Created
February 7, 2019 03:20
-
-
Save neutrinoguy/d6a0d63c85b10cb3a7604bf95b55b1c6 to your computer and use it in GitHub Desktop.
Magic Bytes
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import hexdump as hd | |
import re | |
import sys | |
import os | |
def banner(): | |
banner = '''' | |
_____ _ _____ _ | |
| |___ ___|_|___| __ |_ _| |_ ___ ___ | |
| | | | .'| . | | _| __ -| | | _| -_|_ -| | |
|_|_|_|__,|_ |_|___|_____|_ |_| |___|___| | |
|___| |___| | |
[v0.1 Beta ~ <3] | |
''' | |
print banner | |
def file_analyser(file_name): | |
magicbytes = { | |
".gif" : "47 49 46 38 39 61", | |
".exe" : "4D 5A", | |
".pdf" : "25 50 44 46", | |
".wav" : "57 41 56 45 66 6D 74 20", | |
".jpg" : "FF D8", | |
".zip" : "50 4B 03 04", | |
".doc" : "D0 CF" | |
} | |
with open(file_name,'r') as fhand: | |
data = fhand.read().replace("\n", "") #Take all data in one variable | |
hexd = hd.dump(data) #Get hex of it | |
print("[+] Analyzing Hex now.") | |
for ext,magic in magicbytes.items(): | |
if bool(re.search(magic,hexd)) == True: | |
print("[+] It is a %s type of file. Renaming now." % ext) | |
orignal_ext = file_name.split(".")[0]+ext #Find signature and rename if found. | |
os.rename(file_name,orignal_ext) | |
print("[+]Done. Printing File Hex for review.") | |
print hexd | |
return | |
else: | |
pass | |
print("[!] Can't file any valid externsion for this file :/") | |
if __name__ == '__main__': | |
banner() | |
file_analyser(sys.argv[1]) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment