Malware Scanner Tidying
This commit is contained in:
parent
c15103e78e
commit
db0dbdb9dc
7 changed files with 108 additions and 202 deletions
|
@ -13,7 +13,6 @@ import the.bytecode.club.bytecodeviewer.*;
|
||||||
import the.bytecode.club.bytecodeviewer.api.ExceptionUI;
|
import the.bytecode.club.bytecodeviewer.api.ExceptionUI;
|
||||||
import the.bytecode.club.bytecodeviewer.gui.components.*;
|
import the.bytecode.club.bytecodeviewer.gui.components.*;
|
||||||
import the.bytecode.club.bytecodeviewer.gui.plugins.MaliciousCodeScannerOptions;
|
import the.bytecode.club.bytecodeviewer.gui.plugins.MaliciousCodeScannerOptions;
|
||||||
import the.bytecode.club.bytecodeviewer.gui.plugins.MaliciousCodeScannerOptionsV2;
|
|
||||||
import the.bytecode.club.bytecodeviewer.gui.plugins.ReplaceStringsOptions;
|
import the.bytecode.club.bytecodeviewer.gui.plugins.ReplaceStringsOptions;
|
||||||
import the.bytecode.club.bytecodeviewer.gui.resourcelist.ResourceListPane;
|
import the.bytecode.club.bytecodeviewer.gui.resourcelist.ResourceListPane;
|
||||||
import the.bytecode.club.bytecodeviewer.gui.resourcesearch.SearchBoxPane;
|
import the.bytecode.club.bytecodeviewer.gui.resourcesearch.SearchBoxPane;
|
||||||
|
@ -567,7 +566,7 @@ public class MainViewerGUI extends JFrame
|
||||||
|
|
||||||
openExternalPlugin.addActionListener(arg0 -> openExternalPlugin());
|
openExternalPlugin.addActionListener(arg0 -> openExternalPlugin());
|
||||||
codeSequenceDiagram.addActionListener(arg0 -> CodeSequenceDiagram.open());
|
codeSequenceDiagram.addActionListener(arg0 -> CodeSequenceDiagram.open());
|
||||||
maliciousCodeScanner.addActionListener(e -> MaliciousCodeScannerOptionsV2.open());
|
maliciousCodeScanner.addActionListener(e -> MaliciousCodeScannerOptions.open());
|
||||||
showMainMethods.addActionListener(e -> PluginManager.runPlugin(new ShowMainMethods()));
|
showMainMethods.addActionListener(e -> PluginManager.runPlugin(new ShowMainMethods()));
|
||||||
showAllStrings.addActionListener(e -> PluginManager.runPlugin(new ShowAllStrings()));
|
showAllStrings.addActionListener(e -> PluginManager.runPlugin(new ShowAllStrings()));
|
||||||
replaceStrings.addActionListener(arg0 -> ReplaceStringsOptions.open());
|
replaceStrings.addActionListener(arg0 -> ReplaceStringsOptions.open());
|
||||||
|
|
|
@ -1,15 +1,16 @@
|
||||||
package the.bytecode.club.bytecodeviewer.gui.plugins;
|
package the.bytecode.club.bytecodeviewer.gui.plugins;
|
||||||
|
|
||||||
import java.awt.Dimension;
|
|
||||||
import javax.swing.JButton;
|
|
||||||
import javax.swing.JCheckBox;
|
|
||||||
import javax.swing.JFrame;
|
|
||||||
|
|
||||||
import the.bytecode.club.bytecodeviewer.BytecodeViewer;
|
import the.bytecode.club.bytecodeviewer.BytecodeViewer;
|
||||||
import the.bytecode.club.bytecodeviewer.Resources;
|
import the.bytecode.club.bytecodeviewer.Resources;
|
||||||
|
import the.bytecode.club.bytecodeviewer.malwarescanner.MalwareScanModule;
|
||||||
|
import the.bytecode.club.bytecodeviewer.malwarescanner.util.MaliciousCodeOptions;
|
||||||
import the.bytecode.club.bytecodeviewer.plugin.PluginManager;
|
import the.bytecode.club.bytecodeviewer.plugin.PluginManager;
|
||||||
import the.bytecode.club.bytecodeviewer.plugin.preinstalled.MaliciousCodeScanner;
|
import the.bytecode.club.bytecodeviewer.plugin.preinstalled.MaliciousCodeScanner;
|
||||||
|
|
||||||
|
import javax.swing.*;
|
||||||
|
import java.awt.*;
|
||||||
|
import java.util.ArrayList;
|
||||||
|
|
||||||
/***************************************************************************
|
/***************************************************************************
|
||||||
* Bytecode Viewer (BCV) - Java & Android Reverse Engineering Suite *
|
* Bytecode Viewer (BCV) - Java & Android Reverse Engineering Suite *
|
||||||
* Copyright (C) 2014 Kalen 'Konloch' Kinloch - http://bytecodeviewer.com *
|
* Copyright (C) 2014 Kalen 'Konloch' Kinloch - http://bytecodeviewer.com *
|
||||||
|
@ -29,97 +30,54 @@ import the.bytecode.club.bytecodeviewer.plugin.preinstalled.MaliciousCodeScanner
|
||||||
***************************************************************************/
|
***************************************************************************/
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* A simple GUI to select the Malicious Code Scanner options.
|
* This GUI automatically populates the scan options from the MalwareScanModule enum.
|
||||||
*
|
*
|
||||||
* @author Konloch
|
* @author Konloch
|
||||||
* @author Adrianherrera
|
|
||||||
*/
|
*/
|
||||||
|
|
||||||
public class MaliciousCodeScannerOptions extends JFrame
|
public class MaliciousCodeScannerOptions extends JFrame
|
||||||
{
|
{
|
||||||
|
private static final int SPACER_HEIGHT_BETWEEN_OPTIONS = 26;
|
||||||
|
|
||||||
public static void open()
|
public static void open()
|
||||||
{
|
{
|
||||||
if (BytecodeViewer.getLoadedClasses().isEmpty()) {
|
if (BytecodeViewer.getLoadedClasses().isEmpty())
|
||||||
|
{
|
||||||
BytecodeViewer.showMessage("First open a class, jar, zip, apk or dex file.");
|
BytecodeViewer.showMessage("First open a class, jar, zip, apk or dex file.");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
new MaliciousCodeScannerOptions().setVisible(true);
|
new MaliciousCodeScannerOptions().setVisible(true);
|
||||||
}
|
}
|
||||||
|
|
||||||
public MaliciousCodeScannerOptions()
|
public MaliciousCodeScannerOptions()
|
||||||
{
|
{
|
||||||
this.setIconImages(Resources.iconList);
|
this.setIconImages(Resources.iconList);
|
||||||
setSize(new Dimension(250, 323));
|
setSize(new Dimension(250, 7 + (MalwareScanModule.values().length * SPACER_HEIGHT_BETWEEN_OPTIONS) + 90));
|
||||||
setResizable(false);
|
setResizable(false);
|
||||||
setTitle("Malicious Code Scanner Options");
|
setTitle("Malicious Code Scanner Options");
|
||||||
getContentPane().setLayout(null);
|
getContentPane().setLayout(null);
|
||||||
|
ArrayList<MaliciousCodeOptions> checkBoxes = new ArrayList<>();
|
||||||
final JCheckBox chckbxJavalangreflection = new JCheckBox("java/lang/reflection");
|
|
||||||
chckbxJavalangreflection.setSelected(true);
|
int y = 7;
|
||||||
chckbxJavalangreflection.setBounds(6, 7, 232, 23);
|
for(MalwareScanModule module : MalwareScanModule.values())
|
||||||
getContentPane().add(chckbxJavalangreflection);
|
{
|
||||||
|
final JCheckBox checkBox = new JCheckBox(module.getOptionText());
|
||||||
final JCheckBox chckbxJavanet = new JCheckBox("java/net");
|
checkBox.setSelected(module.isToggledByDefault());
|
||||||
chckbxJavanet.setSelected(true);
|
checkBox.setBounds(6, y, 232, 23);
|
||||||
chckbxJavanet.setBounds(6, 81, 232, 23);
|
getContentPane().add(checkBox);
|
||||||
getContentPane().add(chckbxJavanet);
|
checkBoxes.add(new MaliciousCodeOptions(module, checkBox));
|
||||||
|
|
||||||
final JCheckBox chckbxJavaio = new JCheckBox("java/io");
|
y += SPACER_HEIGHT_BETWEEN_OPTIONS;
|
||||||
chckbxJavaio.setBounds(6, 104, 232, 23);
|
}
|
||||||
getContentPane().add(chckbxJavaio);
|
|
||||||
|
|
||||||
final JCheckBox chckbxJavalangruntime = new JCheckBox("java/lang/Runtime");
|
|
||||||
chckbxJavalangruntime.setSelected(true);
|
|
||||||
chckbxJavalangruntime.setBounds(6, 33, 232, 23);
|
|
||||||
getContentPane().add(chckbxJavalangruntime);
|
|
||||||
|
|
||||||
final JCheckBox chckbxLdcContainswww = new JCheckBox("LDC contains 'www.'");
|
|
||||||
chckbxLdcContainswww.setSelected(true);
|
|
||||||
chckbxLdcContainswww.setBounds(6, 130, 232, 23);
|
|
||||||
getContentPane().add(chckbxLdcContainswww);
|
|
||||||
|
|
||||||
final JCheckBox chckbxLdcContainshttp = new JCheckBox("LDC contains 'http://'");
|
|
||||||
chckbxLdcContainshttp.setSelected(true);
|
|
||||||
chckbxLdcContainshttp.setBounds(6, 156, 232, 23);
|
|
||||||
getContentPane().add(chckbxLdcContainshttp);
|
|
||||||
|
|
||||||
final JCheckBox chckbxLdcContainshttps = new JCheckBox("LDC contains 'https://'");
|
|
||||||
chckbxLdcContainshttps.setSelected(true);
|
|
||||||
chckbxLdcContainshttps.setBounds(6, 182, 232, 23);
|
|
||||||
getContentPane().add(chckbxLdcContainshttps);
|
|
||||||
|
|
||||||
final JCheckBox chckbxLdcMatchesIp = new JCheckBox("LDC matches IP regex");
|
|
||||||
chckbxLdcMatchesIp.setSelected(true);
|
|
||||||
chckbxLdcMatchesIp.setBounds(6, 208, 232, 23);
|
|
||||||
getContentPane().add(chckbxLdcMatchesIp);
|
|
||||||
|
|
||||||
final JCheckBox chckbxNullSecMan = new JCheckBox("SecurityManager set to null");
|
|
||||||
chckbxNullSecMan.setSelected(true);
|
|
||||||
chckbxNullSecMan.setBounds(6, 234, 232, 23);
|
|
||||||
getContentPane().add(chckbxNullSecMan);
|
|
||||||
|
|
||||||
final JCheckBox chckbxJavaawtrobot = new JCheckBox("java/awt/Robot");
|
|
||||||
chckbxJavaawtrobot.setSelected(true);
|
|
||||||
chckbxJavaawtrobot.setBounds(6, 59, 232, 23);
|
|
||||||
getContentPane().add(chckbxJavaawtrobot);
|
|
||||||
|
|
||||||
