From ab66cd255ab48bdcbb9475d5ad30e67f4bef21e0 Mon Sep 17 00:00:00 2001
From: MaximeStor <maximestor@gmail.com>
Date: Sat, 12 Mar 2016 12:30:38 +0100
Subject: [PATCH] Improve SourceCode, keywords and add description in /doc

---
 bin/SourceCode.py   | 9 ++++-----
 doc/SourceCode.info | 8 ++++++++
 files/SourceCode    | 5 ++++-
 3 files changed, 16 insertions(+), 6 deletions(-)
 create mode 100644 doc/SourceCode.info

diff --git a/bin/SourceCode.py b/bin/SourceCode.py
index 651cd089..41120e69 100644
--- a/bin/SourceCode.py
+++ b/bin/SourceCode.py
@@ -13,8 +13,9 @@ if __name__ == "__main__":
     p = Process(config_section)
     publisher.info("Finding Source Code")
 
-    critical = 0 # AS TO BE IMPORTANT
+    critical = 0 # AS TO BE IMPORTANT, MIGHT BE REMOVED
 
+    #RELEVANTS LANGUAGES
     shell = "[a-zA-Z0-9]+@[a-zA-Z0-9\-]+\:\~\$"
     c = "\#include\ \<[a-z\/]+.h\>"
     php = "\<\?php"
@@ -23,6 +24,7 @@ if __name__ == "__main__":
     javascript = "function\(\)"
     ruby = "require \ [\w]+"
     adr = "0x[a-f0-9]{2}"
+
     #asm = "\"((?s).{1}x[0-9a-f]{2}){3,}" ISSUES WITH FINDALL, pattern like \x54\xaf\x23\..
  
     languages = [shell, c, php, bash, python, javascript, bash, ruby, adr]
@@ -32,7 +34,7 @@ if __name__ == "__main__":
     while True:
         message = p.get_from_set()
         if message is None:
-            publisher.debug("Script Credential is Idling 10s")
+            publisher.debug("Script Source Code is Idling 10s")
             print('Sleeping')
             time.sleep(10)
             continue
@@ -47,9 +49,6 @@ if __name__ == "__main__":
 
         to_print = 'SourceCode;{};{};{};{}'.format(paste.p_source, paste.p_date, paste.p_name, message)
 
-	print filepath
-	print(match_set)
-
         if len(match_set) > critical:
             publisher.warning(to_print)
         else:
diff --git a/doc/SourceCode.info b/doc/SourceCode.info
new file mode 100644
index 00000000..e3bafa10
--- /dev/null
+++ b/doc/SourceCode.info
@@ -0,0 +1,8 @@
+SourceCode listens to Global and select only keywords that are relevants to AIL's purpose (CVE, Exploits, Vulnerability,...), then send matching file to a new queue.
+
+SourceCode.py search for differents languages such as C, PHP, Python, BASH and some Unix shells with default configuration.
+
+Every records is send to the warning log because filters are high enough (hence the critical var set to 0 but can be changed).
+
+FOR NOW : Still have troubles detecting ASM 
+
diff --git a/files/SourceCode b/files/SourceCode
index 24cebcb2..22011b33 100644
--- a/files/SourceCode
+++ b/files/SourceCode
@@ -3,4 +3,7 @@ exploit
 vulnerability
 payload
 uname
-gcc
+chmod
+adduser
+base64_decode
+gzinflate