Skip to content

Instantly share code, notes, and snippets.

@oxagast
Created January 17, 2022 23:47
Show Gist options
  • Save oxagast/909606cae698ef5b38ffcb02d15fbb9e to your computer and use it in GitHub Desktop.
Save oxagast/909606cae698ef5b38ffcb02d15fbb9e to your computer and use it in GitHub Desktop.
Sweep, a super minimal virus scan written in bash.
#!/bin/bash
# hi, i'm sweep, a super minimal virus scan written in bash.
# put signaturers in sigs.1 file in the dir you run me from!
BIN=bash;
sweep() {
for MEM in $(cat /proc/$1/maps|grep -E \\[\|\\/|cut -c -26);
do
echo $MEM;
ST=$(echo $MEM|cut -f 1 -d '-');
FI=$(echo $MEM|cut -f 2 -d '-'|cut -d ' ' -f 1);
gdb --batch --pid $1 -ex "dump memory mem.raw 0x$ST 0x$FI" 2>&1 >/dev/null;
objdump -D mem.raw 2>/dev/null;
while read line;
do
grep $(echo $line) mem.raw;
if [ $? -eq 0 ]; then
echo "MEMORY TRANSIENT VIRUS DETECTED!!!";
sleep 5;
fi;
done < sigs.1
done;
};
export -f sweep;
pgrep -f $BIN | xargs -d '\n' -I {X} -P 8 bash -c 'sweep {X}'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment