Yet another entropy calculating tool

Nothing special, just yet another entropy calculating tool, but this time, it scanning for a high-entropy files in a folder, skipping known archives, graphics files, PDFs, etc...

This is useful for finding public/private RSA keys, certificates, etc...

For Windows 10 folder it can find, for example:

/Windows/PrintDialog/appxsignature.p7x: 7.341996
/Windows/Prefetch/WINDOWSINTERNAL.COMPOSABLESHE-2E97BC71.pf: 7.700594
/Windows/Prefetch/BACKGROUNDTASKHOST.EXE-6EC8165F.pf: 7.731730
/Windows/Prefetch/OPTIONALFEATURES.EXE-C0AF40DB.pf: 7.689539

...

/Windows/ImmersiveControlPanel/appxsignature.p7x: 7.342181
/Windows/Containers/WindowsDefenderApplicationGuard.wim: 7.999171
/Windows/Containers/serviced/WindowsDefenderApplicationGuard.wim: 7.999167
/Windows/ServiceProfiles/LocalService/AppData/Local/Microsoft/Credentials/DFBE70A7E5CC19A398EBF1B96859CE5D: 7.977050
/Windows/ServiceProfiles/LocalService/AppData/LocalLow/Microsoft/CryptnetUrlCache/Content/6BADA8974A10C4BD62CC921D13E43B18_88614FFAD35D353421B8A7E1FE18FCE4: 7.493123
/Windows/ServiceProfiles/NetworkService/AppData/Local/Microsoft/Credentials/DFBE70A7E5CC19A398EBF1B96859CE5D: 7.979446
/Windows/ServiceProfiles/NetworkService/AppData/LocalLow/Microsoft/CryptnetUrlCache/Content/36AC0BE60E1243344AE145F746D881FE: 7.137372
/Windows/Provisioning/Cosa/Microsoft/Microsoft.Windows.Cosa.Desktop.Client.ppkg: 7.733699
/Windows/bcastdvr/broadcastpause720.h264: 7.996856
/Windows/SoftwareDistribution/Download/e152b0fa1eed9a26433c5df7a506856c/Microsoft-Windows-Client-LanguagePack-Package_en-US~31bf3856ad364e35~AMD64~en-us~.esd: 7.982769

The Python 2.x source code. Run pip install filetype before. Tested only on Linux.

Read more about entropy in my blog (this post has been merged into the RE4B book).


Please drop me email about any bug(s) and suggestion(s): dennis(@)yurichev.com.