mirror of https://github.com/CIRCL/AIL-framework
Improve SourceCode, keywords and add description in /doc
parent
701d771aa5
commit
ab66cd255a
|
@ -13,8 +13,9 @@ if __name__ == "__main__":
|
|||
p = Process(config_section)
|
||||
publisher.info("Finding Source Code")
|
||||
|
||||
critical = 0 # AS TO BE IMPORTANT
|
||||
critical = 0 # AS TO BE IMPORTANT, MIGHT BE REMOVED
|
||||
|
||||
#RELEVANTS LANGUAGES
|
||||
shell = "[a-zA-Z0-9]+@[a-zA-Z0-9\-]+\:\~\$"
|
||||
c = "\#include\ \<[a-z\/]+.h\>"
|
||||
php = "\<\?php"
|
||||
|
@ -23,6 +24,7 @@ if __name__ == "__main__":
|
|||
javascript = "function\(\)"
|
||||
ruby = "require \ [\w]+"
|
||||
adr = "0x[a-f0-9]{2}"
|
||||
|
||||
#asm = "\"((?s).{1}x[0-9a-f]{2}){3,}" ISSUES WITH FINDALL, pattern like \x54\xaf\x23\..
|
||||
|
||||
languages = [shell, c, php, bash, python, javascript, bash, ruby, adr]
|
||||
|
@ -32,7 +34,7 @@ if __name__ == "__main__":
|
|||
while True:
|
||||
message = p.get_from_set()
|
||||
if message is None:
|
||||
publisher.debug("Script Credential is Idling 10s")
|
||||
publisher.debug("Script Source Code is Idling 10s")
|
||||
print('Sleeping')
|
||||
time.sleep(10)
|
||||
continue
|
||||
|
@ -47,9 +49,6 @@ if __name__ == "__main__":
|
|||
|
||||
to_print = 'SourceCode;{};{};{};{}'.format(paste.p_source, paste.p_date, paste.p_name, message)
|
||||
|
||||
print filepath
|
||||
print(match_set)
|
||||
|
||||
if len(match_set) > critical:
|
||||
publisher.warning(to_print)
|
||||
else:
|
||||
|
|
|
@ -0,0 +1,8 @@
|
|||
SourceCode listens to Global and select only keywords that are relevants to AIL's purpose (CVE, Exploits, Vulnerability,...), then send matching file to a new queue.
|
||||
|
||||
SourceCode.py search for differents languages such as C, PHP, Python, BASH and some Unix shells with default configuration.
|
||||
|
||||
Every records is send to the warning log because filters are high enough (hence the critical var set to 0 but can be changed).
|
||||
|
||||
FOR NOW : Still have troubles detecting ASM
|
||||
|
|
@ -3,4 +3,7 @@ exploit
|
|||
vulnerability
|
||||
payload
|
||||
uname
|
||||
gcc
|
||||
chmod
|
||||
adduser
|
||||
base64_decode
|
||||
gzinflate
|
||||
|
|
Loading…
Reference in New Issue