Code Monkey home page Code Monkey logo

nugget's Introduction

Nugget

Nugget is a domain specific language (DSL) for Digital Forensics. This is alpha software - expect bugs.

Quickstart

A docker container is provided which has sample forensic targets pre-loaded. Example Nugget queries are also included. To use:

docker pull cdstelly/nugget
docker run -it cdstelly/nugget
$ cd /nugget
$ ./nugget -input input.nug

Building

The current alpha build depends upon libpcap for network forensics, have them installed.

To build from source:

git clone https://github.com/cdstelly/nugget.git
cd nugget
export GOPATH=`pwd`
go get ...
go build github.com/cdstelly/nugget

Using

After either building from source or downloading binaries:

$ ./nugget -h
Usage of ./nugget:
  -assembly_debug_log
        If true, the github.com/google/gopacket/tcpassembly library will log verbose debugging information (at least one line per packet)
  -assembly_memuse_log
        If true, the github.com/google/gopacket/tcpassembly library will log information regarding its memory use every once in a while.
  -input string
        Path to input
  -interactive
        Interactive mode

Examples

nugget> myhashes = "file.dd" | extract  as ntfs | filter filename == "*.pdf",ctime>"01/01/01" | md5
nugget> print myhashes.digest
    [{c10c4d40735cc699bd16d4d18c2c6b09} {cc285f386f167c2206dd9ff6546dcd0a} ... }]

nugget> mypcap = "G:\school\sample.pcap" | extract as pcap
nugget> myhttp = mypcap | filter packetfilter == "tcp and port 80 and http"
nugget> print myhttp 
    [ GET /site=0000127709/mnum=0000162763/genr=1/logs=0/mdtm=1077726643/bins=1 HTTP/1.1
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Opera 7.11  [en]
    Host: opera2-servedby.advertising.com
    Accept: application/x-shockwave-flash,text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,video/x-mng,image/png,image/jpeg,image/gif;q=0.2,text/css,*/*;q=0.1
    Accept-Language: en
    ...

Expanding

Nugget provides a mechanism which allows non-technical users add functionality by generating templated code and inserting specified keywords into its own grammar. See grammar builder.

Bugs

Please use GitHub's issue tracker.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.