KrakenTech/RMM-Hunter
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add JSON and HTML writers for reporting Hunter findings

Browse Source
This commit is contained in:
Evan Hosinski
2025-10-10 16:06:48 -04:00
parent 10b1bb7ed6
commit e2015b3df2
9 changed files with 894 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/pkg/hunt/detect/common/functions.go
+1 -9
View File
@@ -22,17 +22,10 @@ func AnalyzeExecutablePath(command string) (bool, string) {
}
}
// Check for suspicious installation paths
suspiciousPaths := []string{
"\\temp\\", "\\tmp\\", "\\appdata\\local\\temp\\",
"\\users\\public\\", "\\programdata\\",
"\\windows\\temp\\", "\\%temp%\\",
}
execPathLower := strings.ToLower(execPath)
// Check for suspicious installation paths
suspiciousPaths = []string{
suspiciousPaths := []string{
"\\temp\\", "\\tmp\\", "\\appdata\\local\\temp\\",
"\\users\\public\\", "\\programdata\\",
"\\windows\\temp\\", "\\%temp%\\",
@@ -50,7 +43,6 @@ func AnalyzeExecutablePath(command string) (bool, string) {
"\\oracle\\",
"\\citrix\\",
"\\vmware\\",
// Add more trusted publishers as needed
}
isTrusted := false
internal/pkg/hunt/detect/connections/outbound.go
+1 -1
View File
@@ -45,7 +45,7 @@ func compareConnections(connections []NetworkConnection) []NetworkConnection {
for _, dns := range common.CommonDNS {
if matchesDNSPattern(remote, dns) {
fmt.Printf(" [?] Found %s\n", conn.RemoteHost)
fmt.Printf(" [?] Found %s\n", conn.RemoteHost)
suspiciousConnections = append(suspiciousConnections, conn)
break
}