Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/codeyourweb/fastfinder

Incident Response - Fast suspicious file finder
https://github.com/codeyourweb/fastfinder

dfir incident-response investigation threat-hunting

Last synced: 2 days ago
JSON representation

Incident Response - Fast suspicious file finder

Host: GitHub
URL: https://github.com/codeyourweb/fastfinder
Owner: codeyourweb
License: mit
Created: 2021-11-29T21:46:04.000Z (almost 3 years ago)
Default Branch: master
Last Pushed: 2022-05-08T19:55:06.000Z (over 2 years ago)
Last Synced: 2024-02-14T19:31:17.507Z (9 months ago)
Topics: dfir, incident-response, investigation, threat-hunting
Language: Go
Homepage:
Size: 3.75 MB
Stars: 215
Watchers: 6
Forks: 27
Open Issues: 1
Metadata Files:
- Readme: README.linux-compilation.md
- License: LICENSE

Awesome Lists containing this project

awesome-forensics - Fastfinder - Fast customisable cross-platform suspicious file finder. Supports md5/sha1/sha256 hashes, literal/wildcard strings, regular expressions and YARA rules (Tools / IOC Scanner)
Awesome-Forensics - Fastfinder - Fast customisable cross-platform suspicious file finder. Supports md5/sha1/sha256 hashes, literal/wildcard strings, regular expressions and YARA rules (Tools / IOC Scanner)
awesome-hacking-lists - codeyourweb/fastfinder - Incident Response - Fast suspicious file finder (Go)

README

# Compiling instruction for _FastFinder_ on Linux

_FastFinder_ was originally designed for Windows platform but it also work perfectly on Linux. Unlike other Go programs, if you want to compile or run it from source, you will need to install some libraries and compilation tools. Indeed, _FastFinder_ is strongly dependent of libyara, go-yara and CGO. Here's a little step by step guide:

## Before installation

Please ensure having:
* Go >= 1.17
* GOPATH / GOOS / GOARCH correctly set
* administrator rights to insall

## Compile YARA

1/ download YARA latest release source tarball (https://github.com/VirusTotal/yara)
2/ Make sure you have `automake`, `libtool`, `make`, `gcc` and `pkg-config` installed in your system.
2/ unzip and compile yara like this:
```
tar -zxf yara-.tar.gz
cd .
./bootstrap.sh
./configure
make
make install
```
3/ Run the test cases to make sure that everything is fine:
```
make check
```

## Configure CGO
CGO will link libyara and compile C instructions used by _Fastfinder_ (through go-yara project). Compiler and linker flags have to be set via the CGO_CFLAGS and CGO_LDFLAGS environment variables like this:
```
export CGO_CFLAGS="-I/libyara/include"
export CGO_LDFLAGS="-L/libyara/.libs -lyara"
```

## You're ready to Go!
You can compile _FastFinder_ with the following command:
```
go build -tags yara_static -a -ldflags '-s -w' .
```