Skip to content

Instantly share code, notes, and snippets.

@anon987654321

anon987654321/1 - README.md

Last active November 15, 2024 23:04
Show Gist options
  • Save anon987654321/f9836e479c4c8339004a974a00a5793f to your computer and use it in GitHub Desktop.
Save anon987654321/f9836e479c4c8339004a974a00a5793f to your computer and use it in GitHub Desktop.
Download ZIP
vulcheck.rb -- Ruby script to check your macOS laptop or iPhone for viruses/trojans or other stalker tools
Raw
1 - README.md

vulcheck.rb - System Infection and Security Check for macOS and iOS

This script checks for known system infections and suspicious behavior on macOS and iOS devices. It installs necessary tools like chkrootkit and rkhunter, and scans for potential security issues.

How to Use the Script

  1. Install Required Dependencies: The script installs necessary tools like chkrootkit and rkhunter via MacPorts. Make sure you have MacPorts installed on your system.

  2. Run the Script:

    • For macOS: 
      sudo ruby vulcheck.rb --macos
    • For iOS: 
      sudo ruby vulcheck.rb --ios

    When the script is run, it installs the required tools and writes a Python wrapper (vulcheck_scan.py) to /usr/local/bin. This wrapper is used to run security scans.

Features

  • Install Required Tools: The script checks if chkrootkit and rkhunter are installed. If not, it installs them via MacPorts.
  • Writes a Python Wrapper: The script creates a wrapper that can be used to run rootkit scans with chkrootkit and rkhunter.
  • Runs Security Checks: The script runs chkrootkit and rkhunter to find potential security threats on the device.

Requirements

  • MacPorts must be installed on your system.
  • The script requires administrator privileges to install tools and write to system directories.

For Additional Help

Run ruby vulcheck.rb --help to get help on how to use the script.

Raw
2 - vulcheck.md

vulcheck.rb

#!/usr/bin/env ruby

# **vulcheck.rb**
#
# This script checks for known system infections and suspicious behavior in macOS and iOS devices.
# It installs necessary tools like `chkrootkit` and `rkhunter`, then scans for potential security issues.
# Designed to run on macOS and iOS.

require 'optparse'
require 'fileutils'

# Function to check if the system is macOS or iOS
def system_type
  if File.exist?('/Applications/Utilities/Terminal.app') # macOS check
    return 'macos'
  elsif File.exist?('/System/Applications/Feedback.app') # iOS check
    return 'ios'
  else
    raise 'Unsupported OS'
  end
end

# Function to install chkrootkit and rkhunter on macOS/iOS
def install_dependencies
  puts "Installing chkrootkit and rkhunter..."

  # Check if port is available (macOS and iOS uses MacPorts)
  if system('which port > /dev/null 2>&1')
    system('sudo port install chkrootkit rkhunter')
  else
    puts 'MacPorts not found. Install MacPorts first.'
    exit(1)
  end
end

# Function to write the Python wrapper for scanning
def write_python_wrapper
  python_script = <<~PYTHON
    #!/usr/bin/env python3
    import os
    import subprocess

    def run_scan(scan_tool):
        try:
            result = subprocess.run(scan_tool, check=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
            print(f"Scan results:\n{result.stdout.decode()}")
        except subprocess.CalledProcessError as e:
            print(f"Error during scan: {e.stderr.decode()}")
            return False
        return True

    # Run chkrootkit scan
    run_scan(["chkrootkit"])

    # Run rkhunter scan
    run_scan(["rkhunter", "--check"])
  PYTHON

  File.write('/usr/local/bin/vulcheck_scan.py', python_script)
  File.chmod(0755, '/usr/local/bin/vulcheck_scan.py')
  puts "Python wrapper written to /usr/local/bin/vulcheck_scan.py"
end

# Function to run the security scan
def run_security_scan
  puts "Running security scan..."

  # Check if chkrootkit is installed
  if system('which chkrootkit > /dev/null 2>&1')
    system('chkrootkit')
  else
    puts 'chkrootkit is not installed. Installing it now...'
    install_dependencies
    system('chkrootkit')
  end

  # Check if rkhunter is installed
  if system('which rkhunter > /dev/null 2>&1')
    system('rkhunter --check')
  else
    puts 'rkhunter is not installed. Installing it now...'
    install_dependencies
    system('rkhunter --check')
  end
end

# Function to install the script dependencies for macOS/iOS
def install_dependencies_for_ios
  if system_type == 'macos'
    install_dependencies
  elsif system_type == 'ios'
    install_dependencies
  else
    raise 'Unsupported system type'
  end
end

# Main method to execute the script
def main
  options = {}

  OptionParser.new do |opts|
    opts.banner = "Usage: vulcheck.rb [options]"

    opts.on("--macos", "Run the script for macOS") do |v|
      options[:macos] = v
    end

    opts.on("--ios", "Run the script for iOS") do |v|
      options[:ios] = v
    end

    opts.on_tail("-h", "--help", "Show this message") do
      puts opts
      exit
    end
  end.parse!

  if options[:macos] || options[:ios]
    # Install dependencies and write python wrapper
    install_dependencies_for_ios
    write_python_wrapper

    # Run security scan
    run_security_scan
  else
    puts 'Please specify either --macos or --ios.'
    exit(1)
  end
end

# Run the main method
main
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment