Add Docker support for FastFinder with multi-platform builds

Author: codeyourweb

.github/workflows/docker_build.yml

@@ -0,0 +1,149 @@
+name: Docker Build Test
+
+on:
+  push:
+    branches: [ main, develop ]
+    paths:
+      - 'docker/**'
+      - '*.go'
+      - 'go.mod'
+      - 'go.sum'
+      - '.github/workflows/docker_build.yml'
+  pull_request:
+    branches: [ main ]
+    paths:
+      - 'docker/**'
+      - '*.go'
+  workflow_dispatch:
+
+jobs:
+  # Test builder Dockerfile (cross-compilation)
+  test-builder:
+    name: Test Multi-Platform Builder
+    runs-on: ubuntu-latest
+    
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      
+      - name: Build Linux binary
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: docker/Dockerfile.builder
+          target: linux-builder
+          push: false
+          tags: fastfinder-linux-builder:test
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+      
+      - name: Build Windows binary
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: docker/Dockerfile.builder
+          target: windows-builder
+          push: false
+          tags: fastfinder-windows-builder:test
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+      
+      - name: Extract binaries
+        run: |
+          mkdir -p bin
+          docker build --target binaries --output type=local,dest=./bin -f docker/Dockerfile.builder .
+          ls -lh bin/
+      
+      - name: Verify binaries exist
+        run: |
+          if [ ! -f "bin/fastfinder-linux-amd64" ]; then
+            echo "Linux binary not found!"
+            exit 1
+          fi
+          if [ ! -f "bin/fastfinder-windows-amd64.exe" ]; then
+            echo "Windows binary not found!"
+            exit 1
+          fi
+          echo "✓ Both binaries built successfully"
+      
+      - name: Test Linux binary
+        run: |
+          chmod +x bin/fastfinder-linux-amd64
+          bin/fastfinder-linux-amd64 --version || echo "Version check not available"
+      
+      - name: Upload binaries as artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: fastfinder-binaries
+          path: |
+            bin/fastfinder-linux-amd64
+            bin/fastfinder-windows-amd64.exe
+          retention-days: 7
+
+  # Test runtime Dockerfile
+  test-runtime:
+    name: Test Runtime Container
+    runs-on: ubuntu-latest
+    
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      
+      - name: Build runtime image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: docker/Dockerfile.runtime
+          push: false
+          tags: fastfinder:test
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+      
+      - name: Test runtime container
+        run: |
+          # Create test directories
+          mkdir -p test-scan test-output
+          echo "test file" > test-scan/test.txt
+          
+          # Run container
+          docker run --rm \
+            -v $(pwd)/test-scan:/scan:ro \
+            -v $(pwd)/examples:/rules:ro \
+            -v $(pwd)/test-output:/output \
+            fastfinder:test \
+            --help
+          
+          echo "✓ Runtime container works"
+
+  # Test docker-compose
+  test-compose:
+    name: Test Docker Compose
+    runs-on: ubuntu-latest
+    
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      
+      - name: Validate docker-compose.yml
+        run: |
+          cd docker
+          docker-compose config
+          echo "✓ docker-compose.yml is valid"
+      
+      - name: Test builder profile
+        run: |
+          cd docker
+          docker-compose --profile build config
+          echo "✓ Builder profile is valid"
+      
+      - name: Test runtime profile
+        run: |
+          cd docker
+          docker-compose --profile runtime config
+          echo "✓ Runtime profile is valid"

.gitignore

@@ -2,4 +2,5 @@
 .idea/
 *.iml
 .vscode/
-.history/
+.history/
+bin/

Icon.ico

@@ -54,6 +54,35 @@ FastFinder is a powerful, lightweight incident response tool designed for cybers
 - 🪟 **Windows**: [Compilation Guide](README.windows-compilation.md)
 - 🐧 **Linux**: [Compilation Guide](README.linux-compilation.md)
 
+### Docker Installation (No Dependencies Required!)
+
+The easiest way to build FastFinder without installing any dependencies:
+
+```bash
+# Build binaries for Linux and Windows
+cd docker
+make build-binaries
+
+# Binaries will be in ./bin/
+# - fastfinder-linux-amd64
+# - fastfinder-windows-amd64.exe
+```
+
+#### Docker Runtime Container
+
+Run FastFinder inside a privileged Docker container to scan volumes or mounted filesystems:
+
+```powershell
+# Build the runtime image (includes FastFinder + YARA + editors)
+.\docker-helper.ps1 build-runtime
+
+# Run scan with configuration directory
+.\docker-helper.ps1 run-runtime -ConfigPath "C:\path\to\config_folder" -ScanPath "C:\data\to\scan"
+
+# Interactive shell mode (no scan, just shell access)
+.\docker-helper.ps1 run-runtime -Interactive
+```
+
 ### Requirements
 
 - **Runtime**: No dependencies required for pre-compiled binaries
@@ -105,7 +134,7 @@ fastfinder [OPTIONS]
 ./fastfinder -b standalone_scanner.exe
 ```
 
-> 💡 **Tip**: FastFinder can run with standard user privileges, but administrative rights provide access to all system files. 
+> 💡 **Tip**: FastFinder can run with standard user privileges, but administrative rights provide access to all system files.
 
 ### Scan and export file match according to your needs
 configuration examples are available [there](./examples)
@@ -143,13 +172,13 @@ eventforwarding:
     retain_files: 5      # Keep 5 old files
   http: # forward app activity with HTTP POST json data
     enabled: false
-	  url: "https://your-forwarder-url.com/api/events"
-	  ssl_verify: false
-	  timeout_seconds: 10
-	  headers:
+    url: "https://your-forwarder-url.com/api/events"
+    ssl_verify: false
+    timeout_seconds: 10
+    headers:
       Authorization: "Bearer YOUR_API_KEY"
       MY-CUSTOM-HEADER: "My-Header-Value"
-	  retry_count: 3
+    retry_count: 3
   filters:
     event_types:
       - "error"
@@ -164,10 +193,34 @@ eventforwarding:
 * regular expressions are also available , just enclose paths with slashes (eg. /[0-9]{8}\\.exe/)
 * environment variables can also be used (eg. %TEMP%\\myfile.exe)
 
+### YARA Rules Path Resolution
+
+**Relative paths in YAML configuration are resolved relative to the configuration file location:**
+
+```yaml
+input:
+  content:
+    yara:
+      - "./example_rule_linux.yar"           # Looks in same folder as config.yaml
+      - "./subfolder/custom_rules.yar"       # Looks in subfolder relative to config
+      - "/absolute/path/to/rule.yar"         # Absolute paths work as-is
+      - "https://example.com/rules.yar"      # URLs are also supported
+```
+
+Example directory structure:
+```
+project/
+├── config.yaml
+├── example_rule_linux.yar          # ✅ Found by "./example_rule_linux.yar"
+└── rules/
+    └── custom.yar                  # ✅ Found by "./rules/custom.yar"
+```
+
 ### Important notes
 * input path are always case INSENSITIVE
 * content search on string (grep) are always case SENSITIVE
 * backslashes SHOULD NOT be escaped (except with regular expressions)
+* **YARA rules must exist** - missing rules will cause FastFinder to exit with an error
 For more informations, take a look at the [examples](./examples)
 
 ## 🤝 Contributing

README.md

@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"io/ioutil"
 	"net/http"
+	"path/filepath"
 	"regexp"
 	"strings"
 
