What is the best utility to use in order to perform a dirty word search across a network or on a local file?
Printable View
What is the best utility to use in order to perform a dirty word search across a network or on a local file?
Uh.. Platform for the local file?
Across the network, I'd add a rule into the IDS to generate alerts for certain words. Alternatively, setup a sniffer and filter for lines that contain the word (only good for clear text protocols -- obviously if it's encrypted you won't be able to do this).
Windows NT/2K
Doesn't the search feature allow for searches into documents? (at least on Win2K). There is also -- somewhere (I can't find it) -- a Windows ported version of the tool strings and grep (maybe in Cygwin?) which could be used to find clear text strings that match "dirty words".
Something I can import a "word list" into would be nice.
Hrmm.. I would think a simple script (I think I can envision this in *nix but not Windows specifically -- anyone know WSH?) with a loop:
1. Find text files
2. extract all words from text files
3. compare each word on a line-by-line basis to words from wordlist
4. announce any files that match the list
5. repeat steps 3-5
(I think that would logically work). Maybe Perl or PHP might be used for this?
hehe. its fun for things like s"****"thorpes etc
For the benefit of all those that are unfamiliar with the Hallowed Land know as England and to save Mark some possible embarrassment S****horpe is a town in the north east of England that has been the target of string captures due to the unfortunate choice of consecutive letters in it's name.
very interesting, but not too helpful...
something other than WinHex, Buster, D-Scan... etc.
Actually, it is helpful when you think about it. If the filter isn't specific enough (say if you just grepped a specific word -- grep being a pattern matcher), you'll get lots of "false positives" and thus will be sifting through more by hand. It is a point to keep in mind especially if you go the shell scripting route (WSH) to solve the local host search.
Even on the network you may get "false positives" and this will require tweaking.