MetaFS is for generating a datastore of file metadata for rapid complex searches
To install metafs, simply:
$ pip install metafs
or using easy_install:
$ easy_install metafs
or from source:
$ python setup.py install
The Filer will not parse files above the max_parse_size provided when initializing (Default: 100000000) and can use a specific magic file using magic_file when initializing.
>>> import metafs
>>> filer = metafs.SQLiteFiler("./test.db")
>>> filer.update("/")
>>> filer.search("SELECT * FROM files")
>>> filer.close()| hashes | |
|---|---|
| hash_id INTEGER | hash TEXT |
| magics | |
|---|---|
| magic_id INTEGER | magic TEXT |
| paths | ||||
|---|---|---|---|---|
| path_id INTEGER | path TEXT | mtime REAL | atime REAL | ctime REAL |
| files | |||
|---|---|---|---|
| file_id INTEGER | path_id INTEGER | filename TEXT | magic_id INTEGER |
| size INTEGER | mtime REAL | ctime REAL | atime REAL |
| peheaders | |||
|---|---|---|---|
| file_id INTEGER | export_dll_id INTEGER | compile_time INTEGER | petype TEXT |
| dlls | |
|---|---|
| dll_id INTEGER | name TEXT |
| functions | ||
|---|---|---|
| function_id INTEGER | name TEXT | from_dll_id INTEGER |
| file_export_dlls | |
|---|---|
| file_id INTEGER | dll_id INTEGER |
| file_import_dlls | |
|---|---|
| file_id INTEGER | dll_id INTEGER |
| file_export_functions | |
|---|---|
| file_id INTEGER | function_id INTEGER |
| file_import_functions | |
|---|---|
| file_id INTEGER | function_id INTEGER |
| file_version_info | ||
|---|---|---|
| file_id INTEGER | version_info_field_id INTEGER | version_info_value_id INTEGER |
| version_info_fields | |
|---|---|
| version_info_field_id INTEGER | version_info_field TEXT |
| version_info_values | |
|---|---|
| version_info_value_id INTEGER | version_info_value TEXT |
| sections | ||||
|---|---|---|---|---|
| file_id INTEGER | name TEXT | size INTEGER | v_size INTEGER | entropy REAL |
| anomalies | |
|---|---|
| file_id INTEGER | anomaly TEXT |
- Free software: BSD license, see LICENSE.txt for details