Exemple #1
0
        //todo maybe refactor this into a display method with a title parameter and not found string
        public static void DisplayIPv4s(List <string> foundStrings)
        {
            List <Match> foundIPs = FAStrings.ParseIPv4(foundStrings);

            Console.WriteLine("\n\n++++++++Found IPs++++++++");
            foreach (var s in foundIPs)
            {
                //Console.WriteLine("\t" + s.Value);
                Console.WriteLine(PythonScript.GeoipCheck(s.Value));
            }
            if (foundIPs.Count == 0)
            {
                Console.WriteLine("\tNo IPv4 addresses found.");
            }
        }
Exemple #2
0
 /// <summary>
 /// Display the hashes of the file
 /// </summary>
 /// <param name="fileName"></param>
 public static void DisplayHashes(string fileName)
 {
     using (FileStream fileStream = File.OpenRead(fileName))
     {
         Console.WriteLine("\n\n++++++++Hashes++++++++");
         try
         {
             FileInfo info   = new FileInfo(fileName);
             long     size   = info.Length;
             byte[]   buffer = new byte[size];     //buffer for file
             fileStream.Seek(0, SeekOrigin.Begin); //start at beginning then
             fileStream.Read(buffer, 0, (int)size);
             using (MD5 md5 = MD5.Create())
             {
                 byte[] md5Hash = md5.ComputeHash(buffer);
                 Console.WriteLine("\tMD5:    " + BitConverter.ToString(md5Hash).Replace("-", String.Empty));
             }
             using (SHA1 sha1 = SHA1.Create())
             {
                 byte[] sha1Hash = sha1.ComputeHash(buffer);
                 Console.WriteLine("\tSHA1:   " + BitConverter.ToString(sha1Hash).Replace("-", String.Empty));
             }
             using (SHA512 sha512 = SHA512.Create())
             {
                 byte[] sha512Hash = sha512.ComputeHash(buffer);
                 Console.WriteLine("\tSHA512: " + BitConverter.ToString(sha512Hash).Replace("-", String.Empty));
             }
             using (SHA384 sha384 = SHA384.Create())
             {
                 byte[] sha384Hash = sha384.ComputeHash(buffer);
                 Console.WriteLine("\tSHA384: " + BitConverter.ToString(sha384Hash).Replace("-", String.Empty));
             }
             using (SHA256 sha256 = SHA256.Create())
             {
                 byte[] sha256Hash = sha256.ComputeHash(buffer);
                 Console.WriteLine("\tSHA256: " + BitConverter.ToString(sha256Hash).Replace("-", String.Empty));
             }
             Console.WriteLine("\tSSDEEP: " + PythonScript.PPDeepHash(fileName)); //execute python script for ssdeep hash.
         }
         catch
         {
             Console.WriteLine("Error trying to compute hash");
         }
     }
 }
Exemple #3
0
        /// <summary>
        /// Main handles for scanning a file. Takes in the configurations bools to handle what to execute on file.
        /// </summary>
        /// <param name="filename">file name</param>
        /// <param name="yaraScan">yara scan file</param>
        /// <param name="stringSearch">search for strings</param>
        /// <param name="guessFile">attempt to identify file</param>
        /// <param name="pii">search for pii</param>
        public static void ScanFile(string filename, bool yaraScan, bool stringSearch, bool guessFile, bool pii)
        {
            if (File.Exists(filename))
            {
                FileInfo fInfo = new FileInfo(filename);
                FAFileInfo.PrintFileInfo(fInfo);
                FAFileInfo.DisplayHashes(filename);

                if (guessFile)
                {
                    GuessFileFormat.Guess(filename);
                }

                List <string> foundStrings = new List <string>();

                if (stringSearch)
                {
                    FAStrings.GetStrings(filename, STRING_THRESHOLD, ref foundStrings);
                    FAStrings.DisplayDLLs(foundStrings);
                    FAStrings.DisplayIPv4s(foundStrings);
                    FAStrings.DisplayWebsites(foundStrings);
                    FAStrings.DisplayErrors(foundStrings);
                }
                if (pii)
                {
                    if (foundStrings.Count == 0)
                    {
                        FAStrings.GetStrings(filename, STRING_THRESHOLD, ref foundStrings);
                    }
                    FAStrings.DisplayPhoneNumbers(foundStrings);
                    FAStrings.DisplaySSNs(foundStrings);
                    FAStrings.DisplayEmails(foundStrings);
                }
                if (yaraScan)
                {
                    string s = PythonScript.YaraScan(filename);
                    Console.WriteLine(s);
                }
            }
            else
            {
                throw new FileNotFoundException("Please enter a filename with the correct/full path.");
            }
        }