pyWhat is the easiest way to identify anything.
pip3 install pywhat && pywhat –help
What is this?
Imagine this: You come across some mysterious text 🧙♂️ 5f4dcc3b5aa765d61d8327deb882cf99 and you wonder what it is. What do you do?
Well, with what all you have to do is ask what "5f4dcc3b5aa765d61d8327deb882cf99" and what will tell you!
what‘s job is to identify what something is. Whether it be a file or text! Or even the hex of a file! What about text within files? We have that too! what is recursive, it will identify everything in text and more!
Use Cases
Wannacry
You come across a new piece of malware called WantToCry. You think back to Wannacry and remember it was stopped because a researcher found a kill-switch in the code.
When a domain, hardcoded into Wannacry, was registered the virus would stop.
You use What to identify all the domains in the malware, and use a domain registrar API to register all the domains. If Wannacry happens again, you can stop it in minutes – not weeks.
Faster Analysis Of Pcap Files
Say you have a .pcap file from a network attack. What can identify this and quickly find you:
With what, you can identify the important things in the pcap in seconds, not minutes.
Anything
Anytime you have a file and you want to find structured data in it that’s useful, What is for you.
Or if you come across some piece of text and you don’t know what it is, What will tell you.
File Opening You can pass in a file path by what 'this/is/a/file/path'. What is smart enough to figure out it’s a file!
What about a whole directory? What can handle that too! It will recursively search for files and output everything you need!
Filtration You can filter output by using what --rarity 0.2:0.8 --include_tags tag1,tag2 TEXT. Use what --help to get more information.
Sorting You can sort the output by using what -k rarity --reverse TEXT. Use what --help to get more information.
The cp command, short for "copy," is the main Linux utility for duplicating files and directories. Whether…
Introduction In digital investigations, images often hold more information than meets the eye. With the…
The cat command short for concatenate, It is a fast and versatile tool for viewing and merging…
What is a Port? A port in networking acts like a gateway that directs data…
The ls command is fundamental for anyone working with Linux. It’s used to display the files and…
The pwd (Print Working Directory) command is essential for navigating the Linux filesystem. It instantly shows your…