Releases: theflakes/reg_hunter
0.7.5
v0.7.4 Reg Hunter
"hashes": {
"md5": "51a025f5ddc0b402357c16e90257c8c3",
"sha1": "9dd7aae4479670c0504f4bd0fd32723acbc0719d",
"sha256": "a3aab6c7f8bf613728de7072c5235ba6162d56e25474fe31af79a66f9f43b78b",
"ssdeep": "24576:L3qf7HjbPdThgt/bCTGXcozwwX3NrCyhe5QX5hO:2/1dgVGTCn8wXdrCx"
}
0.7.3 RegHunter
Added more lnk file metadata
"hashes": {
"md5": "ea6a24dfbbb8ae132bbb0ed2f6fdfd25",
"sha1": "9ea4672103e675e4c6988a78c62f9e27a9215eeb",
"sha256": "ed6809fb5531d1a5516e6d9fe1bdc0ff5cc6e91393af5592a976a1104b246a6a",
"ssdeep": "24576:U0QxJ8UCodho1Tb/Op1+QET8injyse5GX5b:U0QxnCono1T4wQET3nj"
},
Reg Hunter v0.7.1
Added right to left override attack detection in a registry value
Binary hashes for verification:
md5: 470559c90cbf32ec9e8c20a1240ceec0
sha1: 5196b9696773da8b578a742b7c3ec03197960e9d
sha256: db88c66787ab48dcacc9fa83b3223974bccf8d65e2230770bb9f523dfeb758d6
Reg Hunter v0.7
Added capability to find Base64 encoded MZ header anywhere in a reg value.
Only including 64 bit exe from now on.
Out file added
Added output to file via "--outfile"
v0.5.1
v0.5 beta
v0.3-beta
Inability to open hidden key created by Sysinterntals tool reghide.exe was worked around. Still cannot open the key, but an error log will be generated with a 'HiddenKey' tag. Added a --print option to always print logs even if no hunt matches. Added --debug option to output all error logs. Cleaned up and refactored some code along with making a couple hunts less FP prone.
v.0.2.2-beta
Updated help screen for a better explanation of the regex hunt limitation. Also changed the default for the hex hunt to be "FF" as "00" is more likely to be used to hunt nulls in names even though there is a built-in hunt for that already.