├── .gitattributes ├── .github └── workflows │ ├── go.yml │ ├── musl.yaml │ └── windows.yml ├── .gitignore ├── .golangci.yml ├── .wwhrd.yml ├── CLA.md ├── LICENSE ├── Makefile ├── README.md ├── accessors ├── acl.go ├── api.go ├── api_test.go ├── collector │ ├── collector.go │ ├── collector_test.go │ └── fixtures │ │ └── TestAutomaticDecryption.golden ├── data │ ├── data.go │ ├── data_test.go │ └── scope.go ├── deny.go ├── ewf │ ├── cache.go │ └── ewf.go ├── ext4 │ ├── ext4_accessor.go │ ├── ext4_accessor_linux.go │ └── utils.go ├── fat │ ├── fat_accessor.go │ └── utils.go ├── file │ ├── accessor_common.go │ ├── accessor_darwin.go │ ├── accessor_freebsd.go │ ├── accessor_linux.go │ ├── accessor_linux_test.go │ ├── accessor_test.go │ ├── auto_windows.go │ ├── cache.go │ ├── fixtures │ │ └── TestLinuxSymlinks.golden │ ├── instrument.go │ ├── json.go │ ├── os_windows.go │ ├── security.go │ └── security_test.go ├── file_store │ ├── accessor.go │ ├── accessor_test.go │ ├── casing.go │ ├── fixtures │ │ └── TestSparseFiles.golden │ ├── permissions.go │ └── permissions_test.go ├── file_store_file_info │ └── file_info.go ├── fixtures │ ├── TestOSPathHumanString.golden │ ├── TestOSPathOperationsAppendComponents.golden │ ├── TestOSPathOperationsTrimComponents.golden │ ├── TestVQLParsing.golden │ └── TestVirtualFileInfo.golden ├── json.go ├── manager.go ├── manipulators.go ├── manipulators_test.go ├── mount.go ├── mount_test.go ├── mscfb │ ├── mscfb_accessor.go │ ├── reader.go │ └── utils.go ├── ntfs │ ├── cache.go │ ├── fixtures │ │ ├── TestNTFSFilesystemAccessor.golden │ │ └── TestNTFSFilesystemAccessorRemapping.golden │ ├── instrument.go │ ├── mft.go │ ├── mft_test.go │ ├── ntfs_accessor.go │ ├── ntfs_accessor_test.go │ ├── ntfs_accessor_windows.go │ ├── ntfs_cache.go │ ├── readers │ │ ├── ntfs_reader.go │ │ └── tracker.go │ └── vss.go ├── offset │ ├── offset.go │ └── offset_test.go ├── overlay │ ├── fixtures │ │ └── TestOverlay.golden │ ├── overlay.go │ └── overlay_test.go ├── pathspec.go ├── pipe │ └── pipe.go ├── process │ ├── doc.go │ ├── process_address_space.go │ ├── process_address_space_darwin.go │ ├── process_address_space_darwin_nocgo.go │ ├── process_address_space_linux.go │ └── process_address_space_windows.go ├── protocols.go ├── pst │ ├── cache.go │ ├── doc.go │ └── pst_accessor.go ├── raw_file │ └── raw_file.go ├── raw_registry │ ├── cache.go │ ├── fixtures │ │ └── TestAccessorRawReg.golden │ ├── lru.go │ ├── raw_registry.go │ ├── raw_registry_test.go │ └── value_buffer.go ├── registry │ ├── cache.go │ ├── doc.go │ ├── fixtures │ │ └── TestRegistrtFilesystemAccessor.golden │ ├── lru.go │ ├── registry_windows.go │ ├── registry_windows_test.go │ └── values.go ├── s3 │ ├── docs.go │ ├── file_info.go │ ├── reader.go │ ├── s3.go │ └── session.go ├── scope.go ├── smb │ ├── cache.go │ ├── manipulator.go │ └── smb.go ├── sparse │ ├── ranged.go │ ├── sparse.go │ └── sparse_test.go ├── ssh │ ├── file_info.go │ ├── session.go │ └── ssh.go ├── utils.go ├── vfs │ ├── fixtures │ │ └── TestVFSAccessor.golden │ ├── vfs.go │ └── vfs_test.go ├── vhdx │ ├── cache.go │ └── vhdx.go ├── virtual.go ├── virtual_test.go ├── vmdk │ ├── cache.go │ └── vmdk.go ├── vql_arg_parser.go ├── vql_arg_parser_test.go ├── winpmem │ ├── logger.go │ └── winpmem.go └── zip │ ├── accessor.go │ ├── fixtures │ ├── TestReferenceCount.golden │ └── TestReferenceCountNested.golden │ ├── gzip.go │ ├── gzip_test.go │ ├── me.go │ ├── zip.go │ └── zip_test.go ├── acls ├── acls.go ├── api.go ├── lockdown.go ├── policy.go ├── proto │ ├── acl.pb.go │ └── acl.proto ├── roles.go └── utils.go ├── actions ├── client_info.go ├── events.go ├── events_test.go ├── progress.go ├── proto │ ├── transport.pb.go │ ├── transport.proto │ ├── vql.pb.go │ └── vql.proto ├── query_log.go ├── test_data │ ├── client.config.yaml │ └── hello.txt ├── tracker.go ├── transactions.go ├── transactions_test.go ├── utils_test.go ├── vql.go └── vql_test.go ├── api ├── api.go ├── artifacts.go ├── assets.go ├── auth.go ├── authenticators │ ├── auth.go │ ├── azure.go │ ├── basic.go │ ├── certs.go │ ├── claims.go │ ├── common.go │ ├── github.go │ ├── google.go │ ├── http.go │ ├── ip_filter.go │ ├── logging.go │ ├── multiple.go │ ├── oidc.go │ ├── oidc_cognito.go │ ├── orgs.go │ ├── saml.go │ ├── template.go │ └── users.go ├── builder.go ├── clients.go ├── csrf.go ├── datastore.go ├── datastore_test.go ├── docs.go ├── download.go ├── events.go ├── events_test.go ├── filesearch.go ├── fixtures │ ├── TestBasicAuthenticator.golden │ ├── TestDatastore.golden │ └── TestMultiAuthenticator.golden ├── flows.go ├── handlers.go ├── health.go ├── hunts.go ├── instrument.go ├── mock │ ├── api_mock.go │ └── gen.go ├── notebooks.go ├── proto │ ├── api.pb.go │ ├── api.pb.gw.go │ ├── api.proto │ ├── api_grpc.pb.go │ ├── artifacts.pb.go │ ├── artifacts.proto │ ├── clients.pb.go │ ├── clients.proto │ ├── completions.pb.go │ ├── completions.proto │ ├── csv.pb.go │ ├── csv.proto │ ├── datastore.pb.go │ ├── datastore.proto │ ├── download.pb.go │ ├── download.proto │ ├── flows.pb.go │ ├── flows.proto │ ├── health.pb.go │ ├── health.proto │ ├── hunts.pb.go │ ├── hunts.proto │ ├── notebooks.pb.go │ ├── notebooks.proto │ ├── objects.pb.go │ ├── objects.proto │ ├── orgs.pb.go │ ├── orgs.proto │ ├── scheduler.pb.go │ ├── scheduler.proto │ ├── secrets.pb.go │ ├── secrets.proto │ ├── server_state.pb.go │ ├── server_state.proto │ ├── timeline_api.pb.go │ ├── timeline_api.proto │ ├── users.pb.go │ ├── users.proto │ ├── vfs_api.pb.go │ └── vfs_api.proto ├── proxy.go ├── proxy_test.go ├── query.go ├── reflect.go ├── reformat.go ├── replication.go ├── reports.go ├── scheduler.go ├── secrets.go ├── static.go ├── status.go ├── tables │ ├── doc.go │ ├── notebooks.go │ ├── table.go │ └── timelines.go ├── timelines.go ├── tools.go ├── upload.go ├── users.go ├── utils │ ├── grpc.go │ ├── mux.go │ └── utils.go ├── vfs.go └── vql.go ├── artifacts ├── assets │ ├── .gitignore │ └── docs.go ├── b0x.yaml ├── definitions │ ├── Admin │ │ └── Client │ │ │ ├── Remove.yaml │ │ │ ├── Uninstall.yaml │ │ │ ├── UpdateClientConfig.yaml │ │ │ └── Upgrade │ │ │ ├── Debian.yaml │ │ │ ├── RedHat.yaml │ │ │ └── Windows.yaml │ ├── Demo │ │ └── Plugins │ │ │ ├── Fifo.yaml │ │ │ └── GUI.yaml │ ├── Elastic │ │ ├── EventLogs │ │ │ └── Sysmon.yaml │ │ ├── Events │ │ │ └── Upload.yaml │ │ └── Flows │ │ │ └── Upload.yaml │ ├── Generic │ │ ├── Applications │ │ │ ├── Chrome │ │ │ │ └── SessionStorage.yaml │ │ │ └── Office │ │ │ │ └── Keywords.yaml │ │ ├── Client │ │ │ ├── CleanupTemp.yaml │ │ │ ├── DiskSpace.yaml │ │ │ ├── DiskUsage.yaml │ │ │ ├── Info.yaml │ │ │ ├── LocalLogs.yaml │ │ │ ├── LocalLogsRetrieve.yaml │ │ │ ├── Profile.yaml │ │ │ ├── Rekey.yaml │ │ │ ├── Stats.yaml │ │ │ ├── Trace.yaml │ │ │ └── VQL.yaml │ │ ├── Collectors │ │ │ └── File.yaml │ │ ├── Detection │ │ │ ├── HashHunter.yaml │ │ │ ├── Logs.yaml │ │ │ └── Yara │ │ │ │ ├── Glob.yaml │ │ │ │ └── Zip.yaml │ │ ├── Forensic │ │ │ ├── Carving │ │ │ │ └── URLs.yaml │ │ │ ├── HashLookup.yaml │ │ │ ├── LocalHashes │ │ │ │ ├── Glob.yaml │ │ │ │ ├── Init.yaml │ │ │ │ └── Query.yaml │ │ │ └── Timeline.yaml │ │ ├── Network │ │ │ └── InterfaceAddresses.yaml │ │ ├── System │ │ │ ├── EfiSignatures.yaml │ │ │ ├── HostsFile.yaml │ │ │ ├── ProcessSiblings.yaml │ │ │ └── Pstree.yaml │ │ └── Utils │ │ │ ├── DeadDiskRemapping.yaml │ │ │ ├── FetchBinary.yaml │ │ │ └── SendEmail.yaml │ ├── Linux │ │ ├── Applications │ │ │ ├── Chrome │ │ │ │ ├── Extensions.yaml │ │ │ │ └── Extensions │ │ │ │ │ └── Upload.yaml │ │ │ └── Docker │ │ │ │ ├── Info.yaml │ │ │ │ └── Version.yaml │ │ ├── Debian │ │ │ ├── AptSources.yaml │ │ │ └── Packages.yaml │ │ ├── Detection │ │ │ ├── AnomalousFiles.yaml │ │ │ └── Yara │ │ │ │ └── Process.yaml │ │ ├── Events │ │ │ ├── DNS.yaml │ │ │ ├── EBPF.yaml │ │ │ ├── HTTPConnections.yaml │ │ │ ├── Journal.yaml │ │ │ ├── ProcessExecutions.yaml │ │ │ ├── SSHBruteforce.yaml │ │ │ ├── SSHLogin.yaml │ │ │ └── TrackProcesses.yaml │ │ ├── Forensics │ │ │ ├── ImmutableFiles.yaml │ │ │ └── Journal.yaml │ │ ├── Mounts.yaml │ │ ├── Network │ │ │ ├── Netstat.yaml │ │ │ ├── NetstatEnriched.yaml │ │ │ └── PacketCapture.yaml │ │ ├── OSQuery │ │ │ └── Generic.yaml │ │ ├── Proc │ │ │ ├── Arp.yaml │ │ │ └── Modules.yaml │ │ ├── RHEL │ │ │ └── Packages.yaml │ │ ├── Remediation │ │ │ └── Quarantine.yaml │ │ ├── Search │ │ │ └── FileFinder.yaml │ │ ├── Ssh │ │ │ ├── AuthorizedKeys.yaml │ │ │ ├── KnownHosts.yaml │ │ │ └── PrivateKeys.yaml │ │ ├── SuSE │ │ │ └── Packages.yaml │ │ ├── Sys │ │ │ ├── ACPITables.yaml │ │ │ ├── BashHistory.yaml │ │ │ ├── BashShell.yaml │ │ │ ├── CPUTime.yaml │ │ │ ├── Crontab.yaml │ │ │ ├── Groups.yaml │ │ │ ├── LastUserLogin.yaml │ │ │ ├── LogGrep.yaml │ │ │ ├── LogHunter.yaml │ │ │ ├── Maps.yaml │ │ │ ├── Pslist.yaml │ │ │ ├── SUID.yaml │ │ │ ├── Services.yaml │ │ │ └── Users.yaml │ │ ├── Syslog │ │ │ └── SSHLogin.yaml │ │ ├── Triage │ │ │ └── ProcessMemory.yaml │ │ ├── Users │ │ │ ├── InteractiveUsers.yaml │ │ │ └── RootUsers.yaml │ │ └── Utils │ │ │ └── InstallDeb.yaml │ ├── LogScale │ │ ├── Events │ │ │ └── Clients.yaml │ │ └── Flows │ │ │ └── Upload.yaml │ ├── MacOS │ │ ├── Applications │ │ │ ├── Chrome │ │ │ │ └── History.yaml │ │ │ └── MRU.yaml │ │ ├── Detection │ │ │ ├── Autoruns.yaml │ │ │ └── InstallHistory.yaml │ │ ├── Forensics │ │ │ ├── AppleDoubleZip.yaml │ │ │ └── FSEvents.yaml │ │ ├── Network │ │ │ ├── Netstat.yaml │ │ │ └── PacketCapture.yaml │ │ ├── OSQuery │ │ │ └── Generic.yaml │ │ ├── Search │ │ │ └── FileFinder.yaml │ │ └── System │ │ │ ├── Dock.yaml │ │ │ ├── Packages.yaml │ │ │ ├── Plist.yaml │ │ │ ├── QuarantineEvents.yaml │ │ │ ├── TCC.yaml │ │ │ ├── TimeMachine.yaml │ │ │ ├── Users.yaml │ │ │ └── Wifi.yaml │ ├── Network │ │ └── ExternalIpAddress.yaml │ ├── Notebooks │ │ ├── Default.yaml │ │ ├── Demo.yaml │ │ ├── Sigma │ │ │ └── Studio.yaml │ │ ├── Timelines.yaml │ │ └── VQLx2.yaml │ ├── Reporting │ │ ├── Default.yaml │ │ └── Hunts │ │ │ └── Details.yaml │ ├── Server │ │ ├── Alerts │ │ │ ├── Notification.yaml │ │ │ ├── ProcessCreation.yaml │ │ │ ├── PsExec.yaml │ │ │ ├── TheHive │ │ │ │ ├── Alert.yaml │ │ │ │ └── Case.yaml │ │ │ ├── Trackaccount.yaml │ │ │ └── WinPmem.yaml │ │ ├── Audit │ │ │ └── Logs.yaml │ │ ├── Enrichment │ │ │ ├── CortexAnalyzer.yaml │ │ │ ├── Elasticsearch,yaml │ │ │ ├── GeoIP.yaml │ │ │ ├── GeoIPISP.yaml │ │ │ ├── GreyNoise.yaml │ │ │ ├── HybridAnalysis.yaml │ │ │ └── Virustotal.yaml │ │ ├── Hunts │ │ │ ├── AddFlow.yaml │ │ │ ├── CancelAndDelete.yaml │ │ │ ├── List.yaml │ │ │ └── Results.yaml │ │ ├── Import │ │ │ ├── ArtifactExchange.yaml │ │ │ ├── Extras.yaml │ │ │ └── PreviousReleases.yaml │ │ ├── Information │ │ │ ├── Clients.yaml │ │ │ └── Users.yaml │ │ ├── Internal │ │ │ ├── Alerts.yaml │ │ │ ├── ArtifactDescription.yaml │ │ │ ├── ArtifactModification.yaml │ │ │ ├── ClientConflict.yaml │ │ │ ├── ClientDelete.yaml │ │ │ ├── ClientInfo.yaml │ │ │ ├── ClientInfoSnapshot.yaml │ │ │ ├── ClientPing.yaml │ │ │ ├── ClientScheduled.yaml │ │ │ ├── ClientTasks.yaml │ │ │ ├── Enrollment.yaml │ │ │ ├── FrontendMetrics.yaml │ │ │ ├── HuntModification.yaml │ │ │ ├── HuntUpdate.yaml │ │ │ ├── Interrogate.yaml │ │ │ ├── Interrogation.yaml │ │ │ ├── Inventory.yaml │ │ │ ├── Label.yaml │ │ │ ├── MasterRegistrations.yaml │ │ │ ├── MetadataModifications.yaml │ │ │ ├── Notifications.yaml │ │ │ ├── Ping.yaml │ │ │ ├── Pong.yaml │ │ │ ├── ResumedUploads.yaml │ │ │ ├── TimelineAdd.yaml │ │ │ ├── ToolDependencies.tmpl │ │ │ ├── ToolDependencies.yaml │ │ │ ├── UserManager.yaml │ │ │ └── Welcome.yaml │ │ ├── Monitor │ │ │ ├── ClientConflict.yaml │ │ │ ├── Health.yaml │ │ │ ├── Profile.yaml │ │ │ ├── Shell.yaml │ │ │ └── VeloMetrics.yaml │ │ ├── Monitoring │ │ │ ├── ClientCount.yaml │ │ │ ├── ScheduleHunt.yaml │ │ │ └── TimesketchUpload.yaml │ │ ├── Orgs │ │ │ ├── ListOrgs.yaml │ │ │ └── NewOrg.yaml │ │ ├── Powershell │ │ │ └── EncodedCommand.yaml │ │ ├── Slack │ │ │ └── Clients │ │ │ │ └── Online.yaml │ │ └── Utils │ │ │ ├── AddTimeline.yaml │ │ │ ├── AddUser.yaml │ │ │ ├── BackupDirectory.yaml │ │ │ ├── BackupGCS.yaml │ │ │ ├── BackupS3.yaml │ │ │ ├── CancelHunt.yaml │ │ │ ├── CollectClient.yaml │ │ │ ├── CreateCollector.yaml │ │ │ ├── CreateLinuxPackages.yaml │ │ │ ├── CreateMSI.yaml │ │ │ ├── DeadDiskClient.yaml │ │ │ ├── DeleteClient.yaml │ │ │ ├── DeleteEvents.yaml │ │ │ ├── DeleteFavoriteFlow.yaml │ │ │ ├── DeleteFlow.yaml │ │ │ ├── DeleteManyFlows.yaml │ │ │ ├── DeleteMonitoringData.yaml │ │ │ ├── DeleteNotebook.yaml │ │ │ ├── ImportCollection.yaml │ │ │ ├── KillClient.yaml │ │ │ ├── ListUsers.yaml │ │ │ ├── Policy.yaml │ │ │ ├── RemoveTimeline.yaml │ │ │ ├── SaveFavoriteFlow.yaml │ │ │ ├── StartHuntExample.yaml │ │ │ ├── TimesketchUpload.yaml │ │ │ └── UploadTools.yaml │ ├── Splunk │ │ └── Flows │ │ │ └── Upload.yaml │ ├── System │ │ ├── Flow │ │ │ ├── Archive.yaml │ │ │ └── Completion.yaml │ │ ├── Hunt │ │ │ ├── Archive.yaml │ │ │ ├── Creation.yaml │ │ │ └── Participation.yaml │ │ ├── Upload │ │ │ └── Completion.yaml │ │ └── VFS │ │ │ ├── DownloadFile.yaml │ │ │ ├── Export.yaml │ │ │ └── ListDirectory.yaml │ ├── Triage │ │ └── Collection │ │ │ ├── Upload.yaml │ │ │ └── UploadTable.yaml │ └── Windows │ │ ├── ActiveDirectory │ │ └── SharpHound.yaml │ │ ├── Analysis │ │ └── EvidenceOfDownload.yaml │ │ ├── Applications │ │ ├── ChocolateyPackages.yaml │ │ ├── Chrome │ │ │ ├── Cookies.yaml │ │ │ ├── Extensions.yaml │ │ │ └── History.yaml │ │ ├── Edge │ │ │ ├── Favicons.yaml │ │ │ └── History.yaml │ │ ├── Firefox │ │ │ ├── Downloads.yaml │ │ │ └── History.yaml │ │ ├── IISLogs.yaml │ │ ├── MegaSync.yaml │ │ ├── NirsoftBrowserViewer.yaml │ │ ├── OfficeMacros.yaml │ │ ├── SBECmd.yaml │ │ └── TeamViewer │ │ │ └── Incoming.yaml │ │ ├── Attack │ │ ├── ParentProcess.yaml │ │ ├── Prefetch.yaml │ │ └── UnexpectedImagePath.yaml │ │ ├── Carving │ │ ├── CobaltStrike.yaml │ │ └── USN.yaml │ │ ├── Collectors │ │ └── Remapping.yaml │ │ ├── Detection │ │ ├── Amcache.yaml │ │ ├── BinaryHunter.yaml │ │ ├── BinaryRename.yaml │ │ ├── EnvironmentVariables.yaml │ │ ├── ForwardedImports.yaml │ │ ├── Impersonation.yaml │ │ ├── Mutants.yaml │ │ ├── ProcessCreation.yaml │ │ ├── PsexecService.yaml │ │ ├── PsexecService │ │ │ └── Kill.yaml │ │ ├── Registry.yaml │ │ ├── Service │ │ │ └── Upload.yaml │ │ ├── TemplateInjection.yaml │ │ ├── Thumbdrives │ │ │ ├── List.yaml │ │ │ ├── OfficeKeywords.yaml │ │ │ └── OfficeMacros.yaml │ │ ├── Usn.yaml │ │ ├── WMIProcessCreation.yaml │ │ ├── Yara │ │ │ ├── Device.yaml │ │ │ ├── NTFS.yaml │ │ │ ├── PhysicalMemory.yaml │ │ │ ├── Process.yaml │ │ │ └── UEFI.yaml │ │ └── YaraX │ │ │ └── Glob.yaml │ │ ├── ETW │ │ ├── DNS.yaml │ │ ├── DNSQueriesServer.yaml │ │ ├── DotNetRundown.yaml │ │ ├── ETWSessions.yaml │ │ ├── EdgeURLs.yaml │ │ ├── KernelFile.yaml │ │ ├── KernelNetwork.yaml │ │ ├── KernelProcess.yaml │ │ ├── Registry.yaml │ │ ├── ViewSessions.yaml │ │ └── WMIProcessCreate.yaml │ │ ├── EventLogs │ │ ├── AlternateLogon.yaml │ │ ├── Cleared.yaml │ │ ├── DHCP.yaml │ │ ├── Evtx.yaml │ │ ├── EvtxHunter.yaml │ │ ├── ExplicitLogon.yaml │ │ ├── Kerberoasting.yaml │ │ ├── Modifications.yaml │ │ ├── PowershellModule.yaml │ │ ├── PowershellScriptblock.yaml │ │ ├── RDPAuth.yaml │ │ ├── ScheduledTasks.yaml │ │ ├── ServiceCreationComspec.yaml │ │ ├── Symantec.yaml │ │ └── Telerik.yaml │ │ ├── Events │ │ ├── EventLogModifications.yaml │ │ ├── FailedLogBeforeSuccess.yaml │ │ ├── Kerberoasting.yaml │ │ ├── Mutants.yaml │ │ ├── ProcessCreation.yaml │ │ ├── ServiceCreation.yaml │ │ ├── TrackProcesses.yaml │ │ ├── TrackProcessesBasic.yaml │ │ ├── TrackProcessesETW.yaml │ │ └── Trackaccount.yaml │ │ ├── Forensics │ │ ├── Bam.yaml │ │ ├── BulkExtractor.yaml │ │ ├── CertUtil.yaml │ │ ├── FilenameSearch.yaml │ │ ├── JumpLists.yaml │ │ ├── Lnk.yaml │ │ ├── LocalHashes │ │ │ └── Usn.yaml │ │ ├── NotepadParser.yaml │ │ ├── PartitionTable.yaml │ │ ├── Prefetch.yaml │ │ ├── Pst.yaml │ │ ├── RDPCache.yaml │ │ ├── RecentApps.yaml │ │ ├── RecycleBin.yaml │ │ ├── SAM.yaml │ │ ├── SRUM.yaml │ │ ├── Shellbags.yaml │ │ ├── SolarwindsSunburst.yaml │ │ ├── Timeline.yaml │ │ ├── UEFI.yaml │ │ ├── UserAccessLogs.yaml │ │ └── Usn.yaml │ │ ├── KapeFiles │ │ ├── Extract.yaml │ │ └── Remapping.yaml │ │ ├── Memory │ │ ├── Acquisition.yaml │ │ ├── Intezer.yaml │ │ ├── PEDump.yaml │ │ ├── ProcessDump.yaml │ │ └── ProcessInfo.yaml │ │ ├── NTFS │ │ ├── ADSHunter.yaml │ │ ├── ExtendedAttributes.yaml │ │ ├── I30.yaml │ │ ├── MFT.yaml │ │ └── Recover.yaml │ │ ├── Network │ │ ├── ArpCache.yaml │ │ ├── ListeningPorts.yaml │ │ ├── Netstat.yaml │ │ ├── NetstatEnriched.yaml │ │ └── PacketCapture.yaml │ │ ├── OSQuery │ │ └── Generic.yaml │ │ ├── Packs │ │ ├── LateralMovement.yaml │ │ └── Persistence.yaml │ │ ├── Persistence │ │ ├── Debug.yaml │ │ ├── PermanentWMIEvents.yaml │ │ ├── PowershellProfile.yaml │ │ ├── PowershellRegistry.yaml │ │ ├── SilentProcessExit │ │ └── Wow64cpu.yaml │ │ ├── Registry │ │ ├── AppCompatCache.yaml │ │ ├── BackupRestore.yaml │ │ ├── EnableUnsafeClientMailRules.yaml │ │ ├── EnabledMacro.yaml │ │ ├── MountPoints2.yaml │ │ ├── NTUser.yaml │ │ ├── NTUser │ │ │ └── Upload.yaml │ │ ├── PortProxy.yaml │ │ ├── PuttyHostKeys.yaml │ │ ├── RDP.yaml │ │ ├── RecentDocs.yaml │ │ ├── Sysinternals │ │ │ └── Eulacheck.yaml │ │ ├── UserAssist.yaml │ │ └── WDigest.yaml │ │ ├── Remediation │ │ ├── Quarantine.yaml │ │ ├── QuarantineMonitor.yaml │ │ ├── ScheduledTasks.yaml │ │ └── Sinkhole.yaml │ │ ├── Search │ │ ├── FileFinder.yaml │ │ ├── SMBFileFinder.yaml │ │ ├── VSS.yaml │ │ ├── WSLFileFinder.yaml │ │ └── Yara.yaml │ │ ├── Sigma │ │ └── EventLogs.yaml │ │ ├── Sys │ │ ├── AllUsers.yaml │ │ ├── AppcompatShims.yaml │ │ ├── CertificateAuthorities.yaml │ │ ├── DiskInfo.yaml │ │ ├── Drivers.yaml │ │ ├── FirewallRules.yaml │ │ ├── Interfaces.yaml │ │ ├── PhysicalMemoryRanges.yaml │ │ ├── Programs.yaml │ │ ├── StartupItems.yaml │ │ └── Users.yaml │ │ ├── Sysinternals │ │ ├── Autoruns.yaml │ │ ├── SysmonInstall.yaml │ │ └── SysmonLogForward.yaml │ │ ├── System │ │ ├── Amcache.yaml │ │ ├── AuditPolicy.yaml │ │ ├── CatFiles.yaml │ │ ├── CmdShell.yaml │ │ ├── CriticalServices.yaml │ │ ├── DLLs.yaml │ │ ├── DNSCache.yaml │ │ ├── DomainRole.yaml │ │ ├── Handles.yaml │ │ ├── HostsFile.yaml │ │ ├── LocalAdmins.yaml │ │ ├── PowerShell.yaml │ │ ├── Powershell │ │ │ ├── ModuleAnalysisCache.yaml │ │ │ └── PSReadline.yaml │ │ ├── Pslist.yaml │ │ ├── RootCAStore.yaml │ │ ├── SVCHost.yaml │ │ ├── Services.yaml │ │ ├── Shares.yaml │ │ ├── Signers.yaml │ │ ├── TaskScheduler.yaml │ │ ├── Threads.yaml │ │ ├── UntrustedBinaries.yaml │ │ ├── VAD.yaml │ │ ├── VBScript.yaml │ │ └── WMIQuery.yaml │ │ ├── Timeline │ │ ├── MFT.yaml │ │ ├── Prefetch.yaml │ │ └── Registry │ │ │ └── RunMRU.yaml │ │ └── Triage │ │ └── SDS.yaml ├── obfuscation.go ├── proto │ ├── artifact.pb.go │ └── artifact.proto ├── testdata │ ├── files │ │ ├── 1.lnk │ │ ├── 3DBuilder.ResourceResolver.exe │ │ ├── 5f7b5f1e01b83767.automaticDestinations-ms │ │ ├── Amcache.hve │ │ ├── AppCompatCache │ │ │ ├── README.txt │ │ │ ├── Win10Creators_trunc.bin │ │ │ ├── Win10_trunc.bin │ │ │ ├── Win80_trunc.bin │ │ │ └── Win81_trunc.bin │ │ ├── CSDump.bin │ │ ├── CSSectionPE.zip.xor │ │ ├── CSShellcode.zip.xor │ │ ├── CSsectionStager.zip.xor │ │ ├── CSx86sleep.bin │ │ ├── ChromeHistory.sqlite │ │ ├── Collection-WIN-E5K9RC5GU23-2021-11-21T18_05_56-08_00.zip │ │ ├── Connection_incoming.txt │ │ ├── Current.mdb │ │ ├── DE_104_system_log_cleared.evtx │ │ ├── EID4103_PowershellModule.evtx │ │ ├── EID4104_PowershellScriptblock.evtx │ │ ├── EID4769_Kerberoasting.evtx │ │ ├── MBR │ │ ├── ModuleAnalysisCache │ │ ├── RDPAuth_LocalSessionManager.evtx │ │ ├── RDPAuth_RemoteConnectionManager.evtx │ │ ├── RDPAuth_Security.evtx │ │ ├── RDPAuth_System.evtx │ │ ├── SAM │ │ ├── SPApplicationsDataType.json │ │ ├── SecurityTasks.evtx │ │ ├── Security_1_record.evtx │ │ ├── Session Storage.zip │ │ ├── SystemIdentity.mdb │ │ ├── TaskScheduler.evtx │ │ ├── UsrClass.dat │ │ ├── VELOCIRAPTOR.EXE-DB95245D.pf │ │ ├── access.log │ │ ├── com.apple.dock.plist │ │ ├── compressedpe.zip │ │ ├── csv │ │ │ ├── autoruns.csv │ │ │ ├── bad.csv │ │ │ ├── exchange.log │ │ │ └── iis.log │ │ ├── debian │ │ │ ├── .gitattributes │ │ │ ├── au.archive.ubuntu.com_ubuntu_dists_jammy_InRelease │ │ │ ├── snaps.json │ │ │ ├── sources.list │ │ │ │ ├── misc.sources │ │ │ │ ├── osquery.list │ │ │ │ └── sources.list │ │ │ └── status │ │ ├── efi │ │ │ ├── db.bin │ │ │ └── dbx.bin │ │ ├── encrypted_collector_password.zip │ │ ├── encrypted_collector_pki.zip │ │ ├── evtx │ │ │ ├── Microsoft-Windows-Sysmon%4Operational.evtx │ │ │ └── proc_creation_win_whoami_as_system.yml │ │ ├── ext4_tests.zip │ │ ├── fat_very_small.dd │ │ ├── fs_events_00000000007cff3d │ │ ├── fs_events_000000002fc5e551 │ │ ├── goodbye.bz2 │ │ ├── hello.zip │ │ ├── hi.gz │ │ ├── history.sqlite │ │ ├── hosts │ │ ├── infected.zip.xor │ │ ├── keys │ │ │ ├── EncryptedRSAKeyPair.pem │ │ │ ├── UnencryptedED25519KeyPair.pem │ │ │ ├── UnencryptedRSAKeyPair.pem │ │ │ ├── encrypted.key.pem │ │ │ ├── pkcs8_encryped.pem │ │ │ ├── pkcs8_unencryped.pem │ │ │ └── unencrypted.key.pem │ │ ├── lines.txt │ │ ├── linux │ │ │ ├── authorized_keys │ │ │ ├── group │ │ │ └── passwd │ │ ├── logo.zip │ │ ├── malware.zip.xor │ │ ├── memory │ │ │ ├── 9604 │ │ │ └── 9604.idx │ │ ├── nested.zip │ │ ├── notepad │ │ │ ├── SavedFile-LargeCopyPaste-Closed.bin │ │ │ ├── SavedFile-LargeCopyPaste-NotClosed.bin │ │ │ └── SavedFile-Long.0.bin │ │ ├── notnbt.exe │ │ ├── ntexe.cat │ │ ├── ntuser.dat │ │ ├── password.txt.lnk │ │ ├── pst │ │ │ └── Outlook.pst │ │ ├── root_store_reg.bin │ │ ├── system.journal.zip │ │ ├── tar_test.tgz │ │ ├── test.docx │ │ ├── test.elf │ │ ├── test.ntfs.dd │ │ ├── test.ntfs.dd.E01 │ │ ├── test.odt │ │ ├── test.vhdx.zip │ │ ├── test.yarac │ │ ├── test.zip │ │ ├── unencrypted_collector.zip │ │ ├── vagrant.plist │ │ ├── winpmem_x64.sys │ │ ├── wkscli.dll │ │ ├── wtmp.1 │ │ ├── yara_test.txt │ │ └── {03A01CC5-91BB-4936-B685-63697785D39E}.mdb │ ├── manual │ │ ├── Custom.Test.Artifact.Deps.yaml │ │ ├── Custom.Test.Artifact.Types.yaml │ │ ├── Error.yaml │ │ ├── MultiColumns.yaml │ │ ├── README │ │ ├── Server.Sleep.yaml │ │ ├── Sleep.yaml │ │ ├── Test.Crash.yaml │ │ ├── Test.Sparse.yaml │ │ ├── TestLog.yaml │ │ ├── Upload.Limits.yaml │ │ └── Work.yaml │ ├── server │ │ ├── .gitignore │ │ ├── README.txt │ │ ├── client_idx │ │ │ ├── all │ │ │ │ └── c.4 │ │ │ │ │ └── f5e │ │ │ │ │ └── 52a │ │ │ │ │ └── df0 │ │ │ │ │ └── a33 │ │ │ │ │ └── 7a9 │ │ │ │ │ └── C.4f5e52adf0a337a9.db │ │ │ ├── des │ │ │ │ └── kto │ │ │ │ │ └── p-6 │ │ │ │ │ └── cbj │ │ │ │ │ └── 8mj │ │ │ │ │ └── c.4 │ │ │ │ │ └── f5e │ │ │ │ │ └── 52a │ │ │ │ │ └── df0 │ │ │ │ │ └── a33 │ │ │ │ │ └── 7a9 │ │ │ │ │ └── C.4f5e52adf0a337a9.db │ │ │ └── hos │ │ │ │ └── t%3Ad │ │ │ │ └── esk │ │ │ │ └── top │ │ │ │ └── -6c │ │ │ │ └── bj8 │ │ │ │ └── mjc │ │ │ │ └── %2E4f │ │ │ │ └── 5e5 │ │ │ │ └── 2ad │ │ │ │ └── f0a │ │ │ │ └── 337 │ │ │ │ └── a9 │ │ │ │ └── C.4f5e52adf0a337a9.db │ │ ├── clients │ │ │ ├── .gitignore │ │ │ ├── C.4f5e52adf0a337a9.db │ │ │ └── C.4f5e52adf0a337a9 │ │ │ │ ├── artifacts │ │ │ │ ├── System.VFS.ListDirectory │ │ │ │ │ ├── F.BN2HJBD1R85EA.json │ │ │ │ │ └── F.BN2HJBD1R85EA.json.index │ │ │ │ ├── Windows.Applications.ChocolateyPackages │ │ │ │ │ ├── F.BN2HP3OSS3LK6.csv │ │ │ │ │ └── F.BN2HP3OSS3LK6.json │ │ │ │ └── Windows.Network.NetstatEnriched │ │ │ │ │ └── F.BSJMEJIPT6P9I │ │ │ │ │ └── Netstat.json │ │ │ │ ├── collections │ │ │ │ ├── F.BN21C7HOQ10VQ.db │ │ │ │ ├── F.BN21C7HOQ10VQ │ │ │ │ │ ├── logs │ │ │ │ │ └── task.db │ │ │ │ ├── F.BN2HJBD1R85EA.db │ │ │ │ ├── F.BN2HJBD1R85EA │ │ │ │ │ ├── logs.json │ │ │ │ │ ├── logs.json.index │ │ │ │ │ ├── task.db │ │ │ │ │ ├── uploads.json │ │ │ │ │ ├── uploads.json.index │ │ │ │ │ └── uploads │ │ │ │ │ │ └── sparse │ │ │ │ │ │ ├── X.txt │ │ │ │ │ │ └── X.txt.idx │ │ │ │ ├── F.BN2HJCPOF5U7U.db │ │ │ │ ├── F.BN2HJCPOF5U7U │ │ │ │ │ ├── logs │ │ │ │ │ ├── task.db │ │ │ │ │ ├── uploads.json │ │ │ │ │ └── uploads │ │ │ │ │ │ └── file │ │ │ │ │ │ └── C%3A │ │ │ │ │ │ └── 1.zip │ │ │ │ ├── F.BN2HP3OSS3LK6.db │ │ │ │ ├── F.BN2HP3OSS3LK6 │ │ │ │ │ ├── logs.json │ │ │ │ │ └── task.db │ │ │ │ ├── F.BSJMEJIPT6P9I.json.db │ │ │ │ ├── F.BSJMEJIPT6P9I │ │ │ │ │ ├── logs.json │ │ │ │ │ ├── stats.json.db │ │ │ │ │ └── task.db │ │ │ │ ├── F.Monitoring.db │ │ │ │ └── F.Monitoring │ │ │ │ │ └── logs │ │ │ │ ├── key.db │ │ │ │ ├── monitoring │ │ │ │ ├── Generic.Client.Stats │ │ │ │ │ ├── 2021-12-07.json │ │ │ │ │ └── 2021-12-07.json.tidx │ │ │ │ └── Windows.Events.ProcessCreation │ │ │ │ │ ├── 2019-10-25.json │ │ │ │ │ └── 2019-10-25.json.tidx │ │ │ │ ├── monitoring_logs │ │ │ │ └── Generic.Client.Stats │ │ │ │ │ ├── 2021-12-07.json │ │ │ │ │ └── 2021-12-07.json.tidx │ │ │ │ ├── ping.json.db │ │ │ │ ├── vfs │ │ │ │ ├── file.db │ │ │ │ ├── file │ │ │ │ │ └── C%3A.db │ │ │ │ ├── ntfs.db │ │ │ │ └── ntfs │ │ │ │ │ └── C%3A.db │ │ │ │ └── vfs_files │ │ │ │ └── file │ │ │ │ └── C%3A │ │ │ │ └── 1.zip.db │ │ ├── downloads │ │ │ └── .gitignore │ │ ├── hunt_index │ │ │ └── h.49ba8939 │ │ │ │ └── C.4f5e52adf0a337a9.db │ │ ├── hunts │ │ │ ├── H.19c0c0a2.db │ │ │ ├── H.19c0c0a2 │ │ │ │ ├── notebook │ │ │ │ │ └── N.H.19c0c0a2 │ │ │ │ │ │ └── NC.BUURUOMSSMJ5I │ │ │ │ │ │ ├── query_1.json │ │ │ │ │ │ └── query_1.json.index │ │ │ │ └── stats.db │ │ │ ├── H.49ba8939.db │ │ │ ├── H.49ba8939.json │ │ │ └── H.49ba8939 │ │ │ │ └── stats.db │ │ ├── notebooks │ │ │ ├── N.CG74N2JSSV75S.json.db │ │ │ └── N.CG74N2JSSV75S │ │ │ │ ├── NC.CG74N2HMAK01C.json.db │ │ │ │ ├── NC.CG74N2HMAK01C │ │ │ │ ├── logs.json │ │ │ │ └── logs.json.index │ │ │ │ ├── NC.CG74N5GVJAA2E.json.db │ │ │ │ ├── NC.CG74N5GVJAA2E │ │ │ │ ├── logs.json │ │ │ │ ├── logs.json.index │ │ │ │ ├── query_1.json │ │ │ │ ├── query_1.json.index │ │ │ │ └── uploads │ │ │ │ │ └── test.txt │ │ │ │ └── files │ │ │ │ └── NA.CG75NPHSURTDQimage.png │ │ ├── server_artifacts │ │ │ └── Server.Monitor.Health │ │ │ │ └── Prometheus │ │ │ │ ├── 2020-11-08.json │ │ │ │ ├── 2020-11-08.json.index │ │ │ │ ├── 2023-09-07.json │ │ │ │ └── 2023-09-07.json.tidx │ │ └── testcases │ │ │ ├── README.md │ │ │ ├── accessors.in.yaml │ │ │ ├── accessors.out.yaml │ │ │ ├── alert.in.yaml │ │ │ ├── alert.out.yaml │ │ │ ├── amcache.in.yaml │ │ │ ├── amcache.out.yaml │ │ │ ├── appcompatcache.in.yaml │ │ │ ├── appcompatcache.out.yaml │ │ │ ├── application.in.yaml │ │ │ ├── application.out.yaml │ │ │ ├── array.in.yaml │ │ │ ├── array.out.yaml │ │ │ ├── artifacts.in.yaml │ │ │ ├── artifacts.out.yaml │ │ │ ├── atexit.in.yaml │ │ │ ├── atexit.out.yaml │ │ │ ├── binary_blobs.in.yaml │ │ │ ├── binary_blobs.out.yaml │ │ │ ├── binary_parsers.in.yaml │ │ │ ├── binary_parsers.out.yaml │ │ │ ├── chrome.in.yaml │ │ │ ├── chrome.out.yaml │ │ │ ├── clients.in.yaml │ │ │ ├── clients.out.yaml │ │ │ ├── cobalt.in.yaml │ │ │ ├── cobalt.out.yaml │ │ │ ├── cobalt2.in.yaml │ │ │ ├── cobalt2.out.yaml │ │ │ ├── collections.in.yaml │ │ │ ├── collections.out.yaml │ │ │ ├── columns.in.yaml │ │ │ ├── columns.out.yaml │ │ │ ├── common.in.yaml │ │ │ ├── common.out.yaml │ │ │ ├── crypto.in.yaml │ │ │ ├── crypto.out.yaml │ │ │ ├── csv.in.yaml │ │ │ ├── csv.out.yaml │ │ │ ├── debian.in.yaml │ │ │ ├── debian.out.yaml │ │ │ ├── delay.in.yaml │ │ │ ├── delay.out.yaml │ │ │ ├── detection.in.yaml │ │ │ ├── detection.out.yaml │ │ │ ├── dicts.in.yaml │ │ │ ├── dicts.out.yaml │ │ │ ├── doc.in.yaml │ │ │ ├── doc.out.yaml │ │ │ ├── downloads.in.yaml │ │ │ ├── downloads.out.yaml │ │ │ ├── efi.in.yaml │ │ │ ├── efi.out.yaml │ │ │ ├── eval.in.yaml │ │ │ ├── eval.out.yaml │ │ │ ├── evtx.in.yaml │ │ │ ├── evtx.out.yaml │ │ │ ├── ewf.in.yaml │ │ │ ├── ewf.out.yaml │ │ │ ├── execve.in.yaml │ │ │ ├── execve.out.yaml │ │ │ ├── export.in.yaml │ │ │ ├── export.out.yaml │ │ │ ├── ext4.in.yaml │ │ │ ├── ext4.out.yaml │ │ │ ├── fat.in.yaml │ │ │ ├── fat.out.yaml │ │ │ ├── fifo.in.yaml │ │ │ ├── fifo.out.yaml │ │ │ ├── file_finder.in.yaml │ │ │ ├── file_finder.out.yaml │ │ │ ├── filestore.in.yaml │ │ │ ├── filestore.out.yaml │ │ │ ├── functions.in.yaml │ │ │ ├── functions.out.yaml │ │ │ ├── generator.in.yaml │ │ │ ├── generator.out.yaml │ │ │ ├── grok.in.yaml │ │ │ ├── grok.out.yaml │ │ │ ├── hash.in.yaml │ │ │ ├── hash.out.yaml │ │ │ ├── hostsfile.in.yaml │ │ │ ├── hostsfile.out.yaml │ │ │ ├── http_client.in.yaml │ │ │ ├── http_client.out.yaml │ │ │ ├── hunts.in.yaml │ │ │ ├── hunts.out.yaml │ │ │ ├── import_artifacts.in.yaml │ │ │ ├── import_artifacts.out.yaml │ │ │ ├── import_collection.in.yaml │ │ │ ├── import_collection.out.yaml │ │ │ ├── ip.in.yaml │ │ │ ├── ip.out.yaml │ │ │ ├── json.in.yaml │ │ │ ├── json.out.yaml │ │ │ ├── kapefiles_extract.in.yaml │ │ │ ├── kapefiles_extract.out.yaml │ │ │ ├── kapefiles_remap.in.yaml │ │ │ ├── kapefiles_remap.out.yaml │ │ │ ├── kerberoasting.in.yaml │ │ │ ├── kerberoasting.out.yaml │ │ │ ├── labels.in.yaml │ │ │ ├── labels.out.yaml │ │ │ ├── link_to.in.yaml │ │ │ ├── link_to.out.yaml │ │ │ ├── linux_last_login.in.yaml │ │ │ ├── linux_last_login.out.yaml │ │ │ ├── linux_passwd.in.yaml │ │ │ ├── linux_passwd.out.yaml │ │ │ ├── linux_ssh_authorized_keys.in.yaml │ │ │ ├── linux_ssh_authorized_keys.out.yaml │ │ │ ├── linux_systemd.in.yaml │ │ │ ├── linux_systemd.out.yaml │ │ │ ├── localhashes.in.yaml │ │ │ ├── localhashes.out.yaml │ │ │ ├── logging.in.yaml │ │ │ ├── logging.out.yaml │ │ │ ├── loghunter.in.yaml │ │ │ ├── loghunter.out.yaml │ │ │ ├── lru.in.yaml │ │ │ ├── lru.out.yaml │ │ │ ├── macos.in.yaml │ │ │ ├── macos.out.yaml │ │ │ ├── magic.in.yaml │ │ │ ├── magic.out.yaml │ │ │ ├── materialize.in.yaml │ │ │ ├── materialize.out.yaml │ │ │ ├── memoize.in.yaml │ │ │ ├── memoize.out.yaml │ │ │ ├── mft.in.yaml │ │ │ ├── mft.out.yaml │ │ │ ├── mock.in.yaml │ │ │ ├── mock.out.yaml │ │ │ ├── monitoring.in.yaml │ │ │ ├── monitoring.out.yaml │ │ │ ├── mru.in.yaml │ │ │ ├── mru.out.yaml │ │ │ ├── netstat.in.yaml │ │ │ ├── netstat.out.yaml │ │ │ ├── notebook.in.yaml │ │ │ ├── notebook.out.yaml │ │ │ ├── notepad.in.yaml │ │ │ ├── notepad.out.yaml │ │ │ ├── ntfs.in.yaml │ │ │ ├── ntfs.out.yaml │ │ │ ├── ntfs_ea.in.yaml │ │ │ ├── ntfs_ea.out.yaml │ │ │ ├── ole.in.yaml │ │ │ ├── ole.out.yaml │ │ │ ├── orgs.in.yaml │ │ │ ├── orgs.out.yaml │ │ │ ├── paths.in.yaml │ │ │ ├── paths.out.yaml │ │ │ ├── pe.in.yaml │ │ │ ├── pe.out.yaml │ │ │ ├── pe_dump.in.yaml │ │ │ ├── pe_dump.out.yaml │ │ │ ├── pe_hunter.in.yaml │ │ │ ├── pe_hunter.out.yaml │ │ │ ├── pipe.in.yaml │ │ │ ├── pipe.out.yaml │ │ │ ├── pk.in.yaml │ │ │ ├── pk.out.yaml │ │ │ ├── plist.in.yaml │ │ │ ├── plist.out.yaml │ │ │ ├── prefetch.in.yaml │ │ │ ├── prefetch.out.yaml │ │ │ ├── process_tracker.in.yaml │ │ │ ├── process_tracker.out.yaml │ │ │ ├── profile.in.yaml │ │ │ ├── profile.out.yaml │ │ │ ├── protocols.in.yaml │ │ │ ├── protocols.out.yaml │ │ │ ├── pst.in.yaml │ │ │ ├── pst.out.yaml │ │ │ ├── quarantine.in.yaml │ │ │ ├── quarantine.out.yaml │ │ │ ├── raw_registry.in.yaml │ │ │ ├── raw_registry.out.yaml │ │ │ ├── regex.in.yaml │ │ │ ├── regex.out.yaml │ │ │ ├── remapping.in.yaml │ │ │ ├── remapping.out.yaml │ │ │ ├── remapping_registry.in.yaml │ │ │ ├── remapping_registry.out.yaml │ │ │ ├── remapping_ssh.in.yaml │ │ │ ├── remapping_ssh.out.yaml │ │ │ ├── remediation.in.yaml │ │ │ ├── remediation.out.yaml │ │ │ ├── results.in.yaml │ │ │ ├── results.out.yaml │ │ │ ├── rhel.in.yaml │ │ │ ├── rhel.out.yaml │ │ │ ├── secrets.in.yaml │ │ │ ├── secrets.out.yaml │ │ │ ├── sequence.in.yaml │ │ │ ├── sequence.out.yaml │ │ │ ├── shellbags.in.yaml │ │ │ ├── shellbags.out.yaml │ │ │ ├── sigma.in.yaml │ │ │ ├── sigma.out.yaml │ │ │ ├── sparse.in.yaml │ │ │ ├── sparse.out.yaml │ │ │ ├── sqlite.in.yaml │ │ │ ├── sqlite.out.yaml │ │ │ ├── ssh.in.yaml │ │ │ ├── ssh.out.yaml │ │ │ ├── suse.in.yaml │ │ │ ├── suse.out.yaml │ │ │ ├── templateinjection.in.yaml │ │ │ ├── templateinjection.out.yaml │ │ │ ├── templates.in.yaml │ │ │ ├── templates.out.yaml │ │ │ ├── time.in.yaml │ │ │ ├── time.out.yaml │ │ │ ├── timeline.in.yaml │ │ │ ├── timeline.out.yaml │ │ │ ├── tools.in.yaml │ │ │ ├── tools.out.yaml │ │ │ ├── ual.in.yaml │ │ │ ├── ual.out.yaml │ │ │ ├── users.in.yaml │ │ │ ├── users.out.yaml │ │ │ ├── util_sendmail.in.yaml │ │ │ ├── util_sendmail.out.yaml │ │ │ ├── verify.in.yaml │ │ │ ├── verify.out.yaml │ │ │ ├── vfs.in.yaml │ │ │ ├── vfs.out.yaml │ │ │ ├── vhdx.in.yaml │ │ │ ├── vhdx.out.yaml │ │ │ ├── yaml.in.yaml │ │ │ ├── yaml.out.yaml │ │ │ ├── yara.in.yaml │ │ │ ├── yara.out.yaml │ │ │ ├── yara_detection.in.yaml │ │ │ ├── yara_detection.out.yaml │ │ │ ├── yara_detection_zip.in.yaml │ │ │ ├── yara_detection_zip.out.yaml │ │ │ ├── yara_lint.in.yaml │ │ │ ├── yara_lint.out.yaml │ │ │ ├── yarax.in.yaml │ │ │ ├── yarax.out.yaml │ │ │ ├── zip.in.yaml │ │ │ └── zip.out.yaml │ └── windows │ │ ├── authenticode.in.yaml │ │ ├── authenticode.out.yaml │ │ ├── autoexec.in.yaml │ │ ├── autoexec.out.yaml │ │ ├── etw.in.yaml │ │ ├── etw.out.yaml │ │ ├── evtx.in.yaml │ │ ├── evtx.out.yaml │ │ ├── file.in.yaml │ │ ├── file.out.yaml │ │ ├── filesystem.in.yaml │ │ ├── filesystem.out.yaml │ │ ├── github_actions.config.yaml │ │ ├── init.reg │ │ ├── ntfs.in.yaml │ │ ├── ntfs.out.yaml │ │ ├── processes.in.yaml │ │ ├── processes.out.yaml │ │ ├── raw_reg.in.yaml │ │ ├── raw_reg.out.yaml │ │ ├── registry.in.yaml │ │ ├── registry.out.yaml │ │ ├── shell.in.yaml │ │ ├── shell.out.yaml │ │ ├── startup.in.yaml │ │ ├── startup.out.yaml │ │ ├── test.config.yaml │ │ ├── thread.in.yaml │ │ ├── thread.out.yaml │ │ ├── token.in.yaml │ │ ├── token.out.yaml │ │ ├── users.in.yaml │ │ ├── users.out.yaml │ │ ├── vss.in.yaml │ │ ├── vss.out.yaml │ │ ├── wmi.in.yaml │ │ ├── wmi.out.yaml │ │ ├── yara.in.yaml │ │ └── yara.out.yaml └── utils.go ├── bin ├── admin_generic.go ├── admin_windows.go ├── analysis_target.go ├── artifacts.go ├── banner.go ├── binary_test.go ├── browser.go ├── client.go ├── collector_test.go ├── config.go ├── config_merge.go ├── config_test.go ├── csv.go ├── deaddisk.go ├── deaddisk_test.go ├── debian.go ├── debug.go ├── deprecated.go ├── fixtures │ └── Serialization.golden ├── flags.go ├── frontend.go ├── fs.go ├── fuse_unix.go ├── golden.go ├── grant.go ├── gui.go ├── hunts.go ├── installer_darwin.go ├── installer_windows.go ├── logging.go ├── main.go ├── marshal.go ├── marshal_test.go ├── metrics.go ├── minions.go ├── mutant_windows.go ├── offline.go ├── offline_decrypt.go ├── panic.go ├── pool.go ├── prompt.go ├── proxy.go ├── query.go ├── reformat.go ├── repack.go ├── rpm.go ├── rsrc_windows_386.syso ├── rsrc_windows_amd64.syso ├── server_service_windows.go ├── timezone.go ├── tools.go ├── transforms.go ├── unzip.go ├── users.go ├── utils.go ├── verify.go ├── version.go └── vql.go ├── config ├── assets.go ├── b0x.yaml ├── client.go ├── config.go ├── default.yaml ├── doc.go ├── embedded.go ├── loader.go ├── migration.go ├── offline.sh ├── proto │ ├── config.pb.go │ └── config.proto └── validate.go ├── constants └── constants.go ├── crypto ├── api.go ├── b0x.yaml ├── ca-certificates.crt ├── ca.go ├── client │ ├── cipher.go │ ├── client.go │ ├── docs.go │ ├── lru.go │ ├── lru_test.go │ ├── manager.go │ └── resolver.go ├── crypto_test.go ├── doc.go ├── messages.go ├── proto │ ├── jobs.pb.go │ └── jobs.proto ├── root.go ├── server │ ├── docs.go │ └── manager.go ├── simple.go ├── simple_test.go ├── storage │ ├── fixtures │ │ ├── .gitignore │ │ ├── TestWritingAndReading.golden │ │ └── writeback.yaml │ ├── header.go │ ├── reader.go │ ├── server.go │ ├── storage_test.go │ └── writer.go ├── testing │ └── testing_utils.go ├── transport.go └── utils │ └── utils.go ├── datastore ├── datastore.go ├── datastore_test.go ├── filebased.go ├── filebased_benchmark_test.go ├── filebased_generic.go ├── filebased_supported.go ├── filebased_test.go ├── filebased_utils.go ├── fixtures │ └── TestDirectoryOverflow.golden ├── instrument.go ├── memcache.go ├── memcache_data.go ├── memcache_file.go ├── memcache_file_test.go ├── memcache_stats.go ├── memcache_test.go ├── readonly.go ├── remote.go ├── remote_test.go ├── test_data │ └── mysql.config.yaml └── utils.go ├── debian ├── changelog ├── compat ├── control ├── copyright ├── rules ├── velociraptor.config.yaml ├── velociraptor.init ├── velociraptor.install ├── velociraptor.nanny ├── velociraptor.postinst ├── velociraptor.preinst ├── velociraptor.service ├── velociraptor.substvars └── velociraptor.upstart ├── docs.go ├── docs ├── deadcode.yaml ├── elastic │ ├── README.md │ └── winlogbeat_schema.json ├── freebsd │ └── velociraptor.rc ├── monitoring │ ├── README.md │ ├── graphana.json │ └── prometheus.yaml ├── offline_collector │ ├── offline_collector.sh │ └── sample.spec.yaml ├── references │ ├── sample_config │ │ ├── Makefile │ │ ├── README.md │ │ ├── go.mod │ │ ├── go.sum │ │ └── main.go │ ├── server.config.yaml │ └── vql.yaml ├── saml │ └── README.md ├── winres │ ├── README.md │ ├── icon.png │ ├── winres.json │ └── winres_template.json └── wix │ ├── README.md │ ├── build_amd64.bat │ ├── build_x86.bat │ ├── icon.ico │ ├── output │ └── client.config.yaml │ ├── velociraptor_amd64.xml │ └── velociraptor_x86.xml ├── executor ├── crash.go ├── doc.go ├── executor.go ├── executor_test.go ├── fixtures │ └── TestFlowStatsRequest.golden ├── flows.go ├── nanny.go ├── nanny_test.go ├── pool.go ├── startup.go ├── stats.go ├── tempfile.go ├── testutils.go ├── throttler │ ├── cpu.go │ ├── cpu_linux.go │ ├── cpu_windows.go │ ├── stats_collector.go │ ├── throttler.go │ └── tracker.go └── transactions.go ├── file_store ├── api │ ├── adapter.go │ ├── compressed.go │ ├── extensions.go │ ├── file_store.go │ ├── instrument.go │ ├── paths.go │ ├── queues.go │ ├── utils.go │ └── walk.go ├── csv │ ├── doc.go │ ├── options.go │ ├── reader.go │ ├── reader_test.go │ ├── utils.go │ ├── writer.go │ └── writer_test.go ├── directory │ ├── buffer.go │ ├── directory.go │ ├── directory_test.go │ ├── fixtures │ │ ├── TestListChildrenComplicatedNames.golden │ │ └── TestListChildrenSameNameDifferentTypes.golden │ ├── listener.go │ ├── listener_test.go │ ├── queue.go │ ├── queue_test.go │ ├── reader.go │ └── writer.go ├── file_store.go ├── memcache │ ├── memcache.go │ ├── memcache_test.go │ └── profile.go ├── memory │ ├── compressed.go │ ├── fixtures │ │ ├── TestListChildrenComplicatedNames.golden │ │ └── TestListChildrenSameNameDifferentTypes.golden │ ├── memory.go │ ├── memory_test.go │ ├── queue.go │ ├── queue_test.go │ ├── reader.go │ └── writer.go ├── path_specs │ ├── fs_path_spec.go │ ├── path_specs.go │ └── utils.go ├── queue.go ├── test_utils │ ├── query.go │ ├── retry.go │ ├── server_config.go │ ├── testing.go │ ├── testsuite.go │ └── unzip.go ├── tests │ └── testsuite.go ├── uploader │ ├── sparse.go │ └── uploader.go └── utils.go ├── flows ├── artifacts.go ├── artifacts_test.go ├── client_flow_runner.go ├── client_flow_runner_test.go ├── client_info.go ├── collection_context.go ├── docs.go ├── fixtures │ ├── TestMonitoringAlerts.golden │ ├── TestVQLResponseRetransmission.golden │ └── compileFileFinderArgs.golden ├── housekeeping.go ├── limits.go ├── logs.go ├── monitoring.go └── proto │ ├── artifact_collector.pb.go │ ├── artifact_collector.proto │ ├── vfs.pb.go │ └── vfs.proto ├── glob ├── fileinfo.go ├── fixtures │ └── TestGlobWithContext.golden ├── glob.go ├── glob_test.go ├── protocol.go └── tracker.go ├── go.mod ├── go.sum ├── grpc_client ├── dummy.go └── grpc.go ├── gui ├── assets │ ├── .gitignore │ └── init.go └── velociraptor │ ├── .env │ ├── .env.production │ ├── .eslintignore │ ├── .eslintrc.cjs │ ├── .gitattributes │ ├── .gitignore │ ├── Makefile │ ├── README.md │ ├── b0x.yaml │ ├── build │ └── .keep │ ├── docs.go │ ├── package-lock.json │ ├── package.json │ ├── patches │ └── react-calendar-timeline+0.28.0.patch │ ├── src │ ├── App.jsx │ ├── components │ │ ├── artifacts │ │ │ ├── artifacts-link.jsx │ │ │ ├── artifacts-upload.css │ │ │ ├── artifacts-upload.jsx │ │ │ ├── artifacts.css │ │ │ ├── artifacts.jsx │ │ │ ├── line-charts.css │ │ │ ├── line-charts.jsx │ │ │ ├── new-artifact.jsx │ │ │ ├── reporting.css │ │ │ ├── reporting.jsx │ │ │ ├── sigma-editor.css │ │ │ ├── sigma-editor.jsx │ │ │ └── syntax.jsx │ │ ├── clients │ │ │ ├── client-link.css │ │ │ ├── client-link.jsx │ │ │ ├── client-status.css │ │ │ ├── client-status.jsx │ │ │ ├── client-summary.css │ │ │ ├── client-summary.jsx │ │ │ ├── client_info.jsx │ │ │ ├── clients-list.css │ │ │ ├── clients-list.jsx │ │ │ ├── host-info.css │ │ │ ├── host-info.jsx │ │ │ ├── inflight_viewer.jsx │ │ │ ├── label-form.jsx │ │ │ ├── metadata.jsx │ │ │ ├── search.css │ │ │ ├── search.jsx │ │ │ ├── shell-viewer.css │ │ │ └── shell-viewer.jsx │ │ ├── core │ │ │ ├── ace-config.jsx │ │ │ ├── ace.css │ │ │ ├── ace.jsx │ │ │ ├── api-service.jsx │ │ │ ├── api-service.test.jsx │ │ │ ├── column-resizer.jsx │ │ │ ├── keyboard-help.css │ │ │ ├── keyboard-help.jsx │ │ │ ├── mode-markdown.jsx │ │ │ ├── mode-regex.jsx │ │ │ ├── mode-sigma.jsx │ │ │ ├── mode-vql.jsx │ │ │ ├── mode-yaml.jsx │ │ │ ├── mode-yara.jsx │ │ │ ├── notimplemented.jsx │ │ │ ├── paged-table.css │ │ │ ├── paged-table.jsx │ │ │ ├── sanitize.jsx │ │ │ ├── snackbar.css │ │ │ ├── snackbar.jsx │ │ │ ├── stack.jsx │ │ │ ├── table.css │ │ │ ├── table.jsx │ │ │ ├── tree-cell.css │ │ │ ├── tree-cell.jsx │ │ │ └── user.jsx │ │ ├── events │ │ │ ├── delete.jsx │ │ │ ├── event-notebook.jsx │ │ │ ├── event-table.jsx │ │ │ ├── event-timeline.css │ │ │ ├── events.css │ │ │ ├── events.jsx │ │ │ ├── timeline-viewer.jsx │ │ │ └── utils.jsx │ │ ├── flows │ │ │ ├── client-flows-view.jsx │ │ │ ├── flow-full-notebook.jsx │ │ │ ├── flow-link.jsx │ │ │ ├── flow-logs.jsx │ │ │ ├── flow-notebook.jsx │ │ │ ├── flow-overview.jsx │ │ │ ├── flow-requests.jsx │ │ │ ├── flow-results.jsx │ │ │ ├── flow-uploads.jsx │ │ │ ├── flows-add-to-hunt.jsx │ │ │ ├── flows-inspector.jsx │ │ │ ├── flows-list.jsx │ │ │ ├── flows.css │ │ │ ├── new-collection.css │ │ │ ├── new-collection.jsx │ │ │ ├── new-collections-parameters.jsx │ │ │ ├── offline-collector.jsx │ │ │ ├── server-flows-view.jsx │ │ │ ├── transactions.jsx │ │ │ └── utils.jsx │ │ ├── forms │ │ │ ├── csv.jsx │ │ │ ├── dict.css │ │ │ ├── dict.jsx │ │ │ ├── form.jsx │ │ │ ├── forms.css │ │ │ ├── json_array.jsx │ │ │ ├── regex.css │ │ │ ├── regex.jsx │ │ │ ├── regex_array.jsx │ │ │ ├── upload.jsx │ │ │ ├── validated.css │ │ │ ├── validated_int.jsx │ │ │ └── yara.jsx │ │ ├── hunts │ │ │ ├── estimate.css │ │ │ ├── estimate.jsx │ │ │ ├── hunt-clients.jsx │ │ │ ├── hunt-full-notebook.jsx │ │ │ ├── hunt-inspector.jsx │ │ │ ├── hunt-list.jsx │ │ │ ├── hunt-notebook.jsx │ │ │ ├── hunt-overview.jsx │ │ │ ├── hunt-request.jsx │ │ │ ├── hunt.css │ │ │ ├── hunts.jsx │ │ │ ├── new-hunt.jsx │ │ │ └── orgs.jsx │ │ ├── i8n │ │ │ ├── README.md │ │ │ ├── de.json │ │ │ ├── de.jsx │ │ │ ├── de_automated.json │ │ │ ├── de_new.json │ │ │ ├── en.jsx │ │ │ ├── es.json │ │ │ ├── es.jsx │ │ │ ├── es_automated.json │ │ │ ├── es_new.json │ │ │ ├── fr.json │ │ │ ├── fr.jsx │ │ │ ├── fr_automated.json │ │ │ ├── fr_new.json │ │ │ ├── i8n.jsx │ │ │ ├── jp.json │ │ │ ├── jp.jsx │ │ │ ├── jp_automated.json │ │ │ ├── jp_new.json │ │ │ ├── por.json │ │ │ ├── por.jsx │ │ │ ├── por_automated.json │ │ │ ├── por_new.json │ │ │ ├── utils.jsx │ │ │ ├── vi.json │ │ │ ├── vi.jsx │ │ │ ├── vi_automated.json │ │ │ └── vi_new.json │ │ ├── notebooks │ │ │ ├── add-cell-from-flow.jsx │ │ │ ├── create-artifact-from-cell.jsx │ │ │ ├── downloads.jsx │ │ │ ├── export-notebook.jsx │ │ │ ├── full_notebook.jsx │ │ │ ├── logs.jsx │ │ │ ├── new-notebook.jsx │ │ │ ├── notebook-cell-renderer.css │ │ │ ├── notebook-cell-renderer.jsx │ │ │ ├── notebook-chart-renderer.jsx │ │ │ ├── notebook-copy-cell.jsx │ │ │ ├── notebook-delete.jsx │ │ │ ├── notebook-format-tables.jsx │ │ │ ├── notebook-navigator.css │ │ │ ├── notebook-navigator.jsx │ │ │ ├── notebook-renderer.jsx │ │ │ ├── notebook-report-renderer.jsx │ │ │ ├── notebook-table-renderer.jsx │ │ │ ├── notebook-uploads.jsx │ │ │ ├── notebook.jsx │ │ │ ├── notebooks-list.css │ │ │ ├── notebooks-list.jsx │ │ │ ├── table_view.css │ │ │ ├── table_view.jsx │ │ │ ├── timelines.css │ │ │ └── timelines.jsx │ │ ├── secrets │ │ │ ├── secrets.css │ │ │ └── secrets.jsx │ │ ├── server │ │ │ └── server-info.jsx │ │ ├── sidebar │ │ │ ├── hotkeys.jsx │ │ │ ├── navigator.css │ │ │ ├── navigator.jsx │ │ │ ├── user-dashboard.css │ │ │ ├── user-dashboard.jsx │ │ │ └── velo.svg │ │ ├── timeline │ │ │ ├── timeline.css │ │ │ └── timeline.jsx │ │ ├── tools │ │ │ ├── tool-viewer.css │ │ │ └── tool-viewer.jsx │ │ ├── users │ │ │ ├── add_orgs.jsx │ │ │ ├── add_user.jsx │ │ │ ├── edit-user.jsx │ │ │ ├── global-messages.css │ │ │ ├── global-messages.jsx │ │ │ ├── user-inspector.jsx │ │ │ ├── user-label.css │ │ │ ├── user-label.jsx │ │ │ └── user.css │ │ ├── utils │ │ │ ├── annotations.jsx │ │ │ ├── clock.css │ │ │ ├── clock.jsx │ │ │ ├── context.css │ │ │ ├── context.jsx │ │ │ ├── csv.jsx │ │ │ ├── hex.css │ │ │ ├── hex.jsx │ │ │ ├── json.css │ │ │ ├── json.jsx │ │ │ ├── json_parse.jsx │ │ │ ├── labels.jsx │ │ │ ├── log-level.css │ │ │ ├── log_level.jsx │ │ │ ├── number.css │ │ │ ├── number.jsx │ │ │ ├── paths.jsx │ │ │ ├── spinner.css │ │ │ ├── spinner.jsx │ │ │ ├── table.jsx │ │ │ ├── time.css │ │ │ ├── time.jsx │ │ │ ├── tree │ │ │ │ ├── tree.css │ │ │ │ └── tree.jsx │ │ │ ├── url.css │ │ │ ├── url.jsx │ │ │ ├── users.css │ │ │ ├── users.jsx │ │ │ └── value.jsx │ │ ├── vfs │ │ │ ├── browse-vfs.css │ │ │ ├── browse-vfs.jsx │ │ │ ├── file-list.css │ │ │ ├── file-list.jsx │ │ │ ├── file-stats.css │ │ │ ├── file-stats.jsx │ │ │ ├── file-tree.jsx │ │ │ ├── utils.jsx │ │ │ └── vfs-setter.jsx │ │ ├── welcome │ │ │ ├── Github-octocat-icon-vector-01.svg │ │ │ ├── Google-icon-vector-04.svg │ │ │ ├── Microsoft_Azure_Logo.svg │ │ │ ├── OpenID_logo.svg │ │ │ ├── login.css │ │ │ ├── login.jsx │ │ │ ├── logoff.jsx │ │ │ └── welcome.jsx │ │ └── widgets │ │ │ ├── datetime.css │ │ │ ├── datetime.jsx │ │ │ ├── download.jsx │ │ │ ├── logs.css │ │ │ ├── logs.jsx │ │ │ ├── pagination.jsx │ │ │ ├── preview_uploads.css │ │ │ ├── preview_uploads.jsx │ │ │ ├── search.css │ │ │ ├── search.jsx │ │ │ ├── tooltip.css │ │ │ └── tooltip.jsx │ ├── css │ │ ├── App.css │ │ ├── _variables.css │ │ └── index.css │ ├── fonts │ │ ├── fixedsysexcelsioriiib-l2-mono-webfont.woff2 │ │ ├── iosevka-term-bold-subset.woff2 │ │ ├── iosevka-term-medium-subset.woff2 │ │ ├── iosevka-term-regular-subset.woff2 │ │ ├── noto-sans-v27-latin-ext_latin-600.woff2 │ │ └── noto-sans-v27-latin-ext_latin-regular.woff2 │ ├── index.html │ ├── index.jsx │ ├── public │ │ ├── favicon.ico │ │ ├── manifest.json │ │ ├── robots.txt │ │ └── velo.svg │ ├── serviceWorker.js │ └── themes │ │ ├── coolgray-dark.css │ │ ├── github-dimmed-dark.css │ │ ├── github-light.css │ │ ├── midnight.css │ │ ├── ncurses-dark.css │ │ ├── ncurses-light.css │ │ ├── no-theme.css │ │ ├── pink-light.css │ │ ├── veloci-dark.css │ │ ├── veloci-docs.css │ │ ├── veloci-light.css │ │ └── vscode-dark.css │ ├── template.go │ └── vite.config.js ├── http_comms ├── comms.go ├── comms_test.go ├── doc.go ├── e2e_test.go ├── ring_buffer.go ├── ring_buffer_posix.go ├── ring_buffer_test.go ├── ring_buffer_tracker.go ├── ring_buffer_windows.go ├── sender.go ├── sender_test.go ├── service.go ├── test_data │ ├── client.config.yaml │ └── server.config.yaml ├── websocket.go ├── websocket_connection.go ├── websocket_test.go └── websocket_tracker.go ├── json ├── csv.go ├── csv_test.go ├── debug.go ├── fixtures │ ├── TestCSVUtils.golden │ ├── TestJsonFormat.golden │ └── TestJsonlShortcuts.golden ├── json.go ├── proto.go ├── protobuf.go ├── registry.go ├── shortcuts.go ├── shortcuts_test.go ├── string.go ├── timezone.go └── wrappers.go ├── logging ├── fixtures │ └── TestAuditLog.golden ├── formatter.go ├── levels.go ├── logging.go ├── logging_generic.go ├── logging_test.go ├── logging_windows.go ├── syslog_nonwindows.go └── syslog_windows.go ├── magefile.go ├── make.go ├── make_proto.sh ├── notifications ├── notifications.go └── notifications_test.go ├── paths ├── artifacts.go ├── artifacts │ ├── logs.go │ ├── paths.go │ └── paths_test.go ├── artifacts_test.go ├── backups.go ├── client.go ├── client_test.go ├── constants.go ├── dashboard.go ├── doc.go ├── flow_metadata.go ├── flow_metadata_test.go ├── forms.go ├── hunt_metadata.go ├── hunt_metadata_test.go ├── inventory.go ├── notebooks.go ├── notebooks_test.go ├── ntfs.go ├── ntfs_test.go ├── orgs.go ├── paths.go ├── paths_test.go ├── repository.go ├── secrets.go ├── server.go ├── temp.go ├── timelines.go ├── timelines_test.go ├── users.go ├── users_test.go └── utils.go ├── proto ├── flow_metadata.pb.go ├── flow_metadata.proto ├── semantic.pb.go └── semantic.proto ├── reporting ├── container.go ├── doc.go ├── expand.go ├── fixtures │ └── VQL2MarkdownConversion.golden ├── gui.go ├── logging.go ├── paths.go ├── profile.go ├── progress.go ├── report.go ├── result_sets.go ├── table.go ├── templates │ └── index.html ├── timelines.go ├── tmpfiles.go ├── uploader.go └── vql.go ├── responder ├── api.go ├── flow_context.go ├── flow_manager.go ├── monitoring.go ├── responder.go ├── testutils.go └── utils.go ├── result_sets ├── api.go ├── registration.go ├── simple │ ├── docs.go │ ├── fixtures │ │ ├── TestResultSets.golden │ │ ├── TestTransformFilter.golden │ │ └── TestTransformed.golden │ ├── simple.go │ ├── simple_test.go │ ├── sink.go │ ├── transformed.go │ ├── transformed_test.go │ ├── update.go │ └── wrapper.go └── timed │ ├── docs.go │ ├── factory.go │ ├── fixtures │ ├── TestTimedResultSetMigration.golden │ └── TestTimedResultSetWriting.golden │ ├── reader.go │ ├── reader_test.go │ ├── writer.go │ └── writer_test.go ├── scripts ├── api_checker.py ├── dlv.init ├── dlv.star ├── find_i8n_translations.py ├── mark_config.py └── sync_artifact_paths.py ├── security.md ├── server ├── comms.go ├── docs.go ├── enroll.go ├── limits.go ├── limits_linux.go ├── loadshed.go ├── metrics.go ├── server.go ├── startup.go └── websocket.go ├── services ├── acl_manager.go ├── acl_manager │ ├── acl_manager.go │ └── backup.go ├── alerts.go ├── audit.go ├── audit_manager │ └── audit_manager.go ├── backup.go ├── backup │ ├── backup.go │ ├── backup_test.go │ ├── delegates.go │ ├── fixtures │ │ └── TestBackups.golden │ └── tracker.go ├── broadcast.go ├── broadcast │ ├── broadcast.go │ └── tracker.go ├── client_info.go ├── client_info │ ├── backup.go │ ├── client_info.go │ ├── client_info_test.go │ ├── delete.go │ ├── housekeep.go │ ├── metadata.go │ ├── mutations.go │ ├── storage.go │ ├── tasks.go │ ├── tasks_test.go │ └── validate.go ├── client_monitoring.go ├── client_monitoring │ ├── client_monitoring.go │ ├── client_monitoring_test.go │ └── events.go ├── ddclient │ ├── api.go │ ├── cloudflare.go │ ├── ddclient.go │ └── noip.go ├── debug │ ├── decorator.go │ ├── profile.go │ └── server │ │ ├── handlers.go │ │ └── template.go ├── doc.go ├── encrypted_logs │ └── encrypted_logs.go ├── exports.go ├── exports │ └── exports.go ├── frontend.go ├── frontend │ ├── frontend.go │ ├── proto │ │ ├── frontend.pb.go │ │ └── frontend.proto │ └── urls.go ├── hunt_dispatcher.go ├── hunt_dispatcher │ ├── backup.go │ ├── docs.go │ ├── flows.go │ ├── hunt_dispatcher.go │ ├── hunt_dispatcher_test.go │ ├── hunts_test.go │ ├── index.go │ ├── list.go │ ├── modify.go │ ├── storage.go │ ├── update.go │ └── utils.go ├── hunt_manager │ ├── hunt_manager.go │ ├── hunt_manager_test.go │ └── mutations.go ├── indexing.go ├── indexing │ ├── client_resolver.go │ ├── clients.go │ ├── fixtures │ │ └── TestWildCardSearch.golden │ ├── index.go │ ├── index_test.go │ ├── ip.go │ ├── mru.go │ ├── rebuild.go │ ├── search.go │ ├── search_chan.go │ ├── search_test.go │ ├── simple.go │ └── simple_test.go ├── interrogation │ ├── interrogation.go │ └── interrogation_test.go ├── inventory.go ├── inventory │ ├── docs.go │ ├── dummy.go │ ├── dummy_test.go │ ├── fixtures │ │ ├── TestExpectedHash.golden │ │ ├── TestGihubToolServedLocally.golden │ │ ├── TestGihubTools.golden │ │ ├── TestGihubToolsUninitialized.golden │ │ └── TestMultipleSemanticVersions.golden │ ├── inventory.go │ └── inventory_test.go ├── journal.go ├── journal │ ├── buffer.go │ ├── journal.go │ ├── journal_test.go │ ├── replication.go │ ├── replication_test.go │ └── utils.go ├── labels.go ├── labels │ ├── labels.go │ └── labels_test.go ├── launcher.go ├── launcher │ ├── acls.go │ ├── artifacts_test.go │ ├── compiler.go │ ├── delete.go │ ├── dummy.go │ ├── fixtures │ │ ├── TestCompilingServerEvents.golden │ │ ├── TestGetDependentArtifactsWithImports.golden │ │ ├── TestParameterTypes.golden │ │ ├── TestParameterTypesDeps.golden │ │ ├── TestParameterTypesDepsQuery.golden │ │ ├── TestPreconditionRecursive.golden │ │ ├── TestPreconditionSourceLevel.golden │ │ └── TestPreconditionTopLevel.golden │ ├── flows.go │ ├── flows_reader.go │ ├── index.go │ ├── journal.go │ ├── launcher.go │ ├── launcher_test.go │ ├── redact.go │ ├── storage.go │ ├── trace.go │ ├── transactions.go │ ├── transactions_test.go │ ├── verifier.go │ └── verifier_test.go ├── notebook.go ├── notebook │ ├── acls_test.go │ ├── annotator.go │ ├── api.go │ ├── backup.go │ ├── calculate.go │ ├── calculate_test.go │ ├── cells.go │ ├── delete.go │ ├── downloads.go │ ├── fixtures │ │ ├── TestInitialNotebook.golden │ │ ├── TestNotebookFromTemplate.golden │ │ ├── TestNotebookManagerTimelineAnnotations.golden │ │ ├── TestNotebookManagerTimelines.golden │ │ └── TestNotebookManagerUpdateCell.golden │ ├── initial.go │ ├── initial_test.go │ ├── notebook.go │ ├── progress.go │ ├── shared.go │ ├── storage.go │ ├── storage_test.go │ ├── timeline_filter.go │ ├── timeline_storer.go │ ├── timelines.go │ ├── timelines_test.go │ ├── utils.go │ ├── version.go │ ├── version_test.go │ └── worker.go ├── notifications.go ├── notifications │ ├── debug.go │ └── notifications.go ├── orgs.go ├── orgs │ ├── delete.go │ ├── ids.go │ ├── orgs.go │ ├── services.go │ └── tests.go ├── repository.go ├── repository │ ├── backups.go │ ├── errors.go │ ├── files.go │ ├── filestore.go │ ├── fixtures │ │ ├── TestArtifactMetadata.golden │ │ ├── TestArtifactPluginWithPrecondition.golden │ │ ├── TestClientPluginMultipleSources.golden │ │ ├── TestClientPluginMultipleSourcesAndPrecondtions.golden │ │ ├── TestClientPluginMultipleSourcesAndPrecondtionsEvents.golden │ │ └── TestReformat.golden │ ├── manager.go │ ├── manager_test.go │ ├── metadata.go │ ├── plugin.go │ ├── plugin_test.go │ ├── reformat.go │ ├── reformat_test.go │ ├── repository.go │ ├── repository_test.go │ └── scope.go ├── sanity │ ├── api.go │ ├── certs.go │ ├── fixtures │ │ ├── TestCreateUser.golden │ │ ├── TestCreateUserInOrgs.golden │ │ └── TestUpgradeTools.golden │ ├── frontend.go │ ├── index_migration.go │ ├── lockdown.go │ ├── orgs.go │ ├── sanity.go │ ├── sanity_test.go │ ├── security.go │ ├── server_artifacts.go │ └── users.go ├── scheduler.go ├── scheduler │ ├── fixtures │ │ └── TestNotebookMinionScheduler.golden │ ├── minion.go │ ├── minion_test.go │ ├── scheduler.go │ └── scheduler_test.go ├── secrets.go ├── secrets │ ├── fixtures │ │ └── TestSecretsService.golden │ ├── initialize.go │ ├── secrets.go │ ├── secrets_test.go │ └── utils.go ├── server_artifacts.go ├── server_artifacts │ ├── api.go │ ├── collection_context.go │ ├── fixtures │ │ ├── TestMultiSource.golden │ │ └── TestMultiSourceSerial.golden │ ├── flusher.go │ ├── logger.go │ ├── query_context.go │ ├── server_artifacts.go │ ├── server_artifacts_test.go │ └── server_uploader.go ├── server_monitoring.go ├── server_monitoring │ ├── fixtures │ │ ├── TestAlertEvent.golden │ │ └── TestMultipleArtifacts.golden │ ├── logger.go │ ├── server_monitoring.go │ ├── server_monitoring_test.go │ └── tracer.go ├── services.go ├── spec.go ├── test_utils.go ├── users.go ├── users │ ├── acls.go │ ├── add_org.go │ ├── add_org_test.go │ ├── delete.go │ ├── delete_test.go │ ├── docs.go │ ├── favorites.go │ ├── fixtures │ │ ├── TestAddUserToOrg.golden │ │ ├── TestDeleteUser.golden │ │ ├── TestGetUsers.golden │ │ ├── TestListOrgs.golden │ │ ├── TestListUsers.golden │ │ └── TestMakeUsers.golden │ ├── get.go │ ├── get_test.go │ ├── grpc.go │ ├── links.go │ ├── list.go │ ├── list_test.go │ ├── orgs.go │ ├── orgs_test.go │ ├── set_user.go │ ├── set_user_test.go │ ├── storage.go │ ├── test_utils.go │ ├── tracker.go │ ├── users.go │ ├── users_test.go │ └── validation.go ├── vfs_service.go ├── vfs_service │ ├── api.go │ ├── directory.go │ ├── downloads.go │ ├── fixtures │ │ └── TestRecursiveVFSListDirectoryApiAccess.golden │ ├── list_files.go │ ├── tracker.go │ ├── utils.go │ ├── vfs_service.go │ └── vfs_service_test.go └── writeback │ ├── api.go │ ├── manager.go │ ├── reg_store.go │ ├── storage.go │ ├── storage_unix.go │ ├── writeback.go │ └── writeback_test.go ├── startup ├── allowlists.go ├── client.go ├── frontend.go ├── pool.go └── tool.go ├── staticcheck.conf ├── third_party ├── cache │ ├── lru_cache.go │ └── lru_cache_test.go ├── googleapis │ └── google │ │ └── api │ │ ├── annotations.proto │ │ └── http.proto └── zip │ ├── LICENSE │ ├── README.md │ ├── README.txt │ ├── crypto.go │ ├── crypto_test.go │ ├── example_test.go │ ├── reader.go │ ├── reader_test.go │ ├── register.go │ ├── struct.go │ ├── testdata │ ├── crc32-not-streamed.zip │ ├── dd.zip │ ├── go-no-datadesc-sig.zip │ ├── go-with-datadesc-sig.zip │ ├── gophercolor16x16.png │ ├── hello-aes.zip │ ├── macbeth-act1.zip │ ├── readme.notzip │ ├── readme.zip │ ├── symlink.zip │ ├── test-trailing-junk.zip │ ├── test.zip │ ├── time-22738.zip │ ├── time-7zip.zip │ ├── time-go.zip │ ├── time-infozip.zip │ ├── time-osx.zip │ ├── time-win7.zip │ ├── time-winrar.zip │ ├── time-winzip.zip │ ├── unix.zip │ ├── utf8-7zip.zip │ ├── utf8-infozip.zip │ ├── utf8-osx.zip │ ├── utf8-winrar.zip │ ├── utf8-winzip.zip │ ├── winxp.zip │ ├── world-aes.zip │ ├── zip64-2.zip │ └── zip64.zip │ ├── writer.go │ ├── writer_test.go │ ├── zip_test.go │ ├── zipcrypto.go │ └── zipcrypto_test.go ├── timelines ├── api.go ├── proto │ ├── timelines.pb.go │ └── timelines.proto ├── reader.go ├── supertimeline.go ├── timelines.go ├── timelines_test.go ├── transformer.go └── writer.go ├── tools ├── fuse │ ├── accessors.go │ ├── nodes.go │ ├── options.go │ ├── paths.go │ └── times.go ├── grpc-gateway.go ├── json │ └── validator.go ├── mkwinsyscall.go └── survey │ ├── README.md │ ├── allowlist.go │ ├── api_config.go │ ├── compile.go │ ├── frontend.go │ ├── keys.go │ ├── network.go │ ├── server.go │ ├── sso.go │ ├── storage.go │ ├── survey.go │ └── theme.go ├── uploads ├── api.go ├── client_uploader.go ├── client_uploader_test.go ├── deduplication.go ├── file_based.go ├── file_based_nonwindows.go ├── file_based_windows.go ├── fixtures │ ├── ClientUploaderSparse.golden │ ├── ClientUploaderSparseMultiBuffer.golden │ ├── TestClientUploaderDeduplicateStoreAsName.golden │ ├── TestClientUploaderMultipleBuffers.golden │ ├── TestClientUploaderMultipleUploads.golden │ ├── TestClientUploaderUploadId.golden │ └── TestGetNextRange.golden ├── ranges.go ├── ranges_test.go ├── tracker.go └── utils.go ├── utils ├── alloc.go ├── arch.go ├── buffer.go ├── clock.go ├── compat.go ├── completer.go ├── compression.go ├── compression_test.go ├── concurrency.go ├── copy.go ├── counter.go ├── debug.go ├── dict.go ├── dict_test.go ├── dir_unix.go ├── endian.go ├── env.go ├── errors.go ├── faults │ └── fault_injector.go ├── file.go ├── file_unix.go ├── file_windows.go ├── files │ └── tracker.go ├── fixtures │ ├── TestDictUtils.golden │ ├── TestSanitize.golden │ └── TestSanitizeForZip.golden ├── flows.go ├── http.go ├── http │ └── logging.go ├── hunts.go ├── hunts_test.go ├── json.go ├── logger.go ├── lru.go ├── memory_buffer.go ├── mime.go ├── nil.go ├── notebook_id.go ├── orgs.go ├── paged_reader.go ├── paged_reader_test.go ├── panic.go ├── path.go ├── path_test.go ├── prefix.go ├── prefix_test.go ├── progress.go ├── prometheus.go ├── proxy.go ├── proxy │ ├── proxy.go │ └── proxy_test.go ├── queries.go ├── quotes.go ├── rand │ └── rand.go ├── read_seek_reader_adapter.go ├── readers.go ├── readers_test.go ├── reflect.go ├── regexp.go ├── retry.go ├── sanitize.go ├── sanitize_test.go ├── semver.go ├── semver_test.go ├── sleep.go ├── slice.go ├── string.go ├── stub.go ├── tempfile │ ├── mktemp.go │ ├── tempfile.go │ └── utils.go ├── text.go ├── throttler.go ├── throttler_test.go ├── time.go ├── urls.go ├── users.go ├── utils.go ├── writers.go ├── yaml.go └── yaml │ └── nodes.go ├── vql ├── acl_managers │ ├── null.go │ ├── remapping.go │ ├── role.go │ ├── server.go │ └── server_test.go ├── acls.go ├── aggregates │ ├── all.go │ ├── any.go │ └── stats.go ├── common │ ├── batch.go │ ├── cache.go │ ├── chain.go │ ├── clock.go │ ├── columns.go │ ├── dedup.go │ ├── diff.go │ ├── env.go │ ├── fifo.go │ ├── fixtures │ │ ├── TestDefaultPipeReader.golden │ │ ├── TestYara.golden │ │ └── TestYaraLinter.golden │ ├── items.go │ ├── lru.go │ ├── sampler.go │ ├── sequence.go │ ├── shell.go │ ├── shell_test.go │ ├── switch.go │ ├── version.go │ ├── yara.go │ ├── yara_common.go │ ├── yara_rules.go │ ├── yara_test.go │ └── yarax.go ├── constants │ └── ntfs.go ├── darwin │ ├── fixtures │ │ └── TestXAttr.golden │ ├── vad.go │ ├── xattr.go │ ├── xattr_darwin.go │ ├── xattr_linux.go │ └── xattr_test.go ├── debug │ └── nanny.go ├── efi │ ├── efivariables.go │ ├── efivariables_linux.go │ ├── efivariables_not_impl.go │ └── efivariables_windows.go ├── filesystem │ ├── cat.go │ ├── copy.go │ ├── filesystem.go │ ├── filesystems.go │ ├── pathspec.go │ ├── raw_registry.go │ ├── rm.go │ ├── tempfile.go │ └── vfs.go ├── functions │ ├── alerts.go │ ├── commandline.go │ ├── dict.go │ ├── encode.go │ ├── entropy.go │ ├── eval.go │ ├── expand.go │ ├── expand_test.go │ ├── format.go │ ├── functions.go │ ├── gunzip.go │ ├── hash.go │ ├── humanize.go │ ├── ints.go │ ├── lists.go │ ├── log.go │ ├── networks.go │ ├── patch.go │ ├── paths.go │ ├── pid.go │ ├── pskill.go │ ├── rc4.go │ ├── rot13.go │ ├── similarity.go │ ├── sleep.go │ ├── strings.go │ ├── time.go │ ├── tlsh.go │ ├── unhex.go │ ├── url.go │ ├── uuid.go │ └── xor.go ├── golang │ ├── background.go │ ├── generators.go │ ├── goroutines.go │ ├── memory.go │ ├── profile.go │ ├── profile.pb.go │ ├── profile.proto │ ├── trace.go │ ├── typeof.go │ └── verify.go ├── grouper │ ├── fixtures │ │ └── TestGroupBy.golden │ ├── grouper_test.go │ └── mergegrouper.go ├── info.go ├── is_admin.go ├── is_admin_windows.go ├── json.go ├── linux │ ├── audit.go │ ├── compatibility.go │ ├── connections.go │ ├── ebpf │ │ ├── dns.go │ │ ├── doc.go │ │ ├── ebpf.go │ │ ├── logger.go │ │ └── profile.go │ └── sysinfo.go ├── materializer │ └── materialize.go ├── metadata.go ├── metrics.go ├── networking │ ├── cidrmatch.go │ ├── connection_tracker.go │ ├── cookiejar.go │ ├── dns.go │ ├── fixtures │ │ └── TestMultipartUploadTest.golden │ ├── host.go │ ├── http_client.go │ ├── mail.go │ ├── multipart.go │ ├── multipart_test.go │ ├── netcat.go │ ├── netstat_common.go │ ├── netstat_darwin.go │ ├── netstat_freebsd.go │ ├── netstat_linux.go │ ├── netstat_windows.go │ ├── network.go │ ├── secrets.go │ ├── spy.go │ ├── tls.go │ ├── tls_test.go │ ├── transport.go │ ├── upload.go │ └── wrapper.go ├── parsers │ ├── authenticode │ │ ├── authenticode.go │ │ ├── cat.go │ │ ├── compat.go │ │ ├── doc.go │ │ └── pefile.go │ ├── binary.go │ ├── crypto │ │ ├── bigint.go │ │ ├── pkcs7.go │ │ └── pubkey.go │ ├── csv │ │ ├── csv.go │ │ ├── csv_test.go │ │ ├── fixtures │ │ │ └── TestCSVParser.golden │ │ └── watcher.go │ ├── ese │ │ ├── conversion.spec.yaml │ │ ├── ese.go │ │ ├── profile_gen.go │ │ ├── sid.go │ │ ├── sid_test.go │ │ └── vtype_profile.json │ ├── event_logs │ │ ├── evtx.go │ │ ├── pool.go │ │ ├── tracker.go │ │ └── watcher.go │ ├── fixtures │ │ ├── TestGrokParser.golden │ │ ├── TestParseFileWithRegex.golden │ │ ├── TestSplitRecordParser.golden │ │ └── TestYamlParser.golden │ ├── grok.go │ ├── grok_test.go │ ├── journald │ │ ├── journald.go │ │ └── watcher.go │ ├── json.go │ ├── leveldb.go │ ├── lzxpress.go │ ├── ntfs.go │ ├── ntfs_context.go │ ├── ntfs_protocols.go │ ├── ole.go │ ├── parsers_test.go │ ├── pe.go │ ├── pe_dump.go │ ├── plist.go │ ├── prefetch.go │ ├── pst_parser.go │ ├── recyclebin.go │ ├── recyclebin │ │ ├── conversion.spec.yaml │ │ ├── parse_recyclebin.go │ │ ├── profile_gen.go │ │ └── vtype_profile.json │ ├── regexparser.go │ ├── regexparser_test.go │ ├── splitparser.go │ ├── sql │ │ ├── fixtures │ │ │ └── TestSQLite.golden │ │ ├── sql.go │ │ ├── sql_cache.go │ │ ├── sqlite.go │ │ ├── sqlite_test.go │ │ └── sqlite_windows.go │ ├── syslog │ │ ├── auditd.go │ │ ├── fixtures │ │ │ └── TestSyslogReader.golden │ │ ├── scanner.go │ │ ├── watcher.go │ │ └── watcher_test.go │ ├── usn │ │ ├── carver.go │ │ ├── usn.go │ │ └── watcher.go │ ├── xml.go │ └── yaml.go ├── process.go ├── protocols │ ├── dict.go │ ├── fspathspec.go │ ├── lambda.go │ ├── lazy.go │ ├── protocols.go │ ├── regex.go │ ├── slice.go │ └── time.go ├── psutils │ ├── common.go │ ├── connections.go │ ├── disk.go │ ├── doc.go │ ├── gopsutil_LICENSE.txt │ ├── host.go │ ├── host_darwin.go │ ├── host_darwin_cgo.go │ ├── host_freebsd.go │ ├── host_linux.go │ ├── host_windows.go │ ├── net.go │ ├── process.go │ ├── process_darwin.go │ ├── process_darwin_cgo.go │ ├── process_darwin_nocgo.go │ ├── process_posix.go │ ├── process_windows.go │ ├── process_windows_amd64.go │ ├── process_windows_arm64.go │ └── process_windows_i386.go ├── readers │ ├── paged.go │ └── paged_reader_test.go ├── remapping │ ├── fixtures │ │ └── TestConfigFileRemap.golden │ ├── impersonation.go │ ├── install.go │ ├── mocker.go │ ├── remapping.go │ └── remapping_test.go ├── scope.go ├── server │ ├── backup.go │ ├── clients │ │ ├── clients.go │ │ ├── delete.go │ │ ├── delete_test.go │ │ ├── fixtures │ │ │ └── TestDeleteClient.golden │ │ ├── metadata.go │ │ └── new.go │ ├── compress.go │ ├── crypto.go │ ├── crypto │ │ ├── reader.go │ │ └── writer.go │ ├── downloads │ │ ├── downloads.go │ │ ├── downloads_test.go │ │ ├── fixtures │ │ │ ├── TestExportCollectionServerArtifact.golden │ │ │ ├── TestExportCollectionUploads.golden │ │ │ ├── TestExportHunt.golden │ │ │ ├── export.zip │ │ │ └── export_server_artifact.zip │ │ └── pool.go │ ├── elastic.go │ ├── events.go │ ├── favorites │ │ ├── create.go │ │ ├── delete.go │ │ └── list.go │ ├── file_store.go │ ├── flows │ │ ├── create.go │ │ ├── delete.go │ │ ├── fixtures │ │ │ ├── TestDeleteFlow.golden │ │ │ ├── TestEnumerateFlow.golden │ │ │ └── TestHuntsSource.golden │ │ ├── flow_test.go │ │ ├── flows.go │ │ ├── logs.go │ │ ├── monitoring.go │ │ ├── parallel.go │ │ ├── parallel_test.go │ │ ├── results.go │ │ ├── results_test.go │ │ ├── upload_transactions.go │ │ └── uploads.go │ ├── hunts │ │ ├── create.go │ │ ├── create_test.go │ │ ├── delete.go │ │ ├── fixtures │ │ │ └── TestCreateHunt.golden │ │ ├── hunts.go │ │ ├── info.go │ │ └── stop.go │ ├── inventory.go │ ├── kill.go │ ├── labels.go │ ├── links.go │ ├── logging.go │ ├── monitoring │ │ ├── add_monitoring.go │ │ ├── add_monitoring_test.go │ │ ├── delete.go │ │ ├── event_monitoring.go │ │ ├── fixtures │ │ │ ├── TestAddClientMonitoring.golden │ │ │ └── TestAddServerMonitoring.golden │ │ ├── monitoring_logs.go │ │ └── rm_monitoring.go │ ├── notebooks │ │ ├── create.go │ │ ├── delete.go │ │ ├── download.go │ │ ├── export.go │ │ ├── get.go │ │ ├── list.go │ │ ├── notebooks_test.go │ │ └── update.go │ ├── orgs │ │ ├── create.go │ │ ├── current.go │ │ ├── delete.go │ │ └── orgs.go │ ├── repository.go │ ├── secrets │ │ ├── add.go │ │ ├── grant.go │ │ └── list.go │ ├── splunk.go │ ├── timelines │ │ ├── create.go │ │ ├── delete.go │ │ └── reader.go │ └── users │ │ ├── create.go │ │ ├── delete.go │ │ ├── get.go │ │ ├── grant.go │ │ ├── options.go │ │ ├── password.go │ │ ├── users.go │ │ └── whoami.go ├── sigma │ ├── details.go │ ├── evaluator │ │ ├── checks.go │ │ ├── correlation.go │ │ ├── evaluate.go │ │ ├── evaluate_search.go │ │ ├── event.go │ │ ├── fieldmapping.go │ │ ├── indexes.go │ │ └── modifiers │ │ │ ├── base64.go │ │ │ ├── comparators.go │ │ │ ├── modifiers.go │ │ │ ├── re.go │ │ │ ├── vql.go │ │ │ └── wide.go │ ├── fixtures │ │ ├── TestSigma.golden │ │ └── TestSigmaCorrelation.golden │ ├── logsource.go │ ├── logsource_test.go │ ├── pool.go │ ├── protocols.go │ ├── runner.go │ ├── sigma.go │ ├── sigma_test.go │ └── tracker.go ├── sorter │ ├── fixtures │ │ ├── TestMergeSorter.golden │ │ ├── TestMergeSorterDesc.golden │ │ └── newDataFile.golden │ ├── mergesort.go │ └── mergesort_test.go ├── tools │ ├── artifacts.go │ ├── atexit.go │ ├── azure_upload.go │ ├── collector │ │ ├── collector.go │ │ ├── collector_manager.go │ │ ├── collector_test.go │ │ ├── fixtures │ │ │ ├── TestCollectionWithArtifacts.golden │ │ │ ├── TestCollectionWithTypes.golden │ │ │ ├── TestCollectionWithUpload.golden │ │ │ ├── TestCreateAndImportCollection.golden │ │ │ ├── TestCreateAndImportHunt.golden │ │ │ ├── TestImportCollectionFromFixture.golden │ │ │ ├── TestImportHuntFromFixture.golden │ │ │ ├── import.zip │ │ │ ├── import_hunt.zip │ │ │ ├── invalid_dir.zip │ │ │ └── offline_encrypted.zip │ │ ├── import.go │ │ ├── import_hunt_test.go │ │ └── import_test.go │ ├── delay.go │ ├── dns │ │ └── tracker.go │ ├── fixtures │ │ └── TestStarlark.golden │ ├── gcs_pubsub_publish.go │ ├── gcs_upload.go │ ├── geoip.go │ ├── js.go │ ├── logscale │ │ ├── logscale.go │ │ ├── logscale_test.go │ │ ├── plugin.go │ │ └── plugin_test.go │ ├── magic.go │ ├── packaging │ │ ├── debian.go │ │ ├── debian_test.go │ │ ├── fixtures │ │ │ ├── TestDEBClient.golden │ │ │ ├── TestDEBServer.golden │ │ │ ├── TestDEBServerMaster.golden │ │ │ ├── TestDEBServerMinion.golden │ │ │ ├── TestRPMClient.golden │ │ │ ├── TestRPMClientWithServerConfig.golden │ │ │ ├── TestRPMServer.golden │ │ │ ├── TestRPMServerMaster.golden │ │ │ └── TestRPMServerMinion.golden │ │ ├── package.go │ │ ├── rpm.go │ │ ├── rpm_test.go │ │ └── templates.go │ ├── panic.go │ ├── process │ │ ├── api.go │ │ ├── callchain.go │ │ ├── children.go │ │ ├── dummy.go │ │ ├── fixtures │ │ │ ├── TestForkBomb.golden │ │ │ └── TestProcessTracker.golden │ │ ├── mock_test.go │ │ ├── pid.go │ │ ├── protocols.go │ │ ├── pslist.go │ │ ├── tracker.go │ │ ├── tracker_test.go │ │ ├── tree.go │ │ └── utils.go │ ├── query.go │ ├── rekey.go │ ├── repack.go │ ├── repack_test.go │ ├── rsyslog │ │ ├── cache.go │ │ ├── connect.go │ │ └── rsyslog.go │ ├── s3_upload.go │ ├── s3_upload_test.go │ ├── sftp_upload.go │ ├── smb_upload.go │ ├── starlark.go │ ├── starlark_test.go │ ├── template.go │ ├── unzip.go │ └── webdav_upload.go ├── unimplemented.go ├── unimplemented_cgo.go ├── unimplemented_nocgo.go ├── unimplemented_test.go ├── utils.go ├── utils │ ├── help.go │ └── repository.go ├── vql.go └── windows │ ├── aliases.go │ ├── amsi.go │ ├── crypto.c │ ├── crypto.go │ ├── doc.go │ ├── etw │ ├── context.go │ ├── doc.go │ ├── etw_sessions.go │ ├── options.go │ ├── protocols.go │ ├── stats.go │ ├── watch_etw.go │ └── watcher.go │ ├── filesystems │ └── doc.go │ ├── gen.go │ ├── process │ ├── common.go │ ├── describe_address.go │ ├── dump.c │ ├── dump.go │ ├── handles.go │ ├── kernel_info_manager.go │ ├── sedebug.go │ ├── thread.go │ ├── token.go │ ├── utils.go │ ├── vad.go │ ├── vad_32.go │ └── winobj.go │ ├── processes.go │ ├── registry │ └── write.go │ ├── status.go │ ├── users.go │ ├── win32_windows.go │ ├── win32_windows_32.go │ ├── winpmem.go │ ├── wmi │ ├── events.c │ ├── events.go │ ├── parse │ │ ├── fixtures │ │ │ ├── sample.golden │ │ │ └── sample.txt │ │ ├── parse.go │ │ └── parse_test.go │ └── wmi.go │ ├── zwin32_windows_386.go │ ├── zwin32_windows_amd64.go │ └── zwin32_windows_arm64.go ├── vql_plugins ├── accessors.go ├── plugins.go ├── plugins_darwin.go ├── plugins_linux.go ├── plugins_windows.go ├── result_sets.go └── server.go └── vtesting ├── assert ├── retry.go ├── retry_test.go └── wrapper.go ├── config.go ├── file_info.go ├── goldie ├── goldie.go └── utils.go ├── helpers.go ├── httptest.go ├── logging.go ├── metrics.go ├── ports.go └── tls.go /.gitattributes: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/.gitattributes -------------------------------------------------------------------------------- /.github/workflows/go.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/.github/workflows/go.yml -------------------------------------------------------------------------------- /.github/workflows/musl.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/.github/workflows/musl.yaml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/.gitignore -------------------------------------------------------------------------------- /.golangci.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/.golangci.yml -------------------------------------------------------------------------------- /.wwhrd.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/.wwhrd.yml -------------------------------------------------------------------------------- /CLA.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/CLA.md -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/LICENSE -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/Makefile -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/README.md -------------------------------------------------------------------------------- /accessors/acl.go: -------------------------------------------------------------------------------- 1 | package accessors 2 | -------------------------------------------------------------------------------- /accessors/api.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/api.go -------------------------------------------------------------------------------- /accessors/api_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/api_test.go -------------------------------------------------------------------------------- /accessors/data/data.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/data/data.go -------------------------------------------------------------------------------- /accessors/data/data_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/data/data_test.go -------------------------------------------------------------------------------- /accessors/data/scope.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/data/scope.go -------------------------------------------------------------------------------- /accessors/deny.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/deny.go -------------------------------------------------------------------------------- /accessors/ewf/cache.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/ewf/cache.go -------------------------------------------------------------------------------- /accessors/ewf/ewf.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/ewf/ewf.go -------------------------------------------------------------------------------- /accessors/ext4/utils.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/ext4/utils.go -------------------------------------------------------------------------------- /accessors/fat/utils.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/fat/utils.go -------------------------------------------------------------------------------- /accessors/file/cache.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/file/cache.go -------------------------------------------------------------------------------- /accessors/file/json.go: -------------------------------------------------------------------------------- 1 | package file 2 | -------------------------------------------------------------------------------- /accessors/file/security.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/file/security.go -------------------------------------------------------------------------------- /accessors/json.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/json.go -------------------------------------------------------------------------------- /accessors/manager.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/manager.go -------------------------------------------------------------------------------- /accessors/manipulators.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/manipulators.go -------------------------------------------------------------------------------- /accessors/mount.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/mount.go -------------------------------------------------------------------------------- /accessors/mount_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/mount_test.go -------------------------------------------------------------------------------- /accessors/mscfb/reader.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/mscfb/reader.go -------------------------------------------------------------------------------- /accessors/mscfb/utils.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/mscfb/utils.go -------------------------------------------------------------------------------- /accessors/ntfs/cache.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/ntfs/cache.go -------------------------------------------------------------------------------- /accessors/ntfs/mft.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/ntfs/mft.go -------------------------------------------------------------------------------- /accessors/ntfs/mft_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/ntfs/mft_test.go -------------------------------------------------------------------------------- /accessors/ntfs/vss.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/ntfs/vss.go -------------------------------------------------------------------------------- /accessors/offset/offset.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/offset/offset.go -------------------------------------------------------------------------------- /accessors/pathspec.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/pathspec.go -------------------------------------------------------------------------------- /accessors/pipe/pipe.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/pipe/pipe.go -------------------------------------------------------------------------------- /accessors/process/doc.go: -------------------------------------------------------------------------------- 1 | package process 2 | -------------------------------------------------------------------------------- /accessors/protocols.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/protocols.go -------------------------------------------------------------------------------- /accessors/pst/cache.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/pst/cache.go -------------------------------------------------------------------------------- /accessors/pst/doc.go: -------------------------------------------------------------------------------- 1 | package pst 2 | 3 | // Parser for PST files 4 | -------------------------------------------------------------------------------- /accessors/registry/cache.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/registry/cache.go -------------------------------------------------------------------------------- /accessors/registry/doc.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/registry/doc.go -------------------------------------------------------------------------------- /accessors/registry/lru.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/registry/lru.go -------------------------------------------------------------------------------- /accessors/s3/docs.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/s3/docs.go -------------------------------------------------------------------------------- /accessors/s3/file_info.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/s3/file_info.go -------------------------------------------------------------------------------- /accessors/s3/reader.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/s3/reader.go -------------------------------------------------------------------------------- /accessors/s3/s3.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/s3/s3.go -------------------------------------------------------------------------------- /accessors/s3/session.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/s3/session.go -------------------------------------------------------------------------------- /accessors/scope.go: -------------------------------------------------------------------------------- 1 | package accessors 2 | -------------------------------------------------------------------------------- /accessors/smb/cache.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/smb/cache.go -------------------------------------------------------------------------------- /accessors/smb/smb.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/smb/smb.go -------------------------------------------------------------------------------- /accessors/sparse/ranged.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/sparse/ranged.go -------------------------------------------------------------------------------- /accessors/sparse/sparse.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/sparse/sparse.go -------------------------------------------------------------------------------- /accessors/ssh/file_info.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/ssh/file_info.go -------------------------------------------------------------------------------- /accessors/ssh/session.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/ssh/session.go -------------------------------------------------------------------------------- /accessors/ssh/ssh.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/ssh/ssh.go -------------------------------------------------------------------------------- /accessors/utils.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/utils.go -------------------------------------------------------------------------------- /accessors/vfs/vfs.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/vfs/vfs.go -------------------------------------------------------------------------------- /accessors/vfs/vfs_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/vfs/vfs_test.go -------------------------------------------------------------------------------- /accessors/vhdx/cache.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/vhdx/cache.go -------------------------------------------------------------------------------- /accessors/vhdx/vhdx.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/vhdx/vhdx.go -------------------------------------------------------------------------------- /accessors/virtual.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/virtual.go -------------------------------------------------------------------------------- /accessors/virtual_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/virtual_test.go -------------------------------------------------------------------------------- /accessors/vmdk/cache.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/vmdk/cache.go -------------------------------------------------------------------------------- /accessors/vmdk/vmdk.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/vmdk/vmdk.go -------------------------------------------------------------------------------- /accessors/vql_arg_parser.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/vql_arg_parser.go -------------------------------------------------------------------------------- /accessors/winpmem/logger.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/winpmem/logger.go -------------------------------------------------------------------------------- /accessors/zip/accessor.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/zip/accessor.go -------------------------------------------------------------------------------- /accessors/zip/gzip.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/zip/gzip.go -------------------------------------------------------------------------------- /accessors/zip/gzip_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/zip/gzip_test.go -------------------------------------------------------------------------------- /accessors/zip/me.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/zip/me.go -------------------------------------------------------------------------------- /accessors/zip/zip.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/zip/zip.go -------------------------------------------------------------------------------- /accessors/zip/zip_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/accessors/zip/zip_test.go -------------------------------------------------------------------------------- /acls/acls.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/acls/acls.go -------------------------------------------------------------------------------- /acls/api.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/acls/api.go -------------------------------------------------------------------------------- /acls/lockdown.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/acls/lockdown.go -------------------------------------------------------------------------------- /acls/policy.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/acls/policy.go -------------------------------------------------------------------------------- /acls/proto/acl.pb.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/acls/proto/acl.pb.go -------------------------------------------------------------------------------- /acls/proto/acl.proto: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/acls/proto/acl.proto -------------------------------------------------------------------------------- /acls/roles.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/acls/roles.go -------------------------------------------------------------------------------- /acls/utils.go: -------------------------------------------------------------------------------- 1 | package acls 2 | -------------------------------------------------------------------------------- /actions/client_info.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/actions/client_info.go -------------------------------------------------------------------------------- /actions/events.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/actions/events.go -------------------------------------------------------------------------------- /actions/events_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/actions/events_test.go -------------------------------------------------------------------------------- /actions/progress.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/actions/progress.go -------------------------------------------------------------------------------- /actions/proto/vql.pb.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/actions/proto/vql.pb.go -------------------------------------------------------------------------------- /actions/proto/vql.proto: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/actions/proto/vql.proto -------------------------------------------------------------------------------- /actions/query_log.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/actions/query_log.go -------------------------------------------------------------------------------- /actions/test_data/client.config.yaml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /actions/test_data/hello.txt: -------------------------------------------------------------------------------- 1 | hello world 2 | -------------------------------------------------------------------------------- /actions/tracker.