adding new tool safe2bin for decoding safe encoded values

2024-11-22 09:36:35 +03:00 · 2011-04-15 13:41:50 +00:00 · 2011-04-15 13:41:50 +00:00 · bf6ea35145
commit bf6ea35145
parent a883316e22
2 changed files with 100 additions and 0 deletions
--- a/extra/safe2bin/README.txt
+++ b/extra/safe2bin/README.txt
@ -0,0 +1,17 @@
+To use safe2bin.py you need to pass it the original file,
+and optionally the output file name.
+
+Example:
+
+$ python ./safe2bin.py -i output.txt -o output.txt.bin
+
+This will create an binary decoded file output.txt.bin. For example, 
+if the content of output.txt is: "\ttest\t\x32\x33\x34\nnewline" it will 
+be decoded to: "    test   234
+newline"
+
+If you skip the output file name, general rule is that the binary
+file names are suffixed with the string '.bin'. So, that means that 
+the upper example can also be written in the following form:
+
+$ python ./safe2bin.py -i output.txt
--- a/extra/safe2bin/safe2bin.py
+++ b/extra/safe2bin/safe2bin.py
@ -0,0 +1,83 @@
+#!/usr/bin/env python
+
+"""
+$Id$
+
+safe2bin.py - Simple safe(hex) to binary format converter
+
+Copyright (c) 2006-2011 sqlmap developers (http://sqlmap.sourceforge.net/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+import binascii
+import re
+import os
+import sys
+
+from optparse import OptionError
+from optparse import OptionParser
+
+# Regex used for recognition of hex encoded characters
+HEX_ENCODED_CHAR_REGEX = r"(?P<result>\\x[0-9A-Fa-f]{2})"
+
+# Raw chars that will be safe encoded to their slash (\) representations (e.g. newline to \n)
+SAFE_ENCODE_SLASH_REPLACEMENTS = "\\\t\n\r\x0b\x0c"
+
+def safechardecode(value):
+    """
+    Decode safe(hex) encoded values
+    """
+
+    retVal = value
+    if isinstance(value, basestring):
+        regex = re.compile(HEX_ENCODED_CHAR_REGEX)
+
+        while True:
+            match = regex.search(retVal)
+            if match:
+                retVal = retVal.replace(match.group("result"), binascii.unhexlify(match.group("result").lstrip('\\x')))
+            else:
+                break
+
+        for char in SAFE_ENCODE_SLASH_REPLACEMENTS[::-1]:
+            retVal = retVal.replace(repr(char).strip('\''), char)
+
+    elif isinstance(value, (list, tuple)):
+        for i in xrange(len(value)):
+            retVal[i] = safechardecode(value[i])
+
+    return retVal
+
+def main():
+    usage = '%s -i <input file> [-o <output file>]' % sys.argv[0]
+    parser  = OptionParser(usage=usage, version='0.1')
+
+    try:
+        parser.add_option('-i', dest='inputFile', help='Input file')
+        parser.add_option('-o', dest='outputFile', help='Output file')
+
+        (args, _) = parser.parse_args()
+
+        if not args.inputFile:
+            parser.error('Missing the input file, -h for help')
+
+    except (OptionError, TypeError), e:
+        parser.error(e)
+
+    if not os.path.isfile(args.inputFile):
+        print 'ERROR: the provided input file \'%s\' is not a regular file' % args.inputFile
+        sys.exit(1)
+
+    f = open(args.inputFile, 'r')
+    data = f.read()
+    f.close()
+
+    if not args.outputFile:
+        args.outputFile = args.inputFile + '.bin'
+
+    f = open(args.outputFile, 'wb')
+    f.write(safechardecode(data))
+    f.close()
+
+if __name__ == '__main__':
+    main()