Skip to content

Instantly share code, notes, and snippets.

@bwall bwall/alphareverse.py
Last active Aug 29, 2015

Embed
What would you like to do?
alphareverse.py
#!/usr/bin/env python2
# As referenced in http://blog.cylance.com/a-study-in-bots-newscaster
from sys import stdin
from string import printable, ascii_lowercase, ascii_uppercase
from os import listdir
from os.path import isfile, isdir, join, abspath
results = {}
def get_version():
return "0.1.0"
def extract_strings(data, minimum=4, charset=printable):
result = ""
for c in data:
if c in charset:
result += c
continue
if len(result) >= minimum:
yield result
result = ""
if len(result) >= minimum:
yield result
def extract_strings_from_file_handle(fh, minimum=4, charset=printable):
result = ""
c = fh.read(1)
while c != "":
if c in charset:
result += c
c = fh.read(1)
continue
if len(result) >= minimum:
yield result
result = ""
c = fh.read(1)
if len(result) >= minimum:
yield result
def invert_alphabet(str_input):
list_input = list(str_input)
for x in xrange(len(list_input)):
if list_input[x] in ascii_lowercase:
list_input[x] = ascii_lowercase[len(ascii_lowercase) - 1 - ascii_lowercase.find(list_input[x])]
if list_input[x] in ascii_uppercase:
list_input[x] = ascii_uppercase[len(ascii_uppercase) - 1 - ascii_uppercase.find(list_input[x])]
return "".join(list_input)
def invert_strings_from_string(to_check):
for s in extract_strings(to_check, 3, printable):
yield invert_alphabet(s)
def invert_strings_from_file_handle(fh):
for s in extract_strings_from_file_handle(fh, 3, printable):
yield invert_alphabet(s)
def scan_file_handle(file_handle):
for host in invert_strings_from_file_handle(file_handle):
yield host
def scan_paths(paths, recursive):
while len(paths) != 0:
try:
file_path = abspath(paths[0])
del paths[0]
if isfile(file_path):
try:
with open(file_path, mode='rb') as file_handle:
for host in scan_file_handle(file_handle):
yield (file_path, host)
except IOError:
pass
elif isdir(file_path):
for p in listdir(file_path):
try:
p = join(file_path, p)
if isfile(p) or (isdir(p) and recursive):
paths.append(p)
except IOError:
pass
except IOError:
pass
def print_result(file, domain, show_files, hide_duplicates):
if hide_duplicates:
if show_files:
key = file
else:
key = "-"
if key in results:
if domain in results[key]:
return
if key not in results:
results[key] = []
if domain not in results[key]:
results[key].append(domain)
if show_files:
print "{0}\t{1}".format(file, domain)
else:
print domain
if __name__ == "__main__":
from argparse import ArgumentParser
parser = ArgumentParser(
prog=__file__,
description="Extracts strings and inverts their alphabet",
version="%(prog)s v" + get_version() + " by Brian Wallace (@botnet_hunter)",
epilog="%(prog)s v" + get_version() + " by Brian Wallace (@botnet_hunter)"
)
parser.add_argument('path', metavar='path', type=str, nargs='*', default=None,
help="Paths to files or directories to scan (if not supplied, stdin is the file being read)")
parser.add_argument('-r', '--recursive', default=False, required=False, action='store_true',
help="Scan paths recursively")
parser.add_argument('-f', '--show-files', default=False, required=False, action='store_true',
help="Show file names along with results")
parser.add_argument('-d', '--hide-duplicates', default=False, required=False, action='store_true',
help="Hide duplicate results (hides per file when show-files is enabled)")
args = parser.parse_args()
show_files = args.show_files
hide_duplicates = args.hide_duplicates
if len(args.path) == 0:
with stdin as fh:
for domain in scan_file_handle(fh):
print_result("stdin", domain, show_files, hide_duplicates)
else:
for (f, domain) in scan_paths(args.path, args.recursive):
print_result(f, domain, show_files, hide_duplicates)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.