worker

package
v0.0.0-...-cc1f0fe Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 29, 2025 License: MIT Imports: 21 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var List = []Module{
	{
		Name:        "Hayabusa",
		Description: "Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.",
		Supports:    func(e model.Evidence) bool { return filepath.Ext(e.Name) == ".evtx" },
	},
	{
		Name:        "Plaso (Windows Preset)",
		Description: "Plaso (Plaso Langar Að Safna Öllu), or super timeline all the things, is a Python-based engine used by several tools for automatic creation of timelines.",
		Supports:    func(e model.Evidence) bool { return filepath.Ext(e.Name) == ".zip" },
	},
	{
		Name:        "Plaso (Linux Preset)",
		Description: "Plaso (Plaso Langar Að Safna Öllu), or super timeline all the things, is a Python-based engine used by several tools for automatic creation of timelines.",
		Supports:    func(e model.Evidence) bool { return filepath.Ext(e.Name) == ".zip" },
	},
	{
		Name:        "Plaso (MacOS Preset)",
		Description: "Plaso (Plaso Langar Að Safna Öllu), or super timeline all the things, is a Python-based engine used by several tools for automatic creation of timelines.",
		Supports:    func(e model.Evidence) bool { return filepath.Ext(e.Name) == ".zip" },
	},
	{
		Name:        "Plaso (Filesystem Timeline)",
		Description: "Run Plaso with the parser for NTFS $MFT metadata files to create a file system timeline that gives great insight into actions that occurred on the filesystem.",
		Supports:    func(e model.Evidence) bool { return filepath.Ext(e.Name) == ".zip" },
	},
	{
		Name:        "Timesketch Importer",
		Description: "Timesketch is an open-source tool for collaborative forensic timeline analysis. Using sketches you and your collaborators can organize and work together.",
		Supports: func(e model.Evidence) bool {
			return strings.HasSuffix(e.Name, ".plaso") || strings.HasSuffix(e.Name, ".jsonl")
		},
	},
}

Functions

func AckJob 

func AckJob(job model.Job) error

func AddFromFS 

func AddFromFS(obj model.Evidence) error

func DispatchJob 

func DispatchJob(ch <-chan Job)

func Filepath 

func Filepath(obj model.Evidence) string

func RunHayabusa 

func RunHayabusa(job Job) error

func RunPlasoLinux 

func RunPlasoLinux(job Job) error

func RunPlasoMFT 

func RunPlasoMFT(job Job) error

func RunPlasoMacOS 

func RunPlasoMacOS(job Job) error

func RunPlasoWindows 

func RunPlasoWindows(job Job) error

func StartWorker 

func StartWorker()

func UploadToTimesketch 

func UploadToTimesketch(job Job) error

func ValidateHayabusa 

func ValidateHayabusa() []string

func ValidatePlaso 

func ValidatePlaso() []string

func ValidateTimesketch 

func ValidateTimesketch() []string

Types

type Job 

type Job struct {
	ID          string
	WorkerToken string
	Name        string
	Case        model.Case
	Evidence    model.Evidence

	Ctx context.Context
}

type Module 

type Module struct {
	Name        string
	Description string
	Status      string
	Error       string
	Supports    func(model.Evidence) bool
}

func Get 

func Get(name string) (Module, error)

func Supported 

func Supported(obj model.Evidence) []Module

type Worker 

type Worker struct {
	WorkerID   string
	RemoteAddr string
	Modules    []string
	Workers    int
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.