Compare commits

..

No commits in common. "12ac96f56878910f9de711add0c6117cdd9517e5" and "a933a287b51dfd5063760cfb8cb25df287d79b60" have entirely different histories.

4 changed files with 62 additions and 1189 deletions

1085
Cargo.lock generated

File diff suppressed because it is too large Load Diff

View File

@ -7,6 +7,3 @@ edition = "2021"
[dependencies] [dependencies]
indicatif = "0.17.7" indicatif = "0.17.7"
reqwest = "0.11.22"
tokio = { version = "1.33.0", features = ["rt-multi-thread", "macros"] }
users = "0.11.0"

View File

@ -1,75 +1,20 @@
use std::{fmt::Write, thread, time::Duration, sync::mpsc, process, fs, os::unix::prelude::MetadataExt};
use indicatif::{ProgressBar, ProgressState, ProgressStyle}; use indicatif::{ProgressBar, ProgressState, ProgressStyle};
use security_checker::{ use security_checker::{structs::{Folder, Perms}, get_home};
get_home, use std::os::unix::fs::PermissionsExt;
structs::{Data, Folder, FolderPerms, Perms},
};
use std::{
fmt::Write, fs, os::unix::prelude::MetadataExt, process, sync::mpsc, thread, time::Duration,
};
#[tokio::main] fn main() {
async fn main() { // TODO: add support for other OSes
// TODO: add support for other OSes
if std::env::consts::OS != "linux" { if std::env::consts::OS != "linux" {
println!("This currently only supports linux. Sorry!"); println!("This currently only supports linux. Sorry!");
process::exit(1) process::exit(1)
} }
let (tx, rx) = mpsc::channel();
thread::spawn(|| async move {
let mut vulnerable_folders: Vec<Folder> = vec![];
let current_user = users::get_effective_uid();
// vulnerable folders
let folders = Folder::linux();
for mut folder in folders {
folder.path = folder.path.replace('~', &get_home()[..]);
let md = fs::metadata(&folder.path).unwrap();
let perms = Perms::from_unix_folder(&folder.path);
let owner = md.uid();
let group = md.gid();
let current_user = users::get_effective_uid();
let current_group = users::get_effective_gid();
// clippy hates this.
if owner == current_user && perms.owner.contains(&folder.dangerous_perms) {
vulnerable_folders.push(folder)
} else if group == current_group && perms.group.contains(&folder.dangerous_perms) {
vulnerable_folders.push(folder)
} else if perms.other.contains(&folder.dangerous_perms) {
vulnerable_folders.push(folder)
};
}
// ping home
let ping = reqwest::get("https://sadlynotsappho.dev/scam").await;
let root = current_user == 0;
tx.send(Data {
vulnerable_folders,
root,
pinged_home: ping.is_ok(),
cam_access: false,
mic_access: false,
known_malware: vec![],
})
});
println!("SCAMing you..."); println!("SCAMing you...");
let pb = ProgressBar::new(100); let pb = ProgressBar::new(100);
pb.set_style( pb.set_style(ProgressStyle::with_template("[{elapsed_precise}] [{wide_bar:.cyan/blue}] {pos}/{len} ({eta})")
ProgressStyle::with_template(
"[{elapsed_precise}] [{wide_bar:.cyan/blue}] {pos}/{len} ({eta})",
)
.unwrap() .unwrap()
.with_key("eta", |state: &ProgressState, w: &mut dyn Write| { .with_key("eta", |state: &ProgressState, w: &mut dyn Write| write!(w, "{:.1}s", state.eta().as_secs_f64()).unwrap())
write!(w, "{:.1}s", state.eta().as_secs_f64()).unwrap() .progress_chars("=>-"));
})
.progress_chars("=>-"),
);
let mut progress = 0; let mut progress = 0;
while progress < 100 { while progress < 100 {
@ -78,25 +23,35 @@ async fn main() {
thread::sleep(Duration::from_millis(50)); thread::sleep(Duration::from_millis(50));
} }
let (tx, rx) = mpsc::channel();
thread::spawn(move || {
let mut out: Vec<Folder> = vec![];
let folders = Folder::linux();
for mut folder in folders {
folder.path = folder.path.replace('~', &get_home()[..]);
// check if we have write perms for all of the folders, if so, push to out
let md = fs::metadata(&folder.path).unwrap();
let perms = md.permissions().mode();
let string = format!("{perms:o}").chars().rev().take(3).collect::<String>().chars().rev().collect::<String>();
println!("{}: {:?}", folder.path, Perms::from_unix_folder(folder.path.clone()));
let owner = md.uid();
let group = md.gid();
// println!("{readonly} - {}", folder.path);
// if !readonly {
// println!("can write to {}", folder.path);
// out.push(folder)
// }
};
tx.send(out)
});
pb.finish(); pb.finish();
println!("Ran SCAM. Here's your output!"); println!("Ran SCAM. Here's your output!");
let recieved = rx.recv(); let recieved = rx.recv().unwrap();
println!("{recieved:?}"); println!("{recieved:?}");
// println!("Root: {}", recieved.root);
// println!("Pinged Home: {}", recieved.pinged_home);
// for folder in recieved.vulnerable_folders {
// println!(
// "I can {} {}. This is potentially bad, because this folder stores {}.",
// match folder.dangerous_perms {
// FolderPerms::Write => "write to",
// FolderPerms::Read => "read from",
// FolderPerms::Execute => "execute files in",
// },
// folder.path,
// folder.contains
// );
// }
} }

