From a113aa63fa45497b6393ed3cc87f6f1ef35c8e6e Mon Sep 17 00:00:00 2001
From: Julien Voisin
Date: Tue, 10 Mar 2015 13:59:34 +0100
Subject: Add a scanner script

---
 scan.sh | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)
 create mode 100644 scan.sh

diff --git a/scan.sh b/scan.sh
new file mode 100644
index 0000000..f817866
--- /dev/null
+++ b/scan.sh
@@ -0,0 +1,48 @@
+#/bin/bash
+
+diff_folder=false
+
+SCAN_CMD='./yara -r ./malwares.yara -f'
+
+show_help() {
+    cat << EOF
+Usage ${0##*/} [-dhw]
+    -d  Path to the diff folder
+    -h  Show this help message
+    -w  Provide a whitelist file, containing one path per line
+EOF
+}
+
+OPTIND=1
+while getopts "hw:d:" opt; do
+    case "$opt" in
+        h)
+            show_help
+            exit 0
+            ;;
+        d)
+            diff_folder="$OPTARG"
+            ;;
+        '?')
+            show_help
+            exit 1
+            ;;
+    esac
+done
+shift "$((OPTIND-1))"
+
+if [ ! -d "$diff_folder" ]; then
+    echo "[-] Invalid previous_scan directory: " "$diff_folder"
+    exit 1
+fi
+
+previous_scan="$(ls -t "$diff_folder" | head -1)"
+if [ -z "$previous_scan" ]; then
+    echo "[*] No previous scan found: This will be the first one."
+    $SCAN_CMD "$@" | sort | tee > "$diff_folder/$(date +%s)"
+    exit 0
+fi
+
+diff <($SCAN_CMD "$@" | sort | tee "$diff_folder/$(date +%s)") <(cat "$diff_folder"/"$previous_scan")
+
+exit 0
-- 
cgit v1.3