This small update for emldump adds support for UTF8 files that start with a BOM.
emldump_V0_0_14.zip (http)MD5: 6DBA97A55A9BE0D94131F1F381868236
SHA256: 99E1254011C6738FC44E559B4A29A8D40C79822A946F853D12EF23E035CEE97B
Tuesday 18 June 2024
Update: emldump.py Version 0.0.14
MD5: 6DBA97A55A9BE0D94131F1F381868236
SHA256: 99E1254011C6738FC44E559B4A29A8D40C79822A946F853D12EF23E035CEE97B
Saturday 15 June 2024
Update: python-per-line.py Version 0.0.12
New option -O allows to use a function that receives a object per line as argument.
Like option -n, option -O is used to invoke a single Python function taking one argument, but this time the argument is an object in stead of a string. The object has several properties: item is the line (string), left is the previous line, right is the next line, index is equal to the line counter – 1.
python-per-line_V0_0_12.zip (http)MD5: 16ADE95E968CAE357D1725659224FA0B
SHA256: 1B8D1D8B27A5F5D66FBAB5BACD0594B6A08E96EC03D0BAE08C616A3C172BFD0B
Friday 14 June 2024
Thursday 13 June 2024
Update: InteractiveSieve Version 0.9.3.0
New features in this version of InteractiveSieve are:
Load and Split
With Load and Split; you can load a CSV file and split rows that have a field that contains more than one value, separated by a separator character.
Take this example:
IP,Count,Methods
10.0.0.220,5,GET
10.0.0.45,13554,GET|POST
10.0.0.135,54302,GET|HEAD|POST
Fields in column Methods can have more than one value: GET, POST and/or HEAD. These values are separated by a pipe | character.
Simply loading this CSV file in InteractiveSieve gives this:
While using Load and Split with separator | for column 3 (Methods) gives this:
Ignore Comments
The Options dialog has now a field “Ignore comments”:
This can be used to ignore each line that starts with the given line-comment character.
Take this CSV file for example:
#Produced 2024/06/01
IP,Count,Methods
10.0.0.220,5,GET
10.0.0.45,13554,GET|POST
#Extra comment
10.0.0.135,54302,GET|HEAD|POST
When loaded in InteractiveSieve without “Ignore comments” character, the result is this:
And providing line-comment character # gives this:
Show
The Show command in the right-click menu for a row gives this dialog:
Sum
The Sum command in the right-click menu for a cell can be used to sum the numerical values of that column. There is no need to convert the text to numbers first.
Group
And finally, there’s the Group command in the right-click menu for a column.
This is a bit the opposite of Load and Split.
Take this CSV file for example:
Let’s say I want to group Methods by IP address. First I specify that column IP is the index:
Next I select column Methods to Group:
And then I specify the separator (~ in this example):
The original values can be restored with Restore from group:
MD5: 09FE2F374A789EDA8B9BC2A9DFE9E732
SHA256: A3AA9790772466953A3C37785C7F18E0B0201BC1CABEB8D12F674E0BDBF0FDA2
Wednesday 12 June 2024
Update: base64dump.py version 0.0.25
This new version adds a new post processing function to extract the longest string from the decoded payload (ExtractLongestString). Post processing functions take the decoded content, and replace it with the processed content. To view to original decoded content, the select option -s now supports suffix o. For example, to select the original decoded content of entry 5, use option -s 5o.
And there is now a –sort option to sort the entries based on payload, decoded content, length, …
base64dump_V0_0_25.zip (http)MD5: 5A193C98658FF26ED680130E61F62D0F
SHA256: 002517F56484A7017E12D3D9BE0667E9E907F1EBD9B9091647F4336615D494E1
Tuesday 11 June 2024
Update: pdf-parser.py Version 0.7.9
I added option -j –jsonoutput to my pdf-parser.py tool.
This option produces JSON output with the content of all of the streams, unfiltered.
To have the filtered stream content as JSON output, include option -f.
pdf-parser_V0_7_9.zip (http)MD5: E435A374A233C9DFEDA8A4E16887FB99
SHA256: 99F50D4F030A5B3E9F9CBA20A7BB8C51FBA368526077CCA3466C784DA39D42DB
Monday 10 June 2024
Update: FileScanner Version 0.0.0.9
This is a small change to my FileScanner tool to make it long path aware.
FileScanner_V0_0_0_9.zip (http)MD5: 2BCD526792C76890CC6EF7EED9396BE2
SHA256: 9063221557F2EBACDC5B1CA977828250A2524B9795369AB4918B9287CAEB7DBF
Sunday 9 June 2024
Update: what-is-new.py Version 0.0.4
Added option -D –dumpformat to specify the format of the dumped information when using option -d.
what-is-new_V0_0_4.zip (http)MD5: B2BED149AF949C058E19CD6077D64D2D
SHA256: 8C7C475C62D7F79AE45150309AB47757CE308760FAB2BE93D0E03C56D0DA59F6
Saturday 8 June 2024
Update: simple_listener.py Version 0.1.5
I added IPv6 support to simple_listener.py.
Although it was not by design, it turned out that simple_listener.py only works for IPv4. So I made some small changes to add IPv6 support.
When you use dictionary to define your listeners, use THP_TCP6 and THP_UDP6 to define TCP IPv6 and UDP IPv6 listeners respectively. The meaning of THP_TCP and THP_UDP has not changed, that’s for IPv4 listeners.
When you use port options to define your listeners, use prefix t6: and u6: to define TCP IPv6 and UDP IPv6 listeners respectively. The meaning of t: and u: has not changed, that’s for IPv4 listeners.
And by default, listening takes place on all IPv4 interfaces (0.0.0.0) when IPv4 listeners are defined, and listening takes place on all IPv6 interfaces (::) when IPv6 listeners are defined. That’s governed by option -a –address’ default value 0.0.0.0,::.
To explicitly specify an interface with option -a, you will need to provide an IPv4 address and an IPv6 address separated by a comma.
simple_listener_v0_1_5.zip (http)MD5: 3FAC80E7D6E3CE71AD4276125AD080E8
SHA256: BA716A27401DB4A76D3FE826A21BA4F7C74DC26AF4B96EA965D5E85517F94214
Friday 7 June 2024
Update: count.py Version 0.3.2
This new version brings option –encoding, to handle different text encodings.
count_v0_3_2.zip (http)MD5: 552B7E8C92D07FB422AF6956A88B3C6E
SHA256: B0CA909EC5CDA7471D80B7562D93388D81225EEB73A6421D4784F2DAD785AC0B
Didier Stevens 