Skip to main content

Quick PE file format dissection utility

Project description

Percer

GitHub License Python Version GitHub Last Commit GitHub Issues GitHub Stars

Percer is a Portable Executable (PE) file format dissection utility and library which I use to quickly get information about Windows executables. Percer functions as both a command-line interface (CLI) utility and a library, allowing researchers to extract key information from PE files (metadata, sections, imports/exports, certificates). It comes with a VirusTotal search functionality which enables the user to run custom queries and download files.

🌟 Features

  • Dual Mode: Operate as a standalone tool or integrate as a library.

  • PE Analysis: Parse Imports, Exports, Sections, and Certificate information (wraps around Python pefile).

  • VirusTotal Integration: Query file hashes and download samples to files / byte streams.

  • Flexible Inputs: Analyze local files by path or remote samples by hash.

🛠 Installation

Install Percer with pip.

py -m pip install percer

📖 Configuration

Percer VirusTotal searching functionality requires a valid API key which has to be set as environment variable.

  • Windows (cmd)
set VT_API_KEY=API_key_goes_here
  • Linux
export VT_API_KEY='API key goes here'

🚀 CLI Usage

Percer provides a simple command-line interface.

Help Menu

C:\>percer --help
usage: percer <PE file> [-h] (-F FILE | -H HASH) [-a] [-e] [-i] [-s] [-c] [-q]

options:
  -h, --help            show this help message and exit
  -F FILE, --file FILE  Target file
  -H HASH, --hash HASH  Target hash (VirusTotal Search requires VT_API_KEY)
  -a, --all             Show all info
  -e, --exports         List exports
  -i, --imports         List imports
  -s, --sections        List sections
  -c, --certificates    Get certificates information
  -q, --quiet           Do not print the banner

Examples

Analyze a local file

percer -F samples.exe

Query hash on VirusTotal

percer -H <sha256/sha1/md5/Authentihash>

CLI output preview

📦 Library Usage

Percer can be imported into Python projects.

from percer.analyzer import PEAnalyzer
from percer.virustotal import VirusTotal

with open('hashes.txt', 'r') as f:
  hashes = [line.strip() for line in f]

with VirusTotal() as scanner:
  for input_hash in hashes:
    try:
      content = scanner.get_content(scanner.resolve_hash(input_hash))
      pex_object = PEAnalyzer.from_bytes(content)
      print(f"Product Name of {input_hash} is {pex_object.product_name}")
    except Exception as E:
      print(E)
      pass

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

percer-0.3.1.tar.gz (12.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

percer-0.3.1-py3-none-any.whl (12.5 kB view details)

Uploaded Python 3

File details

Details for the file percer-0.3.1.tar.gz.

File metadata

  • Download URL: percer-0.3.1.tar.gz
  • Upload date:
  • Size: 12.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for percer-0.3.1.tar.gz
Algorithm Hash digest
SHA256 a63ebfa85f8033eb1d6be73d64751ed77c8ece9f2c07a2166f3100098ed7219c
MD5 b3c43eb14ac63fc1f1836f22538a2da2
BLAKE2b-256 8742fbc6234ca47c2dccb0b8d66c5f513696374f952986f20790f8afaf29eb48

See more details on using hashes here.

Provenance

The following attestation bundles were made for percer-0.3.1.tar.gz:

Publisher: publish.yml on lem0nSec/Percer

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file percer-0.3.1-py3-none-any.whl.

File metadata

  • Download URL: percer-0.3.1-py3-none-any.whl
  • Upload date:
  • Size: 12.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for percer-0.3.1-py3-none-any.whl
Algorithm Hash digest
SHA256 85b1ab57b5f5e4c199cc383279874e877c0ce8bbd344fcb168acca88a69c1fd1
MD5 2ae959b0e3dd3f15a792d4dbb1dc83ec
BLAKE2b-256 a905206f360d276cb5fe099704d5cb5ad49cde8ae2aedeae29f7686c008f96a7

See more details on using hashes here.

Provenance

The following attestation bundles were made for percer-0.3.1-py3-none-any.whl:

Publisher: publish.yml on lem0nSec/Percer

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page