Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Adobe Open Sources Tool for Sanitizing Logs, Detecting Exposed Credentials

Adobe has made available in open source a tool designed to identify randomly generated strings in any plain text.

Dubbed Stringlifier, the tool was written in Python and leverages machine learning to differentiate random character sequences from normal text sequences.

Adobe has made available in open source a tool designed to identify randomly generated strings in any plain text.

Dubbed Stringlifier, the tool was written in Python and leverages machine learning to differentiate random character sequences from normal text sequences.

The open-source project should prove helpful when analyzing security and application logs, or when attempting to discover credentials that might have been accidentally exposed.

Whether it comes down to hashes, API keys, randomly generated passwords, or other types of random strings in source code, logs, or configuration files, Stringlifier should help easily identify them.

The source code for Stringlifier has been published in Adobe’s public GitHub repository, but the software giant also made available a “pip” (Python package installer) installation package with a pre-trained model included.

Adobe says it has already used the tool to identify random strings when looking for anomalies in datasets, in addition to the open-source utility called Tripod.

The team used various approaches to pre-process and convert long strings into numerical form, but these approaches hit a roadblock when encountering random strings, disrupting the clustering algorithm.

By replacing all random character sequences with <RANDOM_STRING>, the team was able to group similar types of command lines easier, even if they employed random hashes in their parameters.

Advertisement. Scroll to continue reading.

“We hope you find stringlifier useful. The entire source-code is available in Adobe’s GitHub repository. You can also find all of our other open source projects from across Adobe’s security teams in that repository. We look forward to getting feedback and contributions are always welcome,” Adobe notes.

The company also provides information on how to get started with using Stringlifier, as well as on how users can train their own models when looking to detect different types of strings.

Related: ‘Have I Been Pwned’ Code Base Going Open Source

Related: IBM Releases Open Source Toolkits for Processing Data While Encrypted

Related: BlackBerry Releases Open Source Reverse Engineering Tool

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Security awareness training firm KnowBe4 has named Bryan Palma as president and CEO effective May 5.

Threat intelligence firm Team Cymru has appointed Joe Sander as its Chief Executive Officer.

Madhu Gottumukkala has been named Deputy Director of the cybersecurity agency CISA.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.