Skip to content
Sublime Malware Research Tool
Python JavaScript
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
magic Work to make SMRT ST3 compatible Oct 18, 2015
pefile Fixed pe version info Oct 18, 2015
pescanner
COPYRIGHT Work to make SMRT ST3 compatible Oct 18, 2015
LICENSE
README.md Added Hex Bitwise ROR/ROL commands Jan 2, 2016
SMRT.py Put in more checks for valid data on FindPE related commands Jan 11, 2016
SMRT.sublime-commands
peid.db

README.md

Sublime Malware Research Tool

This is a Plugin for Sublime Text 3 to provide a number of commonly used tools related to malware analysis and research. The original version for Sublime Text 2 can be found in the SublimeText2 branch, but it is unlikely development will continue on that branch.

Installation

Recommended installation is to git clone into the Packages directory of Sublime Text 3

Prerequisites

You must have libmagic installed or SMRT will fail to load.

Examples:

OSX (using Homebrew): brew install libmagic

Windows: https://github.com/pidydx/libmagicwin64

Current Commands

  • SMRT: Int To Unix Timestamp
  • SMRT: UTF-8 To Base64
  • SMRT: UTF-8 To Base32
  • SMRT: Base64 To UTF-8
  • SMRT: Base32 To UTF-8
  • SMRT: Rot13 Encode
  • SMRT: RotX Encode (Prompts for integer distance to rotate text)
  • SMRT: Swap Char (Prompts for substitution map in Xx:Yy format)
  • SMRT: UTF-8 To MD5
  • SMRT: UTF-8 To SHA1
  • SMRT: UTF-8 To SHA256
  • SMRT: Hex To Int
  • SMRT: Int To Hex
  • SMRT: Byte Format Hex
  • SMRT: Word Format Hex
  • SMRT: DWord Format Hex
  • SMRT: Base64 Encode Binary
  • SMRT: Base64 Decode Binary
  • SMRT: ASCII To Hex
  • SMRT: UTF-8 To Hex
  • SMRT: UTF-16 To Hex
  • SMRT: Hex To ASCII
  • SMRT: Hex To UTF-8
  • SMRT: Hex To UTF-16
  • SMRT: Binary To Hex (Expects string of 1's and 0's)
  • SMRT: Hex to Binary
  • SMRT: Zlib Decompress Hex
  • SMRT: Zlib Compress Hex
  • SMRT: Gzip Decompress Hex
  • SMRT: Gzip Compress Hex
  • SMRT: INFLATE Decompress Hex
  • SMRT: DEFLATE Compress Hex
  • SMRT: URL Quote
  • SMRT: URL Unquote
  • SMRT: NBO Int To IP
  • SMRT: HBO Int To IP
  • SMRT: IP To NBO Int
  • SMRT: IP To HBO Int
  • SMRT: Switch Endianness (Expects Hex Text)
  • SMRT: PE Scanner (Expects Hex Text)
  • SMRT: Find PE (Expects Hex Text)
  • SMRT: Brute XOR Find PE (Expects Hex Text. This can take some time and Sublime will appear to be unresponsive while running)
  • SMRT: Apply XOR (Prompts for hex key or range. Examples: FF, 00-FF, DEAD, 0000-FFFF)
  • SMRT: Apply XOR Skip Zero and Key (Prompts for hex key or range. Examples: FF, 00-FF, DEAD, 0000-FFFF)
  • SMRT: Int to Alpha (Converts 1->A, 2->B, 3->C, etc. Expects ints 1-26 separated by spaces)
  • SMRT: Alpha to Int (Converts Aa->1, Bb->2, Cc->3, etc. Expects upper/lower alpha a-z)
  • SMRT: Code Point to Unicode (Expects code point representation. Examples: U+XXXX, %uXXXX, \uXXXX)
  • SMRT: Unicode to Code Point
  • SMRT: Hex Bitwise ROL (Prompts for number of bytes to include in rotation and number of bits to rotatein x,y format)
  • SMRT: Hex Bitwise ROR (Prompts for number of bytes to include in rotation and number of bits to rotatein x,y format)

Coming Soon

  • Custom BaseXX Encode/Decodes
  • Bit Operations (NEG,INV)
  • Mail Extraction
  • Strings on PE
  • Mach-o, ELF features
You can’t perform that action at this time.