Pierluigi Paganini August 23, 2020

Adobe has released an open-source tool, dubbed Stringlifier, that allows users to identify randomly generated strings in any plain text, it can be used to sanitize logs.

Adobe has released an open-source tool, dubbed Stringlifier, which was designed to identify randomly generated strings in any plain text.

The Stringlifier tool was written in Python and uses machine learning to identify sequences of random characters inserted in a normal text.

The open-source tools could be used to analyze logs for multiple purposes, such as the research of accidentally exposed credentials.

“Stringlifier is our latest open source project and it can help you in tackling this often difficult task. The project is an open-source python package that allows you to detect code/text that resembles a randomly generated string in any plain text. It uses machine learning to distinguish between normal and random character sequences. It can also be adapted for more fine-grained classifications (password, API key, hash, etc.).” reads the post published by Adobe.

Stringlifier is able to find API keys, hashes, randomly generated strings, including passwords, logs, in source code, or configuration files.

“String-classifier – is a python module for detecting random string and hashes text/code.” reads the description published by Adobe on Github.

“Typical usage scenarios include:

• Sanitizing application or security logs
• Detecting accidentally exposed credentials (complex passwords or api keys)“

The source code of the Stringlifier tool is available on Adobe’s public GitHub repository. Adobe also released a Python package installer) installation package with a pre-trained model included.

Adobe has used the tool to identify random strings within datasets, along with another open-source tool dubbed Tripod.

Adobe revealed that multiple approaches used to pre-process and convert long strings into numerical form had problems when encountering random strings.

The experts worked by replacing all random character sequences with <RANDOM_STRING> to group similar types of command lines easier, even if they employed random hashes in their parameters.

“We hope you find stiringlifier useful. The entire source-code is available in Adobe’s GitHub repository. You can also find all of our other open source projects from across Adobe’s security teams in that repository. We look forward to getting feedback and contributions are always welcome.” concludes Adobe.

Pierluigi Paganini

(SecurityAffairs – hacking, Stringlifier)

[adrotate banner=”5″]

[adrotate banner=”13″]