Filesystem Scanner getting started guide🔗

This guide explains how to use the SandboxAQ Filesystem Scanner (formerly Host Scanner) to obtain a cryptography scan from the filesystem.

Prerequisites🔗

Before using the Filesystem Scanner, make sure you’ve followed the installation instructions.

Scanning a Filesystem🔗

Navigate to a directory where you have write permissions to store scan results.

Linux🔗

Move the cs-host-scanner executable file to your chosen directory and run:

./cs-host-scanner \
    --root /path/to/root/directory \
    --output scan.cst.gz

Windows🔗

Move the cs-host-scanner.exe executable file, and the libffi-6.dll, libgmp-10.dll, and zlib1.dll libraries to your chosen directory and run:

.\cs-host-scanner.exe `
    --root \path\to\root\directory `
    --output scan.cst.gz

When the Filesystem Scanner has finished executing, the directory you chose earlier will contain the generated trace file.

Refer to the API Client documentation for instructions to upload a trace.

You can change the directory where the Filesystem Scanner generates traces with the --output option.

How it works🔗

Starting from the chosen root location, the Filesystem Scanner goes through every file in the directory tree below, recursively descending into all subdirectories (without pursuing symbolic links). It tests the initial bytes of each file against a set of detectors for supported formats.

For those that are supported, it parses the files and logs the cryptographic material in a format suitable for analysis by AQtive Guard. No sensitive data, such as private keys, is stored. In the case of encrypted keystores, if a password is provided, the Filesystem Scanner also attempts to decrypt the encrypted portions using that password.