mean_commits":5.333333333333333,"dds":0.5625,"last_synced_commit":"d1823095e1e4de85e02daac8a71eb71a2778dcef"},"previous_names":[],"tags_count":21,"template":false,"template_full_name":null,"purl":"pkg:github/fox-it/flow.record","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fox-it%2Fflow.record","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fox-it%2Fflow.record/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fox-it%2Fflow.record/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fox-it%2Fflow.record/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fox-it","download_url":"https://codeload.github.com/fox-it/flow.record/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fox-it%2Fflow.record/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":266524904,"owners_count":23942837,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-22T02:00:09.085Z","response_time":66,"last_error":null,"robots_txt_status":null,"robots_txt_updated_at":null,"robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-06-08T01:10:24.110Z","updated_at":"2025-07-22T16:06:18.239Z","avatar_url":"https://github.com/fox-it.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# flow.record\n\nA library for defining and creating structured data (called records) that can be streamed to disk or piped to other\ntools that use `flow.record`.\n\nRecords can be read and transformed to other formats by using output adapters, such as CSV and JSON.\n\nFor more information on how Dissect uses this library, please see [the\ndocumentation](https://docs.dissect.tools/en/latest/tools/rdump.html#what-is-a-record).\n\n## Requirements\n\nThis project is part of the Dissect framework and requires Python.\n\nInformation on the supported Python versions can be found in the Getting Started section of [the documentation](https://docs.dissect.tools/en/latest/index.html#getting-started).\n\n## Installation\n\n`flow.record` is available on [PyPI](https://pypi.org/project/flow.record/).\n\n```bash\npip install flow.record\n```\n\n## Usage\n\nThis library contains the tool `rdump`. With `rdump` you can read, write, interact, and manipulate records from `stdin`\nor from record files saved on disk. Please refer to `rdump -h` or to the [`rdump`\ndocumentation](https://docs.dissect.tools/en/latest/tools/rdump.html) for all parameters.\n\nRecords are the primary output type when using the various functions of `target-query`. The following command shows how\nto pipe record output from `target-query` to `rdump`:\n\n```shell\nuser@dissect~$ target-query -f runkeys targets/EXAMPLE.vmx | rdump\n\u003cwindows/registry/run hostname='EXAMPLE' domain='EXAMPLE.local' ts=2022-12-09 12:06:20.037806+00:00 name='OneDriveSetup' path='C:/Windows/SysWOW64/OneDriveSetup.exe /thfirstsetup' key='HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Run' hive_filepath='C:\\\\Windows/ServiceProfiles/LocalService/ntuser.dat' username='LocalService' user_sid='S-1-5-19' user_home='%systemroot%\\\\ServiceProfiles\\\\LocalService'\u003e\n\u003c...\u003e\n```\n\n## Programming example\n\nDefine a `RecordDescriptor` (schema) and then create a few records and write them to disk\n\n```python\nfrom flow.record import RecordDescriptor, RecordWriter\n\n# define our descriptor\nMyRecord = RecordDescriptor(\"my/record\", [\n    (\"net.ipaddress\", \"ip\"),\n    (\"string\", \"description\"),\n])\n\n# define some records\nrecords = [\n    MyRecord(\"1.1.1.1\", \"cloudflare dns\"),\n    MyRecord(\"8.8.8.8\", \"google dns\"),\n]\n\n# write the records to disk\nwith RecordWriter(\"output.records.gz\") as writer:\n    for record in records:\n        writer.write(record)\n```\n\nThe records can then be read from disk using the `rdump` tool or by instantiating a `RecordReader` when using the\nlibrary.\n\n```shell\n$ rdump output.records.gz\n\u003cmy/record ip=net.ipaddress('1.1.1.1') description='cloudflare dns'\u003e\n\u003cmy/record ip=net.ipaddress('8.8.8.8') description='google dns'\u003e\n```\n\n### Selectors\n\nWe can also use `selectors` for filtering and selecting records using a query (Python like syntax), e.g.:\n\n```shell\n$ rdump output.records.gz -s '\"google\" in r.description'\n\u003cmy/record ip=net.ipaddress('8.8.8.8') description='google dns'\u003e\n\n$ rdump output.records.gz -s 'r.ip in net.ipnetwork(\"1.1.0.0/16\")'\n\u003cmy/record ip=net.ipaddress('1.1.1.1') description='cloudflare dns'\u003e\n```\n\n## Build and test instructions\n\nThis project uses `tox` to build source and wheel distributions. Run the following command from the root folder to build\nthese:\n\n```bash\ntox -e build\n```\n\nThe build artifacts can be found in the `dist/` directory.\n\n`tox` is also used to run linting and unit tests in a self-contained environment. To run both linting and unit tests\nusing the default installed Python version, run:\n\n```bash\ntox\n```\n\nFor a more elaborate explanation on how to build and test the project, please see [the\ndocumentation](https://docs.dissect.tools/en/latest/contributing/tooling.html).\n\n## Contributing\n\nThe Dissect project encourages any contribution to the codebase. To make your contribution fit into the project, please\nrefer to [the development guide](https://docs.dissect.tools/en/latest/contributing/developing.html).\n\n## Copyright and license\n\nDissect is released as open source by Fox-IT (\u003chttps://www.fox-it.com\u003e) part of NCC Group Plc\n(\u003chttps://www.nccgroup.com\u003e).\n\nDeveloped by the Dissect Team (\u003cdissect@fox-it.com\u003e) and made available at \u003chttps://github.com/fox-it/dissect\u003e.\n\nLicense terms: AGPL3 (\u003chttps://www.gnu.org/licenses/agpl-3.0.html\u003e). For more information, see the LICENSE file.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffox-it%2Fflow.record","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffox-it%2Fflow.record","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffox-it%2Fflow.record/lists"}