Repository files navigation

➡️Discord ⬅️
The easiest way to identify anything
pip3 install pywhat && pywhat --help

Imagine this: You come across some mysterious text 🧙‍♂️0x52908400098527886E0F7030069857D2E4169EE7 ordQw4w9WgXcQ and you wonder what it is. What do you do?

Well, withwhat all you have to do is askwhat "0x52908400098527886E0F7030069857D2E4169EE7" andwhat will tell you!

what's job is toidentifywhat something is. Whether it be a file or text! Or even the hex of a file! What about textwithin files? We have that too!what is recursive, it will identifyeverything in text and more!

$ pip3 install pywhat

or

# installs optional dependencies that may improve the speed$ pip3 install pywhat[optimize]

$ brew install pywhat

Or for our MacPorts fans:

$ sudo port install pywhat

You come across a new piece of malware called WantToCry. You think back to Wannacry and remember it was stopped because a researcher found a kill-switch in the code.

When a domain, hardcoded into Wannacry, was registered the virus would stop.

You useWhat to identify all the domains in the malware, and use a domain registrar API to register all the domains.

Say you have a.pcap file from a network attack.What can identify this and quickly find you:

• All URLs
• Emails
• Phone numbers
• Credit card numbers
• Cryptocurrency addresses
• Social Security Numbers
• and much more.

Withwhat, you can identify the important things in the pcap in seconds, not minutes.

You can use PyWhat to scan for things that'll make you money via bug bounties like:

• API Keys
• Webhooks
• Credentials
• and more

Run PyWhat with:

pywhat --include "Bug Bounty" TEXT

To do this.

Here are some examples 👇

1. Download all GitHub repositories of an organisation
2. Search for anything that you can submit as a bounty, like API keys

# Download all repositoriesGHUSER=CHANGEME; curl"https://api.github.com/users/$GHUSER/repos?per_page=1000"| grep -o'git@[^"]*'| xargs -L1 git clone# Will print when it finds things.# Loops over all files in current directory.find. -type f -execdir pywhat --include'Bug Bounty' {}\;

# Recursively download all web pages of a sitewget -r -np -k https://skerritt.blog# Will print when it finds things.# Loops over all files in current directory.find. -type f -execdir pywhat --include'Bug Bounty' {}\;

PS: We support more filters than just bug bounties! Runpywhat --tags

Anytime you have a file and you want to find structured data in it that's useful,What is for you.

Or if you come across some piece of text and you don't know what it is,What will tell you.

File Opening You can pass in a file path bywhat 'this/is/a/file/path'.What is smart enough to figure out it's a file!

What about a wholedirectory?What can handle that too! It willrecursively search for files and output everything you need!

Sometimes, you only care about seeing things which are related to AWS. Or bug bounties, or cryptocurrencies!

You can filter output by usingwhat --rarity 0.2:0.8 --include Identifiers,URL https://skerritt.blog. Usewhat --help to get more information.

To see all filters, runpywhat --tags! You can also combine them, for example to see all cryptocurrency wallets minus Ripple you can do:

pywhat --include "Cryptocurrency Wallet" --exclude "Ripple Wallet" 1KFHE7w8BhaENAswwryaoccDb6qcT6DbYY

Sorting You can sort the output by usingwhat -k rarity --reverse TEXT. Usewhat --help to get more information.

Exporting You can export to json usingwhat --json and results can be sent directly to a file usingwhat --json > file.json.

Boundaryless modeWhat has a special mode to match identifiable information within strings. By default, it is enabled in CLI but disabled in API. Usewhat --help or refer toAPI Documentation for more information.

PyWhat has an API! Click herehttps://github.com/bee-san/pyWhat/wiki/API to read about it.

what not only thrives on contributors, but can't exist without them! If you want to add a new regex to check for things, you can read our documentationhere

We ask contributors to join the Discord for quicker discussions, but it's not needed:

We would like to thankDora for their work on a bug bounty specific regex database which we have used.