Didier Stevens

This update to virustotal-search brings new options:

1. -D don’t send queries to VT, just use the local database
2. –sleep before starting: provide an integer with suffix s (seconds), m (minutes), h (hours) or d (days). Or provide a local time: 01:00:00

virustotal-search_V0_1_8.zip (http)
MD5: 69A4504E06E97585EDBA4BBD60EAC36C
SHA256: 16FA2F9748959A88BE38B4A2FF006FC658FB4FF8932F3EC2E2568F48EB9FAE85

Options validate and skip support here files now.

And when validating hashes, a summary is displayed at the end of the report.

hash_V0_0_9.zip (http)
MD5: E1BEFF0A256002949B084F7ED410C5A5
SHA256: 84F846D6CFE93ADA77C5DE0C318CEA36C3F92F22A3D0A7FE829DB88D7CE31FA0

This update to count.py, my tool to count items, adds totals and options for:

1. singles: a single is an item that appears only once
2. multiples: a multiple is an item that appears more than once

count_v0_3_1.zip (http)
MD5: 1B36247FE910FE5FB4E3253B65E440A1
SHA256: 9C99627F07E1B366DCEB000A56C4C3D358C3408D36531A921514B4F3809F45D1

This is a small update to add the lineNumber variable.

python-per-line_V0_0_9.zip (http)
MD5: CD9FC344E4C5F649E4043BD703CDCA52
SHA256: BD6713A7DF86AC75ADC2A6742A453919F56583D8CC5EB3B82B736608D2A52619

This update of what-is-new-.py, my tool that reports what lines inside files are new (e.g., never seen before) has a new option: -a –action. It allows me to launch a command when something new is detected.

I use this for example to be alerted via TelegraM; More details in an upcoming blog post.

what-is-new_V0_0_2.zip (http)
MD5: 458B06FAF21F6BB150087196CCFEFAC2
SHA256: D020205346A778A4EE31B9C645F31BD4E14B465DC0B37BABD1DEEDFB6F347232

This is a small update: you can now select which hash algorithm to use for option -H by setting environment variable DSS_DEFAULT_HASH_ALGORITHMS.

And the statistics options (-a) also display a list of objects with streams.

pdf-parser_V0_7_7.zip (http)
MD5: BCAE193F171184F979603DFB1380FF43
SHA256: 576C429FA88CF0A7A110DAB25851D90670C88EC4CD7728329E754E06D8D26A70

This new version of byte-stats.py, my tool to generate statistics for (binary) data, comes with an update to report the longest:

• printable string (ASCII bytes between 0x20 and 0x7E included)
• hexadecimal string (ASCII hexadecimal digits, not checking if the length is an even number)
• BASE64 strings (ASCII BASE64 digits without padding character =, not checking if the length is a multiple of 4)

byte-stats_V0_0_9.zip (http)
MD5: 9187073EB63DE78BDACA1A3AB096DD19
SHA256: 6BC1F8A6FDAA4E8484B6C86E38E214BCBF24AB20F80C92D8AEE3C5EA402D2F0C

This version adds support for ZIP files encrypted with AES, via the pyzipper module.

rtfdump_V0_0_12.zip (http)
MD5: C3D4F69908A49265E3877D4338462534
SHA256: A40CC2744DE2D4C5956F5FD306357E7E105EC693B8BEA6E7E006C48EC78055BB

This is a small update, to add extra statistical information for decoded items.

base64dump_V0_0_24.zip (http)
MD5: 47FDC47A9235CEF2DF95D1FC12BC166E
SHA256: FAF376E267CE6937BAB7544EA4AF9DD40499886992E7DA3855C16C73C02276B1

This new version of rtfdump, my tool to analyze RTF files, brings json output for options -O and -F.

rtfdump_V0_0_11.zip (http)
MD5: AFC884082B251BF288B05203DD5D4F69
SHA256: CB3984924137897F75E62C3A835BB9197CBF1DDBD6BCFB3E18423999B06A36C8