From 415a362a92c7c199aa6f92b15da5535333095685 Mon Sep 17 00:00:00 2001 From: Cutieguwu Date: Tue, 13 Jun 2023 13:54:31 -0400 Subject: [PATCH] Update Detectowor.py Added NOTICE terminal output flair. Added recursive string reading. Added tracking basic for current malware search and search type. Realigned lists. Moved some lists. Removed init_lib() as it was unnecessary and served no purpose for expansion. Temporarily added terminal output for list objects. This will later be reserved for notices of files found only and current malware search and search type. --- Detectowor.py | 54 ++++++++++++++++++++++++++++++++++----------------- 1 file changed, 36 insertions(+), 18 deletions(-) diff --git a/Detectowor.py b/Detectowor.py index ee58595..099868e 100644 --- a/Detectowor.py +++ b/Detectowor.py @@ -3,49 +3,57 @@ from os import name as osname #Temporarily hard coded library into script -def init_lib(): - global threats - threats = ["Fractureiser", "Skyrage"] - def init_lib_linux_filesearch(): - + #Fractureiser global sus_linux_files_fractureiser - sus_linux_files_fractureiser = ["~/.config/.data/lib.jar", "~/.config/systemd/user/systemd-utility.service", "/etc/systemd/system/systemd-utility.service"] + sus_linux_files_fractureiser = [ + "~/.config/.data/lib.jar", + "~/.config/systemd/user/systemd-utility.service", + "/etc/systemd/system/systemd-utility.service" + ] #Skyrage global sus_linux_files_skyrage - sus_linux_files_skyrage = ["/bin/vmd-gnu", "/etc/systemd/system/vmd-gnu.service"] + sus_linux_files_skyrage = [ + "/bin/vmd-gnu", + "/etc/systemd/system/vmd-gnu.service" + ] def init_lib_win_filesearch(): #Fractureiser global sus_win_files_fractureiser - sus_win_files_fractureiser = [r'%LOCALAPPDATA%\\Microsoft Edge\\libWebGL64.jar'] + sus_win_files_fractureiser = [ + r'%LOCALAPPDATA%\\Microsoft Edge\\libWebGL64.jar' + ] #Skyrage global sus_win_files_skyrage - sus_win_files_skyrage = [r'%AppData%\\Microsoft\\Start Menu\\Programs\\Startup\\jawaw.jar', r'%AppData%\\..\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\microsoft-vm-core'] + sus_win_files_skyrage = [ + r'%AppData%\\Microsoft\\Start Menu\\Programs\\Startup\\jawaw.jar', + r'%AppData%\\..\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\microsoft-vm-core' + ] def init_lib_linux(): print("Initializing Linux Library: File Locations") init_lib_linux_filesearch() - print("Signature checks not implemented yet.") + print("NOTICE: Signature checks not implemented yet.") def init_lib_win(): init_lib_win_filesearch() - print("Signature checks not implemented yet.") + print("NOTICE: Signature checks not implemented yet.") def scan_linux(): - l = 0 - i = len(sus_linux_files_fractureiser) - for i in sus_linux_files_fractureiser: - print(i) #Do check for files. If not found raise exception filenotfound and continue to next without report. If found, report file found and possible related threat. - l = l + 1 + global threats + global threats_names + for i in range(len(threats)): + current_search_object = threats[i] + print("\n-- Scanning for", threats_names[i], " --") + for l in range(len(current_search_object)): + print(current_search_object[l]) #Do check for files. If not found raise exception filenotfound and continue to next without report. If found, report file found and possible related threat. def run(): - - init_lib() # if OS is Windows, do Windows inits and scan, elif OS is Linux, do Linux inits and scan if osname == "nt": @@ -55,6 +63,16 @@ def run(): elif osname == "posix": print("Posix compliant (Linux) system detected") init_lib_linux() + global threats + threats = [ + sus_linux_files_fractureiser, + sus_linux_files_skyrage + ] + global threats_names + threats_names = [ + "Fractureiser {Files}", + "Skyrage {Files}" + ] scan_linux()