This update to re-search.py, my tool to search text files with regular expressions, brings several new regular expressions.
There are 4 new regular expressions for cryptographic hashes: md5, sha1, sha256, sha512. And one new name that groups these 4 regular expressions: hashes.
You can use it like this: re-search.py -n hashes sample.txt
These regular expressions not only match strings of hexadecimal characters of the appropriate length (with a boundary: \b), they also check each extracted hash with a Python function (HashValidate in re-extra.py) that is designed to eliminate strings that accidentally look like a hash (example: 32 times letter A).
HashValidate checks the following:
- that the hash is not a mix of lowercase and uppercase letters
- that there are more than 5 different hexadecimal digits
- that there are more than 10 instances of a character and the next character, that are different
These simple rules are designed to detect hexadecimal strings that are too uniform, and thus probably not a hash digest.
And I also added regular expressions for strings delimited by single quotes: str-s, str-se str-su, str-seu.
Article Link: Update: re-search.py Version 0.0.22 | Didier Stevens