Adobe has released an open-source tool, dubbed Stringlifier, which was designed to identify randomly generated strings in any plain text.
The Stringlifier tool was written in Python and uses machine learning to identify sequences of random characters inserted in a normal text.
The open-source tools could be used to analyze logs for multiple purposes, such as the research of accidentally exposed credentials.
“Stringlifier is our latest open source project and it can help you in tackling this often difficult task. The project is an open-source python package that allows you to detect code/text that resembles a randomly generated string in any plain text. It uses machine learning to distinguish between normal and random character sequences. It can also be adapted for more fine-grained classifications (password, API key, hash, etc.).” reads the post published by Adobe.
Stringlifier is able to find API keys, hashes, randomly generated strings, including passwords, logs, in source code, or configuration files.
“String-classifier – is a python module for detecting random string and hashes text/code.” reads the description published by Adobe on Github.
“Typical usage scenarios include:
The source code of the Stringlifier tool is available on Adobe’s public GitHub repository. Adobe also released a Python package installer) installation package with a pre-trained model included.
Adobe has used the tool to identify random strings within datasets, along with another open-source tool dubbed Tripod.
Adobe revealed that multiple approaches used to pre-process and convert long strings into numerical form had problems when encountering random strings.
The experts worked by replacing all random character sequences with <RANDOM_STRING> to group similar types of command lines easier, even if they employed random hashes in their parameters.
“We hope you find stiringlifier useful. The entire source-code is available in Adobe’s GitHub repository. You can also find all of our other open source projects from across Adobe’s security teams in that repository. We look forward to getting feedback and contributions are always welcome.” concludes Adobe.
(SecurityAffairs – hacking, Stringlifier)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.