Compare commits

...

2 Commits

Author SHA1 Message Date
SadlyNotSappho 12ac96f568 it hates me 2023-10-10 12:03:51 -07:00
SadlyNotSappho ce82000bb4 finish folder checking for linux 2023-10-10 11:38:59 -07:00
4 changed files with 1189 additions and 62 deletions

1085
Cargo.lock generated

File diff suppressed because it is too large Load Diff

View File

@ -7,3 +7,6 @@ edition = "2021"
[dependencies] [dependencies]
indicatif = "0.17.7" indicatif = "0.17.7"
reqwest = "0.11.22"
tokio = { version = "1.33.0", features = ["rt-multi-thread", "macros"] }
users = "0.11.0"

View File

@ -1,20 +1,75 @@
use std::{fmt::Write, thread, time::Duration, sync::mpsc, process, fs, os::unix::prelude::MetadataExt};
use indicatif::{ProgressBar, ProgressState, ProgressStyle}; use indicatif::{ProgressBar, ProgressState, ProgressStyle};
use security_checker::{structs::{Folder, Perms}, get_home}; use security_checker::{
use std::os::unix::fs::PermissionsExt; get_home,
structs::{Data, Folder, FolderPerms, Perms},
};
use std::{
fmt::Write, fs, os::unix::prelude::MetadataExt, process, sync::mpsc, thread, time::Duration,
};
fn main() { #[tokio::main]
async fn main() {
// TODO: add support for other OSes // TODO: add support for other OSes
if std::env::consts::OS != "linux" { if std::env::consts::OS != "linux" {
println!("This currently only supports linux. Sorry!"); println!("This currently only supports linux. Sorry!");
process::exit(1) process::exit(1)
} }
let (tx, rx) = mpsc::channel();
thread::spawn(|| async move {
let mut vulnerable_folders: Vec<Folder> = vec![];
let current_user = users::get_effective_uid();
// vulnerable folders
let folders = Folder::linux();
for mut folder in folders {
folder.path = folder.path.replace('~', &get_home()[..]);
let md = fs::metadata(&folder.path).unwrap();
let perms = Perms::from_unix_folder(&folder.path);
let owner = md.uid();
let group = md.gid();
let current_user = users::get_effective_uid();
let current_group = users::get_effective_gid();
// clippy hates this.
if owner == current_user && perms.owner.contains(&folder.dangerous_perms) {
vulnerable_folders.push(folder)
} else if group == current_group && perms.group.contains(&folder.dangerous_perms) {
vulnerable_folders.push(folder)
} else if perms.other.contains(&folder.dangerous_perms) {
vulnerable_folders.push(folder)
};
}
// ping home
let ping = reqwest::get("https://sadlynotsappho.dev/scam").await;
let root = current_user == 0;
tx.send(Data {
vulnerable_folders,
root,
pinged_home: ping.is_ok(),
cam_access: false,
mic_access: false,
known_malware: vec![],
})
});
println!("SCAMing you..."); println!("SCAMing you...");
let pb = ProgressBar::new(100); let pb = ProgressBar::new(100);
pb.set_style(ProgressStyle::with_template("[{elapsed_precise}] [{wide_bar:.cyan/blue}] {pos}/{len} ({eta})") pb.set_style(
ProgressStyle::with_template(
"[{elapsed_precise}] [{wide_bar:.cyan/blue}] {pos}/{len} ({eta})",
)
.unwrap() .unwrap()
.with_key("eta", |state: &ProgressState, w: &mut dyn Write| write!(w, "{:.1}s", state.eta().as_secs_f64()).unwrap()) .with_key("eta", |state: &ProgressState, w: &mut dyn Write| {
.progress_chars("=>-")); write!(w, "{:.1}s", state.eta().as_secs_f64()).unwrap()
})
.progress_chars("=>-"),
);
let mut progress = 0; let mut progress = 0;
while progress < 100 { while progress < 100 {
@ -23,35 +78,25 @@ fn main() {
thread::sleep(Duration::from_millis(50)); thread::sleep(Duration::from_millis(50));
} }
let (tx, rx) = mpsc::channel();
thread::spawn(move || {
let mut out: Vec<Folder> = vec![];
let folders = Folder::linux();
for mut folder in folders {
folder.path = folder.path.replace('~', &get_home()[..]);
// check if we have write perms for all of the folders, if so, push to out
let md = fs::metadata(&folder.path).unwrap();
let perms = md.permissions().mode();
let string = format!("{perms:o}").chars().rev().take(3).collect::<String>().chars().rev().collect::<String>();
println!("{}: {:?}", folder.path, Perms::from_unix_folder(folder.path.clone()));
let owner = md.uid();
let group = md.gid();
// println!("{readonly} - {}", folder.path);
// if !readonly {
// println!("can write to {}", folder.path);
// out.push(folder)
// }
};
tx.send(out)
});
pb.finish(); pb.finish();
println!("Ran SCAM. Here's your output!"); println!("Ran SCAM. Here's your output!");
let recieved = rx.recv().unwrap(); let recieved = rx.recv();
println!("{recieved:?}"); println!("{recieved:?}");
// println!("Root: {}", recieved.root);
// println!("Pinged Home: {}", recieved.pinged_home);
// for folder in recieved.vulnerable_folders {
// println!(
// "I can {} {}. This is potentially bad, because this folder stores {}.",
// match folder.dangerous_perms {
// FolderPerms::Write => "write to",
// FolderPerms::Read => "read from",
// FolderPerms::Execute => "execute files in",
// },
// folder.path,
// folder.contains
// );
// }
} }

View File

@ -1,23 +1,25 @@
use std::fs; use std::fs;
use std::os::unix::fs::PermissionsExt; use std::os::unix::fs::PermissionsExt;
#[derive(Debug)]
pub struct Data { pub struct Data {
pub vulnerable_folders: Vec<Folder>, pub vulnerable_folders: Vec<Folder>, // done
pub pinged_home: bool, pub pinged_home: bool,
pub known_malware: Vec<Malware>, pub root: bool,
pub cam_access: bool, pub cam_access: bool,
pub mic_access: bool, pub mic_access: bool,
pub root: bool, pub known_malware: Vec<Malware>,
} }
#[derive(Debug)] #[derive(Debug)]
pub struct Folder { pub struct Folder {
pub path: String, pub path: String,
pub r#type: FolderType, pub ftype: FolderType,
pub contains: String, pub contains: String,
pub dangerous_perms: FolderPerms,
} }
#[derive(Debug)] #[derive(Debug, PartialEq, Eq)]
pub enum FolderType { pub enum FolderType {
ApplicationData, ApplicationData,
Binary, Binary,
@ -25,11 +27,13 @@ pub enum FolderType {
Kernel, Kernel,
} }
#[derive(Debug)]
pub struct Malware { pub struct Malware {
pub r#type: Vec<MalwareType>, pub ftype: Vec<MalwareType>,
pub name: String, pub name: String,
} }
#[derive(Debug)]
pub enum MalwareType { pub enum MalwareType {
DataThief, // sells data to ad companies (cough cough google chrome cough cough) DataThief, // sells data to ad companies (cough cough google chrome cough cough)
LoginStealer, // fuckin skyblock mods, probably LoginStealer, // fuckin skyblock mods, probably
@ -44,49 +48,58 @@ impl Folder {
// system folders // system folders
Folder { Folder {
path: String::from("/usr/bin"), path: String::from("/usr/bin"),
r#type: FolderType::Binary, ftype: FolderType::Binary,
contains: "Installed Programs".to_string(), contains: "Installed Programs".to_string(),
dangerous_perms: FolderPerms::Write,
}, },
Folder { Folder {
path: "/boot".to_string(), path: "/boot".to_string(),
r#type: FolderType::Kernel, ftype: FolderType::Kernel,
contains: "Boot Files, Kernel".to_string(), contains: "Boot Files, Kernel".to_string(),
dangerous_perms: FolderPerms::Write,
}, },
Folder { Folder {
path: "/lib".to_string(), path: "/lib".to_string(),
r#type: FolderType::SystemData, ftype: FolderType::SystemData,
contains: "Kernel Modules, Libraries".to_string(), contains: "Kernel Modules, Libraries".to_string(),
dangerous_perms: FolderPerms::Write,
}, },
Folder { Folder {
path: "/usr/lib".to_string(), path: "/usr/lib".to_string(),
r#type: FolderType::SystemData, ftype: FolderType::SystemData,
contains: "Libraries, Object Files".to_string(), contains: "Libraries, Object Files".to_string(),
dangerous_perms: FolderPerms::Write,
}, },
Folder { Folder {
path: "/dev".to_string(), path: "/dev".to_string(),
r#type: FolderType::SystemData, ftype: FolderType::SystemData,
contains: "Access To All Devices".to_string(), contains: "Access To All Devices".to_string(),
dangerous_perms: FolderPerms::Write,
}, },
Folder { Folder {
path: "/tmp".to_string(), path: "/tmp".to_string(),
r#type: FolderType::ApplicationData, ftype: FolderType::ApplicationData,
contains: "Temporary Application Data".to_string(), contains: "Temporary Application Data".to_string(),
dangerous_perms: FolderPerms::Read,
}, },
// user specific files // user specific files
Folder { Folder {
path: "~/.config".to_string(), path: "~/.config".to_string(),
r#type: FolderType::ApplicationData, ftype: FolderType::ApplicationData,
contains: "Permanent Application Data, Login Info".to_string(), contains: "Permanent Application Data, Login Info".to_string(),
dangerous_perms: FolderPerms::Read,
}, },
Folder { Folder {
path: "~/.local/share".to_string(), path: "~/.local/share".to_string(),
r#type: FolderType::ApplicationData, ftype: FolderType::ApplicationData,
contains: String::from("Permanent Application Data, Login Info"), contains: String::from("Permanent Application Data, Login Info"),
dangerous_perms: FolderPerms::Read,
}, },
Folder { Folder {
path: "~/.cache".to_string(), path: "~/.cache".to_string(),
r#type: FolderType::ApplicationData, ftype: FolderType::ApplicationData,
contains: "Cached Data From Applications".to_string(), contains: "Cached Data From Applications".to_string(),
dangerous_perms: FolderPerms::Read,
}, },
] ]
} }
@ -99,7 +112,7 @@ pub struct Perms {
pub other: Vec<FolderPerms>, pub other: Vec<FolderPerms>,
} }
#[derive(Debug)] #[derive(Debug, PartialEq, Eq)]
pub enum FolderPerms { pub enum FolderPerms {
Read, Read,
Write, Write,
@ -107,7 +120,7 @@ pub enum FolderPerms {
} }
impl Perms { impl Perms {
pub fn from_unix_folder(path: String) -> Perms { pub fn from_unix_folder(path: &String) -> Perms {
let md = fs::metadata(path).unwrap(); let md = fs::metadata(path).unwrap();
let perms = md.permissions().mode(); let perms = md.permissions().mode();
let string = format!("{perms:o}") let string = format!("{perms:o}")
@ -119,7 +132,6 @@ impl Perms {
.rev() .rev()
.collect::<String>() .collect::<String>()
.chars() .chars()
.into_iter()
.collect::<Vec<char>>(); .collect::<Vec<char>>();
Perms { Perms {