Update: re-search.py Version 0.0.22

This update to re-search.py, my tool to search text files with regular expressions, brings several new regular expressions.

There are 4 new regular expressions for cryptographic hashes: md5, sha1, sha256, sha512. And one new name that groups these 4 regular expressions: hashes.

You can use it like this: re-search.py -n hashes sample.txt

These regular expressions not only match strings of hexadecimal characters of the appropriate length (with a boundary: \b), they also check each extracted hash with a Python function (HashValidate in re-extra.py) that is designed to eliminate strings that accidentally look like a hash (example: 32 times letter A).

HashValidate checks the following:

  • that the hash is not a mix of lowercase and uppercase letters
  • that there are more than 5 different hexadecimal digits
  • that there are more than 10 instances of a character and the next character, that are different

These simple rules are designed to detect hexadecimal strings that are too uniform, and thus probably not a hash digest.

And I also added regular expressions for strings delimited by single quotes: str-s, str-se str-su, str-seu.

re-search_V0_0_22.zip (http)
MD5: BF72647B93D30D0D9CD75EEFED85D21E
SHA256: FCF7D6EF2A5C8AEC5FC84D2CF588FCD8DAD3923E10905D3350AAD7975D926553

Article Link: Update: re-search.py Version 0.0.22 | Didier Stevens