{"id":15038717,"url":"https://github.com/bee-san/pywhat","last_synced_at":"2025-05-13T19:13:41.762Z","repository":{"id":38409802,"uuid":"349553695","full_name":"bee-san/pyWhat","owner":"bee-san","description":"šŸø Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! šŸ§™ā€ā™€ļø","archived":false,"fork":false,"pushed_at":"2023-10-31T22:01:01.000Z","size":6239,"stargazers_count":6867,"open_issues_count":26,"forks_count":371,"subscribers_count":70,"default_branch":"main","last_synced_at":"2025-04-28T00:37:06.969Z","etag":null,"topics":["cyber","cybersecurity","hacking","hacktoberfest","malware","malware-analysis","malware-research","pcap","python","re","security","tryhackme"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bee-san.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null},"funding":{"github":"bee-san","patreon":null,"open_collective":null,"ko_fi":"hacker","tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"otechie":null,"custom":["https://www.buymeacoffee.com/beecodes","http://paypal.me/brandonskerritt"]}},"created_at":"2021-03-19T20:59:05.000Z","updated_at":"2025-04-27T19:01:13.000Z","dependencies_parsed_at":"2024-01-18T15:52:52.826Z","dependency_job_id":"69ef9e69-4483-46d6-a492-351dbcb9cb8c","html_url":"https://github.com/bee-san/pyWhat","commit_stats":{"total_commits":415,"total_committers":44,"mean_commits":9.431818181818182,"dds":0.7469879518072289,"last_synced_commit":"8a83d28127a488b2b451f3b8b2d75dbbd704a214"},"previous_names":[],"tags_count":19,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bee-san%2FpyWhat","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bee-san%2FpyWhat/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bee-san%2FpyWhat/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bee-san%2FpyWhat/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bee-san","download_url":"https://codeload.github.com/bee-san/pyWhat/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254010813,"owners_count":21998995,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cyber","cybersecurity","hacking","hacktoberfest","malware","malware-analysis","malware-research","pcap","python","re","security","tryhackme"],"created_at":"2024-09-24T20:39:51.496Z","updated_at":"2025-05-13T19:13:41.726Z","avatar_url":"https://github.com/bee-san.png","language":"Python","readme":"\u003cp align='center'\u003e\n\u003cimg src='images/logo.png'\u003e\n\u003cp align=\"center\"\u003eāž”ļø \u003ca href=\"http://discord.skerritt.blog\"\u003eDiscord\u003c/a\u003e ā¬…ļø\u003cbr\u003e\n\u003ci\u003eThe easiest way to identify anything\u003c/i\u003e\u003cbr\u003e\n\u003ccode\u003epip3 install pywhat \u0026\u0026 pywhat --help\u003c/code\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n \u003ca href=\"http://discord.skerritt.blog\"\u003e\u003cimg alt=\"Discord\" src=\"https://img.shields.io/discord/754001738184392704\"\u003e\u003c/a\u003e \u003ca href=\"https://pypi.org/project/pywhat/\"\u003e\u003cimg alt=\"PyPI - Downloads\" src=\"https://pepy.tech/badge/pywhat/month\"\u003e\u003c/a\u003e \u003ca href=\"https://twitter.com/bee_sec_san\"\u003e\u003cimg alt=\"Twitter Follow\" src=\"https://img.shields.io/twitter/follow/bee_sec_san?style=social\"\u003e\u003c/a\u003e \u003ca href=\"https://pypi.org/project/pywhat/\"\u003e\u003cimg alt=\"PyPI - Python Version\" src=\"https://img.shields.io/pypi/pyversions/pywhat\"\u003e\u003c/a\u003e \u003ca href=\"https://pypi.org/project/pywhat/\"\u003e\u003cimg alt=\"PyPI\" src=\"https://img.shields.io/pypi/v/pywhat\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003chr\u003e\n\n# šŸ¤” `What` is this?\n\n![](images/main_demo.gif)\n\nImagine this: You come across some mysterious text šŸ§™ā€ā™‚ļø `0x52908400098527886E0F7030069857D2E4169EE7` or `dQw4w9WgXcQ` and you wonder what it is. What do you do?\n\nWell, with `what` all you have to do is ask `what \"0x52908400098527886E0F7030069857D2E4169EE7\"` and `what` will tell you!\n\n`what`'s job is to **identify _what_ something is.** Whether it be a file or text! Or even the hex of a file! What about text _within_ files? We have that too! `what` is recursive, it will identify **everything** in text and more!\n\n# Installation\n\n## šŸ”Ø Using pip\n\n```$ pip3 install pywhat```\n\nor\n\n```shell\n# installs optional dependencies that may improve the speed\n$ pip3 install pywhat[optimize] \n```\n\n## šŸ”Ø On Mac?\n\n```$ brew install pywhat```\n\nOr for our MacPorts fans:\n\n```$ sudo port install pywhat```\n\n# āš™ Use Cases\n\n## šŸ¦  Wannacry\n\n![](images/wannacry_demo.png)\n\nYou come across a new piece of malware called WantToCry. You think back to Wannacry and remember it was stopped because a researcher found a kill-switch in the code.