├── .gitattributes ├── .gitignore ├── Binaries ├── PAExec │ └── paexec.exe ├── PHP │ └── 7.3.8 │ │ ├── deplister.exe │ │ ├── dev │ │ └── php7ts.lib │ │ ├── ext │ │ ├── php_bz2.dll │ │ ├── php_com_dotnet.dll │ │ ├── php_curl.dll │ │ ├── php_dba.dll │ │ ├── php_enchant.dll │ │ ├── php_exif.dll │ │ ├── php_fileinfo.dll │ │ ├── php_ftp.dll │ │ ├── php_gd2.dll │ │ ├── php_gettext.dll │ │ ├── php_gmp.dll │ │ ├── php_imap.dll │ │ ├── php_interbase.dll │ │ ├── php_intl.dll │ │ ├── php_ldap.dll │ │ ├── php_mbstring.dll │ │ ├── php_mysqli.dll │ │ ├── php_oci8_12c.dll │ │ ├── php_odbc.dll │ │ ├── php_opcache.dll │ │ ├── php_openssl.dll │ │ ├── php_pdo_firebird.dll │ │ ├── php_pdo_mysql.dll │ │ ├── php_pdo_oci.dll │ │ ├── php_pdo_odbc.dll │ │ ├── php_pdo_pgsql.dll │ │ ├── php_pdo_sqlite.dll │ │ ├── php_pgsql.dll │ │ ├── php_phpdbg_webhelper.dll │ │ ├── php_shmop.dll │ │ ├── php_snmp.dll │ │ ├── php_soap.dll │ │ ├── php_sockets.dll │ │ ├── php_sodium.dll │ │ ├── php_sqlite3.dll │ │ ├── php_sysvshm.dll │ │ ├── php_tidy.dll │ │ ├── php_xmlrpc.dll │ │ ├── php_xsl.dll │ │ └── php_zend_test.dll │ │ ├── extras │ │ └── ssl │ │ │ └── openssl.cnf │ │ ├── glib-2.dll │ │ ├── gmodule-2.dll │ │ ├── icudt64.dll │ │ ├── icuin64.dll │ │ ├── icuio64.dll │ │ ├── icuuc64.dll │ │ ├── install.txt │ │ ├── lib │ │ └── enchant │ │ │ ├── libenchant_ispell.dll │ │ │ └── libenchant_myspell.dll │ │ ├── libcrypto-1_1-x64.dll │ │ ├── libenchant.dll │ │ ├── libpq.dll │ │ ├── libsasl.dll │ │ ├── libsodium.dll │ │ ├── libssh2.dll │ │ ├── libssl-1_1-x64.dll │ │ ├── license.txt │ │ ├── news.txt │ │ ├── nghttp2.dll │ │ ├── phar.phar.bat │ │ ├── pharcommand.phar │ │ ├── php-cgi.exe │ │ ├── php-win.exe │ │ ├── php.exe │ │ ├── php.gif │ │ ├── php.ini-development │ │ ├── php.ini-production │ │ ├── php7apache2_4.dll │ │ ├── php7embed.lib │ │ ├── php7phpdbg.dll │ │ ├── php7ts.dll │ │ ├── phpdbg.exe │ │ ├── readme-redist-bins.txt │ │ ├── sasl2 │ │ ├── saslANONYMOUS.dll │ │ ├── saslCRAMMD5.dll │ │ ├── saslDIGESTMD5.dll │ │ ├── saslLOGIN.dll │ │ ├── saslNTLM.dll │ │ ├── saslOTP.dll │ │ ├── saslPLAIN.dll │ │ ├── saslSASLDB.dll │ │ ├── saslSCRAM.dll │ │ └── saslSQLITE.dll │ │ └── snapshot.txt ├── Readme.txt └── Sendmail │ ├── libeay32.dll │ ├── sendmail.exe │ ├── sendmail.ini │ └── ssleay32.dll ├── Cache ├── RTP-cache1.dat ├── RTP-cache2.dat └── Ransomware_Defender_Perimiter_File.dat ├── Config ├── Config.vbs ├── ScanCore_Config.php ├── Service_Config.vbs ├── setting1.dat ├── setting2.dat ├── setting3.dat └── setting4.dat ├── Definitions └── ScanCore_Virus.def ├── Dependencies └── vc_redist.x64.exe ├── Documentation ├── Accessibility_Monitor_README.md ├── GNU_GPLv3.txt ├── HR-AV_Changelog.txt ├── ICON_CREDITS.txt ├── MICROSOFT_LIMITED_PUBLIC_LICENSE.txt ├── PAExec_Eula.txt ├── Ransomware_Defender.vbs_Changelog.txt ├── Ransomware_Defender.vbs_Readme.txt ├── Registry_Monitor.vbs_Changelog.txt ├── Registry_Monitor.vbs_Readme.txt ├── Storage_Monitor.vbs_Changelog.txt ├── Storage_Monitor.vbs_Readme.txt ├── Workstation_USB_Monitor.vbs_Readme.txt ├── sendmail_ReadMe.html └── sendmail_license.txt ├── HR-AV.hta ├── Pages ├── Scan │ ├── computerScanner.hta │ ├── fileScanner.hta │ └── folderScanner.hta ├── Settings │ └── updater.hta ├── scanner.hta ├── settings.hta └── updater.hta ├── README.md ├── Resources ├── Banner.png ├── BannerWork │ ├── Banner.png │ ├── BannerWork1.png │ ├── BannerWork2.png │ └── board1.jpg ├── Beer_96x96.png ├── HR-AV.ico ├── Screenshot-1.png ├── Shield-Green_128x128.png ├── Shield-Green_24x24.png ├── Shield-Green_64x64.png ├── Shield-Red_128x128.png ├── Shield-Red_24x24.png ├── Shield-Red_64x64.png ├── Shield-Yellow_128x128.png ├── Shield-Yellow_24x24.png ├── Shield-Yellow_64x64.png └── shield_green_128x128.ico ├── Scripts ├── CSS │ └── mainStyle.css ├── Javascript │ └── JSFunctions.js ├── PHP │ └── PHP-AV │ │ └── scanCore.php ├── Readme.txt └── VBS │ ├── Accessibility_Defender.vbs │ ├── App-Core.vbs │ ├── Main-Core.vbs │ ├── Ransomware_Defender.vbs │ ├── RealTime-Core.vbs │ ├── Restart.vbs │ ├── Scan-Core.vbs │ ├── Settings-Core.vbs │ ├── Storage_Monitor.vbs │ ├── UI-Core.vbs │ ├── Update-Core.vbs │ └── Workstation_USB_Monitor.vbs ├── Temp ├── RTP-systemp.txt └── systemp.txt └── ToDo.txt /.gitattributes: -------------------------------------------------------------------------------- 1 | # Auto detect text files and perform LF normalization 2 | * text=auto 3 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | 2 | Temp/temp.txt 3 | Config/HRAV_Keys.vbs 4 | Pages/Cache/RTP-cache1.dat 5 | Pages/Cache/RTP-cache2.dat 6 | Pages/Temp/systemp.txt 7 | Reports/c1b215c2d37e/06a995f21654/ScanCore_Report.txt 8 | Reports/c1b215c2d37e/1edb686a4033/ScanCore_Report.txt 9 | Reports/c1b215c2d37e/33f173f4d3ff/ScanCore_Report.txt 10 | Reports/c1b215c2d37e/6afa2416188b/ScanCore_Report.txt 11 | Reports/c1b215c2d37e/769f81727fc0/ScanCore_Report.txt 12 | Reports/c1b215c2d37e/5507bb3ba671/ScanCore_Report.txt 13 | Reports/c1b215c2d37e/e83724de1ee7/ScanCore_Report.txt 14 | Reports/c1b215c2d37e/ffe8407ef7b6/ScanCore_Report.txt 15 | -------------------------------------------------------------------------------- /Binaries/PAExec/paexec.