Base64 Grep

Search for strings in base64 encoded data, without decoding it. Especially for large blobs of base64 this can be significantly faster.

It is just an idea... Probably gives false negatives, might give false positives.

Usage

Search for a string in base64 encoded data, like grep:

cat file.b64 | base64grep 'search string'
echo 'Ba5e64E+C0D3D==' | base64grep 'search string'

List all base64 encoded variants of a string:

base64variants 'search string'

Generate regular expression to search in base64 encoded data:

base64regex 'search string'

Install

When using Bash:

cat base64grep.sh | tee -a ~/.bash_aliases
. ~/.bashrc

When using Oh My Zsh:

cp base64grep.sh ~/.oh-my-zsh/custom/base64grep.zsh
omz reload

One time use:

source base64grep.sh

Usage example: Spamassassin

This custom rule finds 'javascript' hidden in attachments, using the variants generated by base64variants:

base64regex 'javascript'

full       T_JS_BASE64         /(amF2YXNjcmlw|phdmFzY3JpcH|qYXZhc2NyaXB)/
score      T_JS_BASE64         2.90
describe   T_JS_BASE64         Encoded javascript found

Name		Name	Last commit message	Last commit date
Latest commit History 2 Commits
.gitignore		.gitignore
README.md		README.md
base64grep.sh		base64grep.sh

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Base64 Grep

Usage

Install

Usage example: Spamassassin

About

Releases

Packages

Languages

royarisse/base64grep

Folders and files

Latest commit

History

Repository files navigation

Base64 Grep

Usage

Install

Usage example: Spamassassin

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages