This is just a bugfix version (Python 3).
numbers-to-string_v0_0_9.zip (https)
MD5: C5629F102FCF58E5CFF24472D35AFF22
SHA256: 5B1CA43EDFD7BA66CF44FB552BD7882AEB13A8765017F9F865071E187410EE63
Sunday 8 December 2019
Update: numbers-to-string.py Version 0.0.9
Monday 18 November 2019
Update: tcp-honeypot.py Version 0.0.7
This new version of tcp-honeypot.py, a simple TCP honeypot and listener, brings TCP_ECHO and option -f as new features.
TCP_ECHO can be used to send back any incoming data (echo). Like this:
dListeners = {4444: {THP_LOOP: 10,THP_ECHO: None,},}
TCP_ECHO also takes a function, which’s goal is to transform the incoming data and return it. Here is an example with a lambda function that converts all lowercase letters to uppercase:
dListeners = {4444: {THP_LOOP: 10,THP_ECHO: lambda x: x.upper(),},}
If persistence is required across function calls, a custom class can also be provide. This class has to implement a method with name Process (input: incoming data, output: transformed data). Consult the man page (option -m) for more details.
And option -f (format) can be used to change the output format of data.
Possible values are: repr, x, X, a, A, b, B
The default value (repr) output’s data on a single line using Python’s repr function.
a is an ASCII/HEX dump over several lines, A is an ASCII/HEX dump too, but with duplicate lines removed.
x is an HEX dump over several lines, X is an HEX dump without whitespace.
b is a BASE64 dump over several lines, B is a BASE64 without whitespace.
Saturday 9 November 2019
Update: format-bytes.py Version 0.0.10
This new version of format-bytes.py, a tool to parse binary data, comes with support for bit streams.
This can help, for example, with decoding steganographic data, like a PE file hidden in a .WAV file.
More about this in an upcoming blog post.
format-bytes_V0_0_10.zip (https)
MD5: 3349E2F8C84AE644C0AEFDA4410297C5
SHA256: F75C3A353E42D847264702B1F316A65657E6375EF979B8EF21B282D4676BE4C3
Sunday 3 November 2019
Update: numbers-to-string.py Version 0.0.10
numbers-to-string.py is a tool to help with deobfuscation: it transforms numbers found in its input into strings.
This new version adds option -b to produce binary output.
numbers-to-string_v0_0_8.zip (https)
MD5: 69179F5EE01F8E0102F40B768E80A82E
SHA256: 535518780E9F4102320C81EF799CF1AD483C51450690A2E1FA9F2CA61B7A8A88
Saturday 2 November 2019
Update: cut-bytes.py Version 0.0.10
This new version of cut-bytes.py, a tool to select a byte sequence from its input, has bug fixes (including Python 3 fixes) and 2 new options: -p –prefix and -s –suffix.
With these options, arbitrary data can be prefixed or appended to the input.
cut-bytes_V0_0_10.zip (https)
MD5: C14F60F9843F4C2A40A05A52CBE16AB8
SHA256: AD3ADBF30B09DB77B17FEF62C40CDC138516FD24B077201D126D259D1953792B
Sunday 27 October 2019
Update: pecheck.py Version 0.7.8
This new version of pecheck.py, a tool to analyze PE files, comes with a small update to option -l.
The overview of embedded PE files produced with option -l P now reports the hash of the embedded PE file without overlay:
By default, this is an MD5 hash, but can be changed to your liking using environment variable DSS_DEFAULT_HASH_ALGORITHMS, like this:
I will introduce this environment variable to my other tools with new releases.
pecheck-v0_7_8.zip (https)
MD5: 616CD9159316FC2100BE3E87C5C26B2C
SHA256: F734EFFFA17E4EE6CA64A67D18340B3347B72C4B1C7522BAF1B7D720FABA2389
Monday 30 September 2019
Update Of My PDF Tools
This is an update of my PDF tools.
There are a couple of bug fixes for pdf-parser and pdfid.
And 2 new features in pdf-parser, inspired by a private training on maldoc analysis I gave last week. I often get good ideas from my students, and sometimes, even I get a good idea in class 🙂 .
Option -o can now be used to select multiple objects: separate the indices by a comma.
There’s a new environment variable, PDFPARSER_OPTIONS, that can be used to provide extra options you want to include with each execution of pdf-parser.py. This is useful for option -O, an option to parse stream objects.
It’s actually best to always parse stream objects, i.e. always use option -O. But I decided not to make this an option that is on by default, so that the behavior of pdf-parser would remain unchanged. I consider this important for the many people that rely on a predictable behavior of pdf-parser, like teachers and students of infosec trainings where my tools are used/mentioned.
However, always including option -O is tedious and error prone. So now you can have best of both worlds, by defining an environment variable with name PDFPARSER_OPTIONS and value -O.
And finally, I started to add a man page (option -m), like I do with many of my other tools. This is a work in progress: for the moment, it points to my free PDF analysis e-book that explains the use of pdfid and pdf-parser.
pdf-parser_V0_7_3.zip (https)
MD5: 7EB1713631D255B36BC698CD2422C7EB
SHA256: D4D5AC9C26A9D8FEF65CE58A769D3F64A737860DC26606068CCDD3F04FDEA0D7
pdfid_v0_2_6.zip (https)
MD5: 9CCE332914A6C76410F04B7C35DA3155
SHA256: 95F7C91EEFB561F3F3BE9809ED339D85E7109BAA7E128EF056651EE018DBDBA0
Sunday 22 September 2019
Update: strings.py Version 0.0.4
This new version of strings.py comes with a new option -T to trim the strings to a given length. And also 2 bug fixes.
strings_V0_0_4.zip (https)
MD5: 8B1F5A6BEBA2BC8BDFF16B99C27050E4
SHA256: 7BBAAB0E83692288BDC35BC0FBDD6B2F8A141280E506131E2818F49BEF31D01A
Saturday 21 September 2019
Update: hex-to-bin.py Version 0.0.3
hex-to-bin.py is a program to convert hexadecimal dumps (text) to binary data.
This new version of hex-to-bin.py can handle different hexdump formats, like registry dumps (text files). Use option -x to handle these hexdumps.
And option -t was added if the input is a text file that is non-ASCII, like UTF16. Option -t can be used to convert the text file.
And it supports Python3, but that code is a kludge. Something I’ll have to do better later.
hex-to-bin_V0_0_3.zip (https)
MD5: 0F87942CC9EF566D4C3B5A34073D5399
SHA256: 02447247C59F530CD6559B0FB287E314AC3AB807D843729CA9CE3F16D0930CAB
Wednesday 18 September 2019
Update: pecheck.py Version 0.7.7
This new version of pecheck.py adds option -l to carve embedded PE files. This will be explained in detail in an upcoming blog post.
pecheck-v0_7_7.zip (https)
MD5: CEFCCC094EF9E29A539092A6ECB77EEE
SHA256: 91041D17A39C7FA4151830AF8FBD151680A04FC617CB0EADDA32D240E9AB9C03
