forensicmike
/ FindFIlteredXrefsToPackage.py
Last active
February 14, 2022 16:05
Jeb Android - Find Filtered Xrefs To Package
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #?description=Find references to a specific library | |
| from com.pnfsoftware.jeb.client.api import IScript, IGraphicalClientContext | |
| from com.pnfsoftware.jeb.core.units.code import ICodeClass, ICodePackage, ICodeItem | |
| from com.pnfsoftware.jeb.core.units.code.android import IDexUnit | |
| from com.pnfsoftware.jeb.core.actions import ActionContext | |
| from com.pnfsoftware.jeb.core.actions import ActionXrefsData | |
| from com.pnfsoftware.jeb.core.actions import Actions | |
| class FindFilteredXrefsToPackage(IScript): |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const colors = { | |
| colorize: (str, cc) => `\x1b${cc}${str}\x1b[0m`, | |
| red: str => colors.colorize(str, '[31m'), | |
| green: str => colors.colorize(str, '[32m'), | |
| yellow: str => colors.colorize(str, '[33m'), | |
| blue: str => colors.colorize(str, '[34m'), | |
| cyan: str => colors.colorize(str, '[36m'), | |
| white: str => colors.colorize(str, '[37m'), | |
| }; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from axiom import * | |
| import datetime | |
| import sys | |
| import codecs | |
| import time | |
| import io | |
| import json | |
| class JsonReader(Artifact): |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| static public class StringHelpers { | |
| static public bool IsIsogram(this string input) { | |
| var tmp = input.ToLower().ToCharArray(); | |
| var hs = new HashSet<char>(tmp); | |
| return hs.Count == tmp.Length; | |
| } | |
| } | |
| void Main() | |
| { |
forensicmike
/ GooglePlay_AppNameResolver.cs
Last active
April 5, 2019 15:59
(LINQPAD) Use an array of Android Package names to resolve their 'nice' names from the Google play store. Stores results in a SQLite db.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Resolve package names by scraping the Google play store. | |
| // The only modifications needed are to manipulate where data is accessed from. | |
| async void Main() | |
| { | |
| // Load your package names into ListOfPackageNames (see OPTION 1 or OPTION 2) | |
| var ListOfPackageNames = new List<string>(); | |
| // Change this to true if you want to store the outcomes in a database. | |
| var bStoreResults = true; | |
| // Path you want to use if the above is true. NOTE: This will be loaded |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| static public class RegexExtensions | |
| { | |
| static public dynamic AsDynamic(this Match match) | |
| { | |
| var ret = new ExpandoObject() as IDictionary<string, Object>; | |
| foreach (var group in match.Groups.OfType<Group>()) | |
| { | |
| ret.Add(group.Name, group.Value); | |
| } |
forensicmike
/ Iterate-SQLite-DBs.cs
Last active
March 11, 2019 13:23
LINQPad script to iterate SQLite DBs in a directory given one of any number of extensions and run a query, present grouped results using .Dump()
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // PREREQUISITES - Install NuGet packages for Sqlite3 and Newtonsoft.JSON | |
| void Main() | |
| { | |
| // What is our base directory? Remember, we will traverse subfolders as well | |
| var sourceDirectory = @"c:\temp\"; | |
| // What extensions are we after? IDK if this is case sensitive or not | |
| var extensions = new List<string>(new string[] { "*.sqlite", "*.db" }); | |
forensicmike
/ HashsetIntersect.cs
Last active
November 12, 2018 14:42
Compute the intersection of two hashsets
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // The format of our checksum file is: b6f60e956ea5dc8b7056b35689b67efa *info.png | |
| // We'll use the " *" as a mid-point and line start/end anchors (^ and $) to isolate them | |
| Regex fileRegex = new Regex(@"^(?<hash>[\w\W]*?)\s\*(?<name>[\w\W]*?)$"); | |
| // Load hashes from the first file | |
| var hashset1 = from line in File.ReadAllLines(@"C:\example\checksums.md5") // Each hash is separated by a newline, so ReadAllLines will do the trick here | |
| let match = fileRegex.Match(line) // Perform the Regex | |
| select new // Create an anonymously typed object containing the hash and filename. | |
| { | |
| Hash = match.Groups["hash"].Value, |