pyWhat is the easiest way to identify anything.
pip3 install pywhat && pywhat –help
What is this?
Imagine this: You come across some mysterious text 🧙♂️ 5f4dcc3b5aa765d61d8327deb882cf99 and you wonder what it is. What do you do?
Well, with what all you have to do is ask what "5f4dcc3b5aa765d61d8327deb882cf99" and what will tell you!
what‘s job is to identify what something is. Whether it be a file or text! Or even the hex of a file! What about text within files? We have that too! what is recursive, it will identify everything in text and more!
Use Cases
Wannacry
You come across a new piece of malware called WantToCry. You think back to Wannacry and remember it was stopped because a researcher found a kill-switch in the code.
When a domain, hardcoded into Wannacry, was registered the virus would stop.
You use What to identify all the domains in the malware, and use a domain registrar API to register all the domains. If Wannacry happens again, you can stop it in minutes – not weeks.
Faster Analysis Of Pcap Files
Say you have a .pcap file from a network attack. What can identify this and quickly find you:
With what, you can identify the important things in the pcap in seconds, not minutes.
Anything
Anytime you have a file and you want to find structured data in it that’s useful, What is for you.
Or if you come across some piece of text and you don’t know what it is, What will tell you.
File Opening You can pass in a file path by what 'this/is/a/file/path'. What is smart enough to figure out it’s a file!
What about a whole directory? What can handle that too! It will recursively search for files and output everything you need!
Filtration You can filter output by using what --rarity 0.2:0.8 --include_tags tag1,tag2 TEXT. Use what --help to get more information.
Sorting You can sort the output by using what -k rarity --reverse TEXT. Use what --help to get more information.
garak checks if an LLM can be made to fail in a way we don't…
Vermilion is a simple and lightweight CLI tool designed for rapid collection, and optional exfiltration…
ADCFFS is a PowerShell script that can be used to exploit the AD CS container…
Tartufo will, by default, scan the entire history of a git repository for any text…
Loco is strongly inspired by Rails. If you know Rails and Rust, you'll feel at…
A data hoarder’s dream come true: bundle any web page into a single HTML file.…