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PAExec/paexec.exe -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/deplister.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/deplister.exe -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/dev/php7ts.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/dev/php7ts.lib -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/ext/php_bz2.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/ext/php_bz2.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/ext/php_com_dotnet.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/ext/php_com_dotnet.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/ext/php_curl.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/ext/php_curl.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/ext/php_dba.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/ext/php_dba.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/ext/php_enchant.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/ext/php_enchant.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/ext/php_exif.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/ext/php_exif.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/ext/php_fileinfo.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/ext/php_fileinfo.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/ext/php_ftp.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/ext/php_ftp.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/ext/php_gd2.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/ext/php_gd2.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/ext/php_gettext.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/ext/php_gettext.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/ext/php_gmp.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/ext/php_gmp.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/ext/php_imap.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/ext/php_imap.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/ext/php_interbase.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/ext/php_interbase.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/ext/php_intl.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/ext/php_intl.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/ext/php_ldap.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/ext/php_ldap.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/ext/php_mbstring.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/ext/php_mbstring.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/ext/php_mysqli.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/ext/php_mysqli.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/ext/php_oci8_12c.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/ext/php_oci8_12c.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/ext/php_odbc.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/ext/php_odbc.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/ext/php_opcache.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/ext/php_opcache.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/ext/php_openssl.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/ext/php_openssl.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/ext/php_pdo_firebird.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/ext/php_pdo_firebird.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/ext/php_pdo_mysql.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/ext/php_pdo_mysql.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/ext/php_pdo_oci.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/ext/php_pdo_oci.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/ext/php_pdo_odbc.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/ext/php_pdo_odbc.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/ext/php_pdo_pgsql.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/ext/php_pdo_pgsql.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/ext/php_pdo_sqlite.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/ext/php_pdo_sqlite.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/ext/php_pgsql.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/ext/php_pgsql.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/ext/php_phpdbg_webhelper.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/ext/php_phpdbg_webhelper.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/ext/php_shmop.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/ext/php_shmop.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/ext/php_snmp.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/ext/php_snmp.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/ext/php_soap.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/ext/php_soap.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/ext/php_sockets.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/ext/php_sockets.