cmd

package

v1.99.0 Latest Latest Go to latest Published: Aug 19, 2025 License: GPL-3.0 Imports: 19 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/hiforensics/fox

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func Execute() error

Constants ¶

This section is empty.

Variables ¶

View Source

var Fox = &cobra.Command{
	Use:     "fox",
	Short:   "The Swiss Army Knife for examining text files",
	Long:    "The Swiss Army Knife for examining text files",
	Args:    cobra.ArbitraryArgs,
	Version: app.Version,
	PreRun: func(cmd *cobra.Command, args []string) {
		flg := flags.Get()

		if flg.Credits {
			fmt.Printf("%d %s (%s)\n", time.Now().Year(), app.Company, app.Url)
			os.Exit(0)
		}

		if sys.Piped(os.Stdout) {
			flg.Print = true
		}

		if flg.Filters.Context > 0 {
			flg.Filters.Before = flg.Filters.Context
			flg.Filters.After = flg.Filters.Context
		}

		if flg.Opt.Raw {
			flg.Opt.NoConvert = true
			flg.Opt.NoDeflate = true
			flg.Opt.NoPlugins = true
		}

		if flg.Opt.Readonly {
			flg.Opt.NoPlugins = true
			flg.Bag.No = true
		}

		if flg.Bag.No {
			flg.Bag.Mode = flags.BagModeNone
		}

		if flg.Alias.Text {
			flg.Bag.Mode = flags.BagModeText
		}

		if flg.Alias.Json {
			flg.Bag.Mode = flags.BagModeJson
		}

		if flg.Alias.Jsonl {
			flg.Bag.Mode = flags.BagModeJsonl
		}

		if flg.Alias.Xml {
			flg.Bag.Mode = flags.BagModeXml
		}

		if flg.Alias.Sqlite {
			flg.Bag.Mode = flags.BagModeSqlite
		}

		if flg.Alias.Logstash {
			flg.Bag.Url = flags.BagUrlLogstash
		}

		if flg.Hex {
			flg.UI.Mode = mode.Hex
		}

		if len(flg.Filters.Patterns) > 0 {
			flg.UI.Mode = mode.Grep
		}

		if len(flg.AI.Query) > 0 && !flg.Print {
			sys.Exit("query requires print")
		}

		if len(flg.UI.State) > 0 {
			re := regexp.MustCompile("[^-nwtNWT]+")

			flg.UI.State = re.ReplaceAllString(flg.UI.State, "")
		}
	},
	Run: func(cmd *cobra.Command, args []string) {
		if !flags.Get().Print {
			ui.Start(args, types.None)
		} else if len(args) == 0 {
			fmt.Print(Usage)
			os.Exit(0)
		} else {
			exec(args)
		}
	},
	SilenceUsage: true,
}

View Source

var Usage = fmt.Sprintf(app.Ascii+`
The Swiss Army Knife for examining text files (%s)

Usage:
  fox [ACTION] [FLAG ...] [PATH ...]

Positional arguments:
  Path(s) to open or '-' for STDIN

Actions:
  counts                   display line and byte counts
  deflate                  deflate compressed files
  entropy                  display file entropy
  hash                     display file hash sums
  strings                  display ASCII and Unicode strings

Print:
  -p, --print              print directly to console
      --no-file            don't print filenames
      --no-line            don't print line numbers

Deflate:
      --pass=PASSWORD      decrypt with password (RAR, ZIP)

Hex display:
  -x, --hex                show file in canonical hex

File limits:
  -h, --head               limit head of file by ...
  -t, --tail               limit tail of file by ...
  -n, --lines[=NUMBER]     number of lines (default: 10)
  -c, --bytes[=NUMBER]     number of bytes (default: 16)

Line filter:
  -e, --regexp=PATTERN     filter for lines that match pattern
  -C, --context=NUMBER     number of lines surrounding context of match
  -B, --before=NUMBER      number of lines leading context before match
  -A, --after=NUMBER       number of lines trailing context after match

AI flags:
  -m, --model=MODEL        AI model for the agent to use
  -q, --query=QUERY        AI query for the agent to process

UI flags:
      --state={N|W|T|-}    sets the used UI state flags
      --theme=THEME        sets the used UI theme

Evidence:
  -f, --file=FILE          evidence bag file name (default: "evidence")
      --mode=MODE          evidence bag file mode (default: "raw")
                             NONE, RAW, TEST, JSON, JSONL, XML, SQLITE

  -s, --sign[=PHRASE]      sign evidence bag via (HMAC-)SHA256
  -u, --url=URL            url to also send evidence data too
      --no-bag             don't write an evidence bag

Disable:
  -R, --readonly           don't write any new files
  -r, --raw                don't process files at all
      --no-convert         don't convert automatically
      --no-deflate         don't deflate automatically
      --no-plugins         don't run any plugins

Aliases:
  -L, --logstash           short for --url=http://localhost:8080
  -T, --text               short for --mode=text
  -j, --json               short for --mode=json
  -J, --jsonl              short for --mode=jsonl
  -S, --sqlite             short for --mode=sqlite
  -X, --xml                short for --mode=xml

Standard:
      --help               shows this message
      --credits            shows the credits
      --version            shows the version

Example: print matching lines
  $ fox -pe "John Doe" ./**/*.evtx

Example: print content hashes
  $ fox hash -pt sha1 files.zip

Example: print first sector in hex
  $ fox -pxhc=512 image.dd > mbr

Type "fox help COMMAND" for more help...
`, app.Version)

Functions ¶

func Execute ¶

func Execute() error

Types ¶

This section is empty.

Source Files ¶

View all Source files

fox.go

Directories ¶

Path	Synopsis
actions

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL