🚀 Filo-Go v0.5.1
Today I'm happy to announce the first stable release:
The goal of Filo-Go is to provide a unified forensic analysis platform that can replace workflows involving multiple tools such as Binwalk, file, ExifTool, and strings.
Highlights
- REST API server
- Docker support
- Interactive HTML reports
- Streaming analysis pipeline
- Analysis result caching
- Plugin system
- MCP integration
- YARA support
- Firmware analysis capabilities
- Security hardening improvements
Quality Improvements
This release also focuses heavily on engineering quality:
- 79.6% test coverage
- Zero lint issues
- GitHub Actions CI/CD
- Apache 2.0 licensing
- Improved documentation and benchmarking
Real Performance Benchmarks
One lesson learned during development is that benchmark claims must be measurable and reproducible.
Earlier benchmark experiments produced unrealistic numbers, so I rebuilt the benchmarking process and published reproducible results based on actual workloads.
Current measured results against Binwalk:
| Operation | Speedup |
|---|---|
| PNG Analysis | 193.86× |
| ZIP Analysis | 216.78× |
| Random 10MB Blob Scan | 13.94× |
Benchmark scripts and raw results are included in the repository for verification.
Known Limitations
Not every operation is faster.
For example:
-
filo stringsis still slower than GNU strings on large inputs. -
filo hashis slightly slower than dedicated hash utilities.
I'm intentionally documenting these tradeoffs because performance claims without context are not useful.
What's Next?
Future work includes:
- Additional forensic modules
- Expanded firmware support
- More analysis formats
- Better reporting capabilities
- Continued performance optimization
Building Filo-Go has been one of the most educational projects I've worked on as a cybersecurity student, touching everything from file formats and malware analysis to API design, testing, benchmarking, and systems programming.
Repository: filo-go
Feedback, bug reports, and contributions are welcome.
Top comments (0)