-
Notifications
You must be signed in to change notification settings - Fork 3
/
scan.sh
103 lines (81 loc) · 2.78 KB
/
scan.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
#!/bin/bash
# Check if an argument was provided
exclude_paths=()
while (( "$#" )); do
case "$1" in
-p|--path)
path="$2"
shift 2
;;
-e|--exclude-path)
exclude_paths+=("$2")
shift 2
;;
--)
shift
break
;;
*)
echo "Invalid option: -$OPTARG" >&2
exit 1
;;
esac
done
# Read the file list.txt and store each line into the array search_strings
readarray -t search_strings < list.txt
# Get the total number of search strings
total=${#search_strings[@]}
# Create an empty array to store the grep results
grep_results=()
# Initialize a counter
counter=0
# Loop through each search string in the array
for string in "${search_strings[@]}"; do
# Increment the counter
((counter++))
string=$(echo "$string" | tr -d '\n')
# Print the current position and total
echo "Scanning string $counter of $total: scan keyword $string"
# Run the grep command with the current search string and store the results in the array grep_results
while IFS= read -r line; do
grep_results+=("$line")
done < <(grep -Rlw "$path" -e "$string")
done
echo "==================================================================================================="
echo "suspect file list:"
# Remove duplicates from the array grep_results
readarray -t unique_grep_results < <(printf '%s\n' "${grep_results[@]}" | sort -u)
# Display the unique results
printf '%s\n' "${unique_grep_results[@]}"
echo "==================================================================================================="
echo "backdoor suspect list:"
# Check if unique_grep_results is not empty
if [ ${#unique_grep_results[@]} -ne 0 ]; then
# Loop through each file in unique_grep_results
for file in "${unique_grep_results[@]}"; do
# Calculate the md5sum of the file
md5=$(md5sum "$file" | awk '{ print $1 }')
# Check if the md5sum is in sum5list.txt
if grep -q "$md5" sum5list.txt; then
echo "The file $file is backdoor."
else
echo "The file $file is not backdoor, please inform this script author for next investigation."
fi
done
fi
while IFS= read -r line
do
# Adds each path to the exclude variable
exclude_paths="$exclude_paths -not -path '$line'"
done < exclude_paths.txt
while IFS= read -r line
do
# Adds each path to the exclude variable
exclude_files="$exclude_files -not -name '$line'"
done < exclude_files.txt
echo "==================================================================================================="
echo "writeable folder list:"
eval "find $path -type d -perm /u=w,g=w,o=w $exclude_paths"
echo "==================================================================================================="
echo "writeable file list:"
eval "find $path -type f -perm /u=w,g=w,o=w $exclude_paths $exclude_files"