Refactor suspicious artifact data structures, enhance eliminated state tracking, and update UI rendering for eliminated items. Add JSON marshal/unmarshal support for Binary and Directory types.
This commit is contained in:
Evan Hosinski
@@ -5,12 +5,13 @@ import (
|
||||
"os"
|
||||
"path/filepath"
|
||||
"rmm-hunter/internal/pkg/hunt/detect/common"
|
||||
. "rmm-hunter/internal/suspicious"
|
||||
"strings"
|
||||
"sync"
|
||||
)
|
||||
|
||||
func Detect() []string {
|
||||
var foundBinaries []string
|
||||
func Detect() []Binary {
|
||||
var foundBinaries []Binary
|
||||
var mu sync.Mutex
|
||||
var wg sync.WaitGroup
|
||||
|
||||
@@ -52,7 +53,7 @@ func Detect() []string {
|
||||
// Collect results
|
||||
for result := range resultChan {
|
||||
mu.Lock()
|
||||
foundBinaries = append(foundBinaries, result)
|
||||
foundBinaries = append(foundBinaries, Binary{Path: result})
|
||||
mu.Unlock()
|
||||
fmt.Printf(" [?] Found %s\n", result)
|
||||
}
|
||||
|
||||
@@ -5,13 +5,14 @@ import (
|
||||
"os"
|
||||
"path/filepath"
|
||||
"rmm-hunter/internal/pkg/hunt/detect/common"
|
||||
. "rmm-hunter/internal/suspicious"
|
||||
"strings"
|
||||
)
|
||||
|
||||
var appData = os.Getenv("APPDATA")
|
||||
|
||||
func Detect() []string {
|
||||
var suspiciousDirectories []string
|
||||
func Detect() []Directory {
|
||||
var suspiciousDirectories []Directory
|
||||
seen := make(map[string]bool) // Prevent duplicates
|
||||
|
||||
fmt.Printf("[*] Enumerating Suspicious Directories \n")
|
||||
@@ -26,7 +27,7 @@ func Detect() []string {
|
||||
for _, match := range matches {
|
||||
if !seen[match] {
|
||||
fmt.Printf(" [?] Found %s\n", match)
|
||||
suspiciousDirectories = append(suspiciousDirectories, match)
|
||||
suspiciousDirectories = append(suspiciousDirectories, Directory{Path: match})
|
||||
seen[match] = true
|
||||
}
|
||||
}
|
||||
@@ -35,7 +36,7 @@ func Detect() []string {
|
||||
if _, err := os.Stat(dir); err == nil {
|
||||
if !seen[dir] {
|
||||
fmt.Printf(" [?] Found %s\n", dir)
|
||||
suspiciousDirectories = append(suspiciousDirectories, dir)
|
||||
suspiciousDirectories = append(suspiciousDirectories, Directory{Path: dir})
|
||||
seen[dir] = true
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,6 +1,8 @@
|
||||
package eliminate
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
|
||||
. "rmm-hunter/internal/suspicious"
|
||||
|
||||
scurvy "github.com/Kraken-OffSec/Scurvy"
|
||||
@@ -8,9 +10,16 @@ import (
|
||||
|
||||
// EliminateProcess kills a process and removes its binary from the system
|
||||
func EliminateProcess(p Process) error {
|
||||
err, proc := scurvy.FindProcessByPID(p.PID)
|
||||
err, procs := scurvy.ListProcesses()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return proc.Kill()
|
||||
|
||||
for _, proc := range procs {
|
||||
if proc.Pid() == p.PID {
|
||||
return proc.Kill()
|
||||
}
|
||||
}
|
||||
|
||||
return fmt.Errorf("process %d not found", p.PID)
|
||||
}
|
||||
|
||||
@@ -460,7 +460,7 @@ const htmlTemplate = `<!DOCTYPE html>
|
||||
{{if .Findings.Binaries}}
|
||||
{{range .Findings.Binaries}}
|
||||
<div class="item">
|
||||
<div class="item-detail">{{.}}</div>
|
||||
<div class="item-detail">{{.Path}}</div>
|
||||
</div>
|
||||
{{end}}
|
||||
{{else}}
|
||||
@@ -479,7 +479,7 @@ const htmlTemplate = `<!DOCTYPE html>
|
||||
{{if .Findings.Directories}}
|
||||
{{range .Findings.Directories}}
|
||||
<div class="item">
|
||||
<div class="item-detail">{{.}}</div>
|
||||
<div class="item-detail">{{.Path}}</div>
|
||||
</div>
|
||||
{{end}}
|
||||
{{else}}
|
||||
|
||||
Reference in New Issue
Block a user