Skip to content

This script is a tool designed to analyze and summarize the file extensions present in an input file.

Notifications You must be signed in to change notification settings

alpine-sec/funify

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
 
 
 
 

Repository files navigation

Funify

Descripción de la imagen

Description

This script is a tool designed to analyze and summarize the file extensions present in an input file. The input file is generated by the mftmactime tool. The script gathers information about the file extensions within the file and categorizes them into specific categories such as "Office," "Document," "Image," and so on. It then provides a detailed summary indicating the number of files for each extension in each category. This tool can be useful for understanding the composition of files in a file system or directory, particularly in situations where a quick and straightforward analysis of the types of files present in a dataset is needed.

In summary and in the context of Malware Funneling, "funify.py" plays a significant role in the initial phase of automatic filtering. It helps quickly identify the file extensions present in the data source, allowing for streamlining and minimizing efforts in the analysis of files most relevant to the investigation.

Main functions description of Script:

  1. count_extensions(file_paths):
  • This function takes a list of file paths as input.
  • It uses the os library to extract the file extensions from the paths.
  • Filters out extensions that contain "(deleted)" or ",d/d".
  • It then utilizes the Counter class to count how many times each extension appears.
  • It returns a counter of extensions that represents the number of files with each extension.
  1. extract_extensions(extensions_counter):
  • This function takes the extensions counter generated by count_extensions as input.
  • It categorizes the extensions into two categories: filtered_extensions and other_extensions.
  • 'filtered_extensions' contains common extensions that have a dot at the beginning (e.g., ".txt").
  • 'other_extensions' contains unusual extensions that do not meet the earlier criteria.
  • This function is responsible for processing and organizing the extensions into these two categories.
  • It returns two counters: one for common extensions and one for unusual extensions.

Requirement

Python installation.

Use

Usage: python funify.py [-h] [-V] -f FILE

Example

python funify.py -f .\comp001-fstl.csv

Descripción de la imagen

Roadmap

  • Classify files by file extension
  • Extract statistics from the decompressed files of a disk image and count.
  • Initial analysis of suspicious files with macros, PDFs, emails, lnk, etc.
  • Classification of suspicious files into directories.
  • Recover deleted files.

About

This script is a tool designed to analyze and summarize the file extensions present in an input file.

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages