5 releases

new 0.1.7	Feb 19, 2025
0.1.6	Feb 6, 2025
0.1.5	Dec 13, 2024
0.1.4	Dec 13, 2024
0.1.3	Dec 12, 2024

#49 in #semantic

128 downloads per month

MIT license

50KB
1K SLoC

scrings

Semantic scanner based on tree-sitter

scrings is a strings utility that will output only semantically valid strings based on tree-sitter grammar. For each script language we made a list of semantic nodes discriminant enough to detect the target language.

Python bindings are available in the pyscrings package.

A volatility 3 plugin is also available to leverage memory dump analysis.

Usage

scrings is available through a command line utility like strings:

scrings 0.1.0
Airbus CERT <cert@airbus.com>

USAGE:
    scrings.exe [FLAGS] [OPTIONS] [bash]

FLAGS:
        --escape     Escape string before print
    -h, --help       Prints help information
    -o, --offset     Print offset in file
    -V, --version    Prints version information

OPTIONS:
    -l, --language <language>    Language to match [possible values: powershell, bash, python, sql, javascript, php]
    -p, --path <path>            Path to the script file
    -s, --step <step>            Min length [default: 20]

ARGS:
    <bash>    bash

scrings --path [PATH_TO_DUMP] -o -l powershell

...
151297294       $eiD=-join'ylbmessA'[-1..-8];$JOD=-join'epyTteG'[-1..-7]
...

Install

scrings is available on crates.io:

cargo +nightly install scrings --features="scrings"

Supported languages

Python ✅
Javascript ✅
Powershell ✅
PHP ✅
Bash ✅
SQL ✅
VBS ❌ (ongoing)

Build

scrings is made in Rust 🦀.

⚠️ Use nightly version of Rust ⚠️

To built scrings you must rely on cargo :

git clone https://github.com/airbus-cert/scrings
cd scrings
cargo build --package scrings --bin scrings --features=scrings

Dependencies

~51MB
~1.5M SLoC