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/actions/tracker.go -------------------------------------------------------------------------------- /actions/transactions.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/actions/transactions.go -------------------------------------------------------------------------------- /actions/utils_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/actions/utils_test.go -------------------------------------------------------------------------------- /actions/vql.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/actions/vql.go -------------------------------------------------------------------------------- /actions/vql_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/actions/vql_test.go -------------------------------------------------------------------------------- /api/api.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/api.go -------------------------------------------------------------------------------- /api/artifacts.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/artifacts.go -------------------------------------------------------------------------------- /api/assets.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/assets.go -------------------------------------------------------------------------------- /api/auth.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/auth.go -------------------------------------------------------------------------------- /api/authenticators/auth.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/authenticators/auth.go -------------------------------------------------------------------------------- /api/authenticators/azure.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/authenticators/azure.go -------------------------------------------------------------------------------- /api/authenticators/basic.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/authenticators/basic.go -------------------------------------------------------------------------------- /api/authenticators/certs.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/authenticators/certs.go -------------------------------------------------------------------------------- /api/authenticators/http.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/authenticators/http.go -------------------------------------------------------------------------------- /api/authenticators/oidc.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/authenticators/oidc.go -------------------------------------------------------------------------------- /api/authenticators/orgs.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/authenticators/orgs.go -------------------------------------------------------------------------------- /api/authenticators/saml.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/authenticators/saml.go -------------------------------------------------------------------------------- /api/authenticators/users.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/authenticators/users.go -------------------------------------------------------------------------------- /api/builder.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/builder.go -------------------------------------------------------------------------------- /api/clients.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/clients.go -------------------------------------------------------------------------------- /api/csrf.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/csrf.go -------------------------------------------------------------------------------- /api/datastore.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/datastore.go -------------------------------------------------------------------------------- /api/datastore_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/datastore_test.go -------------------------------------------------------------------------------- /api/docs.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/docs.go -------------------------------------------------------------------------------- /api/download.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/download.go -------------------------------------------------------------------------------- /api/events.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/events.go -------------------------------------------------------------------------------- /api/events_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/events_test.go -------------------------------------------------------------------------------- /api/filesearch.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/filesearch.go -------------------------------------------------------------------------------- /api/flows.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/flows.go -------------------------------------------------------------------------------- /api/handlers.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/handlers.go -------------------------------------------------------------------------------- /api/health.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/health.go -------------------------------------------------------------------------------- /api/hunts.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/hunts.go -------------------------------------------------------------------------------- /api/instrument.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/instrument.go -------------------------------------------------------------------------------- /api/mock/api_mock.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/mock/api_mock.go -------------------------------------------------------------------------------- /api/mock/gen.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/mock/gen.go -------------------------------------------------------------------------------- /api/notebooks.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/notebooks.go -------------------------------------------------------------------------------- /api/proto/api.pb.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/proto/api.pb.go -------------------------------------------------------------------------------- /api/proto/api.pb.gw.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/proto/api.pb.gw.go -------------------------------------------------------------------------------- /api/proto/api.proto: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/proto/api.proto -------------------------------------------------------------------------------- /api/proto/api_grpc.pb.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/proto/api_grpc.pb.go -------------------------------------------------------------------------------- /api/proto/artifacts.pb.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/proto/artifacts.pb.go -------------------------------------------------------------------------------- /api/proto/artifacts.proto: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/proto/artifacts.proto -------------------------------------------------------------------------------- /api/proto/clients.pb.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/proto/clients.pb.go -------------------------------------------------------------------------------- /api/proto/clients.proto: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/proto/clients.proto -------------------------------------------------------------------------------- /api/proto/completions.pb.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/proto/completions.pb.go -------------------------------------------------------------------------------- /api/proto/completions.proto: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/proto/completions.proto -------------------------------------------------------------------------------- /api/proto/csv.pb.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/proto/csv.pb.go -------------------------------------------------------------------------------- /api/proto/csv.proto: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/proto/csv.proto -------------------------------------------------------------------------------- /api/proto/datastore.pb.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/proto/datastore.pb.go -------------------------------------------------------------------------------- /api/proto/datastore.proto: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/proto/datastore.proto -------------------------------------------------------------------------------- /api/proto/download.pb.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/proto/download.pb.go -------------------------------------------------------------------------------- /api/proto/download.proto: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/proto/download.proto -------------------------------------------------------------------------------- /api/proto/flows.pb.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/proto/flows.pb.go -------------------------------------------------------------------------------- /api/proto/flows.proto: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/proto/flows.proto -------------------------------------------------------------------------------- /api/proto/health.pb.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/proto/health.pb.go -------------------------------------------------------------------------------- /api/proto/health.proto: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/proto/health.proto -------------------------------------------------------------------------------- /api/proto/hunts.pb.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/proto/hunts.pb.go -------------------------------------------------------------------------------- /api/proto/hunts.proto: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/proto/hunts.proto -------------------------------------------------------------------------------- /api/proto/notebooks.pb.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/proto/notebooks.pb.go -------------------------------------------------------------------------------- /api/proto/notebooks.proto: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/proto/notebooks.proto -------------------------------------------------------------------------------- /api/proto/objects.pb.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/proto/objects.pb.go -------------------------------------------------------------------------------- /api/proto/objects.proto: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/proto/objects.proto -------------------------------------------------------------------------------- /api/proto/orgs.pb.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/proto/orgs.pb.go -------------------------------------------------------------------------------- /api/proto/orgs.proto: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/proto/orgs.proto -------------------------------------------------------------------------------- /api/proto/scheduler.pb.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/proto/scheduler.pb.go -------------------------------------------------------------------------------- /api/proto/scheduler.proto: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/proto/scheduler.proto -------------------------------------------------------------------------------- /api/proto/secrets.pb.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/proto/secrets.pb.go -------------------------------------------------------------------------------- /api/proto/secrets.proto: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/proto/secrets.proto -------------------------------------------------------------------------------- /api/proto/users.pb.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/proto/users.pb.go -------------------------------------------------------------------------------- /api/proto/users.proto: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/proto/users.proto -------------------------------------------------------------------------------- /api/proto/vfs_api.pb.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/proto/vfs_api.pb.go -------------------------------------------------------------------------------- /api/proto/vfs_api.proto: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/proto/vfs_api.proto -------------------------------------------------------------------------------- /api/proxy.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/proxy.go -------------------------------------------------------------------------------- /api/proxy_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/proxy_test.go -------------------------------------------------------------------------------- /api/query.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/query.go -------------------------------------------------------------------------------- /api/reflect.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/reflect.go -------------------------------------------------------------------------------- /api/reformat.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/reformat.go -------------------------------------------------------------------------------- /api/replication.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/replication.go -------------------------------------------------------------------------------- /api/reports.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/reports.go -------------------------------------------------------------------------------- /api/scheduler.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/scheduler.go -------------------------------------------------------------------------------- /api/secrets.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/secrets.go -------------------------------------------------------------------------------- /api/static.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/static.go -------------------------------------------------------------------------------- /api/status.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/status.go -------------------------------------------------------------------------------- /api/tables/doc.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/tables/doc.go -------------------------------------------------------------------------------- /api/tables/notebooks.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/tables/notebooks.go -------------------------------------------------------------------------------- /api/tables/table.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/tables/table.go -------------------------------------------------------------------------------- /api/tables/timelines.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/tables/timelines.go -------------------------------------------------------------------------------- /api/timelines.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/timelines.go -------------------------------------------------------------------------------- /api/tools.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/tools.go -------------------------------------------------------------------------------- /api/upload.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/upload.go -------------------------------------------------------------------------------- /api/users.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/users.go -------------------------------------------------------------------------------- /api/utils/grpc.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/utils/grpc.go -------------------------------------------------------------------------------- /api/utils/mux.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/utils/mux.go -------------------------------------------------------------------------------- /api/utils/utils.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/utils/utils.go -------------------------------------------------------------------------------- /api/vfs.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/vfs.go -------------------------------------------------------------------------------- /api/vql.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/api/vql.go -------------------------------------------------------------------------------- /artifacts/assets/.gitignore: -------------------------------------------------------------------------------- 1 | * -------------------------------------------------------------------------------- /artifacts/assets/docs.go: -------------------------------------------------------------------------------- 1 | package assets 2 | -------------------------------------------------------------------------------- /artifacts/b0x.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/artifacts/b0x.yaml -------------------------------------------------------------------------------- /artifacts/obfuscation.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/artifacts/obfuscation.go -------------------------------------------------------------------------------- /artifacts/testdata/files/debian/.gitattributes: -------------------------------------------------------------------------------- 1 | * text eol=lf -------------------------------------------------------------------------------- /artifacts/testdata/server/clients/C.4f5e52adf0a337a9/collections/F.BN2HJBD1R85EA/uploads/sparse/X.txt: -------------------------------------------------------------------------------- 1 | The qred f -------------------------------------------------------------------------------- /artifacts/testdata/server/downloads/.gitignore: -------------------------------------------------------------------------------- 1 | *.zip -------------------------------------------------------------------------------- /artifacts/testdata/server/hunt_index/h.49ba8939/C.4f5e52adf0a337a9.db: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /artifacts/testdata/server/hunts/H.19c0c0a2/stats.db: -------------------------------------------------------------------------------- 1 | Hp -------------------------------------------------------------------------------- /artifacts/testdata/server/hunts/H.49ba8939/stats.db: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /artifacts/testdata/server/notebooks/N.CG74N2JSSV75S/NC.CG74N5GVJAA2E/uploads/test.txt: -------------------------------------------------------------------------------- 1 | Hello world -------------------------------------------------------------------------------- /artifacts/testdata/server/testcases/cobalt2.out.yaml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /artifacts/utils.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/artifacts/utils.go -------------------------------------------------------------------------------- /bin/admin_generic.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/bin/admin_generic.go -------------------------------------------------------------------------------- /bin/admin_windows.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/bin/admin_windows.go -------------------------------------------------------------------------------- /bin/analysis_target.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/bin/analysis_target.go -------------------------------------------------------------------------------- /bin/artifacts.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/bin/artifacts.go -------------------------------------------------------------------------------- /bin/banner.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/bin/banner.go -------------------------------------------------------------------------------- /bin/binary_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/bin/binary_test.go -------------------------------------------------------------------------------- /bin/browser.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/bin/browser.go -------------------------------------------------------------------------------- /bin/client.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/bin/client.go -------------------------------------------------------------------------------- /bin/collector_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/bin/collector_test.go -------------------------------------------------------------------------------- /bin/config.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/bin/config.go -------------------------------------------------------------------------------- /bin/config_merge.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/bin/config_merge.go -------------------------------------------------------------------------------- /bin/config_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/bin/config_test.go -------------------------------------------------------------------------------- /bin/csv.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/bin/csv.go -------------------------------------------------------------------------------- /bin/deaddisk.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/bin/deaddisk.go -------------------------------------------------------------------------------- /bin/deaddisk_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/bin/deaddisk_test.go -------------------------------------------------------------------------------- /bin/debian.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/bin/debian.go -------------------------------------------------------------------------------- /bin/debug.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/bin/debug.go -------------------------------------------------------------------------------- /bin/deprecated.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/bin/deprecated.go -------------------------------------------------------------------------------- /bin/flags.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/bin/flags.go -------------------------------------------------------------------------------- /bin/frontend.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/bin/frontend.go -------------------------------------------------------------------------------- /bin/fs.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/bin/fs.go -------------------------------------------------------------------------------- /bin/fuse_unix.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/bin/fuse_unix.go -------------------------------------------------------------------------------- /bin/golden.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/bin/golden.go -------------------------------------------------------------------------------- /bin/grant.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/bin/grant.go -------------------------------------------------------------------------------- /bin/gui.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/bin/gui.go -------------------------------------------------------------------------------- /bin/hunts.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/bin/hunts.go -------------------------------------------------------------------------------- /bin/installer_darwin.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/bin/installer_darwin.go -------------------------------------------------------------------------------- /bin/installer_windows.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/bin/installer_windows.go -------------------------------------------------------------------------------- /bin/logging.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/bin/logging.go -------------------------------------------------------------------------------- /bin/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/bin/main.go -------------------------------------------------------------------------------- /bin/marshal.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/bin/marshal.go -------------------------------------------------------------------------------- /bin/marshal_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/bin/marshal_test.go -------------------------------------------------------------------------------- /bin/metrics.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/bin/metrics.go -------------------------------------------------------------------------------- /bin/minions.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/bin/minions.go -------------------------------------------------------------------------------- /bin/mutant_windows.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/bin/mutant_windows.go -------------------------------------------------------------------------------- /bin/offline.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/bin/offline.go -------------------------------------------------------------------------------- /bin/offline_decrypt.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/bin/offline_decrypt.go -------------------------------------------------------------------------------- /bin/panic.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/bin/panic.go -------------------------------------------------------------------------------- /bin/pool.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/bin/pool.go -------------------------------------------------------------------------------- /bin/prompt.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/bin/prompt.go -------------------------------------------------------------------------------- /bin/proxy.go: -------------------------------------------------------------------------------- 1 | package main 2 | -------------------------------------------------------------------------------- /bin/query.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/bin/query.go -------------------------------------------------------------------------------- /bin/reformat.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/bin/reformat.go -------------------------------------------------------------------------------- /bin/repack.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/bin/repack.go -------------------------------------------------------------------------------- /bin/rpm.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/bin/rpm.go -------------------------------------------------------------------------------- /bin/rsrc_windows_386.syso: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/bin/rsrc_windows_386.syso -------------------------------------------------------------------------------- /bin/rsrc_windows_amd64.syso: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/bin/rsrc_windows_amd64.syso -------------------------------------------------------------------------------- /bin/timezone.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/bin/timezone.go -------------------------------------------------------------------------------- /bin/tools.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/bin/tools.go -------------------------------------------------------------------------------- /bin/transforms.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/bin/transforms.go -------------------------------------------------------------------------------- /bin/unzip.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/bin/unzip.go -------------------------------------------------------------------------------- /bin/users.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/bin/users.go -------------------------------------------------------------------------------- /bin/utils.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/bin/utils.go -------------------------------------------------------------------------------- /bin/verify.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/bin/verify.go -------------------------------------------------------------------------------- /bin/version.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/bin/version.go -------------------------------------------------------------------------------- /bin/vql.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/bin/vql.go -------------------------------------------------------------------------------- /config/assets.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/config/assets.go -------------------------------------------------------------------------------- /config/b0x.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/config/b0x.yaml -------------------------------------------------------------------------------- /config/client.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/config/client.go -------------------------------------------------------------------------------- /config/config.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/config/config.go -------------------------------------------------------------------------------- /config/default.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/config/default.yaml -------------------------------------------------------------------------------- /config/doc.