regex can be used for searching for binaries in suspicious locations or finding uniquely named binaries.
a list of pre-defined queries can be added to a definition file for faster baselining/hunting instead of using the --query option multiple times.
Proposal
The ability to define regex strings for parameters in a definition file should be added. In addition the ability to define full queries in definition files should be added so a list of multiple pre-defined queries can be run in succession easily. It is recommended these features also be added to other platforms where supported.
Which category is the feature part of?
Which product is the feature part of?
Use Cases
Proposal The ability to define regex strings for parameters in a definition file should be added. In addition the ability to define full queries in definition files should be added so a list of multiple pre-defined queries can be run in succession easily. It is recommended these features also be added to other platforms where supported.