reScan - quick pattern matching in files for malware analysis

reScan is a very simple Python script to look for specific patterns (regular expressions) in binary or text files. It has been primarily developed to analyze malicious files, to quickly extract interesting patterns (shellcodes, embedded executables in malformed documents, etc). Update in 2014: it has now evolved into Balbuzard, which provides many more features.

News:

Follow all updates and news on Twitter: https://twitter.com/decalage2

  • 2014-02-26 v0.18: Initial release of the Balbuzard tools, replacing reScan
  • 2013-03-15: added harvest mode (bbharvest)
  • 2011-05-06: added bruteforce functions (bbcrack)
  • 2008-06-06: first public release as reScan for SSTIC08
  • 2007-07-11: first versions of reScan
  • see changelog in source code for more info.

Usage:

reScan.py <file>

Configuration:

To add your own patterns to the default list, create a script named reScan_custom.py and add the patterns to a dictionary named FIND_REGEX, with the same structure as in reScan.py. Of course if you find useful patterns to add to this tool, please send me an e-mail at decalage[à]laposte.net so that I can improve the main version.

Licence:

CeCILL v2, open-source, GPL-compatible.

AttachmentSize
reScan.py.txt5.6 KB