PE Info Python Snippet

Trying to dump the PE header info for an unknown Windows PE binary on a linux box?

Solution:

$ sudo aptitude install python-pefile
$ python
>>> import pefile
>>> pe = pefile.PE('/path/to/pefile.exe')
>>> print pe.dump_info()

If you just want to see the imports:

>>> for entry in pe.DIRECTORY_ENTRY_IMPORT:
... print entry.dll
... for imp in entry.imports:
... print '\t', hex(imp.address), imp.name

Javascript decoding using Python Interpreter

I keep forgetting the module to decode % encoded javascript obfuscation using python, so here it is:

$ python

>>> import urllib
>>> s = '%33%76%31%4C%20%6A%73%63%72%69%70%74%21'
>>> urllib.unquote(s)
'3v1L jscript!'

Remove html tags: two sed one liners

1. Quick and easy one liner to remove any html tags from file blah:

cat blah | sed 's/<[^>]*>//g'

2. Remove html tags and format jscript just enough to read file blah:

cat blah | sed 's/<[^>]*>//g' | sed 's/;[^\n]/;\n/g' | sed 's/{/{\n/g'| sed 's/{\s*[^\n]/\n{/g'

note that these only work if the html tag is not broken onto two lines.