qfind¶
$ target-query <path/to/target> -f qfind
Module |
|
Output |
|
Module documentation
Basically grep -a "malware" on steroids.
Function documentation
Find a needle in a haystack.
Hex encode needles starting with # in needle files, otherwise these needles are ignored.
- Example:
# find all instances of "malware" in the target target-qfind <TARGET> --needles malware # find all instances of "malware" in the target, ignoring case target-qfind <TARGET> --needles MaLwArE --ignore-case # find all instances of "malware" in the target and show raw hex dumps target-qfind <TARGET> --needles malware --raw # find all instances of "malware" in the target, in UTF-8 and UTF-16-LE (UTF-8 is default) target-qfind <TARGET> --needles malware --encoding utf-16-le # find all matches of regular expression "malware\s\d+" in the target (e.g. ``malware 1337``) target-qfind <TARGET> --needles "malware\s\d+" --regex # use a file for needles target-qfind <TARGET> --needle-file needles.txt # use target-query instead of target-qfind (output in records) target-query <TARGET> -f qfind --needles malware