Releases: codeyourweb/fastfinder
Releases · codeyourweb/fastfinder
v3.0.0
Performance improvements
30% faster file scan with parrallel jobs
Build Automation & CI Improvements
- Added a new GitHub Actions workflow
.github/workflows/docker_build.ymlto automate Docker-based multi-platform builds and tests, including builder, runtime, and docker-compose validation for both Linux and Windows targets. - Updated
go_build_linux.ymlandgo_build_windows.ymlworkflows to use Go 1.24, install YARA v4.5.5, and run unit tests during CI, ensuring modern build environments and improved reliability. [1] [2]
Documentation Overhaul
- Completely rewrote
README.linux-compilation.mdwith a detailed, step-by-step guide for compiling FastFinder on Linux, including prerequisites, YARA build instructions, CGO configuration, troubleshooting, and Fedora-specific workarounds. - Major update to
README.mdwith clearer project overview, platform badges, installation instructions (including Docker and source builds), improved usage documentation, and screenshots for better onboarding.
Platform Support & Dependency Updates
- Upgraded minimum required Go version to 1.24 and YARA to 4.5.5 across all build scripts and documentation, ensuring compatibility with modern systems and improved performance. [1] [2] [3] [4]
Testing Enhancements
- Added explicit unit test steps to CI workflows for both Linux and Windows, improving code quality and catching platform-specific issues early. [1] [2]
Docker & Cross-Platform Build Improvements
- Provided Docker-based build and runtime instructions in documentation and CI, enabling users to build and run FastFinder without installing any dependencies directly, greatly simplifying setup for all platforms. [1] [2]
v2.0.0
What's new?
[v 2.0.0]
- scan performance improvements (up to 40%)
- configuration and yara rules RC4 cipher
- cross-platform SFX deployment kit
- output and file logger complete rework
- advanced UI with openfiledialog and realtime logger view
- triage mode and file and directory watcher
- CI and unit testing
Ready for battle!
- fastfinder has been tested with several CERT, CSIRT and SOC use cases
- examples directory now include real malwares , suspect behaviors or vulnerability scan
Usage
==================================================
___ __ ___ ___ __ ___ __
|__ /\ /__` | |__ | |\ | | \ |__ |__)
| /~~\ .__/ | | | | \| |__/ |___ | \
2021-2022 | Jean-Pierre GARNIER | @codeyourweb
https://github.com/codeyourweb/fastfinder
==================================================
usage: fastfinder [-h|--help] [-c|--configuration "<value>"] [-b|--build
"<value>"] [-o|--output "<value>"] [-n|--no-window]
[-u|--no-userinterface] [-v|--verbosity <integer>]
[-t|--triage]
Incident Response - Fast suspicious file finder
Arguments:
-h --help Print help information
-c --configuration Fastfind configuration file. Default:
-b --build Output a standalone package with configuration and
rules in a single binary
-o --output Save fastfinder logs in the specified file
-n --no-window Hide fastfinder window
-u --no-userinterface Hide advanced user interface
-v --verbosity File log verbosity
| 4: Only alert
| 3: Alert and errors
| 2: Alerts,errors and I/O operations
| 1: Full verbosity)
. Default: 3
-t --triage Triage mode (infinite run - scan every new file in
the input path directories). Default: false
Scan and export file match according to your needs
configuration examples are available under examples/ folder
Future release
I don't plan to add any additional features right now. The next release will be focused on:
- Stability / performance improvements
- Unit testing / Code testing coverage / CI
- Build more examples based on live malwares tradecraft and threat actor campaigns
What's Changed
- 2.0.0 beta by @codeyourweb in #3
Full Changelog: 1.4.2...2.0.0
Contributors
codeyourweb
Assets 4
v1.4.2
What's new?
[v1.4.2]
- HTTP(S) distant config file
- distant yara files in configuration (example here)
- Github workflow and actions for future CI & CD
- Several minor fixes and performances improvements
- UI/UX and logging improvements
Ready for battle!
- fastfinder has been tested in real cases in multiple CERT, CSIRT and SOC
- examples directory now include real malwares , suspect behaviors or vulnerability scan
Usage
==================================================
___ __ ___ ___ __ ___ __
|__ /\ /__` | |__ | |\ | | \ |__ |__)
| /~~\ .__/ | | | | \| |__/ |___ | \
2021-2022 | Jean-Pierre GARNIER | @codeyourweb
https://github.com/codeyourweb/fastfinder
==================================================
usage: fastfinder [-h|--help] [-c|--configuration "<value>"] [-b|--build
"<value>"] [-o|--output "<value>"] [-n|--nowindow]
[-p|--showprogress] [-v|--version]
Incident Response - Fast suspicious file finder
Arguments:
-h --help Print help information
-c --configuration Fastfind configuration file. Default: configuration.yaml
-b --build Output a standalone package with configuration and rules
in a single binary
-o --output Save fastfinder logs in the specified file
-n --nowindow Hide fastfinder window
-p --showprogress Display I/O analysis progress
-v --version Display fastfinder version
Scan and export file match according to your needs
configuration examples are available under examples/ folder
Future release
I don't plan to add any additional features right now. The next release will be focused on:
- Stability / performance improvements
- Unit testing / Code testing coverage / CI
- Build more examples based on live malwares tradecraft and threat actor campaigns
Full Changelog: 1.4.1...1.4.2
v1.4.1
What's new?
