Didier Stevens

Didier Stevens Suite

I bundled most of my software in a ZIP file and GitHub repository. Some software that requires installation (Ariad) or triggers too much anti-virus programs on VirusTotal was not included.

I update this ZIP file and repository each time I release a new version or a new program (excluding beta versions).

Last update: 2022/11/22

If you get errors running one of my programs, read this first.


DidierStevensSuite.zip (http)
MD5: D87D56EA3F14F5A4863B3B67756B3B0F
SHA256: 92D8EA3FCA4DF8F163E9426F3F7767651CC27CA2F40C33DB80E710D80ED7F9DA


  1. […] bundled most of my software in a ZIP file. In all modesty, I call it Didier Stevens […]

    Pingback by Didier Stevens Suite | Didier Stevens — Thursday 8 January 2015 @ 20:14

  2. Great stuff

    Comment by Anonymous — Thursday 19 November 2015 @ 10:04

  3. Fyi, Palo Alto Wildfire blocked download of zip due to AnalyzePESig-crt-auto-x86.exe detected as malware

    Comment by Anonymous — Friday 25 November 2016 @ 13:47

  4. Thanks, ‘really a painstaking job.

    Comment by Anonymous — Monday 18 September 2017 @ 10:41

  5. Didier – Is there a way we can submit fixes or improvements, since it says you don’t accept pull requests on Github.


    Comment by Anonymous — Tuesday 30 October 2018 @ 23:16

  6. Yes, for what program?

    Comment by Didier Stevens — Tuesday 30 October 2018 @ 23:19

  7. Hi dear,
    I’m looking for something that verify URLs reachability. But not just that. I have an URL filtering appliance, so the URL check script had to discriminate between appliance blocking (“this site is blocked” message) and anything else.

    Have you any suggestions for me please?

    Kind regards

    Comment by Gian — Wednesday 12 June 2019 @ 7:15

  8. Yes, I have something that I will release soon: wgets.py

    Comment by Didier Stevens — Friday 14 June 2019 @ 8:26

  9. Greeeat! Just love you 😉

    Comment by Gian Matteo Esposito — Friday 14 June 2019 @ 8:51

  10. […] go so well. But thanks to @killamjr’s help, updating all of Didier Steven’s tools, and this SANS blog post, it all worked out fine. Let’s work through […]

    Pingback by Crimson Rat (02-24-2020): VelvetSweatshop and shellcode – Click All the Things! — Thursday 27 February 2020 @ 12:54

  11. […] of them are written in Python (a free, open-source programming language).These tools can be found here and on […]

    Pingback by Analyzing a “multilayer” Maldoc: A Beginner’s Guide – NVISO Labs — Wednesday 6 April 2022 @ 8:22

  12. Hello Didier,
    Thank you for the great tools. What version of Python should I install to use these tools? I have 3.9 installed but it gives error when I run them, Traceback (most recent call last):

    Comment by TheMantis — Wednesday 21 September 2022 @ 11:25

  13. What tool are you using? Because your paste did’t work

    Comment by Didier Stevens — Wednesday 21 September 2022 @ 18:11

  14. Hello Didier,

    I was trying to use zipdump.
    Thank you for your quick response.

    Comment by Anonymous — Wednesday 21 September 2022 @ 20:15

  15. Zipdump is a tool I have upd ted many times the last year, so it is Python 3.

    Comment by Didier Stevens — Wednesday 21 September 2022 @ 20:17

  16. Can you post the error?

    Comment by Didier Stevens — Wednesday 21 September 2022 @ 20:17

  17. This is the error when I run zipdump.py
    “line 519
    exec open(decoder, ‘r’) in globals(), globals()
    SyntaxError: invalid syntax

    Comment by Anonymous — Thursday 22 September 2022 @ 11:22

  18. You are running an old version for Python 2

    Comment by Didier Stevens — Thursday 22 September 2022 @ 21:08

  19. Use the latest version

    Comment by Didier Stevens — Thursday 22 September 2022 @ 21:08

  20. I got the errors below when I ran with the latest Python version 3.10.7
    Traceback (most recent call last):
    File “C:\Users\…\Desktop\Cyber\DidierStevensSuite\zipdump.py”, line 5457, in
    File “C:\Users\…\Desktop\Cyber\DidierStevensSuite\zipdump.py”, line 5452, in Main
    ZIPDump(args[0], options)
    File “C:\Users\…\Desktop\Cyber\DidierStevensSuite\zipdump.py”, line 5097, in ZIPDump
    file = oZipfile.open(oZipInfo, ‘r’, C2BIP3(zippassword))
    File “C:\Program Files\Python310\lib\zipfile.py”, line 1571, in open
    return ZipExtFile(zef_file, mode, zinfo, pwd, True)
    File “C:\Program Files\Python310\lib\zipfile.py”, line 800, in __init__
    self._decompressor = _get_decompressor(self._compress_type)
    File “C:\Program Files\Python310\lib\zipfile.py”, line 699, in _get_decompressor
    File “C:\Program Files\Python310\lib\zipfile.py”, line 679, in _check_compression
    raise NotImplementedError(“That compression method is not supported”)
    NotImplementedError: That compression method is not supported

    Comment by Anonymous — Friday 23 September 2022 @ 12:12

  21. Are you trying to analyze a ZIP file with AES encrypted content?

    Comment by Didier Stevens — Friday 23 September 2022 @ 13:45

  22. I was trying to follow one of your videos, https://isc.sans.edu/diary/Video%3A+Analyzing+Obfuscated+VBS+with+CyberChef/29058.

    Comment by Anonymous — Friday 23 September 2022 @ 17:02

  23. Ah ok. So you got the sample from Malware Bazaar? Malware Bazaar uses AES encryption in zip files, and that is not supported by Python. You need to install an extra module for this to work, like this: pip.exe install pyzipper

    Comment by Didier Stevens — Friday 23 September 2022 @ 17:04

RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog at WordPress.com.