SHARE
TWEET

appended file scanner

cornarx Feb 26th, 2013 1,408 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # This script scans for images that have data appended to them
  2. # and copies the images and the appended data to the folder appended-file-scanner-discoveries
  3. # with log at appended-file-scanner-log.txt
  4. #
  5. # Download from http://pastebin.com/raw.php?i=L3V9HxFh
  6. # and save as scanner.py
  7. #
  8. # You can simply save it to the folder you want to scan and run it.
  9. #
  10. # To scan specific files/folders, drag them to the script, or type
  11. #   scanner.py files-or-folders-to-scan
  12. # at the command line.
  13. #
  14. # You need to have Python installed for this to work -- available from http://python.org/
  15. # Either Python 2.3+ or Python 3.* should work.
  16.  
  17. import sys, os, shutil, struct, traceback
  18. if sys.version_info[0] < 3:
  19.     ascii = repr
  20.     input = raw_input
  21.  
  22. def color_table_length(c):
  23.     """Read the flags in a GIF file to get the length of the color table."""
  24.     if c & 0x80:
  25.         return 3 << ((c & 0x07) + 1)
  26.     else:
  27.         return 0
  28.  
  29. def end_of_blocks(data, start):
  30.     """Find the end of a sequence of GIF data sub-blocks."""
  31.     i = start
  32.     while i < len(data):
  33.         if data[i] == 0:
  34.             return i + 1
  35.         else:
  36.             i += data[i] + 1
  37.     return len(data)
  38.  
  39. def gif_end(data):
  40.     """Find the end of GIF data in a file."""
  41.     if type(data) == str:
  42.         data2 = [ord(c) for c in data]
  43.     else:
  44.         data2 = data
  45.     if len(data) <= 10:
  46.         return len(data)
  47.     i = color_table_length(data2[10]) + 13
  48.     while i < len(data):
  49.         if data2[i] == 0x2c:
  50.             i += 9
  51.             if i >= len(data):
  52.                 return len(data)
  53.             i += color_table_length(data2[i]) + 2
  54.             i = end_of_blocks(data2, i)
  55.         elif data2[i] == 0x21:
  56.             i = end_of_blocks(data2, i+2)
  57.         elif data2[i] == 0x3b:
  58.             return i + 1
  59.         else:
  60.             return i
  61.     return min(i, len(data))
  62.  
  63. def jpg_end(data):
  64.     """Find the end of JPEG data in a file."""
  65.     if type(data) == str:
  66.         data2 = [ord(c) for c in data]
  67.     else:
  68.         data2 = data
  69.     i = 2
  70.     while i + 2 <= len(data):
  71.         if data2[i] == 0xff and data2[i+1] >= 0xc0:
  72.             if data2[i+1] == 0xd9:
  73.                 return i + 2
  74.             elif data2[i+1] == 0xd8:
  75.                 return i
  76.             elif 0xd0 <= data2[i+1] <= 0xd7:
  77.                 i += 2
  78.             else:
  79.                 if i + 4 > len(data):
  80.                     return len(data)
  81.                 i += struct.unpack('>H', data[i+2:i+4])[0] + 2
  82.         else:
  83.             i += 1
  84.     return min(i, len(data))
  85.  
  86. def png_end(data):
  87.     """Find the end of PNG data in a file."""
  88.     i = 8
  89.     while i + 8 < len(data):
  90.         length, chunk_type = struct.unpack('>LL', data[i:i+8])
  91.         if chunk_type == 1229278788: # IEND
  92.             return min(i + 12, len(data))
  93.         i += length + 12
  94.     return min(i, len(data))
  95.  
  96. def image_end(data):
  97.     """Find the end of the image data in a file."""
  98.     magic = data[:8]
  99.     if type(magic) != str:
  100.         magic = magic.decode('latin_1')
  101.     if magic.startswith('GIF87a') or magic.startswith('GIF89a'):
  102.         return gif_end(data)
  103.     elif magic.startswith('\xFF\xD8'):
  104.         return jpg_end(data)
  105.     elif magic.startswith('\x89PNG\x0D\x0A\x1A\x0A'):
  106.         return png_end(data)
  107.     else:
  108.         return len(data) # Report no appended data for non-images
  109.  
