Python - Decode ISO/UTF Character Encodings

Given a string of the format:

=?iso-2022-jp?B?GyRCO2QkTzYyJG0kNyQkSjg7ek5zJEckOSEqGyhCIBskQjlsMjshKhsoQg?=

This should decode it properly:

1 2 3 4 5 6 7 8 9 10 11 12

import re import base64 uniString="=?iso-2022-jp?B?GyRCO2QkTzYyJG0kNyQkSjg7ek5zJEckOSEqGyhCIBskQjlsMjshKhsoQg?=" charset=re.search("^=\?(.*?)\?", uniString).group(1) b64String=re.search("\?[Bb]\?(.*?)[?=]", uniString).group(1) print b64String missing_padding = len(b64String) % 4 if missing_padding != 0: b64String += b'='* (4 - missing_padding) dec=base64.b64decode(b64String) print dec.decode(charset)

It decodes into "私は恐ろしい文字列です！ 轟音！", which according to Google Translate, is "I am a fearsome string!  Roar!"

Python - Combine Files/Lists, Strip Duplicates

This script reads in two files, turns them into lists, and removes all the duplicate values.  I used this to combine two files of thousands of MD5 hashes.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22

oldList=open("c:\\temp\\md5s_old.csv") newList=open("c:\\temp\\md5s.csv") old=[] new=[] for i in oldList: old.append(i) oldList.close() for i in newList: new.append(i) newList.close() old1=set(old) new1=set(new) uniques=new1-old1 res=list(uniques) f=open("c:\\temp\\uniqueMD5s.csv", 'w') for i in res: f.write(i) f.close()

Python Split File By Lines

Short snippet I use to split a large text file into separate files by line count.  This will split a large file into separate files of 3 million lines each:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

count=0 fNum=0 pathIn = "c:\\temp\\inFile.txt" pathOut="c:\\temp\\outFile"+str(fNum)+".txt" fOut=open(pathOut, 'a') with open(pathIn) as fIn: for line in fIn: fOut.write(line) count=count+1 if count > 3000000: #Number of lines to split files on fNum=fNum+1 fOut.close() pathOut="c:\\temp\\outFile"+str(fNum)+".txt" fOut=open(pathOut, 'a') count=0

Edit: Just moved fNum=fNum+1 to before the rest of the if statement, as it was making the first file double the size it should have been.  All good!

VirusTotal Public API MD5 Report Search

This Python script will ingest a file with a list of MD5s and use the VirusTotal Public API to query them for AntiVirus hits.  The public API has a limit of 4 MD5's a minute.  This uses the bulk query method to send 4 in one request, and if there's not a block of 4, to do them separately.

If you're lucky enough to have Private API access, just change the values on lines 62-69 from 4 to 25.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83

import requests import time from requests.packages.urllib3.exceptions import InsecureRequestWarning requests.packages.urllib3.disable_warnings(InsecureRequestWarning) apikey = '<mine>' fname="c:\\temp\\uniqueMD5s.csv" with open(fname) as f: fContents=f.readlines() hashes=[] for i in fContents: hashes.append(i.strip()) hits=[] def singleMode(hash): positives=[] headers = {"Accept-Encoding": "gzip, deflate","User-Agent" : "VT Query UserAgent"} params = {'apikey': apikey, 'resource': hash} try: response = requests.get('https://www.virustotal.com/vtapi/v2/file/report',params=params, headers=headers, verify=False) if response.status_code==204: print "time to sleep!" time.sleep(61) response = requests.get('https://www.virustotal.com/vtapi/v2/file/report',params=params, headers=headers, verify=False) json_response = response.json() if json_response['response_code']==1: if json_response['positives']!=0: print json_response['md5'] + " has " + str(json_response['positives']) + " positives!" positives.append(json_response['md5']) except: print "error retrieving stats on md5: " + i if len(positives)>0: return positives def multiMode(hashes): positives=[] hashlist='' for i in xrange(0, len(hashes), 1): hashlist=hashlist+hashes[i]+"," hashlist = hashlist[:-1] headers = {"Accept-Encoding": "gzip, deflate","User-Agent" : "VT Query UserAgent"} params = {'apikey': apikey, 'resource': hashlist} try: response = requests.get('https://www.virustotal.com/vtapi/v2/file/report',params=params, headers=headers, verify=False) if response.status_code==204: print "time to sleep!" time.sleep(61) response = requests.get('https://www.virustotal.com/vtapi/v2/file/report',params=params, headers=headers, verify=False) json_response = response.json() for i in xrange(0,len(json_response),1): if json_response[i]['response_code']==1: if json_response[i]['positives']!=0: print json_response[i]['md5'] + " has " + str(json_response[i]['positives']) + " positives!" positives.append(json_response[i]['md5']) except: print "error retrieving stats on md5 group:", hashes if len(positives)>0: return positives else: return 0 for i in xrange(0,len(hashes), 4): if (len(hashes)-i)<4: for x in xrange(0,(len(hashes)-i), 1): #print "sending: ", hashes[i+x] hits.append(singleMode(hashes[i+x])) else: #print "sending: ", hashes[i:i+4] hits.append(multiMode(hashes[i:i+4])) print "On hash ", i, "out of ", len(hashes) hits[:] = [i for i in hits if i != 0] y=[] for x in hits: try: for z in x: y.append(z) except: continue print y

Wrapper for Left Click Event

This is a wrapper function for sending a left-click event in windows.  It can be called by using leftclick() instead of having to set these variables every time.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

#include <Windows.h> using namespace std; void leftclick() { PINPUT click = new INPUT; click->type = INPUT_MOUSE; click->mi.dwFlags = 0x2; click->mi.mouseData = 0; click->mi.time = 0; click->mi.dwExtraInfo = 0; SendInput(1, click, sizeof(INPUT)); click->mi.dwFlags = 0x4; SendInput(1, click, sizeof(INPUT)); }

Line 7/8 set up the PINPUT structure for use.
Lines 9-12 set additional parameters on the struct (dwFlags=2 is the "down" event).
 Line 13 sends the "down" event, line 14 sets it to send an "up", and 15 sends it again.

To make an auto-clicker for idle/clicker games, the following works just fine:

1 2 3 4 5

while(1) { leftclick(); Sleep(20); }

You can easily change the left-click to right-click by changing the dwFlags parameter.  The MSDN page https://msdn.microsoft.com/en-us/library/windows/desktop/ms646260(v=vs.85).aspx shows the values for dwFlags for each mouse action.

Another thing you could do is create a function called leftdown(), and another called leftup(), and remove lines 14 and 15 from the above function to create one that holds the mouse button down.  This can be paired with SetCursorPos() to click and drag to screen coordinates.