mirror of https://github.com/CIRCL/AIL-framework
Improve SourceCode, keywords and add description in /doc
parent
701d771aa5
commit
ab66cd255a
|
@ -13,8 +13,9 @@ if __name__ == "__main__":
|
||||||
p = Process(config_section)
|
p = Process(config_section)
|
||||||
publisher.info("Finding Source Code")
|
publisher.info("Finding Source Code")
|
||||||
|
|
||||||
critical = 0 # AS TO BE IMPORTANT
|
critical = 0 # AS TO BE IMPORTANT, MIGHT BE REMOVED
|
||||||
|
|
||||||
|
#RELEVANTS LANGUAGES
|
||||||
shell = "[a-zA-Z0-9]+@[a-zA-Z0-9\-]+\:\~\$"
|
shell = "[a-zA-Z0-9]+@[a-zA-Z0-9\-]+\:\~\$"
|
||||||
c = "\#include\ \<[a-z\/]+.h\>"
|
c = "\#include\ \<[a-z\/]+.h\>"
|
||||||
php = "\<\?php"
|
php = "\<\?php"
|
||||||
|
@ -23,6 +24,7 @@ if __name__ == "__main__":
|
||||||
javascript = "function\(\)"
|
javascript = "function\(\)"
|
||||||
ruby = "require \ [\w]+"
|
ruby = "require \ [\w]+"
|
||||||
adr = "0x[a-f0-9]{2}"
|
adr = "0x[a-f0-9]{2}"
|
||||||
|
|
||||||
#asm = "\"((?s).{1}x[0-9a-f]{2}){3,}" ISSUES WITH FINDALL, pattern like \x54\xaf\x23\..
|
#asm = "\"((?s).{1}x[0-9a-f]{2}){3,}" ISSUES WITH FINDALL, pattern like \x54\xaf\x23\..
|
||||||
|
|
||||||
languages = [shell, c, php, bash, python, javascript, bash, ruby, adr]
|
languages = [shell, c, php, bash, python, javascript, bash, ruby, adr]
|
||||||
|
@ -32,7 +34,7 @@ if __name__ == "__main__":
|
||||||
while True:
|
while True:
|
||||||
message = p.get_from_set()
|
message = p.get_from_set()
|
||||||
if message is None:
|
if message is None:
|
||||||
publisher.debug("Script Credential is Idling 10s")
|
publisher.debug("Script Source Code is Idling 10s")
|
||||||
print('Sleeping')
|
print('Sleeping')
|
||||||
time.sleep(10)
|
time.sleep(10)
|
||||||
continue
|
continue
|
||||||
|
@ -47,9 +49,6 @@ if __name__ == "__main__":
|
||||||
|
|
||||||
to_print = 'SourceCode;{};{};{};{}'.format(paste.p_source, paste.p_date, paste.p_name, message)
|
to_print = 'SourceCode;{};{};{};{}'.format(paste.p_source, paste.p_date, paste.p_name, message)
|
||||||
|
|
||||||
print filepath
|
|
||||||
print(match_set)
|
|
||||||
|
|
||||||
if len(match_set) > critical:
|
if len(match_set) > critical:
|
||||||
publisher.warning(to_print)
|
publisher.warning(to_print)
|
||||||
else:
|
else:
|
||||||
|
|
|
@ -0,0 +1,8 @@
|
||||||
|
SourceCode listens to Global and select only keywords that are relevants to AIL's purpose (CVE, Exploits, Vulnerability,...), then send matching file to a new queue.
|
||||||
|
|
||||||
|
SourceCode.py search for differents languages such as C, PHP, Python, BASH and some Unix shells with default configuration.
|
||||||
|
|
||||||
|
Every records is send to the warning log because filters are high enough (hence the critical var set to 0 but can be changed).
|
||||||
|
|
||||||
|
FOR NOW : Still have troubles detecting ASM
|
||||||
|
|
|
@ -3,4 +3,7 @@ exploit
|
||||||
vulnerability
|
vulnerability
|
||||||
payload
|
payload
|
||||||
uname
|
uname
|
||||||
gcc
|
chmod
|
||||||
|
adduser
|
||||||
|
base64_decode
|
||||||
|
gzinflate
|
||||||
|
|
Loading…
Reference in New Issue