File Carving (#244)

* Add file carving * Add README
2024-10-05 20:39:28 +00:00 · 2021-10-30 19:43:10 +09:00 · 2021-10-30 19:43:10 +09:00 · be18907997
commit be18907997
parent 3ff827164f
6 changed files with 124 additions and 0 deletions
--- a/File_Carving/Images/Output.PNG
+++ b/File_Carving/Images/Output.PNG
--- a/File_Carving/Images/test_image.jpg
+++ b/File_Carving/Images/test_image.jpg
--- a/File_Carving/README.MD
+++ b/File_Carving/README.MD
@ -0,0 +1,28 @@
+# File Carving
+> **Note:** This version only supports jpg/jpeg file carving. 
+
+This script recursively finds files in the folder and carves files with jpg/jpeg file signature.
+
+## Usage
+
+1. Clone this repository
+    ```
+    git clone https://github.com/hastagAB/Awesome-Python-Scripts.git
+    ```
+2. Move to File_Carving directory
+    ```
+    cd File_Carving
+    ```
+3. Install reqired package
+    ```
+    pip install -r requirements.txt
+    ```
+5. Run carving.py
+    ```
+    python carving.py
+    ```
+
+## Example
+![Output](https://user-images.githubusercontent.com/76420409/139208797-b4417848-f184-4f65-869f-1c6e061cf3c8.PNG)
+
+
--- a/File_Carving/carving.py
+++ b/File_Carving/carving.py
@ -0,0 +1,93 @@
+import os
+import binascii
+
+# var: jpeg signature header
+# var: jpeg signature footer
+header = "\\xff\\xd8\\xff"
+footer = "\\xff\\xd9"
+
+global file_cnt
+file_cnt = 0
+global dir_cnt
+dir_cnt = 0
+
+# dir read
+def fileSearch(dir_path, cnt):
+	global file_cnt
+	global dir_cnt
+	filelist = []
+
+	for _ in range(cnt):
+		print("\t", end=" ")
+	print("[>] Directory: %s" % dir_path)
+	for files in os.listdir(dir_path):
+		if os.path.isfile(dir_path+files):
+			filelist.append(dir_path+files)
+			for _ in range(cnt):
+				print("\t", end=" ")
+			print("[+] File Name: %s" % files)
+			file_cnt+=1
+		elif os.path.isdir(dir_path+files):
+			for i in range(cnt):
+				print("\t", end=" ")
+			print("[!] SubDirectory: \"%s\" found. Start file search in this directory." % files)
+			filelist.extend(fileSearch(dir_path+files+"/", cnt+1))
+			dir_cnt+=1
+
+	return filelist
+
+# file open and store carved file
+def Carving(file_list):
+	cnt = 0
+	carv_list = []
+	print("====================Carving Start====================")
+	for i in range(len(file_list)):
+		file = open(file_list[i], 'rb')
+		carv_cont = findSignature(file)
+		print("[-] ", file_list[i], " File passed")
+
+		if (len(carv_cont) != 0):
+			carv = open('carv'+str(cnt)+'.jpeg', 'wb')
+			for j in range(len(carv_cont)):
+				carv.write(carv_cont[j])
+			print('[*] carv',str(cnt),'.jpeg is created!')
+			carv_list.append('carv'+str(cnt)+'.jpeg')
+			cnt+=1
+			carv.close
+
+		file.close
+	return carv_list
+		
+# find signature
+def findSignature(file):
+	flag = 0
+	contents = []
+
+	while(1):
+		buf = file.read(0x200)
+		file.tell()
+		if(len(buf)==0): break
+		if(flag != 1):
+			ishead = (str(buf[:3]).split('\'')[1])
+			if (header == ishead) and (flag == 0):
+				contents.append(buf)
+				flag = 1
+		else:
+			if(footer in (str(buf[-2:]).split('\'')[1])):
+				contents.append(buf)
+				return contents
+			else:
+				contents.append(buf)
+	return contents
+
+
+# main
+if __name__ == "__main__":
+	print("==================File Search Start==================")
+	fl = fileSearch("./", 0)
+	print(f'\nSEARCH RESULT: %d Files. %d Directory.' % (file_cnt, dir_cnt))
+	print("Filelist: %s\n" % fl)
+	c1 = Carving(fl)
+	print("Carvlist: %s\n" % c1)
+
+	print("Exit...")
--- a/File_Carving/requirements.txt
+++ b/File_Carving/requirements.txt
@ -0,0 +1,2 @@
+os
+binascii
--- a/README.md
+++ b/README.md
@ -187,6 +187,7 @@ So far, the following projects have been integrated to this repo:
 |[Steg_Tool](https://github.com/hastagABAwesome-Python-Scripts/Steg_Tool/)|[Shankar JP](https://github.com/shankarjp)|
 | [Directory Tree Visualizer](https://github.com/hastagAB/Awesome-Python-Scripts/tree/master/Directory_Tree_Generator) | [Harpreet Singh Saluja](https://github.com/hssaluja25/) |
 |[Pressure_Converter](https://github.com/E-wave112/Awesome-Python-Scripts/tree/master/Pressure_Converter)|[E-Wave](https://github.com/E-wave112)|
+| [File Carving](https://github.com/hastagAB/Awesome-Python-Scripts/tree/master/File_Carving) | [Yeryeong Kim](https://github.com/icarusicarus/) |

 ## How to use :