New analyser: File Strings #314
Conversation
3c7
added
scope:analyzer
|
It may also be good to take a look at this at the same time: |
|
I propose to add this feature as a submodule in FileInfo. |
|
I've added the feature as submodule. I just need to finish templates. |
|
So, if you use this version it's not floss per-say, but it's more capable than basic strings, and it can rank the strings in order of maliciousness with rankstrings |
|
Also, could always use the binary version of floss? |
|
Ok, I'll try with the binary tomorrow. This is a preview: |
|
I've already added FLOSS as a submodule for FileInfo: https://github.com/TheHive-Project/Cortex-Analyzers/tree/feature/fileinfo_floss |
|
(That's why I was assigned ;) ) |
|
sorry, I didn't knew that and it seems way better than my first attempt with floss :) |
|
I'd say, if you want to at least have the most useful stuff at the top of the long list, use |
|
@3c7 will you propose a pull request with your changes? |
|
Need more time to fix the template. Currently no time to work on Analyzer stuff. |
|
no problem. The plan is to release milestone 2.6.0 this friday, if you need more time I'll move your pr to next release 👍 |
To-om
force-pushed
the
develop
branch
3 times, most recently
from
fb8f5aa to
23be632
Compare
|
I've added a fix for the template in your repo.
|
A simple analyser to find printable strings within files.
I've personally found this analyser to be a useful first step when dealing with various types of unknown file so wanted to make it available to others.