Scan Archives

[abn]

We need to consider handling ZIP and TAR files for scans.

Maybe RPM too?

[gcmurphy]

I agree that this is something worth considering. Although I am concerned about is scope creep. e.g. Do we also include .deb files? .rar?

One thing worth considering is that the three file formats that you've mentioned all can be unpacked to stdout e.g. for tar files. So perhaps a general solution could include an option to receive file content from stdin via a special flag.

rpm2cpio example.rpm | cpio --to-stdout -iv | java -jar victims-client.jar --pipe

However there are numerous headaches that would come from this also. I'll put this on the todo list I'm not certain what the best way to tackle this is right now.

[abn]

Scope creep is an issue yes, however for a standalone client I reckon we need to at the very least support the handling of ZIP archives.

The rest I suppose can be handled via a stdin based scanner. Although it might be good to design it in such a way that new scanners can be plugged in with stdin and zip being the first ones. We can expand later if/when the need arises.