j3g
/
dbfp_pub
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

WIP: improved schema parsing

This commit is contained in:
JohnE 2015-09-21 23:18:43 -07:00
parent 82651d5388
commit 5bc90d7407
5 changed files with 34 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README → DEV_README
View File

@ -7,7 +7,7 @@
INTRO INTRO
------------- -------------
dbfp is a tool that will scan a sqlite database and generate a fingerprint. dbfp is a tool that will scan a sqlite database and generate a fingerprint.
The fingerprint is basically the database schema. The fingerprint is basically the database schema with some metadata (md5 sums, scan information)
The fingerprint is stored to disk in JSON format. The fingerprint is stored to disk in JSON format.

7
RELEASE_NOTES
View File

@ -13,6 +13,13 @@
History History
------------ ------------
version 0.90
-improved sql create parsing
-improved support for AOSP Androd contacts database
-improved the table schema comparison
-added as an option and to the fingerprint:
app name, app version, notes regarding this scan
version 0.85 version 0.85
-modified format -modified format
-added "file-metadata", info about the scanner and fingerprint file -added "file-metadata", info about the scanner and fingerprint file

2
dbfp.py
View File

@ -64,7 +64,7 @@ def parseArgs():
# compare a sqlite database file to all fingerprints # compare a sqlite database file to all fingerprints
if (args.fp and args.fpdir): if (args.fp and args.fpdir):
compareFingerprints(args.file, args.fp, args.fpdir) compareFingerprintDir(args.file, args.fp, args.fpdir)
# compare a sqlite database file to a fingerprint # compare a sqlite database file to a fingerprint
if (args.fp): if (args.fp):
compareFingerprint(args.file, args.fp) compareFingerprint(args.file, args.fp)

27
docs/README
View File

@ -6,10 +6,24 @@
------------- -------------
INTRO INTRO
------------- -------------
[D]ata[B]ase [F]inger[P]rint
dbfp is a tool that will scan a sqlite database and generate a fingerprint. dbfp is a tool that will scan a sqlite database and generate a fingerprint.
The fingerprint is basically the database schema. The fingerprint will uniquely identify the database.
The fingerprint consists of the database schema, the sql table create statements,
md5 calculations, and file meta-data.
The fingerprint is stored to disk in JSON format. The fingerprint is stored to disk in JSON format.
The fingerprint can be used to identify unknown databases from random paths or recovered from deleted space.
The fingerprint can be used for historical comparisons to see what has changed in a new version of an application.
-------------
FEATURES
-------------
1. Generate a fingerprint in JSON format.
2. Compare a sqlite database with a fingerprint.
------------- -------------
USAGE USAGE
@ -19,12 +33,19 @@ The fingerprint is stored to disk in JSON format.
DB Fingerprint DB Fingerprint
***** ***** ***** ***** ***** ***** ***** *****
usage: main.py [-h] [-f FILE] [-j JSON] [-v] usage: dbfp.py [-h] [-f FILE] [-fd FPDIR] [-fp FP] [-an APP_NAME]
[-av APP_VERSION] [-n NOTES] [-v]
Fingerprint a sqlite database based on its schema Fingerprint a sqlite database based on its schema
optional arguments: optional arguments:
-h, --help show this help message and exit -h, --help show this help message and exit
-f FILE, --file FILE -f FILE, --file FILE
-j JSON, --json JSON -fd FPDIR, --fpdir FPDIR
path to dirctory of fingerprint files
-fp FP, --fp FP fingerprint file to use in comparison
-an APP_NAME, --app_name APP_NAME
-av APP_VERSION, --app_version APP_VERSION
-n NOTES, --notes NOTES
-v, --verbose -v, --verbose

2
libs/fingerprint.py
View File

@ -32,7 +32,7 @@ class DBSchema:
""" """
sqlmaster = "SELECT name, sql FROM sqlite_master WHERE type='table'" sqlmaster = "SELECT name, sql FROM sqlite_master WHERE type='table'"
scanner_ver = "0.85" scanner_ver = "0.90"
format_ver = "0.90" format_ver = "0.90"
def __init__(self): def __init__(self):