Didier Stevens

This new version brings option –encoding, to handle different text encodings.

count_v0_3_2.zip (http)
MD5: 552B7E8C92D07FB422AF6956A88B3C6E
SHA256: B0CA909EC5CDA7471D80B7562D93388D81225EEB73A6421D4784F2DAD785AC0B

I added a –stats option, extra processing for PK END records and a new choice for -W –write option: alphanumhashvir.

zipdump_v0_0_30.zip (http)
MD5: 890E9000F6CD7CD91BA9FC75D4297D8D
SHA256: 2A266E7E35D7DEF8A63964E73B105992752E51AA32CD20C97D3383FBB77F1587

This update to strings.py brings option -V to add extra statistics for the 10 longest strings when option -a –stats is used.

strings_V0_0_9.zip (http)
MD5: 5611044374DDCA8E7C1A74D88ED9B9C2
SHA256: C198D543F4D46B1330D1A4778829F534E77AA320CE500DF2B1F78910A50ADCCF

This new version of myjson-filer brings a new choice for option -W (–write): hashext.

This write files where the filename is the sha256 hash + provided extension. For example, option -W hash:jpeg will create files with extension .jpeg, and the name is the sha256 hash of the content of the file.

myjson-filter_V0_0_6.zip (http)
MD5: 379880AF93E312F8A8D80A7F8E0825E5
SHA256: E1B09AEEFB437ECDF3A6223BE3D72A3D552EF5A3B2E9CC42D06A83E4230EA9D1

This new version of hash.py adds JSON input support: –jsoninput.

hash_V0_0_12.zip (http)
MD5: 087C9DB7D2C22449B568F7F35015A2D1
SHA256: 1021D93E0048F2196AA4D4018C1FA3DC61BAA28E6A00F97AB48442BAF7FB8C12

I’ve added opion -B –bin to move analyzed files into folders per detected file type.

file-magic_V0_0_8.zip (http)
MD5: A495B1CAC80D027AB9CABC76E796A418
SHA256: 5A67274B81BC493ED94D50A375EEC850DFB4065894FD8814D4B3CF5006810F73

This is an update for the entropy calculation.

If the number of bytes to calculate statistics for is less than 256, the tool will also provide a normalized entropy calculation:

byte-stats_V0_0_10.zip (http)
MD5: 6EE5CF2904DCDCAD46C47A423A2BAA78
SHA256: A3D5227BB1443ED2D557EB10E792474778C184A27BF860B8B62E5213FDC8E3AD

This new version adds an experimental mode (option -e), to decode alternative datastructures for stored and runtime config.

More details can be found in SANS ISC diary entry “1768.py’s Experimental Mode” I wrote.

1768_v0_0_21.zip (http)
MD5: 6FBDCC5F066519C3FD846D33ABE3287A
SHA256: CBFCC5DA80634DF29DBABE06F3D59D3A5CA2FC1968CF5E0213F6A6751B1A079B

This new version of oledump brings updates to .msg plugins plugin_msg and plugin_msg_summary.

Plugin plugin_msg_summary can now produce JSON output for attachments (plugin option -J).

Plugin plugin_msg now parses porperty streams.

More details can be found in my SANS ISC diary entry “Analyzing MSG Files“.

oledump_V0_0_76.zip (http)
MD5: 908FF80DABA00544CB46EBC4C728A15B
SHA256: BFEC0099C35C4D761DC941AA72214444661B6D09C4C0A9B0DDA15DF86812536C

metatool.py is a tool to help with the analysis of Metasploit or Cobalt Strike URLs.

I added option -a to provide URLs via the command-line.

metatool_V0_0_4.zip (http)
MD5: 374B30DD3D92557A7F8DAA97B81CEE0E
SHA256: D627AF2462610AE0B8CC5AB2BA0A4325D1386BB06F96DC2827DDD22430499192