JButton btnNewButton = new JButton("Start Scanning");
|
JButton btnNewButton = new JButton("Start Scanning");
|
||||||
/*btnNewButton.addActionListener(arg0 -> {
|
btnNewButton.addActionListener(arg0 -> {
|
||||||
PluginManager.runPlugin(new MaliciousCodeScanner(
|
PluginManager.runPlugin(new MaliciousCodeScanner(checkBoxes));
|
||||||
chckbxJavalangreflection.isSelected(),
|
|
||||||
chckbxJavalangruntime.isSelected(),
|
|
||||||
chckbxJavanet.isSelected(),
|
|
||||||
chckbxJavaio.isSelected(),
|
|
||||||
chckbxLdcContainswww.isSelected(),
|
|
||||||
chckbxLdcContainshttp.isSelected(),
|
|
||||||
chckbxLdcContainshttps.isSelected(),
|
|
||||||
chckbxLdcMatchesIp.isSelected(),
|
|
||||||
chckbxNullSecMan.isSelected(),
|
|
||||||
chckbxJavaawtrobot.isSelected()));
|
|
||||||
dispose();
|
dispose();
|
||||||
});*/
|
});
|
||||||
|
|
||||||
btnNewButton.setBounds(6, 264, 232, 23);
|
btnNewButton.setBounds(6, y, 232, 23);
|
||||||
getContentPane().add(btnNewButton);
|
getContentPane().add(btnNewButton);
|
||||||
this.setLocationRelativeTo(null);
|
this.setLocationRelativeTo(null);
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,106 +0,0 @@
|
||||||
package the.bytecode.club.bytecodeviewer.gui.plugins;
|
|
||||||
|
|
||||||
import the.bytecode.club.bytecodeviewer.BytecodeViewer;
|
|
||||||
import the.bytecode.club.bytecodeviewer.Resources;
|
|
||||||
import the.bytecode.club.bytecodeviewer.malwarescanner.MalwareScanModule;
|
|
||||||
import the.bytecode.club.bytecodeviewer.plugin.PluginManager;
|
|
||||||
import the.bytecode.club.bytecodeviewer.plugin.preinstalled.MaliciousCodeScanner;
|
|
||||||
|
|
||||||
import javax.swing.*;
|
|
||||||
import java.awt.*;
|
|
||||||
import java.util.ArrayList;
|
|
||||||
|
|
||||||
/***************************************************************************
|
|
||||||
* Bytecode Viewer (BCV) - Java & Android Reverse Engineering Suite *
|
|
||||||
* Copyright (C) 2014 Kalen 'Konloch' Kinloch - http://bytecodeviewer.com *
|
|
||||||
* *
|
|
||||||
* This program is free software: you can redistribute it and/or modify *
|
|
||||||
* it under the terms of the GNU General Public License as published by *
|
|
||||||
* the Free Software Foundation, either version 3 of the License, or *
|
|
||||||
* (at your option) any later version. *
|
|
||||||
* *
|
|
||||||
* This program is distributed in the hope that it will be useful, *
|
|
||||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of *
|
|
||||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
|
|
||||||
* GNU General Public License for more details. *
|
|
||||||
* *
|
|
||||||
* You should have received a copy of the GNU General Public License *
|
|
||||||
* along with this program. If not, see <http://www.gnu.org/licenses/>. *
|
|
||||||
***************************************************************************/
|
|
||||||
|
|
||||||
/**
|
|
||||||
* This GUI automatically populates the scan options from the MalwareScanModule enum.
