From ff0bc2e399f60c9cb391fa6ca41cf5af02b8a016 Mon Sep 17 00:00:00 2001 From: Marco Cesarato Date: Mon, 11 Jan 2021 19:54:17 +0100 Subject: [PATCH] feat: add disable-checksum flag --- README.md | 109 ++++++++++++++++++++++++------------------------ src/Scanner.php | 65 ++++++++++++++++++++++------- 2 files changed, 106 insertions(+), 68 deletions(-) diff --git a/README.md b/README.md index 555f8f5..71899af 100644 --- a/README.md +++ b/README.md @@ -169,60 +169,61 @@ Arguments: Flags: ---auto-clean - Auto clean code (without confirmation, use with caution) ---auto-clean-line - Auto clean line code (without confirmation, use with caution) ---auto-delete - Auto delete infected (without confirmation, use with caution) ---auto-prompt - Set auto prompt command . - ex. --auto-prompt="delete" or --auto-prompt="1" (alias of auto-delete) ---auto-quarantine - Auto quarantine ---auto-skip - Auto skip ---auto-whitelist - Auto whitelist (if you sure that source isn't compromised) ---backup|-b - Make a backup of every touched files ---defs - Get default definitions exploit and functions list ---defs-exploits - Get default definitions exploits list ---defs-functions - Get default definitions functions lists ---defs-functions-encoded - Get default definitions functions encoded lists ---disable-cache|--no-cache - Disable Cache ---disable-colors|--no-colors|--no-color - Disable CLI colors ---disable-report|--no-report - Disable Report ---exploits - Filter exploits ---filter-paths|--filter-path - Filter path/s, for multiple value separate with comma. - Wildcards are enabled ex. /path/*/htdocs or /path/*.php ---functions - Define functions to search ---help|-h|-? - Check only functions and not the exploits ---ignore-paths|--ignore-path - Ignore path/s, for multiple value separate with comma. - Wildcards are enabled ex. /path/*/cache or /path/*.log ---limit - Set file mapping limit ---lite|-l - Running on lite mode help to have less false positive on WordPress and others - platforms enabling exploits mode and removing some common exploit pattern ---log - Write a log file on the specified file path - [default: ./scanner.log] ---max-filesize - Set max filesize to scan - [default: -1] ---offset - Set file mapping offset ---only-exploits|-e - Check only exploits and not the functions ---only-functions|-f - Check only functions and not the exploits ---only-signatures|-s - Check only functions and not the exploits. - This is recommended for WordPress or others platforms ---path-backups - Set backups path directory. - Is recommended put files outside the public document path - [default: /scanner-backups/] ---path-logs - Set quarantine log file - [default: ./scanner.log] ---path-quarantine - Set quarantine path directory. - Is recommended put files outside the public document path - [default: ./scanner-quarantine/] ---path-report - Set report log file - [default: ./scanner-report.html] ---path-whitelist - Set whitelist file - [default: ./scanner-whitelist.json] ---report-format - Report format (html|txt) ---report|-r - Report scan only mode without check and remove malware (like --auto-skip). - It also write a report with all malware paths found ---silent - No output and prompt ---update|-u - Update to last version ---version|-v - Get version number ---whitelist-only-path - Check on whitelist only file path and not line number +--auto-clean - Auto clean code (without confirmation, use with caution) +--auto-clean-line - Auto clean line code (without confirmation, use with caution) +--auto-delete - Auto delete infected (without confirmation, use with caution) +--auto-prompt - Set auto prompt command . + ex. --auto-prompt="delete" or --auto-prompt="1" (alias of auto-delete) +--auto-quarantine - Auto quarantine +--auto-skip - Auto skip +--auto-whitelist - Auto whitelist (if you sure that source isn't compromised) +--backup|-b - Make a backup of every touched files +--defs - Get default definitions exploit and functions list +--defs-exploits - Get default definitions exploits list +--defs-functions - Get default definitions functions lists +--defs-functions-encoded - Get default definitions functions encoded lists +--disable-cache|--no-cache - Disable Cache +--disable-checksum|--no-checksum|--no-verify - Disable checksum verifying for platforms/framerwoks +--disable-colors|--no-colors|--no-color - Disable CLI colors +--disable-report|--no-report - Disable report generation +--exploits - Filter exploits +--filter-paths|--filter-path - Filter path/s, for multiple value separate with comma. + Wildcards are enabled ex. /path/*/htdocs or /path/*.php +--functions - Define functions to search +--help|-h|-? - Check only functions and not the exploits +--ignore-paths|--ignore-path - Ignore path/s, for multiple value separate with comma. + Wildcards are enabled ex. /path/*/cache or /path/*.log +--limit - Set file mapping limit +--lite|-l - Running on lite mode help to have less false positive on WordPress and others + platforms enabling exploits mode and removing some common exploit pattern +--log - Write a log file on the specified file