-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathgrepmd5
29 lines (24 loc) · 1.23 KB
/
grepmd5
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
#!/bin/bash
# Author: Michal Ambroz <rebus@seznam.cz>
# License: GPLv2+
#
# Copyright (C) 2018 Michal Ambroz <rebus@seznam.cz>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
# Example:
# grepmd5 malware.vba
# ... look for strings, which might be MD5 checksums
#exec grep --color -i -P -e '(?<![a-f0-9-])(?<!sid=|ver=|hid=|isc/|\?dm=|[Ii]d=\"|ok:\"|ken=|ue=['"'"'\"]|Key=)(?<!content=\"|...id = \"|.hash = '"'"'|version=\"|urceId\":\")(?<!avatar/)[a-f0-9]{32}(?![a-f0-9])(?!\.js|\.png|\.css|_bigger|_normal|\?postId|&ns=|&callback)' $@
exec grep --color -i -P -e '(?<![a-f0-9])[a-f0-9]{32}(?![a-f0-9])' "$@"