heitt 0.4.2 → 0.4.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/bin/heitt +20 -0
  3. data/lib/heitt/version.rb +1 -1
  4. data/lib/heitt.rb +16 -6
  5. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: '09a5102cf903ce6b0064303daa378ba34d5ab5835ec90be737cef63325e48872'
4
- data.tar.gz: d6a882c5ae2f4b33390ee4c4a5ca03ffdb3032832333c0a8f355c126a7223841
3
+ metadata.gz: b4cac48163d051caad98351e1395d1ad624ee01b5bbec6de84e34f85818495f1
4
+ data.tar.gz: ac8e59ea2f8bcb08307c3b0393a7a482cdea7bb7e47163eefb2ff6e817074d1f
5
5
  SHA512:
6
- metadata.gz: 0da456e13048b5687e010ccc6361179f51a781d97880d22306a5a90eda9bb48ca5f596f196d4cbee7d0fdb10e58cac24674cc5a15efe366811a81745d6d90f48
7
- data.tar.gz: 4c65b51cda918629388e41ecde058909ba475fafcdeb1640b02b0c68609b29bcc804e9b24512de7d67f502a26a6bd0923688d3dec9de274e7ce118df4c5e0a9e
6
+ metadata.gz: 3c9acfa3fb59aa5e66f40e87651df940609faf644f4272c57ce277996b07b2ed8a0185d4b7b03a93fac98bd16a72ffa8fef2964eebfb75f9e82d5758abd8cd1d
7
+ data.tar.gz: 7f1e6fcd83c8eedf484816a9caa01c050d10e263455948a51a77dcb28bcd6f75bacbf8f4a2a1f5c02713b9e9f769f8d68ccb48119bd23a562158651b7a6b3b7e
data/bin/heitt CHANGED
@@ -4,6 +4,7 @@ require 'io/console'
4
4
  require 'heitt'
5
5
 
6
6
 
7
+
7
8
  module HEITT
8
9
  class CLI
9
10
  attr_accessor :inputs, :extended, :verbose, :output, :json, :database, :show_regex_match, :min_entropy
@@ -151,6 +152,25 @@ module HEITT
151
152
  exit(1)
152
153
  end
153
154
  end
155
+
156
+ def decode(text, decoders)
157
+ #Check if result is printable ascii after decoding
158
+ decoders.each do |decoder|
159
+ case decoder
160
+ when "b64"
161
+ text = text.gsub(/[A-Za-z0-9+\/]{4,}={0,2}/) do |match|
162
+ current = match
163
+ loop do
164
+ #until word is non printable ascii continue decoding
165
+ decoded = Base64.decode64(word) #rescue break
166
+ current = decoded.strip.match?(/\A[[:print:]]+\z/) ? decoded.strip : break
167
+ #puts "IS PRINTABLE?: #{decoded.match?(/\A[[:print:]]+\z/)}"
168
+ #puts "RESULT: #{result}"
169
+ end
170
+ current
171
+ end
172
+ when "hex"
173
+ text = tesxt.gsub(/)
154
174
  end
155
175
  end
156
176
 
data/lib/heitt/version.rb CHANGED
@@ -1,6 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module HEITT
4
- VERSION = "0.4.2"
4
+ VERSION = "0.4.4"
5
5
  GITHUB = "https://github.com/jobotow/heitt"
6
6
  end
data/lib/heitt.rb CHANGED
@@ -69,7 +69,6 @@ module HEITT
69
69
  prefix_matched_mode = mode[:name]
70
70
  score += 20
71
71
  end
72
- #puts "MODENAME: #{mode[:name]}"
73
72
  {
74
73
  name: mode[:name],
75
74
  hashcat: mode[:hashcat],
@@ -95,7 +94,7 @@ module HEITT
95
94
  entry[:candidates] || entry[:types] || entry[:hashtypes]
96
95
  end
97
96
 
98
- #this code is a copy or inspiration of "https://github.com/chrisjchandler/entropy/blob/main/entropy.go"
97
+ #this code is an inspiration of "https://github.com/chrisjchandler/entropy/blob/main/entropy.go"
99
98
  def self.entropy(text)
100
99
  frequency = Hash.new(0)
101
100
  text.each_char { |ch| frequency[ch] += 1 }
@@ -211,11 +210,22 @@ module HEITT
211
210
 
212
211
  candidates = HEITT::Analyzer.score_candidates(modes, delim_prefix, context_scores)
213
212
  score = candidates.first[:score]
214
- if score > (seen[matched] || -1)
215
- seen[matched] = score
216
- found[matched] = {hash: matched, candidates: candidates}
213
+
214
+ found[matched] ||= {hash: matched, candidates: []}
215
+ found[matched][:candidates].concat(candidates)
217
216
  end
218
217
  end
218
+
219
+ found.each_value do |result|
220
+ result[:candidates] = result[:candidates]
221
+ .group_by {|c| c[:name]}
222
+ .map {|name, dupes| dupes.max_by {|c| c[:score]}}
223
+ .sort_by {|c| -c[:score]}
224
+
225
+ # Re-assign confidence based on final merged scores
226
+ scores_hash = result[:candidates].map {|c| [c[:name], c[:score]]}.to_h
227
+ confidences = Analyzer.assign_confidence(scores_hash)
228
+ result[:candidates] = result[:candidates].map {|c| c.merge(confidence: confidences[c[:name]])}
219
229
  end
220
230
  found.values
221
231
  end
@@ -305,7 +315,7 @@ module HEITT
305
315
  JSON.pretty_generate(
306
316
  renumbered_groups.map do |group|
307
317
  visible_candidates = group[:candidates].select do |c|
308
- (!c[:extended] || extended) && (c[:confidence] != "regex-match" || show_regex_match)
318
+ (!c[:extended] || extended) && (c[:confidence] != "regex-match" || show_regex_match)
309
319
  end
310
320
  {
311
321
  cluster_id: group[:cluster_id],
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: heitt
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.2
4
+ version: 0.4.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jonathan Botchway Owusu
@@ -13,14 +13,14 @@ dependencies:
13
13
  name: colorize
14
14
  requirement: !ruby/object:Gem::Requirement
15
15
  requirements:
16
- - - "~>"
16
+ - - ">="
17
17
  - !ruby/object:Gem::Version
18
18
  version: 0.8.1
19
19
  type: :runtime
20
20
  prerelease: false
21
21
  version_requirements: !ruby/object:Gem::Requirement
22
22
  requirements:
23
- - - "~>"
23
+ - - ">="
24
24
  - !ruby/object:Gem::Version
25
25
  version: 0.8.1
26
26
  description: Hash Extraction, Identification and Triage Tool.