Last active
June 4, 2021 00:49
-
-
Save IlluminatiFish/b4e4298a7ac8a87a4d91b41a33f3cdb4 to your computer and use it in GitHub Desktop.
A function that enables you to get the intersecting strings from the list of files defined in the function parameter along with an adjustable string size, could be used for YARA rule generation.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # This program is a utility used by myself that I have released | |
| # to the public under the GPLv3 license | |
| # | |
| # Copyright (c) 2021 IlluminatiFish. | |
| # | |
| # This program is free software: you can redistribute it and/or modify | |
| # it under the terms of the GNU General Public License as published by | |
| # the Free Software Foundation, version 3. | |
| # | |
| # This program is distributed in the hope that it will be useful, but | |
| # WITHOUT ANY WARRANTY; without even the implied warranty of | |
| # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
| # General Public License for more details. | |
| # | |
| # You should have received a copy of the GNU General Public License | |
| # along with this program. If not, see http://www.gnu.org/licenses/. | |
| # | |
| import re | |
| def get_strings(files, string_size): | |
| ''' | |
| Gets the strings of at least size :param string_size: out of the raw files listed in :param files: | |
| :param files: A list of files that you want to find strings for. | |
| :param string_size: The minimum size of the strings you want to find. | |
| :returns: The strings found in the listed files, whether that be intersected strings or just plain strings for one file. | |
| ''' | |
| chars = b"[a-zA-Z0-9~@#$^*()_+=[\]{}|\\,.?: -]{%d,100}" % string_size | |
| all_strings = [] | |
| for file in files: | |
| file_data = open(file, 'rb').read() | |
| strings = re.findall(chars, file_data) | |
| all_strings.append(strings) | |
| if len(files) >= 2: | |
| result = set(all_strings[0]).intersection(*all_strings[1:]) | |
| elif len(files) == 1: | |
| result = strings | |
| else: | |
| print('[-] You need at least 2 files to compare, to find intersecting strings!') | |
| print('[~] Files tested: ') | |
| for file in files: | |
| print(f' - Name: {file}') | |
| print() | |
| string_file = open('results.txt', 'a') | |
| if bool(result) is True: # If the set is not empty | |
| print(f'[*] Found(count={len(result)}) the following intersecting strings(size={string_size}):') | |
| for string in result: | |
| if len(string.decode().strip()) > 0: # Gets rid of bytes filled with just spaces | |
| print(f' - {string.decode()}') | |
| string_file.write(string.decode()+'\n') | |
| string_file.close() | |
| elif bool(result) is False: | |
| print(f'[!] Did not find any intersecting strings(size={string_size}) between your files') | |
| get_strings(['file1.ext', 'file2.ext'], 6) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment