Need a scan now? Download the right collector, run one command, then upload the generated JSONL. The deeper evidence notes are below for while the scan runs.
This is the whole required flow for a normal first scan. Use the rest of the page only when you need a different scan shape, scheduling, or evidence details.
In the dashboard, open Collectors and choose the file that matches the target operating system and CPU. Use that exact filename in the command.
Use one command below. Run as Administrator or root when possible so protected paths are included.
Open Import > Upload File and select the generated versiongopher-*.jsonl.
$prefix = "versiongopher-${env:COMPUTERNAME}-windows-x64-system-schema-v3-$(Get-Date -Format yyyyMMdd-HHmmss)"; .\version_gopher-windows-x64.exe -s -m -o $prefix -j
chmod +x ./version_gopher-linux-x64
host=$(hostname 2>/dev/null || echo host); out="versiongopher-${host}-linux-x64-system-schema-v3-$(date +%Y%m%d-%H%M%S).jsonl"; sudo ./version_gopher-linux-x64 -s -m -J > "$out"
-s flag scans the system, -m adds bounded metadata evidence for incident-response and supply-chain review, and Windows uses -o PREFIX -j so the collector writes UTF-8 JSONL itself.
Use these patterns for focused directory scans, full system scans, constrained targets, repeat schedules, and deeper evidence handling.
chmod +x ./version_gopher host=$(hostname 2>/dev/null || echo host); out="versiongopher-${host}-linux-x64-directory-usr-schema-v3-$(date +%Y%m%d-%H%M%S).jsonl"; ./version_gopher -d /usr -J > "$out"
$prefix = "versiongopher-${env:COMPUTERNAME}-windows-x64-directory-program-files-schema-v3-$(Get-Date -Format yyyyMMdd-HHmmss)"; .\version_gopher-windows-x64.exe -d "C:\Program Files" -o $prefix -j
-m in the command so metadata-probe evidence is imported with the scan. Run as Administrator or root when possible.host=$(hostname 2>/dev/null || echo host); out="versiongopher-${host}-linux-x64-system-schema-v3-$(date +%Y%m%d-%H%M%S).jsonl"; sudo ./version_gopher -s -m -J > "$out"
$prefix = "versiongopher-${env:COMPUTERNAME}-windows-x64-system-schema-v3-$(Get-Date -Format yyyyMMdd-HHmmss)"; .\version_gopher-windows-x64.exe -s -m -o $prefix -j
host=$(hostname 2>/dev/null || echo host); out="versiongopher-${host}-linux-x64-directory-firmware-schema-v3-$(date +%Y%m%d-%H%M%S).jsonl"; ./version_gopher -d /firmware -J --no-file-hash > "$out"
host=$(hostname 2>/dev/null || echo host); out="versiongopher-${host}-linux-x64-directory-evidence-schema-v3-$(date +%Y%m%d-%H%M%S).jsonl"; ./version_gopher -d /evidence -J --hash-large-files > "$out"
versiongopher-*.jsonl. Current collectors preserve rich PE, ELF, Mach-O, plist, archive, private-key exposure, crypto-wallet artifact, AI prompt artifact, and package/repository artifact evidence in JSONL records. Keep the raw scan file with case notes if you need reproducibility. For large uploads, wait for both import completion and the CVE readiness indicator before treating CVE totals as final.These details explain what the collector records, when to change flags, and how the dashboard catches up after import.
file_hash for emitted records up to 1 GB. PE, ELF, Mach-O, and plist parsers hash bytes they already read after a row is worth emitting; scripts, archive/container records, private-key exposure records, and crypto-wallet artifact records use a streaming fallback. Use --no-file-hash only when scan speed or tiny embedded storage matters more than hash lookup, and use --hash-large-files when a forensic run needs hashes for very large archives or images. The web search box accepts exact scanned-file hashes and collector-binary hashes shown in detail panels.
OpenSSL >= 1.0.2 should not become the product version when stronger local product evidence exists. If a detail card says version evidence is weak, use package-manager context or a focused rescan before treating the CVE match as confirmed.
-m so the JSONL includes bounded, read-only metadata clues such as build paths, compiler hints, embedded URLs, library names, and reverse-DNS identifiers. These clues are stored as evidence for triage and software lineage, not as direct vulnerability findings. The main dashboard search stays fast by searching common inventory fields; use Deep Search when looking for metadata-probe strings such as org.freedesktop.DBus.