path + [default: ./scanner.log] +--max-filesize - Set max filesize to scan + [default: -1] +--offset - Set file mapping offset +--only-exploits|-e - Check only exploits and not the functions +--only-functions|-f - Check only functions and not the exploits +--only-signatures|-s - Check only functions and not the exploits. + This is recommended for WordPress or others platforms +--path-backups - Set backups path directory. + Is recommended put files outside the public document path + [default: /scanner-backups/] +--path-logs - Set quarantine log file + [default: ./scanner.log] +--path-quarantine - Set quarantine path directory. + Is recommended put files outside the public document path + [default: ./scanner-quarantine/] +--path-report - Set report log file + [default: ./scanner-report.html] +--path-whitelist - Set whitelist file + [default: ./scanner-whitelist.json] +--report-format - Report format (html|txt) +--report|-r - Report scan only mode without check and remove malware (like --auto-skip). + It also write a report with all malware paths found +--silent - No output and prompt +--update|-u - Update to last version +--version|-v - Get version number +--whitelist-only-path - Check on whitelist only file path and not line number Usage: amwscan [--lite|-a] [--help|-h|-?] [--log|-l ] [--backup|-b] [--offset ] [--limit ] [--report|-r] [--report-format ] diff --git a/src/Scanner.php b/src/Scanner.php index fc97aec..67e2e50 100644 --- a/src/Scanner.php +++ b/src/Scanner.php @@ -318,7 +318,12 @@ public function run($args = null) CLI::writeLine('Scanning ' . self::$pathScan, 2); // Mapping files - CLI::writeLine('Mapping and retrieving checksums, please wait...', 2); + if (self::isVerifierEnabled()) { + CLI::writeLine('Mapping and retrieving checksums, please wait...', 2); + } else { + CLI::writeLine('Mapping, please wait...', 2); + } + $iterator = $this->mapping(); // Counting files @@ -401,7 +406,8 @@ private function arguments($args = null) self::$argv->addFlag('path-report', ['default' => self::$pathReport, 'has_value' => true, 'value_name' => 'path', 'help' => 'Set report log file']); self::$argv->addFlag('disable-colors', ['alias' => ['--no-colors', '--no-color'], 'default' => false, 'help' => 'Disable CLI colors']); self::$argv->addFlag('disable-cache', ['alias' => '--no-cache', 'default' => false, 'help' => 'Disable Cache']); - self::$argv->addFlag('disable-report', ['alias' => '--no-report', 'default' => false, 'help' => 'Disable Report']); + self::$argv->addFlag('disable-report', ['alias' => '--no-report', 'default' => false, 'help' => 'Disable report generation']); + self::$argv->addFlag('disable-checksum', ['alias' => ['--no-checksum', '--no-verify'], 'default' => false, 'help' => 'Disable checksum verifying for platforms/framerwoks']); //self::$argv->addFlag('deobfuscate', ['default' => false, 'help' => 'Deobfuscate directory']); self::$argv->addArgument('path', ['var_args' => true, 'default' => self::currentDirectory(), 'help' => 'Define the path of the file or directory to scan']); self::$argv->parse($args); @@ -462,6 +468,9 @@ private function arguments($args = null) // Cache self::setCache(!self::$argv['disable-cache']); + // Verifier + self::setVerifier(!self::$argv['disable-checksum']); + // Max filesize if (isset(self::$argv['max-filesize']) && is_numeric(self::$argv['max-filesize'])) { self::setMaxFilesize(self::$argv['max-filesize']); @@ -767,7 +776,9 @@ public function mapping() if (!$ignore && $cur->isDir()) { - Modules::init($cur->getPath()); + if (self::isVerifierEnabled()) { + Modules::init($cur->getPath()); + } return false; } @@ -782,21 +793,29 @@ public function mapping() $mapped = 0; $count = iterator_count($filtered); - CLI::writeBreak(1); - CLI::writeLine('Verifying files checksum...', 2); + $iterator = $filtered; + + if (self::isVerifierEnabled()) { + unset($iterator); + + CLI::writeBreak(1); + CLI::writeLine('Verifying files checksum...', 2); - foreach ($filtered as $cur) { - CLI::progress($mapped++, $count); - if ($cur->isFile() && !Modules::isVerified($cur->getPathname())) { - $mapping[] = $cur; + foreach ($filtered as $cur) { + CLI::progress($mapped++, $count); + if ($cur->isFile() && !Modules::isVerified($cur->getPathname())) { + $mapping[] = $cur; + } + CLI::progress($mapped, $count); } - CLI::progress($mapped, $count); - } - $iterator = new ArrayObject($mapping); - CLI::writeBreak(1); + $object = new ArrayObject($mapping); + $iterator = $object->getIterator(); + + CLI::writeBreak(1); + } - return $iterator->getIterator(); + return $iterator; } $file = new SplFileInfo(self::$pathScan); @@ -1682,6 +1701,24 @@ public static function isSilentMode() return isset(self::$settings['silent']) ? self::$settings['silent'] : false; } + /** + * @return self + */ + public static function setVerifier($mode = true) + { + self::$settings['verifier'] = $mode; + + return new static(); + } + + /** + * @return bool + */ + public static function isVerifierEnabled() + { + return isset(self::$settings['verifier']) ? self::$settings['verifier'] : true; + } + /** * @return self */