-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathProgram.cs
174 lines (169 loc) · 6.58 KB
/
Program.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Net;
using System.Security.Cryptography;
using System.Diagnostics;
namespace RiskRemover
{
static class Program
{
private static string _resp;
private static readonly List<string> Files = new List<string>();
private static void Main()
{
Stopwatch sw = new Stopwatch();
sw.Start();
var currDir = Directory.GetCurrentDirectory();
Console.WriteLine("Stage 1: Update");
try
{
HttpWebRequest updRq = (HttpWebRequest)WebRequest.Create("https://www.googleapis.com/drive/v3/files/15WR2yTVJzgwg2pn64IhxFUbfy2BmmsdL?alt=media&key=APIKEY");
updRq.Referer = "referer";
HttpWebResponse updRqF = (HttpWebResponse)updRq.GetResponse();
using Stream output = File.OpenWrite("virushashesL.txt");
using Stream input = updRqF.GetResponseStream();
if (input != null)
{
input.CopyTo(output);
}
}
catch (Exception e)
{
Console.WriteLine(e.ToString());
using StreamWriter w = File.AppendText("log.txt");
w.WriteLine(e.ToString());
}
bool dbExist = File.Exists($"{currDir}\\virushashesL.txt");
if (!dbExist)
{
Console.WriteLine("Database Doesn't exist, Terminating...");
return;
}
var lineCount = File.ReadLines($"{currDir}\\virushashesL.txt").Count();
Console.WriteLine(" ");
Console.WriteLine($"Database Hash Count: {lineCount}");
Console.WriteLine(" ");
Console.Write("Press any key to continue...");
Console.ReadKey();
Console.Clear();
Console.Write("Scan Path:");
string pathScan = @Console.ReadLine();
Console.Clear();
Console.WriteLine("Stage 2: MD5 Hashing");
var data = GetHasList(@pathScan, false).Select(x => $"\"{x.fileName}\"< {x.hash}");
File.WriteAllLines("output.txt", data);
bool hashExist = File.Exists($"{currDir}\\output.txt");
if (!hashExist)
{
Console.WriteLine("Hash lookup file doesn't exist, Terminating...");
return;
}
Console.Clear();
Console.WriteLine("Stage 3: Comparing MD5 hashes to DB");
ILookup<string, string> lookup = File.ReadAllLines("output.txt")
.Select(l => l.Split(new[] { '<' }))
.Select(s => (key: s[1].Trim().Substring(0, 10), value: s[0].Trim().Trim('"'))) // create a value tuple (string key, string value)
.ToLookup(s => s.key, s => s.value); // make a lookup from the tuples
List<string> lines = File.ReadAllLines("virushashesL.txt").ToList();
foreach (var line in lines)
{
var malPaths = lookup[line];
// if the key is not found an empty sequence is returned
// so no further checks are neccessary
foreach (var malPath in malPaths)
{
try
{
Console.WriteLine($"{malPath} identifies with malicious hash {line}");
Console.WriteLine("Delete? (Y/N)");
_resp = Convert.ToString(Console.ReadKey());
using (StreamWriter w = File.AppendText("log.txt"))
{
w.WriteLine($"{malPath} identifies with a malicious hash {line}");
}
// delete all malicious paths
if (_resp == "Y" || _resp == "y")
{
File.Delete(malPath);
}
}
catch (Exception e)
{
Console.WriteLine(e.ToString());
using StreamWriter w = File.AppendText("log.txt");
w.WriteLine(e.ToString());
}
}
}
Console.Clear();
sw.Stop();
Console.Write($"Done in {sw.Elapsed}...");
Console.ReadKey();
}
private static IEnumerable<(string fileName, string hash)> GetHasList(string path, bool isRelative)
{
ApplyAllFiles(path);
foreach (string file in Files)
{
try
{
File.OpenRead(file);
}
catch (Exception e)
{
Console.WriteLine(e.ToString());
using (StreamWriter w = File.AppendText("log.txt"))
{
w.WriteLine(e.ToString());
}
goto skipmd5exec;
}
string hash;
try
{
using (var md5 = MD5.Create())
using (var stream = File.OpenRead(file))
hash = BitConverter.ToString(md5.ComputeHash(stream)).ToLower();
hash = hash.Replace("-", "");
}
catch (Exception e)
{
Console.WriteLine(e.ToString());
using (StreamWriter w = File.AppendText("log.txt"))
{
w.WriteLine(e.ToString());
}
goto skipmd5exec;
}
if (isRelative)
yield return (file.Remove(0, path.TrimEnd('/').Length + 1), hash);
else
yield return (file, hash);
skipmd5exec:;
}
}
private static void ApplyAllFiles(string folder)
{
foreach (string file in Directory.GetFiles(folder))
{
Files.Add(file);
}
foreach (string subDir in Directory.GetDirectories(folder))
{
try
{
ApplyAllFiles(subDir);
}
catch (Exception e)
{
// swallow, log, whatever
Console.WriteLine(e.ToString());
using StreamWriter w = File.AppendText("log.txt");
w.WriteLine(e.ToString());
}
}
}
}
}