├── CheckEvilSln.py
├── LICENSE
└── README.md


/CheckEvilSln.py:
--------------------------------------------------------------------------------
 1 | import os
 2 | import sys
 3 | import xml.etree.ElementTree as ET
 4 | 
 5 | def check_common(foldername, filename):
 6 |     tree = ET.parse(os.path.join(foldername, filename))
 7 |     root = tree.getroot()
 8 |     namespaces = {'ns': root.tag.split('}')[0].strip('{')}
 9 | 
10 |     # Check <Target Name="GetFrameworkPaths">
11 |     for target in root.findall(".//ns:Target[@Name='GetFrameworkPaths']", namespaces):
12 |         print(f'Found({filename}) <Target Name="GetFrameworkPaths">')
13 | 
14 |     # Check <COMFileReference Include="...">
15 |     for com_file_ref in root.findall(".//ns:COMFileReference", namespaces):
16 |         include_attr = com_file_ref.get('Include')
17 |         if include_attr:
18 |             print(f'Found({filename}) <COMFileReference Include={include_attr}>')
19 |     
20 |     # Check <PreBuildEvent>
21 |     for pre_build_event in root.findall(".//ns:PreBuildEvent", namespaces):
22 |         for command in pre_build_event.findall(".//ns:Command", namespaces):
23 |             print(f'Found({filename}) PreBuildEvent command: {command.text}')
24 | 
25 |     # Check <PreLinkEvent>
26 |     for pre_build_event in root.findall(".//ns:PreLinkEvent", namespaces):
27 |         for command in pre_build_event.findall(".//ns:Command", namespaces):
28 |             print(f'Found({filename}) PreLinkEvent command: {command.text}')
29 | 
30 |     # Check <PostBuildEvent>
31 |     for pre_build_event in root.findall(".//ns:PostBuildEvent", namespaces):
32 |         for command in pre_build_event.findall(".//ns:Command", namespaces):
33 |             print(f'Found({filename}) PostBuildEvent command: {command.text}')
34 | 
35 | # Check m_serializedClaims
36 | def check_serialized_claims(foldername, filename):
37 |     with open(foldername + "\\" + filename, 'rb') as file:
38 |         content = file.read()
39 |         if b'm_serializedClaims' in content:
40 |             print(f'Found({filename}) m_serializedClaims')
41 | 
42 | def scan_folder(path):
43 |     for foldername, subfolders, filenames in os.walk(path):
44 |         for filename in filenames:
45 |             if filename.endswith('.vcxproj'):
46 |                 check_common(foldername, filename)
47 |             elif filename.endswith('.suo'):
48 |                 check_serialized_claims(foldername, filename)
49 | 
50 | def main():
51 |     if len(sys.argv) < 2:
52 |         print('Please input the directory you want to check.')
53 |         return   
54 |     
55 |     path = sys.argv[1]
56 |     scan_folder(path)
57 | 
58 | if __name__ == '__main__':
59 |     main()
60 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2023 Back Engineering Labs
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # CheckEvilSln
 2 | A simple python script to check evil Visual Studio projects
 3 | 
 4 | 
 5 | ## Background and purpose
 6 | * https://github.com/cjm00n/EvilSln
 7 | * https://github.com/pwntester/ysoserial.net
 8 | 
 9 | ## Usage
10 | ```
11 | python CheckEvilSln.py [directory]
12 | ```
13 | 
14 | ## Example commands:
15 | ```bash
16 | python CheckEvilSln.py E:\hack\EvilSln
17 | ```
18 | 
19 | 
20 | 


--------------------------------------------------------------------------------