-
Notifications
You must be signed in to change notification settings - Fork 54
/
phpmalwarefinder
executable file
·98 lines (85 loc) · 2.08 KB
/
phpmalwarefinder
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
#!/usr/bin/env bash
# Copyright (C) NBS System - All Rights Reserved
# Licensed under GNU LGPL v3.0 – See the LICENSE notice for details
YARA=$(type -P yara)
CONFIG_PATH='/etc/phpmalwarefinder/php.yar'
if [ ! -x "$YARA" ]
then
YARA='./yara'
if [ ! -x "$YARA" ]
then
echo 'Unable to find yara in your $PATH, and in the current directory.'
exit 0
fi
fi
if [ ! -f "$CONFIG_PATH" ]
then
CONFIG_PATH="$(dirname "$0")/php.yar"
fi
needle_in_haystack() {
needle=$(mktemp)
grep -E '(PasswordProtection|Websites|TooShort|NonPrintableChars)' $1 > $needle
if [ ! "$(wc -l "$needle" | awk '{print $1}')" = "0" ]; then
echo "================================================="
echo "You should take a look at the files listed below:"
cat "$needle"
fi;
rm "$needle"
}
show_help() {
cat << EOF
Usage ${0##*/} [-cfhtvl] <file|folder> ...
-c Optional path to a rule file
-f Fast mode
-h Show this help message
-t Specify the number of threads to use (8 by default)
-v Verbose mode
EOF
}
OPTIND=1
while getopts "c:fht:v" opt; do
case "$opt" in
c)
CONFIG_PATH=${OPTARG}
;;
f)
OPTS="${OPTS} -f"
;;
h)
show_help
exit 0
;;
t)
OPTS="${OPTS} --threads=${OPTARG}"
;;
v)
OPTS="${OPTS} -s"
;;
'?')
show_help
exit 1
;;
esac
done
shift "$((OPTIND-1))"
if [ ! -e "${CONFIG_PATH}" ]
then
echo "The configuration file ${CONFIG_PATH} doesn't exist. Please give me a valid file."
exit 1
fi
if [ -z "$@" ]
then
show_help
exit 1
fi
# Include correct yara rule
OPTS="${OPTS} -r ${CONFIG_PATH}"
# Copy outpout to temporary file
output=$(mktemp)
# delete trailing slash for directories to prevent double slash (issue #40)
target=$(echo "$@" | sed s'#/$##')
# Execute rules
# Using $-interpolation and quotes to support a target with whitespaces
$YARA $OPTS "$target" |tee $output
needle_in_haystack "$output"
rm "$output"