Didier Stevens

A small feature update for pdf-parser.py Statistics include unreferenced objects now:

pdf-parser_V0_7_8.zip (http)
MD5: 7BBEA9497666397CBBB88B012A710210
SHA256: FE393865861E00B48124B99CD5AEBBB5A632F1FBD883F4E4044DF8C8FA75BE9D

New functions and classes have been added to process-binary-file.py.

python-templates_V0_0_9.zip (http)
MD5: 7C5E8602F225735015E9A431C5818762
SHA256: CAEEEBB1E402E5127A431446A01BBE607B22AA0EB1F6FA12B8E7703275BE6F15

A small update to option -W of zipdump.py.

Next to value vir, you can now also specify values hash and hashvir.

hash: write each file with name equal to the SHA256 of the content of the file.

hashvir: write each file with name equal to the SHA256 of the content of the file plus extension .vir.

zipdump_v0_0_24.zip (http)
MD5: 33E7B7602263CB2C23D59C7EDEC8666C
SHA256: 1BEF40A9B567DAE84563FEA1B4DE8E0BD7F5926F7FCFF6D7086D2643133FBACE

This update to dnsresolver.py, my custom DNS server, adds a command to forward DNS request.

With this forward command, all requests that are not handled by other commands, are forwarded to the provided DNS server.

dnsresolver_V0_0_2.zip (http)
MD5: D96EA9517E106C4C9E3668AB6799B150
SHA256: 611C1540FE7FA2016E38689A153681428BBF3EAFC927A62342310A93022B3EC4

This update of myjson-filter.py adds an option (-t) to filter on the magic field added by file-magic.py.

To be explained in an upcoming blog post.

myjson-filter_V0_0_3.zip (http)
MD5: AB8AF505B120D02AD1A9846A72A340B5
SHA256: AB73314ACCD65EC765D6DDA629AF273FF882D293F11F6A2EA8FC633B019E5836

This update of file-magic.py brings option –jsonoutput to augment json input data with a magic field.

To be explained in an upcoming blog post after myjson-filter.py update is released.

file-magic_V0_0_5.zip (http)
MD5: 5B4CB4EE75E1CAC7705E33CCE4809E10
SHA256: 876F9AC31E1EC395EB93922AA2A7EFA027534F7343500648FE0A036021C7F1B9

This is a bug fix version for my nsrl.py script, a tool to check hashes with the NSRL list.

nsrl_V0_0_4.zip (http)
MD5: 6F72B03493C73E88CB3771C860BC76D0
SHA256: D68039B8654C1D52CD1C12670C7E885E462B72BF23892E86BE86E6381C95B669

New features:

• Loading files from command line arguments
• Column index to right click-menu
• “Hide (if equal to prev and next)” to right click-menu
• “Values separator…” to right click-menu
• “Hide duplicates” to right click-menu
• Added column filtering when loading files

InteractiveSieve_V_0_9_2_0.zip (http)
MD5: 74A4019A36199C5057207184341FB639
SHA256: D9481C99F44FCEA0729F526B70E307881E2128FB1EB23DF135790EDB4392CB4A

This new version brings extra statistics with option -f (fullread): counter for unique bytes, control bytes, printable bytes, high bytes. And lengths of the longest ASCII string, ASCII hexadecimal string and ASCII base64 string.

Remark that no check is made for hex string length being a multiple of 2 and base64 string length being a multiple of 4.

Rule DMP for minidumps was added.

And option -e now accepts multiple extensions (comma separated).

FileScanner_V0_0_0_8.zip (http)
MD5: 20201A4336F3E5298896EE0962C6C287
SHA256: F0EAE8F989A65509EE2AC793EB23C3FED3F333D10C62C30FF047EE45CD308190

Option -W can be used to write all files to disk. The only accepted value for -W is vir (for the moment). When this option is provided, all files are written to the local disk (ignoring contained paths) with their original name, and appended extension .vir.

To print out properties line per line, use separator *.

And more parsing for PK records has been added (with option -f). This is a work in progress, more info will provided in an upcoming blog post.

zipdump_v0_0_23.zip (http)
MD5: B37E6A25B736CB4396DEB2DC8A0853C6
SHA256: 68B7E11B4456A8A9A5A9733EE9B1945A03EBA64A13903B98FAC838BDB828BD02