Last active
January 2, 2016 17:39
-
-
Save rjzak/8338210 to your computer and use it in GitHub Desktop.
Compare magic numbers (or the first 32 bytes of a file) with the output from the file command (which also uses magic numbers). The intention is to discover magic numbers for different file types. For example, to be able to distinguish between different MS Office document types, since libmagic just says "CDF V2 Document, Little Endian, Os" or "Zi…
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| import sys, os, subprocess | |
| def fileType(filePath): | |
| return subprocess.Popen("""/usr/bin/file "%s" """ % filePath, shell=True, stdout=subprocess.PIPE).communicate()[0].split(":")[1].strip() | |
| def idMSFile(filePath): | |
| if os.path.isdir(filePath): | |
| for fileInDir in os.listdir(filePath): | |
| yield idMSFile(os.path.join(filePath, fileInDir)) | |
| elif os.path.isfile(filePath): | |
| f = open(filePath, 'rb') | |
| header = f.read(50).encode('hex').upper() | |
| f.close() | |
| yield "%-20s %-50s %-15s" % (os.path.basename(filePath), header, fileType(filePath)) | |
| if __name__ == '__main__': | |
| if len(sys.argv) < 2: | |
| print "Usage: %s <files/directories>" % sys.argv[0] | |
| sys.exit(1) | |
| for fp in sys.argv[1:]: | |
| if os.path.isdir(fp): | |
| for item in idMSFile(fp): | |
| for i in item: | |
| print i | |
| else: | |
| for item in idMSFile(fp): | |
| print item |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment