├── BeautifulSoup.py ├── BeautifulSoup.pyc ├── CREDITS ├── INSTALL ├── LICENSE ├── README.md ├── bing.py ├── bing.pyc ├── doc └── YARA User's Manual 1.6.pdf ├── executemechanize.py ├── executemechanize.pyc ├── extraction.py ├── extraction.pyc ├── get-pip.py ├── honeypot.py ├── honeypot.pyc ├── honeypotconfig.py ├── honeypotconfig.pyc ├── imapfile.py ├── imapfile.pyc ├── install.sh ├── jsbeautifier ├── MANIFEST.in ├── build │ └── lib.linux-x86_64-2.7 │ │ └── jsbeautifier │ │ ├── __init__.py │ │ ├── __version__.py │ │ ├── core │ │ ├── __init__.py │ │ ├── directives.py │ │ ├── inputscanner.py │ │ ├── options.py │ │ ├── output.py │ │ ├── pattern.py │ │ ├── templatablepattern.py │ │ ├── token.py │ │ ├── tokenizer.py │ │ ├── tokenstream.py │ │ └── whitespacepattern.py │ │ ├── javascript │ │ ├── __init__.py │ │ ├── acorn.py │ │ ├── beautifier.py │ │ ├── options.py │ │ └── tokenizer.py │ │ ├── tests │ │ ├── __init__.py │ │ ├── generated │ │ │ ├── __init__.py │ │ │ └── tests.py │ │ ├── test-packer.py │ │ └── testindentation.py │ │ └── unpackers │ │ ├── __init__.py │ │ ├── evalbased.py │ │ ├── javascriptobfuscator.py │ │ ├── myobfuscate.py │ │ ├── packer.py │ │ ├── tests │ │ ├── __init__.py │ │ ├── testjavascriptobfuscator.py │ │ ├── testmyobfuscate.py │ │ ├── testpacker.py │ │ └── testurlencode.py │ │ └── urlencode.py ├── css-beautify ├── cssbeautifier │ ├── __init__.py │ ├── css │ │ ├── __init__.py │ │ ├── beautifier.py │ │ └── options.py │ └── tests │ │ ├── __init__.py │ │ └── generated │ │ ├── __init__.py │ │ └── tests.py ├── debian │ ├── .gitignore │ ├── changelog │ ├── compat │ ├── control │ ├── rules │ └── source │ │ └── format ├── dist │ └── jsbeautifier-1.9.0-py2.7.egg ├── js-beautify-profile ├── js-beautify-test ├── js-beautify-test.py ├── jsbeautifier.egg-info │ ├── PKG-INFO │ ├── SOURCES.txt │ ├── dependency_links.txt │ ├── entry_points.txt │ ├── requires.txt │ └── top_level.txt ├── jsbeautifier │ ├── __init__.py │ ├── __init__.pyc │ ├── __version__.py │ ├── __version__.pyc │ ├── core │ │ ├── __init__.py │ │ ├── __init__.pyc │ │ ├── directives.py │ │ ├── directives.pyc │ │ ├── inputscanner.py │ │ ├── inputscanner.pyc │ │ ├── options.py │ │ ├── options.pyc │ │ ├── output.py │ │ ├── output.pyc │ │ ├── pattern.py │ │ ├── pattern.pyc │ │ ├── templatablepattern.py │ │ ├── templatablepattern.pyc │ │ ├── token.py │ │ ├── token.pyc │ │ ├── tokenizer.py │ │ ├── tokenizer.pyc │ │ ├── tokenstream.py │ │ ├── tokenstream.pyc │ │ ├── whitespacepattern.py │ │ └── whitespacepattern.pyc │ ├── javascript │ │ ├── __init__.py │ │ ├── __init__.pyc │ │ ├── acorn.py │ │ ├── beautifier.py │ │ ├── beautifier.pyc │ │ ├── options.py │ │ ├── options.pyc │ │ ├── tokenizer.py │ │ └── tokenizer.pyc │ ├── tests │ │ ├── __init__.py │ │ ├── core │ │ │ ├── __init__.py │ │ │ ├── test_inputscanner.py │ │ │ └── test_options.py │ │ ├── generated │ │ │ ├── __init__.py │ │ │ └── tests.py │ │ ├── shell-test.sh │ │ ├── test-packer.py │ │ └── testindentation.py │ └── unpackers │ │ ├── README.specs.mkd │ │ ├── __init__.py │ │ ├── evalbased.py │ │ ├── javascriptobfuscator.py │ │ ├── myobfuscate.py │ │ ├── packer.py │ │ ├── tests │ │ ├── __init__.py │ │ ├── test-myobfuscate-input.js │ │ ├── test-myobfuscate-output.js │ │ ├── test-packer-62-input.js │ │ ├── test-packer-non62-input.js │ │ ├── testjavascriptobfuscator.py │ │ ├── testmyobfuscate.py │ │ ├── testpacker.py │ │ └── testurlencode.py │ │ └── urlencode.py ├── setup.py ├── test-perf-cssbeautifier.py └── test-perf-jsbeautifier.py ├── maltype.py ├── maltype.pyc ├── malwebsites.py ├── malwebsites.pyc ├── mechanize ├── __init__.py ├── __init__.pyc ├── _auth.py ├── _auth.pyc ├── _clientcookie.py ├── _clientcookie.pyc ├── _debug.py ├── _debug.pyc ├── _entities.py ├── _entities.pyc ├── _equiv.py ├── _equiv.pyc ├── _form.py ├── _form.pyc ├── _form_controls.py ├── _form_controls.pyc ├── _gzip.py ├── _gzip.pyc ├── _headersutil.py ├── _headersutil.pyc ├── _html.py ├── _html.pyc ├── _http.py ├── _http.pyc ├── _mechanize.py ├── _mechanize.pyc ├── _opener.py ├── _opener.pyc ├── _redirection.py ├── _redirection.pyc ├── _request.py ├── _request.pyc ├── _response.py ├── _response.pyc ├── _rfc3986.py ├── _rfc3986.pyc ├── _sockettimeout.py ├── _sockettimeout.pyc ├── _testcase.py ├── _urllib2.py ├── _urllib2.pyc ├── _urllib2_fork.py ├── _urllib2_fork.pyc ├── _useragent.py ├── _useragent.pyc ├── _util.py ├── _util.pyc ├── _version.py ├── _version.pyc ├── polyglot.py └── polyglot.pyc ├── normalize.py ├── normalize.pyc ├── req ├── v3.9.0.tar.gz ├── v3.9.0.tar.gz.1 └── yara-3.9.0 │ ├── .gitignore │ ├── .travis.yml │ ├── AUTHORS │ ├── CONTRIBUTORS │ ├── COPYING │ ├── Makefile.am │ ├── README.md │ ├── appveyor.yml │ ├── args.c │ ├── args.h │ ├── bootstrap.sh │ ├── build.sh │ ├── common.h │ ├── configure.ac │ ├── dist │ ├── yara-python.spec │ └── yara.spec │ ├── docs │ ├── capi.rst │ ├── commandline.rst │ ├── conf.py │ ├── gettingstarted.rst │ ├── index.rst │ ├── make.bat │ ├── modules.rst │ ├── modules │ │ ├── cuckoo.rst │ │ ├── dotnet.rst │ │ ├── elf.rst │ │ ├── hash.rst │ │ ├── magic.rst │ │ ├── math.rst │ │ ├── pe.rst │ │ └── time.rst │ ├── writingmodules.rst │ ├── writingrules.rst │ └── yarapython.rst │ ├── extra │ ├── TextMate-bundle.zip │ ├── UltraEdit-wordfile.txt │ ├── codemirror │ │ ├── index.html │ │ └── yara.js │ ├── logo.ai │ ├── logo.svg │ ├── old-logo.png │ └── old-logo.psd │ ├── libyara │ ├── Makefile.am │ ├── ahocorasick.c │ ├── arena.c │ ├── atoms.c │ ├── bitmask.c │ ├── compiler.c │ ├── crypto.h │ ├── endian.c │ ├── exception.h │ ├── exec.c │ ├── exefiles.c │ ├── filemap.c │ ├── grammar.c │ ├── grammar.h │ ├── grammar.y │ ├── hash.c │ ├── hex_grammar.c │ ├── hex_grammar.h │ ├── hex_grammar.y │ ├── hex_lexer.c │ ├── hex_lexer.l │ ├── include │ │ ├── yara.h │ │ └── yara │ │ │ ├── ahocorasick.h │ │ │ ├── arena.h │ │ │ ├── atoms.h │ │ │ ├── bitmask.h │ │ │ ├── compiler.h │ │ │ ├── dex.h │ │ │ ├── dotnet.h │ │ │ ├── elf.h │ │ │ ├── endian.h │ │ │ ├── error.h │ │ │ ├── exec.h │ │ │ ├── exefiles.h │ │ │ ├── filemap.h │ │ │ ├── globals.h │ │ │ ├── hash.h │ │ │ ├── hex_lexer.h │ │ │ ├── integers.h │ │ │ ├── lexer.h │ │ │ ├── libyara.h │ │ │ ├── limits.h │ │ │ ├── macho.h │ │ │ ├── mem.h │ │ │ ├── modules.h │ │ │ ├── object.h │ │ │ ├── parser.h │ │ │ ├── pe.h │ │ │ ├── pe_utils.h │ │ │ ├── proc.h │ │ │ ├── re.h │ │ │ ├── re_lexer.h │ │ │ ├── rules.h │ │ │ ├── scan.h │ │ │ ├── scanner.h │ │ │ ├── sizedstr.h │ │ │ ├── stack.h │ │ │ ├── stopwatch.h │ │ │ ├── stream.h │ │ │ ├── strutils.h │ │ │ ├── threading.h │ │ │ ├── types.h │ │ │ └── utils.h │ ├── lexer.c │ ├── lexer.l │ ├── libyara.c │ ├── mem.c │ ├── modules.c │ ├── modules │ │ ├── cuckoo.c │ │ ├── demo.c │ │ ├── dex.c │ │ ├── dotnet.c │ │ ├── elf.c │ │ ├── hash.c │ │ ├── macho.c │ │ ├── magic.c │ │ ├── math.c │ │ ├── module_list │ │ ├── pe.c │ │ ├── pe_utils.c │ │ ├── tests.c │ │ └── time.c │ ├── object.c │ ├── parser.c │ ├── proc.c │ ├── proc │ │ ├── freebsd.c │ │ ├── linux.c │ │ ├── mach.c │ │ ├── none.c │ │ ├── openbsd.c │ │ └── windows.c │ ├── re.c │ ├── re_grammar.c │ ├── re_grammar.h │ ├── re_grammar.y │ ├── re_lexer.c │ ├── re_lexer.l │ ├── rules.c │ ├── scan.c │ ├── scanner.c │ ├── sizedstr.c │ ├── stack.c │ ├── stino.settings │ ├── stopwatch.c │ ├── stream.c │ ├── strutils.c │ ├── threading.c │ └── yara.pc.in │ ├── sample.file │ ├── sample.rules │ ├── tests │ ├── blob.h │ ├── data │ │ ├── 079a472d22290a94ebb212aa8015cdc8dd28a968c6b4d3b88acdd58ce2d3b885 │ │ ├── baz.yar │ │ ├── foo.yar │ │ ├── include │ │ │ └── bar.yar │ │ ├── tiny │ │ ├── tiny-idata-51ff │ │ ├── tiny-idata-5200 │ │ ├── tiny-overlay │ │ ├── tiny-universal │ │ ├── tiny.notes │ │ ├── xor.out │ │ ├── xornocase.out │ │ └── xorwide.out │ ├── oss-fuzz │ │ ├── dex_fuzzer.cc │ │ ├── dex_fuzzer_corpus │ │ │ ├── 1cf540db2f048bb21bd89379a57279b9ff4c308558715a3baee666a47393d86e │ │ │ ├── 25ef27f9543444652f0c68fe412d3da627a1d2a590b0a2b30e47466c1e962136 │ │ │ ├── 27fb31059503773723597edb875c937af971a6c15f91aac8c03c1fbdfa9e918c │ │ │ ├── 3ba9c082050f62e725c87ce4cf9f592fe9f177faf3a0c879f8fbe87312ca4b2c │ │ │ ├── b1203d95c56f02e7e6dbea714275cc05b47ac2510958b85f436571b801af44e7 │ │ │ ├── b343d1058063e6e4b652ccf0589f93d0dbb6b092960e4aebc3c3c58894831359 │ │ │ └── crash.poc │ │ ├── dotnet_fuzzer.cc │ │ ├── dotnet_fuzzer_corpus │ │ │ ├── buggy_stream_names │ │ │ ├── clusterfuzz-testcase-minimized-dotnet_fuzzer-5725060321509376 │ │ │ └── obfuscated │ │ ├── elf_fuzzer.cc │ │ ├── elf_fuzzer_corpus │ │ │ ├── crash-03bca75466ee42801a8bff280de04afc3d1a3637 │ │ │ ├── crash-086300bbce1c6537573057336a343a82d483e2c0 │ │ │ ├── crash-2cafe4de66d87a83d83aaf65d8e4cea48f2c1144 │ │ │ ├── crash-370485c5b087f780a2447a03d775f7188e323d31 │ │ │ ├── crash-49bb55d669fda0683f945b89396a6bd458caf2d8 │ │ │ ├── crash-49d00b6b033eaeb07cd39809dbc1d7ba2df196ec │ │ │ ├── crash-723296cdc1c0dba83ea767d69286429e608c46c3 │ │ │ ├── crash-7dc27920ae1cb85333e7f2735a45014488134673 │ │ │ ├── crash-7e945ce5f43f515ea078c558a2e3205089d414e5 │ │ │ ├── crash-a809561e75b94bd5d4d8cf7488d9e2663fc1ccdc │ │ │ ├── crash-a8715a38a94161c9509309f5dbb5a7936aba8376 │ │ │ ├── crash-aee928239444a7b039500d4499035e6d30cb89da │ │ │ ├── crash-c4002396c52065d21fe1c1f05f8937aab8d59c18 │ │ │ ├── crash-c610b3036f195ad7fb05248a530278aad37b438d │ │ │ ├── crash-c6569e6e28f0a18bb2f3bf49c982333a359bed67 │ │ │ ├── crash-cc6844f44825a785de1b079c88f728e1c0f779fb │ │ │ ├── crash-f1fd008da535b110853885221ebfaac3f262a1c1e280f10929f7b353c44996c8 │ │ │ ├── poc-6bf54fca69bb5029676d747b12c74b597dd8c5939343ea8f2cbfea9e666dd6b1 │ │ │ ├── poc-789fc6da83de39c3ff394a950b0831f6fe5b63a85a46aaa236048b5c1dcf0e59 │ │ │ ├── poc-939e9cd87b0d80834210fbf54edc66341aebf416d7509f6633f1d49766978b22 │ │ │ ├── poc-93a9fd1909dd49fc2a9b654333504f249cdac58126d3cfc4728577e78cb3eb89 │ │ │ ├── poc-b5b03a1f305b2cc1c158e01fee6c08c65145325d4e073f04d969329577077862 │ │ │ └── poc-fa8bbacb5a12f057a0ed3999c37d78b4991e6b201bda4dc9a75a7c7970c7690d │ │ ├── macho_fuzzer.cc │ │ ├── macho_fuzzer_corpus │ │ │ ├── 1443c3cfb47c5eb41022a7063c24ab1bc9e45bfc31e98d5e6d3aa8377599b983 │ │ │ ├── 589f7b0e30d885ed91229646e58ccc7615007d2fab06451fef8785c6126adba7 │ │ │ ├── 5eefacbe52990526e4953802249447dd8c0a4b537459ca41e005a7173ca46138 │ │ │ ├── 6164a837fd33574f37464a765ab461fff94b52e659b114fb6109f2635678c564 │ │ │ ├── 66528aeb35dd705cc26a7daf4b8eda684f620efebfa0740fab84043e371ed566 │ │ │ ├── 6af5d157184d9144f86668f83e81760898df5db3c9e209596eb5fd9a91a7eeba │ │ │ ├── 797d1d450421b771482c0cc03f472e4eccbc9e4f544b6c12c1d4f070dec3c381 │ │ │ ├── 85494d8cb5753f1ad09be39428135feb35eb4ef44f39d6e1e75e2ad30d93e158 │ │ │ ├── b225048e85b14f08a43dd4752b9bb4b20840f5a8726eac0ff765d45c9e619828 │ │ │ └── fda81421d7403180923717a94e77aade8c9286d5b8de3ae0e2812343b666c6a7 │ │ ├── pe_fuzzer.cc │ │ ├── pe_fuzzer_corpus │ │ │ ├── 00388b550a2603a9e219bcb48acaf8cc115653cb1ea84cb4bccceb1aabe755b6 │ │ │ ├── 12f50a7dbf0c42f61ae1c351b2a9f75e8edb3bb55e582619edc7ece4eb0a3094 │ │ │ ├── 967af267b4124bada8f507cebf25f2192d146a4d63be71b45bfc03c5da7f21a7 │ │ │ ├── 99e98cb7096dee974e28fea0f76f1c30bc44fd5762cb12b2702910a28b28f95f │ │ │ ├── clusterfuzz-testcase-minimized-5211130361282560 │ │ │ ├── clusterfuzz-testcase-minimized-5839717883969536 │ │ │ ├── clusterfuzz-testcase-minimized-pe_fuzzer-5741846293643264 │ │ │ └── e5af0352010b1879ac1c63a69d3d9a02d577fa834165f855bd5ebee0f1105de1 │ │ ├── rules_fuzzer.cc │ │ ├── rules_fuzzer.dict │ │ ├── rules_fuzzer.options │ │ └── rules_fuzzer_corpus │ │ │ ├── 1 │ │ │ ├── 2 │ │ │ └── 3 │ ├── test-alignment.c │ ├── test-api.c │ ├── test-atoms.c │ ├── test-bitmask.c │ ├── test-dex.c │ ├── test-elf.c │ ├── test-exception.c │ ├── test-macho.c │ ├── test-math.c │ ├── test-pe.c │ ├── test-rules.c │ ├── test-stack.c │ ├── test-version.c │ ├── util.c │ └── util.h │ ├── threading.c │ ├── threading.h │ ├── windows │ ├── vs2015 │ │ ├── NuGet.Config │ │ ├── libyara │ │ │ ├── libyara.vcxproj │ │ │ └── packages.config │ │ ├── yara.sln │ │ ├── yara │ │ │ └── yara.vcxproj │ │ └── yarac │ │ │ └── yarac.vcxproj │ └── vs2017 │ │ ├── NuGet.Config │ │ ├── libyara │ │ ├── libyara.vcxproj │ │ ├── libyara.vcxproj.user │ │ └── packages.config │ │ ├── yara.sln │ │ ├── yara │ │ └── yara.vcxproj │ │ └── yarac │ │ └── yarac.vcxproj │ ├── yara.c │ ├── yara.man │ ├── yarac.c │ └── yarac.man ├── rulesgenerator.py ├── scan.py ├── scan.pyc ├── scanlogs ├── Clam-report.log ├── Malicious-Websites.log ├── README └── Yara-report.log ├── tools ├── copyinfected.py └── report.py ├── unquote.py ├── unquote.pyc ├── updateantivirus.py ├── updateantivirus.pyc ├── yaradetection.py ├── yaradetection.pyc └── yrules ├── paranoid.yara ├── regexrules-FalsePositive.txt └── rules.yara /BeautifulSoup.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/BeautifulSoup.pyc -------------------------------------------------------------------------------- /CREDITS: -------------------------------------------------------------------------------- 1 | This client honeypot was designed at the Victoria University of Wellington, New Zealand by Masood Mansoori as a part of his PhD research. 2 | This software includes code from other open source projects which credits are given below. 3 | 4 | Special Thanks to two main contributors/Developers for their invaluable contributions. 5 | 6 | Singapore Polytechnic 7 | Lai Qi Wei - laiqiwei30@hotmail.com 8 | Ritchie Lam Qiaowei - ritchielq@gmail.com 9 | 10 | 11 | Special thanks to the developers of: 12 | 13 | Yara Project - http://plusvic.github.io/yara/ 14 | Python Mechanize - http://wwwsearch.sourceforge.net/mechanize/ 15 | js-beautify - https://github.com/einars/js-beautify 16 | Yara-Generator - https://github.com/Xen0ph0n/YaraGenerator 17 | 18 | and anyone on forums etc for helping with the code. 19 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | YALIH 2 | ================================== 3 | 4 | YALIH (Yet Another Low Interaction Honeyclient) is a low Interaction Client honeypot designed to detect malicious websites through signature, anomaly and pattern matching techniques. YALIH has the following capabilities: 5 | 6 | *Suspecious URL collection from malicious website databases (three databases) 7 | 8 | *URL collection through Bing API 9 | 10 | *Suspecious URL collection from your inbox and SPAM folder through pop3 and IMAP protocol 11 | 12 | *Javascript extraction, de-obfuscation and de-minification of scripts embedded within a website 13 | 14 | *Referrer Emulation and redirection handling 15 | 16 | *Cookies and session handling 17 | 18 | *Browser and browser agent and OS emulation 19 | 20 | *Proxy capabilities to detect Geo-location and/or IP cloacking attacks 21 | 22 | *Signature detection using ClamAV antivirus database 23 | 24 | *Anomaly and pattern matching detection through Yara (http://plusvic.github.io/yara/) 25 | 26 | *Automated Yara signature generation 27 | 28 | ==================================== 29 | 30 | Easy Installation and documentation 31 | 32 | ==================================== 33 | 34 | Authors/Contributors: 35 | 36 | ========= Victoria University of Wellington ============ 37 | 38 | Masood Mansoori - masood.mansoori@gmail.com 39 | 40 | ============ Singapore Polytechnic =============== 41 | 42 | Lai Qi Wei - laiqiwei30@hotmail.com 43 | Ritchie Lam Qiaowei - ritchielq@gmail.com 44 | -------------------------------------------------------------------------------- /bing.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/bing.pyc -------------------------------------------------------------------------------- /doc/YARA User's Manual 1.6.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/doc/YARA User's Manual 1.6.pdf -------------------------------------------------------------------------------- /executemechanize.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/executemechanize.pyc -------------------------------------------------------------------------------- /extraction.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/extraction.pyc -------------------------------------------------------------------------------- /honeypot.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/honeypot.pyc -------------------------------------------------------------------------------- /honeypotconfig.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/honeypotconfig.pyc -------------------------------------------------------------------------------- /imapfile.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/imapfile.pyc -------------------------------------------------------------------------------- /install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Exit immediately if a command exits with a non-zero status. 4 | set -e 5 | 6 | 7 | apt-get update 8 | 9 | apt-get install -y nano python nano git make gcc g++ autoconf automake libtool python-dev libpcre3-dev flex bison python-setuptools python-lxml libelf-dev 10 | 11 | wget https://bootstrap.pypa.io/get-pip.py 12 | 13 | python get-pip.py 14 | 15 | 16 | cd jsbeautifier 17 | python setup.py build 18 | python setup.py install 19 | 20 | cd ../req/ 21 | 22 | wget https://github.com/VirusTotal/yara/archive/v3.9.0.tar.gz 23 | tar -xzvf v3.9.0.tar.gz 24 | 25 | cd yara-3.9.0/ 26 | sudo bash bootstrap.sh 27 | sudo ./configure 28 | sudo make 29 | sudo make install 30 | 31 | 32 | 33 | sudo echo "/usr/local/lib" >> /etc/ld.so.conf 34 | ldconfig 35 | 36 | 37 | sudo pip install python-magic 38 | sudo pip install psutil 39 | sudo pip install tldextract 40 | sudo pip install mechanize 41 | 42 | apt-get install clamav 43 | sudo freshclam 44 | -------------------------------------------------------------------------------- /jsbeautifier/MANIFEST.in: -------------------------------------------------------------------------------- 1 | include js-beautify 2 | include js-beautify-test 3 | -------------------------------------------------------------------------------- /jsbeautifier/build/lib.linux-x86_64-2.7/jsbeautifier/__version__.py: -------------------------------------------------------------------------------- 1 | __version__ = '1.9.0' 2 | -------------------------------------------------------------------------------- /jsbeautifier/build/lib.linux-x86_64-2.7/jsbeautifier/core/__init__.py: -------------------------------------------------------------------------------- 1 | # Empty file :) 2 | -------------------------------------------------------------------------------- /jsbeautifier/build/lib.linux-x86_64-2.7/jsbeautifier/core/directives.py: -------------------------------------------------------------------------------- 1 | # The MIT License (MIT) 2 | # 3 | # Copyright (c) 2007-2018 Einar Lielmanis, Liam Newman, and contributors. 4 | # 5 | # Permission is hereby granted, free of charge, to any person 6 | # obtaining a copy of this software and associated documentation files 7 | # (the "Software"), to deal in the Software without restriction, 8 | # including without limitation the rights to use, copy, modify, merge, 9 | # publish, distribute, sublicense, and/or sell copies of the Software, 10 | # and to permit persons to whom the Software is furnished to do so, 11 | # subject to the following conditions: 12 | # 13 | # The above copyright notice and this permission notice shall be 14 | # included in all copies or substantial portions of the Software. 15 | # 16 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 17 | # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 18 | # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 19 | # NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS 20 | # BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN 21 | # ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 22 | # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 23 | # SOFTWARE. 24 | 25 | import re 26 | 27 | 28 | class Directives: 29 | 30 | def __init__(self, start_block_pattern, end_block_pattern): 31 | 32 | self.__directives_block_pattern = re.compile(start_block_pattern + r' beautify( \w+[:]\w+)+ ' + end_block_pattern) 33 | self.__directive_pattern = re.compile(r' (\w+)[:](\w+)') 34 | 35 | self.__directives_end_ignore_pattern = re.compile(start_block_pattern + r'\sbeautify\signore:end\s' + end_block_pattern) 36 | 37 | def get_directives(self, text): 38 | if not self.__directives_block_pattern.match(text): 39 | return None 40 | 41 | directives = {} 42 | directive_match = self.__directive_pattern.search(text) 43 | 44 | while directive_match: 45 | directives[directive_match.group(1)] = directive_match.group(2) 46 | directive_match = self.__directive_pattern.search( 47 | text, directive_match.end()) 48 | 49 | 50 | return directives 51 | 52 | def readIgnored(self, input): 53 | return input.readUntilAfter(self.__directives_end_ignore_pattern) 54 | -------------------------------------------------------------------------------- /jsbeautifier/build/lib.linux-x86_64-2.7/jsbeautifier/core/token.py: -------------------------------------------------------------------------------- 1 | # The MIT License (MIT) 2 | # 3 | # Copyright (c) 2007-2018 Einar Lielmanis, Liam Newman, and contributors. 4 | # 5 | # Permission is hereby granted, free of charge, to any person 6 | # obtaining a copy of this software and associated documentation files 7 | # (the "Software"), to deal in the Software without restriction, 8 | # including without limitation the rights to use, copy, modify, merge, 9 | # publish, distribute, sublicense, and/or sell copies of the Software, 10 | # and to permit persons to whom the Software is furnished to do so, 11 | # subject to the following conditions: 12 | # 13 | # The above copyright notice and this permission notice shall be 14 | # included in all copies or substantial portions of the Software. 15 | # 16 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 17 | # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 18 | # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 19 | # NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS 20 | # BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN 21 | # ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 22 | # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 23 | # SOFTWARE. 24 | 25 | 26 | class Token: 27 | def __init__( 28 | self, 29 | type, 30 | text, 31 | newlines=0, 32 | whitespace_before=''): 33 | self.type = type 34 | self.text = text 35 | self.comments_before = None 36 | self.newlines = newlines 37 | self.whitespace_before = whitespace_before 38 | self.parent = None 39 | self.next = None 40 | self.previous = None 41 | self.opened = None 42 | self.closed = None 43 | self.directives = None 44 | -------------------------------------------------------------------------------- /jsbeautifier/build/lib.linux-x86_64-2.7/jsbeautifier/core/tokenstream.py: -------------------------------------------------------------------------------- 1 | # The MIT License (MIT) 2 | # 3 | # Copyright (c) 2007-2018 Einar Lielmanis, Liam Newman, and contributors. 4 | # 5 | # Permission is hereby granted, free of charge, to any person 6 | # obtaining a copy of this software and associated documentation files 7 | # (the "Software"), to deal in the Software without restriction, 8 | # including without limitation the rights to use, copy, modify, merge, 9 | # publish, distribute, sublicense, and/or sell copies of the Software, 10 | # and to permit persons to whom the Software is furnished to do so, 11 | # subject to the following conditions: 12 | # 13 | # The above copyright notice and this permission notice shall be 14 | # included in all copies or substantial portions of the Software. 15 | # 16 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 17 | # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 18 | # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 19 | # NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS 20 | # BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN 21 | # ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 22 | # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 23 | # SOFTWARE. 24 | 25 | import re 26 | from ..core.inputscanner import InputScanner 27 | from ..core.token import Token 28 | 29 | class TokenStream: 30 | 31 | def __init__(self, parent_token=None): 32 | self.__tokens = [] 33 | self.__tokens_length = len(self.__tokens) 34 | self.__position = 0 35 | self.__parent_token = parent_token 36 | 37 | def restart(self): 38 | self.__position = 0 39 | 40 | def isEmpty(self): 41 | return self.__tokens_length == 0 42 | 43 | def hasNext(self): 44 | return self.__position < self.__tokens_length 45 | 46 | def next(self): 47 | if self.hasNext(): 48 | val = self.__tokens[self.__position] 49 | self.__position += 1 50 | return val 51 | else: 52 | raise StopIteration 53 | 54 | def peek(self, index=0): 55 | val = None 56 | index += self.__position 57 | if index >= 0 and index < self.__tokens_length: 58 | val = self.__tokens[index] 59 | 60 | return val 61 | 62 | def add(self, token): 63 | if self.__parent_token: 64 | token.parent = self.__parent_token 65 | 66 | self.__tokens.append(token) 67 | self.__tokens_length += 1 68 | 69 | def __iter__(self): 70 | self.restart() 71 | return self 72 | 73 | def __next__(self): 74 | return self.next() 75 | -------------------------------------------------------------------------------- /jsbeautifier/build/lib.linux-x86_64-2.7/jsbeautifier/javascript/__init__.py: -------------------------------------------------------------------------------- 1 | # Empty file :) 2 | -------------------------------------------------------------------------------- /jsbeautifier/build/lib.linux-x86_64-2.7/jsbeautifier/tests/__init__.py: -------------------------------------------------------------------------------- 1 | # Empty file :) 2 | -------------------------------------------------------------------------------- /jsbeautifier/build/lib.linux-x86_64-2.7/jsbeautifier/tests/generated/__init__.py: -------------------------------------------------------------------------------- 1 | # Empty file :) 2 | -------------------------------------------------------------------------------- /jsbeautifier/build/lib.linux-x86_64-2.7/jsbeautifier/tests/test-packer.py: -------------------------------------------------------------------------------- 1 | from __future__ import print_function 2 | import sys 3 | import jsbeautifier 4 | 5 | opts = jsbeautifier.default_options() 6 | opts.eol = "\n" 7 | global fails 8 | fails = 0 9 | 10 | 11 | def test_str(str, expected): 12 | global fails 13 | res = jsbeautifier.beautify(str, opts) 14 | if(res == expected): 15 | print(".") 16 | return True 17 | else: 18 | print("___got:" + res + "\n___expected:" + expected + "\n") 19 | fails = fails + 1 20 | return False 21 | 22 | 23 | str = "eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('2 0=\"4 3!\";2 1=0.5(/b/6);a.9(\"8\").7=1;',12,12,'str|n|var|W3Schools|Visit|search|i|innerHTML|demo|getElementById|document|w3Schools'.split('|'),0,{}))" 24 | expected = "var str = \"Visit W3Schools!\";\nvar n = str.search(/w3Schools/i);\ndocument.getElementById(\"demo\").innerHTML = n;" 25 | 26 | res = test_str(str, expected) 27 | 28 | str = "a=b;\r\nwhile(1){\ng=h;{return'\\w+'};break;eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('$(5).4(3(){$(\'.1\').0(2);$(\'.6\').0(d);$(\'.7\').0(b);$(\'.a\').0(8);$(\'.9\').0(c)});',14,14,'html|r5e57|8080|function|ready|document|r1655|rc15b|8888|r39b0|r6ae9|3128|65309|80'.split('|'),0,{}))c=abx;" 29 | expected = "a = b;\nwhile (1) {\n g = h; {\n return '\\w+'\n };\n break;\n $(document).ready(function() {\n $('.r5e57').html(8080);\n $('.r1655').html(80);\n $('.rc15b').html(3128);\n $('.r6ae9').html(8888);\n $('.r39b0').html(65309)\n });\n c = abx;" 30 | 31 | res = test_str(str, expected) 32 | 33 | str = "eval(function(p,a,c,k,e,r){e=function(c){return c.toString(36)};if('0'.replace(0,e)==0){while(c--)r[e(c)]=k[c];k=[function(e){return r[e]||e}];e=function(){return'[0-9ab]'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('$(5).a(6(){ $(\'.8\').0(1); $(\'.b\').0(4); $(\'.9\').0(2); $(\'.7\').0(3)})',[],12,'html|52136|555|65103|8088|document|function|r542c|r8ce6|rb0de|ready|rfab0'.split('|'),0,{}))" 34 | expected = "$(document).ready(function() {\n $(\'.r8ce6\').html(52136);\n $(\'.rfab0\').html(8088);\n $(\'.rb0de\').html(555);\n $(\'.r542c\').html(65103)\n})" 35 | 36 | res = test_str(str, expected) 37 | 38 | if (fails == 0): 39 | print("OK") 40 | -------------------------------------------------------------------------------- /jsbeautifier/build/lib.linux-x86_64-2.7/jsbeautifier/tests/testindentation.py: -------------------------------------------------------------------------------- 1 | import re 2 | import unittest 3 | import jsbeautifier 4 | 5 | 6 | class TestJSBeautifierIndentation(unittest.TestCase): 7 | def test_tabs(self): 8 | test_fragment = self.decodesto 9 | 10 | self.options.indent_with_tabs = 1 11 | test_fragment('{tabs()}', "{\n\ttabs()\n}") 12 | 13 | def test_function_indent(self): 14 | test_fragment = self.decodesto 15 | 16 | self.options.indent_with_tabs = 1 17 | self.options.keep_function_indentation = 1 18 | test_fragment( 19 | 'var foo = function(){ bar() }();', 20 | "var foo = function() {\n\tbar()\n}();") 21 | 22 | self.options.tabs = 1 23 | self.options.keep_function_indentation = 0 24 | test_fragment( 25 | 'var foo = function(){ baz() }();', 26 | "var foo = function() {\n\tbaz()\n}();") 27 | 28 | def decodesto(self, input, expectation=None): 29 | self.assertEqual( 30 | jsbeautifier.beautify(input, self.options), expectation or input) 31 | 32 | @classmethod 33 | def setUpClass(cls): 34 | options = jsbeautifier.default_options() 35 | options.indent_size = 4 36 | options.indent_char = ' ' 37 | options.preserve_newlines = True 38 | options.jslint_happy = False 39 | options.keep_array_indentation = False 40 | options.brace_style = 'collapse' 41 | options.indent_level = 0 42 | 43 | cls.options = options 44 | cls.wrapregex = re.compile('^(.+)$', re.MULTILINE) 45 | 46 | 47 | if __name__ == '__main__': 48 | unittest.main() 49 | -------------------------------------------------------------------------------- /jsbeautifier/build/lib.linux-x86_64-2.7/jsbeautifier/unpackers/__init__.py: -------------------------------------------------------------------------------- 1 | # 2 | # General code for JSBeautifier unpackers infrastructure. See README.specs 3 | # written by Stefano Sanfilippo 4 | # 5 | 6 | """General code for JSBeautifier unpackers infrastructure.""" 7 | 8 | import pkgutil 9 | import re 10 | from jsbeautifier.unpackers import evalbased 11 | 12 | # NOTE: AT THE MOMENT, IT IS DEACTIVATED FOR YOUR SECURITY: it runs js! 13 | BLACKLIST = ['jsbeautifier.unpackers.evalbased'] 14 | 15 | 16 | class UnpackingError(Exception): 17 | """Badly packed source or general error. Argument is a 18 | meaningful description.""" 19 | pass 20 | 21 | 22 | def getunpackers(): 23 | """Scans the unpackers dir, finds unpackers and add them to UNPACKERS list. 24 | An unpacker will be loaded only if it is a valid python module (name must 25 | adhere to naming conventions) and it is not blacklisted (i.e. inserted 26 | into BLACKLIST.""" 27 | path = __path__ 28 | prefix = __name__ + '.' 29 | unpackers = [] 30 | interface = ['unpack', 'detect', 'PRIORITY'] 31 | for _importer, modname, _ispkg in pkgutil.iter_modules(path, prefix): 32 | if 'tests' not in modname and modname not in BLACKLIST: 33 | try: 34 | module = __import__(modname, fromlist=interface) 35 | except ImportError: 36 | raise UnpackingError('Bad unpacker: %s' % modname) 37 | else: 38 | unpackers.append(module) 39 | 40 | return sorted(unpackers, key=lambda mod: mod.PRIORITY) 41 | 42 | 43 | UNPACKERS = getunpackers() 44 | 45 | 46 | def run(source, evalcode=False): 47 | """Runs the applicable unpackers and return unpacked source as a string.""" 48 | for unpacker in [mod for mod in UNPACKERS if mod.detect(source)]: 49 | source = unpacker.unpack(source) 50 | if evalcode and evalbased.detect(source): 51 | source = evalbased.unpack(source) 52 | return source 53 | 54 | 55 | def filtercomments(source): 56 | """NOT USED: strips trailing comments and put them at the top.""" 57 | trailing_comments = [] 58 | comment = True 59 | 60 | while comment: 61 | if re.search(r'^\s*\/\*', source): 62 | comment = source[0, source.index('*/') + 2] 63 | elif re.search(r'^\s*\/\/', source): 64 | comment = re.search(r'^\s*\/\/', source).group(0) 65 | else: 66 | comment = None 67 | 68 | if comment: 69 | source = re.sub(r'^\s+', '', source[len(comment):]) 70 | trailing_comments.append(comment) 71 | 72 | return '\n'.join(trailing_comments) + source 73 | -------------------------------------------------------------------------------- /jsbeautifier/build/lib.linux-x86_64-2.7/jsbeautifier/unpackers/evalbased.py: -------------------------------------------------------------------------------- 1 | # 2 | # Unpacker for eval() based packers, a part of javascript beautifier 3 | # by Einar Lielmanis 4 | # 5 | # written by Stefano Sanfilippo 6 | # 7 | # usage: 8 | # 9 | # if detect(some_string): 10 | # unpacked = unpack(some_string) 11 | # 12 | 13 | """Unpacker for eval() based packers: runs JS code and returns result. 14 | Works only if a JS interpreter (e.g. Mozilla's Rhino) is installed and 15 | properly set up on host.""" 16 | 17 | from subprocess import PIPE, Popen 18 | 19 | PRIORITY = 3 20 | 21 | 22 | def detect(source): 23 | """Detects if source is likely to be eval() packed.""" 24 | return source.strip().lower().startswith('eval(function(') 25 | 26 | 27 | def unpack(source): 28 | """Runs source and return resulting code.""" 29 | return jseval('print %s;' % source[4:]) if detect(source) else source 30 | 31 | # In case of failure, we'll just return the original, without crashing on user. 32 | 33 | 34 | def jseval(script): 35 | """Run code in the JS interpreter and return output.""" 36 | try: 37 | interpreter = Popen(['js'], stdin=PIPE, stdout=PIPE) 38 | except OSError: 39 | return script 40 | result, errors = interpreter.communicate(script) 41 | if interpreter.poll() or errors: 42 | return script 43 | return result 44 | -------------------------------------------------------------------------------- /jsbeautifier/build/lib.linux-x86_64-2.7/jsbeautifier/unpackers/javascriptobfuscator.py: -------------------------------------------------------------------------------- 1 | # 2 | # simple unpacker/deobfuscator for scripts messed up with 3 | # javascriptobfuscator.com 4 | # 5 | # written by Einar Lielmanis 6 | # rewritten in Python by Stefano Sanfilippo 7 | # 8 | # Will always return valid javascript: if `detect()` is false, `code` is 9 | # returned, unmodified. 10 | # 11 | # usage: 12 | # 13 | # if javascriptobfuscator.detect(some_string): 14 | # some_string = javascriptobfuscator.unpack(some_string) 15 | # 16 | 17 | """deobfuscator for scripts messed up with JavascriptObfuscator.com""" 18 | 19 | import re 20 | 21 | PRIORITY = 1 22 | 23 | 24 | def smartsplit(code): 25 | """Split `code` at " symbol, only if it is not escaped.""" 26 | strings = [] 27 | pos = 0 28 | while pos < len(code): 29 | if code[pos] == '"': 30 | word = '' # new word 31 | pos += 1 32 | while pos < len(code): 33 | if code[pos] == '"': 34 | break 35 | if code[pos] == '\\': 36 | word += '\\' 37 | pos += 1 38 | word += code[pos] 39 | pos += 1 40 | strings.append('"%s"' % word) 41 | pos += 1 42 | return strings 43 | 44 | 45 | def detect(code): 46 | """Detects if `code` is JavascriptObfuscator.com packed.""" 47 | # prefer `is not` idiom, so that a true boolean is returned 48 | return (re.search(r'^var _0x[a-f0-9]+ ?\= ?\[', code) is not None) 49 | 50 | 51 | def unpack(code): 52 | """Unpacks JavascriptObfuscator.com packed code.""" 53 | if detect(code): 54 | matches = re.search(r'var (_0x[a-f\d]+) ?\= ?\[(.*?)\];', code) 55 | if matches: 56 | variable = matches.group(1) 57 | dictionary = smartsplit(matches.group(2)) 58 | code = code[len(matches.group(0)):] 59 | for key, value in enumerate(dictionary): 60 | code = code.replace(r'%s[%s]' % (variable, key), value) 61 | return code 62 | -------------------------------------------------------------------------------- /jsbeautifier/build/lib.linux-x86_64-2.7/jsbeautifier/unpackers/tests/__init__.py: -------------------------------------------------------------------------------- 1 | # Empty file :) 2 | # pylint: disable=C0111 3 | -------------------------------------------------------------------------------- /jsbeautifier/build/lib.linux-x86_64-2.7/jsbeautifier/unpackers/tests/testjavascriptobfuscator.py: -------------------------------------------------------------------------------- 1 | # 2 | # written by Stefano Sanfilippo 3 | # 4 | 5 | """Tests for JavaScriptObfuscator unpacker.""" 6 | 7 | import unittest 8 | from jsbeautifier.unpackers.javascriptobfuscator import ( 9 | unpack, detect, smartsplit) 10 | 11 | # pylint: disable=R0904 12 | 13 | 14 | class TestJavascriptObfuscator(unittest.TestCase): 15 | """JavascriptObfuscator.com test case.""" 16 | 17 | def test_smartsplit(self): 18 | """Test smartsplit() function.""" 19 | split = smartsplit 20 | 21 | def equals(data, result): return self.assertEqual(split(data), result) 22 | 23 | equals('', []) 24 | equals('"a", "b"', ['"a"', '"b"']) 25 | equals('"aaa","bbbb"', ['"aaa"', '"bbbb"']) 26 | equals('"a", "b\\\""', ['"a"', '"b\\\""']) 27 | 28 | def test_detect(self): 29 | """Test detect() function.""" 30 | def positive(source): return self.assertTrue(detect(source)) 31 | 32 | def negative(source): return self.assertFalse(detect(source)) 33 | 34 | negative('') 35 | negative('abcd') 36 | negative('var _0xaaaa') 37 | positive('var _0xaaaa = ["a", "b"]') 38 | positive('var _0xaaaa=["a", "b"]') 39 | positive('var _0x1234=["a","b"]') 40 | 41 | def test_unpack(self): 42 | """Test unpack() function.""" 43 | def decodeto( 44 | ob, original): return self.assertEqual( 45 | unpack(ob), original) 46 | 47 | decodeto('var _0x8df3=[];var a=10;', 'var a=10;') 48 | decodeto('var _0xb2a7=["\x74\x27\x65\x73\x74"];var i;for(i=0;i<10;++i)' 49 | '{alert(_0xb2a7[0]);} ;', 'var i;for(i=0;i<10;++i){alert' 50 | '("t\'est");} ;') 51 | 52 | 53 | if __name__ == '__main__': 54 | unittest.main() 55 | -------------------------------------------------------------------------------- /jsbeautifier/build/lib.linux-x86_64-2.7/jsbeautifier/unpackers/tests/testmyobfuscate.py: -------------------------------------------------------------------------------- 1 | # 2 | # written by Stefano Sanfilippo 3 | # 4 | 5 | """Tests for MyObfuscate unpacker.""" 6 | 7 | import unittest 8 | import os 9 | from jsbeautifier.unpackers.myobfuscate import detect, unpack 10 | from jsbeautifier.unpackers.tests import __path__ as path 11 | 12 | INPUT = os.path.join(path[0], 'test-myobfuscate-input.js') 13 | OUTPUT = os.path.join(path[0], 'test-myobfuscate-output.js') 14 | 15 | # pylint: disable=R0904 16 | 17 | 18 | class TestMyObfuscate(unittest.TestCase): 19 | # pylint: disable=C0103 20 | """MyObfuscate obfuscator testcase.""" 21 | @classmethod 22 | def setUpClass(cls): 23 | """Load source files (encoded and decoded version) for tests.""" 24 | with open(INPUT, 'r') as data: 25 | cls.input = data.read() 26 | with open(OUTPUT, 'r') as data: 27 | cls.output = data.read() 28 | 29 | def test_detect(self): 30 | """Test detect() function.""" 31 | def detected(source): return self.assertTrue(detect(source)) 32 | 33 | detected(self.input) 34 | 35 | def test_unpack(self): 36 | """Test unpack() function.""" 37 | def check(inp, out): return self.assertEqual(unpack(inp), out) 38 | 39 | check(self.input, self.output) 40 | 41 | 42 | if __name__ == '__main__': 43 | unittest.main() 44 | -------------------------------------------------------------------------------- /jsbeautifier/build/lib.linux-x86_64-2.7/jsbeautifier/unpackers/tests/testpacker.py: -------------------------------------------------------------------------------- 1 | # 2 | # written by Stefano Sanfilippo 3 | # 4 | 5 | """Tests for P.A.C.K.E.R. unpacker.""" 6 | 7 | import unittest 8 | from jsbeautifier.unpackers.packer import detect, unpack 9 | 10 | # pylint: disable=R0904 11 | 12 | 13 | class TestPacker(unittest.TestCase): 14 | """P.A.C.K.E.R. testcase.""" 15 | 16 | def test_detect(self): 17 | """Test detect() function.""" 18 | def positive(source): return self.assertTrue(detect(source)) 19 | 20 | def negative(source): return self.assertFalse(detect(source)) 21 | 22 | negative('') 23 | negative('var a = b') 24 | positive('eval(function(p,a,c,k,e,r') 25 | positive('eval ( function(p, a, c, k, e, r') 26 | 27 | def test_unpack(self): 28 | """Test unpack() function.""" 29 | def check(inp, out): 30 | return detect(inp) and self.assertEqual(unpack(inp), out) 31 | 32 | check("eval(function(p,a,c,k,e,r){e=String;if(!''.replace(/^/,String)" 33 | "){while(c--)r[c]=k[c]||c;k=[function(e){return r[e]}];e=" 34 | "function(){return'\\\\w+'};c=1};while(c--)if(k[c])p=p.replace(" 35 | "new RegExp('\\\\b'+e(c)+'\\\\b','g'),k[c]);return p}('0 2=1'," 36 | "62,3,'var||a'.split('|'),0,{}))", 'var a=1') 37 | check("function test (){alert ('This is a test!')}; " 38 | "eval(function(p,a,c,k,e,r){e=String;if(!''.replace(/^/,String))" 39 | "{while(c--)r[c]=k[c]||c;k=[function(e){return r[e]}];e=function" 40 | "(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp(" 41 | "'\\b'+e(c)+'\\b','g'),k[c]);return p}('0 2=1',3,3," 42 | "'var||a'.split('|'),0,{}))", 43 | "function test (){alert ('This is a test!')}; var a=1") 44 | 45 | 46 | if __name__ == '__main__': 47 | unittest.main() 48 | -------------------------------------------------------------------------------- /jsbeautifier/build/lib.linux-x86_64-2.7/jsbeautifier/unpackers/tests/testurlencode.py: -------------------------------------------------------------------------------- 1 | # 2 | # written by Stefano Sanfilippo 3 | # 4 | 5 | """Tests for urlencoded unpacker.""" 6 | 7 | import unittest 8 | 9 | from jsbeautifier.unpackers.urlencode import detect, unpack 10 | 11 | # pylint: disable=R0904 12 | 13 | 14 | class TestUrlencode(unittest.TestCase): 15 | """urlencode test case.""" 16 | 17 | def test_detect(self): 18 | """Test detect() function.""" 19 | def encoded(source): return self.assertTrue(detect(source)) 20 | 21 | def unencoded(source): return self.assertFalse(detect(source)) 22 | 23 | unencoded('') 24 | unencoded('var a = b') 25 | encoded('var%20a+=+b') 26 | encoded('var%20a=b') 27 | encoded('var%20%21%22') 28 | 29 | def test_unpack(self): 30 | """Test unpack function.""" 31 | def equals( 32 | source, 33 | result): return self.assertEqual( 34 | unpack(source), 35 | result) 36 | 37 | equals('', '') 38 | equals('abcd', 'abcd') 39 | equals('var a = b', 'var a = b') 40 | equals('var%20a=b', 'var a=b') 41 | equals('var%20a+=+b', 'var a = b') 42 | 43 | 44 | if __name__ == '__main__': 45 | unittest.main() 46 | -------------------------------------------------------------------------------- /jsbeautifier/build/lib.linux-x86_64-2.7/jsbeautifier/unpackers/urlencode.py: -------------------------------------------------------------------------------- 1 | # 2 | # Trivial bookmarklet/escaped script detector for the javascript beautifier 3 | # written by Einar Lielmanis 4 | # rewritten in Python by Stefano Sanfilippo 5 | # 6 | # Will always return valid javascript: if `detect()` is false, `code` is 7 | # returned, unmodified. 8 | # 9 | # usage: 10 | # 11 | # some_string = urlencode.unpack(some_string) 12 | # 13 | 14 | """Bookmarklet/escaped script unpacker.""" 15 | 16 | # Python 2 retrocompatibility 17 | # pylint: disable=F0401 18 | # pylint: disable=E0611 19 | try: 20 | from urllib import unquote_plus 21 | except ImportError: 22 | from urllib.parse import unquote_plus 23 | 24 | PRIORITY = 0 25 | 26 | 27 | def detect(code): 28 | """Detects if a scriptlet is urlencoded.""" 29 | # the fact that script doesn't contain any space, but has %20 instead 30 | # should be sufficient check for now. 31 | return ' ' not in code and ('%20' in code or code.count('%') > 3) 32 | 33 | 34 | def unpack(code): 35 | """URL decode `code` source string.""" 36 | return unquote_plus(code) if detect(code) else code 37 | -------------------------------------------------------------------------------- /jsbeautifier/css-beautify: -------------------------------------------------------------------------------- 1 | #! /usr/bin/env python 2 | # 3 | # Stub script to run cssbeautifier 4 | # 5 | import sys 6 | from cssbeautifier import main 7 | sys.exit(main()) 8 | -------------------------------------------------------------------------------- /jsbeautifier/cssbeautifier/css/__init__.py: -------------------------------------------------------------------------------- 1 | # Empty file :) 2 | -------------------------------------------------------------------------------- /jsbeautifier/cssbeautifier/css/options.py: -------------------------------------------------------------------------------- 1 | # 2 | # The MIT License (MIT) 3 | 4 | # Copyright (c) 2007-2018 Einar Lielmanis, Liam Newman, and contributors. 5 | 6 | # Permission is hereby granted, free of charge, to any person 7 | # obtaining a copy of this software and associated documentation files 8 | # (the "Software"), to deal in the Software without restriction, 9 | # including without limitation the rights to use, copy, modify, merge, 10 | # publish, distribute, sublicense, and/or sell copies of the Software, 11 | # and to permit persons to whom the Software is furnished to do so, 12 | # subject to the following conditions: 13 | 14 | # The above copyright notice and this permission notice shall be 15 | # included in all copies or substantial portions of the Software. 16 | 17 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 18 | # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 19 | # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 20 | # NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS 21 | # BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN 22 | # ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 23 | # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 24 | # SOFTWARE. 25 | 26 | from jsbeautifier.core.options import Options as BaseOptions 27 | 28 | class BeautifierOptions(BaseOptions): 29 | def __init__(self, options=None): 30 | BaseOptions.__init__(self, options, 'css') 31 | 32 | self.selector_separator_newline = self._get_boolean('selector_separator_newline', True) 33 | self.newline_between_rules = self._get_boolean('newline_between_rules', True) 34 | 35 | # deprecated 36 | space_around_selector_separator = self._get_boolean('space_around_selector_separator') 37 | 38 | # Continue to accept deprecated option 39 | self.space_around_combinator = self._get_boolean('space_around_combinator') or \ 40 | space_around_selector_separator 41 | -------------------------------------------------------------------------------- /jsbeautifier/cssbeautifier/tests/__init__.py: -------------------------------------------------------------------------------- 1 | # Empty file :) 2 | -------------------------------------------------------------------------------- /jsbeautifier/cssbeautifier/tests/generated/__init__.py: -------------------------------------------------------------------------------- 1 | # Empty file :) 2 | -------------------------------------------------------------------------------- /jsbeautifier/debian/.gitignore: -------------------------------------------------------------------------------- 1 | /files 2 | /*.log 3 | /*.debhelper 4 | /*.substvars 5 | /python3-jsbeautifier 6 | -------------------------------------------------------------------------------- /jsbeautifier/debian/changelog: -------------------------------------------------------------------------------- 1 | jsbeautifier (1.5.10-1) smurf; urgency=low 2 | 3 | * source package automatically created by stdeb 0.8.2 4 | 5 | -- Matthias Urlichs Sun, 13 Dec 2015 17:36:34 +0100 6 | -------------------------------------------------------------------------------- /jsbeautifier/debian/compat: -------------------------------------------------------------------------------- 1 | 9 2 | -------------------------------------------------------------------------------- /jsbeautifier/debian/control: -------------------------------------------------------------------------------- 1 | Source: jsbeautifier 2 | Maintainer: Matthias Urlichs 3 | Section: python 4 | Priority: optional 5 | Build-Depends: python3-all, debhelper (>= 9) 6 | Standards-Version: 3.9.1 7 | 8 | Package: python3-jsbeautifier 9 | Architecture: all 10 | Depends: ${misc:Depends}, ${python3:Depends} 11 | Description: JavaScript unobfuscator and beautifier. 12 | Beautify, unpack or deobfuscate JavaScript. Handles popular online obfuscators. 13 | 14 | -------------------------------------------------------------------------------- /jsbeautifier/debian/rules: -------------------------------------------------------------------------------- 1 | #!/usr/bin/make -f 2 | 3 | # This file was automatically generated by stdeb 0.8.2 at 4 | # Sun, 13 Dec 2015 17:36:34 +0100 5 | export PYBUILD_NAME=jsbeautifier 6 | %: 7 | dh $@ --with python3 --buildsystem=pybuild 8 | 9 | -------------------------------------------------------------------------------- /jsbeautifier/debian/source/format: -------------------------------------------------------------------------------- 1 | 3.0 (quilt) 2 | -------------------------------------------------------------------------------- /jsbeautifier/dist/jsbeautifier-1.9.0-py2.7.egg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/jsbeautifier/dist/jsbeautifier-1.9.0-py2.7.egg -------------------------------------------------------------------------------- /jsbeautifier/js-beautify-profile: -------------------------------------------------------------------------------- 1 | #! /usr/bin/env python 2 | 3 | # To run this: ./js-beautify/tools/python-dev python ./python/js-beautify-profile 4 | 5 | import sys 6 | import unittest 7 | import pstats 8 | from pstats import SortKey 9 | 10 | # Speedup things... 11 | try: 12 | import cProfile as profile 13 | except ImportError: 14 | import profile 15 | import os 16 | import copy 17 | import jsbeautifier 18 | options = jsbeautifier.default_options() 19 | options.wrap_line_length = 80 20 | 21 | def beautifier_test_github_min(): 22 | jsbeautifier.beautify(github_min, options) 23 | 24 | if __name__ == '__main__': 25 | dirname = os.path.dirname(os.path.abspath(__file__)) 26 | github_min_file = os.path.join( 27 | dirname, "../", "test/resources/github-min.js") 28 | github_min = copy.copy(''.join(open( github_min_file).readlines())) 29 | 30 | profile.run('beautifier_test_github_min()', 31 | os.path.join(dirname, "../", 'build/jsbstats')) 32 | 33 | p = pstats.Stats(os.path.join(dirname, "../", 'build/jsbstats')) 34 | p.strip_dirs().sort_stats(SortKey.CUMULATIVE).print_stats() 35 | -------------------------------------------------------------------------------- /jsbeautifier/js-beautify-test: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | # 3 | # Test suite launcher 4 | # 5 | 6 | if [ -z $PYTHON ]; then 7 | env python js-beautify-test.py 8 | else 9 | env $PYTHON js-beautify-test.py 10 | fi 11 | -------------------------------------------------------------------------------- /jsbeautifier/js-beautify-test.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | import sys 4 | import unittest 5 | 6 | 7 | def run_tests(): 8 | suite = unittest.TestLoader().discover( 9 | 'jsbeautifier', pattern="test*.py") 10 | suite.addTests(unittest.TestLoader().discover( 11 | 'cssbeautifier', pattern="test*.py")) 12 | return unittest.TextTestRunner(verbosity=2).run(suite) 13 | 14 | 15 | if __name__ == "__main__": 16 | sys.exit(not run_tests().wasSuccessful()) 17 | -------------------------------------------------------------------------------- /jsbeautifier/jsbeautifier.egg-info/PKG-INFO: -------------------------------------------------------------------------------- 1 | Metadata-Version: 1.0 2 | Name: jsbeautifier 3 | Version: 1.9.0 4 | Summary: JavaScript unobfuscator and beautifier. 5 | Home-page: https://beautifier.io 6 | Author: Liam Newman, Einar Lielmanis, et al. 7 | Author-email: team@beautifier.io 8 | License: MIT 9 | Description: Beautify, unpack or deobfuscate JavaScript. Handles popular online obfuscators. 10 | Platform: UNKNOWN 11 | -------------------------------------------------------------------------------- /jsbeautifier/jsbeautifier.egg-info/SOURCES.txt: -------------------------------------------------------------------------------- 1 | MANIFEST.in 2 | js-beautify-test 3 | setup.py 4 | jsbeautifier/__init__.py 5 | jsbeautifier/__version__.py 6 | jsbeautifier.egg-info/PKG-INFO 7 | jsbeautifier.egg-info/SOURCES.txt 8 | jsbeautifier.egg-info/dependency_links.txt 9 | jsbeautifier.egg-info/entry_points.txt 10 | jsbeautifier.egg-info/requires.txt 11 | jsbeautifier.egg-info/top_level.txt 12 | jsbeautifier/core/__init__.py 13 | jsbeautifier/core/directives.py 14 | jsbeautifier/core/inputscanner.py 15 | jsbeautifier/core/options.py 16 | jsbeautifier/core/output.py 17 | jsbeautifier/core/pattern.py 18 | jsbeautifier/core/templatablepattern.py 19 | jsbeautifier/core/token.py 20 | jsbeautifier/core/tokenizer.py 21 | jsbeautifier/core/tokenstream.py 22 | jsbeautifier/core/whitespacepattern.py 23 | jsbeautifier/javascript/__init__.py 24 | jsbeautifier/javascript/acorn.py 25 | jsbeautifier/javascript/beautifier.py 26 | jsbeautifier/javascript/options.py 27 | jsbeautifier/javascript/tokenizer.py 28 | jsbeautifier/tests/__init__.py 29 | jsbeautifier/tests/test-packer.py 30 | jsbeautifier/tests/testindentation.py 31 | jsbeautifier/tests/generated/__init__.py 32 | jsbeautifier/tests/generated/tests.py 33 | jsbeautifier/unpackers/__init__.py 34 | jsbeautifier/unpackers/evalbased.py 35 | jsbeautifier/unpackers/javascriptobfuscator.py 36 | jsbeautifier/unpackers/myobfuscate.py 37 | jsbeautifier/unpackers/packer.py 38 | jsbeautifier/unpackers/urlencode.py 39 | jsbeautifier/unpackers/tests/__init__.py 40 | jsbeautifier/unpackers/tests/testjavascriptobfuscator.py 41 | jsbeautifier/unpackers/tests/testmyobfuscate.py 42 | jsbeautifier/unpackers/tests/testpacker.py 43 | jsbeautifier/unpackers/tests/testurlencode.py -------------------------------------------------------------------------------- /jsbeautifier/jsbeautifier.egg-info/dependency_links.txt: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /jsbeautifier/jsbeautifier.egg-info/entry_points.txt: -------------------------------------------------------------------------------- 1 | [console_scripts] 2 | js-beautify = jsbeautifier:main 3 | 4 | -------------------------------------------------------------------------------- /jsbeautifier/jsbeautifier.egg-info/requires.txt: -------------------------------------------------------------------------------- 1 | six>=1.6.1 2 | editorconfig>=0.12.0 3 | -------------------------------------------------------------------------------- /jsbeautifier/jsbeautifier.egg-info/top_level.txt: -------------------------------------------------------------------------------- 1 | jsbeautifier 2 | -------------------------------------------------------------------------------- /jsbeautifier/jsbeautifier/__init__.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/jsbeautifier/jsbeautifier/__init__.pyc -------------------------------------------------------------------------------- /jsbeautifier/jsbeautifier/__version__.py: -------------------------------------------------------------------------------- 1 | __version__ = '1.9.0' 2 | -------------------------------------------------------------------------------- /jsbeautifier/jsbeautifier/__version__.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/jsbeautifier/jsbeautifier/__version__.pyc -------------------------------------------------------------------------------- /jsbeautifier/jsbeautifier/core/__init__.py: -------------------------------------------------------------------------------- 1 | # Empty file :) 2 | -------------------------------------------------------------------------------- /jsbeautifier/jsbeautifier/core/__init__.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/jsbeautifier/jsbeautifier/core/__init__.pyc -------------------------------------------------------------------------------- /jsbeautifier/jsbeautifier/core/directives.py: -------------------------------------------------------------------------------- 1 | # The MIT License (MIT) 2 | # 3 | # Copyright (c) 2007-2018 Einar Lielmanis, Liam Newman, and contributors. 4 | # 5 | # Permission is hereby granted, free of charge, to any person 6 | # obtaining a copy of this software and associated documentation files 7 | # (the "Software"), to deal in the Software without restriction, 8 | # including without limitation the rights to use, copy, modify, merge, 9 | # publish, distribute, sublicense, and/or sell copies of the Software, 10 | # and to permit persons to whom the Software is furnished to do so, 11 | # subject to the following conditions: 12 | # 13 | # The above copyright notice and this permission notice shall be 14 | # included in all copies or substantial portions of the Software. 15 | # 16 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 17 | # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 18 | # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 19 | # NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS 20 | # BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN 21 | # ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 22 | # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 23 | # SOFTWARE. 24 | 25 | import re 26 | 27 | 28 | class Directives: 29 | 30 | def __init__(self, start_block_pattern, end_block_pattern): 31 | 32 | self.__directives_block_pattern = re.compile(start_block_pattern + r' beautify( \w+[:]\w+)+ ' + end_block_pattern) 33 | self.__directive_pattern = re.compile(r' (\w+)[:](\w+)') 34 | 35 | self.__directives_end_ignore_pattern = re.compile(start_block_pattern + r'\sbeautify\signore:end\s' + end_block_pattern) 36 | 37 | def get_directives(self, text): 38 | if not self.__directives_block_pattern.match(text): 39 | return None 40 | 41 | directives = {} 42 | directive_match = self.__directive_pattern.search(text) 43 | 44 | while directive_match: 45 | directives[directive_match.group(1)] = directive_match.group(2) 46 | directive_match = self.__directive_pattern.search( 47 | text, directive_match.end()) 48 | 49 | 50 | return directives 51 | 52 | def readIgnored(self, input): 53 | return input.readUntilAfter(self.__directives_end_ignore_pattern) 54 | -------------------------------------------------------------------------------- /jsbeautifier/jsbeautifier/core/directives.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/jsbeautifier/jsbeautifier/core/directives.pyc -------------------------------------------------------------------------------- /jsbeautifier/jsbeautifier/core/inputscanner.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/jsbeautifier/jsbeautifier/core/inputscanner.pyc -------------------------------------------------------------------------------- /jsbeautifier/jsbeautifier/core/options.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/jsbeautifier/jsbeautifier/core/options.pyc -------------------------------------------------------------------------------- /jsbeautifier/jsbeautifier/core/output.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/jsbeautifier/jsbeautifier/core/output.pyc -------------------------------------------------------------------------------- /jsbeautifier/jsbeautifier/core/pattern.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/jsbeautifier/jsbeautifier/core/pattern.pyc -------------------------------------------------------------------------------- /jsbeautifier/jsbeautifier/core/templatablepattern.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/jsbeautifier/jsbeautifier/core/templatablepattern.pyc -------------------------------------------------------------------------------- /jsbeautifier/jsbeautifier/core/token.py: -------------------------------------------------------------------------------- 1 | # The MIT License (MIT) 2 | # 3 | # Copyright (c) 2007-2018 Einar Lielmanis, Liam Newman, and contributors. 4 | # 5 | # Permission is hereby granted, free of charge, to any person 6 | # obtaining a copy of this software and associated documentation files 7 | # (the "Software"), to deal in the Software without restriction, 8 | # including without limitation the rights to use, copy, modify, merge, 9 | # publish, distribute, sublicense, and/or sell copies of the Software, 10 | # and to permit persons to whom the Software is furnished to do so, 11 | # subject to the following conditions: 12 | # 13 | # The above copyright notice and this permission notice shall be 14 | # included in all copies or substantial portions of the Software. 15 | # 16 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 17 | # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 18 | # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 19 | # NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS 20 | # BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN 21 | # ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 22 | # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 23 | # SOFTWARE. 24 | 25 | 26 | class Token: 27 | def __init__( 28 | self, 29 | type, 30 | text, 31 | newlines=0, 32 | whitespace_before=''): 33 | self.type = type 34 | self.text = text 35 | self.comments_before = None 36 | self.newlines = newlines 37 | self.whitespace_before = whitespace_before 38 | self.parent = None 39 | self.next = None 40 | self.previous = None 41 | self.opened = None 42 | self.closed = None 43 | self.directives = None 44 | -------------------------------------------------------------------------------- /jsbeautifier/jsbeautifier/core/token.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/jsbeautifier/jsbeautifier/core/token.pyc -------------------------------------------------------------------------------- /jsbeautifier/jsbeautifier/core/tokenizer.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/jsbeautifier/jsbeautifier/core/tokenizer.pyc -------------------------------------------------------------------------------- /jsbeautifier/jsbeautifier/core/tokenstream.py: -------------------------------------------------------------------------------- 1 | # The MIT License (MIT) 2 | # 3 | # Copyright (c) 2007-2018 Einar Lielmanis, Liam Newman, and contributors. 4 | # 5 | # Permission is hereby granted, free of charge, to any person 6 | # obtaining a copy of this software and associated documentation files 7 | # (the "Software"), to deal in the Software without restriction, 8 | # including without limitation the rights to use, copy, modify, merge, 9 | # publish, distribute, sublicense, and/or sell copies of the Software, 10 | # and to permit persons to whom the Software is furnished to do so, 11 | # subject to the following conditions: 12 | # 13 | # The above copyright notice and this permission notice shall be 14 | # included in all copies or substantial portions of the Software. 15 | # 16 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 17 | # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 18 | # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 19 | # NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS 20 | # BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN 21 | # ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 22 | # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 23 | # SOFTWARE. 24 | 25 | import re 26 | from ..core.inputscanner import InputScanner 27 | from ..core.token import Token 28 | 29 | class TokenStream: 30 | 31 | def __init__(self, parent_token=None): 32 | self.__tokens = [] 33 | self.__tokens_length = len(self.__tokens) 34 | self.__position = 0 35 | self.__parent_token = parent_token 36 | 37 | def restart(self): 38 | self.__position = 0 39 | 40 | def isEmpty(self): 41 | return self.__tokens_length == 0 42 | 43 | def hasNext(self): 44 | return self.__position < self.__tokens_length 45 | 46 | def next(self): 47 | if self.hasNext(): 48 | val = self.__tokens[self.__position] 49 | self.__position += 1 50 | return val 51 | else: 52 | raise StopIteration 53 | 54 | def peek(self, index=0): 55 | val = None 56 | index += self.__position 57 | if index >= 0 and index < self.__tokens_length: 58 | val = self.__tokens[index] 59 | 60 | return val 61 | 62 | def add(self, token): 63 | if self.__parent_token: 64 | token.parent = self.__parent_token 65 | 66 | self.__tokens.append(token) 67 | self.__tokens_length += 1 68 | 69 | def __iter__(self): 70 | self.restart() 71 | return self 72 | 73 | def __next__(self): 74 | return self.next() 75 | -------------------------------------------------------------------------------- /jsbeautifier/jsbeautifier/core/tokenstream.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/jsbeautifier/jsbeautifier/core/tokenstream.pyc -------------------------------------------------------------------------------- /jsbeautifier/jsbeautifier/core/whitespacepattern.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/jsbeautifier/jsbeautifier/core/whitespacepattern.pyc -------------------------------------------------------------------------------- /jsbeautifier/jsbeautifier/javascript/__init__.py: -------------------------------------------------------------------------------- 1 | # Empty file :) 2 | -------------------------------------------------------------------------------- /jsbeautifier/jsbeautifier/javascript/__init__.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/jsbeautifier/jsbeautifier/javascript/__init__.pyc -------------------------------------------------------------------------------- /jsbeautifier/jsbeautifier/javascript/beautifier.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/jsbeautifier/jsbeautifier/javascript/beautifier.pyc -------------------------------------------------------------------------------- /jsbeautifier/jsbeautifier/javascript/options.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/jsbeautifier/jsbeautifier/javascript/options.pyc -------------------------------------------------------------------------------- /jsbeautifier/jsbeautifier/javascript/tokenizer.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/jsbeautifier/jsbeautifier/javascript/tokenizer.pyc -------------------------------------------------------------------------------- /jsbeautifier/jsbeautifier/tests/__init__.py: -------------------------------------------------------------------------------- 1 | # Empty file :) 2 | -------------------------------------------------------------------------------- /jsbeautifier/jsbeautifier/tests/core/__init__.py: -------------------------------------------------------------------------------- 1 | # Empty file :) 2 | -------------------------------------------------------------------------------- /jsbeautifier/jsbeautifier/tests/core/test_inputscanner.py: -------------------------------------------------------------------------------- 1 | import re 2 | import unittest 3 | from ...core.inputscanner import InputScanner 4 | 5 | 6 | class TestInputScanner(unittest.TestCase): 7 | 8 | @classmethod 9 | def setUpClass(cls): 10 | pass 11 | 12 | def setUp(self): 13 | self.value = 'howdy' 14 | self.inputscanner = InputScanner(self.value) 15 | 16 | def test_new(self): 17 | inputscanner = InputScanner(None) 18 | self.assertEqual(inputscanner.hasNext(), False) 19 | 20 | def test_next(self): 21 | self.assertEqual(self.inputscanner.next(), self.value[0]) 22 | self.assertEqual(self.inputscanner.next(), self.value[1]) 23 | 24 | def test_peek(self): 25 | self.assertEqual(self.inputscanner.peek(3), self.value[3]) 26 | self.inputscanner.next() 27 | self.assertEqual(self.inputscanner.peek(3), self.value[4]) 28 | 29 | def test_no_param(self): 30 | self.assertEqual(self.inputscanner.peek(), self.value[0]) 31 | self.inputscanner.next() 32 | self.assertEqual(self.inputscanner.peek(), self.value[1]) 33 | 34 | def test_pattern(self): 35 | pattern = re.compile(r'how') 36 | index = 0 37 | self.assertEqual(self.inputscanner.test(pattern, index), True) 38 | self.inputscanner.next() 39 | self.assertEqual(self.inputscanner.test(pattern, index), False) 40 | 41 | def test_Char(self): 42 | pattern = re.compile(r'o') 43 | index = 1 44 | self.assertEqual(self.inputscanner.testChar(pattern, index), True) 45 | 46 | 47 | if __name__ == '__main__': 48 | unittest.main() 49 | -------------------------------------------------------------------------------- /jsbeautifier/jsbeautifier/tests/generated/__init__.py: -------------------------------------------------------------------------------- 1 | # Empty file :) 2 | -------------------------------------------------------------------------------- /jsbeautifier/jsbeautifier/tests/test-packer.py: -------------------------------------------------------------------------------- 1 | from __future__ import print_function 2 | import sys 3 | import jsbeautifier 4 | 5 | opts = jsbeautifier.default_options() 6 | opts.eol = "\n" 7 | global fails 8 | fails = 0 9 | 10 | 11 | def test_str(str, expected): 12 | global fails 13 | res = jsbeautifier.beautify(str, opts) 14 | if(res == expected): 15 | print(".") 16 | return True 17 | else: 18 | print("___got:" + res + "\n___expected:" + expected + "\n") 19 | fails = fails + 1 20 | return False 21 | 22 | 23 | str = "eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('2 0=\"4 3!\";2 1=0.5(/b/6);a.9(\"8\").7=1;',12,12,'str|n|var|W3Schools|Visit|search|i|innerHTML|demo|getElementById|document|w3Schools'.split('|'),0,{}))" 24 | expected = "var str = \"Visit W3Schools!\";\nvar n = str.search(/w3Schools/i);\ndocument.getElementById(\"demo\").innerHTML = n;" 25 | 26 | res = test_str(str, expected) 27 | 28 | str = "a=b;\r\nwhile(1){\ng=h;{return'\\w+'};break;eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('$(5).4(3(){$(\'.1\').0(2);$(\'.6\').0(d);$(\'.7\').0(b);$(\'.a\').0(8);$(\'.9\').0(c)});',14,14,'html|r5e57|8080|function|ready|document|r1655|rc15b|8888|r39b0|r6ae9|3128|65309|80'.split('|'),0,{}))c=abx;" 29 | expected = "a = b;\nwhile (1) {\n g = h; {\n return '\\w+'\n };\n break;\n $(document).ready(function() {\n $('.r5e57').html(8080);\n $('.r1655').html(80);\n $('.rc15b').html(3128);\n $('.r6ae9').html(8888);\n $('.r39b0').html(65309)\n });\n c = abx;" 30 | 31 | res = test_str(str, expected) 32 | 33 | str = "eval(function(p,a,c,k,e,r){e=function(c){return c.toString(36)};if('0'.replace(0,e)==0){while(c--)r[e(c)]=k[c];k=[function(e){return r[e]||e}];e=function(){return'[0-9ab]'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('$(5).a(6(){ $(\'.8\').0(1); $(\'.b\').0(4); $(\'.9\').0(2); $(\'.7\').0(3)})',[],12,'html|52136|555|65103|8088|document|function|r542c|r8ce6|rb0de|ready|rfab0'.split('|'),0,{}))" 34 | expected = "$(document).ready(function() {\n $(\'.r8ce6\').html(52136);\n $(\'.rfab0\').html(8088);\n $(\'.rb0de\').html(555);\n $(\'.r542c\').html(65103)\n})" 35 | 36 | res = test_str(str, expected) 37 | 38 | if (fails == 0): 39 | print("OK") 40 | -------------------------------------------------------------------------------- /jsbeautifier/jsbeautifier/tests/testindentation.py: -------------------------------------------------------------------------------- 1 | import re 2 | import unittest 3 | import jsbeautifier 4 | 5 | 6 | class TestJSBeautifierIndentation(unittest.TestCase): 7 | def test_tabs(self): 8 | test_fragment = self.decodesto 9 | 10 | self.options.indent_with_tabs = 1 11 | test_fragment('{tabs()}', "{\n\ttabs()\n}") 12 | 13 | def test_function_indent(self): 14 | test_fragment = self.decodesto 15 | 16 | self.options.indent_with_tabs = 1 17 | self.options.keep_function_indentation = 1 18 | test_fragment( 19 | 'var foo = function(){ bar() }();', 20 | "var foo = function() {\n\tbar()\n}();") 21 | 22 | self.options.tabs = 1 23 | self.options.keep_function_indentation = 0 24 | test_fragment( 25 | 'var foo = function(){ baz() }();', 26 | "var foo = function() {\n\tbaz()\n}();") 27 | 28 | def decodesto(self, input, expectation=None): 29 | self.assertEqual( 30 | jsbeautifier.beautify(input, self.options), expectation or input) 31 | 32 | @classmethod 33 | def setUpClass(cls): 34 | options = jsbeautifier.default_options() 35 | options.indent_size = 4 36 | options.indent_char = ' ' 37 | options.preserve_newlines = True 38 | options.jslint_happy = False 39 | options.keep_array_indentation = False 40 | options.brace_style = 'collapse' 41 | options.indent_level = 0 42 | 43 | cls.options = options 44 | cls.wrapregex = re.compile('^(.+)$', re.MULTILINE) 45 | 46 | 47 | if __name__ == '__main__': 48 | unittest.main() 49 | -------------------------------------------------------------------------------- /jsbeautifier/jsbeautifier/unpackers/README.specs.mkd: -------------------------------------------------------------------------------- 1 | # UNPACKERS SPECIFICATIONS 2 | 3 | Nothing very difficult: an unpacker is a submodule placed in the directory 4 | where this file was found. Each unpacker must define three symbols: 5 | 6 | * `PRIORITY` : integer number expressing the priority in applying this 7 | unpacker. Lower number means higher priority. 8 | Makes sense only if a source file has been packed with 9 | more than one packer. 10 | * `detect(source)` : returns `True` if source is packed, otherwise, `False`. 11 | * `unpack(source)` : takes a `source` string and unpacks it. Must always return 12 | valid JavaScript. That is to say, your code should look 13 | like: 14 | 15 | ``` 16 | if detect(source): 17 | return do_your_fancy_things_with(source) 18 | else: 19 | return source 20 | ``` 21 | 22 | *You can safely define any other symbol in your module, as it will be ignored.* 23 | 24 | `__init__` code will automatically load new unpackers, without any further step 25 | to be accomplished. Simply drop it in this directory. 26 | -------------------------------------------------------------------------------- /jsbeautifier/jsbeautifier/unpackers/__init__.py: -------------------------------------------------------------------------------- 1 | # 2 | # General code for JSBeautifier unpackers infrastructure. See README.specs 3 | # written by Stefano Sanfilippo 4 | # 5 | 6 | """General code for JSBeautifier unpackers infrastructure.""" 7 | 8 | import pkgutil 9 | import re 10 | from jsbeautifier.unpackers import evalbased 11 | 12 | # NOTE: AT THE MOMENT, IT IS DEACTIVATED FOR YOUR SECURITY: it runs js! 13 | BLACKLIST = ['jsbeautifier.unpackers.evalbased'] 14 | 15 | 16 | class UnpackingError(Exception): 17 | """Badly packed source or general error. Argument is a 18 | meaningful description.""" 19 | pass 20 | 21 | 22 | def getunpackers(): 23 | """Scans the unpackers dir, finds unpackers and add them to UNPACKERS list. 24 | An unpacker will be loaded only if it is a valid python module (name must 25 | adhere to naming conventions) and it is not blacklisted (i.e. inserted 26 | into BLACKLIST.""" 27 | path = __path__ 28 | prefix = __name__ + '.' 29 | unpackers = [] 30 | interface = ['unpack', 'detect', 'PRIORITY'] 31 | for _importer, modname, _ispkg in pkgutil.iter_modules(path, prefix): 32 | if 'tests' not in modname and modname not in BLACKLIST: 33 | try: 34 | module = __import__(modname, fromlist=interface) 35 | except ImportError: 36 | raise UnpackingError('Bad unpacker: %s' % modname) 37 | else: 38 | unpackers.append(module) 39 | 40 | return sorted(unpackers, key=lambda mod: mod.PRIORITY) 41 | 42 | 43 | UNPACKERS = getunpackers() 44 | 45 | 46 | def run(source, evalcode=False): 47 | """Runs the applicable unpackers and return unpacked source as a string.""" 48 | for unpacker in [mod for mod in UNPACKERS if mod.detect(source)]: 49 | source = unpacker.unpack(source) 50 | if evalcode and evalbased.detect(source): 51 | source = evalbased.unpack(source) 52 | return source 53 | 54 | 55 | def filtercomments(source): 56 | """NOT USED: strips trailing comments and put them at the top.""" 57 | trailing_comments = [] 58 | comment = True 59 | 60 | while comment: 61 | if re.search(r'^\s*\/\*', source): 62 | comment = source[0, source.index('*/') + 2] 63 | elif re.search(r'^\s*\/\/', source): 64 | comment = re.search(r'^\s*\/\/', source).group(0) 65 | else: 66 | comment = None 67 | 68 | if comment: 69 | source = re.sub(r'^\s+', '', source[len(comment):]) 70 | trailing_comments.append(comment) 71 | 72 | return '\n'.join(trailing_comments) + source 73 | -------------------------------------------------------------------------------- /jsbeautifier/jsbeautifier/unpackers/evalbased.py: -------------------------------------------------------------------------------- 1 | # 2 | # Unpacker for eval() based packers, a part of javascript beautifier 3 | # by Einar Lielmanis 4 | # 5 | # written by Stefano Sanfilippo 6 | # 7 | # usage: 8 | # 9 | # if detect(some_string): 10 | # unpacked = unpack(some_string) 11 | # 12 | 13 | """Unpacker for eval() based packers: runs JS code and returns result. 14 | Works only if a JS interpreter (e.g. Mozilla's Rhino) is installed and 15 | properly set up on host.""" 16 | 17 | from subprocess import PIPE, Popen 18 | 19 | PRIORITY = 3 20 | 21 | 22 | def detect(source): 23 | """Detects if source is likely to be eval() packed.""" 24 | return source.strip().lower().startswith('eval(function(') 25 | 26 | 27 | def unpack(source): 28 | """Runs source and return resulting code.""" 29 | return jseval('print %s;' % source[4:]) if detect(source) else source 30 | 31 | # In case of failure, we'll just return the original, without crashing on user. 32 | 33 | 34 | def jseval(script): 35 | """Run code in the JS interpreter and return output.""" 36 | try: 37 | interpreter = Popen(['js'], stdin=PIPE, stdout=PIPE) 38 | except OSError: 39 | return script 40 | result, errors = interpreter.communicate(script) 41 | if interpreter.poll() or errors: 42 | return script 43 | return result 44 | -------------------------------------------------------------------------------- /jsbeautifier/jsbeautifier/unpackers/javascriptobfuscator.py: -------------------------------------------------------------------------------- 1 | # 2 | # simple unpacker/deobfuscator for scripts messed up with 3 | # javascriptobfuscator.com 4 | # 5 | # written by Einar Lielmanis 6 | # rewritten in Python by Stefano Sanfilippo 7 | # 8 | # Will always return valid javascript: if `detect()` is false, `code` is 9 | # returned, unmodified. 10 | # 11 | # usage: 12 | # 13 | # if javascriptobfuscator.detect(some_string): 14 | # some_string = javascriptobfuscator.unpack(some_string) 15 | # 16 | 17 | """deobfuscator for scripts messed up with JavascriptObfuscator.com""" 18 | 19 | import re 20 | 21 | PRIORITY = 1 22 | 23 | 24 | def smartsplit(code): 25 | """Split `code` at " symbol, only if it is not escaped.""" 26 | strings = [] 27 | pos = 0 28 | while pos < len(code): 29 | if code[pos] == '"': 30 | word = '' # new word 31 | pos += 1 32 | while pos < len(code): 33 | if code[pos] == '"': 34 | break 35 | if code[pos] == '\\': 36 | word += '\\' 37 | pos += 1 38 | word += code[pos] 39 | pos += 1 40 | strings.append('"%s"' % word) 41 | pos += 1 42 | return strings 43 | 44 | 45 | def detect(code): 46 | """Detects if `code` is JavascriptObfuscator.com packed.""" 47 | # prefer `is not` idiom, so that a true boolean is returned 48 | return (re.search(r'^var _0x[a-f0-9]+ ?\= ?\[', code) is not None) 49 | 50 | 51 | def unpack(code): 52 | """Unpacks JavascriptObfuscator.com packed code.""" 53 | if detect(code): 54 | matches = re.search(r'var (_0x[a-f\d]+) ?\= ?\[(.*?)\];', code) 55 | if matches: 56 | variable = matches.group(1) 57 | dictionary = smartsplit(matches.group(2)) 58 | code = code[len(matches.group(0)):] 59 | for key, value in enumerate(dictionary): 60 | code = code.replace(r'%s[%s]' % (variable, key), value) 61 | return code 62 | -------------------------------------------------------------------------------- /jsbeautifier/jsbeautifier/unpackers/tests/__init__.py: -------------------------------------------------------------------------------- 1 | # Empty file :) 2 | # pylint: disable=C0111 3 | -------------------------------------------------------------------------------- /jsbeautifier/jsbeautifier/unpackers/tests/test-myobfuscate-output.js: -------------------------------------------------------------------------------- 1 | // 2 | // Unpacker warning: be careful when using myobfuscate.com for your projects: 3 | // scripts obfuscated by the free online version call back home. 4 | // 5 | 6 | // 7 | // Unpacker for Dean Edward's p.a.c.k.e.r, a part of javascript beautifier 8 | // written by Einar Lielmanis 9 | // 10 | // Coincidentally, it can defeat a couple of other eval-based compressors. 11 | // 12 | // usage: 13 | // 14 | // if (P_A_C_K_E_R.detect(some_string)) { 15 | // var unpacked = P_A_C_K_E_R.unpack(some_string); 16 | // } 17 | // 18 | // 19 | 20 | var P_A_C_K_E_R = { 21 | detect: function (str) { 22 | return P_A_C_K_E_R._starts_with(str.toLowerCase().replace(/ +/g, ''), 'eval(function(') || 23 | P_A_C_K_E_R._starts_with(str.toLowerCase().replace(/ +/g, ''), 'eval((function(') ; 24 | }, 25 | 26 | unpack: function (str) { 27 | var unpacked_source = ''; 28 | if (P_A_C_K_E_R.detect(str)) { 29 | try { 30 | eval('unpacked_source = ' + str.substring(4) + ';') 31 | if (typeof unpacked_source == 'string' && unpacked_source) { 32 | str = unpacked_source; 33 | } 34 | } catch (error) { 35 | // well, it failed. we'll just return the original, instead of crashing on user. 36 | } 37 | } 38 | return str; 39 | }, 40 | 41 | _starts_with: function (str, what) { 42 | return str.substr(0, what.length) === what; 43 | }, 44 | 45 | run_tests: function (sanity_test) { 46 | var t = sanity_test || new SanityTest(); 47 | t.test_function(P_A_C_K_E_R.detect, "P_A_C_K_E_R.detect"); 48 | t.expect('', false); 49 | t.expect('var a = b', false); 50 | t.expect('eval(function(p,a,c,k,e,r', true); 51 | t.expect('eval ( function(p, a, c, k, e, r', true); 52 | 53 | t.test_function(P_A_C_K_E_R.unpack, 'P_A_C_K_E_R.unpack'); 54 | t.expect("eval(function(p,a,c,k,e,r){e=String;if(!''.replace(/^/,String)){while(c--)r[c]=k[c]||c;k=[function(e){return r[e]}];e=function(){return'\\\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\\\b'+e(c)+'\\\\b','g'),k[c]);return p}('0 2=1',3,3,'var||a'.split('|'),0,{}))", 55 | 'var a=1'); 56 | 57 | var starts_with_a = function(what) { return P_A_C_K_E_R._starts_with(what, 'a'); } 58 | t.test_function(starts_with_a, "P_A_C_K_E_R._starts_with(?, a)"); 59 | t.expect('abc', true); 60 | t.expect('bcd', false); 61 | t.expect('a', true); 62 | t.expect('', false); 63 | return t; 64 | } 65 | } 66 | -------------------------------------------------------------------------------- /jsbeautifier/jsbeautifier/unpackers/tests/testjavascriptobfuscator.py: -------------------------------------------------------------------------------- 1 | # 2 | # written by Stefano Sanfilippo 3 | # 4 | 5 | """Tests for JavaScriptObfuscator unpacker.""" 6 | 7 | import unittest 8 | from jsbeautifier.unpackers.javascriptobfuscator import ( 9 | unpack, detect, smartsplit) 10 | 11 | # pylint: disable=R0904 12 | 13 | 14 | class TestJavascriptObfuscator(unittest.TestCase): 15 | """JavascriptObfuscator.com test case.""" 16 | 17 | def test_smartsplit(self): 18 | """Test smartsplit() function.""" 19 | split = smartsplit 20 | 21 | def equals(data, result): return self.assertEqual(split(data), result) 22 | 23 | equals('', []) 24 | equals('"a", "b"', ['"a"', '"b"']) 25 | equals('"aaa","bbbb"', ['"aaa"', '"bbbb"']) 26 | equals('"a", "b\\\""', ['"a"', '"b\\\""']) 27 | 28 | def test_detect(self): 29 | """Test detect() function.""" 30 | def positive(source): return self.assertTrue(detect(source)) 31 | 32 | def negative(source): return self.assertFalse(detect(source)) 33 | 34 | negative('') 35 | negative('abcd') 36 | negative('var _0xaaaa') 37 | positive('var _0xaaaa = ["a", "b"]') 38 | positive('var _0xaaaa=["a", "b"]') 39 | positive('var _0x1234=["a","b"]') 40 | 41 | def test_unpack(self): 42 | """Test unpack() function.""" 43 | def decodeto( 44 | ob, original): return self.assertEqual( 45 | unpack(ob), original) 46 | 47 | decodeto('var _0x8df3=[];var a=10;', 'var a=10;') 48 | decodeto('var _0xb2a7=["\x74\x27\x65\x73\x74"];var i;for(i=0;i<10;++i)' 49 | '{alert(_0xb2a7[0]);} ;', 'var i;for(i=0;i<10;++i){alert' 50 | '("t\'est");} ;') 51 | 52 | 53 | if __name__ == '__main__': 54 | unittest.main() 55 | -------------------------------------------------------------------------------- /jsbeautifier/jsbeautifier/unpackers/tests/testmyobfuscate.py: -------------------------------------------------------------------------------- 1 | # 2 | # written by Stefano Sanfilippo 3 | # 4 | 5 | """Tests for MyObfuscate unpacker.""" 6 | 7 | import unittest 8 | import os 9 | from jsbeautifier.unpackers.myobfuscate import detect, unpack 10 | from jsbeautifier.unpackers.tests import __path__ as path 11 | 12 | INPUT = os.path.join(path[0], 'test-myobfuscate-input.js') 13 | OUTPUT = os.path.join(path[0], 'test-myobfuscate-output.js') 14 | 15 | # pylint: disable=R0904 16 | 17 | 18 | class TestMyObfuscate(unittest.TestCase): 19 | # pylint: disable=C0103 20 | """MyObfuscate obfuscator testcase.""" 21 | @classmethod 22 | def setUpClass(cls): 23 | """Load source files (encoded and decoded version) for tests.""" 24 | with open(INPUT, 'r') as data: 25 | cls.input = data.read() 26 | with open(OUTPUT, 'r') as data: 27 | cls.output = data.read() 28 | 29 | def test_detect(self): 30 | """Test detect() function.""" 31 | def detected(source): return self.assertTrue(detect(source)) 32 | 33 | detected(self.input) 34 | 35 | def test_unpack(self): 36 | """Test unpack() function.""" 37 | def check(inp, out): return self.assertEqual(unpack(inp), out) 38 | 39 | check(self.input, self.output) 40 | 41 | 42 | if __name__ == '__main__': 43 | unittest.main() 44 | -------------------------------------------------------------------------------- /jsbeautifier/jsbeautifier/unpackers/tests/testpacker.py: -------------------------------------------------------------------------------- 1 | # 2 | # written by Stefano Sanfilippo 3 | # 4 | 5 | """Tests for P.A.C.K.E.R. unpacker.""" 6 | 7 | import unittest 8 | from jsbeautifier.unpackers.packer import detect, unpack 9 | 10 | # pylint: disable=R0904 11 | 12 | 13 | class TestPacker(unittest.TestCase): 14 | """P.A.C.K.E.R. testcase.""" 15 | 16 | def test_detect(self): 17 | """Test detect() function.""" 18 | def positive(source): return self.assertTrue(detect(source)) 19 | 20 | def negative(source): return self.assertFalse(detect(source)) 21 | 22 | negative('') 23 | negative('var a = b') 24 | positive('eval(function(p,a,c,k,e,r') 25 | positive('eval ( function(p, a, c, k, e, r') 26 | 27 | def test_unpack(self): 28 | """Test unpack() function.""" 29 | def check(inp, out): 30 | return detect(inp) and self.assertEqual(unpack(inp), out) 31 | 32 | check("eval(function(p,a,c,k,e,r){e=String;if(!''.replace(/^/,String)" 33 | "){while(c--)r[c]=k[c]||c;k=[function(e){return r[e]}];e=" 34 | "function(){return'\\\\w+'};c=1};while(c--)if(k[c])p=p.replace(" 35 | "new RegExp('\\\\b'+e(c)+'\\\\b','g'),k[c]);return p}('0 2=1'," 36 | "62,3,'var||a'.split('|'),0,{}))", 'var a=1') 37 | check("function test (){alert ('This is a test!')}; " 38 | "eval(function(p,a,c,k,e,r){e=String;if(!''.replace(/^/,String))" 39 | "{while(c--)r[c]=k[c]||c;k=[function(e){return r[e]}];e=function" 40 | "(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp(" 41 | "'\\b'+e(c)+'\\b','g'),k[c]);return p}('0 2=1',3,3," 42 | "'var||a'.split('|'),0,{}))", 43 | "function test (){alert ('This is a test!')}; var a=1") 44 | 45 | 46 | if __name__ == '__main__': 47 | unittest.main() 48 | -------------------------------------------------------------------------------- /jsbeautifier/jsbeautifier/unpackers/tests/testurlencode.py: -------------------------------------------------------------------------------- 1 | # 2 | # written by Stefano Sanfilippo 3 | # 4 | 5 | """Tests for urlencoded unpacker.""" 6 | 7 | import unittest 8 | 9 | from jsbeautifier.unpackers.urlencode import detect, unpack 10 | 11 | # pylint: disable=R0904 12 | 13 | 14 | class TestUrlencode(unittest.TestCase): 15 | """urlencode test case.""" 16 | 17 | def test_detect(self): 18 | """Test detect() function.""" 19 | def encoded(source): return self.assertTrue(detect(source)) 20 | 21 | def unencoded(source): return self.assertFalse(detect(source)) 22 | 23 | unencoded('') 24 | unencoded('var a = b') 25 | encoded('var%20a+=+b') 26 | encoded('var%20a=b') 27 | encoded('var%20%21%22') 28 | 29 | def test_unpack(self): 30 | """Test unpack function.""" 31 | def equals( 32 | source, 33 | result): return self.assertEqual( 34 | unpack(source), 35 | result) 36 | 37 | equals('', '') 38 | equals('abcd', 'abcd') 39 | equals('var a = b', 'var a = b') 40 | equals('var%20a=b', 'var a=b') 41 | equals('var%20a+=+b', 'var a = b') 42 | 43 | 44 | if __name__ == '__main__': 45 | unittest.main() 46 | -------------------------------------------------------------------------------- /jsbeautifier/jsbeautifier/unpackers/urlencode.py: -------------------------------------------------------------------------------- 1 | # 2 | # Trivial bookmarklet/escaped script detector for the javascript beautifier 3 | # written by Einar Lielmanis 4 | # rewritten in Python by Stefano Sanfilippo 5 | # 6 | # Will always return valid javascript: if `detect()` is false, `code` is 7 | # returned, unmodified. 8 | # 9 | # usage: 10 | # 11 | # some_string = urlencode.unpack(some_string) 12 | # 13 | 14 | """Bookmarklet/escaped script unpacker.""" 15 | 16 | # Python 2 retrocompatibility 17 | # pylint: disable=F0401 18 | # pylint: disable=E0611 19 | try: 20 | from urllib import unquote_plus 21 | except ImportError: 22 | from urllib.parse import unquote_plus 23 | 24 | PRIORITY = 0 25 | 26 | 27 | def detect(code): 28 | """Detects if a scriptlet is urlencoded.""" 29 | # the fact that script doesn't contain any space, but has %20 instead 30 | # should be sufficient check for now. 31 | return ' ' not in code and ('%20' in code or code.count('%') > 3) 32 | 33 | 34 | def unpack(code): 35 | """URL decode `code` source string.""" 36 | return unquote_plus(code) if detect(code) else code 37 | -------------------------------------------------------------------------------- /jsbeautifier/setup.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | import os 4 | import sys 5 | 6 | from setuptools import setup 7 | from jsbeautifier.__version__ import __version__ 8 | 9 | from setuptools.command.test import test as TestCommand 10 | 11 | DIR = 'jsbeautifier/tests/' 12 | 13 | 14 | class PyTest(TestCommand): 15 | user_options = [('pytest-args=', 'a', "Arguments to pass to py.test")] 16 | 17 | def initialize_options(self): 18 | TestCommand.initialize_options(self) 19 | self.pytest_args = ['--assert=plain'] + [DIR + \ 20 | x for x in os.listdir(DIR) if x.endswith('.py') and x[0] not in '._'] 21 | 22 | def run_tests(self): 23 | # import here, cause outside the eggs aren't loaded 24 | import pytest 25 | errno = pytest.main(self.pytest_args) 26 | sys.exit(errno) 27 | 28 | 29 | setup(name='jsbeautifier', 30 | version=__version__, 31 | description='JavaScript unobfuscator and beautifier.', 32 | long_description=('Beautify, unpack or deobfuscate JavaScript. ' 33 | 'Handles popular online obfuscators.'), 34 | author='Liam Newman, Einar Lielmanis, et al.', 35 | author_email='team@beautifier.io', 36 | url='https://beautifier.io', 37 | entry_points={ 38 | 'console_scripts': [ 39 | 'js-beautify = jsbeautifier:main' 40 | ] 41 | }, 42 | packages=['jsbeautifier', 43 | 'jsbeautifier.tests', 'jsbeautifier.tests.generated', 44 | 'jsbeautifier.core', 45 | 'jsbeautifier.javascript', 46 | 'jsbeautifier.unpackers', 'jsbeautifier.unpackers.tests'], 47 | install_requires=["six>=1.6.1", "editorconfig>=0.12.0"], 48 | license='MIT', 49 | test_suite='pytest.collector', 50 | cmdclass={'test': PyTest}, 51 | 52 | ) 53 | -------------------------------------------------------------------------------- /jsbeautifier/test-perf-cssbeautifier.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding: utf-8 -*- 3 | 4 | import io 5 | import os 6 | import copy 7 | import cssbeautifier 8 | options = cssbeautifier.default_options() 9 | options.wrap_line_length = 80 10 | data = '' 11 | 12 | 13 | def beautifier_test_github_css(): 14 | cssbeautifier.beautify(data, options) 15 | 16 | 17 | def report_perf(fn): 18 | import timeit 19 | iter = 5 20 | time = timeit.timeit( 21 | fn + 22 | "()", 23 | setup="from __main__ import " + 24 | fn + 25 | "; gc.enable()", 26 | number=iter) 27 | print(fn + ": " + str(iter / time) + " cycles/sec") 28 | 29 | 30 | if __name__ == '__main__': 31 | dirname = os.path.dirname(os.path.abspath(__file__)) 32 | github_file = os.path.join( 33 | dirname, "../", "test/resources/github.css") 34 | data = copy.copy(''.join(io.open(github_file).readlines())) 35 | 36 | # warm up 37 | beautifier_test_github_css() 38 | 39 | report_perf("beautifier_test_github_css") 40 | -------------------------------------------------------------------------------- /jsbeautifier/test-perf-jsbeautifier.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding: utf-8 -*- 3 | 4 | import io 5 | import os 6 | import copy 7 | import jsbeautifier 8 | options = jsbeautifier.default_options() 9 | options.wrap_line_length = 80 10 | data = '' 11 | data_min = '' 12 | 13 | 14 | def beautifier_test_underscore(): 15 | jsbeautifier.beautify(data, options) 16 | 17 | 18 | def beautifier_test_underscore_min(): 19 | jsbeautifier.beautify(data_min, options) 20 | 21 | def beautifier_test_github_min(): 22 | jsbeautifier.beautify(github_min, options) 23 | 24 | 25 | def report_perf(fn): 26 | import timeit 27 | iter = 5 28 | time = timeit.timeit( 29 | fn + 30 | "()", 31 | setup="from __main__ import " + 32 | fn + 33 | "; gc.enable()", 34 | number=iter) 35 | print(fn + ": " + str(iter / time) + " cycles/sec") 36 | 37 | 38 | if __name__ == '__main__': 39 | dirname = os.path.dirname(os.path.abspath(__file__)) 40 | underscore_file = os.path.join( 41 | dirname, "../", "test/resources/underscore.js") 42 | underscore_min_file = os.path.join( 43 | dirname, "../", "test/resources/underscore-min.js") 44 | github_min_file = os.path.join( 45 | dirname, "../", "test/resources/github-min.js") 46 | data = copy.copy(''.join(io.open(underscore_file).readlines())) 47 | data_min = copy.copy(''.join(io.open(underscore_min_file).readlines())) 48 | github_min = copy.copy(''.join(io.open(github_min_file, encoding="UTF-8").readlines())) 49 | 50 | # warm up 51 | beautifier_test_underscore() 52 | beautifier_test_underscore_min() 53 | beautifier_test_github_min() 54 | 55 | report_perf("beautifier_test_underscore") 56 | report_perf("beautifier_test_underscore_min") 57 | report_perf("beautifier_test_github_min") 58 | -------------------------------------------------------------------------------- /maltype.py: -------------------------------------------------------------------------------- 1 | import string 2 | import re 3 | 4 | class Maltype: 5 | 6 | files = [] # Store all the file names that are of the same maltype 7 | rule = "" # Store the rule 8 | maltype_num = 0 9 | 10 | def __init__(self, f, num): 11 | self.files = [] 12 | self.files.append(f); 13 | self.maltype_num = num; 14 | 15 | def remove_file(self, f): 16 | self.files.remove(f); 17 | 18 | def add_file(self, f): 19 | self.files.append(f); 20 | 21 | def get_maltype_num(self): 22 | return self.maltype_num 23 | 24 | def get_files(self): 25 | return self.files 26 | 27 | def set_rule(self, rule): 28 | self.rule = rule 29 | 30 | def get_rule(self): 31 | return self.rule 32 | 33 | def count_rule_string(self, rule): 34 | return len(re.findall("\$string", str(rule))) 35 | -------------------------------------------------------------------------------- /maltype.