Improve SourceCode, keywords and add description in /doc

pull/52/head
MaximeStor 2016-03-12 12:30:38 +01:00
parent 701d771aa5
commit ab66cd255a
3 changed files with 16 additions and 6 deletions

View File

@ -13,8 +13,9 @@ if __name__ == "__main__":
p = Process(config_section)
publisher.info("Finding Source Code")
critical = 0 # AS TO BE IMPORTANT
critical = 0 # AS TO BE IMPORTANT, MIGHT BE REMOVED
#RELEVANTS LANGUAGES
shell = "[a-zA-Z0-9]+@[a-zA-Z0-9\-]+\:\~\$"
c = "\#include\ \<[a-z\/]+.h\>"
php = "\<\?php"
@ -23,6 +24,7 @@ if __name__ == "__main__":
javascript = "function\(\)"
ruby = "require \ [\w]+"
adr = "0x[a-f0-9]{2}"
#asm = "\"((?s).{1}x[0-9a-f]{2}){3,}" ISSUES WITH FINDALL, pattern like \x54\xaf\x23\..
languages = [shell, c, php, bash, python, javascript, bash, ruby, adr]
@ -32,7 +34,7 @@ if __name__ == "__main__":
while True:
message = p.get_from_set()
if message is None:
publisher.debug("Script Credential is Idling 10s")
publisher.debug("Script Source Code is Idling 10s")
print('Sleeping')
time.sleep(10)
continue
@ -47,9 +49,6 @@ if __name__ == "__main__":
to_print = 'SourceCode;{};{};{};{}'.format(paste.p_source, paste.p_date, paste.p_name, message)
print filepath
print(match_set)
if len(match_set) > critical:
publisher.warning(to_print)
else:

8
doc/SourceCode.info Normal file
View File

@ -0,0 +1,8 @@
SourceCode listens to Global and select only keywords that are relevants to AIL's purpose (CVE, Exploits, Vulnerability,...), then send matching file to a new queue.
SourceCode.py search for differents languages such as C, PHP, Python, BASH and some Unix shells with default configuration.
Every records is send to the warning log because filters are high enough (hence the critical var set to 0 but can be changed).
FOR NOW : Still have troubles detecting ASM

View File

@ -3,4 +3,7 @@ exploit
vulnerability
payload
uname
gcc
chmod
adduser
base64_decode
gzinflate