We’ve malicious URL. Your job is write modules to check if current URL is infected.
No just need to do the most basic thing: check the url only
This is 1 simple module for fast detection. And ofc this is fun challenge only
Also all malwares are binaries -> need to be downloaded
i think you need to do yourself haha
i did. i can’t create a challenge without my test.
can we get the code?
My code is really simple:
- We have a database, in this case is text file that contains information
- A module that
parse databaseto save information into memory
- A loop to check URL
This is a very simple example so there is no URL encode check or complex handle. A real world module will need more work.
import strutils const dbPath = "challenge2/db.txt" type DBSig = object mURL: string mName: string proc loadDb*(): seq[DBSig] = for line in lines(dbPath): var thisURL, thisName: string (thisURL, thisName) = line.split("|") var thisSignature = DBSig( mURL: thisURL, mName: thisName, ) result.add(thisSignature) proc scanURL*(url: string): bool = let db = loadDb() for signature in db: if url == signature.mURL: echo "Infected by " & signature.mName return true return false
import core import os if paramCount() == 0: echo "[x] Enter at least 1 url" else: for i in 1 .. paramCount(): if scanURL(paramStr(i)): echo paramStr(i) & " is infected" else: echo paramStr(i) & " is cleaned"
http://sv1.parrot.sh/foo/elf1.x86|unix.x86.mirai.generic https://sv2.parrotsec.org/nix/iso/sudo|unix.x86.trojan.generic http://sv3.eu.parrot.org/folder/passwd|unix.amd64.metasploit.hack-tool
i get the idea what is done
thanks for the coede
The reason why it is that simple because it is fast and protection can have multiple layers.