Class: Memorandom::Plugins::Hashes

Inherits:
Memorandom::PluginTemplate show all
Defined in:
lib/memorandom/plugins/hashes.rb

Constant Summary collapse

@@description = 
"This plugin looks for common hash formats"
@@confidence = 
0.10

Instance Attribute Summary

Attributes inherited from Memorandom::PluginTemplate

#hits, #scanner

Instance Method Summary collapse

Methods inherited from Memorandom::PluginTemplate

#confidence, confidence, #description, description, #initialize, #report_hit, #reset

Constructor Details

This class inherits a constructor from Memorandom::PluginTemplate

Instance Method Details

#scan(buffer, source_offset) ⇒ Object

Scan takes a buffer and an offset of where this buffer starts in the source



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
 
# File 'lib/memorandom/plugins/hashes.rb', line 9

def scan(buffer, source_offset)

  # Unix password hash formats
  buffer.scan(
    /[a-z0-9_]+:\$\d+\$[$a-z0-9\.\/]+:\d+:\d+:\d+[a-z0-9 :]*/mi
  ).each do |m|
    # This may hit an earlier identical match, but thats ok
    last_offset = buffer.index(m)
    report_hit(:type => 'UnixHash', :data => m, :offset => source_offset + last_offset)
    last_offset += m.length
  end

  # Hexadecimal password hashes
  buffer.scan(
    /[a-f0-9]{16,128}/mi
  ).each do |m|
    next unless m.length % 2 == 0
    # This may hit an earlier identical match, but thats ok
    last_offset = buffer.index(m)
    report_hit(:type => 'CommonHash', :data => m, :offset => source_offset + last_offset)
    last_offset += m.length
  end

end