https://github.com/copyleftdev/5l4pp3r
forensic snapshot tool designed to capture a comprehensive view of your system's configuration environment. It's like a high-resolution camera for your system's state, providing IT professionals and forensic analysts with a powerful lens to examine system configurations at any given point in time.
https://github.com/copyleftdev/5l4pp3r
admin change-detection forensics it system
Last synced: about 1 year ago
JSON representation
forensic snapshot tool designed to capture a comprehensive view of your system's configuration environment. It's like a high-resolution camera for your system's state, providing IT professionals and forensic analysts with a powerful lens to examine system configurations at any given point in time.
- Host: GitHub
- URL: https://github.com/copyleftdev/5l4pp3r
- Owner: copyleftdev
- Created: 2024-12-13T19:40:58.000Z (over 1 year ago)
- Default Branch: master
- Last Pushed: 2024-12-13T19:51:57.000Z (over 1 year ago)
- Last Synced: 2024-12-13T20:32:04.048Z (over 1 year ago)
- Topics: admin, change-detection, forensics, it, system
- Language: Go
- Homepage: https://5l4pp3r.vercel.app/
- Size: 0 Bytes
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# 5l4pp3r
> πΈ Your system's configuration, frozen in time.
## π High-Level Purpose
5l4pp3r is a forensic snapshot tool designed to capture a comprehensive view of your system's configuration environment. It's like a high-resolution camera for your system's state, providing IT professionals and forensic analysts with a powerful lens to examine system configurations at any given point in time.
## π What It Does
5l4pp3r meticulously collects and stores:
- π₯οΈ **System Information**: Hostname and timestamp
- π **Network Details**: IP addresses, MAC addresses, interface names
- π **Configuration Files**: From standard system directories and user-specific locations
All this data is compressed and stored in a structured database (SQLite or PostgreSQL), creating a space-optimized, point-in-time record of your system's state.
## ποΈ Architectural Overview
### Key Components:
1. **Configuration Loading** (`internal/config`)
1. Reads `config.toml` for flexible customization
2. Defines database settings, compression algorithms, scan directories, and more
2. **Logging and Instrumentation**
1. Utilizes `zerolog` for structured, timestamped logs
3. **Storage Setup** (`internal/storage`)
1. Supports SQLite (local) and PostgreSQL (centralized)
2. Ensures proper schema creation and verification
4. **Data Gathering** (`internal/gatherer`)
1. Collects system info, network details, and configuration files
2. Compresses file contents for space efficiency
## πΎ Data Ingestion and Persistence Flow
1. Insert System Info (creates `system_id`)
2. Assign `system_id` to Config Files
3. Insert Network Interfaces (linked to `system_id`)
4. Insert Config Files (compressed, with metadata)
5. Commit the Transaction
## π΅οΈ Forensic and IT Professional Value
- **Immutable Point-in-Time State**: Reconstruct system settings at snapshot time
- **Relational Data Model**: Powerful querying capabilities
- **Repeatable and Extensible**: Track configuration evolution over time
- **Centralization and Aggregation**: Create a global forensic data lake (with PostgreSQL)
## π Getting Started
1. Clone the repository:
```plaintext
git clone https://github.com/copyleftdev/5l4pp3r.git
```
2. Configure `config.toml` with your desired settings
3. Build and run:
```plaintext
go build
./5l4pp3r
```
## π Example Output
```plaintext
11:25AM INF Starting 5l4pp3r...
11:26AM INF Snapshot completed successfully.
```
## π οΈ Possible Enhancements
- Filtering and Exclusions
- Extended Metadata and Integrity Checks
- Integration with CI/CD and Automation Tools
## π€ Contributing
We welcome contributions! Please see our [CONTRIBUTING.md](CONTRIBUTING.md) for details.
## π License
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
## π Acknowledgments
- All the amazing open-source libraries that made this project possible
- The forensic IT community for inspiration and use cases
---
Remember: With great power comes great responsibility. Use 5l4pp3r ethically and legally! π¦ΈββοΈπ¦ΈββοΈ