-
Notifications
You must be signed in to change notification settings - Fork 41
/
Copy pathsearch_files_with_Zone.Identifier.py
49 lines (33 loc) · 1.23 KB
/
search_files_with_Zone.Identifier.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
__author__ = "ipetrash"
# SOURCE: https://blogs.technet.microsoft.com/askcore/2013/03/24/alternate-data-streams-in-ntfs/
import subprocess
from glob import glob
from os.path import isfile, expanduser, normpath
# Example: 'C:/Users/<user_name>/Downloads'
DIR_NAME = normpath(expanduser("~/Downloads"))
print(f'Search in "{DIR_NAME}"\n')
# NOTE: For test
f = open("log.txt", "w", encoding="utf-8")
# For statistic
files = [
file_name
for file_name in glob(DIR_NAME + "/**/*", recursive=True)
if isfile(file_name)
]
found = 0
for i, file_name in enumerate(files, 1):
print(f"{i}/{len(files)} ({int(i / len(files) * 100)}%). found: {found}")
escape_file_name = file_name.replace("[", "`[").replace("]", "`]")
try:
cmd = f'''powershell -Command "get-content '{escape_file_name}' -stream Zone.Identifier"'''
# print(cmd)
text = subprocess.check_output(cmd, stderr=subprocess.STDOUT)
print(" [+]", file_name, text)
f.write(file_name + " " + repr(text) + "\n")
found += 1
# NOTE: for test
except subprocess.CalledProcessError as e:
data = e.output
print(" [-]", file_name, e, repr(data.decode("cp1251")))