Skip to content

DevanTQ/Ford

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
assets
assets
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
ford.py
ford.py
 
 
pyproject.toml
pyproject.toml
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

FORD

Python License Version Platform Zero Dependency


Zero-dependency CLI for rapid encoding triage, multi-layer decoding, and IOC extraction.
Drop a suspicious string in. FORD figures the rest out.

Preview

Preview Flag Detection

Features
🔍 Auto-detect Base64, Base32, Base64-URL, Base85, Base58, Hex, Binary, ROT13/47, all 25 Caesar shifts, URL encode, HTML entities
🔗 Multi-layer chaining --depth recursively feeds decoded output back through all decoders
💣 XOR Static single-byte via --xor, or bruteforce 0x01–0xFF automatically
🚩 IOC extraction Auto-highlights CTF flags WORD{...}, IPv4, emails, and URLs
🧬 Hash identification MD5 / SHA-1 / SHA-224 / SHA-256 / SHA-384 / SHA-512 by digest length
🗂️ Magic bytes Detects PNG, JPEG, ZIP, RAR, ELF, PE, PDF, MP3 in binary output
📊 Shannon entropy Per-result entropy score to gauge encryption strength
💾 File output --output saves a clean ANSI-stripped report
🪟 Windows support VT100/ANSI auto-enabled, graceful fallback on legacy CMD
🔁 Stdin pipe echo "..." | ford

Install

git clone https://github.com/DevanTQ/Ford.git
cd Ford
pip install -e .

ford is now available system-wide — no alias needed.

With Base58 support (optional):

pip install -e "[full]"

Usage

ford "[encoded_text]"
ford "[encoded_text]" --depth 3
ford "[hex_string]"   --xor 0x42
ford "[encoded_text]" --output results.txt
echo "aGVsbG8=" | ford

Flags

Flag Description
--depth N Recursive decode depth, 1–5 (default: 1)
--xor 0xKEY Single-byte XOR with given key
--output FILE Save plain-text report to file
--all Force-show all weak heuristic results
--no-banner Suppress the header line
-v / --version Print version and exit

Examples

# Basic Base64
ford "aGVsbG8gd29ybGQ="

# Nested encoding — Base64 wrapped in Hex, 2 layers deep
ford "6147567362473867643239796247513d" --depth 2

# XOR with known key
ford "2a3b1c4d" --xor 0x42

# XOR bruteforce — no key needed
ford "08040b0b0e"

# Pipe from stdin
echo "68656c6c6f" | ford

# Save report to file
ford "dGVzdA==" --output report.txt

# Show all results including weak matches
ford "aGVsbG8=" --all

Requirements

  • Python 3.8+
  • No mandatory third-party packages
  • Optional: base58 · colorama (legacy Windows CMD)

Project Structure

Ford/
├── ford.py            ← main tool
├── pyproject.toml     ← build config & CLI entrypoint
├── requirements.txt   ← optional dependencies
├── LICENSE
├── README.md
└── tests/
    └── test_ford.py   ← 35 unit tests

Running Tests

pip install pytest
python -m pytest tests/ -v

License

MIT — see LICENSE

Built by DevanTQ · for CTF, DFIR, and anyone who stares at encoded strings too long

About

Forensic Decoder CLI | multi-layer encoding triage and IOC extraction for CTF and DFIR

devandraelsyadam.netlify.app

Topics

python decoder dfir ctf-tools cli-tool forensics-tools cybersecurity-tools

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases 2

FORD v3.8 Latest
Jun 12, 2026
+ 1 release

Packages

 
 
 

Contributors

Languages