2018-04-21 06:53:21 +02:00
|
|
|
|
2018-04-28 06:12:06 +02:00
|
|
|
#!/bin/sh
|
2018-04-21 06:53:21 +02:00
|
|
|
#
|
|
|
|
|
# .SH Malware Scanner
|
|
|
|
|
#
|
|
|
|
|
#
|
|
|
|
|
#
|
|
|
|
|
|
|
|
|
|
# Variables
|
|
|
|
|
version = "0.1"
|
|
|
|
|
|
|
|
|
|
user = "$1"
|
|
|
|
|
|
|
|
|
|
phishing = "patterns/phishing.txt"
|
|
|
|
|
base64 = "patterns/base64.txt"
|
|
|
|
|
mailing = "patterns/mailing.txt"
|
|
|
|
|
polymorphic = "patterns/polymorphic.txt"
|
2018-04-21 08:38:31 +02:00
|
|
|
crypto = "patterns/crypto.txt"
|
2018-04-21 08:55:16 +02:00
|
|
|
shells = "patterns/shells.txt"
|
|
|
|
|
misc = "patterns/misc.txt"
|
2018-04-21 06:53:21 +02:00
|
|
|
|
|
|
|
|
# Scanning for Phishing
|
|
|
|
|
for i in $(cat $phishing)
|
|
|
|
|
do
|
2018-04-21 08:55:16 +02:00
|
|
|
grep -Rle $i --include=*.{php,phtml,js,html,suspected}* /home/$user/public_html
|
2018-04-21 06:53:21 +02:00
|
|
|
done
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Scanning for base64
|
|
|
|
|
for i in $(cat $base64)
|
|
|
|
|
do
|
2018-04-21 08:55:16 +02:00
|
|
|
grep -Rle $i --include=*.{php,phtml,js,html,suspected}* /home/$user/public_html
|
2018-04-21 06:53:21 +02:00
|
|
|
done
|
|
|
|
|
|
|
|
|
|
# Scanning for Mailing Scripts
|
|
|
|
|
for i in $(cat $mailing)
|
|
|
|
|
do
|
2018-04-21 08:55:16 +02:00
|
|
|
grep -Rle $i --include=*.{php,phtml}* /home/$user/public_html
|
2018-04-21 06:53:21 +02:00
|
|
|
done
|
|
|
|
|
|
2018-04-21 08:38:31 +02:00
|
|
|
# Scanning for CryptoCurrency Miners
|
|
|
|
|
for i in $(cat $crypto)
|
|
|
|
|
do
|
2018-04-21 08:55:16 +02:00
|
|
|
grep -Rle $i /home/$user/public_html
|
2018-04-21 08:38:31 +02:00
|
|
|
done
|
