This is a Python 3 version of my byte-stats.py tool to produce statistics for arbitrary binary input.
byte-stats_V0_0_8.zip (https)
MD5: 2F6E672D821356EDBDA51A83662075E8
SHA256: 23A108A849FEB84002505463101D7DC47C52D12C80F812465B25996DBB34775C
Wednesday 23 December 2020
Update: byte-stats.py Version 0.0.8
Tuesday 22 December 2020
Update: cut-bytes.py Version 0.0.13
This is a bug fix version for cut-bytes.py, my tool to select (cut) bytes from binary input.
cut-bytes_V0_0_13.zip (https)
MD5: E16C2B6358A2AA642BCC9CC9B033FAEC
SHA256: 2276257173FD1DF65338CFA53DDE5522ED8A7D7E94BCC302117F535F584F14CF
Monday 21 December 2020
Update: translate.py Version 2.5.11
This version adds bit shift functions shl and shr. There’s also a bug fix.
translate_v2_5_11.zip (https)
MD5: CB3B7F284B2F5C73FC583BB8E91B33AA
SHA256: 99717783D1225E1B95EE721AA2C7F3A09AE02647E28E7C6337776363B9BFFC33
Saturday 19 December 2020
Update: strings.py Version 0.0.6
This new update to strings.py, my tool to extract strings, brings statistics with a new option: -a.
This option can be used together with other filtering options:
strings_V0_0_6.zip (https)
MD5: C4633CDAF3AEADE23738AA9356F50298
SHA256: 93A87F515103A0C9DA01D6DA034CE7FB5CC7E562B095EFF614EF09C8DD92D455
Saturday 12 December 2020
Update: numbers-to-string.py Version 0.0.11
This new version of numbers-to-string.py, my tool to convert decimal numbers to strings, has a new option: -l (–line).
This option is used to select a particular input line (using its line number) for processing.
numbers-to-string_v0_0_11.zip (https)
MD5: 6824639FFEE290B83DBA328021355476
SHA256: 0E748886E97E351B64BD288D3EC6F322FFB7B1AA89410897E6B2BA03701EA852
Update: oledump.py version 0.0.57
This new version of oledump brings an update to plugin_stream_o, to handle /o form streams with multiple entries.
If more than one entry is found in a /o form stream, a counter will precede the output, like in this example with 2 entries:
oledump_V0_0_57.zip (https)
MD5: E0C9C8706EFC3AB86EEBED03A4CCF555
SHA256: 1C4588B48A494D0C7BD6AD9600EA9F46AD472DC62BF8D58D6EA635AE7CB02502
Sunday 6 December 2020
Update: pecheck.py Version 0.7.12
This new version of my PE file analysis tool pecheck.py brings more info when locating PE files inside arbitrary files (option -l P).
2 columns are added to the list of located PE files: original filename (version information) and DLL name (export section).
This can be used, for example, to detect Cobalt Strike beacons inside process dumps. Like in the following example, where the DLL name is beacon.dll:
pecheck-v0_7_12.zip (https)
MD5: 0AF2A99DD5AF742C9B688466EE3087C5
SHA256: 10B3B6903AB52381F7C8687F8284270CE060983CA001B4FC5DD88174744B705F
Saturday 5 December 2020
Update: oledump.py Version 0.0.56
This new version of oledump includes a few Python 3 fixes, and an update version of plugin_biff.py
plugin_biff now detects BIFF5/BIFF7 format and reports the file encryption mode (FILEPASS record).
oledump_V0_0_56.zip (https)
MD5: B26A75D36F3D47611F1D98200739EBB8
SHA256: C6C691E021273E75741EB1163F7FB70743EF2EC07C710EE7F15DFF513E38DAD4
Sunday 29 November 2020
Update: emldump.py Version 0.0.11
This is the Python 3 version of my email file analysis tool (eml).
emldump_V0_0_11.zip (https)
MD5: 09408ED0C2183178BEA71459CE001995
SHA256: 01B3543CCBAE806E1536BF55E62DF7D30885737909DB4322348AC521138660CC
Saturday 28 November 2020
Update: disitool.py Version 0.4
This is a Python 3 update for my disitool.
disitool_v0_4.zip (https)
MD5: 3A41D8805340716913FAECE7C79B10A7
SHA256: 51EBFB0759FEEA69FFFB643659FD74DC5043338719A91CE36E427D175196661A
Didier Stevens 