Skip to content

Updates #3

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Apr 3, 2025
Merged

Updates #3

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
## ShadowScan
## ShadowScan (Under development)

#### Overview
ShadowScan is a security tool designed to scan files and system configurations for hidden backdoors, malicious scripts, and reverse shells on Linux and macOS.
Expand Down
7 changes: 7 additions & 0 deletions src/report.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
import json

def generate_report(scan_results, output_file):
"""Generates a report from the scan results and saves it to a JSON file."""
with open(output_file, 'w') as report_file:
json.dump(scan_results, report_file, indent=4)
print(f"Report saved to {output_file}")
14 changes: 8 additions & 6 deletions src/rules.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
# rules.json
[
{"pattern": "nc -e", "description": "Potential reverse shell using netcat"},
{"pattern": "bash -i", "description": "Bash interactive shell - possible backdoor"},
{"pattern": "import pty", "description": "Python reverse shell detected"}
]
{
"suspicious_keywords": [
"malware",
"backdoor",
"trojan",
"spyware"
]
}
12 changes: 8 additions & 4 deletions src/shadowscan.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,12 @@
# shadowscan.py
import argparse
import sys
import os

# Add the src directory to sys.path for module imports
sys.path.insert(0, os.path.abspath(os.path.dirname(__file__)))

import argparse
from scanner import scan_directory
from report import generate_report
from report import generate_report # This will now look for the report.py file in the src folder

def main():
parser = argparse.ArgumentParser(description="ShadowScan - Detect hidden backdoors and malicious scripts.")
Expand All @@ -19,4 +23,4 @@ def main():
print(scan_results)

if __name__ == "__main__":
main()
main()
16 changes: 8 additions & 8 deletions src/utils.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
# utils.py
import json

def load_rules():
with open("rules.json", "r") as f:
return json.load(f)
with open('rules.json', 'r') as f:
rules = json.load(f)
return rules

def detect_suspicious_patterns(content):
rules = load_rules()
matches = []
for rule in rules:
if rule["pattern"] in content:
matches.append(rule)
return matches
suspicious_patterns = []
for rule in rules['suspicious_keywords']:
if rule in content:
suspicious_patterns.append(rule)
return suspicious_patterns