I added option -k to search for keys in dictionaries. A usage example can be found in blog post “PDF Analysis: Back To Basics“.
Wednesday 28 December 2016
Wednesday 14 December 2016
It contains a cab file with 2 executables, which are executed after extraction (no surprise):
Monday 12 December 2016
Just a small change in this version: an indicator (O) for streams containing OLE 1.0 embedded data:
And plugin_http_heuristics also detects XOR-encoding starting with the second character of the key.
Friday 9 December 2016
This new version displays information about the signature (provided pyasn1 is installed), and adds option -g to extract data (pefile.get_data) from the pefile like resources.
Options -x, -a, -D and -S can be used to dump data (hex, ascii, binary and strings).
Sunday 27 November 2016
This new version of xor-kpa adds the option -x to encode/decode, and also prints the hexadecimal value of the found keys.
Sunday 20 November 2016
A small update to zipdump: this version displays the ZIP comment (if present) and also counts unique bytes, i.e. the number of different byte values found in the data.
Saturday 19 November 2016
A small update to byte-stats: this version also counts unique bytes, i.e. the number of different byte values found in the data.
Friday 18 November 2016
shellcode2vba.py is a Python program to create VBA code to inject shellcode. This new version has 1 new option:
Option –suffix allows you to instruct the program to add a suffix to the VBA function names.
Sunday 23 October 2016
This new version of virustotal-search.py accepts input from stdin.
Saturday 22 October 2016
I added dumps to this new version of cut-bytes.py: