Stand alone¶
This script examines files in a given directory to determine their type (according to libmagic, similar to the Unix file command) and compares it to the file’s extension. Using a whitelist, the program will determine if there is a mismatch between the file type and the extension. After installation:
python file-examine.py --help
usage: file-examine.py [-h] [-ng] [-nb] [-nu] [-w WHITELIST] directory
Module 2 thing
positional arguments:
directory The directory where analysis will start
optional arguments:
-h, --help show this help message and exit
-ng, --no-good Do not show matches
-nb, --no-bad Do not show mismatches
-nu, --no-unknown Do not show unknown
-w WHITELIST, --whitelist WHITELIST
Path to custom whitelist
For example:
$ python3 file-examine.py Samples/
Analyzed 10 files
Matched: 5
Mismatched: 2
Unknown: 3
+------------------------------------+------------------------+--------------------------+----------+
| FILE NAME | FILE TYPE | MIME TYPE | STATUS |
+------------------------------------+------------------------+--------------------------+----------+
| Samples/file.png | PNG image data | image/png | Match |
| Samples/file.py | ASCII text | text/plain | Match |
| Samples/file.tar.gz | gzip compressed data | application/gzip | Match |
| Samples/file.txt | ASCII text | text/plain | Match |
| Samples/test/secondlevel.txt | ASCII text | text/plain | Match |
| Samples/fake.tar.gz | ASCII text | text/plain | Mismatch |
| Samples/this_was_a_private_key.txt | OpenSSH private key | text/plain | Mismatch |
| Samples/file.dat | data | application/octet-stream | Unknown |
| Samples/not_my_real_key | OpenSSH private key | text/plain | Unknown |
| Samples/not_my_real_key.pub | OpenSSH RSA public key | text/plain | Unknown |
+------------------------------------+------------------------+--------------------------+----------+