\n\nWhen a domain, hardcoded into Wannacry, was registered the virus would stop.\n\nYou use `What` to identify all the domains in the malware, and use a domain registrar API to register all the domains.\n\n## šŸ¦ˆ Faster Analysis of Pcap files\n\n![](images/pcap_demo.gif)\n\nSay you have a `.pcap` file from a network attack. `What` can identify this and quickly find you:\n\n- All URLs\n- Emails\n- Phone numbers\n- Credit card numbers\n- Cryptocurrency addresses\n- Social Security Numbers\n- and much more.\n\nWith `what`, you can identify the important things in the pcap in seconds, not minutes.\n\n## šŸž Bug Bounties\n\nYou can use PyWhat to scan for things that'll make you money via bug bounties like:\n* API Keys\n* Webhooks\n* Credentials\n* and more\n\nRun PyWhat with:\n\n```\npywhat --include \"Bug Bounty\" TEXT\n```\n\nTo do this.\n\nHere are some examples šŸ‘‡\n\n### šŸ™ GitHub Repository API Key Leaks\n\n1. Download all GitHub repositories of an organisation\n2. Search for anything that you can submit as a bounty, like API keys\n\n```shell\n# Download all repositories\nGHUSER=CHANGEME; curl \"https://api.github.com/users/$GHUSER/repos?per_page=1000\" | grep -o 'git@[^\"]*' | xargs -L1 git clone\n\n# Will print when it finds things.\n# Loops over all files in current directory.\nfind . -type f -execdir pywhat --include 'Bug Bounty' {} \\;\n```\n\n### šŸ•· Scan all web pages for bounties\n\n```shell\n# Recursively download all web pages of a site\nwget -r -np -k https://skerritt.blog\n\n# Will print when it finds things.\n# Loops over all files in current directory.\nfind . -type f -execdir pywhat --include 'Bug Bounty' {} \\;\n```\n\n**PS**: We support more filters than just bug bounties! Run `pywhat --tags`\n\n## šŸŒŒ Other Features\n\nAnytime you have a file and you want to find structured data in it that's useful, `What` is for you.\n\nOr if you come across some piece of text and you don't know what it is, `What` will tell you.\n\n### šŸ“ File \u0026 Directory Handling\n\n**File Opening** You can pass in a file path by `what 'this/is/a/file/path'`. `What` is smart enough to figure out it's a file!\n\nWhat about a whole **directory**? `What` can handle that too! It will **recursively** search for files and output everything you need!\n\n### šŸ” Filtering your output\n\nSometimes, you only care about seeing things which are related to AWS. Or bug bounties, or cryptocurrencies!\n\nYou can filter output by using `what --rarity 0.2:0.8 --include Identifiers,URL https://skerritt.blog`. Use `what --help` to get more information.\n\nTo see all filters, run `pywhat --tags`! You can also combine them, for example to see all cryptocurrency wallets minus Ripple you can do:\n\n```console\npywhat --include \"Cryptocurrency Wallet\" --exclude \"Ripple Wallet\" 1KFHE7w8BhaENAswwryaoccDb6qcT6DbYY\n```\n\n### šŸ‘½ Sorting, Exporting, and more!\n\n**Sorting** You can sort the output by using `what -k rarity --reverse TEXT`. Use `what --help` to get more information.\n\n**Exporting** You can export to json using `what --json` and results can be sent directly to a file using `what --json \u003e file.json`.\n\n**Boundaryless mode** `What` has a special mode to match identifiable information within strings. By default, it is enabled in CLI but disabled in API. Use `what --help` or refer to [API Documentation](https://github.com/bee-san/pyWhat/wiki/API) for more information.\n\n\n# šŸ• API\n\nPyWhat has an API! Click here [https://github.com/bee-san/pyWhat/wiki/API](https://github.com/bee-san/pyWhat/wiki/API) to read about it.\n\n# šŸ‘¾ Contributing\n\n`what` not only thrives on contributors, but can't exist without them! If you want to add a new regex to check for things, you can read our documentation [here](https://github.com/bee-san/what/wiki/Adding-your-own-Regex)\n\nWe ask contributors to join the Discord for quicker discussions, but it's not needed:\n\u003ca href=\"http://discord.skerritt.blog\"\u003e\u003cimg alt=\"Discord\" src=\"https://img.shields.io/discord/754001738184392704\"\u003e\u003c/a\u003e\n\n# šŸ™ Thanks\n\nWe would like to thank [Dora](https://github.com/sdushantha/dora) for their work on a bug bounty specific regex database which we have used.","funding_links":["https://github.com/sponsors/bee-san","https://ko-fi.com/hacker","https://www.buymeacoffee.com/beecodes","http://paypal.me/brandonskerritt"],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbee-san%2Fpywhat","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbee-san%2Fpywhat","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbee-san%2Fpywhat/lists"}