110 lines
3.6 KiB
ReStructuredText
110 lines
3.6 KiB
ReStructuredText
==============
|
|
DB Fingerprint
|
|
==============
|
|
|
|
|
|
-------------
|
|
INTRO
|
|
-------------
|
|
::
|
|
|
|
[D]ata[B]ase [F]inger[P]rint
|
|
|
|
dbfp is a tool that will scan a sqlite database and generate a fingerprint.
|
|
The fingerprint will uniquely identify the database.
|
|
The fingerprint consists of the database schema, the sql table create statements,
|
|
md5 calculations, and file meta-data.
|
|
The fingerprint is stored to disk in JSON format.
|
|
|
|
The fingerprint can be used to identify unknown databases from random paths or recovered from deleted space.
|
|
The fingerprint can be used for historical comparisons to see what has changed in a new version of an application.
|
|
|
|
|
|
-------------
|
|
FEATURES
|
|
-------------
|
|
* Generate a fingerprint in JSON format.
|
|
* Compare a sqlite database with a fingerprint.
|
|
* Rip all apps from an Android phone and create fingerprints for all SQLite databases
|
|
* Lightning fast fingerprint comparison
|
|
- creates an index of fingerprints
|
|
- query the index for quick fingerprint comparison
|
|
|
|
|
|
|
|
USAGE
|
|
-----
|
|
::
|
|
|
|
Create fingerprings from given path
|
|
find <db_files_path> -exec python dbfp.py -db {} \;
|
|
|
|
Attempt to fingerprint all files with *.db
|
|
find . -type f -name "*.db" -exec python dbfp.py -db {} \;
|
|
|
|
Attempt to fingerprint all files, recursively, from this path (no error if file not database)
|
|
find . -type f -exec python dbfp.py -db {} \;
|
|
|
|
|
|
***** ***** ***** *****
|
|
DB Fingerprint
|
|
***** ***** ***** *****
|
|
|
|
Create fingerprint:
|
|
dbfp.py -db <database_file>
|
|
|
|
Create fingerprint index:
|
|
dbfp.py -fd <fingerprint_dir> -idx
|
|
|
|
Add fingerprint to index:
|
|
dbfp.py -fp <fingerprint_file> -idx (-db <database_file> | -fp <fingerprint_file>)
|
|
|
|
Compare fingerprint to a database file:
|
|
dbfp.py -fp <fingerprint_file> -db <database_file>
|
|
|
|
Lookup fingerprint from index:
|
|
dbfp.py -fd <fingerprint_dir> -fp <fingerprint_file>)
|
|
|
|
Lookup database from index:
|
|
dbfp.py -fd <fingerprint_dir> -db <database_file>
|
|
|
|
Lookup MD5 hash from index:
|
|
dbfp.py -fd <fingerprint_dir> -md5 <md5_hash_string>
|
|
|
|
Android App pull and fingerprint:
|
|
dbfp.py -android_pull
|
|
|
|
***** ***** ***** *****
|
|
|
|
usage: dbfp.py [-h] [-db DATABASE] [-fd FPDIR] [-fp FINGERPRINT]
|
|
[-ad ANDROID_DIR] [-dd DATA_DIR] [-an APP_NAME]
|
|
[-av APP_VERSION] [-n NOTES] [-idx] [-md5 MD5] [-android_pull]
|
|
[-v] [-vv] [-l]
|
|
|
|
Fingerprint a sqlite database based on its schema
|
|
|
|
optional arguments:
|
|
-h, --help show this help message and exit
|
|
-db DATABASE, --database DATABASE
|
|
path to file to be fingerprinted
|
|
-fd FPDIR, --fpdir FPDIR
|
|
path to directory of fingerprint files, compare each
|
|
file
|
|
-fp FINGERPRINT, --fingerprint FINGERPRINT
|
|
fingerprint file to use in comparison
|
|
-ad ANDROID_DIR, --android_dir ANDROID_DIR
|
|
path to a directory with android folder structure
|
|
sqlite files
|
|
-dd DATA_DIR, --data_dir DATA_DIR
|
|
path to a directory to search for sqlite files
|
|
-an APP_NAME, --app_name APP_NAME
|
|
-av APP_VERSION, --app_version APP_VERSION
|
|
-n NOTES, --notes NOTES
|
|
-idx add a fingerprint to the index
|
|
-md5 MD5 md5 hash to query the index`
|
|
-android_pull automated pull of applications from a physical android
|
|
phone
|
|
-v, --verbose will set logging level to INFO
|
|
-vv, --vverbose will set logging level to DEBUG
|
|
-l, --logging will supercede the -v option and send all logging to a
|
|
file, logging.DEBUG |