[v1.4.0]
- Parse content and calculate checksum from files inside archives
[v1.4.1]
- final console output changes
Usage
usage: fastfinder [-h|--help] [-c|--configuration "<value>"] [-b|--build
"<value>"] [-o|--output "<value>"] [-n|--nowindow]
[-p|--showprogress] [-v|--version]
Incident Response - Fast suspicious file finder
Arguments:
-h --help Print help information
-c --configuration Fastfind configuration file. Default: configuration.yaml
-b --build Output a standalone package with configuration and rules
in a single binary
-o --output Save fastfinder logs in the specified file
-n --nowindow Hide fastfinder window
-p --showprogress Display I/O analysis progress
-v --version Display fastfinder version
Scan and export file match according to your needs
configuration examples are available under examples/ folder
Future release
I don't plan to add any additional features right now. The next release will be focused on:
- Stability / performance improvements
- Unit testing / Code testing coverage / CI
- Build more examples based on live malwares tradecraft and threat actor campaigns
Full Changelog: 1.4.0...1.4.1
v1.4.0
What's new?
- Parse content and calculate checksum from files inside archives
Usage
usage: fastfinder [-h|--help] [-c|--configuration "<value>"] [-b|--build
"<value>"] [-o|--output "<value>"] [-n|--nowindow]
[-p|--showprogress] [-v|--version]
Incident Response - Fast suspicious file finder
Arguments:
-h --help Print help information
-c --configuration Fastfind configuration file. Default: configuration.yaml
-b --build Output a standalone package with configuration and rules
in a single binary
-o --output Save fastfinder logs in the specified file
-n --nowindow Hide fastfinder window
-p --showprogress Display I/O analysis progress
-v --version Display fastfinder version
Scan and export file match according to your needs
configuration examples are available under examples/ folder
Future release
I don't plan to add any additional features right now. The next release will be focused on:
- Stability / performance improvements
- Unit testing / Code testing coverage / CI
- Build more examples based on live malwares tradecraft and threat actor campaigns
Full Changelog: 1.3.0...1.4.0
v1.3.0
What's new?
- Cross-platform compatibility (Windows / Linux)
- UI & scan progress rendering
- Performances enhancement
- Code refactoring and bug fixing
Usage
usage: fastfinder [-h|--help] [-c|--configuration "<value>"] [-b|--build
"<value>"] [-o|--output "<value>"] [-n|--nowindow]
[-p|--showprogress] [-v|--version]
Incident Response - Fast suspicious file finder
Arguments:
-h --help Print help information
-c --configuration Fastfind configuration file. Default: configuration.yaml
-b --build Output a standalone package with configuration and rules
in a single binary
-o --output Save fastfinder logs in the specified file
-n --nowindow Hide fastfinder window
-p --showprogress Display I/O analysis progress
-v --version Display fastfinder version
Scan and export file match according to your needs
configuration examples are available under examples/ folder
Future release
I don't plan to add any additional features right now. The next release will be focused on:
- Stability / performance improvements
- Unit testing / Code testing coverage / CI
- Build more examples based on live malwares tradecraft and threat actor campaigns
What's Changed
- update to 1.3 cross-platform by @codeyourweb in #2
Full Changelog: 1.2.0...1.3.0
Contributors
codeyourweb
Assets 4
v1.2.0
What's new?
This new version adds a lot of asked features uppon the v1.0 realease:
- MD5/SHA1/SHA256 checksum matching
- standard output and error can be redirected in a log file
- CD-ROM, archives and virtual images parsing
- ability to run fastfinder without rendering window
- fastfinder executable, configuration and detection rules packing
- bug bashing and performances improvement
Usage
usage: fastfinder [-h|--help] -c|--configuration "<value>" [-b|--build
"<value>"] [-o|--output "<value>"] [-n|--nowindow]
Arguments:
-h --help Print help information
-c --configuration Fastfind configuration file
-b --build Output a standalone package with configuration and rules in a single binary
-o --output Save fastfinder logs in the specified file
-n --nowindow Hide fastfinder window
Depending on where you are looking for files, FastFinder could be used with admin OR simple user rights.
Scan and export file match according to your needs
configuration examples are available under examples/ folder
input:
path: [] # match file path AND / OR file name based on simple string
content:
grep: [] # match literal string value inside file contente
yara: [] # use yara rule and specify rules path(s) for more complex pattern search (wildcards / regex / conditions)
checksum: [] # look for md5/sha1/sha256 file checksum match
options:
findInHardDrives: true # enumerate hard drives content
findInRemovableDrives: true # enumerate removable drives content
findInNetworkDrives: true # enumerate network drives content
findInCDRomDrives: true # enumerate physical / virtual cd-rom drives content
output:
base64Files: true # base64 matched content before copy
filesCopyPath: '' # empty value will copy matched files in the fastfinder.exe folder
Full Changelog: release...1.2.0
v1.0.0
Usage
fastfinder [-h|--help] -c|--string "<value>"
Arguments:
-h --help Print help information
-c --configuration fastfind configuration file
Depending on where you are looking for files, FastFinder could be used with admin OR simple user rights.
Scan and export file match according to your needs
a configuration file example is available here in this repository
input:
path: [] # match file path AND / OR file name based on simple string
content:
grep: [] # match literal string value inside file contente
yara: [] # use yara rule and specify rules path(s) for more complex pattern search (wildcards / regex / conditions)
options:
findInHardDrives: true # enumerate hard drive content
findInRemovableDrives: true # enumerate removable drive content
findInNetworkDrives: true # enumerate network drive content
output:
base64Files: true # base64 matched content before copy
filesCopyPath: '' # empty value will copy matched files in the fastfinder.exe folder