initial release

.components

@@ -0,0 +1,7 @@
+--- 
+:mock: none
+:script: jquery
+:stylesheet: sass
+:renderer: haml
+:test: none
+:orm: sequel

.gitignore

@@ -0,0 +1,4 @@
+Gemfile.lock
+log/**/*
+tmp/**/*
+.sass-cache/*

Gemfile

@@ -0,0 +1,11 @@
+source :rubygems
+
+gem 'rake'
+gem 'sass'
+gem 'haml'
+gem 'padrino', '0.10.5'
+gem 'json'
+gem 'rkelly', '1.0.4'
+gem 'therubyracer', '0.9.8'
+gem 'nokogiri'
+gem 'hexdump'

README.rdoc

@@ -0,0 +1,24 @@
+= JSDetox
+
+JSDetox is a Javascript malware analysis tool using static
+analysis / deobfuscation techniques and an execution engine
+featuring HTML DOM emulation.
+
+Please see doc/INSTALL for information on how to install JSDetox
+or visit http://relentless-coding.org/projects/jsdetox for more
+information on this tool.
+
+
+= License
+
+JSDetox is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License version 2
+as published by the Free Software Foundation.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see http://www.gnu.org/licenses/

app/app.rb

@@ -0,0 +1,14 @@
+class JSDetoxWeb < Padrino::Application
+	register SassInitializer
+	register Padrino::Rendering
+	register Padrino::Mailer
+	register Padrino::Helpers
+	register Padrino::Cache
+
+	use Rack::Session::Pool
+
+	get "/" do
+		redirect url(:analysis, :index)
+	end
+
+end

app/controllers/analysis.rb

@@ -0,0 +1,12 @@
+JSDetoxWeb.controllers :analysis do
+
+	layout :analysis
+
+	get :index do
+		@orig_code = session[:orig_code]
+		@htmldoc = session[:htmldoc]
+		@data_raw = session[:data_raw]
+		render 'analysis/index'
+	end
+
+end

app/controllers/backend.rb

@@ -0,0 +1,145 @@
+JSDetoxWeb.controllers :backend do
+
+	post :analyze, :provides => :json do
+		if params[:code]
+			orig_code = params[:code]
+			new_varnames = params[:new_varnames]
+			opts = params[:opts] || {}
+			session[:orig_code] = orig_code
+			framework = JSDetox::JSAnalyzer::Instance.new
+			result = framework.analyze(orig_code, new_varnames, opts)
+			if result
+				return {
+					:status => :ok,
+					:code => result[:code],
+					:varnames => result[:varnames],
+				}.to_json
+			else
+				return { :status => :error }.to_json
+			end
+		end
+	end
+
+	post :reformat, :provides => :json do
+		if params[:code]
+			orig_code = params[:code]
+			session[:orig_code] = orig_code
+			framework = JSDetox::JSAnalyzer::Instance.new
+			result = framework.reformat(orig_code)
+			if result
+				{ 
+					:status => :ok,
+					:code => result,
+				}.to_json
+			else
+				return { :status => :error }.to_json
+			end
+		end
+	end
+
+	post :execute, :provides => :json do
+		if params[:code]
+			session[:orig_code] = params[:code]
+			htmldoc = session[:htmldoc]
+
+			engine = JSDetox::JSEngines::V8Engine::Instance.new
+			res = engine.execute(params[:code], htmldoc)
+			res.to_json
+		end
+	end
+
+	post :upload, :provides => :json do
+		if htmldoc = params[:html_file]
+			data = htmldoc[:tempfile].read
+			session[:htmldoc] = data
+		elsif jsdoc = params[:js_file]
+			data = jsdoc[:tempfile].read
+			session[:orig_code] = data
+		elsif datadoc = params[:data_file]
+			data = datadoc[:tempfile].read
+			session[:data_raw] = data
+		else
+			return { :status => 'error' }.to_json
+		end
+		{
+			:status => 'ok',
+			:raw => data,
+		}.to_json
+	end
+
+	post :store_html, :provides => :json do
+		if params[:html]
+			session[:htmldoc] = params[:html]
+			return { :status => 'ok' }.to_json
+		end
+	end
+
+	post :data_analyze, :provides => :json do
+		dump = ""
+		action = params[:action]
+		opts = params[:opts]
+		if action && params[:data]
+			case action
+			when 'raw'
+				data = params[:data]
+			when 'hex'
+				data = params[:data]
+				data = data.scan(/[A-Fa-f0-9]{2}/).map(&:hex).pack("C*")
+			when 'unicode'
+				data = params[:data]
+				data = data.scan(/%u([A-Fa-f0-9]{2})([A-Fa-f0-9]{2})/).map(&:reverse).flatten.map(&:hex).pack("C*")
+			else
+				return
+			end
+			session[:data_raw] = params[:data]
+			Hexdump.dump(data, :word_size => 1, :output => dump)
+			begin
+				disasm = JSDetox::Disassembler.disassemble(data, opts)
+			rescue
+				disasm = nil
+			end
+			begin
+				analysis_xor = JSDetox::Analysis::XorAnalyzer.analyze(data)
+				analysis_xor.map! do |e|
+					buffer = ""
+					Hexdump.dump(e[:data], :word_size => 1, :output => buffer)
+					e[:data] = buffer
+					e[:patterns] = e[:patterns].join(', ')
+					e[:key] = "%d (0x%s)" % [ e[:key], e[:key].to_s(16) ]
+					e
+				end
+			rescue
+				analysis_xor = nil
+			end
+		end
+		{
+			:status => :ok,
+			:dump => dump,
+			:disasm => disasm,
+			:analysis_xor => analysis_xor,
+		}.to_json
+	end
+
+	post :extract_script_tags, :provides => :json do
+		begin
+			html = session[:htmldoc]
+			if html
+				doc = Taka::DOM::HTML(html)
+				script_tags = doc.getElementsByTagName('script').map(&:innerHTML)
+				{
+					:status => :ok,
+					:tag_count => script_tags.length,
+					:tags => script_tags,
+				}.to_json
+			else
+				{
+					:status => :ok,
+					:tag_count => 0,
+				}.to_json
+			end
+		rescue
+			return { :status => :error }.to_json
+		end
+	end
+
+end