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/config/doc.go -------------------------------------------------------------------------------- /config/embedded.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/config/embedded.go -------------------------------------------------------------------------------- /config/loader.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/config/loader.go -------------------------------------------------------------------------------- /config/migration.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/config/migration.go -------------------------------------------------------------------------------- /config/offline.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/config/offline.sh -------------------------------------------------------------------------------- /config/proto/config.pb.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/config/proto/config.pb.go -------------------------------------------------------------------------------- /config/proto/config.proto: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/config/proto/config.proto -------------------------------------------------------------------------------- /config/validate.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/config/validate.go -------------------------------------------------------------------------------- /constants/constants.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/constants/constants.go -------------------------------------------------------------------------------- /crypto/api.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/crypto/api.go -------------------------------------------------------------------------------- /crypto/b0x.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/crypto/b0x.yaml -------------------------------------------------------------------------------- /crypto/ca-certificates.crt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/crypto/ca-certificates.crt -------------------------------------------------------------------------------- /crypto/ca.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/crypto/ca.go -------------------------------------------------------------------------------- /crypto/client/cipher.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/crypto/client/cipher.go -------------------------------------------------------------------------------- /crypto/client/client.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/crypto/client/client.go -------------------------------------------------------------------------------- /crypto/client/docs.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/crypto/client/docs.go -------------------------------------------------------------------------------- /crypto/client/lru.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/crypto/client/lru.go -------------------------------------------------------------------------------- /crypto/client/lru_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/crypto/client/lru_test.go -------------------------------------------------------------------------------- /crypto/client/manager.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/crypto/client/manager.go -------------------------------------------------------------------------------- /crypto/client/resolver.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/crypto/client/resolver.go -------------------------------------------------------------------------------- /crypto/crypto_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/crypto/crypto_test.go -------------------------------------------------------------------------------- /crypto/doc.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/crypto/doc.go -------------------------------------------------------------------------------- /crypto/messages.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/crypto/messages.go -------------------------------------------------------------------------------- /crypto/proto/jobs.pb.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/crypto/proto/jobs.pb.go -------------------------------------------------------------------------------- /crypto/proto/jobs.proto: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/crypto/proto/jobs.proto -------------------------------------------------------------------------------- /crypto/root.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/crypto/root.go -------------------------------------------------------------------------------- /crypto/server/docs.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/crypto/server/docs.go -------------------------------------------------------------------------------- /crypto/server/manager.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/crypto/server/manager.go -------------------------------------------------------------------------------- /crypto/simple.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/crypto/simple.go -------------------------------------------------------------------------------- /crypto/simple_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/crypto/simple_test.go -------------------------------------------------------------------------------- /crypto/storage/fixtures/.gitignore: -------------------------------------------------------------------------------- 1 | writeback.yaml -------------------------------------------------------------------------------- /crypto/storage/header.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/crypto/storage/header.go -------------------------------------------------------------------------------- /crypto/storage/reader.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/crypto/storage/reader.go -------------------------------------------------------------------------------- /crypto/storage/server.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/crypto/storage/server.go -------------------------------------------------------------------------------- /crypto/storage/writer.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/crypto/storage/writer.go -------------------------------------------------------------------------------- /crypto/transport.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/crypto/transport.go -------------------------------------------------------------------------------- /crypto/utils/utils.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/crypto/utils/utils.go -------------------------------------------------------------------------------- /datastore/datastore.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/datastore/datastore.go -------------------------------------------------------------------------------- /datastore/datastore_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/datastore/datastore_test.go -------------------------------------------------------------------------------- /datastore/filebased.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/datastore/filebased.go -------------------------------------------------------------------------------- /datastore/filebased_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/datastore/filebased_test.go -------------------------------------------------------------------------------- /datastore/instrument.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/datastore/instrument.go -------------------------------------------------------------------------------- /datastore/memcache.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/datastore/memcache.go -------------------------------------------------------------------------------- /datastore/memcache_data.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/datastore/memcache_data.go -------------------------------------------------------------------------------- /datastore/memcache_file.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/datastore/memcache_file.go -------------------------------------------------------------------------------- /datastore/memcache_stats.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/datastore/memcache_stats.go -------------------------------------------------------------------------------- /datastore/memcache_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/datastore/memcache_test.go -------------------------------------------------------------------------------- /datastore/readonly.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/datastore/readonly.go -------------------------------------------------------------------------------- /datastore/remote.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/datastore/remote.go -------------------------------------------------------------------------------- /datastore/remote_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/datastore/remote_test.go -------------------------------------------------------------------------------- /datastore/utils.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/datastore/utils.go -------------------------------------------------------------------------------- /debian/changelog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/debian/changelog -------------------------------------------------------------------------------- /debian/compat: -------------------------------------------------------------------------------- 1 | 7 2 | -------------------------------------------------------------------------------- /debian/control: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/debian/control -------------------------------------------------------------------------------- /debian/copyright: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/debian/copyright -------------------------------------------------------------------------------- /debian/rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/debian/rules -------------------------------------------------------------------------------- /debian/velociraptor.config.yaml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /debian/velociraptor.init: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/debian/velociraptor.init -------------------------------------------------------------------------------- /debian/velociraptor.install: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/debian/velociraptor.install -------------------------------------------------------------------------------- /debian/velociraptor.nanny: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/debian/velociraptor.nanny -------------------------------------------------------------------------------- /debian/velociraptor.preinst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/debian/velociraptor.preinst -------------------------------------------------------------------------------- /debian/velociraptor.service: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/debian/velociraptor.service -------------------------------------------------------------------------------- /debian/velociraptor.upstart: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/debian/velociraptor.upstart -------------------------------------------------------------------------------- /docs.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/docs.go -------------------------------------------------------------------------------- /docs/deadcode.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/docs/deadcode.yaml -------------------------------------------------------------------------------- /docs/elastic/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/docs/elastic/README.md -------------------------------------------------------------------------------- /docs/monitoring/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/docs/monitoring/README.md -------------------------------------------------------------------------------- /docs/references/vql.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/docs/references/vql.yaml -------------------------------------------------------------------------------- /docs/saml/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/docs/saml/README.md -------------------------------------------------------------------------------- /docs/winres/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/docs/winres/README.md -------------------------------------------------------------------------------- /docs/winres/icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/docs/winres/icon.png -------------------------------------------------------------------------------- /docs/winres/winres.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/docs/winres/winres.json -------------------------------------------------------------------------------- /docs/wix/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/docs/wix/README.md -------------------------------------------------------------------------------- /docs/wix/build_amd64.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/docs/wix/build_amd64.bat -------------------------------------------------------------------------------- /docs/wix/build_x86.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/docs/wix/build_x86.bat -------------------------------------------------------------------------------- /docs/wix/icon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/docs/wix/icon.ico -------------------------------------------------------------------------------- /executor/crash.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/executor/crash.go -------------------------------------------------------------------------------- /executor/doc.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/executor/doc.go -------------------------------------------------------------------------------- /executor/executor.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/executor/executor.go -------------------------------------------------------------------------------- /executor/executor_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/executor/executor_test.go -------------------------------------------------------------------------------- /executor/flows.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/executor/flows.go -------------------------------------------------------------------------------- /executor/nanny.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/executor/nanny.go -------------------------------------------------------------------------------- /executor/nanny_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/executor/nanny_test.go -------------------------------------------------------------------------------- /executor/pool.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/executor/pool.go -------------------------------------------------------------------------------- /executor/startup.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/executor/startup.go -------------------------------------------------------------------------------- /executor/stats.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/executor/stats.go -------------------------------------------------------------------------------- /executor/tempfile.go: -------------------------------------------------------------------------------- 1 | package executor 2 | -------------------------------------------------------------------------------- /executor/testutils.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/executor/testutils.go -------------------------------------------------------------------------------- /executor/throttler/cpu.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/executor/throttler/cpu.go -------------------------------------------------------------------------------- /executor/transactions.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/executor/transactions.go -------------------------------------------------------------------------------- /file_store/api/adapter.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/file_store/api/adapter.go -------------------------------------------------------------------------------- /file_store/api/paths.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/file_store/api/paths.go -------------------------------------------------------------------------------- /file_store/api/queues.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/file_store/api/queues.go -------------------------------------------------------------------------------- /file_store/api/utils.go: -------------------------------------------------------------------------------- 1 | package api 2 | -------------------------------------------------------------------------------- /file_store/api/walk.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/file_store/api/walk.go -------------------------------------------------------------------------------- /file_store/csv/doc.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/file_store/csv/doc.go -------------------------------------------------------------------------------- /file_store/csv/options.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/file_store/csv/options.go -------------------------------------------------------------------------------- /file_store/csv/reader.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/file_store/csv/reader.go -------------------------------------------------------------------------------- /file_store/csv/utils.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/file_store/csv/utils.go -------------------------------------------------------------------------------- /file_store/csv/writer.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/file_store/csv/writer.go -------------------------------------------------------------------------------- /file_store/file_store.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/file_store/file_store.go -------------------------------------------------------------------------------- /file_store/memory/memory.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/file_store/memory/memory.go -------------------------------------------------------------------------------- /file_store/memory/queue.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/file_store/memory/queue.go -------------------------------------------------------------------------------- /file_store/memory/reader.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/file_store/memory/reader.go -------------------------------------------------------------------------------- /file_store/memory/writer.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/file_store/memory/writer.go -------------------------------------------------------------------------------- /file_store/queue.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/file_store/queue.go -------------------------------------------------------------------------------- /file_store/utils.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/file_store/utils.go -------------------------------------------------------------------------------- /flows/artifacts.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/flows/artifacts.go -------------------------------------------------------------------------------- /flows/artifacts_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/flows/artifacts_test.go -------------------------------------------------------------------------------- /flows/client_flow_runner.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/flows/client_flow_runner.go -------------------------------------------------------------------------------- /flows/client_info.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/flows/client_info.go -------------------------------------------------------------------------------- /flows/collection_context.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/flows/collection_context.go -------------------------------------------------------------------------------- /flows/docs.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/flows/docs.go -------------------------------------------------------------------------------- /flows/housekeeping.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/flows/housekeeping.go -------------------------------------------------------------------------------- /flows/limits.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/flows/limits.go -------------------------------------------------------------------------------- /flows/logs.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/flows/logs.go -------------------------------------------------------------------------------- /flows/monitoring.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/flows/monitoring.go -------------------------------------------------------------------------------- /flows/proto/vfs.pb.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/flows/proto/vfs.pb.go -------------------------------------------------------------------------------- /flows/proto/vfs.proto: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/flows/proto/vfs.proto -------------------------------------------------------------------------------- /glob/fileinfo.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/glob/fileinfo.go -------------------------------------------------------------------------------- /glob/glob.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/glob/glob.go -------------------------------------------------------------------------------- /glob/glob_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/glob/glob_test.go -------------------------------------------------------------------------------- /glob/protocol.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/glob/protocol.go -------------------------------------------------------------------------------- /glob/tracker.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/glob/tracker.go -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/go.mod -------------------------------------------------------------------------------- /go.sum: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/go.sum -------------------------------------------------------------------------------- /grpc_client/dummy.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/grpc_client/dummy.go -------------------------------------------------------------------------------- /grpc_client/grpc.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/grpc_client/grpc.go -------------------------------------------------------------------------------- /gui/assets/.gitignore: -------------------------------------------------------------------------------- 1 | ab0x.go -------------------------------------------------------------------------------- /gui/assets/init.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/gui/assets/init.go -------------------------------------------------------------------------------- /gui/velociraptor/.env: -------------------------------------------------------------------------------- 1 | GENERATE_SOURCEMAP=false -------------------------------------------------------------------------------- /gui/velociraptor/.env.production: -------------------------------------------------------------------------------- 1 | GENERATE_SOURCEMAP=false -------------------------------------------------------------------------------- /gui/velociraptor/.eslintignore: -------------------------------------------------------------------------------- 1 | node_modules/ 2 | build/ 3 | .eslintrc.cjs 4 | 5 | -------------------------------------------------------------------------------- /gui/velociraptor/.gitattributes: -------------------------------------------------------------------------------- 1 | *.json text -------------------------------------------------------------------------------- /gui/velociraptor/.gitignore: -------------------------------------------------------------------------------- 1 | build/ 2 | node-modules/ 3 | -------------------------------------------------------------------------------- /gui/velociraptor/Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/gui/velociraptor/Makefile -------------------------------------------------------------------------------- /gui/velociraptor/b0x.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/gui/velociraptor/b0x.yaml -------------------------------------------------------------------------------- /gui/velociraptor/build/.keep: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /gui/velociraptor/docs.go: -------------------------------------------------------------------------------- 1 | package velociraptor 2 | -------------------------------------------------------------------------------- /gui/velociraptor/src/components/clients/label-form.jsx: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /gui/velociraptor/src/components/i8n/de_new.json: -------------------------------------------------------------------------------- 1 | {} -------------------------------------------------------------------------------- /gui/velociraptor/src/components/i8n/es_new.json: -------------------------------------------------------------------------------- 1 | {} -------------------------------------------------------------------------------- /gui/velociraptor/src/components/i8n/fr_new.json: -------------------------------------------------------------------------------- 1 | {} -------------------------------------------------------------------------------- /gui/velociraptor/src/components/i8n/jp_new.json: -------------------------------------------------------------------------------- 1 | {} -------------------------------------------------------------------------------- /gui/velociraptor/src/components/i8n/por_new.json: -------------------------------------------------------------------------------- 1 | {} -------------------------------------------------------------------------------- /gui/velociraptor/src/components/i8n/vi_new.json: -------------------------------------------------------------------------------- 1 | {} -------------------------------------------------------------------------------- /gui/velociraptor/src/components/utils/clock.css: -------------------------------------------------------------------------------- 1 | .clock { 2 | 3 | } 4 | -------------------------------------------------------------------------------- /gui/velociraptor/src/components/utils/number.css: -------------------------------------------------------------------------------- 1 | .numeric { 2 | text-align: right; 3 | } 4 | -------------------------------------------------------------------------------- /gui/velociraptor/src/themes/github-light.css: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /http_comms/comms.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/http_comms/comms.go -------------------------------------------------------------------------------- /http_comms/comms_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/http_comms/comms_test.go -------------------------------------------------------------------------------- /http_comms/doc.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/http_comms/doc.go -------------------------------------------------------------------------------- /http_comms/e2e_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/http_comms/e2e_test.go -------------------------------------------------------------------------------- /http_comms/ring_buffer.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/http_comms/ring_buffer.go -------------------------------------------------------------------------------- /http_comms/sender.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/http_comms/sender.go -------------------------------------------------------------------------------- /http_comms/sender_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/http_comms/sender_test.go -------------------------------------------------------------------------------- /http_comms/service.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/http_comms/service.go -------------------------------------------------------------------------------- /http_comms/websocket.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/http_comms/websocket.go -------------------------------------------------------------------------------- /json/csv.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/json/csv.go -------------------------------------------------------------------------------- /json/csv_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/json/csv_test.go -------------------------------------------------------------------------------- /json/debug.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/json/debug.go -------------------------------------------------------------------------------- /json/json.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/json/json.go -------------------------------------------------------------------------------- /json/proto.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/json/proto.go -------------------------------------------------------------------------------- /json/protobuf.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/json/protobuf.go -------------------------------------------------------------------------------- /json/registry.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/json/registry.go -------------------------------------------------------------------------------- /json/shortcuts.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/json/shortcuts.go -------------------------------------------------------------------------------- /json/shortcuts_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/json/shortcuts_test.go -------------------------------------------------------------------------------- /json/string.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/json/string.go -------------------------------------------------------------------------------- /json/timezone.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/json/timezone.go -------------------------------------------------------------------------------- /json/wrappers.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/json/wrappers.go -------------------------------------------------------------------------------- /logging/formatter.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/logging/formatter.go -------------------------------------------------------------------------------- /logging/levels.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/logging/levels.go -------------------------------------------------------------------------------- /logging/logging.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/logging/logging.go -------------------------------------------------------------------------------- /logging/logging_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/logging/logging_test.go -------------------------------------------------------------------------------- /logging/syslog_windows.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/logging/syslog_windows.go -------------------------------------------------------------------------------- /magefile.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/magefile.go -------------------------------------------------------------------------------- /make.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/make.go -------------------------------------------------------------------------------- /make_proto.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/make_proto.sh -------------------------------------------------------------------------------- /paths/artifacts.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/paths/artifacts.go -------------------------------------------------------------------------------- /paths/artifacts/logs.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/paths/artifacts/logs.go -------------------------------------------------------------------------------- /paths/artifacts/paths.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/paths/artifacts/paths.go -------------------------------------------------------------------------------- /paths/artifacts_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/paths/artifacts_test.go -------------------------------------------------------------------------------- /paths/backups.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/paths/backups.go -------------------------------------------------------------------------------- /paths/client.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/paths/client.go -------------------------------------------------------------------------------- /paths/client_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/paths/client_test.go -------------------------------------------------------------------------------- /paths/constants.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/paths/constants.go -------------------------------------------------------------------------------- /paths/dashboard.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/paths/dashboard.go -------------------------------------------------------------------------------- /paths/doc.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/paths/doc.go -------------------------------------------------------------------------------- /paths/flow_metadata.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/paths/flow_metadata.go -------------------------------------------------------------------------------- /paths/forms.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/paths/forms.go -------------------------------------------------------------------------------- /paths/hunt_metadata.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/paths/hunt_metadata.go -------------------------------------------------------------------------------- /paths/inventory.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/paths/inventory.go -------------------------------------------------------------------------------- /paths/notebooks.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/paths/notebooks.go -------------------------------------------------------------------------------- /paths/notebooks_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/paths/notebooks_test.go -------------------------------------------------------------------------------- /paths/ntfs.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/paths/ntfs.go -------------------------------------------------------------------------------- /paths/ntfs_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/paths/ntfs_test.go -------------------------------------------------------------------------------- /paths/orgs.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/paths/orgs.go -------------------------------------------------------------------------------- /paths/paths.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/paths/paths.go -------------------------------------------------------------------------------- /paths/paths_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/paths/paths_test.go -------------------------------------------------------------------------------- /paths/repository.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/paths/repository.go -------------------------------------------------------------------------------- /paths/secrets.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/paths/secrets.go -------------------------------------------------------------------------------- /paths/server.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/paths/server.go -------------------------------------------------------------------------------- /paths/temp.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/paths/temp.go -------------------------------------------------------------------------------- /paths/timelines.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/paths/timelines.go -------------------------------------------------------------------------------- /paths/timelines_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/paths/timelines_test.go -------------------------------------------------------------------------------- /paths/users.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/paths/users.go -------------------------------------------------------------------------------- /paths/users_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/paths/users_test.go -------------------------------------------------------------------------------- /paths/utils.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/paths/utils.go -------------------------------------------------------------------------------- /proto/flow_metadata.pb.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/proto/flow_metadata.pb.go -------------------------------------------------------------------------------- /proto/flow_metadata.proto: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/proto/flow_metadata.proto -------------------------------------------------------------------------------- /proto/semantic.pb.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/proto/semantic.pb.go -------------------------------------------------------------------------------- /proto/semantic.proto: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/proto/semantic.proto -------------------------------------------------------------------------------- /reporting/container.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/reporting/container.go -------------------------------------------------------------------------------- /reporting/doc.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/reporting/doc.go -------------------------------------------------------------------------------- /reporting/expand.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/reporting/expand.go -------------------------------------------------------------------------------- /reporting/gui.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/reporting/gui.go -------------------------------------------------------------------------------- /reporting/logging.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/reporting/logging.go -------------------------------------------------------------------------------- /reporting/paths.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/reporting/paths.go -------------------------------------------------------------------------------- /reporting/profile.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/reporting/profile.go -------------------------------------------------------------------------------- /reporting/progress.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/reporting/progress.go -------------------------------------------------------------------------------- /reporting/report.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/reporting/report.go -------------------------------------------------------------------------------- /reporting/result_sets.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/reporting/result_sets.go -------------------------------------------------------------------------------- /reporting/table.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/reporting/table.go -------------------------------------------------------------------------------- /reporting/timelines.go: -------------------------------------------------------------------------------- 1 | package reporting 2 | -------------------------------------------------------------------------------- /reporting/tmpfiles.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/reporting/tmpfiles.go -------------------------------------------------------------------------------- /reporting/uploader.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/reporting/uploader.go -------------------------------------------------------------------------------- /reporting/vql.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/reporting/vql.go -------------------------------------------------------------------------------- /responder/api.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/responder/api.go -------------------------------------------------------------------------------- /responder/flow_context.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/responder/flow_context.go -------------------------------------------------------------------------------- /responder/flow_manager.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/responder/flow_manager.go -------------------------------------------------------------------------------- /responder/monitoring.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/responder/monitoring.go -------------------------------------------------------------------------------- /responder/responder.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/responder/responder.go -------------------------------------------------------------------------------- /responder/testutils.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/responder/testutils.go -------------------------------------------------------------------------------- /responder/utils.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/responder/utils.go -------------------------------------------------------------------------------- /result_sets/api.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/result_sets/api.go -------------------------------------------------------------------------------- /result_sets/timed/docs.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/result_sets/timed/docs.go -------------------------------------------------------------------------------- /scripts/api_checker.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/scripts/api_checker.py -------------------------------------------------------------------------------- /scripts/dlv.init: -------------------------------------------------------------------------------- 1 | source scripts/dlv.star -------------------------------------------------------------------------------- /scripts/dlv.star: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/scripts/dlv.star -------------------------------------------------------------------------------- /scripts/mark_config.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/scripts/mark_config.py -------------------------------------------------------------------------------- /security.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/security.md -------------------------------------------------------------------------------- /server/comms.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/server/comms.go -------------------------------------------------------------------------------- /server/docs.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/server/docs.go -------------------------------------------------------------------------------- /server/enroll.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/server/enroll.go -------------------------------------------------------------------------------- /server/limits.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/server/limits.go -------------------------------------------------------------------------------- /server/limits_linux.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/server/limits_linux.go -------------------------------------------------------------------------------- /server/loadshed.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/server/loadshed.go -------------------------------------------------------------------------------- /server/metrics.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/server/metrics.go -------------------------------------------------------------------------------- /server/server.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/server/server.go -------------------------------------------------------------------------------- /server/startup.go: -------------------------------------------------------------------------------- 1 | package server 2 | -------------------------------------------------------------------------------- /server/websocket.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/server/websocket.go -------------------------------------------------------------------------------- /services/acl_manager.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/services/acl_manager.go -------------------------------------------------------------------------------- /services/alerts.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/services/alerts.go -------------------------------------------------------------------------------- /services/audit.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/services/audit.go -------------------------------------------------------------------------------- /services/backup.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/services/backup.go -------------------------------------------------------------------------------- /services/backup/backup.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/services/backup/backup.go -------------------------------------------------------------------------------- /services/broadcast.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/services/broadcast.go -------------------------------------------------------------------------------- /services/client_info.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/services/client_info.go -------------------------------------------------------------------------------- /services/ddclient/api.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/services/ddclient/api.go -------------------------------------------------------------------------------- /services/ddclient/noip.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/services/ddclient/noip.go -------------------------------------------------------------------------------- /services/debug/profile.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/services/debug/profile.go -------------------------------------------------------------------------------- /services/doc.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/services/doc.go -------------------------------------------------------------------------------- /services/exports.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/services/exports.go -------------------------------------------------------------------------------- /services/frontend.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/services/frontend.go -------------------------------------------------------------------------------- /services/frontend/urls.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/services/frontend/urls.go -------------------------------------------------------------------------------- /services/indexing.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/services/indexing.go -------------------------------------------------------------------------------- /services/indexing/ip.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/services/indexing/ip.go -------------------------------------------------------------------------------- /services/indexing/mru.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/services/indexing/mru.go -------------------------------------------------------------------------------- /services/inventory.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/services/inventory.go -------------------------------------------------------------------------------- /services/journal.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/services/journal.go -------------------------------------------------------------------------------- /services/journal/utils.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/services/journal/utils.go -------------------------------------------------------------------------------- /services/labels.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/services/labels.go -------------------------------------------------------------------------------- /services/labels/labels.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/services/labels/labels.go -------------------------------------------------------------------------------- /services/launcher.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/services/launcher.go -------------------------------------------------------------------------------- /services/launcher/acls.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/services/launcher/acls.go -------------------------------------------------------------------------------- /services/notebook.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/services/notebook.go -------------------------------------------------------------------------------- /services/notebook/api.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/services/notebook/api.go -------------------------------------------------------------------------------- /services/notifications.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/services/notifications.go -------------------------------------------------------------------------------- /services/orgs.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/services/orgs.go -------------------------------------------------------------------------------- /services/orgs/delete.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/services/orgs/delete.go -------------------------------------------------------------------------------- /services/orgs/ids.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/services/orgs/ids.go -------------------------------------------------------------------------------- /services/orgs/orgs.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/services/orgs/orgs.go -------------------------------------------------------------------------------- /services/orgs/services.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/services/orgs/services.go -------------------------------------------------------------------------------- /services/orgs/tests.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/services/orgs/tests.go -------------------------------------------------------------------------------- /services/repository.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/services/repository.go -------------------------------------------------------------------------------- /services/sanity/api.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/services/sanity/api.go -------------------------------------------------------------------------------- /services/sanity/certs.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/services/sanity/certs.go -------------------------------------------------------------------------------- /services/sanity/orgs.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/services/sanity/orgs.go -------------------------------------------------------------------------------- /services/sanity/sanity.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/services/sanity/sanity.go -------------------------------------------------------------------------------- /services/sanity/users.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/services/sanity/users.go -------------------------------------------------------------------------------- /services/scheduler.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/services/scheduler.go -------------------------------------------------------------------------------- /services/secrets.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/services/secrets.go -------------------------------------------------------------------------------- /services/secrets/utils.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/services/secrets/utils.go -------------------------------------------------------------------------------- /services/services.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/services/services.go -------------------------------------------------------------------------------- /services/spec.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/services/spec.go -------------------------------------------------------------------------------- /services/test_utils.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/services/test_utils.go -------------------------------------------------------------------------------- /services/users.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/services/users.go -------------------------------------------------------------------------------- /services/users/acls.go: -------------------------------------------------------------------------------- 1 | package users 2 | -------------------------------------------------------------------------------- /services/users/add_org.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/services/users/add_org.go -------------------------------------------------------------------------------- /services/users/delete.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/services/users/delete.go -------------------------------------------------------------------------------- /services/users/docs.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/services/users/docs.go -------------------------------------------------------------------------------- /services/users/get.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/services/users/get.go -------------------------------------------------------------------------------- /services/users/grpc.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/services/users/grpc.go -------------------------------------------------------------------------------- /services/users/links.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/services/users/links.go -------------------------------------------------------------------------------- /services/users/list.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/services/users/list.go -------------------------------------------------------------------------------- /services/users/orgs.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/services/users/orgs.go -------------------------------------------------------------------------------- /services/users/storage.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/services/users/storage.go -------------------------------------------------------------------------------- /services/users/tracker.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/services/users/tracker.go -------------------------------------------------------------------------------- /services/users/users.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/services/users/users.go -------------------------------------------------------------------------------- /services/vfs_service.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/services/vfs_service.go -------------------------------------------------------------------------------- /services/vfs_service/api.go: -------------------------------------------------------------------------------- 1 | package vfs_service 2 | -------------------------------------------------------------------------------- /services/vfs_service/list_files.go: -------------------------------------------------------------------------------- 1 | package vfs_service 2 | -------------------------------------------------------------------------------- /services/writeback/api.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/services/writeback/api.go -------------------------------------------------------------------------------- /startup/allowlists.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/startup/allowlists.go -------------------------------------------------------------------------------- /startup/client.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/startup/client.go -------------------------------------------------------------------------------- /startup/frontend.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/startup/frontend.go -------------------------------------------------------------------------------- /startup/pool.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/startup/pool.go -------------------------------------------------------------------------------- /startup/tool.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/startup/tool.go -------------------------------------------------------------------------------- /staticcheck.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/staticcheck.conf -------------------------------------------------------------------------------- /third_party/zip/LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/third_party/zip/LICENSE -------------------------------------------------------------------------------- /third_party/zip/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/third_party/zip/README.md -------------------------------------------------------------------------------- /third_party/zip/crypto.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/third_party/zip/crypto.go -------------------------------------------------------------------------------- /third_party/zip/reader.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/third_party/zip/reader.go -------------------------------------------------------------------------------- /third_party/zip/struct.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/third_party/zip/struct.go -------------------------------------------------------------------------------- /third_party/zip/writer.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/third_party/zip/writer.go -------------------------------------------------------------------------------- /timelines/api.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/timelines/api.go -------------------------------------------------------------------------------- /timelines/reader.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/timelines/reader.go -------------------------------------------------------------------------------- /timelines/timelines.go: -------------------------------------------------------------------------------- 1 | package timelines 2 | -------------------------------------------------------------------------------- /timelines/transformer.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/timelines/transformer.go -------------------------------------------------------------------------------- /timelines/writer.