search

cs-shadowbq / falcon_sandbox_submitter

A write only binary for submitting malware to the CrowdStrike Falcon Sandbox using the goSDK.
MIT License
3 stars 1 forks source link

add `auto` file detection for sandbox environment default #2

Open cs-shadowbq opened 6 months ago

cs-shadowbq commented 6 months ago

Is your feature request related to a problem? Please describe. file type detection ( Content type detection using magic numbers ) for sandbox environment determination

Describe the solution you'd like add auto file detection for sandbox environment default, incorporate a switch

Describe alternatives you've considered default compiled targets to use the same environment "linux compile target defaults to linux sandbox" etc..

Additional context https://github.com/gabriel-vasile/mimetype

example use of mimetype:

func GetExtensionAndContentType(file io.Reader) (string, string, error) {
    var extension string
    var contentType string
    mimeType, err := mimetype.DetectReader(file)

    if err != nil {
        return "", "", err
    } else {
        extension = mimeType.Extension()
        contentType = mimeType.String()
    }
    return extension, contentType, nil
}
shadowbq commented 1 month ago

Second option

https://github.com/h2non/filetype

shadowbq commented 1 month ago

Additionally use mime types to add data filters.

Usecase: only submit binary files not document files because of possible data leakage or compliance requirements.