Class: Memorandom::Plugins::Hashes
- Inherits:
-
Memorandom::PluginTemplate
- Object
- Memorandom::PluginTemplate
- Memorandom::Plugins::Hashes
- Defined in:
- lib/memorandom/plugins/hashes.rb
Constant Summary collapse
- @@description =
"This plugin looks for common hash formats"
- @@confidence =
0.10
Instance Attribute Summary
Attributes inherited from Memorandom::PluginTemplate
Instance Method Summary collapse
-
#scan(buffer, source_offset) ⇒ Object
Scan takes a buffer and an offset of where this buffer starts in the source.
Methods inherited from Memorandom::PluginTemplate
#confidence, confidence, #description, description, #initialize, #report_hit, #reset
Constructor Details
This class inherits a constructor from Memorandom::PluginTemplate
Instance Method Details
#scan(buffer, source_offset) ⇒ Object
Scan takes a buffer and an offset of where this buffer starts in the source
9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 |
# File 'lib/memorandom/plugins/hashes.rb', line 9 def scan(buffer, source_offset) # Unix password hash formats buffer.scan( /[a-z0-9_]+:\$\d+\$[$a-z0-9\.\/]+:\d+:\d+:\d+[a-z0-9 :]*/mi ).each do |m| # This may hit an earlier identical match, but thats ok last_offset = buffer.index(m) report_hit(:type => 'UnixHash', :data => m, :offset => source_offset + last_offset) last_offset += m.length end # Hexadecimal password hashes buffer.scan( /[a-f0-9]{16,128}/mi ).each do |m| next unless m.length % 2 == 0 # This may hit an earlier identical match, but thats ok last_offset = buffer.index(m) report_hit(:type => 'CommonHash', :data => m, :offset => source_offset + last_offset) last_offset += m.length end end |