Sift is a multi-threaded regex pattern finding tool capable of scanning most popular file types. It can scan for multiple patterns, and patterns are encrypted and saved to a config file for convenience.
If there are any findings during a scan they will be output to the user specified directory as in a CSV file. Upon first scan a log file will also be generated in this directory that will be populated with any errors generated during the scan.
For a scan to run:
- At least one pattern needs to be defined
- At least one root directory needs to be defined
- Output directory must be defined
- Run the sift executable, and enter your desired password.
- Add your space delimited patterns using the -a flag.
- Add your desired output directory using the -o flag.
- Add your space delimited root directories using the -r flag.
- Run your first scan using the -s flag
This will run a scan of my D drive looking for the pattern test and output the findings to a csv file inside the folder C:\test
.\sift.exe -a test -o C:\test -r D:\ -s.\sift.exe -a "hello there".\sift.exe -a "\d\d\d-\d\d-\d\d\d\d"| flag | Description |
|---|---|
| -a | Add a pattern to the config file |
| -A | Remove a pattern from the config file |
| -k | Print patterns to console |
| -r | Add a root to the config file |
| -R | Remove a root to the config file |
| -m | Print roots to console |
| -o | Modify the output location |
| -l | Print the output directory to console |
| -z | Print the config file to console |
| -q | Reset the config file |
| -i | Make scan case sensitive (Scans are case-insensitive by default) |
| -v | Verbose output |
Use the -q flag to reset the config file, and enter a new password. This will also lose all the previously entered patterns, roots, and output directory.