Versions in this module Expand all Collapse all v0 v0.9.0 Apr 9, 2026 Changes in this version + func DetectContentType(data []byte) (string, bool) + func GetDedupCache() *fileDeduplicationCache + func GetDedupStats() dedupStats + func GetMaxFileSize() int64 + func IsProtocolEnabled(protocol string) bool + func IsReassemblyEnabled() bool + func ListExtractors() []string + func LogDedupStats(logger *zap.Logger) + func RegisterExtractor(extractor FileExtractor) + func ResetDedupCache() + func ResetGlobalYaraScanner() + func SaveFileEnhanced(conv *core.ConversationInfo, source, name string, err error, body []byte, ...) error + func SetGlobalConfig(cfg *Config) + func SetSaveFileLogger(logger *zap.Logger) + func ShouldComputeHash(algorithm string) bool + func ShouldExtractMimeType(mimeType string) bool + func ShouldUseMagicDetection() bool + func ValidateYaraSource(source string) error + func WriteFileEnhanced(f *types.File) + func YaraAvailable() bool + type AdvancedConfig struct + ComputeEntropy bool + DecodeBase64 bool + DecodeCompressed bool + DeduplicateFiles bool + DetectEmbeddedScripts bool + DetectExecutables bool + EnableMagika bool + EnableYaraScanning bool + MagikaAssetsDir string + MagikaModelName string + MaxFilenameLength int + UseMagicDetection bool + YaraRulesPath string + type Config struct + FileExtraction FileExtractionConfig + func GetDefaultConfig() *Config + func GetGlobalConfig() *Config + func LoadConfig(path string) (*Config, error) + type ContentInfo struct + CompressedSize int64 + CompressionType string + DecodedContent []byte + Hash string + WasCompressed bool + func ComputeContentHash(body []byte, encoding []string) (*ContentInfo, error) + type FileAnalysis struct + Entropy float64 + HasEmbeddedScript bool + IsELFExecutable bool + IsKnownMalware bool + IsMachO bool + IsPEExecutable bool + IsPasswordProtected bool + MagicBytes []byte + ThreatName string + TrueFileType string + TypeMismatch bool + YaraMatches []string + func AnalyzeFile(content []byte, filename string) *FileAnalysis + type FileExtractionConfig struct + Advanced AdvancedConfig + Enabled bool + HashAlgorithms HashAlgorithmsConfig + IncompleteFiles IncompleteFilesConfig + MimeTypes MimeTypesConfig + Protocols ProtocolsConfig + Reassembly ReassemblyConfig + SizeLimits SizeLimitsConfig + Storage StorageConfig + type FileExtractor interface + DescribeFile func(handle *FileHandle) string + ExtractFile func(conv *core.ConversationInfo, data []byte, metadata FileMetadata) error + GetFileHandle func(conv *core.ConversationInfo, isOrigin bool, depth int) string + ProtocolName func() string + func GetExtractor(protocol string) (FileExtractor, bool) + type FileHandle struct + ConversationID string + Depth int + ID string + IsComplete bool + MissingBytes int64 + ParentFileID string + Protocol string + SeenBytes int64 + Timestamp int64 + TotalBytes int64 + type FileHashes struct + MD5 string + SHA1 string + SHA256 string + func ComputeFileHashes(filepath string) (FileHashes, error) + func ComputeHashes(data []byte) FileHashes + type FileMetadata struct + ConnectionUID string + ContentType string + Encoding []string + FTPCommand string + Filename string + FlowDirection string + HTTPMethod string + HTTPStatusCode int + HTTPURL string + Host string + SMBPath string + SMBShare string + type FileReassembler struct + func NewFileReassembler(totalSize int64) *FileReassembler + func (fr *FileReassembler) AddChunk(offset int64, data []byte) + func (fr *FileReassembler) GetMissingBytes() int64 + func (fr *FileReassembler) GetSeenBytes() int64 + func (fr *FileReassembler) IsComplete() bool + func (fr *FileReassembler) Reassemble(includeMissing bool) ([]byte, error) + type HashAlgorithmsConfig struct + MD5 bool + SHA1 bool + SHA256 bool + type IncompleteFilesConfig struct + IncompletePrefix string + WriteIncomplete bool + type MIMESignature struct + Ext string + MIME string + Magic []byte + Offset int + type MimeTypesConfig struct + Blacklist []string + Whitelist []string + type ProtocolsConfig struct + FTP bool + HTTP bool + IMAP bool + IRC bool + POP3 bool + SMB bool + SMTP bool + type ReassemblyConfig struct + AllowSparseFiles bool + Enabled bool + MaxBufferSize int64 + type SizeLimitsConfig struct + IncludeMissingBytes bool + MaxFileSize int64 + MaxFilesPerSession int + type StorageConfig struct + CompressStoredFiles bool + IncludeConnectionID bool + OrganizeByDate bool + OrganizeByMime bool + OrganizeByProtocol bool + type StreamingHashWriter struct + func NewStreamingHashWriter(file *os.File) *StreamingHashWriter + func (w *StreamingHashWriter) Close() error + func (w *StreamingHashWriter) GetHashes() FileHashes + func (w *StreamingHashWriter) Write(p []byte) (n int, err error) + type YaraScanner struct + func GetGlobalYaraScanner() *YaraScanner + func InitGlobalYaraScanner(rulesDir string) (*YaraScanner, error) + func NewYaraScanner(rulesDir string) (*YaraScanner, error) + func (ys *YaraScanner) LastLoad() time.Time + func (ys *YaraScanner) Reload() error + func (ys *YaraScanner) RuleCount() int + func (ys *YaraScanner) RulesDir() string + func (ys *YaraScanner) ScanBytes(data []byte) ([]string, error) + func (ys *YaraScanner) ScanFile(path string) ([]string, error) v0.7.6 Oct 25, 2025 v0.7.5 Oct 24, 2025 v0.7.4 Oct 24, 2025 v0.7.3 Oct 24, 2025 v0.7.2 Oct 24, 2025 v0.7.1 Oct 24, 2025 v0.7.0 Oct 22, 2025 v0.6.11 Jan 30, 2022 v0.6.10 Jan 22, 2022 v0.6.9 Jan 22, 2022 v0.6.8 Jan 22, 2022 v0.6.7 Jan 20, 2022 v0.6.6 Sep 16, 2021 Changes in this version + var Decoder = &decoder.AbstractDecoder + func ExtensionForContentType(typ string) string + func WriteFile(f *types.File)
Go to main page