I added option -u (–unique) to remove duplicates to search-for-compressions.py.
Thursday 12 June 2025
Wednesday 11 June 2025
Update: pecheck.py Version 0.7.18
This is a bugfix version.
pecheck-v0_7_18.zip (http)MD5: 813F309837091B2035A18272AE5F053F
SHA256: 2976562A8B12F0CDD3E9DBF56929B391CA73AF91906EABC18E9CD663A17155AD
Monday 9 June 2025
Update: pngdump.py Version 0.0.7
This update to pngdump.py adds an index for chunks, and allows for the selection of a chunk via its index.
Tuesday 3 June 2025
Update: search-for-compression.py Version 0.0.4
This tool is still beta.
VBA compression is now supported, besides zlib compression. Option -t (–type) was added so that one can choose the compression type to search for. Possible values are zlib (default) or vba.
And shortcut #p# was added to the yara option, to predefine these rules:
rule attribute_vb_name {
strings:
$a = "Attribute VB_Name = "
condition:
$a
}
rule dir {
strings:
$a = { 01 00 04 }
condition:
$a at 0
}I’ll explain in another blog post how these features can be used to analyze MS Access databases with VBA project.
Monday 2 June 2025
Update: myjson-transform.py Version 0.0.2
This update brings options -f and -c.
Option -f is used to define a Python function (function name or lambda) that will be applied to the content of each item in the MyJSON data.
Option -c is a shortcut for calling the CutData function via option -f. The lambda that is generated is: lambda data: CutData(data, ‘CUTEXPRESSION’)[0]
CUTEXPRESSION is the cut-expression provides as value for option -c.
MD5: BAA4F4E7E8159EB05063C588DAF2A111
SHA256: 0F79D0D1B35D3F6C7DF0C17746E18F257AF9493D8C474448D16774A405B620E4
Saturday 31 May 2025
Update: myjson-filter.py Version 0.0.8
A new possible value for option -W (–write) has been added: nameext. This allows for writing files with the sanitized item name and the given extension. For example, nameext:config will create files with extension .config.
myjson-filter_V0_0_8.zip (http)MD5: 6A899FB406C60F078F2B9E8310F9F2E0
SHA256: 7F5E5DA0C51DB2FF8A1A622925008770D5810D4967D313DEBA9C5ECBB7D99D14
Friday 30 May 2025
Update: oledump.py Version 0.0.82
This oledump update brings option –trimnull and updates plugin_vba_dir with option -f (–force).
oledump_V0_0_82.zip (http)MD5: 9133DB7CF8F4B69458842518CEAC6F88
SHA256: 7F634930C9B5986EFDC6016B05F67A3058B1B3710D0F3DB052C7FC993A859CB4
Thursday 29 May 2025
Update: process-binary-file.py Version 0.0.11
Option –jsonoutput was added to produce MyJSON data for the files that are read.
python-templates_V0_0_13.zip (http)MD5: 92977C70DAA8E83BB005A9B6A124129B
SHA256: EB32C86A5F1205B9CC919499BB21171B23A8A365866CF7C3C253BB3600E53A70
Friday 9 May 2025
Update: oledump.py Version 0.0.81
This version brings a new plugin to extract clickable links from Word documents (.doc): plugin_hyperlink.py
MD5: CEC519186C49CEA82811491DD0055D94
SHA256: 1F990AC30E6D5992D6888F0CAD6FAECE568DB5C32F54554E3BEA89542481658A
Thursday 8 May 2025
Update: myjson-filter.py Version 0.0.7
This new version of myjson-filter brings:
- option -r (–process) to launch a process per item and pass the content of the item via stdin
- option -P (–pythonfilter) to filter using a Python function
- added support for plugins
Plugin plugin_ooxml_url.py is a plugin that extracts clickable links from OOXML documents:
MD5: E168A38CBC349F972EDD830A56C949BE
SHA256: AD09A5C50310E9684561FC33AE98C5F8928D6F3B30F8723CF44A3C912590C5AD
Didier Stevens 