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/timelines/writer.go -------------------------------------------------------------------------------- /tools/fuse/accessors.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/tools/fuse/accessors.go -------------------------------------------------------------------------------- /tools/fuse/nodes.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/tools/fuse/nodes.go -------------------------------------------------------------------------------- /tools/fuse/options.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/tools/fuse/options.go -------------------------------------------------------------------------------- /tools/fuse/paths.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/tools/fuse/paths.go -------------------------------------------------------------------------------- /tools/fuse/times.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/tools/fuse/times.go -------------------------------------------------------------------------------- /tools/grpc-gateway.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/tools/grpc-gateway.go -------------------------------------------------------------------------------- /tools/json/validator.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/tools/json/validator.go -------------------------------------------------------------------------------- /tools/mkwinsyscall.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/tools/mkwinsyscall.go -------------------------------------------------------------------------------- /tools/survey/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/tools/survey/README.md -------------------------------------------------------------------------------- /tools/survey/allowlist.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/tools/survey/allowlist.go -------------------------------------------------------------------------------- /tools/survey/compile.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/tools/survey/compile.go -------------------------------------------------------------------------------- /tools/survey/frontend.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/tools/survey/frontend.go -------------------------------------------------------------------------------- /tools/survey/keys.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/tools/survey/keys.go -------------------------------------------------------------------------------- /tools/survey/network.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/tools/survey/network.go -------------------------------------------------------------------------------- /tools/survey/server.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/tools/survey/server.go -------------------------------------------------------------------------------- /tools/survey/sso.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/tools/survey/sso.go -------------------------------------------------------------------------------- /tools/survey/storage.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/tools/survey/storage.go -------------------------------------------------------------------------------- /tools/survey/survey.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/tools/survey/survey.go -------------------------------------------------------------------------------- /tools/survey/theme.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/tools/survey/theme.go -------------------------------------------------------------------------------- /uploads/api.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/uploads/api.go -------------------------------------------------------------------------------- /uploads/deduplication.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/uploads/deduplication.go -------------------------------------------------------------------------------- /uploads/file_based.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/uploads/file_based.go -------------------------------------------------------------------------------- /uploads/ranges.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/uploads/ranges.go -------------------------------------------------------------------------------- /uploads/ranges_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/uploads/ranges_test.go -------------------------------------------------------------------------------- /uploads/tracker.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/uploads/tracker.go -------------------------------------------------------------------------------- /uploads/utils.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/uploads/utils.go -------------------------------------------------------------------------------- /utils/alloc.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/alloc.go -------------------------------------------------------------------------------- /utils/arch.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/arch.go -------------------------------------------------------------------------------- /utils/buffer.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/buffer.go -------------------------------------------------------------------------------- /utils/clock.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/clock.go -------------------------------------------------------------------------------- /utils/compat.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/compat.go -------------------------------------------------------------------------------- /utils/completer.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/completer.go -------------------------------------------------------------------------------- /utils/compression.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/compression.go -------------------------------------------------------------------------------- /utils/compression_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/compression_test.go -------------------------------------------------------------------------------- /utils/concurrency.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/concurrency.go -------------------------------------------------------------------------------- /utils/copy.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/copy.go -------------------------------------------------------------------------------- /utils/counter.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/counter.go -------------------------------------------------------------------------------- /utils/debug.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/debug.go -------------------------------------------------------------------------------- /utils/dict.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/dict.go -------------------------------------------------------------------------------- /utils/dict_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/dict_test.go -------------------------------------------------------------------------------- /utils/dir_unix.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/dir_unix.go -------------------------------------------------------------------------------- /utils/endian.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/endian.go -------------------------------------------------------------------------------- /utils/env.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/env.go -------------------------------------------------------------------------------- /utils/errors.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/errors.go -------------------------------------------------------------------------------- /utils/file.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/file.go -------------------------------------------------------------------------------- /utils/file_unix.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/file_unix.go -------------------------------------------------------------------------------- /utils/file_windows.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/file_windows.go -------------------------------------------------------------------------------- /utils/files/tracker.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/files/tracker.go -------------------------------------------------------------------------------- /utils/flows.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/flows.go -------------------------------------------------------------------------------- /utils/http.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/http.go -------------------------------------------------------------------------------- /utils/http/logging.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/http/logging.go -------------------------------------------------------------------------------- /utils/hunts.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/hunts.go -------------------------------------------------------------------------------- /utils/hunts_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/hunts_test.go -------------------------------------------------------------------------------- /utils/json.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/json.go -------------------------------------------------------------------------------- /utils/logger.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/logger.go -------------------------------------------------------------------------------- /utils/lru.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/lru.go -------------------------------------------------------------------------------- /utils/memory_buffer.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/memory_buffer.go -------------------------------------------------------------------------------- /utils/mime.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/mime.go -------------------------------------------------------------------------------- /utils/nil.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/nil.go -------------------------------------------------------------------------------- /utils/notebook_id.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/notebook_id.go -------------------------------------------------------------------------------- /utils/orgs.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/orgs.go -------------------------------------------------------------------------------- /utils/paged_reader.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/paged_reader.go -------------------------------------------------------------------------------- /utils/panic.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/panic.go -------------------------------------------------------------------------------- /utils/path.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/path.go -------------------------------------------------------------------------------- /utils/path_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/path_test.go -------------------------------------------------------------------------------- /utils/prefix.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/prefix.go -------------------------------------------------------------------------------- /utils/prefix_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/prefix_test.go -------------------------------------------------------------------------------- /utils/progress.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/progress.go -------------------------------------------------------------------------------- /utils/prometheus.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/prometheus.go -------------------------------------------------------------------------------- /utils/proxy.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/proxy.go -------------------------------------------------------------------------------- /utils/proxy/proxy.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/proxy/proxy.go -------------------------------------------------------------------------------- /utils/proxy/proxy_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/proxy/proxy_test.go -------------------------------------------------------------------------------- /utils/queries.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/queries.go -------------------------------------------------------------------------------- /utils/quotes.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/quotes.go -------------------------------------------------------------------------------- /utils/rand/rand.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/rand/rand.go -------------------------------------------------------------------------------- /utils/readers.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/readers.go -------------------------------------------------------------------------------- /utils/readers_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/readers_test.go -------------------------------------------------------------------------------- /utils/reflect.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/reflect.go -------------------------------------------------------------------------------- /utils/regexp.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/regexp.go -------------------------------------------------------------------------------- /utils/retry.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/retry.go -------------------------------------------------------------------------------- /utils/sanitize.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/sanitize.go -------------------------------------------------------------------------------- /utils/sanitize_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/sanitize_test.go -------------------------------------------------------------------------------- /utils/semver.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/semver.go -------------------------------------------------------------------------------- /utils/semver_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/semver_test.go -------------------------------------------------------------------------------- /utils/sleep.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/sleep.go -------------------------------------------------------------------------------- /utils/slice.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/slice.go -------------------------------------------------------------------------------- /utils/string.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/string.go -------------------------------------------------------------------------------- /utils/stub.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/stub.go -------------------------------------------------------------------------------- /utils/tempfile/mktemp.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/tempfile/mktemp.go -------------------------------------------------------------------------------- /utils/tempfile/utils.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/tempfile/utils.go -------------------------------------------------------------------------------- /utils/text.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/text.go -------------------------------------------------------------------------------- /utils/throttler.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/throttler.go -------------------------------------------------------------------------------- /utils/throttler_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/throttler_test.go -------------------------------------------------------------------------------- /utils/time.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/time.go -------------------------------------------------------------------------------- /utils/urls.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/urls.go -------------------------------------------------------------------------------- /utils/users.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/users.go -------------------------------------------------------------------------------- /utils/utils.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/utils.go -------------------------------------------------------------------------------- /utils/writers.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/writers.go -------------------------------------------------------------------------------- /utils/yaml.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/yaml.go -------------------------------------------------------------------------------- /utils/yaml/nodes.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/utils/yaml/nodes.go -------------------------------------------------------------------------------- /vql/acl_managers/null.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/acl_managers/null.go -------------------------------------------------------------------------------- /vql/acl_managers/role.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/acl_managers/role.go -------------------------------------------------------------------------------- /vql/acls.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/acls.go -------------------------------------------------------------------------------- /vql/aggregates/all.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/aggregates/all.go -------------------------------------------------------------------------------- /vql/aggregates/any.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/aggregates/any.go -------------------------------------------------------------------------------- /vql/aggregates/stats.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/aggregates/stats.go -------------------------------------------------------------------------------- /vql/common/batch.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/common/batch.go -------------------------------------------------------------------------------- /vql/common/cache.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/common/cache.go -------------------------------------------------------------------------------- /vql/common/chain.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/common/chain.go -------------------------------------------------------------------------------- /vql/common/clock.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/common/clock.go -------------------------------------------------------------------------------- /vql/common/columns.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/common/columns.go -------------------------------------------------------------------------------- /vql/common/dedup.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/common/dedup.go -------------------------------------------------------------------------------- /vql/common/diff.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/common/diff.go -------------------------------------------------------------------------------- /vql/common/env.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/common/env.go -------------------------------------------------------------------------------- /vql/common/fifo.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/common/fifo.go -------------------------------------------------------------------------------- /vql/common/items.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/common/items.go -------------------------------------------------------------------------------- /vql/common/lru.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/common/lru.go -------------------------------------------------------------------------------- /vql/common/sampler.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/common/sampler.go -------------------------------------------------------------------------------- /vql/common/sequence.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/common/sequence.go -------------------------------------------------------------------------------- /vql/common/shell.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/common/shell.go -------------------------------------------------------------------------------- /vql/common/shell_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/common/shell_test.go -------------------------------------------------------------------------------- /vql/common/switch.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/common/switch.go -------------------------------------------------------------------------------- /vql/common/version.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/common/version.go -------------------------------------------------------------------------------- /vql/common/yara.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/common/yara.go -------------------------------------------------------------------------------- /vql/common/yara_common.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/common/yara_common.go -------------------------------------------------------------------------------- /vql/common/yara_rules.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/common/yara_rules.go -------------------------------------------------------------------------------- /vql/common/yara_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/common/yara_test.go -------------------------------------------------------------------------------- /vql/common/yarax.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/common/yarax.go -------------------------------------------------------------------------------- /vql/constants/ntfs.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/constants/ntfs.go -------------------------------------------------------------------------------- /vql/darwin/vad.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/darwin/vad.go -------------------------------------------------------------------------------- /vql/darwin/xattr.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/darwin/xattr.go -------------------------------------------------------------------------------- /vql/darwin/xattr_linux.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/darwin/xattr_linux.go -------------------------------------------------------------------------------- /vql/darwin/xattr_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/darwin/xattr_test.go -------------------------------------------------------------------------------- /vql/debug/nanny.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/debug/nanny.go -------------------------------------------------------------------------------- /vql/efi/efivariables.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/efi/efivariables.go -------------------------------------------------------------------------------- /vql/filesystem/cat.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/filesystem/cat.go -------------------------------------------------------------------------------- /vql/filesystem/copy.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/filesystem/copy.go -------------------------------------------------------------------------------- /vql/filesystem/rm.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/filesystem/rm.go -------------------------------------------------------------------------------- /vql/filesystem/vfs.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/filesystem/vfs.go -------------------------------------------------------------------------------- /vql/functions/alerts.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/functions/alerts.go -------------------------------------------------------------------------------- /vql/functions/dict.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/functions/dict.go -------------------------------------------------------------------------------- /vql/functions/encode.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/functions/encode.go -------------------------------------------------------------------------------- /vql/functions/entropy.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/functions/entropy.go -------------------------------------------------------------------------------- /vql/functions/eval.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/functions/eval.go -------------------------------------------------------------------------------- /vql/functions/expand.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/functions/expand.go -------------------------------------------------------------------------------- /vql/functions/format.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/functions/format.go -------------------------------------------------------------------------------- /vql/functions/gunzip.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/functions/gunzip.go -------------------------------------------------------------------------------- /vql/functions/hash.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/functions/hash.go -------------------------------------------------------------------------------- /vql/functions/humanize.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/functions/humanize.go -------------------------------------------------------------------------------- /vql/functions/ints.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/functions/ints.go -------------------------------------------------------------------------------- /vql/functions/lists.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/functions/lists.go -------------------------------------------------------------------------------- /vql/functions/log.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/functions/log.go -------------------------------------------------------------------------------- /vql/functions/networks.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/functions/networks.go -------------------------------------------------------------------------------- /vql/functions/patch.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/functions/patch.go -------------------------------------------------------------------------------- /vql/functions/paths.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/functions/paths.go -------------------------------------------------------------------------------- /vql/functions/pid.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/functions/pid.go -------------------------------------------------------------------------------- /vql/functions/pskill.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/functions/pskill.go -------------------------------------------------------------------------------- /vql/functions/rc4.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/functions/rc4.go -------------------------------------------------------------------------------- /vql/functions/rot13.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/functions/rot13.go -------------------------------------------------------------------------------- /vql/functions/sleep.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/functions/sleep.go -------------------------------------------------------------------------------- /vql/functions/strings.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/functions/strings.go -------------------------------------------------------------------------------- /vql/functions/time.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/functions/time.go -------------------------------------------------------------------------------- /vql/functions/tlsh.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/functions/tlsh.go -------------------------------------------------------------------------------- /vql/functions/unhex.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/functions/unhex.go -------------------------------------------------------------------------------- /vql/functions/url.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/functions/url.go -------------------------------------------------------------------------------- /vql/functions/uuid.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/functions/uuid.go -------------------------------------------------------------------------------- /vql/functions/xor.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/functions/xor.go -------------------------------------------------------------------------------- /vql/golang/background.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/golang/background.go -------------------------------------------------------------------------------- /vql/golang/generators.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/golang/generators.go -------------------------------------------------------------------------------- /vql/golang/goroutines.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/golang/goroutines.go -------------------------------------------------------------------------------- /vql/golang/memory.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/golang/memory.go -------------------------------------------------------------------------------- /vql/golang/profile.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/golang/profile.go -------------------------------------------------------------------------------- /vql/golang/profile.pb.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/golang/profile.pb.go -------------------------------------------------------------------------------- /vql/golang/profile.proto: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/golang/profile.proto -------------------------------------------------------------------------------- /vql/golang/trace.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/golang/trace.go -------------------------------------------------------------------------------- /vql/golang/typeof.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/golang/typeof.go -------------------------------------------------------------------------------- /vql/golang/verify.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/golang/verify.go -------------------------------------------------------------------------------- /vql/info.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/info.go -------------------------------------------------------------------------------- /vql/is_admin.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/is_admin.go -------------------------------------------------------------------------------- /vql/is_admin_windows.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/is_admin_windows.go -------------------------------------------------------------------------------- /vql/json.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/json.go -------------------------------------------------------------------------------- /vql/linux/audit.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/linux/audit.go -------------------------------------------------------------------------------- /vql/linux/connections.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/linux/connections.go -------------------------------------------------------------------------------- /vql/linux/ebpf/dns.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/linux/ebpf/dns.go -------------------------------------------------------------------------------- /vql/linux/ebpf/doc.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/linux/ebpf/doc.go -------------------------------------------------------------------------------- /vql/linux/ebpf/ebpf.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/linux/ebpf/ebpf.go -------------------------------------------------------------------------------- /vql/linux/ebpf/logger.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/linux/ebpf/logger.go -------------------------------------------------------------------------------- /vql/linux/ebpf/profile.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/linux/ebpf/profile.go -------------------------------------------------------------------------------- /vql/linux/sysinfo.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/linux/sysinfo.go -------------------------------------------------------------------------------- /vql/metadata.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/metadata.go -------------------------------------------------------------------------------- /vql/metrics.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/metrics.go -------------------------------------------------------------------------------- /vql/networking/dns.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/networking/dns.go -------------------------------------------------------------------------------- /vql/networking/host.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/networking/host.go -------------------------------------------------------------------------------- /vql/networking/mail.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/networking/mail.go -------------------------------------------------------------------------------- /vql/networking/netcat.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/networking/netcat.go -------------------------------------------------------------------------------- /vql/networking/network.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/networking/network.go -------------------------------------------------------------------------------- /vql/networking/secrets.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/networking/secrets.go -------------------------------------------------------------------------------- /vql/networking/spy.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/networking/spy.go -------------------------------------------------------------------------------- /vql/networking/tls.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/networking/tls.go -------------------------------------------------------------------------------- /vql/networking/upload.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/networking/upload.go -------------------------------------------------------------------------------- /vql/networking/wrapper.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/networking/wrapper.go -------------------------------------------------------------------------------- /vql/parsers/authenticode/doc.go: -------------------------------------------------------------------------------- 1 | package authenticode 2 | -------------------------------------------------------------------------------- /vql/parsers/binary.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/parsers/binary.go -------------------------------------------------------------------------------- /vql/parsers/csv/csv.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/parsers/csv/csv.go -------------------------------------------------------------------------------- /vql/parsers/ese/ese.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/parsers/ese/ese.go -------------------------------------------------------------------------------- /vql/parsers/ese/sid.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/parsers/ese/sid.go -------------------------------------------------------------------------------- /vql/parsers/grok.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/parsers/grok.go -------------------------------------------------------------------------------- /vql/parsers/grok_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/parsers/grok_test.go -------------------------------------------------------------------------------- /vql/parsers/json.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/parsers/json.go -------------------------------------------------------------------------------- /vql/parsers/leveldb.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/parsers/leveldb.go -------------------------------------------------------------------------------- /vql/parsers/lzxpress.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/parsers/lzxpress.go -------------------------------------------------------------------------------- /vql/parsers/ntfs.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/parsers/ntfs.go -------------------------------------------------------------------------------- /vql/parsers/ole.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/parsers/ole.go -------------------------------------------------------------------------------- /vql/parsers/pe.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/parsers/pe.go -------------------------------------------------------------------------------- /vql/parsers/pe_dump.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/parsers/pe_dump.go -------------------------------------------------------------------------------- /vql/parsers/plist.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/parsers/plist.go -------------------------------------------------------------------------------- /vql/parsers/prefetch.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/parsers/prefetch.go -------------------------------------------------------------------------------- /vql/parsers/pst_parser.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/parsers/pst_parser.go -------------------------------------------------------------------------------- /vql/parsers/recyclebin.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/parsers/recyclebin.go -------------------------------------------------------------------------------- /vql/parsers/sql/sql.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/parsers/sql/sql.go -------------------------------------------------------------------------------- /vql/parsers/sql/sqlite.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/parsers/sql/sqlite.go -------------------------------------------------------------------------------- /vql/parsers/usn/carver.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/parsers/usn/carver.go -------------------------------------------------------------------------------- /vql/parsers/usn/usn.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/parsers/usn/usn.go -------------------------------------------------------------------------------- /vql/parsers/xml.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/parsers/xml.go -------------------------------------------------------------------------------- /vql/parsers/yaml.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/parsers/yaml.go -------------------------------------------------------------------------------- /vql/process.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/process.go -------------------------------------------------------------------------------- /vql/protocols/dict.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/protocols/dict.go -------------------------------------------------------------------------------- /vql/protocols/lambda.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/protocols/lambda.go -------------------------------------------------------------------------------- /vql/protocols/lazy.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/protocols/lazy.go -------------------------------------------------------------------------------- /vql/protocols/regex.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/protocols/regex.go -------------------------------------------------------------------------------- /vql/protocols/slice.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/protocols/slice.go -------------------------------------------------------------------------------- /vql/protocols/time.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/protocols/time.go -------------------------------------------------------------------------------- /vql/psutils/common.go: -------------------------------------------------------------------------------- 1 | package psutils 2 | -------------------------------------------------------------------------------- /vql/psutils/connections.go: -------------------------------------------------------------------------------- 1 | package psutils 2 | -------------------------------------------------------------------------------- /vql/psutils/disk.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/psutils/disk.go -------------------------------------------------------------------------------- /vql/psutils/doc.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/psutils/doc.go -------------------------------------------------------------------------------- /vql/psutils/host.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/psutils/host.go -------------------------------------------------------------------------------- /vql/psutils/host_linux.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/psutils/host_linux.go -------------------------------------------------------------------------------- /vql/psutils/net.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/psutils/net.go -------------------------------------------------------------------------------- /vql/psutils/process.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/psutils/process.go -------------------------------------------------------------------------------- /vql/readers/paged.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/readers/paged.go -------------------------------------------------------------------------------- /vql/remapping/install.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/remapping/install.go -------------------------------------------------------------------------------- /vql/remapping/mocker.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/remapping/mocker.go -------------------------------------------------------------------------------- /vql/scope.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/scope.go -------------------------------------------------------------------------------- /vql/server/backup.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/server/backup.go -------------------------------------------------------------------------------- /vql/server/clients/new.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/server/clients/new.go -------------------------------------------------------------------------------- /vql/server/compress.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/server/compress.go -------------------------------------------------------------------------------- /vql/server/crypto.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/server/crypto.go -------------------------------------------------------------------------------- /vql/server/elastic.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/server/elastic.go -------------------------------------------------------------------------------- /vql/server/events.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/server/events.go -------------------------------------------------------------------------------- /vql/server/file_store.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/server/file_store.go -------------------------------------------------------------------------------- /vql/server/flows/flows.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/server/flows/flows.go -------------------------------------------------------------------------------- /vql/server/flows/logs.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/server/flows/logs.go -------------------------------------------------------------------------------- /vql/server/hunts/hunts.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/server/hunts/hunts.go -------------------------------------------------------------------------------- /vql/server/hunts/info.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/server/hunts/info.go -------------------------------------------------------------------------------- /vql/server/hunts/stop.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/server/hunts/stop.go -------------------------------------------------------------------------------- /vql/server/inventory.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/server/inventory.go -------------------------------------------------------------------------------- /vql/server/kill.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/server/kill.go -------------------------------------------------------------------------------- /vql/server/labels.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/server/labels.go -------------------------------------------------------------------------------- /vql/server/links.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/server/links.go -------------------------------------------------------------------------------- /vql/server/logging.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/server/logging.go -------------------------------------------------------------------------------- /vql/server/orgs/create.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/server/orgs/create.go -------------------------------------------------------------------------------- /vql/server/orgs/delete.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/server/orgs/delete.go -------------------------------------------------------------------------------- /vql/server/orgs/orgs.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/server/orgs/orgs.go -------------------------------------------------------------------------------- /vql/server/repository.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/server/repository.go -------------------------------------------------------------------------------- /vql/server/secrets/add.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/server/secrets/add.go -------------------------------------------------------------------------------- /vql/server/splunk.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/server/splunk.go -------------------------------------------------------------------------------- /vql/server/users/get.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/server/users/get.go -------------------------------------------------------------------------------- /vql/server/users/grant.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/server/users/grant.go -------------------------------------------------------------------------------- /vql/server/users/users.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/server/users/users.go -------------------------------------------------------------------------------- /vql/sigma/details.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/sigma/details.go -------------------------------------------------------------------------------- /vql/sigma/logsource.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/sigma/logsource.go -------------------------------------------------------------------------------- /vql/sigma/pool.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/sigma/pool.go -------------------------------------------------------------------------------- /vql/sigma/protocols.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/sigma/protocols.go -------------------------------------------------------------------------------- /vql/sigma/runner.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/sigma/runner.go -------------------------------------------------------------------------------- /vql/sigma/sigma.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/sigma/sigma.go -------------------------------------------------------------------------------- /vql/sigma/sigma_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/sigma/sigma_test.go -------------------------------------------------------------------------------- /vql/sigma/tracker.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/sigma/tracker.go -------------------------------------------------------------------------------- /vql/sorter/mergesort.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/sorter/mergesort.go -------------------------------------------------------------------------------- /vql/tools/artifacts.go: -------------------------------------------------------------------------------- 1 | package tools 2 | -------------------------------------------------------------------------------- /vql/tools/atexit.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/tools/atexit.go -------------------------------------------------------------------------------- /vql/tools/azure_upload.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/tools/azure_upload.go -------------------------------------------------------------------------------- /vql/tools/delay.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/tools/delay.go -------------------------------------------------------------------------------- /vql/tools/dns/tracker.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/tools/dns/tracker.go -------------------------------------------------------------------------------- /vql/tools/gcs_upload.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/tools/gcs_upload.go -------------------------------------------------------------------------------- /vql/tools/geoip.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/tools/geoip.go -------------------------------------------------------------------------------- /vql/tools/js.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/tools/js.go -------------------------------------------------------------------------------- /vql/tools/magic.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/tools/magic.go -------------------------------------------------------------------------------- /vql/tools/panic.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/tools/panic.go -------------------------------------------------------------------------------- /vql/tools/process/api.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/tools/process/api.go -------------------------------------------------------------------------------- /vql/tools/process/pid.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/tools/process/pid.go -------------------------------------------------------------------------------- /vql/tools/process/tree.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/tools/process/tree.go -------------------------------------------------------------------------------- /vql/tools/query.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/tools/query.go -------------------------------------------------------------------------------- /vql/tools/rekey.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/tools/rekey.go -------------------------------------------------------------------------------- /vql/tools/repack.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/tools/repack.go -------------------------------------------------------------------------------- /vql/tools/repack_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/tools/repack_test.go -------------------------------------------------------------------------------- /vql/tools/s3_upload.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/tools/s3_upload.go -------------------------------------------------------------------------------- /vql/tools/sftp_upload.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/tools/sftp_upload.go -------------------------------------------------------------------------------- /vql/tools/smb_upload.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/tools/smb_upload.go -------------------------------------------------------------------------------- /vql/tools/starlark.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/tools/starlark.go -------------------------------------------------------------------------------- /vql/tools/template.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/tools/template.go -------------------------------------------------------------------------------- /vql/tools/unzip.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/tools/unzip.go -------------------------------------------------------------------------------- /vql/unimplemented.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/unimplemented.go -------------------------------------------------------------------------------- /vql/unimplemented_cgo.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/unimplemented_cgo.go -------------------------------------------------------------------------------- /vql/unimplemented_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/unimplemented_test.go -------------------------------------------------------------------------------- /vql/utils.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/utils.go -------------------------------------------------------------------------------- /vql/utils/help.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/utils/help.go -------------------------------------------------------------------------------- /vql/utils/repository.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/utils/repository.go -------------------------------------------------------------------------------- /vql/vql.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/vql.go -------------------------------------------------------------------------------- /vql/windows/aliases.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/windows/aliases.go -------------------------------------------------------------------------------- /vql/windows/amsi.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/windows/amsi.go -------------------------------------------------------------------------------- /vql/windows/crypto.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/windows/crypto.c -------------------------------------------------------------------------------- /vql/windows/crypto.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/windows/crypto.go -------------------------------------------------------------------------------- /vql/windows/doc.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/windows/doc.go -------------------------------------------------------------------------------- /vql/windows/etw/doc.go: -------------------------------------------------------------------------------- 1 | package etw 2 | -------------------------------------------------------------------------------- /vql/windows/etw/stats.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/windows/etw/stats.go -------------------------------------------------------------------------------- /vql/windows/gen.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/windows/gen.go -------------------------------------------------------------------------------- /vql/windows/processes.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/windows/processes.go -------------------------------------------------------------------------------- /vql/windows/status.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/windows/status.go -------------------------------------------------------------------------------- /vql/windows/users.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/windows/users.go -------------------------------------------------------------------------------- /vql/windows/winpmem.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/windows/winpmem.go -------------------------------------------------------------------------------- /vql/windows/wmi/events.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/windows/wmi/events.c -------------------------------------------------------------------------------- /vql/windows/wmi/events.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/windows/wmi/events.go -------------------------------------------------------------------------------- /vql/windows/wmi/wmi.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql/windows/wmi/wmi.go -------------------------------------------------------------------------------- /vql_plugins/accessors.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql_plugins/accessors.go -------------------------------------------------------------------------------- /vql_plugins/plugins.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql_plugins/plugins.go -------------------------------------------------------------------------------- /vql_plugins/server.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vql_plugins/server.go -------------------------------------------------------------------------------- /vtesting/assert/retry.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vtesting/assert/retry.go -------------------------------------------------------------------------------- /vtesting/config.go: -------------------------------------------------------------------------------- 1 | package vtesting 2 | -------------------------------------------------------------------------------- /vtesting/file_info.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vtesting/file_info.go -------------------------------------------------------------------------------- /vtesting/goldie/goldie.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vtesting/goldie/goldie.go -------------------------------------------------------------------------------- /vtesting/goldie/utils.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vtesting/goldie/utils.go -------------------------------------------------------------------------------- /vtesting/helpers.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vtesting/helpers.go -------------------------------------------------------------------------------- /vtesting/httptest.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vtesting/httptest.go -------------------------------------------------------------------------------- /vtesting/logging.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vtesting/logging.go -------------------------------------------------------------------------------- /vtesting/metrics.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vtesting/metrics.go -------------------------------------------------------------------------------- /vtesting/ports.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vtesting/ports.go -------------------------------------------------------------------------------- /vtesting/tls.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/velociraptor/HEAD/vtesting/tls.go --------------------------------------------------------------------------------