-
Notifications
You must be signed in to change notification settings - Fork 8
/
greenwhisper
114 lines (112 loc) · 5.29 KB
/
greenwhisper
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
#!/bin/bash
# Name: GREENWHISPER
# Author: xakepnz (https://github.com/xakepnz)
# Description: This script checks to see if there are any hidden strings in a file.
############################################################################################
echo ''
echo ' /###### /####### /######## /######## /## /##
/##__ ##| ##__ ##| ##_____/| ##_____/| ### | ##
| ## \__/| ## \ ##| ## | ## | ####| ##
| ## /####| #######/| ##### | ##### | ## ## ##
| ##|_ ##| ##__ ##| ##__/ | ##__/ | ## ####
| ## \ ##| ## \ ##| ## | ## | ##\ ###
| ######/| ## | ##| ########| ########| ## \ ##
\______/ |__/ |__/|________/|________/|__/ \__/
/## /## /## /## /###### /###### /####### /######## /#######
| ## /# | ##| ## | ##|_ ##_/ /##__ ##| ##__ ##| ##_____/| ##__ ##
| ## /###| ##| ## | ## | ## | ## \__/| ## \ ##| ## | ## \ ##
| ##/## ## ##| ######## | ## | ###### | #######/| ##### | #######/
| ####_ ####| ##__ ## | ## \____ ##| ##____/ | ##__/ | ##__ ##
| ###/ \ ###| ## | ## | ## /## \ ##| ## | ## | ## \ ##
| ##/ \ ##| ## | ## /######| ######/| ## | ########| ## | ##
|__/ \__/|__/ |__/|______/ \______/ |__/ |________/|__/ |__/
Link: https://www.github.com/xakepnz/GREENWHISPER
------------------------------------------------------'
#########################################################
# User Input:
#########################################################
echo ''
if [[ -z $1 ]]; then
echo '[!] No input given! Try: greenwhisper file.png'
printf '[!] Exiting...\n'
exit 1
fi
if [[ ! -e $1 ]] 2>/dev/null; then
echo '[!] "'$1'"' 'Not found! - Is the path correct?'
printf '[!] Exiting...\n'
exit 1
fi
echo '[+] Processing:' $1
#########################################################
# Pre-requisites:
#########################################################
printf '\n[+] Checking pre-requisites...\n'
if ! hash hexdump 2>/dev/null
then
echo '[!] xxd is not installed.'
printf '[!] Exiting...\n'
exit 1
fi
echo ' [*] xxd installed'
if ! hash strings 2>/dev/null
then
echo '[!] strings is not installed.'
printf '[!] Exiting...\n'
exit 1
fi
echo ' [*] Strings installed'
if ! hash egrep 2>/dev/null
then
echo '[!] EGrep is not installed.'
printf '[!] Exiting...\n'
exit 1
fi
echo ' [*] EGrep installed'
if ! hash exiftool 2>/dev/null
then
echo '[!] exiftool is not installed.'
printf '[!] Exiting...\n'
exit 1
fi
echo ' [*] Exiftool installed'
#########################################################
# Find the hidden strings:
#########################################################
printf '\n[+] Running GREENWHISPER...'
printf '\n [*] Creating folder: "output"'
mkdir -p output
printf '\n [*] Generating a hex dump, piping to: "output/hexdump_xxd"'
xxd $1 > output/hexdump_xxd
printf '\n [*] Extracting exif data, piping to: "output/exifdata"'
exiftool $1 > output/exifdata
printf '\n [*] Extracting file info, piping to: "output/file_info"'
file $1 > output/file_info
printf '\n [*] Extracting MD5 encoded strings, piping to: "output/md5_strings"'
strings $1 | egrep -o "\b[0-9a-f]{3,}\b" > output/md5_strings
printf '\n [*] Extracting http/s or FTP URLs, piping to: "output/http_strings"'
strings $1 | egrep "^((http[s]?|ftp):\/)?\/?([^:\/\s]+)((\/\w+)*\/)([\w\-\.]+[^#?\s]+)(.*)?(#[\w\-]+)?$" > output/http_strings
printf '\n [*] Extracting ASCII words, hostnames and domains, piping to: "output/ascii_strings"'
strings $1 | egrep "^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$" > output/ascii_strings
printf '\n [*] Extracting IPV4 addresses, piping to: "output/ipv4_strings"'
strings $1 | egrep "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$" > output/ipv4_strings
printf '\n [*] Extracting Bitcoin addresses, piping to: "output/bitcoin_addresses"'
strings $1 | egrep "^[13][a-km-zA-HJ-NP-Z0-9]{26,33}$" > output/bitcoin_addresses
printf '\n [*] Extracting integers, this includes hexidecimal strings, piping to: "output/integers"'
strings $1 | egrep "^[-+]?\d+$" > output/integers
printf '\n [*] Extracting email addresses, piping to: "output/email_addresses"'
strings $1 | egrep -o "\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,6}\b" > output/email_addresses
#printf '\n [*] Extracting binary strings, piping to: "output/binary_strings"'
# yet to do
#printf '\n [*] Extracting hexidecimal chars, piping to: "output/hex_strings"'
#strings $1 | egrep -o [A-Fa-f0-9] > output/hex_strings
printf '\n [*] Extracting URL Encoded strings, piping to: "output/url_encoding"'
strings $1 | egrep "(?!%22)[!@#$%^&*]" > output/url_encoding
printf '\n [*] Extracting Base64 encoded strings, piping to: "output/base64_strings"\n'
strings $1 | egrep -o "([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{2}==)" > output/base64_strings
#########################################################
# Print output directory to terminal:
#########################################################
printf '\n[+] Listing contents of output to terminal...\n\n'
ls -alh output/
printf '\n'
#########################################################