TCHunt-ng 1.3 19 Feb 2017
TCHunt-ng attempts to reveal encrypted files stored on a filesystem. The program is successful in finding TrueCrypt, VeraCrypt, CipherShed containers; LUKS, EncFS, PGP/GPG encrypted files; OpenSSH and PEM private keys; password databases; files made up of random data. The code is based on ideas laid out in the project of Stephen Judge named TCHunt, hence the name.
minor feature: Newly recognized file-types: LUKS encrypted file, Chiasmus encrypted data, Chiasmus key, mcrypt encrypted data, GNOME keyring, Mac OS X Keychain File, Vim encrypted file data. Get rid of the options '-r' and '-x'. Passing a directory on a command line is no longer valid. Recursive scanning is a difficult problem to tackle that requires additional options on par of the program. Simply the task is beyond the scope of TCHunt-ng. Use find(1) to pass found files to TCHunt-ng. Accept file names via stdin. This behavior is enabled by passing '-' as the first non-option argument (i.e. ./command options -). Change the way exit codes are used. If an error occurs for any given file, exit immediately with status 1. If any input file specified on a command line is not detected as random/encrypted, exit with status 2 after processing the rest of the files. Exit status 1 always takes precedence over status 2. When option '-s' is in effect, attempt to further classify the file (i.e. data, pgp/gpg ).