Skip to main content

Command Line Parameters

Below are the command line parameters supported by Cado Host.

usage: cado-host.exe [-h] [--presigned_data PRESIGNED_DATA] [--presigned_url PRESIGNED_URL]
               [--storage {aws,local,gcp,azure}] [--bucket BUCKET] [--access_key ACCESS_KEY]
               [--secret_key SECRET_KEY] [--region REGION] [--sas SAS] [-l]
               [-a ADDITIONAL_FILES [ADDITIONAL_FILES ...]] [-ap ADDITIONAL_FILES_PATH]
               [--only_additional_files] [--single_file_unzipped SINGLE_FILE_UNZIPPED]
               [--include_large_varc] [--skip_linux_memory] [--get_windows_memory] [-v]
               [--verbose] [--verbose_network] [-dd DEFAULT_DRIVE] [-o OUTPUT_PATH]
               [--no_cleanup] [--dev]

options:
  -h, --help            show this help message and exit
  --presigned_data PRESIGNED_DATA
                        Encoded upload credentials generated by Cado Response.
  --presigned_url PRESIGNED_URL
                        Specify the presigned url you wish to upload files to.
  --storage {aws,local,gcp,azure}
  --bucket BUCKET       Bucket to upload files to.
  --access_key ACCESS_KEY
                        Access key of your AWS credentials.
  --secret_key SECRET_KEY
                        Secret Key of your AWS credentials.
  --region REGION       AWS Region.
  --sas SAS             Shared Access Signature that can be used to upload triage/full disk to
                        an Azure container.
  -l, --light_mode      Enable light_mode where we only retrieve files 10 MB in size or less.
  -a ADDITIONAL_FILES [ADDITIONAL_FILES ...], --additional_files ADDITIONAL_FILES [ADDITIONAL_FILES ...]
                        List multiple files/folders to collect with the space character between
                        them.
  -ap ADDITIONAL_FILES_PATH, --additional_files_path ADDITIONAL_FILES_PATH
                        Path to a local file containing a list of files/folders to collect. One
                        on each line.
  --only_additional_files
                        Only collect files and folders specified in --additional-files.
  --single_file_unzipped SINGLE_FILE_UNZIPPED
                        Directly upload a single file to storage and import. Useful as a
                        command line option for uploading files to Cado Response.
  --include_large_varc  Include open files and memory even if it exceeds 1MB in size (this can
                        be slow).
  --skip_linux_memory   Dont collect memory on Linux. Faster.
  --get_windows_memory  Acquire Process Memory on Windows systems. Unlike Linux, this is
                        disabled by default as its slower on Windows. Implicitly applies
                        --include_large_varc.
  -v, --version
  --verbose
  --verbose_network
  -dd DEFAULT_DRIVE, --default_drive DEFAULT_DRIVE
                        Specify the default drive for your system.
  -o OUTPUT_PATH, --output_path OUTPUT_PATH
                        Output path if running for local storage.
  --no_cleanup          Disable cleanup after triage.
  --dev                 Runs cado host in development mode.

Example Command Line

cado-host.exe --additional_files "C:\tools\secretfile.txt" "C:\SuperSecretFolder"
tip

Note that folders should NOT have trailing slashes. Files and folder paths should be delimted by a space and be enclosed in double quotes.