Sift is a multi-threaded regex pattern finding tool capable of scanning most popular file types. It can scan for multiple patterns, and patterns are encrypted and saved to a config file for convenience.
If there are any findings during a scan they will be output to the user specified directory as in a CSV file. Upon first scan a log file will also be generated in this directory that will be populated with any errors generated during the scan.
For a scan to run:
- At least one pattern needs to be defined
- At least one root directory needs to be defined
- Output directory must be defined
- Run the sift executable, and enter your desired password.
- Add your space delimited patterns using the -a flag.
- Add your desired output directory using the -o flag.
- Add your space delimited root directories using the -r flag.
- Run your first scan using the -s flag
This will run a scan of my D drive looking for the pattern test and output the findings to a csv file inside the folder C:\test
.\sift.exe -a test -o C:\test -r D:\ -s
.\sift.exe -a "hello there"
.\sift.exe -a "\d\d\d-\d\d-\d\d\d\d"
flag | Description |
---|---|
-a | Add a pattern to the config file |
-A | Remove a pattern from the config file |
-k | Print patterns to console |
-r | Add a root to the config file |
-R | Remove a root to the config file |
-m | Print roots to console |
-o | Modify the output location |
-l | Print the output directory to console |
-z | Print the config file to console |
-q | Reset the config file |
-i | Make scan case sensitive (Scans are case-insensitive by default) |
-v | Verbose output |
Use the -q flag to reset the config file, and enter a new password. This will also lose all the previously entered patterns, roots, and output directory.