Documentation ¶
Index ¶
- Constants
- func CountFiles(directory string) (cnt int)
- func DisableAuditPolicy(subCatOrGuid string) error
- func EnableAuditPolicy(subCatOrGuid string) error
- func EnableDNSLogs() error
- func ExpandEnvs(s ...string) (o []string)
- func FlushDNSCache() error
- func GzipFileBestSpeed(path string) (err error)
- func HashEventBytes(b []byte) string
- func HidsCreateFile(filename string) (*os.File, error)
- func HidsWriteFile(filename string, data []byte) error
- func IsPipePath(path string) bool
- func Json(i interface{}) []byte
- func JsonString(i interface{}) string
- func NextIP(ip net.IP) net.IP
- func PrettyJson(i interface{}) string
- func PrevIP(ip net.IP) net.IP
- func ReadFileString(path string) (string, error)
- func RegQuery(key, value string) (string, error)
- func RemoveEDRAuditACL(directories ...string) (err error)
- func Round(f float64, precision int) float64
- func SetAuditPolicy(subCatOrGuid string, success, failure bool) error
- func SetEDRAuditACL(directories ...string) (err error)
- func Sha256StringArray(array []string) string
- func StdDir(dir string) string
- func StdDirs(directories ...string) (o []string)
- func SvcFromPid(pid int32) string
- func Unzip(zipfile, dest string) (err error)
- func Utf16ToUtf8(b []byte) ([]byte, error)
- type ByteSlice
- type WindowsLogger
Constants ¶
const ( Kilo Mega Giga )
const (
// DefaultPerms default permissions for output files
DefaultPerms = 0740
)
Variables ¶
This section is empty.
Functions ¶
func CountFiles ¶ added in v1.5.0
CountFiles counts files in a directory
func DisableAuditPolicy ¶
func EnableAuditPolicy ¶
func ExpandEnvs ¶
ExpandEnvs expands several strings with environment variable it is just a loop calling os.ExpandEnv for every element
func FlushDNSCache ¶
func FlushDNSCache() error
FlushDNSCache executes windows command to flush the DNS cache
func GzipFileBestSpeed ¶
GzipFileBestSpeed compresses a file to gzip and deletes the original file
func HashEventBytes ¶
HashEventBytes return a hash from a byte slice assuming the event has been JSON encoded with the json.Marshal
func HidsCreateFile ¶
HidsCreateFile creates a file with the good permissions
func HidsWriteFile ¶
HidsWriteFile is a wrapper around ioutil.WriteFile to write a file with the good permissions
func IsPipePath ¶ added in v1.5.0
IsPipePath checks whether the argument path is a pipe
func NextIP ¶
derived from: https://gist.github.com/kotakanbe/d3059af990252ba89a82
func PrettyJson ¶
func PrettyJson(i interface{}) string
PrettyJson returns a JSON pretty string out of i
func PrevIP ¶
derived from: https://gist.github.com/kotakanbe/d3059af990252ba89a82
func ReadFileString ¶ added in v1.5.0
ReadFileString reads bytes from a file
func RemoveEDRAuditACL ¶
func SetAuditPolicy ¶
func SetEDRAuditACL ¶
func SvcFromPid ¶ added in v1.6.0
SvcFromPid returns the list of services hosted by a given PID interesting to know what service is hosted by svchost
func Unzip ¶
Unzip helper function to unzip a file to a destination folder source code from : https://stackoverflow.com/questions/20357223/easy-way-to-unzip-file-with-golang
func Utf16ToUtf8 ¶ added in v1.7.0
Utf16ToUtf8 converts a utf16 encoded byte slice to utf8 byte slice it returns error if there is any decoding / encoding issue Inspired by: https://gist.github.com/bradleypeabody/185b1d7ed6c0c2ab6cec#file-gistfile1-go
Types ¶
type WindowsLogger ¶
type WindowsLogger struct { Channel string Source string // contains filtered or unexported fields }
WindowsLogger structure definition
func NewWindowsLogger ¶
func NewWindowsLogger(channel, source string) (wl *WindowsLogger, err error)
NewWindowsLogger creates a new WindowsLogger structure
func (*WindowsLogger) Close ¶
func (w *WindowsLogger) Close() error
Close closes the logger in a clean fashion
func (*WindowsLogger) Log ¶
func (w *WindowsLogger) Log(eventid int, entrytype, message string)
Log logs a message through powershell Write-EventLog