Cofense - Security Awareness Training & Email Threat Detection

GIMP away your troubles

Share This Article

“Efficiency is intelligent laziness”

-David Dunham

Scripting is a great way to spend ten times the amount of time to automate something as it would have taken to just do it in the first place.  Sometimes it’s worth it because it saves you time in the long run, and sometimes it’s worth it because you’d lose your mind doing something that takes three words to describe over and over and over but is unnervingly complex for no reason apart from making your life miserable. Alas, like cleaning the litter box, you said you would do it, it needs to be done, and it’s going to happen a lot.

BEHOLD – my favorite photo editing suite: GIMP.  Apart from being the poor man’s , GIMP is open-source, free, community driven, and SCRIPTABLE. That’s great if you’ve been voluntold that once a week for the foreseeable future you’ll be, for example: collecting the top six voted, full resolution, user-provided images per week of various image formats and making square, high compression JPEG thumbnail images of them to add to the company newsletter.  Yes, that is a very specific example, and yes, it is of very low caliber functionality for a powerful suite like GIMP, but bear with me.

By default, all the GIMP documentation points to using Script-Fu, which is a dialect of scheme (no thanks), but it is also possible to write using the aptly named Python-fu (perfect).  The documentation for Python-fu is a little lackluster ( and does require some translation from the reference manuals (, but it can be pretty rewarding and gets easier in time. What these docs do not explicitly tell you is that you can browse the procedural database by opening GIMP and navigating to Help->Procedure Browser in the program’s menu.  Everything in there, and that’s basically an itemized list of everything you can do in a stock install of GIMP, can be addressed in your python script by pdb.insert_command_here().  You can test anything you want in there pythonically by navigating to Filters->Python-fu->Console which basically gives you a Python console with all the GIMP imports loaded.  Write it out as a function definition and put the requisite wrapper around it, and you have yourself a custom plug-in script – which can even appear as a menu item in a location of your choosing.  Add the ability to run this plugin from the command line, and you have automated your weekly monotony.

So lets walk though this image resizing script, shall we?

Gather your images

Malware Analysis - Suspicious File with Watermark

Open one up in GIMP to get started

Malware Analysis - Suspicious Process with Watermark

Go through the motions of what you would usually do, but do not do it

Malware Analysis - Suspicious Network Activity with Watermark

Open the procedure browser

Malware Analysis - Suspicious Registry Key with Watermark

Find the procedure of the same command name

Email Security threat detection software in action

Open up the Python-fu console

Email security platform with real

Scale down the image

SUPER IMPORTANT NOTE – hyphens in the procedure browser become underscores in python-fu

Cofense phishing detection dashboard showing live threat alerts

Now that the image is scaled down, it needs to be squared up with a new background layer so skip ahead to the Procedure Browser to find a procedure that matches what you are trying to accomplish

Secure email gateway protecting against email

After a long and circuitous perusing through the Procedure Browser translating menu clicks and background processes into what remains to be accomplished (HINT: read the full procedure definition AND additional information section), the rest of the script should come together. The remaining steps are listed below:

  • Create the new layer
  • Attach the new layer to the bottom layer of the image
  • Center the new layer around the scaled image
  • Color the background layer black
  • Resize the canvas to fit the layer
  • Flatten the image layers
  • Save the file as a jpeg

Threat analysis dashboard showing top phishing attacks

Now that it works, wrap it up in a nice python function definition – Notice I’ve added a couple modifications, and changed variable names for brevity.  You can trust me on why or consider it homework to find out.

Advanced phishing simulation tool for security awareness training

The modifications also allowed the modified image to be saved to the directory it was loaded from

Cofense phishing incident response workflow

Go into your GIMP installation preferences

Email threat intelligence dashboard for proactive defense

Get the path to your plug-ins directory

Email security solution with advanced threat detection

Copy the following script to a file inside that directory with the extension “.py” because it is a Python script.  BE SURE TO SET THE FILE TO BE EXECUTABLE – a good old chmod 755 will work nicely.  Restart GIMP and you will find…

					#!/usr/bin/env python
from gimpfu import *

def blackThumb(*args):
  loadfile = args[0]
  img = pdb.gimp_file_load(loadfile, loadfile)
  if img.base_type!=0:
  square_size = 100
  scale_factor = float(img.width)/square_size
  scale_factor = max(scale_factor,float(img.height)/square_size)
  bg = pdb.gimp_layer_new(img,square_size,square_size,0,"BlackBack",100,0)
  pdb.gimp_layer_translate(bg, 0-(bg.width-img.width)/2, 0-(bg.height-img.height)/2)
  drwbl = pdb.gimp_image_active_drawable(img)
  pdb.gimp_drawable_fill(drwbl, 1)
  savename = img.filename+ ".thumb.jpg"
  pdb.file_jpeg_save(img, img.layers[0], savename, savename ,0.9, 0, 0, 0, "", 0, 0, 0, 0)

 "Create a 100x100 jpeg thumbnail",
 "need path of file that needs thumbnailification",
 "(c) CofenseLabs",
 "Oct 2018",
 "Black Thumb",
 (PF_STRING, "arg0", "ImagePath", "/path/to/image"),
 blackThumb, menu="<Image>/File/Create")


Copy the following script to a file inside that directory with the extension “.py” because it is a Python script.  BE SURE TO SET THE FILE TO BE EXECUTABLE – a good old chmod 755 will work nicely.  Restart GIMP and you will find…

Phishing simulation platform with detailed reporting and analytics

Real time email threat detection and response platform

Give it a shot!

Advanced email security solution with customizable policies and rules

Take it a step further and complete the process from the command line!

*I cannot guarantee that this will work for your platform and your installation, you will have to experiment, because it varies from platform to platform, version to version.

*Yes, you have to add “python-fu” to the front of your plug-in name.

					/Applications/ -idf --verbose -b '(python-fu-black-thumb RUN-NONINTERACTIVE "/Users/USERNAME/Desktop/numbered/4.tif")' -b '(gimp-quit 1)'

Insert your best bash-fu here

To recapitulate:

  • Play with Python-Fu Console in conjunction with Procedure Browser to find your commands
  • Rewrite as a python function definition
  • Adjust to use “*args”, write register function, and appropriate imports
  • Relocate as an executable file to GIMP plug-ins directory
  • Test from drop-down menus
  • Bash script away

All third-party trademarks referenced by Cofense whether in logo form, name form or product form, or otherwise, remain the property of their respective holders, and use of these trademarks in no way indicates any relationship between Cofense and the holders of the trademarks.  


We use our own and third-party cookies to enhance your experience by showing you relevant content, personalizing our communications with you, and remembering your preferences when you visit our website. We also use them to improve the overall performance of our site. You can learn more about the cookies and similar technology we use by viewing our privacy policy. By clicking ‘Accept,’ you acknowledge and consent to our use of all cookies on our website.