This update to count.py, my tool to count items, adds totals and options for:
This is a small update to add the lineNumber variable.
This update of what-is-new-.py, my tool that reports what lines inside files are new (e.g., never seen before) has a new option: -a –action. It allows me to launch a command when something new is detected.
I use this for example to be alerted via TelegraM; More details in an upcoming blog post.
what-is-new_V0_0_2.zip (http)This is a small update: you can now select which hash algorithm to use for option -H by setting environment variable DSS_DEFAULT_HASH_ALGORITHMS.
And the statistics options (-a) also display a list of objects with streams.
pdf-parser_V0_7_7.zip (http)This new version of byte-stats.py, my tool to generate statistics for (binary) data, comes with an update to report the longest:
This version adds support for ZIP files encrypted with AES, via the pyzipper module.
rtfdump_V0_0_12.zip (http)This is a small update, to add extra statistical information for decoded items.
base64dump_V0_0_24.zip (http)This new version of rtfdump, my tool to analyze RTF files, brings json output for options -O and -F.
rtfdump_V0_0_11.zip (http)Here’s a new beta version of my tool pngdump.py, a tool to analyze PNG files.
I took a look at all files on MalwareBazaar with a PNG tag, and made updates to pngdump.py to handle them.
I found 3 types of “PNG” files.
First, files spoofing PNG files: files that are not PNG files, but have a .png extension.
Like .exe and .rar files:
Second, valid PNG files with an appended payload:
Third, invalid PNG files. For example, PNG files with the right record structure, but where the Zlib compressed image is replaced by an RC4 encrypted payload (IcedID):
I also have other samples, but that’s for another blog post.
Beta version 0.0.3 is available on GitHub.
This update adds the option –trim to template process-text-files.py.
python-templates_V0_0_8.zip (http)
Didier Stevens 