//todo maybe refactor this into a display method with a title parameter and not found string
public static void DisplayIPv4s(List <string> foundStrings)
{
List <Match> foundIPs = FAStrings.ParseIPv4(foundStrings);
Console.WriteLine("\n\n++++++++Found IPs++++++++");
foreach (var s in foundIPs)
{
//Console.WriteLine("\t" + s.Value);
Console.WriteLine(PythonScript.GeoipCheck(s.Value));
}
if (foundIPs.Count == 0)
{
Console.WriteLine("\tNo IPv4 addresses found.");
}
}
/// <summary>
/// Display the hashes of the file
/// </summary>
/// <param name="fileName"></param>
public static void DisplayHashes(string fileName)
{
using (FileStream fileStream = File.OpenRead(fileName))
{
Console.WriteLine("\n\n++++++++Hashes++++++++");
try
{
FileInfo info = new FileInfo(fileName);
long size = info.Length;
byte[] buffer = new byte[size]; //buffer for file
fileStream.Seek(0, SeekOrigin.Begin); //start at beginning then
fileStream.Read(buffer, 0, (int)size);
using (MD5 md5 = MD5.Create())
{
byte[] md5Hash = md5.ComputeHash(buffer);
Console.WriteLine("\tMD5: " + BitConverter.ToString(md5Hash).Replace("-", String.Empty));
}
using (SHA1 sha1 = SHA1.Create())
{
byte[] sha1Hash = sha1.ComputeHash(buffer);
Console.WriteLine("\tSHA1: " + BitConverter.ToString(sha1Hash).Replace("-", String.Empty));
}
using (SHA512 sha512 = SHA512.Create())
{
byte[] sha512Hash = sha512.ComputeHash(buffer);
Console.WriteLine("\tSHA512: " + BitConverter.ToString(sha512Hash).Replace("-", String.Empty));
}
using (SHA384 sha384 = SHA384.Create())
{
byte[] sha384Hash = sha384.ComputeHash(buffer);
Console.WriteLine("\tSHA384: " + BitConverter.ToString(sha384Hash).Replace("-", String.Empty));
}
using (SHA256 sha256 = SHA256.Create())
{
byte[] sha256Hash = sha256.ComputeHash(buffer);
Console.WriteLine("\tSHA256: " + BitConverter.ToString(sha256Hash).Replace("-", String.Empty));
}
Console.WriteLine("\tSSDEEP: " + PythonScript.PPDeepHash(fileName)); //execute python script for ssdeep hash.
}
catch
{
Console.WriteLine("Error trying to compute hash");
}
}
}
/// <summary>
/// Main handles for scanning a file. Takes in the configurations bools to handle what to execute on file.
/// </summary>
/// <param name="filename">file name</param>
/// <param name="yaraScan">yara scan file</param>
/// <param name="stringSearch">search for strings</param>
/// <param name="guessFile">attempt to identify file</param>
/// <param name="pii">search for pii</param>
public static void ScanFile(string filename, bool yaraScan, bool stringSearch, bool guessFile, bool pii)
{
if (File.Exists(filename))
{
FileInfo fInfo = new FileInfo(filename);
FAFileInfo.PrintFileInfo(fInfo);
FAFileInfo.DisplayHashes(filename);
if (guessFile)
{
GuessFileFormat.Guess(filename);
}
List <string> foundStrings = new List <string>();
if (stringSearch)
{
FAStrings.GetStrings(filename, STRING_THRESHOLD, ref foundStrings);
FAStrings.DisplayDLLs(foundStrings);
FAStrings.DisplayIPv4s(foundStrings);
FAStrings.DisplayWebsites(foundStrings);
FAStrings.DisplayErrors(foundStrings);
}
if (pii)
{
if (foundStrings.Count == 0)
{
FAStrings.GetStrings(filename, STRING_THRESHOLD, ref foundStrings);
}
FAStrings.DisplayPhoneNumbers(foundStrings);
FAStrings.DisplaySSNs(foundStrings);
FAStrings.DisplayEmails(foundStrings);
}
if (yaraScan)
{
string s = PythonScript.YaraScan(filename);
Console.WriteLine(s);
}
}
else
{
throw new FileNotFoundException("Please enter a filename with the correct/full path.");
}
}