메뉴 건너뛰기

Hello :0

[Go] Web Shell Finder [작성중]

2016.11.09 15:46

Leekyu 조회 수:77

// gowebshellfinder project gowebshellfinder.go
package main

import (
"bufio"
"fmt"
"io/ioutil"
"log"
"os"
"path/filepath"
"regexp"
"time"
)

var webshell_partterns = []string{} //패턴 전역 변수

//패턴 읽기
func read_parttern() error {
f, _ := os.Open("./parttern.txt") // just pass the file name
scanner := bufio.NewScanner(f)
// Loop over all lines in the file and print them.
for scanner.Scan() {
line := scanner.Text()
webshell_partterns = append(webshell_partterns, line)

}
return nil
}

func RegSplit(text string, delimeter string) []string {
reg := regexp.MustCompile(delimeter)
indexes := reg.FindAllStringIndex(text, -1)
laststart := 0
result := make([]string, len(indexes)+1)
for i, element := range indexes {
result[i] = text[laststart:element[0]]
laststart = element[1]
}
result[len(indexes)] = text[laststart:len(text)]
return result
}

//파일 path walk
func printFile(path string, info os.FileInfo, err error) error {

if err != nil {
log.Print(err)
return nil
}
fmt.Println(path)
for _, parttern := range webshell_partterns { //정규표현식 구문과 파일 매칭 비교
fileInfo, _ := os.Stat(path) //is dir
if fileInfo.IsDir() == true {
//fmt.Println(path, "is DIR") //디렉터리일 경우

} else {

dat, _ := ioutil.ReadFile(path) //read file
match, _ := regexp.MatchString((RegSplit(parttern, "^[0-9]+:[0-9]+:")[1]), string(dat))

if match == true {

filter_parttern := (RegSplit(parttern, "^[0-9]+:[0-9]+:")[1])
r, _ := regexp.Compile(filter_parttern)
match_string := r.FindString(string(dat))
fmt.Println(match_string, filter_parttern)
f, err := os.OpenFile("shell_report.txt", os.O_APPEND|os.O_WRONLY, 0600)
if err != nil {
panic(err)
}

if _, err = f.WriteString("Path : " + path + "\n" + "Match String : " + match_string + "\n" + "Parttern : " + parttern + "\n\n"); err != nil {
panic(err)
}

return nil
}

}

}
//파일패스 디렉터리 출력
return nil
}

//메인함수
func main() {
fmt.Println("Simple Go Web Shell Finder v0.1")

//현재시간 write
f, _ := os.OpenFile("shell_report.txt", os.O_CREATE|os.O_WRONLY, 0600)
defer f.Close()
f.WriteString("Start : " + time.Now().String() + "\n")

log.SetFlags(log.Lshortfile)
//dir := os.Args[1]
dir := "./" //현재 디렉터리

fmt.Println("read parttern file..")
read_parttern()

fmt.Println("Start WebShell Search...")
err1 := filepath.Walk(dir, printFile)
if err1 != nil {
log.Fatal(err1)
}

}