Malin/LP-MSH-Scanner
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added ELGG & added Binary match to scanner

Browse Source
This commit is contained in:
Palma Solutions LTD 2018-06-07 08:34:38 +02:00
parent a272b428f0
commit e2329ce9b9
3 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cms-ver.php
View File

@ -179,6 +179,7 @@
array("CRE Loaded/Loaded Commerce", "/includes/version.php", "define('PROJECT_VERSION', 'Loaded Commerce", "EOL"), array("CRE Loaded/Loaded Commerce", "/includes/version.php", "define('PROJECT_VERSION', 'Loaded Commerce", "EOL"),
array("CodeIgniter", "/system/codeigniter/core/CodeIgniter.php", "define('CI_VERSION',", "Maintained"), array("CodeIgniter", "/system/codeigniter/core/CodeIgniter.php", "define('CI_VERSION',", "Maintained"),
array("LimeSurvey", "/application/config/version.php", "\$config['versionnumber'] =", "Maintained"), array("LimeSurvey", "/application/config/version.php", "\$config['versionnumber'] =", "Maintained"),
array("ELGG", "/vendor/elgg/elgg/composer.json", "\"version\":", "Maintained"),
// still need to work on these // still need to work on these
array("Silverstripe", "/cms/silverstripe_version", "*"), //needs review array("Silverstripe", "/cms/silverstripe_version", "*"), //needs review

2
cms-vss.php
View File

@ -192,6 +192,7 @@
array("CRE Loaded/Loaded Commerce", "/includes/version.php", "define('PROJECT_VERSION', 'Loaded Commerce", "EOL"), array("CRE Loaded/Loaded Commerce", "/includes/version.php", "define('PROJECT_VERSION', 'Loaded Commerce", "EOL"),
array("CodeIgniter", "/system/codeigniter/core/CodeIgniter.php", "define('CI_VERSION',", "Maintained"), array("CodeIgniter", "/system/codeigniter/core/CodeIgniter.php", "define('CI_VERSION',", "Maintained"),
array("LimeSurvey", "/application/config/version.php", "\$config['versionnumber'] =", "Maintained"), array("LimeSurvey", "/application/config/version.php", "\$config['versionnumber'] =", "Maintained"),
array("ELGG", "/vendor/elgg/elgg/composer.json", "\"version\":", "Maintained"),
// still need to work on these // still need to work on these
array("Silverstripe", "/cms/silverstripe_version", "*"), //needs review array("Silverstripe", "/cms/silverstripe_version", "*"), //needs review
@ -202,7 +203,6 @@
array("Admidio", "/adm_program/system/constants.php", "define('ADMIDIO_VERSION_MAIN',"), // needs two more lines array("Admidio", "/adm_program/system/constants.php", "define('ADMIDIO_VERSION_MAIN',"), // needs two more lines
array("Get Simple CMS", "/admin/inc/configuration.php", "\$site_full_name"), // needs one more line array("Get Simple CMS", "/admin/inc/configuration.php", "\$site_full_name"), // needs one more line
array("SquirrelCart", "/squirrelcart/functions/base/sc_version.func.php", "function sc_version() {"), //needs one more line array("SquirrelCart", "/squirrelcart/functions/base/sc_version.func.php", "function sc_version() {"), //needs one more line
array("ELGG", "/version.php", "release ="), // false positives with Moodle -< needs one more line
array("CMS Made Simple", "/version.php", "CMS_VERSION ="), // needs 3 lines more array("CMS Made Simple", "/version.php", "CMS_VERSION ="), // needs 3 lines more
array("DataLife Engine", "/index.php", "dle_version ="), //needs one more line array("DataLife Engine", "/index.php", "dle_version ="), //needs one more line
array("phpCoin", "/version.php", "ThisVersion"), //needs one more line array("phpCoin", "/version.php", "ThisVersion"), //needs one more line

5
scan.py
View File

@ -243,6 +243,7 @@ scoring = {
'EITEST': (65, u'Eitest'), 'EITEST': (65, u'Eitest'),
'CRYPTO': (65, u'Cryptocurrency Miners'), 'CRYPTO': (65, u'Cryptocurrency Miners'),
'HTML_JS': (20, u'HTML & Javascript Malware'), 'HTML_JS': (20, u'HTML & Javascript Malware'),
'BINARY': (10, u'Binary File - Possible LRE or CryptoMiner'),
} }
@ -560,6 +561,10 @@ def is_hacked(filename):
score.append(('HTML_JS', '')) score.append(('HTML_JS', ''))
previous_line = l previous_line = l
if 'PROT_EXEC|PROT_WRITE failed.' in l \
or 'This file is packed with the UPX executable packer' in l:
score.append(('BINARY', ''))
if line_num < 20: if line_num < 20:
score.append(('FEW_LINES', '%i lines' % line_num)) score.append(('FEW_LINES', '%i lines' % line_num))
elif line_num < 100: elif line_num < 100: