logo mlab Mlab.sh
v1.7.3
Help Center
Guides & documentation
MCP Integration
Connect AI assistants to mlab
Developer API
REST API reference
Pricing
Plans & quotas
Vuln Search
CVE & vulnerability lookup
Terms · Privacy · Sales
What is it?
Self-hosted IR platform
Pricing
Plans & pricing
Documentation
Get started in minutes
Announcements
Latest releases & updates
What is it?
DORA-compliant TPRM platform
Pricing
Plans & pricing
Documentation
Deploy in minutes
Announcements
Latest releases & updates
File Scan · Documentation

File analysis &
content inspection

The mlab File Scan provides a structured and transparent analysis of files, focusing on metadata, cryptographic fingerprints, format‑specific inspection and tool‑driven results. Each file is analyzed using a set of tools adapted to its format and content.

Workflow

How a file scan works

Upload

File received

Fingerprinting

Hashes & identity

Format detection

Type & structure

Tool execution

Format‑specific tools

Results

Human‑readable output

Identification

1. File metadata & fingerprints

Every file is first identified using cryptographic and structural fingerprints. These identifiers allow correlation across scans and external intelligence sources.

SHA256 & MD5

Cryptographic hashes for unique file identification and cross-platform correlation.

SSDEEP

Fuzzy hashing for detecting similar or modified variants of the same file.

Size & MIME

File size, extension and MIME type for format determination and validation.

First seen

Timestamp and deterministic identity ensuring files are uniquely identifiable regardless of name or origin.

Detection

2. Format‑aware analysis

Files are not analyzed using a single generic pipeline. Instead, mlab selects tools based on the detected file format. This ensures relevant results and avoids misleading or noisy outputs.

Images & documents

Format-specific parsers for common document and media types.

Static structure

Inspection of internal file structure without execution or detonation.

Embedded data

Detection of hidden or embedded content within archives and binaries.

Archives & binaries

Format‑specific parsers adapted to each file type and structure.

Comparison

Why format-aware matters

Generic file scanners
  • Same tools for all files
  • High noise
  • Opaque verdicts
  • Limited context
mlab file analysis
  • Tool selection by format
  • Structured outputs
  • Explainable results
  • Analyst‑driven interpretation
Execution

3. Tool execution & results

Each compatible tool is executed independently and its raw output is preserved. Results are displayed per tool, allowing analysts to understand how conclusions are derived.

One tab per tool

Each tool gets its own dedicated output section for clear separation.

Raw & processed

Both raw and processed output available for complete transparency.

No hidden aggregation

What you see is what the tools produced. No opaque scoring layer.

Graceful failures

Partial tool failures are handled gracefully without corrupting other results.

Why some tools may not appear

Tools are selected based on file format, size, and content. Some files may not be compatible with certain analyses, while additional tools may be added progressively as support expands.

Principles

Responsible usage & limitations

File analysis is performed in a controlled and defensive context. mlab does not execute files, does not attempt exploitation, and does not modify uploaded content.

No execution

Uploaded files are never executed. Analysis is strictly static and read-only.

Read‑only analysis

Static inspection only. No modification of uploaded content at any stage.

Defensive use

Designed for defensive security use‑cases and legitimate analysis.

User responsibility

Users are responsible for the content they upload and how they interpret results.