This update to pngdump.py adds an index for chunks, and allows for the selection of a chunk via its index.
Monday 9 June 2025
Tuesday 3 June 2025
Update: search-for-compression.py Version 0.0.4
This tool is still beta.
VBA compression is now supported, besides zlib compression. Option -t (–type) was added so that one can choose the compression type to search for. Possible values are zlib (default) or vba.
And shortcut #p# was added to the yara option, to predefine these rules:
rule attribute_vb_name {
strings:
$a = "Attribute VB_Name = "
condition:
$a
}
rule dir {
strings:
$a = { 01 00 04 }
condition:
$a at 0
}I’ll explain in another blog post how these features can be used to analyze MS Access databases with VBA project.
Monday 2 June 2025
Update: myjson-transform.py Version 0.0.2
This update brings options -f and -c.
Option -f is used to define a Python function (function name or lambda) that will be applied to the content of each item in the MyJSON data.
Option -c is a shortcut for calling the CutData function via option -f. The lambda that is generated is: lambda data: CutData(data, ‘CUTEXPRESSION’)[0]
CUTEXPRESSION is the cut-expression provides as value for option -c.
MD5: BAA4F4E7E8159EB05063C588DAF2A111
SHA256: 0F79D0D1B35D3F6C7DF0C17746E18F257AF9493D8C474448D16774A405B620E4
Saturday 31 May 2025
Update: myjson-filter.py Version 0.0.8
A new possible value for option -W (–write) has been added: nameext. This allows for writing files with the sanitized item name and the given extension. For example, nameext:config will create files with extension .config.
myjson-filter_V0_0_8.zip (http)MD5: 6A899FB406C60F078F2B9E8310F9F2E0
SHA256: 7F5E5DA0C51DB2FF8A1A622925008770D5810D4967D313DEBA9C5ECBB7D99D14
Friday 30 May 2025
Update: oledump.py Version 0.0.82
This oledump update brings option –trimnull and updates plugin_vba_dir with option -f (–force).
oledump_V0_0_82.zip (http)MD5: 9133DB7CF8F4B69458842518CEAC6F88
SHA256: 7F634930C9B5986EFDC6016B05F67A3058B1B3710D0F3DB052C7FC993A859CB4
Thursday 29 May 2025
Update: process-binary-file.py Version 0.0.11
Option –jsonoutput was added to produce MyJSON data for the files that are read.
python-templates_V0_0_13.zip (http)MD5: 92977C70DAA8E83BB005A9B6A124129B
SHA256: EB32C86A5F1205B9CC919499BB21171B23A8A365866CF7C3C253BB3600E53A70
Friday 9 May 2025
Update: oledump.py Version 0.0.81
This version brings a new plugin to extract clickable links from Word documents (.doc): plugin_hyperlink.py
MD5: CEC519186C49CEA82811491DD0055D94
SHA256: 1F990AC30E6D5992D6888F0CAD6FAECE568DB5C32F54554E3BEA89542481658A
Thursday 8 May 2025
Update: myjson-filter.py Version 0.0.7
This new version of myjson-filter brings:
- option -r (–process) to launch a process per item and pass the content of the item via stdin
- option -P (–pythonfilter) to filter using a Python function
- added support for plugins
Plugin plugin_ooxml_url.py is a plugin that extracts clickable links from OOXML documents:
MD5: E168A38CBC349F972EDD830A56C949BE
SHA256: AD09A5C50310E9684561FC33AE98C5F8928D6F3B30F8723CF44A3C912590C5AD
Friday 2 May 2025
Update: xorsearch.py Version 0.0.5
This version fixes a bug in IsPrintable and adds option -D.
xorsearch_v0_0_5.zip (http)MD5: 97621F1FCDED7B1B73091112C3C9FFD5
SHA256: 67D5E89A9F3057FF51ADD1C9F66E13D110AA92A64AA2A071828871067AF42241
Wednesday 30 April 2025
Update: re-search.py Version 0.0.23
I added support for TAB separator and added options –recursedir, –literalfilenames and –checkfilenames.
re-search_V0_0_23.zip (http)MD5: 2FCFBAC31302EAC4F9863C6945A2A2D5
SHA256: F1707FC8E6CDFEEBA85C332C0F5C278CAA80DB6ADF6C53F4FF4C27F4E086658B
Didier Stevens 