Last active
January 21, 2020 21:03
-
-
Save jamieparfet/ad311276c72706e11c0d10d42d4a0b03 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| grep_list="clicktag|\ | |
| externalInterface\.addCallback|\ | |
| externalInterface\.call|\ | |
| flash\.external\.ExternalInterface\.call|\ | |
| flashvars|\ | |
| FScrollPane\.loadScrollContent|\ | |
| geturl\(_root|\ | |
| geturlBlankVar|\ | |
| geturlJSParam|\ | |
| geturlParentVar|\ | |
| geturl|\ | |
| htmlText|\ | |
| htmlVar|\ | |
| loadClip|\ | |
| loadMovieNum|\ | |
| loadMovieVar|\ | |
| loadMovie|\ | |
| loadVariables|\ | |
| loadVars\.load|\ | |
| loadVars\.send|\ | |
| navigateTourl|\ | |
| netStream\.play|\ | |
| sound\.loadSound|\ | |
| XML\.load|\ | |
| XML\.sendAndLoad" | |
| usage () { | |
| echo -e "Options:" | |
| echo -e " -u URL of an SWF file to download" | |
| echo -e " -L Download SWF files from a given list of URLs" | |
| echo -e " -o Output directory" | |
| echo -e " -a Analyze all .as files within a given directory, including subdirectories" | |
| echo -e " -g Custom grep string" | |
| echo -e "Examples:" | |
| echo -e " $0 -u http://example.com/flash.swf" | |
| echo -e " $0 -L /root/swf/list-of-urls.txt" | |
| echo -e " $0 -o /root/swf/example" | |
| echo -e " $0 -a /root/swf/example/extracted" | |
| echo -e " $0 -g 'password|geturl'" | |
| } | |
| check_ffdec () { | |
| # Make sure ffdec will execute from path | |
| if [ ! $(which ffdec) ]; then | |
| echo "[-] ERROR: Cannot find ffdec or it is not in your path." | |
| exit | |
| fi | |
| } | |
| check_output_dir () { | |
| # Check if supplied output dir is a dir | |
| if [ -d $output_dir ]; then | |
| # Then check if subdirs exists | |
| if [ ! -d ${output_dir}/swf ] && [ ! -d ${output_dir}/extracted ]; then | |
| # If they do not, make subdirs | |
| mkdir ${output_dir}/swf >/dev/null 2>&1 && mkdir ${output_dir}/extracted >/dev/null 2>&1 | |
| fi | |
| else | |
| # If output dir does not exist, make dir and subdirs | |
| mkdir -p ${output_dir}/swf && mkdir -p ${output_dir}/extracted | |
| fi | |
| } | |
| download_and_decompile () { | |
| # Assign first argument to variable | |
| target_url=$1 | |
| # Get the filename from the url by removing any params | |
| remove_params=$(echo "$target_url" | sed 's/\.swf.*/.swf/') | |
| # Remove .swf* (which includes paramaters) | |
| base_file_name=$(basename $remove_params | sed 's/\.swf//') | |
| # Create unique filename using hash of url | |
| unique_file_name="${base_file_name}-$(echo -n "$remove_params" | md5sum | awk '{ print $1 }')" | |
| # Check if swf file already exists | |
| if [[ -f ${output_dir}/swf/${unique_file_name}.swf ]]; then | |
| echo "[-] FILE EXISTS: ${output_dir}/swf/${unique_file_name}.swf" | |
| else | |
| # Create a directory with the base filename | |
| mkdir ${output_dir}/extracted/${unique_file_name} | |
| # Write some info about the target swf to a text file | |
| echo "URL:" > ${output_dir}/extracted/${unique_file_name}/info.txt | |
| echo "$target_url" >> ${output_dir}/extracted/${unique_file_name}/info.txt | |
| echo "FILENAME:" >> ${output_dir}/extracted/${unique_file_name}/info.txt | |
| echo "${unique_file_name}.swf" >> ${output_dir}/extracted/${unique_file_name}/info.txt | |
| echo "PATH:" >> ${output_dir}/extracted/${unique_file_name}/info.txt | |
| echo "$(realpath $output_dir)/swf/${unique_file_name}.swf" >> ${output_dir}/extracted/${unique_file_name}/info.txt | |
| echo "[+] Downloading ${base_file_name}.swf..." | |
| # Download the swf file and remove any parameters | |
| wget -q --no-check-certificate --user-agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:63.0) Gecko/20100101 Firefox/63.0" \ | |
| --timeout 45 --tries 5 -O ${output_dir}/swf/${unique_file_name}.swf ${target_url} | |
| # Check if downloaded swf is actually a flash file | |
| if [[ $(file ${output_dir}/swf/${unique_file_name}.swf) == *"Macromedia Flash"* ]]; then | |
| echo "[+] Decompiling ${base_file_name}.swf..." | |
| # Run ffdec and only export scripts | |
| ffdec -export script ${output_dir}/extracted/${unique_file_name}/ ${output_dir}/swf/${unique_file_name}.swf >/dev/null 2>&1 | |
| else | |
| # Otherwise, show and error and the results of the file command | |
| echo "[-] ERROR: file: $(file ${output_dir}/swf/${unique_file_name}.swf)" | |
| echo "[-] ERROR: deleting file downloaded from $target_url" | |
| # And remove the relevant files and dirs | |
| rm ${output_dir}/swf/${unique_file_name}.swf | |
| rm -rf ${output_dir}/extracted/${unique_file_name} | |
| fi | |
| fi | |
| } | |
| analyze () { | |
| targets=$1 | |
| grep_variable=$2 | |
| # Check if results are returned from grep matching | |
| if [[ $(grep -inE "$grep_variable" "$targets") ]]; then | |
| # If so, print the name of the file and the results | |
| echo "[+] $targets" | |
| grep --color -inE "$grep_variable" "$targets" | |
| fi | |
| } | |
| ############################# | |
| ######## Main script ######## | |
| ############################# | |
| # Get options | |
| while getopts ":u:L:o:a:g:" option; do | |
| case "${option}" in | |
| u) download_file=${OPTARG};; | |
| L) list_of_urls=${OPTARG};; | |
| o) output_dir=${OPTARG};; | |
| a) analyze=${OPTARG};; | |
| g) grep_string=${OPTARG};; | |
| *) usage; exit;; | |
| esac | |
| done | |
| shift "$((OPTIND-1))" | |
| # If output dir is provided | |
| if [ $output_dir ]; then | |
| # If -d is given (make sure other args are empty) | |
| if [ $download_file ] && [ -z $list_of_urls ]; then | |
| echo "[+] URL: $download_file" | |
| check_ffdec | |
| check_output_dir | |
| download_and_decompile "$download_file" | |
| #echo "Okay. single file downloaded." | |
| # If -L is provided | |
| elif [ $list_of_urls ]; then | |
| echo "[+] Input file: $list_of_urls" | |
| check_ffdec | |
| check_output_dir | |
| while read -r url | |
| do | |
| # Download if line starts with "http" | |
| if [[ $url == http* ]]; then | |
| download_and_decompile "$url" | |
| fi | |
| # End while loop (input is list of URLs) | |
| done < "$list_of_urls" | |
| # Otherwise, error out. | |
| else | |
| echo "[-] Fatal error, probably due to wrong arguments. Exiting." | |
| exit | |
| fi | |
| fi | |
| # If analyze argument is given | |
| if [ $analyze ]; then | |
| # Check if analyzing file or directory | |
| if [ -f $analyze ]; then | |
| echo "[+] Analyzing file: $analyze" | |
| # If custom grep is provided... | |
| if [[ $grep_string ]]; then | |
| # Run analyze function with the custom grep string | |
| analyze "$analyze" "$grep_string" | |
| else | |
| # Otherwise, just run with the default methods | |
| analyze "$analyze" "$grep_list" | |
| fi | |
| # If directory | |
| elif [ -d $analyze ]; then | |
| echo "[+] Analyzing directory: $analyze" | |
| # Gather all .as files from subdirectories | |
| find $analyze -type f -iname "*.as" -print0 | while IFS= read -r -d $'\0' actionscript_file; do | |
| if [[ $grep_string ]]; then | |
| analyze "$actionscript_file" "$grep_string" | |
| else | |
| analyze "$actionscript_file" "$grep_list" | |
| fi | |
| done | |
| else | |
| echo "[-] ERROR: Neither file nor directory provided for analysis." | |
| fi | |
| fi | |
| # This needs to be moved | |
| echo "[+] Done." | |
| # Some strings to grep for: | |
| # singluar root variables = 'var .*= _root\.[a-zA-Z0-9]*;$' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment