A 3gram search engine for querying terabytes of data in milliseconds. Optimized for working with binary files (for example, malware dumps).
Created in CERT.PL. Originally by Jarosław Jedynak (tailcall.net), extended and improved by Michał Leszczyński.
This repository is only for UrsaDB project (ngram database). See CERT-Polska/mquery for more user friendly UI.
- Create new database:
mkdir /opt/ursadb
ursadb_new /opt/ursadb/db.ursa
- Run UrsaDB server:
ursadb /opt/ursadb/db.ursa
- Connect with UrsaCLI:
$ ursacli
[2020-04-13 18:16:36.511] [info] Connected to UrsaDB v1.3.0 (connection id: 006B8B4571)
ursadb>
ursadb> index "/opt/samples" with [gram3, text4, wide8, hash4];
- Now you can perform queries. For example, match all files with three null bytes:
ursadb> select {00 00 00};
Read the syntax documentation to learn more about available commands.
More documentation can be found in the docs directory.
You can also read the hosted version here: cert-polska.github.io/ursadb.
If you have any problems, bugs or feature requests related to UrsaDB, you're encouraged to create a GitHub issue.