Path: csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!feeder.erje.net!eu.feeder.erje.net!newsfeed.xs4all.nl!newsfeed4.news.xs4all.nl!xs4all!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.003 X-Spam-Evidence: '*H*': 0.99; '*S*': 0.00; 'python.': 0.02; 'patterns': 0.04; 'root': 0.05; 'string.': 0.05; 'subject:Python': 0.06; 'wednesday,': 0.07; 'subject:module': 0.09; 'subject:using': 0.09; 'python': 0.11; 'bug': 0.12; 'posted': 0.15; '"."': 0.16; 'command.': 0.16; 'filenames,': 0.16; 'files:': 0.16; 'grep': 0.16; 'open()': 0.16; 'slave': 0.16; 'thread,': 0.16; 'all.': 0.16; 'fix': 0.17; 'wrote:': 0.18; 'code.': 0.18; 'import': 0.22; 'print': 0.22; 'header:User-Agent:1': 0.23; 'string,': 0.24; 'file.': 0.24; 'script': 0.25; 'compiled': 0.26; 'equivalent': 0.26; 'header:In-Reply-To:1': 0.27; 'external': 0.29; 'skip:p 30': 0.29; 'quickly': 0.29; "i'm": 0.30; 'posting': 0.31; '25,': 0.31; 'basic': 0.35; 'but': 0.35; 'there': 0.35; 'in.': 0.36; 'thanks': 0.36; 'improving': 0.38; 'others.': 0.38; 'to:addr:python-list': 0.38; 'files': 0.38; 'pm,': 0.38; 'rather': 0.38; 'does': 0.39; 'to:addr:python.org': 0.39; 'how': 0.40; 'easy': 0.60; 'subject: ': 0.61; 'new': 0.61; 'march': 0.61; 'name': 0.63; 'more': 0.64; 'charset:windows-1252': 0.65; 'close': 0.67; 'received:74.208': 0.68; '2015': 0.84; 'drive.': 0.84; 'gregg': 0.84; 'received:74.208.4.194': 0.84; 'subject:Search': 0.84; 'assessing': 0.91; 'sitting': 0.91 Date: Thu, 26 Mar 2015 13:23:56 -0400 From: Dave Angel User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0 MIME-Version: 1.0 To: python-list@python.org Subject: Re: Basic Python V3 Search Tool using RE module References: In-Reply-To: Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K0:49x5NEbVx3NJRIsZWweNOfQ6QgmLqipCnLnIogluHmuzB4p65rG 0flkfoKmF+4HdfDTmBS2OEu2DhcQlR/9BXkLt38DZZOoKbPB6Q5vkKABbced7mhqVISNgSM mHXqikApgf9x9pdnP6RWH9dSQ+qMcP94T7u90XWOyDxiUWcH5xJguuUmRf/iwOoXJFuYzHy yuxiueRnBHa4YqAEVNMng== X-UI-Out-Filterresults: notjunk:1; X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.19 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 47 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1427390652 news.xs4all.nl 2962 [2001:888:2000:d::a6]:36417 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:88079 On 03/26/2015 01:11 PM, Gregg Dotoli wrote: > On Wednesday, March 25, 2015 at 3:43:38 PM UTC-4, Gregg Dotoli wrote: >> This basic script will help to find >> evidence of CryptoWall on a slave drive. Although it is >> just a string, more complex regex patterns can be >> replaced with the string. It is incredible how fast Python is and >> how easy it has helped in quickly assessing a pool of slave drives. >> I'm improving it as we speak. >> >> >> Thanks for your help and patience. I'm new with Python. >> >> >> import os >> import re >> # From the Root >> topdir = "." >> >> # Regex Pattern >> pattern="DECRYPT_I" >> regexp=re.compile(pattern) >> for dirpath,dirnames, files in os.walk(topdir): >> for name in files: >> result=regexp.search(name) >> print(os.path.join(dirpath,name)) >> print (result) >> >> >> >> >> >> Gregg Dotoli > > I posted this because I thought it may be of help to others. This does grep through all the files and is very fast because the regex is compiled in Python , rather than sitting in some directory as an external command. > That is where the optimization comes in. > > Let's close this thread. > > It "grep"s through all the filenames, but there's no open() call or equivalent there at all. it does not look inside a single file. We can stop posting to the thread, but that won't fix the bug in the code. -- DaveA