Drift, Monthly Baseline, or Fleet Drift. Use that group only for repeatable scans of the same enterprise scope, such as the same endpoints, golden images, or controlled fleet slices, and keep the collector options, privileges, paths, and cadence as deterministic as possible. Random forensic images, mixed case folders, one-off evidence bundles, and unrelated downloads can share tools and hashes, but they should be read as software similarity instead of operational drift. See Groups, Similarity, And Drift for use-case guidance.
MAL-* Malicious Packages so ordinary vulnerable-package matches do not look like confirmed supply-chain attack packages..cursorrules, CLAUDE.md, and .cursor/rules are recorded as metadata-only artifacts. Hidden Unicode and prompt-risk markers are summarized, but prompt bodies and hidden payload text are not stored.sudo install -m 0755 ./version_gopher-linux-x64 /opt/versiongopher/version_gopher
sudo install -d -m 0750 /var/lib/versiongopher/scans
sudo tee /opt/versiongopher/run-versiongopher.sh >/dev/null <<'SH'
#!/bin/sh
set -eu
host=$(hostname 2>/dev/null || echo host)
stamp=$(date -u +%Y%m%d-%H%M%S)
out="/var/lib/versiongopher/scans/versiongopher-${host}-linux-x64-system-schema-v3-${stamp}.jsonl"
/opt/versiongopher/version_gopher -s -J > "$out" 2>>/var/log/versiongopher-collector.log
SH
sudo chmod 0755 /opt/versiongopher/run-versiongopher.sh
sudo crontab -e
17 2 * * * /opt/versiongopher/run-versiongopher.sh
New-Item -ItemType Directory -Force "C:\ProgramData\VersionGopher\scans" | Out-Null
Copy-Item ".\version_gopher-windows-x64.exe" "C:\ProgramData\VersionGopher\version_gopher-windows-x64.exe" -Force
$script = "C:\ProgramData\VersionGopher\run-versiongopher.ps1"
@'
$ErrorActionPreference = "Stop"
$outDir = "C:\ProgramData\VersionGopher\scans"
New-Item -ItemType Directory -Force $outDir | Out-Null
$stamp = Get-Date -Format yyyyMMdd-HHmmss
$prefix = Join-Path $outDir "versiongopher-$env:COMPUTERNAME-windows-x64-system-schema-v3-$stamp"
& "C:\ProgramData\VersionGopher\version_gopher-windows-x64.exe" -s -o $prefix -j 2>> "C:\ProgramData\VersionGopher\collector.log"
'@ | Set-Content -Path $script -Encoding UTF8
$action = New-ScheduledTaskAction -Execute "powershell.exe" -Argument "-NoProfile -ExecutionPolicy Bypass -File `"$script`""
$trigger = New-ScheduledTaskTrigger -Daily -At 2:17am
Register-ScheduledTask -TaskName "VersionGopher Daily Inventory" -Action $action -Trigger $trigger -User "SYSTEM" -RunLevel Highest -Description "Daily VersionGopher software inventory scan"
at is legacy. Prefer Task Scheduler through PowerShell or Group Policy. In Windows PowerShell 5, native > redirection can write UTF-16 output; use -o PREFIX -j so the collector writes UTF-8 JSONL itself. In managed environments, deploy the binary, script, and scheduled task with your normal endpoint management tool, then import the generated JSONL files into the matching VersionGopher organization group.
| Option | Use |
|---|---|
-s | Scan the whole system. Windows scans all drives; Linux, macOS, ARM, OpenWrt/Entware ARMv7, MIPS, and PowerPC scan from /. |
-d PATH | Recursively scan one directory or mounted volume. |
-f FILE | Scan one file. |
-J | Stream newline-delimited JSONL to stdout for dashboard upload. Use this on POSIX shells or other environments where stdout redirection preserves UTF-8 bytes. |
-m, --metadata-probe | Opt in to bounded metadata-only probe evidence such as classified strings. Use this for Miasma and other supply-chain incident-response scans. Default scans keep this generic probe disabled. |
-j | Write live newline-delimited JSON to PREFIX.jsonl without the legacy .txt output. This is the preferred Windows PowerShell path because the collector writes UTF-8 JSONL itself. |
-o PREFIX | Use PREFIX.txt, PREFIX.log, and optional PREFIX.jsonl. |
-N, --no-file-hash | Skip default SHA-256 file hash enrichment. |
-B BYTES, --max-file-hash-bytes BYTES | Skip default file hashes for emitted records larger than the limit. Supports K, M, and G suffixes; default is 1G. |
-L, --hash-large-files | Hash emitted files regardless of size for forensic runs where large archive/image hashes are required. |
-x MODE | Legacy hash-only mode for md5, sha1, or sha256. |