PESTO is a Python script that extracts and saves in a database some PE file security characteristics or flags searching for every PE binary in a whole directory, and saving results in a database.
PESTO checks for architecture flag in the header, and for the following security flags: ASLR, NO_SEH, DEP and CFG. Code is clear enough to modify flags and formats to your own needs.
Functionality
The script just needs a path and a tag. The program will go through the path and subdirectories searching for .DLL and .EXE files and extracting the flags in the PE header (thanks to PEfile python library).
Also Read – Pockint : A Portable OSINT Swiss Army Knife for DFIR/OSINT Professionals
The program requires a tag that will be used as a suffix for logs and database filenames, so different analysis can be done in the same directory.
The information provided by the script is:
It will create as well a .db file which is a sqlite file with the information collected.
The cp command, short for "copy," is the main Linux utility for duplicating files and directories. Whether…
Introduction In digital investigations, images often hold more information than meets the eye. With the…
The cat command short for concatenate, It is a fast and versatile tool for viewing and merging…
What is a Port? A port in networking acts like a gateway that directs data…
The ls command is fundamental for anyone working with Linux. It’s used to display the files and…
The pwd (Print Working Directory) command is essential for navigating the Linux filesystem. It instantly shows your…