-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathscanner.py
More file actions
134 lines (83 loc) · 2.84 KB
/
Copy pathscanner.py
File metadata and controls
134 lines (83 loc) · 2.84 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
import hashlib
import os
# ================= SUSPICIOUS DATA ================= #
suspicious_keywords = [
"keylogger",
"powershell",
"token",
"webhook",
"stealer",
"grabber",
"cookie",
"discord",
"logger",
"crypto",
"miner"
]
# ================= DANGEROUS EXTENSIONS ================= #
dangerous_extensions = [
".exe",
".bat",
".vbs",
".cmd",
".scr",
".ps1"
]
# ================= HASH FUNCTION ================= #
def generate_hash(file_path):
sha256 = hashlib.sha256()
with open(file_path, "rb") as file:
while chunk := file.read(4096):
sha256.update(chunk)
return sha256.hexdigest()
# ================= MAIN SCANNER ================= #
def scan_file(file_path):
result = ""
threat_score = 0
# ================= FILE INFO ================= #
file_name = os.path.basename(file_path)
file_size = os.path.getsize(file_path)
extension = os.path.splitext(file_path)[1]
result += "========== FILE ANALYSIS =========="
result += f"\n\nFile Name: {file_name}"
result += f"\nFile Size: {file_size} bytes"
result += f"\nExtension: {extension}\n\n"
# ================= EXTENSION CHECK ================= #
if extension.lower() in dangerous_extensions:
result += "[!] Dangerous Extension Detected\n"
threat_score += 40
else:
result += "[+] Extension appears safe\n"
# ================= HASH ================= #
file_hash = generate_hash(file_path)
result += f"\nSHA256 HASH:\n{file_hash}\n\n"
# ================= CONTENT ANALYSIS ================= #
found_keywords = []
try:
with open(file_path, "r", errors="ignore") as file:
content = file.read().lower()
for keyword in suspicious_keywords:
if keyword in content:
found_keywords.append(keyword)
threat_score += 10
except:
result += "[!] Could not fully inspect file content\n\n"
# ================= RESULTS ================= #
if found_keywords:
result += "========== SUSPICIOUS KEYWORDS =========="
result += "\n\n"
for keyword in found_keywords:
result += f"- {keyword}\n"
result += "\n"
else:
result += "[+] No suspicious keywords detected\n\n"
# ================= THREAT LEVEL ================= #
result += "========== THREAT ANALYSIS ==========\n\n"
result += f"Threat Score: {threat_score}/100\n\n"
if threat_score >= 70:
result += "Threat Level: HIGH"
elif threat_score >= 40:
result += "Threat Level: MEDIUM"
else:
result += "Threat Level: LOW"
return result