File System Auditor - Extension Locator
Hello,
I wanted to share a quick bit on a python script I wrote. I have also attached a video demonstrating it.
ext_locator.py
executable files in an operating system can be packed with goodies that you are not aware of. Obviously doing an AV test on your system would be a critical route, however if you are doing a static analysis of a system, you could use a tool similar to this.
Functionality:
-user inputs parent directory
-script walks through entire directory searching for extensions matching the list
-any file matching, the absolute path is saved to a text file
Purpose:
-In a safe way determining whether there are abnormal amounts of executable programs located somewhere the system.
-extensions in this list have been known to be packed with extra code that can link to malware
-narrow your search when analyzing a system.
