An osquery extension built with osquery-python with a few tables that were converted from Go.
- Have Python and osquery-python installed on your dev environment,
- A tool to help convert Python programs into executables, like PyInstaller,
- And of course, osquery.
| Table | Description | Example Usage |
|---|---|---|
| file_lines | Returns each line in a specified file. | SELECT * FROM file_lines WHERE path='/home/readme.md'SELECT * FROM file_lines WHERE path LIKE '/home/%.md' |
| exec | Allows command execution with queries. | SELECT * FROM exec WHERE cmd='whoami' |
WIP...