Quick PE file format dissection utility
Project description
Percer
Percer is a Portable Executable (PE) file format dissection utility and library which I use to quickly get information about Windows executables. Percer functions as both a command-line interface (CLI) utility and a library, allowing researchers to extract key information from PE files (metadata, sections, imports/exports, certificates). It comes with a VirusTotal search functionality which enables the user to run custom queries and download files.
🌟 Features
-
Dual Mode: Operate as a standalone tool or integrate as a library.
-
PE Analysis: Parse Imports, Exports, Sections, and Certificate information (wraps around Python pefile).
-
VirusTotal Integration: Query file hashes and download samples to files / byte streams.
-
Flexible Inputs: Analyze local files by path or remote samples by hash.
🛠 Installation
Install Percer with pip.
py -m pip install percer
📖 Configuration
Percer VirusTotal searching functionality requires a valid API key which has to be set as environment variable.
- Windows (cmd)
set VT_API_KEY=API_key_goes_here
- Linux
export VT_API_KEY='API key goes here'
🚀 CLI Usage
Percer provides a simple command-line interface.
Help Menu
C:\>percer --help
usage: percer <PE file> [-h] (-F FILE | -H HASH) [-a] [-e] [-i] [-s] [-c] [-q]
options:
-h, --help show this help message and exit
-F FILE, --file FILE Target file
-H HASH, --hash HASH Target hash (VirusTotal Search requires VT_API_KEY)
-a, --all Show all info
-e, --exports List exports
-i, --imports List imports
-s, --sections List sections
-c, --certificates Get certificates information
-q, --quiet Do not print the banner
Examples
Analyze a local file
percer -F samples.exe
Query hash on VirusTotal
percer -H <sha256/sha1/md5/Authentihash>
CLI output preview
📦 Library Usage
Percer can be imported into Python projects.
from percer.analyzer import PEAnalyzer
from percer.virustotal import VirusTotal
with open('hashes.txt', 'r') as f:
hashes = [line.strip() for line in f]
with VirusTotal() as scanner:
for input_hash in hashes:
try:
content = scanner.get_content(scanner.resolve_hash(input_hash))
pex_object = PEAnalyzer.from_bytes(content)
print(f"Product Name of {input_hash} is {pex_object.product_name}")
except Exception as E:
print(E)
pass
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file percer-0.1.0.tar.gz.
File metadata
- Download URL: percer-0.1.0.tar.gz
- Upload date:
- Size: 11.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
00296a9a199d27a1bae0c63e1c15409892000ce0f0206aed1e7ae09710dbd4db
|
|
| MD5 |
a223f90008282984537ca74f527f6da5
|
|
| BLAKE2b-256 |
0dcaa2238b50008bc706785452fd77e7e3dd0e6faa0af443688899cf2aeb6115
|
File details
Details for the file percer-0.1.0-py3-none-any.whl.
File metadata
- Download URL: percer-0.1.0-py3-none-any.whl
- Upload date:
- Size: 11.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
44d99e6dd670e44d27f10f3d704e68bb55b9e9afc9d93364b310ea0f55a10427
|
|
| MD5 |
6d6469e1684f31255b042deccc4923e4
|
|
| BLAKE2b-256 |
d49cbdd76f3fc13581e0745af26779c90620458251583f19d71c7ffab1a99b52
|
