This is just a bugfix version.
zipdump_v0_0_22.zip (http)MD5: 68F9F3809E4E1F9ADE4A4C3835CDF475
SHA256: 92ED372579001C826D5AF31615B8334CC798FF2DA4AF8B7C46267BF7D995C757
Friday 13 May 2022
Update: zipdump.py Version 0.0.22
MD5: 68F9F3809E4E1F9ADE4A4C3835CDF475
SHA256: 92ED372579001C826D5AF31615B8334CC798FF2DA4AF8B7C46267BF7D995C757
Sunday 8 May 2022
Update: cs-parse-traffic.py Version 0.0.5
In this update for cs-parse-traffic.py, my tool to decrypt & parse Cobalt Strike traffic, I added some error handling.
cs-parse-traffic_V0_0_5.zip (http)MD5: CFF6D97E816B23065F051D91B0F101A6
SHA256: 69763EB4D3A163824B417A0E23131B318F5E97198F255ECE449A65D4360C6302
Thursday 5 May 2022
Update: oledump.py Version 0.0.66
This new version of oledump.py brings some fixes and an update to plugin plugin_vbaproject to decode and display the password for plaintext passwords:
MD5: 20D89F0477ED7B533C2B0C6D27EC4255
SHA256: F67051EF2FA3FD42206C5ADFAC807C94ECD5F7F0F6427433B366217F675D3195
Friday 29 April 2022
Update: oledump.py Version 0.0.65
This new version of oledump.py brings a new plugin (plugin_metadata) and Python 3 fixes for 2 plugins (plugin_msi and plugin_ppt).
The new plugin is actually an old unpublished plugin, that I updated recently.
This plugin parses Office document metadata as defined in document [MS-OLEPS].
I started to write this in 2015 to parse the metadata of Word documents, but soon I figured out that this functionality was already present in olefile, and I introduced option -M to call this functionality.
But recently, I had to parse metadata that isn’t (yet) parsed by olefile, so I updated and released plugin_metadata.
oledump_V0_0_65.zip (http)MD5: 319894D211E0C6F41DCEBD5DBBBE3D33
SHA256: 35786C01AC74BE8604E96B528B7EB8EEFBB0D63407D3C78CC31D058528EF20D7
Saturday 23 April 2022
Update: re-search.py Version 0.0.19
This is a Python3 stdin fix for re-search.py, my tool to search with regular expressions.
re-search_V0_0_19.zip (http)MD5: 4007A3E5540871221B55591B50E2239B
SHA256: 263236ABE75B93F1F999474D690A9EB2575EBE42CED8F369FF98B349A5116D11
Monday 18 April 2022
New Tool: pngdump.py (Beta)
Here is a new tool I’m releasing as beta: pngdump.py.
It’s a tool to analyze PNG files. Unlike jpegdump, you can not yet select items for further analysis.
Sunday 17 April 2022
Update: 1768.py Version 0.0.13
This new version of 1768.py brings option -H to include file hashes, introduces shellcode type detection and has updated statistics.
MD5: F7E85586045AA76C573E010E6FF5F701
SHA256: 33B43A5AB059556C17083E824D407891CD14544B5CA416223020076C5878D310
Saturday 16 April 2022
Update: cut-bytes.py Version 0.0.14
This new version of cut-bytes.py adds access to the read data for Python expressions in prefix and suffix options.
cut-bytes_V0_0_14.zip (http)MD5: EC3434DAAEE06C6F35BD57B77F86833F
SHA256: BCCCE7A73C921BD2CC195155A3A709FBAD7ADC0A267288A4F7F58695A2F103D1
Saturday 9 April 2022
New Tool: myjson-filter.py
A couple of my tools can produce JSON output, using my own format (myjson).
This output can then be piped into another tool, like strings.py or file-magic.py.
I’m now releasing a tool that can be put into a command pipe to filter the JSON data: myjson-filter.py
For example, here I use myjson-filter.py to remove all items that are XML files (based on the content: starting with <?xml) before strings are extracted with strings.py:
More info in this ISC diary entry I wrote: “Method For String Extraction Filtering“.
MD5: 15DDC15DE65F447CE6DA94F8B34C5066
SHA256: EB330FE49421A13A8743F18064788DC2E8189A9B63FD19D517F0B830D1569321
Didier Stevens 