@@ -71,6 +72,14 @@ func (c *Configuration) getConfiguration(configFile string) *Configuration {
 	var yamlContent []byte
 	var err error
 	configFile = strings.TrimSpace(configFile)
+	configBaseDir := ""
+
+	if !IsValidUrl(configFile) {
+		if absPath, err := filepath.Abs(configFile); err == nil {
+			configFile = absPath
+			configBaseDir = filepath.Dir(absPath)
+		}
+	}
 
 	// configuration reading
 	if IsValidUrl(configFile) {
@@ -160,5 +169,16 @@ func (c *Configuration) getConfiguration(configFile string) *Configuration {
 		c.Input.Content.Checksum[i] = strings.ToLower(c.Input.Content.Checksum[i])
 	}
 
+	// normalize YARA paths relative to the configuration file directory
+	if configBaseDir != "" {
+		for i := 0; i < len(c.Input.Content.Yara); i++ {
+			p := strings.TrimSpace(c.Input.Content.Yara[i])
+			if len(p) == 0 || IsValidUrl(p) || filepath.IsAbs(p) {
+				continue
+			}
+			c.Input.Content.Yara[i] = filepath.Clean(filepath.Join(configBaseDir, p))
+		}
+	}
+
 	return c
 }

configuration.go

@@ -0,0 +1,20 @@
+# Docker outputs
+output/
+logs/
+*.log
+
+# Environment files (may contain secrets)
+.env
+
+# Temporary files
+tmp/
+temp/
+*.tmp
+
+# Build artifacts
+bin/
+
+# OS files
+.DS_Store
+Thumbs.db
+desktop.ini

docker/.gitignore

@@ -0,0 +1,73 @@
+# Multi-stage Dockerfile for cross-compiling FastFinder for Linux and Windows
+# This container builds 64-bit binaries without requiring local dependencies
+
+FROM debian:bookworm-slim AS base
+
+# Install common build dependencies
+RUN apt-get update && apt-get install -y \
+    wget \
+    git \
+    build-essential \
+    automake \
+    libtool \
+    pkg-config \
+    libssl-dev \
+    ca-certificates \
+    && rm -rf /var/lib/apt/lists/*
+
+# Install Go 1.24.6
+ARG GO_VERSION=1.24.6
+RUN wget https://go.dev/dl/go${GO_VERSION}.linux-amd64.tar.gz && \
+    tar -C /usr/local -xzf go${GO_VERSION}.linux-amd64.tar.gz && \
+    rm go${GO_VERSION}.linux-amd64.tar.gz
+
+ENV PATH="/usr/local/go/bin:${PATH}"
+ENV GOPATH="/go"
+ENV PATH="${GOPATH}/bin:${PATH}"
+
+# Build YARA library 4.5.5 from source (static)
+ARG YARA_VERSION=4.5.5
+WORKDIR /build
+RUN wget https://github.com/VirusTotal/yara/archive/v${YARA_VERSION}.tar.gz && \
+    tar -xzf v${YARA_VERSION}.tar.gz && \
+    cd yara-${YARA_VERSION} && \
+    ./bootstrap.sh && \
+    ./configure --prefix=/usr/local --enable-static --disable-shared && \
+    make -j$(nproc) && \
+    make install && \
+    ldconfig && \
+    cd .. && rm -rf yara-${YARA_VERSION} v${YARA_VERSION}.tar.gz
+
+# ========================================
+# Stage 2: Linux builder
+# ========================================
+FROM base AS linux-builder
+
+WORKDIR /src
+
+# Copy source code
+COPY go.mod go.sum ./
+RUN go mod download
+
+COPY *.go ./
+COPY examples ./examples/
+COPY resources ./resources/
+COPY tests ./tests/
+
+# Build for Linux AMD64
+ENV CGO_ENABLED=1
+ENV GOOS=linux
+ENV GOARCH=amd64
+ENV CGO_CFLAGS="-I/usr/local/include"
+ENV CGO_LDFLAGS="-L/usr/local/lib -Wl,-Bstatic -lyara -Wl,-Bdynamic -lssl -lcrypto"
+
+RUN go build -ldflags="-s -w" -tags yara_static -o /output/fastfinder-linux-amd64 .
+
+# ========================================
+# Stage 3: Output collector - Linux only
+# ========================================
+FROM scratch AS binaries
+
+# Copy compiled binary
+COPY --from=linux-builder /output/fastfinder-linux-amd64 /
+