KrakenTech/RMM-Hunter
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor AutoRun detection to use Scurvy library, enhance suspicious entry checks, and update UI rendering for detailed info

Browse Source
This commit is contained in:
Evan Hosinski
2025-10-11 15:15:35 -04:00
parent 02ed2ce046
commit 53f527feff
8 changed files with 149 additions and 150 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/tui/detailview.go
+1 -1
View File
@@ -78,7 +78,7 @@ func (m DetailViewModel) renderDetails() string {
switch m.typeKey {
case "autoruns":
ar := m.data.AutoRuns[m.index]
return fmt.Sprintf("Name: %s\nCommand: %s\nLocation: %s\nEnabled: %v\nDescription: %s", ar.Name, ar.Command, ar.Location, ar.Enabled, ar.Description)
return fmt.Sprintf("Type: %s\nEntry: %s\nLaunch: %s\nLocation: %s\nImage: %s\nArgs: %s\nMD5: %s\nSHA1: %s\nSHA256: %s", ar.Type, ar.Entry, ar.LaunchString, ar.Location, ar.ImagePath, ar.Arguments, ar.MD5, ar.SHA1, ar.SHA256)
case "binaries":
b := m.data.Binaries[m.index]
return fmt.Sprintf("Binary: %s\nAction: delete file", b)
internal/tui/listview.go
+5 -2
View File
@@ -46,8 +46,11 @@ func NewListView(typeKey string, sus suspicious.Suspicious, width, height int) L
case "autoruns":
header = "Suspicious AutoRuns"
for _, ar := range sus.AutoRuns {
title := ar.Name
desc := fmt.Sprintf("%s (%s)", ar.Command, ar.Location)
title := ar.ImageName
if title == "" {
title = ar.Entry
}
desc := fmt.Sprintf("%s (%s)", ar.ImagePath, ar.Location)
items = append(items, listItem{title: title, desc: desc})
}
case "binaries":