This is a small update to add the lineNumber variable.
MD5: CD9FC344E4C5F649E4043BD703CDCA52
SHA256: BD6713A7DF86AC75ADC2A6742A453919F56583D8CC5EB3B82B736608D2A52619
Sunday 4 December 2022
Update: python-per-line.py Version 0.0.9
MD5: CD9FC344E4C5F649E4043BD703CDCA52
SHA256: BD6713A7DF86AC75ADC2A6742A453919F56583D8CC5EB3B82B736608D2A52619
Wednesday 23 November 2022
Update: what-is-new.py Version 0.0.2
This update of what-is-new-.py, my tool that reports what lines inside files are new (e.g., never seen before) has a new option: -a –action. It allows me to launch a command when something new is detected.
I use this for example to be alerted via TelegraM; More details in an upcoming blog post.
what-is-new_V0_0_2.zip (http)MD5: 458B06FAF21F6BB150087196CCFEFAC2
SHA256: D020205346A778A4EE31B9C645F31BD4E14B465DC0B37BABD1DEEDFB6F347232
Thursday 10 November 2022
Update: pdf-parser.py Version 0.7.7
This is a small update: you can now select which hash algorithm to use for option -H by setting environment variable DSS_DEFAULT_HASH_ALGORITHMS.
And the statistics options (-a) also display a list of objects with streams.
pdf-parser_V0_7_7.zip (http)MD5: BCAE193F171184F979603DFB1380FF43
SHA256: 576C429FA88CF0A7A110DAB25851D90670C88EC4CD7728329E754E06D8D26A70
Monday 24 October 2022
Update: byte-stats.py Version 0.0.9
This new version of byte-stats.py, my tool to generate statistics for (binary) data, comes with an update to report the longest:
- printable string (ASCII bytes between 0x20 and 0x7E included)
- hexadecimal string (ASCII hexadecimal digits, not checking if the length is an even number)
- BASE64 strings (ASCII BASE64 digits without padding character =, not checking if the length is a multiple of 4)
MD5: 9187073EB63DE78BDACA1A3AB096DD19
SHA256: 6BC1F8A6FDAA4E8484B6C86E38E214BCBF24AB20F80C92D8AEE3C5EA402D2F0C
Saturday 22 October 2022
Update: rtfdump.py Version 0.0.12
This version adds support for ZIP files encrypted with AES, via the pyzipper module.
rtfdump_V0_0_12.zip (http)MD5: C3D4F69908A49265E3877D4338462534
SHA256: A40CC2744DE2D4C5956F5FD306357E7E105EC693B8BEA6E7E006C48EC78055BB
Thursday 13 October 2022
Update: base64dump.py Version 0.0.24
This is a small update, to add extra statistical information for decoded items.
base64dump_V0_0_24.zip (http)MD5: 47FDC47A9235CEF2DF95D1FC12BC166E
SHA256: FAF376E267CE6937BAB7544EA4AF9DD40499886992E7DA3855C16C73C02276B1
Wednesday 28 September 2022
Update: rtfdump.py Version 0.0.11
This new version of rtfdump, my tool to analyze RTF files, brings json output for options -O and -F.
rtfdump_V0_0_11.zip (http)MD5: AFC884082B251BF288B05203DD5D4F69
SHA256: CB3984924137897F75E62C3A835BB9197CBF1DDBD6BCFB3E18423999B06A36C8
Sunday 25 September 2022
Taking A Look At PNG Files with pngdump.py Beta Version 0.0.3
Here’s a new beta version of my tool pngdump.py, a tool to analyze PNG files.
I took a look at all files on MalwareBazaar with a PNG tag, and made updates to pngdump.py to handle them.
I found 3 types of “PNG” files.
First, files spoofing PNG files: files that are not PNG files, but have a .png extension.
Like .exe and .rar files:
Second, valid PNG files with an appended payload:
Third, invalid PNG files. For example, PNG files with the right record structure, but where the Zlib compressed image is replaced by an RC4 encrypted payload (IcedID):
I also have other samples, but that’s for another blog post.
Beta version 0.0.3 is available on GitHub.
Tuesday 20 September 2022
Update: My Python Templates Version 0.0.8
This update adds the option –trim to template process-text-files.py.
python-templates_V0_0_8.zip (http)MD5: 6C845823BB8AC4DB42993B994E93AF66
SHA256: 20EC1E6540DF31939686CA4B54C5312DF3724EB756B16BA724722C3196BDF93F
Monday 19 September 2022
Update: strings.py Version 0.0.8
This version of my strings.py program adds option -N to select strings that end with a NUL character (C-strings).
strings_V0_0_8.zip (http)MD5: 29015239E6385FFA63C2E33755C34CD9
SHA256: 449AC9AA39A464D7C5883DED3FE9CB21A2E8E700F7763AD4199C25D37DCBD296
Didier Stevens 