recon

a fast Rust based CLI that uses SQL to query over files, code, or malware with content classification and processing for security experts
recon logo

Here is a Markdown description of the recon tool:

Recon: A File System Explorer

A flexible and powerful file system explorer that can be used to catalog, analyze, and visualize large collections of files. Recon uses a SQLite database to store information about each file, allowing for fast querying and analysis.


Key Features

  • Walks the file system and indexes all files
  • Computes various fields such as size, type, creation date, modification date, and more
  • Allows for ad-hoc querying using SQL-like syntax
  • Supports filtering and sorting of results
  • Can output data in various formats, including CSV and JSON

Configuration

Recon can be configured to customize its behavior. This is done by specifying a configuration file that defines the fields to compute and the queries to run.


Cache Behavior

Recon uses a SQLite database for caching, querying, and capturing data. The default cache file is recon.db, but this can be changed using the -f flag. An in-memory database can also be used by specifying the special file name :memory:.


Selecting Fields

Recon provides a list of available fields that can be selected for querying. This list includes computed fields such as size, type, and creation date, as well as other metadata about each file.


Using Computed Fields

Computed fields are fields that are either compute-intensive or not always needed. These fields can be included in queries by specifying the field name in the SQL-like syntax used for querying.


Shell Scripts

Recon can be used in shell scripts to automate tasks and workflows. This is done using the xargs command, which allows you to specify extra actions to run on files that are discovered during a query.


Capturing Remote State

Recon provides several options for capturing remote state, including sending data out as JSON or CSV, and shipping the entire database file off the machine.


Running on Large Folders or Complete Disks

Recon can run without interruption on very large folders. Each run consists of two stages: walking the file system and processing compute-intensive fields. The -u flag allows you to make recon always update the DB before running a query, which makes it easier to resume a scan that was interrupted.


Contributing

We are accepting PRs! If you'd like to contribute to the development of Recon, please submit a pull request.


License

Recon is licensed under the MIT License.





> Visit recon Website <
Best Search
Popular Tags