March 29th, 2004, 02:17 PM
Dirty Word Search
What is the best utility to use in order to perform a dirty word search across a network or on a local file?
March 29th, 2004, 02:20 PM
Uh.. Platform for the local file?
Across the network, I'd add a rule into the IDS to generate alerts for certain words. Alternatively, setup a sniffer and filter for lines that contain the word (only good for clear text protocols -- obviously if it's encrypted you won't be able to do this).
March 29th, 2004, 03:06 PM
March 29th, 2004, 03:12 PM
Doesn't the search feature allow for searches into documents? (at least on Win2K). There is also -- somewhere (I can't find it) -- a Windows ported version of the tool strings and grep (maybe in Cygwin?) which could be used to find clear text strings that match "dirty words".
March 29th, 2004, 03:16 PM
Something I can import a "word list" into would be nice.
March 29th, 2004, 03:23 PM
Hrmm.. I would think a simple script (I think I can envision this in *nix but not Windows specifically -- anyone know WSH?) with a loop:
1. Find text files
2. extract all words from text files
3. compare each word on a line-by-line basis to words from wordlist
4. announce any files that match the list
5. repeat steps 3-5
(I think that would logically work). Maybe Perl or PHP might be used for this?
March 29th, 2004, 03:32 PM
hehe. its fun for things like s"****"thorpes etc
March 29th, 2004, 03:43 PM
For the benefit of all those that are unfamiliar with the Hallowed Land know as England and to save Mark some possible embarrassment S****horpe is a town in the north east of England that has been the target of string captures due to the unfortunate choice of consecutive letters in it's name.
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
March 29th, 2004, 05:12 PM
very interesting, but not too helpful...
something other than WinHex, Buster, D-Scan... etc.
March 29th, 2004, 05:15 PM
Actually, it is helpful when you think about it. If the filter isn't specific enough (say if you just grepped a specific word -- grep being a pattern matcher), you'll get lots of "false positives" and thus will be sifting through more by hand. It is a point to keep in mind especially if you go the shell scripting route (WSH) to solve the local host search.
Even on the network you may get "false positives" and this will require tweaking.