Skip to content

Commit

Permalink
feat: add disable-checksum flag
Browse files Browse the repository at this point in the history
  • Loading branch information
marcocesarato committed Jan 11, 2021
1 parent 0d6f107 commit ff0bc2e
Show file tree
Hide file tree
Showing 2 changed files with 106 additions and 68 deletions.
109 changes: 55 additions & 54 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -169,60 +169,61 @@ Arguments:
Flags:
--auto-clean - Auto clean code (without confirmation, use with caution)
--auto-clean-line - Auto clean line code (without confirmation, use with caution)
--auto-delete - Auto delete infected (without confirmation, use with caution)
--auto-prompt <prompt> - Set auto prompt command .
ex. --auto-prompt="delete" or --auto-prompt="1" (alias of auto-delete)
--auto-quarantine - Auto quarantine
--auto-skip - Auto skip
--auto-whitelist - Auto whitelist (if you sure that source isn't compromised)
--backup|-b - Make a backup of every touched files
--defs - Get default definitions exploit and functions list
--defs-exploits - Get default definitions exploits list
--defs-functions - Get default definitions functions lists
--defs-functions-encoded - Get default definitions functions encoded lists
--disable-cache|--no-cache - Disable Cache
--disable-colors|--no-colors|--no-color - Disable CLI colors
--disable-report|--no-report - Disable Report
--exploits <exploits> - Filter exploits
--filter-paths|--filter-path <paths> - Filter path/s, for multiple value separate with comma.
Wildcards are enabled ex. /path/*/htdocs or /path/*.php
--functions <functions> - Define functions to search
--help|-h|-? - Check only functions and not the exploits
--ignore-paths|--ignore-path <paths> - Ignore path/s, for multiple value separate with comma.
Wildcards are enabled ex. /path/*/cache or /path/*.log
--limit <limit> - Set file mapping limit
--lite|-l - Running on lite mode help to have less false positive on WordPress and others
platforms enabling exploits mode and removing some common exploit pattern
--log <path> - Write a log file on the specified file path
[default: ./scanner.log]
--max-filesize <filesize> - Set max filesize to scan
[default: -1]
--offset <offset> - Set file mapping offset
--only-exploits|-e - Check only exploits and not the functions
--only-functions|-f - Check only functions and not the exploits
--only-signatures|-s - Check only functions and not the exploits.
This is recommended for WordPress or others platforms
--path-backups <path> - Set backups path directory.
Is recommended put files outside the public document path
[default: /scanner-backups/]
--path-logs <path> - Set quarantine log file
[default: ./scanner.log]
--path-quarantine <path> - Set quarantine path directory.
Is recommended put files outside the public document path
[default: ./scanner-quarantine/]
--path-report <path> - Set report log file
[default: ./scanner-report.html]
--path-whitelist <path> - Set whitelist file
[default: ./scanner-whitelist.json]
--report-format <format> - Report format (html|txt)
--report|-r - Report scan only mode without check and remove malware (like --auto-skip).
It also write a report with all malware paths found
--silent - No output and prompt
--update|-u - Update to last version
--version|-v - Get version number
--whitelist-only-path - Check on whitelist only file path and not line number
--auto-clean - Auto clean code (without confirmation, use with caution)
--auto-clean-line - Auto clean line code (without confirmation, use with caution)
--auto-delete - Auto delete infected (without confirmation, use with caution)
--auto-prompt <prompt> - Set auto prompt command .
ex. --auto-prompt="delete" or --auto-prompt="1" (alias of auto-delete)
--auto-quarantine - Auto quarantine
--auto-skip - Auto skip
--auto-whitelist - Auto whitelist (if you sure that source isn't compromised)
--backup|-b - Make a backup of every touched files
--defs - Get default definitions exploit and functions list
--defs-exploits - Get default definitions exploits list
--defs-functions - Get default definitions functions lists
--defs-functions-encoded - Get default definitions functions encoded lists
--disable-cache|--no-cache - Disable Cache
--disable-checksum|--no-checksum|--no-verify - Disable checksum verifying for platforms/framerwoks
--disable-colors|--no-colors|--no-color - Disable CLI colors
--disable-report|--no-report - Disable report generation
--exploits <exploits> - Filter exploits
--filter-paths|--filter-path <paths> - Filter path/s, for multiple value separate with comma.
Wildcards are enabled ex. /path/*/htdocs or /path/*.php
--functions <functions> - Define functions to search
--help|-h|-? - Check only functions and not the exploits
--ignore-paths|--ignore-path <paths> - Ignore path/s, for multiple value separate with comma.
Wildcards are enabled ex. /path/*/cache or /path/*.log
--limit <limit> - Set file mapping limit
--lite|-l - Running on lite mode help to have less false positive on WordPress and others
platforms enabling exploits mode and removing some common exploit pattern
--log <path> - Write a log file on the specified file path
[default: ./scanner.log]
--max-filesize <filesize> - Set max filesize to scan
[default: -1]
--offset <offset> - Set file mapping offset
--only-exploits|-e - Check only exploits and not the functions
--only-functions|-f - Check only functions and not the exploits
--only-signatures|-s - Check only functions and not the exploits.
This is recommended for WordPress or others platforms
--path-backups <path> - Set backups path directory.
Is recommended put files outside the public document path
[default: /scanner-backups/]
--path-logs <path> - Set quarantine log file
[default: ./scanner.log]
--path-quarantine <path> - Set quarantine path directory.
Is recommended put files outside the public document path
[default: ./scanner-quarantine/]
--path-report <path> - Set report log file
[default: ./scanner-report.html]
--path-whitelist <path> - Set whitelist file
[default: ./scanner-whitelist.json]
--report-format <format> - Report format (html|txt)
--report|-r - Report scan only mode without check and remove malware (like --auto-skip).
It also write a report with all malware paths found
--silent - No output and prompt
--update|-u - Update to last version
--version|-v - Get version number
--whitelist-only-path - Check on whitelist only file path and not line number

Usage: amwscan [--lite|-a] [--help|-h|-?] [--log|-l <path>] [--backup|-b] [--offset
<offset>] [--limit <limit>] [--report|-r] [--report-format <format>]
Expand Down
65 changes: 51 additions & 14 deletions src/Scanner.php
Original file line number Diff line number Diff line change
Expand Up @@ -318,7 +318,12 @@ public function run($args = null)
CLI::writeLine('Scanning ' . self::$pathScan, 2);

// Mapping files
CLI::writeLine('Mapping and retrieving checksums, please wait...', 2);
if (self::isVerifierEnabled()) {
CLI::writeLine('Mapping and retrieving checksums, please wait...', 2);
} else {
CLI::writeLine('Mapping, please wait...', 2);
}

$iterator = $this->mapping();

// Counting files
Expand Down Expand Up @@ -401,7 +406,8 @@ private function arguments($args = null)
self::$argv->addFlag('path-report', ['default' => self::$pathReport, 'has_value' => true, 'value_name' => 'path', 'help' => 'Set report log file']);
self::$argv->addFlag('disable-colors', ['alias' => ['--no-colors', '--no-color'], 'default' => false, 'help' => 'Disable CLI colors']);
self::$argv->addFlag('disable-cache', ['alias' => '--no-cache', 'default' => false, 'help' => 'Disable Cache']);
self::$argv->addFlag('disable-report', ['alias' => '--no-report', 'default' => false, 'help' => 'Disable Report']);
self::$argv->addFlag('disable-report', ['alias' => '--no-report', 'default' => false, 'help' => 'Disable report generation']);
self::$argv->addFlag('disable-checksum', ['alias' => ['--no-checksum', '--no-verify'], 'default' => false, 'help' => 'Disable checksum verifying for platforms/framerwoks']);
//self::$argv->addFlag('deobfuscate', ['default' => false, 'help' => 'Deobfuscate directory']);
self::$argv->addArgument('path', ['var_args' => true, 'default' => self::currentDirectory(), 'help' => 'Define the path of the file or directory to scan']);
self::$argv->parse($args);
Expand Down Expand Up @@ -462,6 +468,9 @@ private function arguments($args = null)
// Cache
self::setCache(!self::$argv['disable-cache']);

// Verifier
self::setVerifier(!self::$argv['disable-checksum']);

// Max filesize
if (isset(self::$argv['max-filesize']) && is_numeric(self::$argv['max-filesize'])) {
self::setMaxFilesize(self::$argv['max-filesize']);
Expand Down Expand Up @@ -767,7 +776,9 @@ public function mapping()

if (!$ignore &&
$cur->isDir()) {
Modules::init($cur->getPath());
if (self::isVerifierEnabled()) {
Modules::init($cur->getPath());
}

return false;
}
Expand All @@ -782,21 +793,29 @@ public function mapping()
$mapped = 0;
$count = iterator_count($filtered);

CLI::writeBreak(1);
CLI::writeLine('Verifying files checksum...', 2);
$iterator = $filtered;

if (self::isVerifierEnabled()) {
unset($iterator);

CLI::writeBreak(1);
CLI::writeLine('Verifying files checksum...', 2);

foreach ($filtered as $cur) {
CLI::progress($mapped++, $count);
if ($cur->isFile() && !Modules::isVerified($cur->getPathname())) {
$mapping[] = $cur;
foreach ($filtered as $cur) {
CLI::progress($mapped++, $count);
if ($cur->isFile() && !Modules::isVerified($cur->getPathname())) {
$mapping[] = $cur;
}
CLI::progress($mapped, $count);
}
CLI::progress($mapped, $count);
}
$iterator = new ArrayObject($mapping);

CLI::writeBreak(1);
$object = new ArrayObject($mapping);
$iterator = $object->getIterator();

CLI::writeBreak(1);
}

return $iterator->getIterator();
return $iterator;
}

$file = new SplFileInfo(self::$pathScan);
Expand Down Expand Up @@ -1682,6 +1701,24 @@ public static function isSilentMode()
return isset(self::$settings['silent']) ? self::$settings['silent'] : false;
}

/**
* @return self
*/
public static function setVerifier($mode = true)
{
self::$settings['verifier'] = $mode;

return new static();
}

/**
* @return bool
*/
public static function isVerifierEnabled()
{
return isset(self::$settings['verifier']) ? self::$settings['verifier'] : true;
}

/**
* @return self
*/
Expand Down

0 comments on commit ff0bc2e

Please sign in to comment.