High-performance Microsoft ESE (Extensible Storage Engine) database parser

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for ac-rn from gravatar.com ac-rn

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT OR Apache-2.0
  • Author: Claude Sonnet 4.5 (LOL no way im doin this by myself)
  • Tags ese , database , parser , forensics , edb
Report project as malware

Project description

ESE-RS

High-performance Microsoft ESE (Extensible Storage Engine) database parser written in Rust with Python bindings.

Features

  • 🚀 40x faster than Impacket's Python implementations
  • 🦀 Memory-safe Rust implementation
  • 🐍 Python bindings via PyO3
  • 📦 Zero-copy parsing where possible
  • 🔧 Cross-platform (Windows, Linux, macOS)
  • 🔍 Forensic carving for recovering UTF-16LE strings from unreferenced page slack

Installation

Python

pip install ese-parser

Rust

[dependencies]
ese-rs = "0.1"

Quick Start

Python

from ese_parser import EseDatabase

# Open database
db = EseDatabase("database.edb")

# List tables
for table in db.get_tables():
    print(table)

# Read table
records = db.read_table("MSysObjects")
for record in records:
    print(record)

# Forensic carving (UTF-16LE)
# Note: carved results may come from page slack and not correspond to live records.
hits = db.carve_utf16le_strings_scoped("slack", "hopto.org", min_chars=6, max_hits=50)
for h in hits:
    print(h)

Rust

use ese_rs::Database;

fn main() -> Result<(), Box<dyn std::error::Error>> {
    let db = Database::open("database.edb")?;
    
    let mut cursor = db.open_table(b"MSysObjects")?;
    while let Some(record) = cursor.next_row()? {
        println!("{:?}", record);
    }
    
    Ok(())
}

Documentation

Performance

Benchmark parsing 340,288+ records from 3 databases:

  • Python (Impacket): 82.12 seconds
  • Rust (ese-rs): 2.18 seconds
  • Speedup: 37.69x

Supported Database Types

  • Windows Search (.edb)
  • Active Directory (.dit)
  • Exchange (.edb)
  • SRUM (SRUDB.dat)
  • WebCache (WebCacheV*.dat)
  • Any ESE database (Windows 2003+)

License

Dual-licensed under MIT OR Apache-2.0.

Acknowledgments

Based on the ESE format specification and inspired by Impacket's ese.py implementation.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for ac-rn from gravatar.com ac-rn

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT OR Apache-2.0
  • Author: Claude Sonnet 4.5 (LOL no way im doin this by myself)
  • Tags ese , database , parser , forensics , edb

Release history Release notifications | RSS feed

This version

0.1.8

0.1.7

0.1.6

0.1.5

0.1.4

0.1.3

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distributions

If you're not sure about the file name format, learn more about wheel file names.

ese_parser-0.1.8-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl (467.4 kB view details)

Uploaded CPython 3.11manylinux: glibc 2.17+ ARM64

ese_parser-0.1.8-cp311-cp311-macosx_11_0_arm64.whl (446.6 kB view details)

Uploaded CPython 3.11macOS 11.0+ ARM64

ese_parser-0.1.8-cp311-cp311-macosx_10_12_x86_64.whl (460.6 kB view details)

Uploaded CPython 3.11macOS 10.12+ x86-64

ese_parser-0.1.8-cp310-cp310-win_amd64.whl (369.5 kB view details)

Uploaded CPython 3.10Windows x86-64

ese_parser-0.1.8-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (475.1 kB view details)

Uploaded CPython 3.10manylinux: glibc 2.17+ x86-64

ese_parser-0.1.8-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl (470.3 kB view details)

Uploaded CPython 3.10manylinux: glibc 2.17+ ARM64

ese_parser-0.1.8-cp310-cp310-macosx_11_0_arm64.whl (449.6 kB view details)

Uploaded CPython 3.10macOS 11.0+ ARM64

ese_parser-0.1.8-cp310-cp310-macosx_10_12_x86_64.whl (463.7 kB view details)

Uploaded CPython 3.10macOS 10.12+ x86-64

File details

Details for the file ese_parser-0.1.8-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl.

File metadata

File hashes

Hashes for ese_parser-0.1.8-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl
Algorithm Hash digest
SHA256 6734d402f3cef892d7d6c575c50a77296f9a8a96e523a5a19fec88379694cf82
MD5 9c564c48b80141b84ef8afd4cb8b6d96
BLAKE2b-256 957e2d6a407b2c6a6146d2cb96a613669c4e306d3fdae64f61043883ff532ec2

See more details on using hashes here.

File details

Details for the file ese_parser-0.1.8-cp311-cp311-macosx_11_0_arm64.whl.

File metadata

File hashes

Hashes for ese_parser-0.1.8-cp311-cp311-macosx_11_0_arm64.whl
Algorithm Hash digest
SHA256 f74df459568815dd5a1d231194271b5a31fd71bb3da4642ad44da6bad42f7d2e
MD5 b9cce228c6bd95908a307b6495578016
BLAKE2b-256 a780189a5ae6695339a3192802bc33215d58dd8f6efddc5db6115d10c863ef24

See more details on using hashes here.

File details

Details for the file ese_parser-0.1.8-cp311-cp311-macosx_10_12_x86_64.whl.

File metadata

File hashes

Hashes for ese_parser-0.1.8-cp311-cp311-macosx_10_12_x86_64.whl
Algorithm Hash digest
SHA256 d6e53022731caaa883316b1e9deb2ed925f2ffad927fbb22dd4a54aaa7ece834
MD5 86033e076ec48896a23b94ca7cfd8970
BLAKE2b-256 c719766adf0f89e2429671f7355b5f2bfb6b8eb373c5b966480ea9e428ba3037

See more details on using hashes here.

File details

Details for the file ese_parser-0.1.8-cp310-cp310-win_amd64.whl.

File metadata

File hashes

Hashes for ese_parser-0.1.8-cp310-cp310-win_amd64.whl
Algorithm Hash digest
SHA256 31a5c624e7f05af550072c05d62d10e5a3bac53cacb505ff78f73ceef1cfdd9b
MD5 d5d7af9c594ee12f21e2217992fc36cd
BLAKE2b-256 4287d7abce63a2d4d515b69f00a89fce12fb8294bd2e0a605e1ee3b9026ab5cb

See more details on using hashes here.

File details

Details for the file ese_parser-0.1.8-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.

File metadata

File hashes

Hashes for ese_parser-0.1.8-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Algorithm Hash digest
SHA256 dc1ccc265e90a38f3f0e1bf64bcf611b009ba046a17ca86ff38ad8c36bb36c22
MD5 dfbb0356f02142240d83f9d56196f3d5
BLAKE2b-256 416b79697903cb55f286ec332e60ab0866fd02188eeb781d7a4f3514a12bd8d7

See more details on using hashes here.

File details

Details for the file ese_parser-0.1.8-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl.

File metadata

File hashes

Hashes for ese_parser-0.1.8-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl
Algorithm Hash digest
SHA256 7de6c52677e6ddcf64be2c45b4d07a3344ad5afc878b682da1a77ef33e8a9362
MD5 a3d7528ecaa8f58c6c1f1f88139dea80
BLAKE2b-256 899b98581f0dd020fc11e60ade25991d951b03dfeb0a98e2b7d700f8b52851d0

See more details on using hashes here.

File details

Details for the file ese_parser-0.1.8-cp310-cp310-macosx_11_0_arm64.whl.

File metadata

File hashes

Hashes for ese_parser-0.1.8-cp310-cp310-macosx_11_0_arm64.whl
Algorithm Hash digest
SHA256 49aa922357341f4adf71712f9cf0132bbfe6f9cf96fc8487b3e418f83d7ed843
MD5 846a035a9d375a665033a83d6f81c3ff
BLAKE2b-256 8764a8be110dbb6507dd0fa60464fe51c20f0d9e9c73e5f6d31e76aa6b6ebc86

See more details on using hashes here.

File details

Details for the file ese_parser-0.1.8-cp310-cp310-macosx_10_12_x86_64.whl.

File metadata

File hashes

Hashes for ese_parser-0.1.8-cp310-cp310-macosx_10_12_x86_64.whl
Algorithm Hash digest
SHA256 18c9d940af431a5b79abb98f9fce98883573279c05d85b995cfdb5e1609a2ca4
MD5 e97f3dbadac6a5eb5aeb7076b2b7e7e2
BLAKE2b-256 79d11ed6836811c949252f7204edea26918aedd7f76b5b4e669a9019038eb480

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page