Semantic strings based on tree-sitter

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for AirbusCERT from gravatar.com AirbusCERT

Unverified details

These details have not been verified by PyPI
Meta
  • Requires: Python >=3.8
Classifiers
Report project as malware

Project description

pyscrings

Python bindings for scrings powered by PyO3 and maturin

scrings is a strings utility that will output only semantically valid strings based on tree-sitter grammar. For each script language we made a list of semantic nodes discriminant enough to detect the target language.

The main purpose is to support volatility.

Install

pyscrings is available on PyPi:

pip install pyscrings

Usage

pyscrings is using FileObject interface and will output a generator.

from pyscrings import powershell, javascript, php, bash, python, sql

with open("path_to_dump", "rb") as f:
    for (offset, match) in powershell(f):
        print((offset, repr(match)))

Another example using a BytesIO buffer :

import pyscrings, io
list(pyscrings.sql(io.BytesIO(b"********* select * from table *************"), 4))

[(10, 'select * from table')]

Docs

Powershell

def powershell(buffer : BinaryIO, step: Optional[int]) -> Generator[(int, str)]:
    '''
    Powershell strings with semantic validation
    
    :param buffer: input buffer to parse
    :param step: strings step use to find printable strings (default = 20)
    :returns: genrator of offset, valid powershell strings
    '''

Sql

def sql(buffer : BinaryIO, step: Optional[int]) -> Generator[(int, str)]:
    '''
    SQL strings with semantic validation
    
    :param buffer: input buffer to parse
    :param step: strings step use to find printable strings (default = 20)
    :returns: genrator of offset, valid sql strings
    '''

Javascript

def javascript(buffer : BinaryIO, step: Optional[int]) -> Generator[(int, str)]:
    '''
    Javascript strings with semantic validation
    
    :param buffer: input buffer to parse
    :param step: strings step use to find printable strings (default = 20)
    :returns: genrator of offset, valid javascript strings
    '''

Bash

def bash(buffer : BinaryIO, step: Optional[int]) -> Generator[(int, str)]:
    '''
    Bash strings with semantic validation
    
    :param buffer: input buffer to parse
    :param step: strings step use to find printable strings (default = 20)
    :returns: genrator of offset, valid bash strings
    '''

PHP

def php(buffer : BinaryIO, step: Optional[int]) -> Generator[(int, str)]:
    '''
    PHP strings with semantic validation
    
    :param buffer: input buffer to parse
    :param step: strings step use to find printable strings (default = 20)
    :returns: genrator of offset, valid php strings
    '''

Python

def python(buffer : BinaryIO, step: Optional[int]) -> Generator[(int, str)]:
    '''
    Python strings with semantic validation
    
    :param buffer: input buffer to parse
    :param step: strings step use to find printable strings (default = 20)
    :returns: genrator of offset, valid python strings
    '''

Build

pyscrings is powered by maturin

git clone https://github.com/airbus-cert/scrings
cd scrings\pyscrings

pip install maturin
maturin build --profile release

pip install target\wheels\*.whl

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for AirbusCERT from gravatar.com AirbusCERT

Unverified details

These details have not been verified by PyPI
Meta
  • Requires: Python >=3.8
Classifiers

Release history Release notifications | RSS feed

This version

0.1.6

0.1.5

0.1.4

0.1.3

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distributions

If you're not sure about the file name format, learn more about wheel file names.

pyscrings-0.1.6-cp38-abi3-win_amd64.whl (998.1 kB view details)

Uploaded CPython 3.8+Windows x86-64

pyscrings-0.1.6-cp38-abi3-manylinux_2_34_x86_64.whl (1.2 MB view details)

Uploaded CPython 3.8+manylinux: glibc 2.34+ x86-64

File details

Details for the file pyscrings-0.1.6-cp38-abi3-win_amd64.whl.

File metadata

  • Download URL: pyscrings-0.1.6-cp38-abi3-win_amd64.whl
  • Upload date:
  • Size: 998.1 kB
  • Tags: CPython 3.8+, Windows x86-64
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.0.1 CPython/3.10.5

File hashes

Hashes for pyscrings-0.1.6-cp38-abi3-win_amd64.whl
Algorithm Hash digest
SHA256 af5fc2992c95ba3ae379cfef1cd60bc626fd12a5e0eeb6fa480d0cd2d9506d3a
MD5 d09c85d6c25253b71d23220b2a33aa29
BLAKE2b-256 45c672ba21c6907ef1efa9789075a1ef816e281b589d3738067ef32d591d5265

See more details on using hashes here.

File details

Details for the file pyscrings-0.1.6-cp38-abi3-manylinux_2_34_x86_64.whl.

File metadata

File hashes

Hashes for pyscrings-0.1.6-cp38-abi3-manylinux_2_34_x86_64.whl
Algorithm Hash digest
SHA256 76a5ba66d69d0e8056215c9749c6e4098b882f256d0b8d26bd9f09c82d1197d1
MD5 da0be24e94b6c35f82d7be9d47eb514e
BLAKE2b-256 fbf566a99495f087b16e739ff87d0af4e927bb33d81c0c40f2b79b250ec3cb0b

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page