Skip to main content

Cado Host CLI Documentation

Usage

cado-host [-h] [--verbose] [--verbose_network] {version,capture,upload} ...

Options

  • -h, --help
    Show the help message and exits.
  • --verbose
    Enable verbose output.
  • --verbose_network
    Enable verbose network logging.

Commands

version

Returns the current version of Cado Host.

capture

Capture and triage files based on chosen configuration.

Options

  • -c {default,light,max}, --collection_mode {default,light,max}
    Selects the collection mode which changes how Cado Host will search for files:

    • default
      Searches and collects the default set files of files as outlined here.
    • light
      Searches and collects files smaller than 10MB.
    • max
      Searches and collects a larger set of files regardless of size. This will slow capture down significantly.

  • -a [ADDITIONAL_FILES ...], --additional_files [ADDITIONAL_FILES ...]
    List multiple files or folders to collect, separated by spaces.

    tip

    Note: Folders should NOT have trailing slashes. File and folder paths must be separated by spaces and enclosed in double quotes. For example:

    cado-host.exe capture --additional_files "C:\tools\secretfile.txt" "C:\SuperSecretFolder"

  • -ap ADDITIONAL_FILES_PATH, --additional_files_path ADDITIONAL_FILES_PATH
    Path to a local file containing a list of files or folders to collect, one per line.

  • --only_additional_files
    Only collect files and folders specified in --additional_files.

  • --groups [GROUPS ...]
    Collect a specific group of files. Use --list_groups to see available groups. If no groups are specified, all groups will be collected.

  • --list_groups
    List all available groups of files that can be collected.

  • -o OUTPUT_PATH, --output_path OUTPUT_PATH
    Path where Cado Host will save the collection.

Kubernetes Specific Options

  • --target_container TARGET_CONTAINER
    Selects a target container in a Kubernetes cluster.

  • --skip_root_check
    Skips the root permissions check when collecting a Kubernetes container.

    warning

    Note: This should only be used when you are sure that the sysadmin profile is available. See the Kubernetes docs for more information.

Windows Specific Options

  • --dd DRIVE, --default_drive DRIVE
    Specifies the default drive on a Windows system.

  • --include_memory
    Acquires process memory, this can be slow on Windows systems as it will acquire process memory regardless of size.

Linux Specific Options

  • --skip_memory
    Skips memory collection for a faster capture.

  • --include_large_memory
    Includes open files and memory even if it exceeds 1MB in size. This will slow capture down significantly.

upload

Upload an existing Cado Host capture file, or other files. This will clean up the uploaded resource locally by default.

tip

When using cado-host upload to upload single files to the Cado platform, please use --no_cleanup to ensure Cado Host doesn't delete the file after upload.

Options

  • --presigned_data PRESIGNED_DATA
    Encoded upload credentials generated by the Cado platform.

  • --capture_path CAPTURE_PATH
    Path of the file to upload and import into the Cado Platform.

  • --no_cleanup
    Disable self-cleanup after triage upload.

  • --skip_ssl_verify
    Explicitly allow Cado Host to skip SSL verification when uploading to cloud storage. This is insecure.

    warning

    Note: This should only be used as a last resort, useful when proxies in enterprise deployments require the use of a custom self-signed certificate.