File System Auditor - Extension Locator

Hello,

I wanted to share a quick bit on a python script I wrote.  I have also attached a video demonstrating it.
ext_locator.py



executable files in an operating system can be packed with goodies that you are not aware of.  Obviously doing an AV test on your system would be a critical route, however if you are doing a static analysis of a system, you could use a tool similar to this.

Functionality:
-user inputs parent directory
-script walks through entire directory searching for extensions matching the list
-any file matching, the absolute path is saved to a text file

Purpose:
-In a safe way determining whether there are abnormal amounts of executable programs located somewhere the system.
-extensions in this list have been known to be packed with extra code that can link to malware
-narrow your search when analyzing a system.

Comments

Popular Posts