Truehunter - Tool to detect TrueCrypt containers


The goal of Truehunter is to detect TrueCrypt containers using a fast and memory efficient approach. It was designed as a PoC some time ago as I couldn't find any open source tool with the same functionality.


Installation
Just use with Python 2.7, it does not need any additional libraries.

usage: truehunter.py [-h] [-D HEADERSFILE] [-m MINSIZE] [-M MAXSIZE]
[-R MAXHEADER] [-f] [-o OUTPUTFILE]
LOCATION
Checks for file size, unknown header, and entropy of files to determine if
they are encrypted containers.
positional arguments:
LOCATION Drive or directory to scan.
optional arguments:
-h, --help show this help message and exit.
-D HEADERSFILE, --database HEADERSFILE
Headers database file, default headers.db
-m MINSIZE, --minsize MINSIZE
Minimum file size in Kb, default 1Mb.
-M MAXSIZE, --maxsize MAXSIZE
Maximum file size in Kb, default 100Mb.
-R MAXHEADER, --repeatHeader MAXHEADER
Discard files with unknown headers repeated more than
N times, default 3.
-f, --fast Do not calculate entropy.
-o OUTPUTFILE, --outputfile OUTPUTFILE
Scan results file name, default scan_results.csv


No comments

Note: Only a member of this blog may post a comment.

Powered by Blogger.