app/controllers/pages.rb

@@ -0,0 +1,16 @@
+JSDetoxWeb.controllers :pages do
+	KNOWN_PAGES = %w(about)
+
+	get :index, :map => '/*page', :priority => :low do
+		begin
+			page = params[:page].first
+			page.gsub!(/\W+/, '')
+			if !KNOWN_PAGES.include?(page)
+				render :haml, "%h1 page not found"
+			end
+			render "pages/#{page}"
+		rescue
+			render :haml, "%h1 page not found"
+		end
+	end
+end

app/helpers/analysis_helper.rb

@@ -0,0 +1,7 @@
+# Helper methods defined here can be accessed in any controller or view in the application
+
+JSDetoxWeb.helpers do
+  # def simple_helper_method
+  #  ...
+  # end
+end

app/helpers/application_helper.rb

@@ -0,0 +1,7 @@
+# Helper methods defined here can be accessed in any controller or view in the application
+
+JSDetoxWeb.helpers do
+  # def simple_helper_method
+  #  ...
+  # end
+end

app/helpers/backend_helper.rb

@@ -0,0 +1,7 @@
+# Helper methods defined here can be accessed in any controller or view in the application
+
+JSDetoxWeb.helpers do
+  # def simple_helper_method
+  #  ...
+  # end
+end

app/helpers/pages_helper.rb

@@ -0,0 +1,7 @@
+# Helper methods defined here can be accessed in any controller or view in the application
+
+JSDetoxWeb.helpers do
+  # def simple_helper_method
+  #  ...
+  # end
+end

app/helpers/projects_helper.rb

@@ -0,0 +1,7 @@
+# Helper methods defined here can be accessed in any controller or view in the application
+
+JSDetoxWeb.helpers do
+  # def simple_helper_method
+  #  ...
+  # end
+end

app/helpers/settings_helper.rb

@@ -0,0 +1,7 @@
+# Helper methods defined here can be accessed in any controller or view in the application
+
+JSDetoxWeb.helpers do
+  # def simple_helper_method
+  #  ...
+  # end
+end

app/stylesheets/application.sass

@@ -0,0 +1,3 @@
+textarea.code
+  font-family: Menlo,Monaco,"Courier New",monospace
+  font-size: 12px