コード例 #1
0
 /// <summary>
 /// Print out bytes of a file header.
 /// </summary>
 /// <param name="fileName">file to read</param>
 /// <param name="numBytes">number of bytes to read</param>
 public static void PrintFileHeaderBytes(string fileName, int numBytes)
 {
     using (FileStream fileStream = File.OpenRead(fileName))
     {
         try
         {
             byte[] buffer = new byte[numBytes];
             fileStream.Seek(0, SeekOrigin.Begin);
             fileStream.Read(buffer, 0, numBytes);
             Console.WriteLine(GuessFileFormat.BToChar(buffer));
         }
         catch (Exception ex)
         {
             Console.WriteLine("Error encountered when reading file");
             Console.WriteLine(ex.Message);
         }
     }
 }
コード例 #2
0
ファイル: Program.cs プロジェクト: w4ld/FileAnalyzer
        /// <summary>
        /// Main handles for scanning a file. Takes in the configurations bools to handle what to execute on file.
        /// </summary>
        /// <param name="filename">file name</param>
        /// <param name="yaraScan">yara scan file</param>
        /// <param name="stringSearch">search for strings</param>
        /// <param name="guessFile">attempt to identify file</param>
        /// <param name="pii">search for pii</param>
        public static void ScanFile(string filename, bool yaraScan, bool stringSearch, bool guessFile, bool pii)
        {
            if (File.Exists(filename))
            {
                FileInfo fInfo = new FileInfo(filename);
                FAFileInfo.PrintFileInfo(fInfo);
                FAFileInfo.DisplayHashes(filename);

                if (guessFile)
                {
                    GuessFileFormat.Guess(filename);
                }

                List <string> foundStrings = new List <string>();

                if (stringSearch)
                {
                    FAStrings.GetStrings(filename, STRING_THRESHOLD, ref foundStrings);
                    FAStrings.DisplayDLLs(foundStrings);
                    FAStrings.DisplayIPv4s(foundStrings);
                    FAStrings.DisplayWebsites(foundStrings);
                    FAStrings.DisplayErrors(foundStrings);
                }
                if (pii)
                {
                    if (foundStrings.Count == 0)
                    {
                        FAStrings.GetStrings(filename, STRING_THRESHOLD, ref foundStrings);
                    }
                    FAStrings.DisplayPhoneNumbers(foundStrings);
                    FAStrings.DisplaySSNs(foundStrings);
                    FAStrings.DisplayEmails(foundStrings);
                }
                if (yaraScan)
                {
                    string s = PythonScript.YaraScan(filename);
                    Console.WriteLine(s);
                }
            }
            else
            {
                throw new FileNotFoundException("Please enter a filename with the correct/full path.");
            }
        }
コード例 #3
0
        public static void Guess(string filename)
        {
            Console.WriteLine("\n\n++++++++Magic File Headers Matches++++++++");
            List <FASignature> sigs = GuessFileFormat.ReadFileHeaders(filename);

            if (sigs.Count == 1) //easy no duplicate IDs
            {
                Console.WriteLine("\t" + sigs[0].ToString());
            }
            else if (sigs.Count > 1)
            {
                //TODO handle this so that if check zip has occured then filter accordingly
                //Refactor this into something for zips
                //TODO do the same for other formats.
                FASignature fasig;
                bool?       scrutenize = null;
                foreach (var sig in sigs)
                {
                    if (sig.HexSignature == "50 4B 03 04")    //this is the first match in the database for zip
                    {
                        //prompt to interrogate further
                        if (scrutenize == null)
                        {
                            scrutenize = FAUtilities.GetUserInput("Ambiguous File Header.\n Would you like to interrogate further?");
                        }
                        else if ((bool)scrutenize)
                        {
                            fasig = IdentifyZip(filename);
                            if (fasig != null)
                            {
                                Console.WriteLine("\t" + fasig.ToString(full: true));
                                break;
                            }
                            else
                            {
                                Console.WriteLine("\t" + sig.ToString(full: true));
                            }
                        }
                        else
                        {
                            Console.WriteLine("\t" + sig.ToString(full: true));
                        }
                    }
                    else if (sig.HexSignature == "FF D8 FF E0")
                    {
                        if (scrutenize == null)
                        {
                            scrutenize = FAUtilities.GetUserInput("Ambiguous File Header.\n Would you like to interrogate further?");
                        }
                        else if ((bool)scrutenize)
                        {
                            fasig = IdentifyJPEG(filename);
                            Console.WriteLine("\t" + fasig.ToString(full: true));
                            break;
                        }
                        else
                        {
                            Console.WriteLine("\t" + sig.ToString(full: true));
                        }
                    }   //jpeg
                    //insert other scrutinization here.
                    else
                    {
                        Console.WriteLine("\t" + sig.ToString(full: true));
                    }
                }
            }
            else
            {
                //TODO no specific matches. heres where to write methods to scrutenize files without headers.
                if (!TestTSQL(filename))
                {
                    Console.WriteLine("\tNo Header Matched in DB. Possible ambiguous file type.");
                }
            }
            Console.WriteLine("\n");
        }