diff options
| author | jvoisin | 2015-07-13 13:35:49 +0200 |
|---|---|---|
| committer | jvoisin | 2015-07-13 13:35:49 +0200 |
| commit | cba0b49eb6e2782438df1394a3d42e424d9bc968 (patch) | |
| tree | 217821e9c9ee221c6664a21c0b57133d85a8e0ea | |
| parent | b5a5f1efe855f8d0878bfb7e74e5578cd42d38b7 (diff) | |
Remove useless scripts
| -rwxr-xr-x | run_tests.sh | 30 | ||||
| -rwxr-xr-x | scan.sh | 57 | ||||
| -rwxr-xr-x | script.sh | 10 |
3 files changed, 0 insertions, 97 deletions
diff --git a/run_tests.sh b/run_tests.sh deleted file mode 100755 index 3ad2ea1..0000000 --- a/run_tests.sh +++ /dev/null | |||
| @@ -1,30 +0,0 @@ | |||
| 1 | #!/bin/bash | ||
| 2 | |||
| 3 | # <? system($_GET['p']); | ||
| 4 | # $___ $___ $_____ $_____ $____ $___ | ||
| 5 | # ZXhlYyg | ||
| 6 | # system php_uname posix_setuid phpinfo exec eval | ||
| 7 | # /etc/passwd WinExec uname -a nc -l | ||
| 8 | # 1337day.com | ||
| 9 | |||
| 10 | echo '[+] Testing scanning engine' | ||
| 11 | EXPECTED='ObfuscatedPhp run_tests.sh | ||
| 12 | SuspiciousEncoding run_tests.sh | ||
| 13 | DodgyPhp run_tests.sh | ||
| 14 | DangerousPhp run_tests.sh | ||
| 15 | DodgyStrings run_tests.sh | ||
| 16 | Websites run_tests.sh' | ||
| 17 | RESULT="$(./phpmalwarefinder -c ./malwares.yara run_tests.sh)" | ||
| 18 | if [ "$RESULT" != "$EXPECTED" ] ; then | ||
| 19 | diff <(echo "$RESULT") <(echo "$EXPECTED") | ||
| 20 | exit 1 | ||
| 21 | fi | ||
| 22 | |||
| 23 | echo '[+] Testing on non-existing rules' | ||
| 24 | EXPECTED="./nonexistentfile doesn't exist. Please give me a valid file." | ||
| 25 | RESULT="$(./phpmalwarefinder -c ./nonexistentfile run_tests.sh)" | ||
| 26 | if [ "$RESULT" != "$EXPECTED" ] ; then | ||
| 27 | diff <(echo "$RESULT") <(echo "$EXPECTED") | ||
| 28 | exit 1 | ||
| 29 | fi | ||
| 30 | |||
diff --git a/scan.sh b/scan.sh deleted file mode 100755 index 3d48dc3..0000000 --- a/scan.sh +++ /dev/null | |||
| @@ -1,57 +0,0 @@ | |||
| 1 | #/bin/bash | ||
| 2 | |||
| 3 | diff_folder='/var/log/phpmalwarefinder/' | ||
| 4 | stdout=false | ||
| 5 | |||
| 6 | SCAN_CMD='./yara -r ./malwares.yara -f' | ||
| 7 | |||
| 8 | show_help() { | ||
| 9 | cat << EOF | ||
| 10 | Usage ${0##*/} [-dhw] | ||
| 11 | -d Path to the diff folder (defaults to ${diff_folder}) | ||
| 12 | -h Show this help message | ||
| 13 | -w Provide a whitelist file, containing one path per line | ||
| 14 | -s Show diff on stdout | ||
| 15 | EOF | ||
| 16 | } | ||
| 17 | |||
| 18 | OPTIND=1 | ||
| 19 | while getopts "hw:d:" opt; do | ||
| 20 | case "$opt" in | ||
| 21 | h) | ||
| 22 | show_help | ||
| 23 | exit 0 | ||
| 24 | ;; | ||
| 25 | d) | ||
| 26 | diff_folder="$OPTARG" | ||
| 27 | ;; | ||
| 28 | s) | ||
| 29 | stdout=true | ||
| 30 | ;; | ||
| 31 | '?') | ||
| 32 | show_help | ||
| 33 | exit 1 | ||
| 34 | ;; | ||
| 35 | esac | ||
| 36 | done | ||
| 37 | shift "$((OPTIND-1))" | ||
| 38 | |||
| 39 | if [ ! -d "$diff_folder" ]; then | ||
| 40 | echo "[-] Invalid previous_scan directory: " "$diff_folder" | ||
| 41 | exit 1 | ||
| 42 | fi | ||
| 43 | |||
| 44 | previous_scan="$(ls -t "$diff_folder" | head -1)" | ||
| 45 | if [ -z "$previous_scan" ]; then | ||
| 46 | echo "[*] No previous scan found: This will be the first one." | ||
| 47 | $SCAN_CMD "$@" | sort | tee > "$diff_folder/$(date +%s)" | ||
| 48 | exit 0 | ||
| 49 | fi | ||
| 50 | |||
| 51 | if [ ${stdout} = true ]; then | ||
| 52 | diff <($SCAN_CMD "$@" | sort | tee "$diff_folder/$(date +%s)") <(cat "$diff_folder"/"$previous_scan") | ||
| 53 | else | ||
| 54 | $SCAN_CMD "$@" | sort > "$diff_folder/$(date +%s)" | ||
| 55 | fi | ||
| 56 | |||
| 57 | exit 0 | ||
diff --git a/script.sh b/script.sh deleted file mode 100755 index 63e1202..0000000 --- a/script.sh +++ /dev/null | |||
| @@ -1,10 +0,0 @@ | |||
| 1 | MOUNT_PATH='/mnt/test' | ||
| 2 | |||
| 3 | mkdir -p "$MOUNT_PATH" | ||
| 4 | |||
| 5 | while read name | ||
| 6 | do | ||
| 7 | sudo mount -t ext4 -oloop,ro,noload "$name" "$MOUNT_PATH" | ||
| 8 | find -P -O3 "$MOUNT_PATH" -iname '*.ph*' -type f -size -5M -print0 -exec ./yara -r malwares.yara -f -s {} \; | ||
| 9 | sudo umount "$MOUNT_PATH" || exit 1 | ||
| 10 | done | ||