  110. def scan(fullname, outpath, logwrite):
  111.     """
  112.    Scan file named fullname for appended content.  If found:
  113.      copy file and appended content to outpath
  114.      report details to logwrite function
  115.      return True
  116.    """
  117.     f = open(fullname, 'rb')
  118.     try:
  119.         data = f.read()
  120.     finally:
  121.         f.close()
  122.     eoi = image_end(data)
  123.     if eoi == len(data):
  124.         return False
  125.     logwrite(fullname)
  126.     logwrite('found %d bytes starting with:' % (len(data) - eoi))
  127.     logwrite(ascii(data[eoi:eoi+20]))
  128.     outputbasename = os.path.basename(fullname)
  129.     outputname = os.path.join(outpath, outputbasename)
  130.     extractname = os.path.join(outpath, outputbasename + '.data')
  131.     if os.path.realpath(outputname) != fullname:
  132.         nrename = 1
  133.         while os.path.exists(outputname) or os.path.exists(extractname):
  134.             nrename += 1
  135.             outputbasename = 'File %d named ' % nrename + os.path.basename(fullname)
  136.             outputname = os.path.join(outpath, outputbasename)
  137.             extractname = os.path.join(outpath, outputbasename + '.data')
  138.     if not os.path.exists(outputname):
  139.         shutil.copy(fullname, outputname)
  140.         logwrite('copied to ' + outputbasename)
  141.     if not os.path.exists(extractname):
  142.         extractf = open(extractname, 'wb')
  143.         try:
  144.             extractf.write(data[eoi:])
  145.         finally:
  146.             extractf.close()
  147.     logwrite('')
  148.     return True
  149.  
  150. logfile = None
  151. try:
  152.     # Create output directory, log
  153.     LOGNAME = 'appended-file-scanner-log.txt'
  154.     OUTDIRNAME = 'appended-file-scanner-discoveries'
  155.     scriptdir = os.path.dirname(os.path.realpath(__file__))
  156.     logfullname = os.path.join(scriptdir, LOGNAME)
  157.     outpath = os.path.join(scriptdir, OUTDIRNAME)
  158.     try:
  159.         os.mkdir(outpath)
  160.     except OSError:
  161.         pass
  162.     logfile = open(logfullname, 'a+')
  163.     def logwrite(line):
  164.         line = ''.join([c for c in line if ' ' <= c <= '~' or c in '\t\n'])
  165.         print(line)
  166.         logfile.write(line + '\n')
  167.  
  168.     # Enumerate files to scan
  169.     targets = [os.path.realpath(name) for name in sys.argv[1:]]
  170.     if len(targets) == 0:
  171.         targets = [scriptdir]
  172.     logwrite('scanning')
  173.     logwrite('\n'.join(targets))
  174.     logwrite('')
  175.     scanlist = []
  176.     for target in targets:
  177.         if os.path.isdir(target):
  178.             for root, dirs, files in os.walk(target):
  179.                 for file in files:
  180.                     if file.lower().split('.')[-1] in ('gif', 'jpg', 'jpeg', 'png'):
  181.                         scanlist.append(os.path.join(root, file))
  182.         else:
  183.             scanlist.append(target)
  184.  
  185.     # Scan files
  186.     anyfound = False
  187.     for fullname in scanlist:
  188.         try:
  189.             datafound = scan(fullname, outpath, logwrite)
  190.             if datafound:
  191.                 anyfound = True
  192.         except:
  193.             traceback.print_exc()
  194.             traceback.print_exc(logfile)
  195.     if not anyfound:
  196.         logwrite('no files found\n')
  197.  
  198.     logfile.close()
  199. except:
  200.     traceback.print_exc()
  201.     if logfile != None:
  202.         logfile.close()
  203.  
  204. print('[press return]')
  205. input()
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top