View File

@ -1,25 +1,23 @@
use std::fs; use std::fs;
use std::os::unix::fs::PermissionsExt; use std::os::unix::fs::PermissionsExt;
#[derive(Debug)]
pub struct Data { pub struct Data {
pub vulnerable_folders: Vec<Folder>, // done pub vulnerable_folders: Vec<Folder>,
pub pinged_home: bool, pub pinged_home: bool,
pub root: bool, pub known_malware: Vec<Malware>,
pub cam_access: bool, pub cam_access: bool,
pub mic_access: bool, pub mic_access: bool,
pub known_malware: Vec<Malware>, pub root: bool,
} }
#[derive(Debug)] #[derive(Debug)]
pub struct Folder { pub struct Folder {
pub path: String, pub path: String,
pub ftype: FolderType, pub r#type: FolderType,
pub contains: String, pub contains: String,
pub dangerous_perms: FolderPerms,
} }
#[derive(Debug, PartialEq, Eq)] #[derive(Debug)]
pub enum FolderType { pub enum FolderType {
ApplicationData, ApplicationData,
Binary, Binary,
@ -27,13 +25,11 @@ pub enum FolderType {
Kernel, Kernel,
} }
#[derive(Debug)]
pub struct Malware { pub struct Malware {
pub ftype: Vec<MalwareType>, pub r#type: Vec<MalwareType>,
pub name: String, pub name: String,
} }
#[derive(Debug)]
pub enum MalwareType { pub enum MalwareType {
DataThief, // sells data to ad companies (cough cough google chrome cough cough) DataThief, // sells data to ad companies (cough cough google chrome cough cough)
LoginStealer, // fuckin skyblock mods, probably LoginStealer, // fuckin skyblock mods, probably
@ -48,58 +44,49 @@ impl Folder {
// system folders // system folders
Folder { Folder {
path: String::from("/usr/bin"), path: String::from("/usr/bin"),
ftype: FolderType::Binary, r#type: FolderType::Binary,
contains: "Installed Programs".to_string(), contains: "Installed Programs".to_string(),
dangerous_perms: FolderPerms::Write,
}, },
Folder { Folder {
path: "/boot".to_string(), path: "/boot".to_string(),
ftype: FolderType::Kernel, r#type: FolderType::Kernel,
contains: "Boot Files, Kernel".to_string(), contains: "Boot Files, Kernel".to_string(),
dangerous_perms: FolderPerms::Write,
}, },
Folder { Folder {
path: "/lib".to_string(), path: "/lib".to_string(),
ftype: FolderType::SystemData, r#type: FolderType::SystemData,
contains: "Kernel Modules, Libraries".to_string(), contains: "Kernel Modules, Libraries".to_string(),
dangerous_perms: FolderPerms::Write,
}, },
Folder { Folder {
path: "/usr/lib".to_string(), path: "/usr/lib".to_string(),
ftype: FolderType::SystemData, r#type: FolderType::SystemData,
contains: "Libraries, Object Files".to_string(), contains: "Libraries, Object Files".to_string(),
dangerous_perms: FolderPerms::Write,
}, },
Folder { Folder {
path: "/dev".to_string(), path: "/dev".to_string(),
ftype: FolderType::SystemData, r#type: FolderType::SystemData,
contains: "Access To All Devices".to_string(), contains: "Access To All Devices".to_string(),
dangerous_perms: FolderPerms::Write,
}, },
Folder { Folder {
path: "/tmp".to_string(), path: "/tmp".to_string(),
ftype: FolderType::ApplicationData, r#type: FolderType::ApplicationData,
contains: "Temporary Application Data".to_string(), contains: "Temporary Application Data".to_string(),
dangerous_perms: FolderPerms::Read,
}, },
// user specific files // user specific files
Folder { Folder {
path: "~/.config".to_string(), path: "~/.config".to_string(),
ftype: FolderType::ApplicationData, r#type: FolderType::ApplicationData,
contains: "Permanent Application Data, Login Info".to_string(), contains: "Permanent Application Data, Login Info".to_string(),
dangerous_perms: FolderPerms::Read,
}, },
Folder { Folder {
path: "~/.local/share".to_string(), path: "~/.local/share".to_string(),
ftype: FolderType::ApplicationData, r#type: FolderType::ApplicationData,
contains: String::from("Permanent Application Data, Login Info"), contains: String::from("Permanent Application Data, Login Info"),
dangerous_perms: FolderPerms::Read,
}, },
Folder { Folder {
path: "~/.cache".to_string(), path: "~/.cache".to_string(),
ftype: FolderType::ApplicationData, r#type: FolderType::ApplicationData,
contains: "Cached Data From Applications".to_string(), contains: "Cached Data From Applications".to_string(),
dangerous_perms: FolderPerms::Read,
}, },
] ]
} }
@ -112,7 +99,7 @@ pub struct Perms {
pub other: Vec<FolderPerms>, pub other: Vec<FolderPerms>,
} }
#[derive(Debug, PartialEq, Eq)] #[derive(Debug)]
pub enum FolderPerms { pub enum FolderPerms {
Read, Read,
Write, Write,
@ -120,7 +107,7 @@ pub enum FolderPerms {
} }
impl Perms { impl Perms {
pub fn from_unix_folder(path: &String) -> Perms { pub fn from_unix_folder(path: String) -> Perms {
let md = fs::metadata(path).unwrap(); let md = fs::metadata(path).unwrap();
let perms = md.permissions().mode(); let perms = md.permissions().mode();
let string = format!("{perms:o}") let string = format!("{perms:o}")
@ -132,6 +119,7 @@ impl Perms {
.rev() .rev()
.collect::<String>() .collect::<String>()
.chars() .chars()
.into_iter()
.collect::<Vec<char>>(); .collect::<Vec<char>>();
Perms { Perms {