Bump github.com/gabriel-vasile/mimetype from 1.4.9 to 1.4.10 in the all group

go.mod

@@ -16,7 +16,7 @@ require (
 	github.com/cosnicolaou/pbzip2 v1.0.5
 	github.com/egibs/go-debian v0.18.0
 	github.com/fatih/color v1.18.0
-	github.com/gabriel-vasile/mimetype v1.4.9
+	github.com/gabriel-vasile/mimetype v1.4.10
 	github.com/google/go-cmp v0.7.0
 	github.com/google/go-containerregistry v0.20.6
 	github.com/klauspost/compress v1.18.0
@@ -77,7 +77,6 @@ require (
 	github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 // indirect
 	github.com/yusufpapurcu/wmi v1.2.4 // indirect
 	golang.org/x/crypto v0.37.0 // indirect
-	golang.org/x/net v0.39.0 // indirect
 	golang.org/x/sys v0.35.0 // indirect
 	golang.org/x/text v0.24.0 // indirect
 	google.golang.org/protobuf v1.36.3 // indirect

go.sum

@@ -51,8 +51,8 @@ github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f h1:Y/CXytFA4m6
 github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f/go.mod h1:vw97MGsxSvLiUE2X8qFplwetxpGLQrlU1Q9AUEIzCaM=
 github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM=
 github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU=
-github.com/gabriel-vasile/mimetype v1.4.9 h1:5k+WDwEsD9eTLL8Tz3L0VnmVh9QxGjRmjBvAG7U/oYY=
-github.com/gabriel-vasile/mimetype v1.4.9/go.mod h1:WnSQhFKJuBlRyLiKohA/2DtIlPFAbguNaG7QCHcyGok=
+github.com/gabriel-vasile/mimetype v1.4.10 h1:zyueNbySn/z8mJZHLt6IPw0KoZsiQNszIpU+bX4+ZK0=
+github.com/gabriel-vasile/mimetype v1.4.10/go.mod h1:d+9Oxyo1wTzWdyVUPMmXFvp4F9tea18J8ufA774AB3s=
 github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0=
 github.com/go-ole/go-ole v1.3.0 h1:Dt6ye7+vXGIKZ7Xtk4s6/xVdGDQynvom7xCFEdWr6uE=
 github.com/go-ole/go-ole v1.3.0/go.mod h1:5LS6F96DhAwUc7C+1HLexzMXY1xGRSryjyPPKW6zv78=
@@ -147,8 +147,6 @@ golang.org/x/crypto v0.37.0 h1:kJNSjF/Xp7kU0iB2Z+9viTPMW4EqqsrywMXLJOOsXSE=
 golang.org/x/crypto v0.37.0/go.mod h1:vg+k43peMZ0pUMhYmVAWysMK35e6ioLh3wB8ZCAfbVc=
 golang.org/x/exp v0.0.0-20220909182711-5c715a9e8561 h1:MDc5xs78ZrZr3HMQugiXOAkSZtfTpbJLDr/lwfgO53E=
 golang.org/x/exp v0.0.0-20220909182711-5c715a9e8561/go.mod h1:cyybsKvd6eL0RnXn6p/Grxp8F5bW7iYuBgsNCOHpMYE=
-golang.org/x/net v0.39.0 h1:ZCu7HMWDxpXpaiKdhzIfaltL9Lp31x/3fCP11bc6/fY=
-golang.org/x/net v0.39.0/go.mod h1:X7NRbYVEA+ewNkCNyJ513WmMdQ3BineSwVtN2zD/d+E=
 golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw=
 golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=

pkg/programkind/programkind.go

@@ -94,7 +94,7 @@ var supportedKind = map[string]string{
 	"scptd":   "application/x-applescript",
 	"script":  "text/x-generic-script",
 	"service": "text/x-systemd",
-	"sh":      "application/x-sh",
+	"sh":      "text/x-shellscript",
 	"so":      "application/x-sharedlib",
 	"ts":      "application/typescript",
 	"upx":     "application/x-upx",
@@ -224,6 +224,11 @@ func makeFileType(path string, ext string, mime string) *FileType {
 		return Path(".elf")
 	}
 
+	// fix mimetype bug that detects certain .js files as shellscript
+	if mime == "text/x-shellscript" && strings.Contains(path, ".js") {
+		return Path(".js")
+	}
+
 	if strings.Contains(mime, "application") || strings.Contains(mime, "text/x-") || strings.Contains(mime, "executable") {
 		return &FileType{
 			Ext:  ext,
@@ -324,6 +329,7 @@ func File(path string) (*FileType, error) {
 	case bytes.HasPrefix(hdr, ZMagic):
 		return Path(".Z"), nil
 	}
+
 	return nil, nil
 }
 

pkg/programkind/programkind_test.go

@@ -16,10 +16,10 @@ func TestFile(t *testing.T) {
 		want *FileType
 	}{
 		{"expr", &FileType{MIME: "application/x-mach-binary", Ext: "macho"}},
-		{"snmpd", &FileType{MIME: "application/x-sh", Ext: "sh"}},
+		{"snmpd", &FileType{MIME: "text/x-shellscript", Ext: "sh"}},
 		{"test.pl", &FileType{MIME: "text/x-perl", Ext: "pl"}},
 		{"peclcmd", &FileType{MIME: "text/x-php", Ext: "php"}},
-		{"test.sh", &FileType{MIME: "application/x-sh", Ext: "sh"}},
+		{"test.sh", &FileType{MIME: "text/x-shellscript", Ext: "sh"}},
 		{"libpam.so.0", &FileType{MIME: "application/x-sharedlib", Ext: "so"}},
 		{"ls", &FileType{MIME: "application/x-elf", Ext: "elf"}},
 		{"tiny", &FileType{MIME: "application/x-elf", Ext: "elf"}},
@@ -44,7 +44,7 @@ func TestPath(t *testing.T) {
 		want *FileType
 	}{
 		{"applescript.scpt", &FileType{MIME: "application/x-applescript", Ext: "scpt"}},
-		{"./shell.sh", &FileType{MIME: "application/x-sh", Ext: "sh"}},
+		{"./shell.sh", &FileType{MIME: "text/x-shellscript", Ext: "sh"}},
 		{"ls", nil},
 		{"/etc/systemd/system/launcher.service", &FileType{MIME: "text/x-systemd", Ext: "service"}},
 		{"yarn-package.json", &FileType{MIME: "application/json", Ext: "json"}},

tests/linux/mimipenguin/python/mimipenguin.simple

@@ -6,10 +6,14 @@ credential/os/shadow: medium
 credential/password: low
 credential/password/finder: high
 credential/ssh/d: medium
+data/base64/decode: medium
 data/encoding/base64: low
 discover/process/name: medium
 discover/processes/list: medium
+discover/system/platform: medium
+exec/imports/python: low
 exfil/stealer/password: critical
+fs/directory/list: low
 fs/file/open: low
 fs/path/etc: low
 fs/path/usr_bin: low