This is a bugfix version.
pecheck-v0_7_18.zip (http)MD5: 813F309837091B2035A18272AE5F053F
SHA256: 2976562A8B12F0CDD3E9DBF56929B391CA73AF91906EABC18E9CD663A17155AD
Wednesday 11 June 2025
Update: pecheck.py Version 0.7.18
MD5: 813F309837091B2035A18272AE5F053F
SHA256: 2976562A8B12F0CDD3E9DBF56929B391CA73AF91906EABC18E9CD663A17155AD
Monday 9 June 2025
Update: pngdump.py Version 0.0.7
This update to pngdump.py adds an index for chunks, and allows for the selection of a chunk via its index.
Saturday 7 June 2025
Python Requirements for Didier Stevens Suite
Although many of my tools have zero or a just a few dependencies (it’s a design decision), I’ve had requests to create a requirements file.
It is available now in Didier Stevens Suite ZIP file and on GitHub.
Some dependencies are only necessary when you actually use the corresponding feature. For example, many of my tools support YARA rules, but it’s not a mandatory requirement. If you don’t use YARA rules with my tools, you don’t need to install module yara-python.
Friday 6 June 2025
DSS_DEFAULT_HASH_ALGORITHMS
I’ve a feature in some of my tools, that let you choose the hash algorithm.
Many of my tools calculate hashes, and for historical reasons, that is the MD5 hash.
But if you want another hash, you can change this (for some of my tools) by setting environment variable DSS_DEFAULT_HASH_ALGORITHMS.
Like for pdf-parser.py, on Windows, you can set DSS_DEFAULT_HASH_ALGORITHMS=sha256 and then the hashes of the streams will be SHA256 in stead of MD5.
Tuesday 3 June 2025
Update: search-for-compression.py Version 0.0.4
This tool is still beta.
VBA compression is now supported, besides zlib compression. Option -t (–type) was added so that one can choose the compression type to search for. Possible values are zlib (default) or vba.
And shortcut #p# was added to the yara option, to predefine these rules:
rule attribute_vb_name {
strings:
$a = "Attribute VB_Name = "
condition:
$a
}
rule dir {
strings:
$a = { 01 00 04 }
condition:
$a at 0
}I’ll explain in another blog post how these features can be used to analyze MS Access databases with VBA project.
Monday 2 June 2025
Update: myjson-transform.py Version 0.0.2
This update brings options -f and -c.
Option -f is used to define a Python function (function name or lambda) that will be applied to the content of each item in the MyJSON data.
Option -c is a shortcut for calling the CutData function via option -f. The lambda that is generated is: lambda data: CutData(data, ‘CUTEXPRESSION’)[0]
CUTEXPRESSION is the cut-expression provides as value for option -c.
MD5: BAA4F4E7E8159EB05063C588DAF2A111
SHA256: 0F79D0D1B35D3F6C7DF0C17746E18F257AF9493D8C474448D16774A405B620E4
Saturday 31 May 2025
Update: myjson-filter.py Version 0.0.8
A new possible value for option -W (–write) has been added: nameext. This allows for writing files with the sanitized item name and the given extension. For example, nameext:config will create files with extension .config.
myjson-filter_V0_0_8.zip (http)MD5: 6A899FB406C60F078F2B9E8310F9F2E0
SHA256: 7F5E5DA0C51DB2FF8A1A622925008770D5810D4967D313DEBA9C5ECBB7D99D14
Friday 30 May 2025
Update: oledump.py Version 0.0.82
This oledump update brings option –trimnull and updates plugin_vba_dir with option -f (–force).
oledump_V0_0_82.zip (http)MD5: 9133DB7CF8F4B69458842518CEAC6F88
SHA256: 7F634930C9B5986EFDC6016B05F67A3058B1B3710D0F3DB052C7FC993A859CB4
Thursday 29 May 2025
Update: process-binary-file.py Version 0.0.11
Option –jsonoutput was added to produce MyJSON data for the files that are read.
python-templates_V0_0_13.zip (http)MD5: 92977C70DAA8E83BB005A9B6A124129B
SHA256: EB32C86A5F1205B9CC919499BB21171B23A8A365866CF7C3C253BB3600E53A70
Friday 9 May 2025
Update: oledump.py Version 0.0.81
This version brings a new plugin to extract clickable links from Word documents (.doc): plugin_hyperlink.py
MD5: CEC519186C49CEA82811491DD0055D94
SHA256: 1F990AC30E6D5992D6888F0CAD6FAECE568DB5C32F54554E3BEA89542481658A
Didier Stevens 