|
|
||||||
*
|
|
||||||
* @author Konloch
|
|
||||||
*/
|
|
||||||
|
|
||||||
public class MaliciousCodeScannerOptionsV2 extends JFrame
|
|
||||||
{
|
|
||||||
private static final int SPACER_HEIGHT_BETWEEN_OPTIONS = 26;
|
|
||||||
|
|
||||||
public static void open()
|
|
||||||
{
|
|
||||||
if (BytecodeViewer.getLoadedClasses().isEmpty())
|
|
||||||
{
|
|
||||||
BytecodeViewer.showMessage("First open a class, jar, zip, apk or dex file.");
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
new MaliciousCodeScannerOptionsV2().setVisible(true);
|
|
||||||
}
|
|
||||||
|
|
||||||
public MaliciousCodeScannerOptionsV2()
|
|
||||||
{
|
|
||||||
this.setIconImages(Resources.iconList);
|
|
||||||
setSize(new Dimension(250, 7+(MalwareScanModule.values().length * SPACER_HEIGHT_BETWEEN_OPTIONS)+90));
|
|
||||||
setResizable(false);
|
|
||||||
setTitle("Malicious Code Scanner Options");
|
|
||||||
getContentPane().setLayout(null);
|
|
||||||
ArrayList<MaliciousCodeOptions> checkBoxes = new ArrayList<>();
|
|
||||||
|
|
||||||
int y = 7;
|
|
||||||
for(MalwareScanModule module : MalwareScanModule.values())
|
|
||||||
{
|
|
||||||
final JCheckBox checkBox = new JCheckBox(module.getReadableName());
|
|
||||||
checkBox.setSelected(module.isToggledByDefault()); //TODO
|
|
||||||
checkBox.setBounds(6, y, 232, 23);
|
|
||||||
getContentPane().add(checkBox);
|
|
||||||
checkBoxes.add(new MaliciousCodeOptions(module, checkBox));
|
|
||||||
|
|
||||||
y += SPACER_HEIGHT_BETWEEN_OPTIONS;
|
|
||||||
}
|
|
||||||
|
|
||||||
JButton btnNewButton = new JButton("Start Scanning");
|
|
||||||
btnNewButton.addActionListener(arg0 -> {
|
|
||||||
PluginManager.runPlugin(new MaliciousCodeScanner(checkBoxes));
|
|
||||||
dispose();
|
|
||||||
});
|
|
||||||
|
|
||||||
btnNewButton.setBounds(6, y, 232, 23);
|
|
||||||
getContentPane().add(btnNewButton);
|
|
||||||
this.setLocationRelativeTo(null);
|
|
||||||
}
|
|
||||||
|
|
||||||
private static final long serialVersionUID = -2662514582647810868L;
|
|
||||||
|
|
||||||
public static class MaliciousCodeOptions
|
|
||||||
{
|
|
||||||
private final MalwareScanModule module;
|
|
||||||
private final JCheckBox checkBox;
|
|
||||||
|
|
||||||
public MaliciousCodeOptions(MalwareScanModule module, JCheckBox checkBox) {
|
|
||||||
this.module = module;
|
|
||||||
this.checkBox = checkBox;
|
|
||||||
}
|
|
||||||
|
|
||||||
public JCheckBox getCheckBox()
|
|
||||||
{
|
|
||||||
return checkBox;
|
|
||||||
}
|
|
||||||
|
|
||||||
public MalwareScanModule getModule()
|
|
||||||
{
|
|
||||||
return module;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,6 +1,7 @@
|
||||||
package the.bytecode.club.bytecodeviewer.malwarescanner;
|
package the.bytecode.club.bytecodeviewer.malwarescanner;
|
||||||
|
|
||||||
import org.objectweb.asm.tree.*;
|
import org.objectweb.asm.tree.*;
|
||||||
|
import the.bytecode.club.bytecodeviewer.BytecodeViewer;
|
||||||
import the.bytecode.club.bytecodeviewer.malwarescanner.util.SearchableString;
|
import the.bytecode.club.bytecodeviewer.malwarescanner.util.SearchableString;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -11,6 +12,8 @@ import the.bytecode.club.bytecodeviewer.malwarescanner.util.SearchableString;
|
||||||
*/
|
*/
|
||||||
public abstract class MalwareCodeScanner implements CodeScanner
|
public abstract class MalwareCodeScanner implements CodeScanner
|
||||||
{
|
{
|
||||||
|
public MalwareScanModule module;
|
||||||
|
|
||||||
public abstract void scanFieldString(MalwareScan scan, ClassNode cn, FieldNode field, SearchableString string);
|
public abstract void scanFieldString(MalwareScan scan, ClassNode cn, FieldNode field, SearchableString string);
|
||||||
|
|
||||||
public abstract void scanMethodString(MalwareScan scan, ClassNode cn, MethodNode method, SearchableString string);
|
public abstract void scanMethodString(MalwareScan scan, ClassNode cn, MethodNode method, SearchableString string);
|
||||||
|
@ -76,18 +79,29 @@ public abstract class MalwareCodeScanner implements CodeScanner
|
||||||
return cn.name + "." + method.name + "(" + method.desc + ")";
|
return cn.name + "." + method.name + "(" + method.desc + ")";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public String header()
|
||||||
|
{
|
||||||
|
String header = String.format("%30s", (module.getReadableName() + " ->\t"));
|
||||||
|
|
||||||
|
//TODO display the file container for this specific ClassNode
|
||||||
|
if(BytecodeViewer.viewer.showFileInTabTitle.isSelected())
|
||||||
|
header += "{fileContainerGoesHere}\t";
|
||||||
|
|
||||||
|
return header;
|
||||||
|
}
|
||||||
|
|
||||||
public void foundLDC(MalwareScan scan, String ldc, String foundAt)
|
public void foundLDC(MalwareScan scan, String ldc, String foundAt)
|
||||||
{
|
{
|
||||||
scan.sb.append("Found LDC \"").append(ldc).append("\" ").append(foundAt);
|
scan.sb.append(header() + " Found LDC \"").append(ldc).append("\" ").append(foundAt);
|
||||||
}
|
}
|
||||||
|
|
||||||
public void foundMethod(MalwareScan scan, String foundAt)
|
public void foundMethod(MalwareScan scan, String foundAt)
|
||||||
{
|
{
|
||||||
scan.sb.append("Found Method call to ").append(foundAt);
|
scan.sb.append(header() + " Found Method call to ").append(foundAt);
|
||||||
}
|
}
|
||||||
|
|
||||||
public void found(MalwareScan scan, String found)
|
public void found(MalwareScan scan, String found)
|
||||||
{
|
{
|
||||||
scan.sb.append("Found ").append(found);
|
scan.sb.append(header() + " Found ").append(found);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
package the.bytecode.club.bytecodeviewer.malwarescanner;
|
package the.bytecode.club.bytecodeviewer.malwarescanner;
|
||||||
|
|
||||||
|
import org.apache.commons.text.WordUtils;
|
||||||
import org.objectweb.asm.tree.ClassNode;
|
import org.objectweb.asm.tree.ClassNode;
|
||||||
import the.bytecode.club.bytecodeviewer.malwarescanner.impl.*;
|
import the.bytecode.club.bytecodeviewer.malwarescanner.impl.*;
|
||||||
|
|
||||||
|
@ -12,22 +13,36 @@ import the.bytecode.club.bytecodeviewer.malwarescanner.impl.*;
|
||||||
public enum MalwareScanModule
|
public enum MalwareScanModule
|
||||||
{
|
{
|
||||||
URL_SCANNER("Scan String URLs", new URLScanner(), true),
|
URL_SCANNER("Scan String URLs", new URLScanner(), true),
|
||||||
REFLECTION_SCANNER("Scan Java Reflection", new ReflectionScanner(), true),
|
REFLECTION_SCANNER("Scan Java Reflection", new ReflectionScanner(), false),
|
||||||
JAVA_RUNTIME_SCANNER("Scan Java Runtime", new JavaRuntimeScanner(), true),
|
JAVA_RUNTIME_SCANNER("Scan Java Runtime", new JavaRuntimeScanner(), true),
|
||||||
JAVA_NET_SCANNER("Scan Java Net", new JavaNetScanner(), true),
|
JAVA_NET_SCANNER("Scan Java Net", new JavaNetScanner(), false),
|
||||||
JAVA_IO_SCANNER("Scan Java IO", new JavaIOScanner(), false),
|
JAVA_IO_SCANNER("Scan Java IO", new JavaIOScanner(), false),
|
||||||
AWT_ROBOT_SCANNER("Scan AWT Robot", new AWTRobotScanner(), true),
|
AWT_ROBOT_SCANNER("Scan AWT Robot", new AWTRobotScanner(), true),
|
||||||
NULL_SECURITY_MANAGER("Scan Null SecurityManager", new NullSecurityManagerScanner(), true),
|
NULL_SECURITY_MANAGER("Scan Null SecurityManager", new NullSecurityManagerScanner(), true),
|
||||||
;
|
;
|
||||||
|
|
||||||
|
static
|
||||||
|
{
|
||||||
|
for(MalwareScanModule module : values())
|
||||||
|
module.malwareScanner.module = module;
|
||||||
|
}
|
||||||
|
|
||||||
private final String readableName;
|
private final String readableName;
|
||||||
private final CodeScanner codeScanner;
|
private final String optionText;
|
||||||
|
private final MalwareCodeScanner malwareScanner;
|
||||||
private final boolean toggledByDefault;
|
private final boolean toggledByDefault;
|
||||||
|
|
||||||
MalwareScanModule(String readableName, CodeScanner codeScanner, boolean toggledByDefault) {
|
MalwareScanModule(String optionText, MalwareCodeScanner malwareScanner, boolean toggledByDefault)
|
||||||
this.readableName = readableName;
|
{
|
||||||
this.codeScanner = codeScanner;
|
this.optionText = optionText;
|
||||||
|
this.malwareScanner = malwareScanner;
|
||||||
this.toggledByDefault = toggledByDefault;
|
this.toggledByDefault = toggledByDefault;
|
||||||
|
this.readableName = WordUtils.capitalizeFully(name().replace("_", " ").toLowerCase());
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getOptionText()
|
||||||
|
{
|
||||||
|
return optionText;
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getReadableName()
|
public String getReadableName()
|
||||||
|
@ -35,9 +50,9 @@ public enum MalwareScanModule
|
||||||
return readableName;
|
return readableName;
|
||||||
}
|
}
|
||||||
|
|
||||||
public CodeScanner getCodeScanner()
|
public CodeScanner getMalwareScanner()
|
||||||
{
|
{
|
||||||
return codeScanner;
|
return malwareScanner;
|
||||||
}
|
}
|
||||||
|
|
||||||
public boolean isToggledByDefault()
|
public boolean isToggledByDefault()
|
||||||
|
@ -51,7 +66,7 @@ public enum MalwareScanModule
|
||||||
{
|
{
|
||||||
for (MalwareScanModule module : values())
|
for (MalwareScanModule module : values())
|
||||||
if(scan.scanOptions.contains(module.name()))
|
if(scan.scanOptions.contains(module.name()))
|
||||||
module.codeScanner.scanningClass(scan, cn);
|
module.malwareScanner.scanningClass(scan, cn);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,31 @@
|
||||||
|
package the.bytecode.club.bytecodeviewer.malwarescanner.util;
|
||||||
|
|
||||||
|
import the.bytecode.club.bytecodeviewer.malwarescanner.MalwareScanModule;
|
||||||
|
|
||||||
|
import javax.swing.*;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author Konloch
|
||||||
|
* @since 6/27/2021
|
||||||
|
*/
|
||||||
|
public class MaliciousCodeOptions
|
||||||
|
{
|
||||||
|
private final MalwareScanModule module;
|
||||||
|
private final JCheckBox checkBox;
|
||||||
|
|
||||||
|
public MaliciousCodeOptions(MalwareScanModule module, JCheckBox checkBox)
|
||||||
|
{
|
||||||
|
this.module = module;
|
||||||
|
this.checkBox = checkBox;
|
||||||
|
}
|
||||||
|
|
||||||
|
public JCheckBox getCheckBox()
|
||||||
|
{
|
||||||
|
return checkBox;
|
||||||
|
}
|
||||||
|
|
||||||
|
public MalwareScanModule getModule()
|
||||||
|
{
|
||||||
|
return module;
|
||||||
|
}
|
||||||
|
}
|
|
@ -7,12 +7,9 @@ import java.util.List;
|
||||||
import org.objectweb.asm.tree.ClassNode;
|
import org.objectweb.asm.tree.ClassNode;
|
||||||
import the.bytecode.club.bytecodeviewer.api.Plugin;
|
import the.bytecode.club.bytecodeviewer.api.Plugin;
|
||||||
import the.bytecode.club.bytecodeviewer.api.PluginConsole;
|
import the.bytecode.club.bytecodeviewer.api.PluginConsole;
|
||||||
import the.bytecode.club.bytecodeviewer.gui.plugins.MaliciousCodeScannerOptions;
|
|
||||||
import the.bytecode.club.bytecodeviewer.gui.plugins.MaliciousCodeScannerOptionsV2;
|
|
||||||
import the.bytecode.club.bytecodeviewer.malwarescanner.MalwareScan;
|
import the.bytecode.club.bytecodeviewer.malwarescanner.MalwareScan;
|
||||||
import the.bytecode.club.bytecodeviewer.malwarescanner.MalwareScanModule;
|
import the.bytecode.club.bytecodeviewer.malwarescanner.MalwareScanModule;
|
||||||
|
import the.bytecode.club.bytecodeviewer.malwarescanner.util.MaliciousCodeOptions;
|
||||||
import javax.swing.*;
|
|
||||||
|
|
||||||
/***************************************************************************
|
/***************************************************************************
|
||||||
* Bytecode Viewer (BCV) - Java & Android Reverse Engineering Suite *
|
* Bytecode Viewer (BCV) - Java & Android Reverse Engineering Suite *
|
||||||
|
@ -38,16 +35,15 @@ import javax.swing.*;
|
||||||
* This tool is used to help aid reverse engineers in identifying malicious code.
|
* This tool is used to help aid reverse engineers in identifying malicious code.
|
||||||
*
|
*
|
||||||
* @author Konloch
|
* @author Konloch
|
||||||
* @author Adrianherrera
|
|
||||||
* @author WaterWolf
|
* @author WaterWolf
|
||||||
* @since 10/02/2011
|
* @since 10/02/2011
|
||||||
*/
|
*/
|
||||||
|
|
||||||
public class MaliciousCodeScanner extends Plugin
|
public class MaliciousCodeScanner extends Plugin
|
||||||
{
|
{
|
||||||
public final List<MaliciousCodeScannerOptionsV2.MaliciousCodeOptions> options;
|
public final List<MaliciousCodeOptions> options;
|
||||||
|
|
||||||
public MaliciousCodeScanner(List<MaliciousCodeScannerOptionsV2.MaliciousCodeOptions> options)
|
public MaliciousCodeScanner(List<MaliciousCodeOptions> options)
|
||||||
{
|
{
|
||||||
this.options = options;
|
this.options = options;
|
||||||
}
|
}
|
||||||
|
@ -58,10 +54,9 @@ public class MaliciousCodeScanner extends Plugin
|
||||||
PluginConsole frame = new PluginConsole("Malicious Code Scanner");
|
PluginConsole frame = new PluginConsole("Malicious Code Scanner");
|
||||||
StringBuilder sb = new StringBuilder();
|
StringBuilder sb = new StringBuilder();
|
||||||
|
|
||||||
//TODO automate this when the GUI has been changed
|
|
||||||
HashSet<String> scanOptions = new HashSet<>();
|
HashSet<String> scanOptions = new HashSet<>();
|
||||||
|
|
||||||
for(MaliciousCodeScannerOptionsV2.MaliciousCodeOptions option : options)
|
for(MaliciousCodeOptions option : options)
|
||||||
if(option.getCheckBox().isSelected())
|
if(option.getCheckBox().isSelected())
|
||||||
scanOptions.add(option.getModule().name());
|
scanOptions.add(option.getModule().name());
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue