Skip to content

fix: correct documentation for --lab #72

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
redteampanda-ng merged 1 commit into from
Dec 9, 2025
Merged

fix: correct documentation for --lab #72

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 2 additions & 3 deletions usage/configuration.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -107,9 +107,8 @@ the stability of your system you are trying to scan.
Maximum File Size
-----------------

The default maximum file size for deeper investigations (hash
calculation and YARA scanning) is 30 MB. The maximum file size for the
``--intense`` scan mode is 100 MB.
The default maximum file size for content checks (hash calculation and YARA scanning)
is 30 MB. The maximum file size for the ``--intense`` scan mode is 200 MB.

You can adjust the values in ``./config/thor.yml``. This file does not
get overwritten by an update or upgrade.
Expand Down
2 changes: 1 addition & 1 deletion usage/debugging.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,7 @@ in the config file ``./config/thor.yml``.

.. code-block:: doscon

C:\nextron\thor>thor64.exe --max_file_size 206233600 # setting max file size to 100 MB
C:\nextron\thor>thor64.exe --max_file_size 206233600 # setting max file size to 200 MB

.. literalinclude:: ../examples/thor.yaml
:caption: Default thor.yaml
Expand Down
9 changes: 7 additions & 2 deletions usage/special-scan-modes.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,9 +19,14 @@ disabled and intense mode is activated by default.
The ``--lab`` parameter automatically activates the following other
options:

* intense (scan every file intensively regardless of its extension or magic header)
* Enable intense mode, which causes several changes:

* scan every file intensively regardless of its extension or magic header
* Use ``--max_file_size_intense`` (200MB by default) instead of ``--max_file_size``
* Set ``--max-reasons`` to unlimited
* Reduce ``--minimum-sigma-level`` to medium
* Set ``--nosoft`` (do not automatically activate soft mode on systems with single core CPUs or low memory)
* norescontrol (do not limit system resources or interrupt scan on low memory)
* nosoft (do not automatically activate soft mode on systems with single core CPUs or low memory)
* nodoublecheck (do not check for other THOR instances on the same system and do not interrupt scan if another instance has been found)
* multi-threading (it automatically sets the number of threads to use to the number of CPU cores found on the workstation)

Expand Down