Some changes to the translate option: now it supports this format (like some of my other tools):
i=codec[:error],o=codec[:error]
i= is input and o= is output. If you don’t specify an error handling mode, strict will be used.
An example of the format is: i=utf16,o=latin:ignore This will read binary data in utf16 strict mode, and convert it to binary data in ANSI (latin) and ignore all utf16 characters that can not be represented in latin.
This update to re-search.py, my tool to search text files with regular expressions, brings several new regular expressions.
There are 4 new regular expressions for cryptographic hashes: md5, sha1, sha256, sha512. And one new name that groups these 4 regular expressions: hashes.
You can use it like this: re-search.py -n hashes sample.txt
These regular expressions not only match strings of hexadecimal characters of the appropriate length (with a boundary: \b), they also check each extracted hash with a Python function (HashValidate in re-extra.py) that is designed to eliminate strings that accidentally look like a hash (example: 32 times letter A).
HashValidate checks the following:
that the hash is not a mix of lowercase and uppercase letters
that there are more than 5 different hexadecimal digits
that there are more than 10 instances of a character and the next character, that are different
These simple rules are designed to detect hexadecimal strings that are too uniform, and thus probably not a hash digest.
And I also added regular expressions for strings delimited by single quotes: str-s, str-se str-su, str-seu.
A small update to plugin_msi_info to change the output format a bit. And you can select your preferred hash algorithm with environment variable DSS_DEFAULT_HASH_ALGORITHMS.
In this update, I add option -W to write items to disk.
Option -W takes a value. Possible values are: vir, hash, hashvir and idvir.
This value determines the filename for each item written to disk.
vir: filename is item name + extension vir hash: filename is sha256 hash hashvir: filename is sha256 hash + extension vir idvir: filename is item id + extension vir