-
-
Save emilyploszaj/a9693c4f3de5ec9fbc255c51ff3ca47e to your computer and use it in GitHub Desktop.
Very Naive CF Malware Scanner
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /bin/bash | |
| echo "This check is not perfect, and can trigger both false positives AND false negatives, don't assume malware based on results" | |
| echo "" | |
| HIGHLIGHTED='\033[0;31m' | |
| RESET='\033[0m' | |
| INPUT=./*.jar | |
| for file in $INPUT | |
| do | |
| unzip $file -d classes > /dev/null | |
| if grep -e "ClassLoader" -r classes > /dev/null; then | |
| echo -e "[!] WARNING ${HIGHLIGHTED}$file${RESET} contains a class loader and may be Fractureiser, please decompile and manually check!" | |
| echo " Check the following classes:" | |
| grep -e "ClassLoader" -r classes | |
| fi | |
| rm -rf classes | |
| done |
if you’re on windows, use WSL. a better detector is also being worked on at https://github.com/MCRcortex/nekodetector
…On Wed, Jun 7, 2023 at 14:23, Kraugel13 - notifications(a)github.com ***@***.***(mailto:On Wed, Jun 7, 2023 at 14:23, Kraugel13 - notifications(a)github.com <<a href=)> wrote:
@Kraugel13 commented on this gist.
---------------------------------------------------------------
how do I run all this? VS code? windows power shell? install as a notepad file and run it?
—
Reply to this email directly, [view it on GitHub](https://gist.github.com/emilyploszaj/a9693c4f3de5ec9fbc255c51ff3ca47e#gistcomment-4592668) or [unsubscribe](https://github.com/notifications/unsubscribe-auth/AEN5Z4CNQ4VX3N66GG5VQWTXKDBJPBFKMF2HI4TJMJ2XIZLTSKBKK5TBNR2WLJDHNFZXJJDOMFWWLK3UNBZGKYLEL52HS4DFQKSXMYLMOVS2I5DSOVS2I3TBNVS3W5DIOJSWCZC7OBQXE5DJMNUXAYLOORPWCY3UNF3GS5DZVRZXKYTKMVRXIX3UPFYGLK2HNFZXIQ3PNVWWK3TUUZ2G64DJMNZZDAVEOR4XAZNEM5UXG5FFOZQWY5LFVEYTEMRYGQ2DQNBXU52HE2LHM5SXFJTDOJSWC5DF).
You are receiving this email because you commented on the thread.
Triage notifications on the go with GitHub Mobile for [iOS](https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675) or [Android](https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub).
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
how do I run all this? VS code? windows power shell? install as a notepad file and run it?