/5l4pp3r

forensic snapshot tool designed to capture a comprehensive view of your system's configuration environment. It's like a high-resolution camera for your system's state, providing IT professionals and forensic analysts with a powerful lens to examine system configurations at any given point in time.

Primary LanguageGo

5l4pp3r

πŸ“Έ Your system's configuration, frozen in time.

πŸš€ High-Level Purpose

5l4pp3r is a forensic snapshot tool designed to capture a comprehensive view of your system's configuration environment. It's like a high-resolution camera for your system's state, providing IT professionals and forensic analysts with a powerful lens to examine system configurations at any given point in time.

πŸ” What It Does

5l4pp3r meticulously collects and stores:

  • πŸ–₯️ System Information: Hostname and timestamp
  • 🌐 Network Details: IP addresses, MAC addresses, interface names
  • πŸ“ Configuration Files: From standard system directories and user-specific locations

All this data is compressed and stored in a structured database (SQLite or PostgreSQL), creating a space-optimized, point-in-time record of your system's state.

πŸ—οΈ Architectural Overview

Key Components:

  1. Configuration Loading (internal/config)

  2. Reads config.toml for flexible customization

  3. Defines database settings, compression algorithms, scan directories, and more

  4. Logging and Instrumentation

  5. Utilizes zerolog for structured, timestamped logs

  6. Storage Setup (internal/storage)

  7. Supports SQLite (local) and PostgreSQL (centralized)

  8. Ensures proper schema creation and verification

  9. Data Gathering (internal/gatherer)

  10. Collects system info, network details, and configuration files

  11. Compresses file contents for space efficiency

πŸ’Ύ Data Ingestion and Persistence Flow

  1. Insert System Info (creates system_id)
  2. Assign system_id to Config Files
  3. Insert Network Interfaces (linked to system_id)
  4. Insert Config Files (compressed, with metadata)
  5. Commit the Transaction

πŸ•΅οΈ Forensic and IT Professional Value

  • Immutable Point-in-Time State: Reconstruct system settings at snapshot time
  • Relational Data Model: Powerful querying capabilities
  • Repeatable and Extensible: Track configuration evolution over time
  • Centralization and Aggregation: Create a global forensic data lake (with PostgreSQL)

πŸš€ Getting Started

  1. Clone the repository:
git clone https://github.com/copyleftdev/5l4pp3r.git
  1. Configure config.toml with your desired settings
  2. Build and run:
go build
./5l4pp3r

πŸ“Š Example Output

11:25AM INF Starting 5l4pp3r...
11:26AM INF Snapshot completed successfully.

πŸ› οΈ Possible Enhancements

  • Filtering and Exclusions
  • Extended Metadata and Integrity Checks
  • Integration with CI/CD and Automation Tools

🀝 Contributing

We welcome contributions! Please see our CONTRIBUTING.md for details.

πŸ“œ License

This project is licensed under the MIT License - see the LICENSE file for details.

πŸ™ Acknowledgments

  • All the amazing open-source libraries that made this project possible
  • The forensic IT community for inspiration and use cases

Remember: With great power comes great responsibility. Use 5l4pp3r ethically and legally! πŸ¦Έβ€β™‚οΈπŸ¦Έβ€β™€οΈ