Didier Stevens

Monday 3 April 2023

Update: re-search.py Version 0.0.22

Filed under: My Software,Update — Didier Stevens @ 0:00

This update to re-search.py, my tool to search text files with regular expressions, brings several new regular expressions.

There are 4 new regular expressions for cryptographic hashes: md5, sha1, sha256, sha512. And one new name that groups these 4 regular expressions: hashes.

You can use it like this: re-search.py -n hashes sample.txt

These regular expressions not only match strings of hexadecimal characters of the appropriate length (with a boundary: \b), they also check each extracted hash with a Python function (HashValidate in re-extra.py) that is designed to eliminate strings that accidentally look like a hash (example: 32 times letter A).

HashValidate checks the following:

  • that the hash is not a mix of lowercase and uppercase letters
  • that there are more than 5 different hexadecimal digits
  • that there are more than 10 instances of a character and the next character, that are different

These simple rules are designed to detect hexadecimal strings that are too uniform, and thus probably not a hash digest.

And I also added regular expressions for strings delimited by single quotes: str-s, str-se str-su, str-seu.

re-search_V0_0_22.zip (http)
MD5: BF72647B93D30D0D9CD75EEFED85D21E
SHA256: FCF7D6EF2A5C8AEC5FC84D2CF588FCD8DAD3923E10905D3350AAD7975D926553

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog at WordPress.com.