Nothing special, just yet another entropy calculating tool, but this time, it scanning for a high-entropy files in a folder, skipping known archives, graphics files, PDFs, etc...
This is useful for finding public/private RSA keys, certificates, etc...
For Windows 10 folder it can find, for example:
/Windows/PrintDialog/appxsignature.p7x: 7.341996 /Windows/Prefetch/WINDOWSINTERNAL.COMPOSABLESHE-2E97BC71.pf: 7.700594 /Windows/Prefetch/BACKGROUNDTASKHOST.EXE-6EC8165F.pf: 7.731730 /Windows/Prefetch/OPTIONALFEATURES.EXE-C0AF40DB.pf: 7.689539 ... /Windows/ImmersiveControlPanel/appxsignature.p7x: 7.342181 /Windows/Containers/WindowsDefenderApplicationGuard.wim: 7.999171 /Windows/Containers/serviced/WindowsDefenderApplicationGuard.wim: 7.999167 /Windows/ServiceProfiles/LocalService/AppData/Local/Microsoft/Credentials/DFBE70A7E5CC19A398EBF1B96859CE5D: 7.977050 /Windows/ServiceProfiles/LocalService/AppData/LocalLow/Microsoft/CryptnetUrlCache/Content/6BADA8974A10C4BD62CC921D13E43B18_88614FFAD35D353421B8A7E1FE18FCE4: 7.493123 /Windows/ServiceProfiles/NetworkService/AppData/Local/Microsoft/Credentials/DFBE70A7E5CC19A398EBF1B96859CE5D: 7.979446 /Windows/ServiceProfiles/NetworkService/AppData/LocalLow/Microsoft/CryptnetUrlCache/Content/36AC0BE60E1243344AE145F746D881FE: 7.137372 /Windows/Provisioning/Cosa/Microsoft/Microsoft.Windows.Cosa.Desktop.Client.ppkg: 7.733699 /Windows/bcastdvr/broadcastpause720.h264: 7.996856 /Windows/SoftwareDistribution/Download/e152b0fa1eed9a26433c5df7a506856c/Microsoft-Windows-Client-LanguagePack-Package_en-US~31bf3856ad364e35~AMD64~en-us~.esd: 7.982769
The Python 2.x source code. Run pip install filetype before. Tested only on Linux.
Read more about entropy in my blog (this post has been merged into the RE4B book).
Yes, I know about these lousy Disqus ads. Please use adblocker. I would consider to subscribe to 'pro' version of Disqus if the signal/noise ratio in comments would be good enough.