osquery-zip-table

command module
v0.0.0-...-76745f3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 23, 2026 License: MIT Imports: 5 Imported by: 0

README

osquery-zip-table

An osquery table extension to list the contents of a ZIP archive.

Building

To build the osquery extension you will need to have the following installed:

To build the extension, use:

make

Usage

Load the extension into osqueryd:

osqueryd \
  --extensions_autoload=/tmp/extensions.load \
  --pidfile=/tmp/osquery.pid \
  --database_path=/tmp/osquery.db \
  --extensions_socket=/tmp/osquery.sock

Then you can query the zip table:

SELECT
  zip_file,
  file_name,
  comment,
  modified,
  non_utf8,
  compressed_size,
  uncompressed_size,
  crc32,
  method,
  flags,
  creator_version,
  reader_version,
  external_attrs,
  extra_length
FROM zip
WHERE zip_file = '/path/to/archive.zip';

Troubleshooting

Run osqueryd/osqueryi with the --verbose flag to see extension logs. If running as root, adjust ownership of build/osquery-zip-table-extension.ext or use the --allow_unsafe flag.

Thanks

Inspired by burdzwastaken/osquery-s3-config.

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Directories

Path Synopsis
pkg
zip

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.