Educause Security Discussion mailing list archives
Re: SSN file scanner (C source available)
From: Gary Golomb <coach () GWU EDU>
Date: Fri, 12 May 2006 11:39:33 -0400
Not sure if someone posted this already, but we've been using ftimes to do this for the past few years. It works on most all platforms. Will also find unicoded strings, such as those in Office spreadsheets and access databases. We have some pretty crazy regex's we've developed for these purposes, so if any one wants them, contact me offlist... http://ftimes.sourceforge.net/FTimes/ -gary ------ Gary Golomb Computer Forensics Engineer ISS/Network Systems Security 801 22nd St NW Rm B204A Washington, DC 20052 coach () gwu edu http://home.gwu.edu/~coach ----- Original Message ----- From: Graham Toal <gtoal () UTPA EDU> Date: Thursday, May 11, 2006 6:22 pm Subject: [SECURITY] SSN file scanner (C source available) To: SECURITY () LISTSERV EDUCAUSE EDU
Here's a little freebie for y'all... http://www.gtoal.com/ssn/ This is a C command-line program, whose parameter is a directory, eg: ".\findssn ." or ".\findssn c:\ > d:\ssn.log" It scans all the files in that directory and below, looking for strings within the files of the forms 123-45-6789 and 123456789 - it then runs an SSN validation function on the numbers, in an attempt to find files containing SSNs. You'd want to use this on every system that is not supposed to have any SSNs stored on it... This version is for WinXX systems only (no mac/unix yet) and you should compile it yourself. (What, you're a security guy and you're asking for an executable from a stranger? Sheesh! :-) Go let the free LCC compiler if you need one) It's not extensively tested but it worked well enough for me to save me from embarassment once or twice. If you run it on your whole disk, expect to wait some time (that is not to say it isn't fast, just that disks are big) Later versions may do better summarizing and give more weight to strings of the nnn-nn-nnnn form as being likely SSNs. It does not rule out any files, so you should expect some hits from .dll files, .bmp, .exe etc. The summary info and the SSN validity check between them ought to be enough to quickly rule out the false positives however. Any user-contributed mods will be greatly welcome. Graham
Current thread:
- SSN file scanner (C source available) Graham Toal (May 11)
- <Possible follow-ups>
- Re: SSN file scanner (C source available) Wyman Miles (May 12)
- Re: SSN file scanner (C source available) Roger Safian (May 12)
- Re: SSN file scanner (C source available) Graham Toal (May 12)
- Re: SSN file scanner (C source available) Wyman Miles (May 12)
- Re: SSN file scanner (C source available) Wyman Miles (May 12)
- Re: SSN file scanner (C source available) Steve Lovaas (May 12)
- Re: SSN file scanner (C source available) Gary Golomb (May 12)
- Re: SSN file scanner (C source available) Graham Toal (May 12)
- Re: SSN file scanner (C source available) Gary Golomb (May 12)
- Re: SSN file scanner (C source available) Wyman Miles (May 12)