Detective Scripts of STEGA(Version0.0)
来源:互联网 发布:神州网络兼职平台是真的吗 编辑:程序博客网 时间:2024/06/05 04:10
作为一个little noob写了两个小脚本给STEGA入门的同学。
第一个用来检测一下文件大致的信息,检查文件头尾,检测可疑文件头出现次数,查看文件的md5,sha1,crc32
from hashlib import md5,sha1from zlib import crc32from binascii import hexlify as himport osimport sysimport subprocess#read bin filedef judgefilehead(filename): with open(filename, 'rb') as f: s=h(f.read()) head=s[:16] res=head return resdef judgefiletail(filename): with open(filename, 'rb') as f: s=h(f.read()) tail=s[-16:] res=tail return res#get suspect datadef judgefilecontent(filename): jpghead = 'ffd8ff' #jpgtail = 'ffd9' pnghead = '89504e47' #pngtail = 'ae426082' gifhead = '474946' giftail = '003b' with open(filename, 'rb') as f: s=f.read() s=h(s) if s.find(jpghead)==0 : print 'potential jpeg' print 'jpg head:',s.count(jpghead) if s.find(pnghead)==0 : print 'potential whole png' print 'png head:',s.count(pnghead) if s.find(gifhead)==0 : print 'potential whole gif' print 'gifsplit plz:' os.system('gifsplitter2.0.exe')#use your own splitter's path print 'content first search of images end' f.close()#get secret numberdef getCrc32(filename): with open(filename, 'rb') as f: return (crc32(f.read()))&0xffffffffdef getMd5(filename): mid=md5() with open(filename, 'rb') as f: mid.update(f.read()) return mid.hexdigest()def getsha1(filename): mid=sha1() with open(filename, 'rb') as f: mid.update(f.read()) return mid.hexdigest()if len(sys.argv)<2: print 'ENTER file plz!\n' os._exit(0)elif len(sys.argv)>2: print 'ONLY ONE file to be examined!\n' os._exit(0)filename=sys.argv[1]print '{:8} {}'.format('md5:',getMd5(filename))print '{:8} {}'.format('sha1:',getsha1(filename))print '{:8}{:x}'.format('crc32:',getCrc32(filename))print 'head:',judgefilehead(filename)print 'tail:',judgefiletail(filename)judgefilecontent(filename)print '\nplz start manual operation\n'os.system('HWork32')#use your own hex-editor's path
上面这个脚本只列出了几个文件头,小伙伴们可以自己改一改
(记得要事先修改一下gifsplitter和hexeditor路径啊!!!否则出现找不到指定路径的情况)
接下来是浏览exif信息的脚本(日常查图片exif)
import exifreadimport sysimport osdef exif(filename): f=open(filename,'rb') tags=exifread.process_file(f) return tagsif len(sys.argv)<2: print 'ENTER file plz!\n' os._exit(0)elif len(sys.argv)>2: print 'ONLY ONE file to be examined!\n' os._exit(0)filename=sys.argv[1]print 'exif is: ',exif(filename)
(脚本写的很丑,希望各位老哥不要嫌弃)
(希望以后能直接写个010出来)(手动滑稽)
阅读全文
0 0
- Detective Scripts of STEGA(Version0.0)
- PE Detective
- Scripts of Creating_Partitions_Steps
- 私人侦探 private detective
- A library of DHTML and Ajax scripts
- 2. Some scripts of the turtlebot(python)
- 【脚本】Useful collection of linux bash scripts
- PowerShell 脚本(Scripts)
- SCRIPTS
- scripts
- scripts
- Issues of Java invocation of the Shell scripts
- npm 脚本(npm scripts)
- Scripts to Check the Setup of the General Ledger Calendar
- [Photoshop] Location of Actions and Scripts for Photoshop CS4
- The oracle reference scripts of the backup and the recover
- A Simple Example of Dynamic Programming using perl scripts
- MATLAB scripts for alternating direction method of multipliers
- Java并发编程札记-(四)JUC锁-10Semaphore简介
- Android 自定义加载进度框
- 软件设计中的状态机
- Linux 内核里的数据结构——位数组(bitmap)
- 首次登陆系统强制修改密码
- Detective Scripts of STEGA(Version0.0)
- React井字棋
- 点击图片放大全屏加载,再次点击图片/文档回到原来位置
- 程序员的自我修养——编译和链接
- 状态机思路在程序设计中的应用
- 数据结构实验之查找七:线性之哈希表
- Linux 内核里的数据结构——双向链表(dlist)
- Android【垂直滚动广告条】仿淘宝头条1号店京东—垂直滚动广告条
- GalleryByReact