pyWhat is the easiest way to identify anything.
pip3 install pywhat && pywhat –help
What is this?
Imagine this: You come across some mysterious text 🧙♂️ 5f4dcc3b5aa765d61d8327deb882cf99 and you wonder what it is. What do you do?
Well, with what all you have to do is ask what "5f4dcc3b5aa765d61d8327deb882cf99" and what will tell you!
what‘s job is to identify what something is. Whether it be a file or text! Or even the hex of a file! What about text within files? We have that too! what is recursive, it will identify everything in text and more!
Use Cases
Wannacry
You come across a new piece of malware called WantToCry. You think back to Wannacry and remember it was stopped because a researcher found a kill-switch in the code.
When a domain, hardcoded into Wannacry, was registered the virus would stop.
You use What to identify all the domains in the malware, and use a domain registrar API to register all the domains. If Wannacry happens again, you can stop it in minutes – not weeks.
Faster Analysis Of Pcap Files
Say you have a .pcap file from a network attack. What can identify this and quickly find you:
With what, you can identify the important things in the pcap in seconds, not minutes.
Anything
Anytime you have a file and you want to find structured data in it that’s useful, What is for you.
Or if you come across some piece of text and you don’t know what it is, What will tell you.
File Opening You can pass in a file path by what 'this/is/a/file/path'. What is smart enough to figure out it’s a file!
What about a whole directory? What can handle that too! It will recursively search for files and output everything you need!
Filtration You can filter output by using what --rarity 0.2:0.8 --include_tags tag1,tag2 TEXT. Use what --help to get more information.
Sorting You can sort the output by using what -k rarity --reverse TEXT. Use what --help to get more information.
shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…
Extract and execute a PE embedded within a PNG file using an LNK file. The…
Embark on the journey of becoming a certified Red Team professional with our definitive guide.…
This repository contains proof of concept exploits for CVE-2024-5836 and CVE-2024-6778, which are vulnerabilities within…
This took me like 4 days (+2 days for an update), but I got it…
MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection. Its foundation is…