DarkCoderSc/ExtractStrings.py

## ExtractStrings.py
#!/usr/bin/env python3

# Jean-Pierre LESUEUR (@DarkCoderSc)
# https://keybase.io/phrozen

import argparse
import mmap
from itertools import chain


def extract_strings(file, min_length=4, unicode=False):
	printable_ascii = b"0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!\"#$%&\'()*+,-./:;<=>?@[\\]^_`{|}~ \t"

	if unicode:
		char_size = 2
	else:
		char_size = 1

	with mmap.mmap(file.fileno(), length=0, access=mmap.ACCESS_READ) as mmap_obj:
		string = b""
		offset = 0

		for cursor in range(0, mmap_obj.size(), char_size):
			b = mmap_obj.read(char_size)

			if b[0] in printable_ascii:
				if char_size == 2 and b[1] != 0:
					continue

				string += b[0].to_bytes(1, byteorder='big')
			else:
				if len(string) >= min_length:
					yield offset, string.decode('ascii').replace("\t", "")

				string = b""
				offset = cursor


if __name__ == "__main__":
	parser = argparse.ArgumentParser(description=f"Binary String Extractor")

	parser.add_argument('-f', '--file', type=argparse.FileType('rb'), dest="file", required=True, help="Binary file to inspect for strings.")

	parser.add_argument('-o', '--offset', default=False, dest="show_offset", action="store_true", help="Show string location in file (string offset).")

	parser.add_argument('-l', '--min-length', default=4, required=False, dest="min_length", action="store", help="Minimum length of extracted string.")

	parser.add_argument('-m', '--extract-mode', dest="mode", default='all', choices=['all', 'ascii', 'unicode'], help="Filter string extraction by its encoding nature.")

	try:
		argv = parser.parse_args()
	except IOError as e:
		parser.error()

	ascii_strings = iter([])
	unicode_strings = iter([])

	if argv.mode == "all" or argv.mode == "ascii":
		ascii_strings  = extract_strings(argv.file, argv.min_length)

	if argv.mode == "all" or argv.mode == "unicode":
		unicode_strings = extract_strings(argv.file, argv.min_length, True)

	for offset, string in chain(ascii_strings, unicode_strings):
		if argv.show_offset:
			print("{} : {}".format(
				offset,
				string,
			))
		else:
			print(string)
	#!/usr/bin/env python3

	# Jean-Pierre LESUEUR (@DarkCoderSc)
	# https://keybase.io/phrozen

	import argparse
	import mmap
	from itertools import chain


	def extract_strings(file, min_length=4, unicode=False):
	printable_ascii = b"0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!\"#$%&\'()*+,-./:;<=>?@[\\]^_`{\|}~ \t"

	if unicode:
	char_size = 2
	else:
	char_size = 1

	with mmap.mmap(file.fileno(), length=0, access=mmap.ACCESS_READ) as mmap_obj:
	string = b""
	offset = 0

	for cursor in range(0, mmap_obj.size(), char_size):
	b = mmap_obj.read(char_size)

	if b[0] in printable_ascii:
	if char_size == 2 and b[1] != 0:
	continue

	string += b[0].to_bytes(1, byteorder='big')
	else:
	if len(string) >= min_length:
	yield offset, string.decode('ascii').replace("\t", "")

	string = b""
	offset = cursor


	if __name__ == "__main__":
	parser = argparse.ArgumentParser(description=f"Binary String Extractor")

	parser.add_argument('-f', '--file', type=argparse.FileType('rb'), dest="file", required=True, help="Binary file to inspect for strings.")

	parser.add_argument('-o', '--offset', default=False, dest="show_offset", action="store_true", help="Show string location in file (string offset).")

	parser.add_argument('-l', '--min-length', default=4, required=False, dest="min_length", action="store", help="Minimum length of extracted string.")

	parser.add_argument('-m', '--extract-mode', dest="mode", default='all', choices=['all', 'ascii', 'unicode'], help="Filter string extraction by its encoding nature.")

	try:
	argv = parser.parse_args()
	except IOError as e:
	parser.error()

	ascii_strings = iter([])
	unicode_strings = iter([])

	if argv.mode == "all" or argv.mode == "ascii":
	ascii_strings = extract_strings(argv.file, argv.min_length)

	if argv.mode == "all" or argv.mode == "unicode":
	unicode_strings = extract_strings(argv.file, argv.min_length, True)

	for offset, string in chain(ascii_strings, unicode_strings):
	if argv.show_offset:
	print("{} : {}".format(
	offset,
	string,
	))
	else:
	print(string)