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/maltype.pyc -------------------------------------------------------------------------------- /malwebsites.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/malwebsites.pyc -------------------------------------------------------------------------------- /mechanize/__init__.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/mechanize/__init__.pyc -------------------------------------------------------------------------------- /mechanize/_auth.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/mechanize/_auth.pyc -------------------------------------------------------------------------------- /mechanize/_clientcookie.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/mechanize/_clientcookie.pyc -------------------------------------------------------------------------------- /mechanize/_debug.py: -------------------------------------------------------------------------------- 1 | from __future__ import absolute_import 2 | 3 | import logging 4 | 5 | from ._response import response_seek_wrapper 6 | from ._urllib2_fork import BaseHandler 7 | 8 | 9 | class HTTPResponseDebugProcessor(BaseHandler): 10 | handler_order = 900 # before redirections, after everything else 11 | 12 | def http_response(self, request, response): 13 | if not hasattr(response, "seek"): 14 | response = response_seek_wrapper(response) 15 | info = logging.getLogger("mechanize.http_responses").info 16 | try: 17 | info(response.read()) 18 | finally: 19 | response.seek(0) 20 | info("*****************************************************") 21 | return response 22 | 23 | https_response = http_response 24 | 25 | 26 | class HTTPRedirectDebugProcessor(BaseHandler): 27 | 28 | def http_request(self, request): 29 | if hasattr(request, "redirect_dict"): 30 | # info = logging.getLogger("mechanize.http_redirects").info 31 | # info("redirecting to %s", request.get_full_url()) 32 | info = logging.getLogger("mechanize.http_redirects").info 33 | info("redirecting from %s to %s", request.get_origin_req_host(), request.get_full_url()) 34 | return request 35 | -------------------------------------------------------------------------------- /mechanize/_debug.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/mechanize/_debug.pyc -------------------------------------------------------------------------------- /mechanize/_entities.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/mechanize/_entities.pyc -------------------------------------------------------------------------------- /mechanize/_equiv.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/mechanize/_equiv.pyc -------------------------------------------------------------------------------- /mechanize/_form.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/mechanize/_form.pyc -------------------------------------------------------------------------------- /mechanize/_form_controls.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/mechanize/_form_controls.pyc -------------------------------------------------------------------------------- /mechanize/_gzip.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/mechanize/_gzip.pyc -------------------------------------------------------------------------------- /mechanize/_headersutil.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/mechanize/_headersutil.pyc -------------------------------------------------------------------------------- /mechanize/_html.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/mechanize/_html.pyc -------------------------------------------------------------------------------- /mechanize/_http.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/mechanize/_http.pyc -------------------------------------------------------------------------------- /mechanize/_mechanize.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/mechanize/_mechanize.pyc -------------------------------------------------------------------------------- /mechanize/_opener.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/mechanize/_opener.pyc -------------------------------------------------------------------------------- /mechanize/_redirection.py: -------------------------------------------------------------------------------- 1 | import os,sys 2 | parentdir = os.path.dirname(__file__) 3 | sys.path.insert(0,parentdir) 4 | import executemechanize 5 | 6 | class redirection: 7 | 8 | def createarray(self): 9 | setattr(self, "redirection_list", []) 10 | 11 | def appendurl(self, url): 12 | url = str(url) 13 | if not url.endswith(".js") or url.endswith(".json"): 14 | self.redirection_list.append(url); 15 | self.passarray() 16 | 17 | def passarray(self): 18 | executemechanize.set_redirection_list(self.redirection_list) 19 | -------------------------------------------------------------------------------- /mechanize/_redirection.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/mechanize/_redirection.pyc -------------------------------------------------------------------------------- /mechanize/_request.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/mechanize/_request.pyc -------------------------------------------------------------------------------- /mechanize/_response.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/mechanize/_response.pyc -------------------------------------------------------------------------------- /mechanize/_rfc3986.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/mechanize/_rfc3986.pyc -------------------------------------------------------------------------------- /mechanize/_sockettimeout.py: -------------------------------------------------------------------------------- 1 | from __future__ import absolute_import 2 | import socket 3 | 4 | try: 5 | _GLOBAL_DEFAULT_TIMEOUT = socket._GLOBAL_DEFAULT_TIMEOUT 6 | except AttributeError: 7 | _GLOBAL_DEFAULT_TIMEOUT = object() 8 | -------------------------------------------------------------------------------- /mechanize/_sockettimeout.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/mechanize/_sockettimeout.pyc -------------------------------------------------------------------------------- /mechanize/_urllib2.py: -------------------------------------------------------------------------------- 1 | from __future__ import absolute_import 2 | # urllib2 work-alike interface 3 | # ...from urllib2... 4 | from .polyglot import HTTPError, URLError 5 | 6 | # ...and from mechanize 7 | from ._auth import HTTPProxyPasswordMgr, HTTPSClientCertMgr 8 | from ._debug import HTTPRedirectDebugProcessor, HTTPResponseDebugProcessor 9 | from ._http import (HTTPEquivProcessor, HTTPRefererProcessor, 10 | HTTPRefreshProcessor, HTTPRobotRulesProcessor, 11 | RobotExclusionError) 12 | from ._opener import (OpenerDirector, SeekableResponseOpener, build_opener, 13 | install_opener, urlopen) 14 | from ._request import Request 15 | # crap ATM 16 | # from _gzip import \ 17 | # HTTPGzipProcessor 18 | from ._urllib2_fork import ( 19 | AbstractBasicAuthHandler, AbstractDigestAuthHandler, BaseHandler, 20 | CacheFTPHandler, FileHandler, FTPHandler, HTTPBasicAuthHandler, 21 | HTTPCookieProcessor, HTTPDefaultErrorHandler, HTTPDigestAuthHandler, 22 | HTTPErrorProcessor, HTTPHandler, HTTPPasswordMgr, 23 | HTTPPasswordMgrWithDefaultRealm, HTTPRedirectHandler, HTTPSHandler, 24 | ProxyBasicAuthHandler, ProxyDigestAuthHandler, ProxyHandler, 25 | UnknownHandler) 26 | __all__ = [ 27 | 'URLError', 28 | 'HTTPError', 29 | 'HTTPSClientCertMgr', 30 | 'HTTPProxyPasswordMgr', 31 | 'HTTPRedirectDebugProcessor', 32 | 'HTTPRobotRulesProcessor', 33 | 'HTTPResponseDebugProcessor', 34 | 'HTTPRefreshProcessor', 35 | 'HTTPRefererProcessor', 36 | 'HTTPEquivProcessor', 37 | 'RobotExclusionError', 38 | 'OpenerDirector', 39 | 'build_opener', 40 | 'SeekableResponseOpener', 41 | 'install_opener', 42 | 'urlopen', 43 | 'Request', 44 | 'HTTPHandler', 45 | 'HTTPSHandler', 46 | 'AbstractBasicAuthHandler', 47 | 'ProxyHandler', 48 | 'HTTPDefaultErrorHandler', 49 | 'ProxyDigestAuthHandler', 50 | 'HTTPDigestAuthHandler', 51 | 'FTPHandler', 52 | 'HTTPPasswordMgrWithDefaultRealm', 53 | 'CacheFTPHandler', 54 | 'HTTPErrorProcessor', 55 | 'AbstractDigestAuthHandler', 56 | 'HTTPRedirectHandler', 57 | 'UnknownHandler', 58 | 'HTTPCookieProcessor', 59 | 'BaseHandler', 60 | 'HTTPBasicAuthHandler', 61 | 'ProxyBasicAuthHandler', 62 | 'HTTPPasswordMgr', 63 | 'FileHandler', 64 | ] 65 | -------------------------------------------------------------------------------- /mechanize/_urllib2.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/mechanize/_urllib2.pyc -------------------------------------------------------------------------------- /mechanize/_urllib2_fork.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/mechanize/_urllib2_fork.pyc -------------------------------------------------------------------------------- /mechanize/_useragent.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/mechanize/_useragent.pyc -------------------------------------------------------------------------------- /mechanize/_util.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/mechanize/_util.pyc -------------------------------------------------------------------------------- /mechanize/_version.py: -------------------------------------------------------------------------------- 1 | "0.4.0" 2 | __version__ = (0, 4, 0, None, None) 3 | -------------------------------------------------------------------------------- /mechanize/_version.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/mechanize/_version.pyc -------------------------------------------------------------------------------- /mechanize/polyglot.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/mechanize/polyglot.pyc -------------------------------------------------------------------------------- /normalize.py: -------------------------------------------------------------------------------- 1 | #! /usr/bin/env python 2 | 3 | 4 | import subprocess 5 | import sys, threading, Queue 6 | import os 7 | import string 8 | from time import gmtime, strftime 9 | import urllib2 10 | import urllib 11 | import re, time 12 | import optparse 13 | from itertools import groupby 14 | from operator import itemgetter 15 | import urlparse 16 | import os.path 17 | #import extract 18 | import imapfile 19 | import sys, logging 20 | 21 | 22 | 23 | 24 | def normalizeurl(url): ## this function normalizes the urls obtained from emails.txt files and writes them to crawler.txt. 25 | url = url.strip() 26 | if (url.endswith("/")): 27 | url=url[:-1] 28 | pass 29 | elif (url.endswith(".")): 30 | url=url[:-1] 31 | pass 32 | elif url.find('mailto')!= -1: 33 | url="invalid" 34 | elif url.find('javascript:void(0)')!= -1: 35 | url="invalid" 36 | elif url.find('#')!= -1: 37 | url="invalid" 38 | if url.find('.')== -1: 39 | url="invalid" 40 | elif url.startswith("/"): 41 | url="invalid" 42 | elif url.startswith("//"): 43 | url="invalid" 44 | elif url.startswith("./"): 45 | url="invalid" 46 | elif url.startswith("..//"): 47 | url="invalid" 48 | elif url.startswith("127.0.0.1"): 49 | url=url[10:] 50 | pass 51 | elif not (url.startswith("http://")) and not (url.startswith("https://")): #if url does not start with http:// it adds it 52 | url="http://"+url 53 | pass 54 | return url 55 | 56 | 57 | def normalizeurl2(url): ## this function normalizes the passed urls. 58 | url = url.strip() 59 | if not (url.startswith("http://")) and not (url.startswith("https://")): #if url does not start with http:// it adds it 60 | url="http://"+url 61 | pass 62 | elif url.find('\\')!= -1: 63 | url=url.replace('\\','') 64 | return url 65 | 66 | -------------------------------------------------------------------------------- /normalize.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/normalize.pyc -------------------------------------------------------------------------------- /req/v3.9.0.tar.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/v3.9.0.tar.gz -------------------------------------------------------------------------------- /req/v3.9.0.tar.gz.1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/v3.9.0.tar.gz.1 -------------------------------------------------------------------------------- /req/yara-3.9.0/.gitignore: -------------------------------------------------------------------------------- 1 | # Generic auto-generated build files 2 | *~ 3 | *.a 4 | *.la 5 | *.lai 6 | *.lo 7 | *.Plo 8 | *.Po 9 | *.o 10 | *.so 11 | *.so.[0-9][0-9]* 12 | *.so.[0-9][0-9]*.[0-9][0-9]*.[0-9][0-9]* 13 | *.Tpo 14 | *.m4 15 | *.dSYM 16 | .deps 17 | .libs 18 | INSTALL 19 | Makefile 20 | Makefile.in 21 | stamp-h1 22 | 23 | # Specific auto-generated build files 24 | /ABOUT-NLS 25 | /aclocal.m4 26 | /ar-lib 27 | /autom4te.cache/ 28 | /build-aux 29 | /compile 30 | /config.guess 31 | /config.h 32 | /config.h.in 33 | /config.log 34 | /config.rpath 35 | /config.status 36 | /config.sub 37 | /configure 38 | /depcomp 39 | /install-sh 40 | /libtool 41 | /ltmain.sh 42 | /missing 43 | /test-driver 44 | /ylwrap 45 | /m4 46 | !/m4/acx_pthread.m4 47 | 48 | # Project specific files 49 | /yara 50 | /yarac 51 | /libyara/modules/.dirstamp 52 | libyara/proc/.dirstamp 53 | libyara/yara.pc 54 | /tests/.dirstamp 55 | 56 | # Linux and Mac files 57 | *.swp 58 | .DS_Store 59 | 60 | # Files generated by tests 61 | test-alignment 62 | test-alignment.log 63 | test-alignment.trs 64 | test-api 65 | test-api.log 66 | test-api.trs 67 | test-atoms 68 | test-atoms.log 69 | test-atoms.trs 70 | test-bitmask 71 | test-bitmask.log 72 | test-bitmask.trs 73 | test-elf 74 | test-elf.log 75 | test-elf.trs 76 | test-exception 77 | test-exception.log 78 | test-exception.trs 79 | test-rules 80 | test-rules.log 81 | test-rules.trs 82 | test-suite.log 83 | test-pe 84 | test-pe.log 85 | test-pe.trs 86 | test-macho 87 | test-macho.log 88 | test-macho.trs 89 | test-math 90 | test-math.log 91 | test-math.trs 92 | test-version 93 | test-version.log 94 | test-version.trs 95 | 96 | # Visual Studio files 97 | Release/ 98 | Debug/ 99 | windows/*/.vs 100 | x64/ 101 | *.obj 102 | *.suo 103 | *.sdf 104 | *.opendb 105 | *.opensdf 106 | *.VC.db 107 | 108 | # NuGet 109 | windows/*/packages/ 110 | *.trs 111 | *.log -------------------------------------------------------------------------------- /req/yara-3.9.0/AUTHORS: -------------------------------------------------------------------------------- 1 | # This is the official list of YARA authors for copyright purposes. 2 | # This file is distinct from the CONTRIBUTORS files. 3 | # See the latter for an explanation. 4 | 5 | # Names should be added to this file as 6 | # Name or Organization 7 | # The email address is not required for organizations. 8 | 9 | # Please keep the list sorted. 10 | 11 | Google Inc. 12 | Hilko Bengen 13 | Joachim Metz 14 | Stefan Buehlmann 15 | Victor M. Alvarez ; 16 | Wesley Shields 17 | -------------------------------------------------------------------------------- /req/yara-3.9.0/CONTRIBUTORS: -------------------------------------------------------------------------------- 1 | # This is the official list of people who can contribute 2 | # (and typically have contributed) code to the YARA repository. 3 | # The AUTHORS file lists the copyright holders; this file 4 | # lists people. For example, Google employees are listed here 5 | # but not in AUTHORS, because Google holds the copyright. 6 | # 7 | # The submission process automatically checks to make sure 8 | # that people submitting code are listed in this file (by email address). 9 | # 10 | # Names should be added to this file only after verifying that 11 | # the individual or the individual's organization has agreed to 12 | # the appropriate Contributor License Agreement, found here: 13 | # 14 | # http://code.google.com/legal/individual-cla-v1.0.html 15 | # http://code.google.com/legal/corporate-cla-v1.0.html 16 | # 17 | # The agreement for individuals can be filled out on the web. 18 | # 19 | # When adding J Random Contributor's name to this file, 20 | # either J's name or J's organization's name should be 21 | # added to the AUTHORS file, depending on whether the 22 | # individual or corporate CLA was used. 23 | 24 | # Names should be added to this file like so: 25 | # Name 26 | 27 | # Please keep the list sorted. 28 | 29 | Anthony Desnos 30 | Christian Blichmann 31 | Hilko Bengen 32 | Joachim Metz 33 | Karl Hiramoto 34 | Mike Wiacek 35 | Shane Huntley 36 | Stefan Buehlmann 37 | Victor M. Alvarez ; 38 | Wesley Shields 39 | -------------------------------------------------------------------------------- /req/yara-3.9.0/COPYING: -------------------------------------------------------------------------------- 1 | Copyright (c) 2007-2016. The YARA Authors. All Rights Reserved. 2 | 3 | Redistribution and use in source and binary forms, with or without modification, 4 | are permitted provided that the following conditions are met: 5 | 6 | 1. Redistributions of source code must retain the above copyright notice, this 7 | list of conditions and the following disclaimer. 8 | 9 | 2. Redistributions in binary form must reproduce the above copyright notice, 10 | this list of conditions and the following disclaimer in the documentation and/or 11 | other materials provided with the distribution. 12 | 13 | 3. Neither the name of the copyright holder nor the names of its contributors 14 | may be used to endorse or promote products derived from this software without 15 | specific prior written permission. 16 | 17 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 18 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 19 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 20 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 21 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 22 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 23 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 24 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 25 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 26 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 | -------------------------------------------------------------------------------- /req/yara-3.9.0/Makefile.am: -------------------------------------------------------------------------------- 1 | AM_CFLAGS=-std=gnu99 -Wall -I$(srcdir)/libyara/include 2 | 3 | if DEBUG 4 | AM_CFLAGS+=-g 5 | endif 6 | 7 | if OPTIMIZATION 8 | AM_CFLAGS+=-O3 9 | else 10 | AM_CFLAGS+=-O0 11 | endif 12 | 13 | if ADDRESS_SANITIZER 14 | AM_CFLAGS+=-fsanitize=address 15 | endif 16 | 17 | # Build the library in the hand subdirectory first. 18 | SUBDIRS = libyara 19 | DIST_SUBDIRS = libyara 20 | 21 | ACLOCAL_AMFLAGS=-I m4 22 | 23 | bin_PROGRAMS = yara yarac 24 | 25 | yara_SOURCES = args.c args.h common.h threading.c threading.h yara.c 26 | yara_LDADD = -Llibyara/.libs -lyara 27 | 28 | yarac_SOURCES = args.c args.h common.h yarac.c 29 | yarac_LDADD = -Llibyara/.libs -lyara 30 | 31 | test_alignment_SOURCES = tests/test-alignment.c 32 | test_atoms_SOURCES = tests/test-atoms.c tests/util.c libyara/atoms.c 33 | test_atoms_LDADD = libyara/.libs/libyara.a 34 | test_rules_SOURCES = tests/test-rules.c tests/util.c 35 | test_rules_LDADD = libyara/.libs/libyara.a 36 | test_pe_SOURCES = tests/test-pe.c tests/util.c 37 | test_pe_LDADD = libyara/.libs/libyara.a 38 | test_elf_SOURCES = tests/test-elf.c tests/util.c 39 | test_elf_LDADD = libyara/.libs/libyara.a 40 | test_version_SOURCES = tests/test-version.c 41 | test_api_LDADD = libyara/.libs/libyara.a 42 | test_api_SOURCES = tests/test-api.c tests/util.c 43 | test_bitmask_SOURCES = tests/test-bitmask.c 44 | test_bitmask_LDADD = libyara/.libs/libyara.a 45 | test_math_SOURCES = tests/test-math.c tests/util.c 46 | test_math_LDADD = libyara/.libs/libyara.a 47 | test_stack_SOURCES = tests/test-stack.c 48 | test_stack_LDADD = libyara/.libs/libyara.a 49 | 50 | TESTS = $(check_PROGRAMS) 51 | TESTS_ENVIRONMENT = TOP_SRCDIR=$(top_srcdir) 52 | 53 | check_PROGRAMS = test-alignment \ 54 | test-atoms \ 55 | test-api \ 56 | test-rules \ 57 | test-pe \ 58 | test-elf \ 59 | test-version \ 60 | test-bitmask \ 61 | test-math \ 62 | test-stack 63 | 64 | if POSIX 65 | # The -fsanitize=address option makes test-exception fail. Include the test 66 | # only if the option is not enabled. 67 | if !ADDRESS_SANITIZER 68 | check_PROGRAMS+=test-exception 69 | test_exception_SOURCES = tests/test-exception.c tests/util.c 70 | test_exception_LDADD = libyara/.libs/libyara.a 71 | endif 72 | endif 73 | 74 | if MACHO_MODULE 75 | check_PROGRAMS+=test-macho 76 | test_macho_SOURCES = tests/test-macho.c tests/util.c 77 | test_macho_LDADD = libyara/.libs/libyara.a 78 | endif 79 | 80 | if DEX_MODULE 81 | check_PROGRAMS+=test-dex 82 | test_dex_SOURCES = tests/test-dex.c tests/util.c 83 | test_dex_LDADD = libyara/.libs/libyara.a 84 | endif 85 | 86 | # man pages 87 | man1_MANS = yara.man yarac.man 88 | 89 | EXTRA_DIST = $(man1_MANS) README.md bootstrap.sh 90 | -------------------------------------------------------------------------------- /req/yara-3.9.0/appveyor.yml: -------------------------------------------------------------------------------- 1 | # AppVeyor CI for Windows 2 | 3 | version: 3.9.0-{build} 4 | 5 | pull_requests: 6 | do_not_increment_build_number: true 7 | 8 | environment: 9 | matrix: 10 | - TARGET: vs2015 11 | APPVEYOR_BUILD_WORKER_IMAGE: Visual Studio 2015 12 | VisualStudioVersion: 14.0 13 | configuration: Release 14 | platform: x86 15 | - TARGET: vs2015 16 | APPVEYOR_BUILD_WORKER_IMAGE: Visual Studio 2015 17 | VisualStudioVersion: 14.0 18 | configuration: Debug 19 | platform: x86 20 | - TARGET: vs2015 21 | APPVEYOR_BUILD_WORKER_IMAGE: Visual Studio 2015 22 | VisualStudioVersion: 14.0 23 | platform: x64 24 | configuration: Release 25 | - TARGET: vs2015 26 | APPVEYOR_BUILD_WORKER_IMAGE: Visual Studio 2015 27 | VisualStudioVersion: 14.0 28 | platform: x64 29 | configuration: Debug 30 | - TARGET: cygwin 31 | 32 | for: 33 | - 34 | matrix: 35 | only: 36 | - TARGET: cygwin 37 | 38 | build_script: 39 | - cmd: C:\cygwin64\bin\bash -e -l -c "cd c:/projects/yara && ./build.sh" 40 | 41 | test_script: 42 | - cmd: C:\cygwin64\bin\bash -e -l -c "cd c:/projects/yara && make check" 43 | 44 | - 45 | matrix: 46 | only: 47 | - TARGET: vs2015 48 | 49 | before_build: 50 | - ps: nuget restore windows/vs2015/yara.sln 51 | 52 | build: 53 | project: windows/vs2015/yara.sln 54 | verbosity: minimal 55 | 56 | artifacts: 57 | - path: windows\**\*.exe 58 | 59 | test: off 60 | 61 | # Uncomment the lines below for enabling Remote Desktop in the Appveyor. This 62 | # allows connecting to the remote machine and debug issues. 63 | # on_finish: 64 | # - ps: $blockRdp = $true; iex ((new-object net.webclient).DownloadString('https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-rdp.ps1')) 65 | -------------------------------------------------------------------------------- /req/yara-3.9.0/bootstrap.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | autoreconf --force --install 3 | -------------------------------------------------------------------------------- /req/yara-3.9.0/build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | ./bootstrap.sh 3 | ./configure 4 | make -------------------------------------------------------------------------------- /req/yara-3.9.0/dist/yara-python.spec: -------------------------------------------------------------------------------- 1 | %define name yara-python 2 | %define version 3.2.0 3 | %define unmangled_version 3.2.0 4 | %define release 1 5 | 6 | Summary: Python bindings for YARA malware research tool 7 | Name: %{name} 8 | Version: %{version} 9 | Release: %{release} 10 | Source0: %{name}-%{unmangled_version}.tar.gz 11 | License: Apache License 2.0 12 | Group: Development/Libraries 13 | BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot 14 | Prefix: %{_prefix} 15 | Vendor: Victor M. Alvarez 16 | BuildRequires: gcc python-devel 17 | BuildRequires: libyara-devel 18 | 19 | %description 20 | YARA is a tool aimed at (but not limited to) helpingmalware researchers to identify and classify malwaresamples. With YARA you can create descriptions of malware families (or whatever you want to describe)based on textual or binary patterns. 21 | 22 | %prep 23 | %setup -n %{name}-%{unmangled_version} 24 | 25 | %build 26 | env CFLAGS="$RPM_OPT_FLAGS" python setup.py build 27 | 28 | %install 29 | python setup.py install -O1 --root=$RPM_BUILD_ROOT --record=INSTALLED_FILES 30 | 31 | %clean 32 | rm -rf $RPM_BUILD_ROOT 33 | 34 | %files -f INSTALLED_FILES 35 | %defattr(-,root,root) 36 | -------------------------------------------------------------------------------- /req/yara-3.9.0/docs/index.rst: -------------------------------------------------------------------------------- 1 | .. yara documentation master file, created by 2 | sphinx-quickstart on Tue Jul 8 11:04:03 2014. 3 | You can adapt this file completely to your liking, but it should at least 4 | contain the root `toctree` directive. 5 | 6 | Welcome to YARA's documentation! 7 | ================================ 8 | 9 | YARA is a tool aimed at (but not limited to) helping malware researchers to 10 | identify and classify malware samples. With YARA you can create descriptions of malware families (or whatever you want to describe) based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strings and a 11 | boolean expression which determine its logic. Let's see an example: 12 | 13 | .. code-block:: yara 14 | 15 | rule silent_banker : banker 16 | { 17 | meta: 18 | description = "This is just an example" 19 | thread_level = 3 20 | in_the_wild = true 21 | strings: 22 | $a = {6A 40 68 00 30 00 00 6A 14 8D 91} 23 | $b = {8D 4D B0 2B C1 83 C0 27 99 6A 4E 59 F7 F9} 24 | $c = "UVODFRYSIHLNWPEJXQZAKCBGMT" 25 | condition: 26 | $a or $b or $c 27 | } 28 | 29 | The above rule is telling YARA that any file containing one of the three strings 30 | must be reported as silent_banker. This is just a simple example, more complex 31 | and powerful rules can be created by using wild-cards, case-insensitive strings, regular expressions, special operators and many other features that you'll find explained in this documentation. 32 | 33 | Contents: 34 | 35 | .. toctree:: 36 | :maxdepth: 3 37 | 38 | gettingstarted 39 | writingrules 40 | modules 41 | writingmodules 42 | commandline 43 | yarapython 44 | capi 45 | 46 | 47 | 48 | -------------------------------------------------------------------------------- /req/yara-3.9.0/docs/modules.rst: -------------------------------------------------------------------------------- 1 | ******* 2 | Modules 3 | ******* 4 | 5 | Modules are the method YARA provides for extending its features. They allow you 6 | to define data structures and functions which can be used in your rules to 7 | express more complex conditions. Here you'll find described some modules 8 | officially distributed with YARA, but you can also learn how to write your own 9 | modules in the :ref:`writing-modules` section. 10 | 11 | 12 | .. toctree:: 13 | :maxdepth: 3 14 | 15 | PE 16 | ELF 17 | Cuckoo 18 | Magic 19 | Hash 20 | Math 21 | Dotnet 22 | Time 23 | 24 | 25 | 26 | -------------------------------------------------------------------------------- /req/yara-3.9.0/docs/modules/hash.rst: -------------------------------------------------------------------------------- 1 | 2 | .. _hash-module: 3 | 4 | ########### 5 | Hash module 6 | ########### 7 | 8 | .. versionadded:: 3.2.0 9 | 10 | The Hash module allows you to calculate hashes (MD5, SHA1, SHA256) from portions 11 | of your file and create signatures based on those hashes. 12 | 13 | .. important:: 14 | This module depends on the OpenSSL library. Please refer to 15 | :ref:`compiling-yara` for information about how to build OpenSSL-dependant 16 | features into YARA. 17 | 18 | Good news for Windows users: this module is already included in the official 19 | Windows binaries. 20 | 21 | .. c:function:: md5(offset, size) 22 | 23 | Returns the MD5 hash for *size* bytes starting at *offset*. When scanning a 24 | running process the *offset* argument should be a virtual address within 25 | the process address space. The returned string is always in lowercase. 26 | 27 | *Example: hash.md5(0, filesize) == "feba6c919e3797e7778e8f2e85fa033d"* 28 | 29 | .. c:function:: md5(string) 30 | 31 | Returns the MD5 hash for the given string. 32 | 33 | *Example: hash.md5("dummy") == "275876e34cf609db118f3d84b799a790"* 34 | 35 | .. c:function:: sha1(offset, size) 36 | 37 | Returns the SHA1 hash for the *size* bytes starting at *offset*. When 38 | scanning a running process the *offset* argument should be a virtual address 39 | within the process address space. The returned string is always in 40 | lowercase. 41 | 42 | .. c:function:: sha1(string) 43 | 44 | Returns the SHA1 hash for the given string. 45 | 46 | .. c:function:: sha256(offset, size) 47 | 48 | Returns the SHA256 hash for the *size* bytes starting at *offset*. When 49 | scanning a running process the *offset* argument should be a virtual address 50 | within the process address space. The returned string is always in 51 | lowercase. 52 | 53 | .. c:function:: sha256(string) 54 | 55 | Returns the SHA256 hash for the given string. 56 | 57 | .. c:function:: checksum32(offset, size) 58 | 59 | Returns a 32-bit checksum for the *size* bytes starting at *offset*. The 60 | checksum is just the sum of all the bytes (unsigned). 61 | 62 | .. c:function:: checksum32(string) 63 | 64 | Returns a 32-bit checksum for the given string. The checksum is just the 65 | sum of all the bytes in the string (unsigned). 66 | 67 | -------------------------------------------------------------------------------- /req/yara-3.9.0/docs/modules/magic.rst: -------------------------------------------------------------------------------- 1 | 2 | .. _magic-module: 3 | 4 | ############ 5 | Magic module 6 | ############ 7 | 8 | .. versionadded:: 3.1.0 9 | 10 | The Magic module allows you to identify the type of the file based on the 11 | output of `file `_, the standard 12 | Unix command. 13 | 14 | .. important:: 15 | This module is not built into YARA by default, to learn how to include it 16 | refer to :ref:`compiling-yara`. Bad news for Windows users: **this module is 17 | not supported on Windows**. 18 | 19 | There are two functions in this module: :c:func:`type` and :c:func:`mime_type`. 20 | The first one returns the descriptive string returned by *file*, for example, 21 | if you run *file* against some PDF document you'll get something like this:: 22 | 23 | $file some.pdf 24 | some.pdf: PDF document, version 1.5 25 | 26 | The :c:func:`type` function would return *"PDF document, version 1.5"* in this 27 | case. Using the :c:func:`mime_type` function is similar to passing the 28 | ``--mime`` argument to *file*.:: 29 | 30 | $file --mime some.pdf 31 | some.pdf: application/pdf; charset=binary 32 | 33 | 34 | :c:func:`mime_type` would return *"application/pdf"*, without the charset part. 35 | 36 | By experimenting a little with the *file* command you can learn which output to 37 | expect for different file types. These are a few examples: 38 | 39 | * JPEG image data, JFIF standard 1.01 40 | * PE32 executable for MS Windows (GUI) Intel 80386 32-bit 41 | * PNG image data, 1240 x 1753, 8-bit/color RGBA, non-interlaced 42 | * ASCII text, with no line terminators 43 | * Zip archive data, at least v2.0 to extract 44 | 45 | 46 | 47 | .. c:function:: type() 48 | 49 | Function returning a string with the type of the file. 50 | 51 | *Example: magic.type() contains "PDF"* 52 | 53 | 54 | .. c:function:: mime_type() 55 | 56 | Function returning a string with the MIME type of the file. 57 | 58 | *Example: magic.mime_type() == "application/pdf"* 59 | -------------------------------------------------------------------------------- /req/yara-3.9.0/docs/modules/time.rst: -------------------------------------------------------------------------------- 1 | 2 | .. _time-module: 3 | 4 | ############ 5 | Time module 6 | ############ 7 | 8 | .. versionadded:: 3.7.0 9 | 10 | The Time module allows you to use temporal conditions in your YARA rules. 11 | 12 | .. c:function:: now() 13 | 14 | Function returning an integer which is the number of seconds since January 15 | 1, 1970. 16 | 17 | *Example: pe.timestamp > time.now()* 18 | -------------------------------------------------------------------------------- /req/yara-3.9.0/extra/TextMate-bundle.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/extra/TextMate-bundle.zip -------------------------------------------------------------------------------- /req/yara-3.9.0/extra/UltraEdit-wordfile.txt: -------------------------------------------------------------------------------- 1 | /L20"YARA rules" YARA_LANG Line Comment = // Block Comment On = /* Block Comment Off = */ Escape Char = \ String Chars = " File Extensions = YAR 2 | /Marker Characters = "//" 3 | /Delimiters = ~!@%^&*()-+=|\/{}[]<>:;"' , .? 4 | /Function String = "rule [a-zA-Z0-9_]*" 5 | /Indent Strings = "{" 6 | /Unindent Strings = "}" 7 | /Open Brace Strings = "{" "(" "[" 8 | /Close Brace Strings = "}" ")" "]" 9 | 10 | /C1"YARA Keywords" 11 | and at any all ascii 12 | condition contains 13 | entrypoint 14 | for false filesize fullword 15 | global 16 | is in include int8 int16 int32 17 | meta matches 18 | nocase not 19 | or of 20 | private 21 | rule rva 22 | section strings 23 | them true 24 | uint8 uint16 uint32 25 | wide 26 | 27 | /C4"YARA Strings" 28 | " 29 | // / 30 | 31 | 32 | 33 | 34 | -------------------------------------------------------------------------------- /req/yara-3.9.0/extra/codemirror/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | CodeMirror: YARA mode 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 26 | 27 |
28 |

YARA mode

29 |
30 | 42 |
43 | 53 |

MIME type: text/x-yara

54 |
55 | -------------------------------------------------------------------------------- /req/yara-3.9.0/extra/logo.ai: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/extra/logo.ai -------------------------------------------------------------------------------- /req/yara-3.9.0/extra/old-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/extra/old-logo.png -------------------------------------------------------------------------------- /req/yara-3.9.0/extra/old-logo.psd: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/extra/old-logo.psd -------------------------------------------------------------------------------- /req/yara-3.9.0/libyara/endian.c: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2017. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #include 31 | 32 | uint16_t _yr_bswap16(uint16_t x) 33 | { 34 | return (x >> 8 | x << 8); 35 | } 36 | 37 | uint32_t _yr_bswap32(uint32_t x) 38 | { 39 | return ((((x) & 0xff000000) >> 24) | (((x) & 0x00ff0000) >> 8) | 40 | (((x) & 0x0000ff00) << 8) | (((x) & 0x000000ff) << 24)); 41 | } 42 | 43 | uint64_t _yr_bswap64(uint64_t x) 44 | { 45 | return ((((x) & 0xff00000000000000ull) >> 56) 46 | | (((x) & 0x00ff000000000000ull) >> 40) 47 | | (((x) & 0x0000ff0000000000ull) >> 24) 48 | | (((x) & 0x000000ff00000000ull) >> 8) 49 | | (((x) & 0x00000000ff000000ull) << 8) 50 | | (((x) & 0x0000000000ff0000ull) << 24) 51 | | (((x) & 0x000000000000ff00ull) << 40) 52 | | (((x) & 0x00000000000000ffull) << 56)); 53 | } 54 | -------------------------------------------------------------------------------- /req/yara-3.9.0/libyara/hex_grammar.h: -------------------------------------------------------------------------------- 1 | /* A Bison parser, made by GNU Bison 3.0.5. */ 2 | 3 | /* Bison interface for Yacc-like parsers in C 4 | 5 | Copyright (C) 1984, 1989-1990, 2000-2015, 2018 Free Software Foundation, Inc. 6 | 7 | This program is free software: you can redistribute it and/or modify 8 | it under the terms of the GNU General Public License as published by 9 | the Free Software Foundation, either version 3 of the License, or 10 | (at your option) any later version. 11 | 12 | This program is distributed in the hope that it will be useful, 13 | but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | GNU General Public License for more details. 16 | 17 | You should have received a copy of the GNU General Public License 18 | along with this program. If not, see . */ 19 | 20 | /* As a special exception, you may create a larger work that contains 21 | part or all of the Bison parser skeleton and distribute that work 22 | under terms of your choice, so long as that work isn't itself a 23 | parser generator using the skeleton or a modified version thereof 24 | as a parser skeleton. Alternatively, if you modify or redistribute 25 | the parser skeleton itself, you may (at your option) remove this 26 | special exception, which will cause the skeleton and the resulting 27 | Bison output files to be licensed under the GNU General Public 28 | License without this special exception. 29 | 30 | This special exception was added by the Free Software Foundation in 31 | version 2.2 of Bison. */ 32 | 33 | #ifndef YY_HEX_YY_HEX_GRAMMAR_H_INCLUDED 34 | # define YY_HEX_YY_HEX_GRAMMAR_H_INCLUDED 35 | /* Debug traces. */ 36 | #ifndef YYDEBUG 37 | # define YYDEBUG 0 38 | #endif 39 | #if YYDEBUG 40 | extern int hex_yydebug; 41 | #endif 42 | 43 | /* Token type. */ 44 | #ifndef YYTOKENTYPE 45 | # define YYTOKENTYPE 46 | enum yytokentype 47 | { 48 | _BYTE_ = 258, 49 | _MASKED_BYTE_ = 259, 50 | _NUMBER_ = 260 51 | }; 52 | #endif 53 | /* Tokens. */ 54 | #define _BYTE_ 258 55 | #define _MASKED_BYTE_ 259 56 | #define _NUMBER_ 260 57 | 58 | /* Value type. */ 59 | #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED 60 | 61 | union YYSTYPE 62 | { 63 | #line 78 "hex_grammar.y" /* yacc.c:1916 */ 64 | 65 | int64_t integer; 66 | RE_NODE *re_node; 67 | 68 | #line 69 "hex_grammar.h" /* yacc.c:1916 */ 69 | }; 70 | 71 | typedef union YYSTYPE YYSTYPE; 72 | # define YYSTYPE_IS_TRIVIAL 1 73 | # define YYSTYPE_IS_DECLARED 1 74 | #endif 75 | 76 | 77 | 78 | int hex_yyparse (void *yyscanner, HEX_LEX_ENVIRONMENT *lex_env); 79 | 80 | #endif /* !YY_HEX_YY_HEX_GRAMMAR_H_INCLUDED */ 81 | -------------------------------------------------------------------------------- /req/yara-3.9.0/libyara/include/yara.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2007-2013. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef YR_YARA_H 31 | #define YR_YARA_H 32 | 33 | #include "yara/utils.h" 34 | #include "yara/filemap.h" 35 | #include "yara/compiler.h" 36 | #include "yara/modules.h" 37 | #include "yara/object.h" 38 | #include "yara/libyara.h" 39 | #include "yara/error.h" 40 | #include "yara/stream.h" 41 | #include "yara/hash.h" 42 | #include "yara/scanner.h" 43 | #include "yara/mem.h" 44 | 45 | #endif 46 | -------------------------------------------------------------------------------- /req/yara-3.9.0/libyara/include/yara/exefiles.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2007. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef YR_EXEFILES_H 31 | #define YR_EXEFILES_H 32 | 33 | uint64_t yr_get_entry_point_offset( 34 | const uint8_t* buffer, 35 | size_t buffer_length); 36 | 37 | 38 | uint64_t yr_get_entry_point_address( 39 | const uint8_t* buffer, 40 | size_t buffer_length, 41 | uint64_t base_address); 42 | 43 | #endif 44 | -------------------------------------------------------------------------------- /req/yara-3.9.0/libyara/include/yara/globals.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2014. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef YR_GLOBALS_H 31 | #define YR_GLOBALS_H 32 | 33 | #include 34 | 35 | // Pre-computed tables for quickly converting a character to lowercase or to 36 | // its alternative case (uppercase if it is a lowercase and vice versa). This 37 | // tables are initialized by yr_initialize. 38 | extern char yr_lowercase[256]; 39 | extern char yr_altercase[256]; 40 | 41 | // Canary value used for preventing hand-crafted objects from being embedded 42 | // in compiled rules and used to exploit YARA. The canary value is initialized 43 | // to a random value by yr_initialize and is subsequently set to all objects 44 | // created by yr_object_create. The canary is verified when objects are used 45 | // by yr_execute_code. 46 | extern int yr_canary; 47 | 48 | extern YR_THREAD_STORAGE_KEY yr_tidx_key; 49 | extern YR_THREAD_STORAGE_KEY yr_recovery_state_key; 50 | 51 | #endif 52 | -------------------------------------------------------------------------------- /req/yara-3.9.0/libyara/include/yara/mem.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2007. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef YR_MEM_H 31 | #define YR_MEM_H 32 | 33 | #include 34 | 35 | #ifdef DMALLOC 36 | 37 | #define yr_malloc malloc 38 | #define yr_calloc calloc 39 | #define yr_realloc realloc 40 | #define yr_free free 41 | #define yr_strdup strdup 42 | #define yr_strndup strndup 43 | 44 | #include 45 | 46 | #else 47 | 48 | void* yr_calloc( 49 | size_t count, 50 | size_t size); 51 | 52 | void* yr_malloc( 53 | size_t size); 54 | 55 | void* yr_realloc( 56 | void* ptr, 57 | size_t size); 58 | 59 | void yr_free( 60 | void *ptr); 61 | 62 | char* yr_strdup( 63 | const char *str); 64 | 65 | char* yr_strndup( 66 | const char *str, size_t n); 67 | 68 | #endif 69 | 70 | int yr_heap_alloc(void); 71 | 72 | int yr_heap_free(void); 73 | 74 | #endif 75 | -------------------------------------------------------------------------------- /req/yara-3.9.0/libyara/include/yara/proc.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2007. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef YR_PROC_H 31 | #define YR_PROC_H 32 | 33 | #include 34 | 35 | typedef struct _YR_PROC_ITERATOR_CTX { 36 | const uint8_t* buffer; 37 | size_t buffer_size; 38 | YR_MEMORY_BLOCK current_block; 39 | void* proc_info; 40 | } YR_PROC_ITERATOR_CTX; 41 | 42 | YR_API int yr_process_open_iterator( 43 | int pid, 44 | YR_MEMORY_BLOCK_ITERATOR* iterator); 45 | 46 | YR_API int yr_process_close_iterator( 47 | YR_MEMORY_BLOCK_ITERATOR* iterator); 48 | 49 | YR_API YR_MEMORY_BLOCK* yr_process_get_first_memory_block( 50 | YR_MEMORY_BLOCK_ITERATOR* iterator); 51 | 52 | YR_API YR_MEMORY_BLOCK* yr_process_get_next_memory_block( 53 | YR_MEMORY_BLOCK_ITERATOR* iterator); 54 | 55 | YR_API const uint8_t* yr_process_fetch_memory_block_data( 56 | YR_MEMORY_BLOCK* block); 57 | 58 | #endif 59 | -------------------------------------------------------------------------------- /req/yara-3.9.0/libyara/include/yara/scan.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2014. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef YR_SCAN_H 31 | #define YR_SCAN_H 32 | 33 | #include 34 | 35 | // Bitmasks for flags. 36 | #define SCAN_FLAGS_FAST_MODE 1 37 | #define SCAN_FLAGS_PROCESS_MEMORY 2 38 | #define SCAN_FLAGS_NO_TRYCATCH 4 39 | 40 | 41 | int yr_scan_verify_match( 42 | YR_SCAN_CONTEXT* context, 43 | YR_AC_MATCH* ac_match, 44 | const uint8_t* data, 45 | size_t data_size, 46 | uint64_t data_base, 47 | size_t offset); 48 | 49 | #endif 50 | -------------------------------------------------------------------------------- /req/yara-3.9.0/libyara/include/yara/sizedstr.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2007-2014. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef _SIZEDSTR_H 31 | #define _SIZEDSTR_H 32 | 33 | #include 34 | 35 | #include 36 | 37 | // 38 | // This struct is used to support strings containing null chars. The length of 39 | // the string is stored along the string data. However the string data is also 40 | // terminated with a null char. 41 | // 42 | 43 | #define SIZED_STRING_FLAGS_NO_CASE 1 44 | #define SIZED_STRING_FLAGS_DOT_ALL 2 45 | 46 | #pragma pack(push) 47 | #pragma pack(8) 48 | 49 | 50 | typedef struct _SIZED_STRING 51 | { 52 | uint32_t length; 53 | uint32_t flags; 54 | 55 | char c_string[1]; 56 | 57 | } SIZED_STRING; 58 | 59 | #pragma pack(pop) 60 | 61 | 62 | int sized_string_cmp( 63 | SIZED_STRING* s1, 64 | SIZED_STRING* s2); 65 | 66 | 67 | SIZED_STRING* sized_string_dup( 68 | SIZED_STRING* s); 69 | 70 | #endif 71 | -------------------------------------------------------------------------------- /req/yara-3.9.0/libyara/include/yara/stack.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2018. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef YR_STACK_H 31 | #define YR_STACK_H 32 | 33 | typedef struct YR_STACK YR_STACK; 34 | 35 | struct YR_STACK 36 | { 37 | // Pointer to a heap-allocated array containing the void* values put in 38 | // in the stack. This array starts with a fixed size and it's grown as 39 | // required when new items are pushed into the stack. 40 | void* items; 41 | 42 | // Current capacity (i.e: the number of items that fit into the array) 43 | int capacity; 44 | 45 | // Size of each individual item in the stack. 46 | int item_size; 47 | 48 | // Index of the stack's top in the items array. 49 | int top; 50 | }; 51 | 52 | 53 | int yr_stack_create( 54 | int initial_capacity, 55 | int item_size, 56 | YR_STACK** stack); 57 | 58 | 59 | void yr_stack_destroy( 60 | YR_STACK* stack); 61 | 62 | 63 | int yr_stack_push( 64 | YR_STACK* stack, 65 | void* item); 66 | 67 | 68 | int yr_stack_pop( 69 | YR_STACK* stack, 70 | void* item); 71 | 72 | #endif -------------------------------------------------------------------------------- /req/yara-3.9.0/libyara/include/yara/stream.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2015. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef YR_STREAM_H 31 | #define YR_STREAM_H 32 | 33 | #include 34 | 35 | typedef size_t (*YR_STREAM_READ_FUNC)( 36 | void* ptr, 37 | size_t size, 38 | size_t count, 39 | void* user_data); 40 | 41 | 42 | typedef size_t (*YR_STREAM_WRITE_FUNC)( 43 | const void* ptr, 44 | size_t size, 45 | size_t count, 46 | void* user_data); 47 | 48 | 49 | typedef struct _YR_STREAM 50 | { 51 | void* user_data; 52 | 53 | YR_STREAM_READ_FUNC read; 54 | YR_STREAM_WRITE_FUNC write; 55 | 56 | } YR_STREAM; 57 | 58 | 59 | size_t yr_stream_read( 60 | void* ptr, 61 | size_t size, 62 | size_t count, 63 | YR_STREAM* stream); 64 | 65 | 66 | size_t yr_stream_write( 67 | const void* ptr, 68 | size_t size, 69 | size_t count, 70 | YR_STREAM* stream); 71 | 72 | #endif 73 | -------------------------------------------------------------------------------- /req/yara-3.9.0/libyara/include/yara/threading.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2016. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef YR_MUTEX_H 31 | #define YR_MUTEX_H 32 | 33 | 34 | 35 | #if defined(_WIN32) || defined(__CYGWIN__) 36 | 37 | #include 38 | 39 | typedef DWORD YR_THREAD_ID; 40 | typedef DWORD YR_THREAD_STORAGE_KEY; 41 | typedef HANDLE YR_MUTEX; 42 | 43 | #else 44 | 45 | #include 46 | 47 | typedef pthread_t YR_THREAD_ID; 48 | typedef pthread_key_t YR_THREAD_STORAGE_KEY; 49 | typedef pthread_mutex_t YR_MUTEX; 50 | 51 | #endif 52 | 53 | YR_THREAD_ID yr_current_thread_id(void); 54 | 55 | int yr_mutex_create(YR_MUTEX*); 56 | int yr_mutex_destroy(YR_MUTEX*); 57 | int yr_mutex_lock(YR_MUTEX*); 58 | int yr_mutex_unlock(YR_MUTEX*); 59 | 60 | int yr_thread_storage_create(YR_THREAD_STORAGE_KEY*); 61 | int yr_thread_storage_destroy(YR_THREAD_STORAGE_KEY*); 62 | int yr_thread_storage_set_value(YR_THREAD_STORAGE_KEY*, void*); 63 | void* yr_thread_storage_get_value(YR_THREAD_STORAGE_KEY*); 64 | 65 | #endif 66 | -------------------------------------------------------------------------------- /req/yara-3.9.0/libyara/modules/demo.c: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2014. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #include 31 | 32 | #define MODULE_NAME demo 33 | 34 | begin_declarations; 35 | 36 | declare_string("greeting"); 37 | 38 | end_declarations; 39 | 40 | 41 | int module_initialize( 42 | YR_MODULE* module) 43 | { 44 | return ERROR_SUCCESS; 45 | } 46 | 47 | 48 | int module_finalize( 49 | YR_MODULE* module) 50 | { 51 | return ERROR_SUCCESS; 52 | } 53 | 54 | 55 | int module_load( 56 | YR_SCAN_CONTEXT* context, 57 | YR_OBJECT* module_object, 58 | void* module_data, 59 | size_t module_data_size) 60 | { 61 | set_string("Hello World!", module_object, "greeting"); 62 | 63 | return ERROR_SUCCESS; 64 | } 65 | 66 | 67 | int module_unload( 68 | YR_OBJECT* module_object) 69 | { 70 | return ERROR_SUCCESS; 71 | } 72 | -------------------------------------------------------------------------------- /req/yara-3.9.0/libyara/modules/module_list: -------------------------------------------------------------------------------- 1 | MODULE(tests) 2 | MODULE(pe) 3 | MODULE(elf) 4 | MODULE(math) 5 | MODULE(time) 6 | 7 | #ifdef DOTNET_MODULE 8 | MODULE(dotnet) 9 | #endif 10 | 11 | #ifdef CUCKOO_MODULE 12 | MODULE(cuckoo) 13 | #endif 14 | 15 | #ifdef MAGIC_MODULE 16 | MODULE(magic) 17 | #endif 18 | 19 | #ifdef HASH_MODULE 20 | MODULE(hash) 21 | #endif 22 | 23 | #ifdef MACHO_MODULE 24 | MODULE(macho) 25 | #endif 26 | 27 | #ifdef DEX_MODULE 28 | MODULE(dex) 29 | #endif 30 | -------------------------------------------------------------------------------- /req/yara-3.9.0/libyara/modules/time.c: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2014-2017. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #include 31 | #include 32 | 33 | #define MODULE_NAME time 34 | 35 | 36 | define_function(now) 37 | { 38 | time_t now = time(NULL); 39 | if (now == -1) 40 | return_integer(UNDEFINED); 41 | return_integer((long) now); 42 | } 43 | 44 | 45 | begin_declarations; 46 | 47 | declare_function("now", "", "i", now); 48 | 49 | end_declarations; 50 | 51 | 52 | int module_initialize( 53 | YR_MODULE* module) 54 | { 55 | return ERROR_SUCCESS; 56 | } 57 | 58 | 59 | int module_finalize( 60 | YR_MODULE* module) 61 | { 62 | return ERROR_SUCCESS; 63 | } 64 | 65 | 66 | int module_load( 67 | YR_SCAN_CONTEXT* context, 68 | YR_OBJECT* module_object, 69 | void* module_data, 70 | size_t module_data_size) 71 | { 72 | return ERROR_SUCCESS; 73 | } 74 | 75 | 76 | int module_unload( 77 | YR_OBJECT* module_object) 78 | { 79 | return ERROR_SUCCESS; 80 | } 81 | -------------------------------------------------------------------------------- /req/yara-3.9.0/libyara/proc/none.c: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2007-2017. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #if defined(USE_NO_PROC) 31 | 32 | #include 33 | #include 34 | 35 | int _yr_process_attach( 36 | int pid, 37 | YR_PROC_ITERATOR_CTX* context) 38 | { 39 | return ERROR_COULD_NOT_ATTACH_TO_PROCESS; 40 | } 41 | 42 | int _yr_process_detach( 43 | YR_PROC_ITERATOR_CTX* context) 44 | { 45 | return ERROR_INVALID_ARGUMENT; 46 | } 47 | 48 | YR_API const uint8_t* yr_process_fetch_memory_block_data( 49 | YR_MEMORY_BLOCK* block) 50 | { 51 | return NULL; 52 | } 53 | 54 | YR_API YR_MEMORY_BLOCK* yr_process_get_next_memory_block( 55 | YR_MEMORY_BLOCK_ITERATOR* iterator) 56 | { 57 | return NULL; 58 | } 59 | 60 | YR_API YR_MEMORY_BLOCK* yr_process_get_first_memory_block( 61 | YR_MEMORY_BLOCK_ITERATOR* iterator) 62 | { 63 | return NULL; 64 | } 65 | 66 | #endif 67 | -------------------------------------------------------------------------------- /req/yara-3.9.0/libyara/sizedstr.c: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2014. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #include 31 | #include 32 | #include 33 | 34 | 35 | int sized_string_cmp( 36 | SIZED_STRING* s1, 37 | SIZED_STRING* s2) 38 | { 39 | size_t i = 0; 40 | 41 | while (s1->length > i && 42 | s2->length > i && 43 | s1->c_string[i] == s2->c_string[i]) 44 | { 45 | i++; 46 | } 47 | 48 | if (i == s1->length && i == s2->length) 49 | return 0; 50 | else if (i == s1->length) 51 | return -1; 52 | else if (i == s2->length) 53 | return 1; 54 | else if (s1->c_string[i] < s2->c_string[i]) 55 | return -1; 56 | else 57 | return 1; 58 | } 59 | 60 | 61 | SIZED_STRING* sized_string_dup( 62 | SIZED_STRING* s) 63 | { 64 | SIZED_STRING* result = (SIZED_STRING*) yr_malloc( 65 | sizeof(SIZED_STRING) + s->length); 66 | 67 | if (result == NULL) 68 | return NULL; 69 | 70 | result->length = s->length; 71 | result->flags = s->flags; 72 | 73 | strncpy(result->c_string, s->c_string, s->length + 1); 74 | 75 | return result; 76 | } 77 | -------------------------------------------------------------------------------- /req/yara-3.9.0/libyara/stino.settings: -------------------------------------------------------------------------------- 1 | { 2 | "baudrate": 4, 3 | "line_ending": 1, 4 | "serial_port": 1 5 | } -------------------------------------------------------------------------------- /req/yara-3.9.0/libyara/stream.c: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2015. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #include 31 | #include 32 | 33 | 34 | size_t yr_stream_read( 35 | void* ptr, 36 | size_t size, 37 | size_t count, 38 | YR_STREAM* stream) 39 | { 40 | if (stream->read == NULL) 41 | return 0; 42 | 43 | return stream->read(ptr, size, count, stream->user_data); 44 | } 45 | 46 | 47 | size_t yr_stream_write( 48 | const void* ptr, 49 | size_t size, 50 | size_t count, 51 | YR_STREAM* stream) 52 | { 53 | if (stream->write == NULL) 54 | return 0; 55 | 56 | return stream->write(ptr, size, count, stream->user_data); 57 | } 58 | -------------------------------------------------------------------------------- /req/yara-3.9.0/libyara/yara.pc.in: -------------------------------------------------------------------------------- 1 | prefix=@prefix@ 2 | exec_prefix=@exec_prefix@ 3 | includedir=@includedir@ 4 | libdir=@libdir@ 5 | 6 | Name: yara 7 | Description: YARA library 8 | URL: https://virustotal.github.io/yara/ 9 | Version: @PACKAGE_VERSION@ 10 | Requires.private: @PC_REQUIRES_PRIVATE@ 11 | Cflags: -I${includedir} 12 | Libs: -L${libdir} -lyara 13 | Libs.private: @PC_LIBS_PRIVATE@ @PTHREAD_LIBS@ 14 | -------------------------------------------------------------------------------- /req/yara-3.9.0/sample.file: -------------------------------------------------------------------------------- 1 | abbbb 2 | -------------------------------------------------------------------------------- /req/yara-3.9.0/sample.rules: -------------------------------------------------------------------------------- 1 | 2 | rule UPX : Packer 3 | { 4 | strings: 5 | $a = {60 E8 00 00 00 00 58 83 E8 3D 50 8D B8} 6 | 7 | condition: 8 | $a at entrypoint 9 | 10 | } 11 | 12 | -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/data/079a472d22290a94ebb212aa8015cdc8dd28a968c6b4d3b88acdd58ce2d3b885: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/data/079a472d22290a94ebb212aa8015cdc8dd28a968c6b4d3b88acdd58ce2d3b885 -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/data/baz.yar: -------------------------------------------------------------------------------- 1 | /* 2 | Add padding for making the file large enough to trigger issue #884 3 | 4 | pading pading pading pading pading pading pading pading pading pading 5 | pading pading pading pading pading pading pading pading pading pading 6 | pading pading pading pading pading pading pading pading pading pading 7 | pading pading pading pading pading pading pading pading pading pading 8 | pading pading pading pading pading pading pading pading pading pading 9 | pading pading pading pading pading pading pading pading pading pading 10 | pading pading pading pading pading pading pading pading pading pading 11 | pading pading pading pading pading pading pading pading pading pading 12 | pading pading pading pading pading pading pading pading pading pading 13 | pading pading pading pading pading pading pading pading pading pading 14 | pading pading pading pading pading pading pading pading pading pading 15 | pading pading pading pading pading pading pading pading pading pading 16 | pading pading pading pading pading pading pading pading pading pading 17 | pading pading pading pading pading pading pading pading pading pading 18 | pading pading pading pading pading pading pading pading pading pading 19 | pading pading pading pading pading pading pading pading pading pading 20 | pading pading pading pading pading pading pading pading pading pading 21 | pading pading pading pading pading pading pading pading pading pading 22 | */ 23 | 24 | rule baz { condition: true } 25 | -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/data/foo.yar: -------------------------------------------------------------------------------- 1 | include "include/bar.yar" 2 | 3 | rule foo { condition: bar } 4 | -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/data/include/bar.yar: -------------------------------------------------------------------------------- 1 | include "../baz.yar" 2 | 3 | rule bar { condition: baz } 4 | -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/data/tiny: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/data/tiny -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/data/tiny-idata-51ff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/data/tiny-idata-51ff -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/data/tiny-idata-5200: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/data/tiny-idata-5200 -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/data/tiny-overlay: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/data/tiny-overlay -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/data/tiny-universal: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/data/tiny-universal -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/data/tiny.notes: -------------------------------------------------------------------------------- 1 | tiny.exe was compiled from a simple oneliner, 2 | 3 | int main() { return 42; } 4 | 5 | $ i686-w64-mingw32-gcc -s -Wl,--file-alignment=4096 -o tiny.exe tiny.c 6 | 7 | To demonstrate issue #429, two patched executables have been generated 8 | where the PointerToRawData for the .idata section (offset 0x22c) was 9 | changed from 0x5000 to 0x51ff (tiny-idata-51ff.exe) and 0x5200 10 | (tiny-idata-5200.exe), respectively. While tiny-idata-51ff.exe can be 11 | executed in Windows XP, tiny-idata-5200.exe can not. 12 | 13 | 14 | 15 | Compiler version used to produce tiny.exe: 16 | 17 | $ i686-w64-mingw32-gcc --version 18 | i686-w64-mingw32-gcc (GCC) 5.3.1 20160205 19 | Copyright (C) 2015 Free Software Foundation, Inc. 20 | This is free software; see the source for copying conditions. There is NO 21 | warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 22 | 23 | -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/data/xor.out: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/data/xor.out -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/data/xornocase.out: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/data/xornocase.out -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/data/xorwide.out: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/data/xorwide.out -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/oss-fuzz/dex_fuzzer.cc: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | #include 5 | 6 | 7 | YR_RULES* rules = NULL; 8 | 9 | 10 | extern "C" int LLVMFuzzerInitialize(int* argc, char*** argv) 11 | { 12 | YR_COMPILER* compiler; 13 | 14 | if (yr_initialize() != ERROR_SUCCESS) 15 | return 0; 16 | 17 | if (yr_compiler_create(&compiler) != ERROR_SUCCESS) 18 | return 0; 19 | 20 | if (yr_compiler_add_string(compiler, "import \"dex\"", NULL) == 0) 21 | yr_compiler_get_rules(compiler, &rules); 22 | 23 | yr_compiler_destroy(compiler); 24 | 25 | return 0; 26 | } 27 | 28 | 29 | int callback(int message, void* message_data, void* user_data) 30 | { 31 | return CALLBACK_CONTINUE; 32 | } 33 | 34 | 35 | extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) 36 | { 37 | if (rules == NULL) 38 | return 0; 39 | 40 | yr_rules_scan_mem( 41 | rules, 42 | data, 43 | size, 44 | SCAN_FLAGS_NO_TRYCATCH, 45 | callback, 46 | NULL, 47 | 0); 48 | 49 | return 0; 50 | } 51 | -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/oss-fuzz/dex_fuzzer_corpus/1cf540db2f048bb21bd89379a57279b9ff4c308558715a3baee666a47393d86e: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/oss-fuzz/dex_fuzzer_corpus/1cf540db2f048bb21bd89379a57279b9ff4c308558715a3baee666a47393d86e -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/oss-fuzz/dex_fuzzer_corpus/25ef27f9543444652f0c68fe412d3da627a1d2a590b0a2b30e47466c1e962136: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/oss-fuzz/dex_fuzzer_corpus/25ef27f9543444652f0c68fe412d3da627a1d2a590b0a2b30e47466c1e962136 -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/oss-fuzz/dex_fuzzer_corpus/27fb31059503773723597edb875c937af971a6c15f91aac8c03c1fbdfa9e918c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/oss-fuzz/dex_fuzzer_corpus/27fb31059503773723597edb875c937af971a6c15f91aac8c03c1fbdfa9e918c -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/oss-fuzz/dex_fuzzer_corpus/3ba9c082050f62e725c87ce4cf9f592fe9f177faf3a0c879f8fbe87312ca4b2c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/oss-fuzz/dex_fuzzer_corpus/3ba9c082050f62e725c87ce4cf9f592fe9f177faf3a0c879f8fbe87312ca4b2c -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/oss-fuzz/dex_fuzzer_corpus/b1203d95c56f02e7e6dbea714275cc05b47ac2510958b85f436571b801af44e7: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/oss-fuzz/dex_fuzzer_corpus/b1203d95c56f02e7e6dbea714275cc05b47ac2510958b85f436571b801af44e7 -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/oss-fuzz/dex_fuzzer_corpus/b343d1058063e6e4b652ccf0589f93d0dbb6b092960e4aebc3c3c58894831359: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/oss-fuzz/dex_fuzzer_corpus/b343d1058063e6e4b652ccf0589f93d0dbb6b092960e4aebc3c3c58894831359 -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/oss-fuzz/dex_fuzzer_corpus/crash.poc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/oss-fuzz/dex_fuzzer_corpus/crash.poc -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/oss-fuzz/dotnet_fuzzer_corpus/buggy_stream_names: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/oss-fuzz/dotnet_fuzzer_corpus/buggy_stream_names -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/oss-fuzz/dotnet_fuzzer_corpus/clusterfuzz-testcase-minimized-dotnet_fuzzer-5725060321509376: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/oss-fuzz/dotnet_fuzzer_corpus/clusterfuzz-testcase-minimized-dotnet_fuzzer-5725060321509376 -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/oss-fuzz/dotnet_fuzzer_corpus/obfuscated: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/oss-fuzz/dotnet_fuzzer_corpus/obfuscated -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/oss-fuzz/elf_fuzzer.cc: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2017. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #include 31 | #include 32 | 33 | #include 34 | 35 | 36 | YR_RULES* rules = NULL; 37 | 38 | 39 | extern "C" int LLVMFuzzerInitialize(int* argc, char*** argv) 40 | { 41 | YR_COMPILER* compiler; 42 | 43 | if (yr_initialize() != ERROR_SUCCESS) 44 | return 0; 45 | 46 | if (yr_compiler_create(&compiler) != ERROR_SUCCESS) 47 | return 0; 48 | 49 | if (yr_compiler_add_string(compiler, "import \"elf\"", NULL) == 0) 50 | yr_compiler_get_rules(compiler, &rules); 51 | 52 | yr_compiler_destroy(compiler); 53 | 54 | return 0; 55 | } 56 | 57 | 58 | int callback(int message, void* message_data, void* user_data) 59 | { 60 | return CALLBACK_CONTINUE; 61 | } 62 | 63 | 64 | extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) 65 | { 66 | if (rules == NULL) 67 | return 0; 68 | 69 | yr_rules_scan_mem( 70 | rules, 71 | data, 72 | size, 73 | SCAN_FLAGS_NO_TRYCATCH, 74 | callback, 75 | NULL, 76 | 0); 77 | 78 | return 0; 79 | } -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/oss-fuzz/elf_fuzzer_corpus/crash-03bca75466ee42801a8bff280de04afc3d1a3637: -------------------------------------------------------------------------------- 1 | ELFELF -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/oss-fuzz/elf_fuzzer_corpus/crash-086300bbce1c6537573057336a343a82d483e2c0: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/oss-fuzz/elf_fuzzer_corpus/crash-086300bbce1c6537573057336a343a82d483e2c0 -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/oss-fuzz/elf_fuzzer_corpus/crash-2cafe4de66d87a83d83aaf65d8e4cea48f2c1144: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/oss-fuzz/elf_fuzzer_corpus/crash-2cafe4de66d87a83d83aaf65d8e4cea48f2c1144 -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/oss-fuzz/elf_fuzzer_corpus/crash-370485c5b087f780a2447a03d775f7188e323d31: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/oss-fuzz/elf_fuzzer_corpus/crash-370485c5b087f780a2447a03d775f7188e323d31 -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/oss-fuzz/elf_fuzzer_corpus/crash-49bb55d669fda0683f945b89396a6bd458caf2d8: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/oss-fuzz/elf_fuzzer_corpus/crash-49bb55d669fda0683f945b89396a6bd458caf2d8 -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/oss-fuzz/elf_fuzzer_corpus/crash-49d00b6b033eaeb07cd39809dbc1d7ba2df196ec: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/oss-fuzz/elf_fuzzer_corpus/crash-49d00b6b033eaeb07cd39809dbc1d7ba2df196ec -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/oss-fuzz/elf_fuzzer_corpus/crash-723296cdc1c0dba83ea767d69286429e608c46c3: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/oss-fuzz/elf_fuzzer_corpus/crash-723296cdc1c0dba83ea767d69286429e608c46c3 -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/oss-fuzz/elf_fuzzer_corpus/crash-7dc27920ae1cb85333e7f2735a45014488134673: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/oss-fuzz/elf_fuzzer_corpus/crash-7dc27920ae1cb85333e7f2735a45014488134673 -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/oss-fuzz/elf_fuzzer_corpus/crash-7e945ce5f43f515ea078c558a2e3205089d414e5: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/oss-fuzz/elf_fuzzer_corpus/crash-7e945ce5f43f515ea078c558a2e3205089d414e5 -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/oss-fuzz/elf_fuzzer_corpus/crash-a809561e75b94bd5d4d8cf7488d9e2663fc1ccdc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/oss-fuzz/elf_fuzzer_corpus/crash-a809561e75b94bd5d4d8cf7488d9e2663fc1ccdc -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/oss-fuzz/elf_fuzzer_corpus/crash-a8715a38a94161c9509309f5dbb5a7936aba8376: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/oss-fuzz/elf_fuzzer_corpus/crash-a8715a38a94161c9509309f5dbb5a7936aba8376 -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/oss-fuzz/elf_fuzzer_corpus/crash-aee928239444a7b039500d4499035e6d30cb89da: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/oss-fuzz/elf_fuzzer_corpus/crash-aee928239444a7b039500d4499035e6d30cb89da -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/oss-fuzz/elf_fuzzer_corpus/crash-c4002396c52065d21fe1c1f05f8937aab8d59c18: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/oss-fuzz/elf_fuzzer_corpus/crash-c4002396c52065d21fe1c1f05f8937aab8d59c18 -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/oss-fuzz/elf_fuzzer_corpus/crash-c610b3036f195ad7fb05248a530278aad37b438d: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/oss-fuzz/elf_fuzzer_corpus/crash-c610b3036f195ad7fb05248a530278aad37b438d -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/oss-fuzz/elf_fuzzer_corpus/crash-c6569e6e28f0a18bb2f3bf49c982333a359bed67: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/oss-fuzz/elf_fuzzer_corpus/crash-c6569e6e28f0a18bb2f3bf49c982333a359bed67 -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/oss-fuzz/elf_fuzzer_corpus/crash-cc6844f44825a785de1b079c88f728e1c0f779fb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/oss-fuzz/elf_fuzzer_corpus/crash-cc6844f44825a785de1b079c88f728e1c0f779fb -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/oss-fuzz/elf_fuzzer_corpus/crash-f1fd008da535b110853885221ebfaac3f262a1c1e280f10929f7b353c44996c8: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/oss-fuzz/elf_fuzzer_corpus/crash-f1fd008da535b110853885221ebfaac3f262a1c1e280f10929f7b353c44996c8 -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/oss-fuzz/elf_fuzzer_corpus/poc-6bf54fca69bb5029676d747b12c74b597dd8c5939343ea8f2cbfea9e666dd6b1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/oss-fuzz/elf_fuzzer_corpus/poc-6bf54fca69bb5029676d747b12c74b597dd8c5939343ea8f2cbfea9e666dd6b1 -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/oss-fuzz/elf_fuzzer_corpus/poc-789fc6da83de39c3ff394a950b0831f6fe5b63a85a46aaa236048b5c1dcf0e59: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/oss-fuzz/elf_fuzzer_corpus/poc-789fc6da83de39c3ff394a950b0831f6fe5b63a85a46aaa236048b5c1dcf0e59 -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/oss-fuzz/elf_fuzzer_corpus/poc-939e9cd87b0d80834210fbf54edc66341aebf416d7509f6633f1d49766978b22: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/oss-fuzz/elf_fuzzer_corpus/poc-939e9cd87b0d80834210fbf54edc66341aebf416d7509f6633f1d49766978b22 -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/oss-fuzz/elf_fuzzer_corpus/poc-93a9fd1909dd49fc2a9b654333504f249cdac58126d3cfc4728577e78cb3eb89: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/oss-fuzz/elf_fuzzer_corpus/poc-93a9fd1909dd49fc2a9b654333504f249cdac58126d3cfc4728577e78cb3eb89 -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/oss-fuzz/elf_fuzzer_corpus/poc-b5b03a1f305b2cc1c158e01fee6c08c65145325d4e073f04d969329577077862: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/oss-fuzz/elf_fuzzer_corpus/poc-b5b03a1f305b2cc1c158e01fee6c08c65145325d4e073f04d969329577077862 -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/oss-fuzz/elf_fuzzer_corpus/poc-fa8bbacb5a12f057a0ed3999c37d78b4991e6b201bda4dc9a75a7c7970c7690d: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/oss-fuzz/elf_fuzzer_corpus/poc-fa8bbacb5a12f057a0ed3999c37d78b4991e6b201bda4dc9a75a7c7970c7690d -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/oss-fuzz/macho_fuzzer_corpus/1443c3cfb47c5eb41022a7063c24ab1bc9e45bfc31e98d5e6d3aa8377599b983: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/oss-fuzz/macho_fuzzer_corpus/1443c3cfb47c5eb41022a7063c24ab1bc9e45bfc31e98d5e6d3aa8377599b983 -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/oss-fuzz/macho_fuzzer_corpus/589f7b0e30d885ed91229646e58ccc7615007d2fab06451fef8785c6126adba7: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/oss-fuzz/macho_fuzzer_corpus/589f7b0e30d885ed91229646e58ccc7615007d2fab06451fef8785c6126adba7 -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/oss-fuzz/macho_fuzzer_corpus/5eefacbe52990526e4953802249447dd8c0a4b537459ca41e005a7173ca46138: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/oss-fuzz/macho_fuzzer_corpus/5eefacbe52990526e4953802249447dd8c0a4b537459ca41e005a7173ca46138 -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/oss-fuzz/macho_fuzzer_corpus/6164a837fd33574f37464a765ab461fff94b52e659b114fb6109f2635678c564: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/oss-fuzz/macho_fuzzer_corpus/6164a837fd33574f37464a765ab461fff94b52e659b114fb6109f2635678c564 -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/oss-fuzz/macho_fuzzer_corpus/66528aeb35dd705cc26a7daf4b8eda684f620efebfa0740fab84043e371ed566: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/oss-fuzz/macho_fuzzer_corpus/66528aeb35dd705cc26a7daf4b8eda684f620efebfa0740fab84043e371ed566 -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/oss-fuzz/macho_fuzzer_corpus/6af5d157184d9144f86668f83e81760898df5db3c9e209596eb5fd9a91a7eeba: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/oss-fuzz/macho_fuzzer_corpus/6af5d157184d9144f86668f83e81760898df5db3c9e209596eb5fd9a91a7eeba -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/oss-fuzz/macho_fuzzer_corpus/797d1d450421b771482c0cc03f472e4eccbc9e4f544b6c12c1d4f070dec3c381: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/oss-fuzz/macho_fuzzer_corpus/797d1d450421b771482c0cc03f472e4eccbc9e4f544b6c12c1d4f070dec3c381 -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/oss-fuzz/macho_fuzzer_corpus/85494d8cb5753f1ad09be39428135feb35eb4ef44f39d6e1e75e2ad30d93e158: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/oss-fuzz/macho_fuzzer_corpus/85494d8cb5753f1ad09be39428135feb35eb4ef44f39d6e1e75e2ad30d93e158 -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/oss-fuzz/macho_fuzzer_corpus/b225048e85b14f08a43dd4752b9bb4b20840f5a8726eac0ff765d45c9e619828: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/oss-fuzz/macho_fuzzer_corpus/b225048e85b14f08a43dd4752b9bb4b20840f5a8726eac0ff765d45c9e619828 -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/oss-fuzz/macho_fuzzer_corpus/fda81421d7403180923717a94e77aade8c9286d5b8de3ae0e2812343b666c6a7: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/oss-fuzz/macho_fuzzer_corpus/fda81421d7403180923717a94e77aade8c9286d5b8de3ae0e2812343b666c6a7 -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/oss-fuzz/pe_fuzzer_corpus/00388b550a2603a9e219bcb48acaf8cc115653cb1ea84cb4bccceb1aabe755b6: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/oss-fuzz/pe_fuzzer_corpus/00388b550a2603a9e219bcb48acaf8cc115653cb1ea84cb4bccceb1aabe755b6 -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/oss-fuzz/pe_fuzzer_corpus/12f50a7dbf0c42f61ae1c351b2a9f75e8edb3bb55e582619edc7ece4eb0a3094: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/oss-fuzz/pe_fuzzer_corpus/12f50a7dbf0c42f61ae1c351b2a9f75e8edb3bb55e582619edc7ece4eb0a3094 -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/oss-fuzz/pe_fuzzer_corpus/967af267b4124bada8f507cebf25f2192d146a4d63be71b45bfc03c5da7f21a7: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/oss-fuzz/pe_fuzzer_corpus/967af267b4124bada8f507cebf25f2192d146a4d63be71b45bfc03c5da7f21a7 -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/oss-fuzz/pe_fuzzer_corpus/99e98cb7096dee974e28fea0f76f1c30bc44fd5762cb12b2702910a28b28f95f: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/oss-fuzz/pe_fuzzer_corpus/99e98cb7096dee974e28fea0f76f1c30bc44fd5762cb12b2702910a28b28f95f -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/oss-fuzz/pe_fuzzer_corpus/clusterfuzz-testcase-minimized-5211130361282560: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/oss-fuzz/pe_fuzzer_corpus/clusterfuzz-testcase-minimized-5211130361282560 -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/oss-fuzz/pe_fuzzer_corpus/clusterfuzz-testcase-minimized-5839717883969536: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/oss-fuzz/pe_fuzzer_corpus/clusterfuzz-testcase-minimized-5839717883969536 -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/oss-fuzz/pe_fuzzer_corpus/clusterfuzz-testcase-minimized-pe_fuzzer-5741846293643264: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/oss-fuzz/pe_fuzzer_corpus/clusterfuzz-testcase-minimized-pe_fuzzer-5741846293643264 -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/oss-fuzz/pe_fuzzer_corpus/e5af0352010b1879ac1c63a69d3d9a02d577fa834165f855bd5ebee0f1105de1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/oss-fuzz/pe_fuzzer_corpus/e5af0352010b1879ac1c63a69d3d9a02d577fa834165f855bd5ebee0f1105de1 -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/oss-fuzz/rules_fuzzer.cc: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2017. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #include 31 | #include 32 | #include 33 | 34 | #include 35 | 36 | 37 | extern "C" int LLVMFuzzerInitialize(int* argc, char*** argv) 38 | { 39 | yr_initialize(); 40 | return 0; 41 | } 42 | 43 | 44 | extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) 45 | { 46 | YR_RULES* rules; 47 | YR_COMPILER* compiler; 48 | 49 | char* buffer = (char*) malloc(size + 1); 50 | 51 | if (!buffer) 52 | return 0; 53 | 54 | strncpy(buffer, (const char *) data, size); 55 | buffer[size] = 0; 56 | 57 | if (yr_compiler_create(&compiler) != ERROR_SUCCESS) 58 | { 59 | free(buffer); 60 | return 0; 61 | } 62 | 63 | if (yr_compiler_add_string(compiler, (const char*) buffer, NULL) == 0) 64 | { 65 | if (yr_compiler_get_rules(compiler, &rules) == ERROR_SUCCESS) 66 | yr_rules_destroy(rules); 67 | } 68 | 69 | yr_compiler_destroy(compiler); 70 | free(buffer); 71 | 72 | return 0; 73 | } 74 | -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/oss-fuzz/rules_fuzzer.dict: -------------------------------------------------------------------------------- 1 | # Lines starting with '#' and empty lines are ignored. 2 | 3 | "all" 4 | "and" 5 | "any" 6 | "ascii" 7 | "at" 8 | "condition" 9 | "contains" 10 | "entrypoint" 11 | "false" 12 | "filesize" 13 | "fullword" 14 | "for" 15 | "global" 16 | "in" 17 | "import" 18 | "include" 19 | "int8" 20 | "int16" 21 | "int32" 22 | "int8be" 23 | "int16be" 24 | "int32be" 25 | "matches" 26 | "meta" 27 | "nocase" 28 | "not" 29 | "or" 30 | "of" 31 | "private" 32 | "rule" 33 | "strings" 34 | "them" 35 | "true" 36 | "uint8" 37 | "uint16" 38 | "uint32" 39 | "uint8be" 40 | "uint16be" 41 | "uint32be" 42 | "wide" -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/oss-fuzz/rules_fuzzer.options: -------------------------------------------------------------------------------- 1 | [libfuzzer] 2 | max_len = 50000 3 | -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/oss-fuzz/rules_fuzzer_corpus/1: -------------------------------------------------------------------------------- 1 | rule test { condition: false } -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/oss-fuzz/rules_fuzzer_corpus/2: -------------------------------------------------------------------------------- 1 | rule r1 { condition: true or false } 2 | 3 | rule r2 { condition: 0x1 and 0x2} 4 | 5 | rule r3 { condition: 2 > 1 } 6 | 7 | rule r4 { condition: 1.5 >= 1.0} 8 | 9 | rule r5 { condition: 0.5 <= 1} 10 | 11 | rule r6 { condition: "abc" == "abc"} 12 | 13 | rule r7 { condition: "ab" < "abc"} 14 | 15 | rule r8 { condition: (1 + 1) * 2 == (9 - 1) \ 2 } 16 | 17 | rule r9 { condition: 1.5 + 1.5 == 3} 18 | 19 | rule r10 { condition: -2.0-3.0 == -5} 20 | 21 | rule r11 { condition: ~0xAA ^ 0x5A & 0xFF == (~0xAA) ^ (0x5A & 0xFF) } 22 | 23 | rule r12 { strings: $a = "abc" wide nocase fullword condition: $a } 24 | 25 | rule r13 { 26 | strings: 27 | $a = "abcdef" 28 | $b = "cdef" 29 | $c = "ef" 30 | condition: 31 | all of them 32 | } 33 | 34 | rule r14 { 35 | strings: 36 | $a = "abcdef" 37 | $b = "cdef" 38 | $c = "ef" 39 | condition: 40 | for all of ($*) : ($) 41 | } 42 | 43 | rule r15 { 44 | strings: 45 | $a = { 64 01 00 00 60 01 } 46 | condition: 47 | $a 48 | } 49 | 50 | rule r16 { 51 | strings: 52 | $a = { 64 01 [1-3] (60|61) 01 } 53 | condition: 54 | $a 55 | } 56 | 57 | rule r17 { 58 | strings: 59 | $a = { 4D 5A [-] 6A 2A [-] 58 C3 } 60 | condition: 61 | $a 62 | } 63 | 64 | rule r18 { 65 | strings: 66 | $a = { 4D 5A [300-] 6A 2A [-] 58 C3} 67 | condition: 68 | $a 69 | } 70 | 71 | rule r19 { 72 | strings: 73 | $a = { 2e 7? (65 | ?? ) 78 } 74 | condition: 75 | $a 76 | } 77 | 78 | rule r21 { 79 | strings: 80 | $a = /a.*efg/ 81 | condition: 82 | $a 83 | } 84 | 85 | rule r22 { 86 | strings: 87 | $a = /abc[^D]/ nocase 88 | condition: 89 | $a 90 | } 91 | 92 | rule r23 { 93 | strings: 94 | $a = /a[-]?c/ 95 | condition: 96 | $a 97 | } 98 | 99 | rule r24 { 100 | strings: 101 | $a = /[0-9a-f]+/ 102 | condition: 103 | $a 104 | } 105 | 106 | rule r25 { 107 | strings: 108 | $a = /[\\da-fA-F]+/ 109 | condition: 110 | $a 111 | } 112 | 113 | rule r26 { 114 | strings: 115 | $a = /(bc+d$|ef*g.|h?i(j|k))/ 116 | condition: 117 | $a 118 | } 119 | 120 | rule r27 { 121 | condition: 122 | "xxFoOxx" matches /fOo/i 123 | } 124 | 125 | rule r28 { 126 | condition: 127 | uint32be(0) == 0xAABBCCDD 128 | } 129 | -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/oss-fuzz/rules_fuzzer_corpus/3: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/req/yara-3.9.0/tests/oss-fuzz/rules_fuzzer_corpus/3 -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/test-math.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include "util.h" 4 | 5 | int main(int argc, char** argv) 6 | { 7 | yr_initialize(); 8 | 9 | assert_true_rule_blob( 10 | "import \"math\" \ 11 | rule test { \ 12 | condition: \ 13 | math.min(0, 1) == 0 \ 14 | }", 15 | "A"); 16 | 17 | assert_true_rule_blob( 18 | "import \"math\" \ 19 | rule test { \ 20 | condition: \ 21 | math.max(0, 1) == 1 \ 22 | }", 23 | "A"); 24 | 25 | yr_finalize(); 26 | return 0; 27 | } 28 | -------------------------------------------------------------------------------- /req/yara-3.9.0/tests/test-version.c: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2016. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #include 31 | #include 32 | 33 | int main (int argc, char **argv) 34 | { 35 | // make sure that versions defined in configure.ac and in 36 | // libyara/include/yara/libyara.h are in sync. 37 | 38 | return strcmp(PACKAGE_VERSION, YR_VERSION); 39 | } 40 | -------------------------------------------------------------------------------- /req/yara-3.9.0/windows/vs2015/NuGet.Config: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 6 | 8 | 9 | 10 | -------------------------------------------------------------------------------- /req/yara-3.9.0/windows/vs2015/libyara/packages.config: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | 7 | -------------------------------------------------------------------------------- /req/yara-3.9.0/windows/vs2017/NuGet.Config: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 6 | 8 | 9 | 10 | -------------------------------------------------------------------------------- /req/yara-3.9.0/windows/vs2017/libyara/libyara.vcxproj.user: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | -------------------------------------------------------------------------------- /req/yara-3.9.0/windows/vs2017/libyara/packages.config: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | 7 | -------------------------------------------------------------------------------- /req/yara-3.9.0/yarac.man: -------------------------------------------------------------------------------- 1 | .\"Text automatically generated by txt2man 2 | .TH YARAC "1" "Jan 2014" "YARAC 2.0" "compile rules to yara" 3 | .SH NAME 4 | \fByarac \fP- compile rules to yara 5 | .SH SYNOPSIS 6 | .nf 7 | .fam C 8 | \fByarac\fP [OPTION]\.\.\. [RULE_FILE]\.\.\. \fIOUTPUT_FILE\fP 9 | .fam T 10 | .fi 11 | .fam T 12 | .fi 13 | .SH DESCRIPTION 14 | To invoke YARA you will need two things: a file with the rules you want to 15 | use (either in source code or compiled form) and the target to be scanned. 16 | The target can be a file, a folder, or a process. 17 | .PP 18 | Rule files can be passed directly in source code form, or can be previously 19 | compiled with the \fByarac\fP tool. You may prefer to use your rules in compiled 20 | form if you are going to invoke YARA multiple times with the same rules. 21 | This way you’ll save time, because for YARA is faster to load compiled rules 22 | than compiling the same rules over and over again. 23 | .PP 24 | The rules will be applied to the target specified as the last argument to YARA, 25 | if it’s a path to a directory all the files contained in it will be scanned. 26 | .SH OPTIONS 27 | .TP 28 | .B 29 | \fB-d\fP = 30 | define external variable. 31 | .TP 32 | .B \-w " --no-warnings" 33 | Disable warnings. 34 | .TP 35 | .B " --fail-on-warnings" 36 | Treat warnings as errors. Has no effect if used with 37 | .B --no-warnings. 38 | .TP 39 | .B \-v " --version" 40 | Show version information. 41 | .SH EXAMPLE 42 | The \fB-d\fP is used to define external variables. For example: 43 | .PP 44 | \fB-d\fP flag=true 45 | .PP 46 | \fB-d\fP beast=666 47 | .PP 48 | \fB-d\fP name="James Bond" 49 | .SH SEE ALSO 50 | \fByara\fP(1) 51 | .SH AUTHOR 52 | \fByarac\fP was written by Victor M. Alvarez . 53 | This manual page was written by Joao Eriberto Mota Filho for the Debian project (but may be used by others). 54 | -------------------------------------------------------------------------------- /scan.py: -------------------------------------------------------------------------------- 1 | #! /usr/bin/env python 2 | 3 | import subprocess 4 | import sys, threading, Queue 5 | import os 6 | import string 7 | import urlparse 8 | import os.path 9 | 10 | import re, time, datetime 11 | 12 | 13 | 14 | def scanning(path): 15 | os.chdir(path) 16 | # currentdir = os.getcwd()[:-3] 17 | start_time = time.time() 18 | script_path = os.path.dirname(os.path.abspath( __file__ )) 19 | with open(script_path + "/scanlogs/Clam-report.log", "w") as f: 20 | print "\n=============== ClamAV Antivirus Engine is running! Please Wait ===============" 21 | f.write("======================================ClamAV======================================\n\n") 22 | f.write(datetime.datetime.now().strftime("%A, %d %B %Y %I:%M:%S%p") + "\n\n") 23 | f.write("--------------------------------------------------------------------------------------------------------------------\n\n") 24 | process = subprocess.Popen("clamscan -r --stdout --infected --scan-html=yes --scan-pdf=yes --scan-archive=yes --algorithmic-detection=yes" , shell=True, stdout=subprocess.PIPE) 25 | for line in iter(process.stdout.readline, ''): 26 | sys.stdout.write(line) 27 | f.write(line) 28 | f.write("\nclamscan -r --stdout --infected --scan-html=yes --scan-pdf=yes --scan-archive=yes -i --algorithmic-detection=yes " + os.getcwd() + "\n\n") 29 | finish_time = time.time() - start_time, "seconds" 30 | f.write("Scanning time with ClamAV engine was: " + str(finish_time) + "\n\n") 31 | print "================================================================================" 32 | -------------------------------------------------------------------------------- /scan.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/scan.pyc -------------------------------------------------------------------------------- /scanlogs/Clam-report.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/scanlogs/Clam-report.log -------------------------------------------------------------------------------- /scanlogs/Malicious-Websites.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/scanlogs/Malicious-Websites.log -------------------------------------------------------------------------------- /scanlogs/README: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/scanlogs/README -------------------------------------------------------------------------------- /scanlogs/Yara-report.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/scanlogs/Yara-report.log -------------------------------------------------------------------------------- /tools/copyinfected.py: -------------------------------------------------------------------------------- 1 | #! /usr/bin/env python 2 | 3 | import subprocess 4 | import sys, threading, Queue 5 | import os 6 | import string 7 | import urlparse 8 | import os.path 9 | import honeypotconfig 10 | import re, time 11 | 12 | def copyinfected(): 13 | logfile=open(honeypotconfig.wdir+"scanlogs/"+"report.log","r") 14 | foundfileslog=open(honeypotconfig.wdir+"found/"+"FoundExploits.log","w") 15 | # foundfileslog.write("The following files were detected to be malicious:\n\n") 16 | for line in logfile: 17 | if line.startswith("/"): 18 | results=line.strip() 19 | if "\t" in results: 20 | results=results.replace("\t"," ") 21 | 22 | if " " in results: 23 | results=results.replace(" "," ") 24 | 25 | p1=results.find(".html") #find the lowest index of ".html", finds the index of (.) 26 | # print p 27 | if (p1 != -1): 28 | filename1=results[0:p1+5]# to cover .html 29 | foundfileslog.write(filename1+"\n") 30 | copycommand1='cp -R --backup "'+ filename1+ '" ' +honeypotconfig.wdir+'found/' 31 | # print copycommand1 32 | os.system(copycommand1) 33 | 34 | p2=results.find(".js") 35 | if (p2 != -1): 36 | filename2=results[0:p2+3]# to cover .js 37 | foundfileslog.write(filename2+"\n") 38 | copycommand2='cp -R --backup "'+ filename2+ '" ' +honeypotconfig.wdir+'found/' 39 | # print copycommand2 40 | os.system(copycommand2) 41 | mylist=list() 42 | foundfileslog.close() 43 | fopen=open(honeypotconfig.wdir+"found/"+"FoundExploits.log","r") 44 | for line in fopen: 45 | line=line.strip() 46 | if line in mylist: 47 | continue 48 | else: 49 | mylist.append(line) 50 | mylist.sort() 51 | fopen.close() 52 | fopen=open(honeypotconfig.wdir+"found/"+"FoundExploits.log","w") 53 | fopen.write("The following files were detected to be malicious:\n\n") 54 | for line in mylist: 55 | fopen.write(line+"\n") 56 | 57 | # fopen.close() 58 | # fopen=open(honeypotconfig.wdir+"found/"+"FoundExploits.log","w") 59 | # for line in mylist: 60 | # fopen.write(line+"\n") 61 | # fopen.close() 62 | 63 | 64 | 65 | # filename2=line[0:p2+5] 66 | # j=results.index(".html") 67 | # results2=results[:j] 68 | # 69 | # if results2.endswith(":"): 70 | # results2=results2[:-1] 71 | # print "Copying the infected file to: "+filename1 72 | # foundfileslog.write(filename1+"\n") 73 | # copycommand1="cp -R --remove-destination "+filename1+" "+honeypotconfig.wdir+"found/" 74 | # os.system(copycommand1) 75 | # print "Copying the infected file to: "+filename2 76 | # foundfileslog.write(filename2+"\n") 77 | # copycommand2="cp --remove-destination "+filename2+" "+honeypotconfig.wdir+"found/" 78 | # os.system(copycommand2) 79 | 80 | 81 | -------------------------------------------------------------------------------- /tools/report.py: -------------------------------------------------------------------------------- 1 | import honeypotconfig 2 | 3 | infected_files = dict() 4 | 5 | 6 | 7 | with open(honeypotconfig.wdir + "scanlogs/AVG-report.log") as f: 8 | for line in f: 9 | if line.startswith(honeypotconfig.wdir): 10 | infected_files[line.split(" ")[0]] = " AVG" 11 | 12 | with open(honeypotconfig.wdir + "scanlogs/Clam-report.log") as f: 13 | for line in f: 14 | if line.strip().endswith("FOUND"): 15 | line = line.split(":")[0] 16 | if line in infected_files: 17 | if infected_files[line].endswith("Clam-AV"): 18 | continue 19 | infected_files[line] = infected_files[line] + ",Clam-AV" 20 | else: 21 | infected_files[line] = " Clam-AV" 22 | 23 | 24 | with open(honeypotconfig.wdir + "scanlogs/Yara-report.log") as f: 25 | start = False 26 | for line in f: 27 | if "------------" in line: 28 | start = True 29 | continue 30 | elif line.startswith("yara -r"): 31 | start = False 32 | if start: 33 | if line.strip(): 34 | line = line.split(" ")[1].strip() 35 | if line in infected_files: 36 | if infected_files[line].endswith("YARA"): 37 | continue 38 | infected_files[line] = infected_files[line] + ",YARA" 39 | else: 40 | infected_files[line] = " YARA" 41 | 42 | infected_urls = dict() 43 | 44 | for k, v in infected_files.iteritems(): 45 | website = k[k.find("http"):].split("/")[0] 46 | if website in infected_urls: 47 | infected_urls[website] = infected_urls[website] + "\n\t" + k + v 48 | else: 49 | infected_urls[website] = "\n\t" + k + v 50 | 51 | with open(honeypotconfig.wdir + "scanlogs/Malicious-Websites.log", "w") as f: 52 | f.write("Infected sites: " + str(len(infected_urls)) + "\n") 53 | for k, v in infected_urls.iteritems(): 54 | print "\n\n" + k.replace("%3A%2F%2F" , "://") 55 | print v 56 | f.write("\n\n" + k.replace("%3A%2F%2F" , "://")) 57 | f.write(v) 58 | -------------------------------------------------------------------------------- /unquote.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/unquote.pyc -------------------------------------------------------------------------------- /updateantivirus.py: -------------------------------------------------------------------------------- 1 | #! /usr/bin/env python 2 | 3 | 4 | import subprocess 5 | import sys, threading, Queue 6 | import os 7 | 8 | def updateantivirus(): 9 | command="echo ======================= Updating Antivirus Signatures ========================" 10 | os.system(command) 11 | 12 | command3="freshclam" 13 | os.system(command3) 14 | 15 | -------------------------------------------------------------------------------- /updateantivirus.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/updateantivirus.pyc -------------------------------------------------------------------------------- /yaradetection.py: -------------------------------------------------------------------------------- 1 | #! /usr/bin/env python 2 | 3 | 4 | import subprocess 5 | import sys 6 | import os, datetime, time 7 | import string 8 | import honeypotconfig 9 | import honeypotconfig 10 | 11 | #compile the rules 12 | 13 | 14 | 15 | def listandscan(path): 16 | 17 | script_path = os.path.dirname(os.path.abspath( __file__ )) 18 | start_timeYara = time.time() 19 | 20 | with open(script_path + "/scanlogs/Yara-report.log", "w") as f: 21 | print "\n===================================== Yara =====================================" 22 | f.write("======================================Yara======================================\n\n") 23 | f.write(datetime.datetime.now().strftime("%A, %d %B %Y %I:%M:%S%p") + "\n\n") 24 | f.write("--------------------------------------------------------------------------------\n\n") 25 | os.system("find . -type f -size 0k -exec rm {} \; | awk '{ print $8 }'") 26 | 27 | process = subprocess.Popen("yara -r " + script_path+"/yrules/rules.yara " + script_path+"/tmp", shell=True, stdout=subprocess.PIPE) 28 | for line in iter(process.stdout.readline, ''): 29 | sys.stdout.write(line) 30 | f.write(line) 31 | f.write("\nyara -r " + script_path + "/yrules/rules.yara " + script_path +"/tmp/"+ "\n\n") 32 | finish_time = time.time() - start_timeYara, "seconds" 33 | f.write("Scanning time with Yara engine was: " + str(finish_time) + "\n\n") 34 | print "================================================================================" 35 | 36 | ''' 37 | def yaradetect(inputfile): 38 | ruleinput='Value' 39 | fin = open(honeypotconfig.wdir+"yrules/rules.yara", 'r') 40 | if fin: 41 | ruleinput = fin.read() 42 | fin.close() 43 | rules = yara.compile(source=ruleinput) 44 | f = open(inputfile, 'r') 45 | matches = rules.match(data=f.read()) 46 | for m in matches: 47 | print "%s" % m+ " found in file: " +inputfile 48 | yarareport=reportfile.write(inputfile+"\t\t"+"%s" % m+"\n") 49 | 50 | ''' 51 | -------------------------------------------------------------------------------- /yaradetection.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Masood-M/yalih/7f222f4063928fe191c6b5ceee592eb36baa7939/yaradetection.pyc -------------------------------------------------------------------------------- /yrules/rules.yara: -------------------------------------------------------------------------------- 1 | rule myrule 2 | { 3 | meta: 4 | impact = 6 5 | strings: 6 | $body = "rapid" nocase 7 | condition: 8 | $body 9 | } 10 | 11 | 12 | 13 | rule SuspicousBodyOnload 14 | { 15 | meta: 16 | impact = 6 17 | strings: 18 | $body = /]*onload\s*=\s*['"]*[a-z0-9]+\(['"][a-f0-9]{300}/ nocase 19 | condition: 20 | $body 21 | } 22 | 23 | 24 | 25 | --------------------------------------------------------------------------------