Created
March 1, 2021 18:25
-
-
Save packmad/875ecda44bf2e33ab4b253e51631c891 to your computer and use it in GitHub Desktop.
Checks PortableExecutable signatures using signify package
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| import os | |
| from os.path import isdir | |
| from collections import defaultdict | |
| from signify.signed_pe import SignedPEFile | |
| def is_pe(file_path: str) -> bool: | |
| try: | |
| return open(file_path, 'rb').read(2) == b'MZ' | |
| except Exception: | |
| return False | |
| def percentage(tot: int, part: int, precision: int = 1) -> float: | |
| return round(100 * float(part)/float(tot), precision) | |
| if __name__ == '__main__': | |
| if len(sys.argv) != 2: | |
| sys.exit('Missing target directory') | |
| assert isdir(sys.argv[1]) | |
| tot_pe_files = verified = 0 | |
| exceptions = defaultdict(int) | |
| for root, dirs, files in os.walk(sys.argv[1], topdown=False): | |
| for name in files: | |
| file_path = os.path.join(root, name) | |
| if not is_pe(file_path): | |
| continue | |
| tot_pe_files += 1 | |
| with open(file_path, 'rb') as f: | |
| pefile = SignedPEFile(f) | |
| try: | |
| pefile.verify() | |
| verified += 1 | |
| except Exception as e: | |
| exceptions[type(e).__name__] += 1 | |
| print(f'Verified: {verified}/{tot_pe_files} ~ {percentage(tot_pe_files, verified)}%') | |
| for k, v in exceptions.items(): | |
| print(f'{k}: {v}/{tot_pe_files} ~ {percentage(tot_pe_files, v)}%') |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment