GitHub - zeroday/vscan: a text scanning suite

Branches Tags

Name		Name	Last commit message	Last commit date
Latest commit History 9 Commits
config		config
contrib		contrib
docs		docs
t		t
INSTALL		INSTALL
LICENSE		LICENSE
Makefile		Makefile
README		README
binder.cc		binder.cc
binder.h		binder.h
cgen.h		cgen.h
compat_fstatat.h		compat_fstatat.h
compat_lseek64.h		compat_lseek64.h
compat_openat.h		compat_openat.h
config.Darwin.mk		config.Darwin.mk
config.Linux.mk		config.Linux.mk
config.cc		config.cc
config.h		config.h
config.lua		config.lua
configure		configure
counter.cc		counter.cc
counter.h		counter.h
cpplint.py		cpplint.py
decider.cc		decider.cc
decider.h		decider.h
decode.cc		decode.cc
decode.h		decode.h
encode.cc		encode.cc
encode.h		encode.h
fake_fdopendir.cc		fake_fdopendir.cc
fake_fdopendir.h		fake_fdopendir.h
fd_scannable.cc		fd_scannable.cc
fd_scannable.h		fd_scannable.h
fd_traversal.cc		fd_traversal.cc
fd_traversal.h		fd_traversal.h
highlight.cc		highlight.cc
hits_model.cc		hits_model.cc
hits_model.h		hits_model.h
log.cc		log.cc
log.h		log.h
luaa.cc		luaa.cc
luaa.h		luaa.h
maintainer		maintainer
nat.c		nat.c
nat.h		nat.h
path_dir_pair.h		path_dir_pair.h
path_model.cc		path_model.cc
path_model.h		path_model.h
regex_scanner.cc		regex_scanner.cc
regex_scanner.h		regex_scanner.h
report.cc		report.cc
sample_model.cc		sample_model.cc
sample_model.h		sample_model.h
scan_dir.cc		scan_dir.cc
scan_storage.cc		scan_storage.cc
scan_tarball.cc		scan_tarball.cc
scannable.cc		scannable.cc
scannable.h		scannable.h
scanner.cc		scanner.cc
scanner.h		scanner.h
scanner_mode.cc		scanner_mode.cc
scanner_mode.h		scanner_mode.h
sensor_model.cc		sensor_model.cc
sensor_model.h		sensor_model.h
sensors.cc		sensors.cc
sensors.h		sensors.h
sqlite3_compat.h		sqlite3_compat.h
stream_traversal.cc		stream_traversal.cc
stream_traversal.h		stream_traversal.h
summarize.cc		summarize.cc
system.hh		system.hh
tarball_scannable.cc		tarball_scannable.cc
tarball_scannable.h		tarball_scannable.h
tarball_scanner.cc		tarball_scanner.cc
tarball_scanner.h		tarball_scanner.h
tarball_traversal.cc		tarball_traversal.cc
tarball_traversal.h		tarball_traversal.h
traversal.cc		traversal.cc
traversal.h		traversal.h
vscan-view		vscan-view

Repository files navigation

% VSCAN README
% Michael Stone <[email protected]>
% February 1, 2011

`vscan` is a toolkit for making fast but crude measurements of the prevalence
of named textual features in algorithmically selected samples of large corpora.

It's useful in the same places as `find` and `grep` but it's designed to yield
more useful reports, e.g., by letting you name the patterns that you're
searching for and by storing the resulting matches in a SQLite database for
later correlation with upload or modification logs.

So far, we've used it, with some success, for

  a) hunting for JavaScript malware in FTP-accessible file systems and for

  b) hunting for call-sites of deprecated cryptographic primitives in large
     collections of source code.

To install `vscan`, please follow the instructions in the `INSTALL` file
located alongside this `README` or check to see whether `vscan` is available
through your favorite package manager.

For information on how to use `vscan`, please see the overview and command-
specific documentation in the `docs/` subdirectory of the source code. (Also,
take a look at the `config.lua` file alongisde this `README` -- it's got some
fun examples of nasty JavaScript patterns!)

Finally, please write if you have trouble getting `vscan` to work or if you've
done cool things with `vscan` that we might want to merge -- we'd love to hear
from you!