fileinfo

command module

v0.0.0-...-10fcb5c Latest Latest Go to latest Published: Feb 11, 2024 License: MIT Imports: 22 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/malice-plugins/fileinfo

Links

Open Source Insights

README ¶

fileinfo

Malice File Info Plugin (exiftool, TRiD and ssdeep)

This repository contains a Dockerfile of the FileInfo malice plugin malice/fileinfo.

Dependencies

ubuntu:bionic (84.1 MB)

Installation

Install Docker.
Download trusted build from public Docker Registry: docker pull malice/fileinfo

Usage

$ docker run -v /path/to/malware:/malware malice/fileinfo FILE

Usage: fileinfo [OPTIONS] COMMAND [arg...]

Malice File Info Plugin - ssdeep/exiftool/TRiD

Version: , BuildTime: 20180902

Author:
  blacktop - <https://github.com/blacktop>

Options:
  --verbose, -V          verbose output
  --table, -t            output as Markdown table
  --mime, -m             output only mimetype
  --callback, -c         POST results to Malice webhook [$MALICE_ENDPOINT]
  --proxy, -x            proxy settings for Malice webhook endpoint [$MALICE_PROXY]
  --elasticsearch value  elasticsearch url for Malice to store results [$MALICE_ELASTICSEARCH_URL]
  --timeout value        malice plugin timeout (in seconds) (default: 10) [$MALICE_TIMEOUT]
  --help, -h             show help
  --version, -v          print the version

Commands:
  web   Create a File Info web service
  help  Shows a list of commands or help for one command

Run 'fileinfo COMMAND --help' for more information on a command.

Sample Output

JSON

{
  "magic": {
    "mime": "application/x-executable",
    "description": "ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.26, BuildID[sha1]=8ffd894e500a9f125b32fa8a3f700f0f710961de, stripped"
  },
  "ssdeep": "768:C7tsNKQhyl96U9eJqaZ2e5ofMolkcksNmisf4BB5iqboecL027:DkXe1UHfM4N3sfezcL0",
  "trid": [
    "50.1% (.) ELF Executable and Linkable format (Linux) (4025/14)",
    "49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)"
  ],
  "exiftool": {
    "CPUArchitecture": "64 bit",
    "CPUByteOrder": "Little endian",
    "CPUType": "AMD x86-64",
    "ExifToolVersionNumber": "10.25",
    "FileSize": "51 kB",
    "FileType": "ELF executable",
    "FileTypeExtension": "",
    "MIMEType": "application/octet-stream",
    "ObjectFileType": "Executable file"
  }
}

Markdown

Magic

Field	Value
Mime	application/x-dosexec
Description	PE32 executable (GUI) Intel 80386, for MS Windows

SSDeep

768:15jQ4nVHQaeO379u4XckKVCsknBN9A4hUnDxDiNZ957ZpK0IUUiM95Zdz:15jQ4nVHQaeO9uwckKuBN9A4UnDxcbFi

TRiD

30.4% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
26.9% (.EXE) Win64 Executable (generic) (27625/18/4)
25.9% (.EXE) Win32 EXE Yoda's Crypter (26569/9/4)
6.4% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.3% (.EXE) Win32 Executable (generic) (4508/7/1)

Exiftool

Field	Value
CharacterSet	Unicode
CodeSize	20480
Comments
CompanyName	Microsoft Corporation
EntryPoint	0x5a46
ExifToolVersionNumber	11.06

...SNIP...

Documentation

Issues

Find a bug? Want more features? Find something missing in the documentation? Let me know! Please don't hesitate to file an issue

CHANGELOG

See CHANGELOG.md

Contributing

See all contributors on GitHub.

Please update the CHANGELOG.md and submit a Pull Request on GitHub.

License

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL