Closed vtgdias closed 3 years ago
No. Variables inside regex are not supported.
Just pull all the extensions and filter afterwards
This becomes problematic because if people use some funky keyword with regex in it I then have to worry about escaping those etc.
What is the use case here.
Hi Eric,
I work as a forensic analyst for the State Police of Rio de Janeiro. I am trying to create a target that pulls files based on a keyword, as we constantly have to look for files in an 'on site investigation', to seize only what is related to the investigation. ex: files that have names using some keyword, mostly based on financial records (nota_fiscal.pdf). Seize all files with certain extensions sometimes could generate TB of data.
I thought of creating a target tkape file for that but perhaps there is another way using KAPE´s features.
tks in advance
On Tue, May 25, 2021 at 5:54 PM Eric @.***> wrote:
This becomes problematic because if people use some funky keyword with regex in it I then have to worry about escaping those etc.
What is the use case here.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/EricZimmerman/KapeFiles/issues/490#issuecomment-848257340, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAB2CM4YEKX54TPJPFGEGC3TPQFAXANCNFSM45QF5EAQ .
-- Atenciosamente, Vinicius T. G. Dias
"A password should be like a toothbrush. Use it every day; change it regularly; and DON'T share it with friends" - USENET ''The quieter you become, the more you are able to hear "When mountains speak, wise men listen" - John Muir
KAPE version
v1.0.0.0
Is it possible to use regex inside FileMask (target tkape files)?
I ve tried some variations like:
FileMask: regex:.{%keyword%}..(pdf|xls|xlsx|csv|bmp|cdr|gif|jpg2|mj2jpeg|jpg|pcx|png|svg|tiff|webp|doc|docx|dotx|odt|rtf)
FileMask: regex:.%keyword%..(pdf|xls|xlsx|csv|bmp|cdr|gif|jpg2|mj2jpeg|jpg|pcx|png|svg|tiff|webp|doc|docx|dotx|odt|rtf)
FileMask: regex:"." + %keyword% + "..(pdf|xls|xlsx|csv|bmp|cdr|gif|jpg2|mj2jpeg|jpg|pcx|png|svg|tiff|webp|doc|docx|dotx|odt|rtf)"
FileMask: regex:.(%keyword%)..(pdf|xls|xlsx|csv|bmp|cdr|gif|jpg2|mj2jpeg|jpg|pcx|png|svg|tiff|webp|doc|docx|dotx|odt|rtf)
but none seens to work. Kape runs without problem but no files is found (using in a controlled environment with few files to match regex).
If this isn't available, is there another way of achieving the same result? Could be implemented?