作为一个little noob写了两个小脚本给STEGA入门的同学。
第一个用来检测一下文件大致的信息,检查文件头尾,检测可疑文件头出现次数,查看文件的md5,sha1,crc32
from hashlib import md5,sha1
from zlib import crc32
from binascii import hexlify as h
import os
import sys
import subprocess
#read bin file
def judgefilehead(filename):
with open(filename, 'rb') as f:
s=h(f.read())
head=s[:16]
res=head
return res
def judgefiletail(filename):
with open(filename, 'rb') as f:
s=h(f.read())
tail=s[-16:]
res=tail
return res
#get suspect data
def judgefilecontent(filename):
jpghead = 'ffd8ff'
#jpgtail = 'ffd9'
pnghead = '89504e47'
#pngtail = 'ae426082'
gifhead = '474946'
giftail = '003b'
with open(filename, 'rb') as f:
s=f.read()
s=h(s)
if s.find(jpghead)==0 :
print 'potential jpeg'
print 'jpg head:',s.count(jpghead)
if s.find(pnghead)==0 :
print 'potential whole png'
print 'png head:',s.count(pnghead)
if s.find(gifhead)==0 :
print 'potential whole gif'
print 'gifsplit plz:'
os.system('gifsplitter2.0.exe')#use your own splitter's path
print 'content first search of images end'
f.close()
#get secret number
def getCrc32(filename):
with open(filename, 'rb') as f:
return (crc32(f.read()))&0xffffffff
def getMd5(filename):
mid=md5()
with open(filename, 'rb') as f:
mid.update(f.read())
return mid.hexdigest()
def getsha1(filename):
mid=sha1()
with open(filename, 'rb') as f:
mid.update(f.read())
return mid.hexdigest()
if len(sys.argv)<2:
print 'ENTER file plz!\n'
os._exit(0)
elif len(sys.argv)>2:
print 'ONLY ONE file to be examined!\n'
os._exit(0)
filename=sys.argv[1]
print '{:8} {}'.format('md5:',getMd5(filename))
print '{:8} {}'.format('sha1:',getsha1(filename))
print '{:8}{:x}'.format('crc32:',getCrc32(filename))
print 'head:',judgefilehead(filename)
print 'tail:',judgefiletail(filename)
judgefilecontent(filename)
print '\nplz start manual operation\n'
os.system('HWork32')#use your own hex-editor's path
上面这个脚本只列出了几个文件头,小伙伴们可以自己改一改
(记得要事先修改一下gifsplitter和hexeditor路径啊!!!否则出现找不到指定路径的情况)
接下来是浏览exif信息的脚本(日常查图片exif)
import exifread
import sys
import os
def exif(filename):
f=open(filename,'rb')
tags=exifread.process_file(f)
return tags
if len(sys.argv)<2:
print 'ENTER file plz!\n'
os._exit(0)
elif len(sys.argv)>2:
print 'ONLY ONE file to be examined!\n'
os._exit(0)
filename=sys.argv[1]
print 'exif is: ',exif(filename)
(脚本写的很丑,希望各位老哥不要嫌弃)
(希望以后能直接写个010出来)(手动滑稽)