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/ext/php_sodium.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/ext/php_sodium.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/ext/php_sqlite3.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/ext/php_sqlite3.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/ext/php_sysvshm.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/ext/php_sysvshm.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/ext/php_tidy.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/ext/php_tidy.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/ext/php_xmlrpc.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/ext/php_xmlrpc.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/ext/php_xsl.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/ext/php_xsl.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/ext/php_zend_test.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/ext/php_zend_test.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/extras/ssl/openssl.cnf: -------------------------------------------------------------------------------- 1 | # 2 | # OpenSSL example configuration file. 3 | # This is mostly being used for generation of certificate requests. 4 | # 5 | 6 | # Note that you can include other files from the main configuration 7 | # file using the .include directive. 8 | #.include filename 9 | 10 | # This definition stops the following lines choking if HOME isn't 11 | # defined. 12 | HOME = . 13 | 14 | # Extra OBJECT IDENTIFIER info: 15 | #oid_file = $ENV::HOME/.oid 16 | oid_section = new_oids 17 | 18 | # To use this configuration file with the "-extfile" option of the 19 | # "openssl x509" utility, name here the section containing the 20 | # X.509v3 extensions to use: 21 | # extensions = 22 | # (Alternatively, use a configuration file that has only 23 | # X.509v3 extensions in its main [= default] section.) 24 | 25 | [ new_oids ] 26 | 27 | # We can add new OIDs in here for use by 'ca', 'req' and 'ts'. 28 | # Add a simple OID like this: 29 | # testoid1=1.2.3.4 30 | # Or use config file substitution like this: 31 | # testoid2=${testoid1}.5.6 32 | 33 | # Policies used by the TSA examples. 34 | tsa_policy1 = 1.2.3.4.1 35 | tsa_policy2 = 1.2.3.4.5.6 36 | tsa_policy3 = 1.2.3.4.5.7 37 | 38 | #################################################################### 39 | [ ca ] 40 | default_ca = CA_default # The default ca section 41 | 42 | #################################################################### 43 | [ CA_default ] 44 | 45 | dir = ./demoCA # Where everything is kept 46 | certs = $dir/certs # Where the issued certs are kept 47 | crl_dir = $dir/crl # Where the issued crl are kept 48 | database = $dir/index.txt # database index file. 49 | #unique_subject = no # Set to 'no' to allow creation of 50 | # several certs with same subject. 51 | new_certs_dir = $dir/newcerts # default place for new certs. 52 | 53 | certificate = $dir/cacert.pem # The CA certificate 54 | serial = $dir/serial # The current serial number 55 | crlnumber = $dir/crlnumber # the current crl number 56 | # must be commented out to leave a V1 CRL 57 | crl = $dir/crl.pem # The current CRL 58 | private_key = $dir/private/cakey.pem# The private key 59 | 60 | x509_extensions = usr_cert # The extensions to add to the cert 61 | 62 | # Comment out the following two lines for the "traditional" 63 | # (and highly broken) format. 64 | name_opt = ca_default # Subject Name options 65 | cert_opt = ca_default # Certificate field options 66 | 67 | # Extension copying option: use with caution. 68 | # copy_extensions = copy 69 | 70 | # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs 71 | # so this is commented out by default to leave a V1 CRL. 72 | # crlnumber must also be commented out to leave a V1 CRL. 73 | # crl_extensions = crl_ext 74 | 75 | default_days = 365 # how long to certify for 76 | default_crl_days= 30 # how long before next CRL 77 | default_md = default # use public key default MD 78 | preserve = no # keep passed DN ordering 79 | 80 | # A few difference way of specifying how similar the request should look 81 | # For type CA, the listed attributes must be the same, and the optional 82 | # and supplied fields are just that :-) 83 | policy = policy_match 84 | 85 | # For the CA policy 86 | [ policy_match ] 87 | countryName = match 88 | stateOrProvinceName = match 89 | organizationName = match 90 | organizationalUnitName = optional 91 | commonName = supplied 92 | emailAddress = optional 93 | 94 | # For the 'anything' policy 95 | # At this point in time, you must list all acceptable 'object' 96 | # types. 97 | [ policy_anything ] 98 | countryName = optional 99 | stateOrProvinceName = optional 100 | localityName = optional 101 | organizationName = optional 102 | organizationalUnitName = optional 103 | commonName = supplied 104 | emailAddress = optional 105 | 106 | #################################################################### 107 | [ req ] 108 | default_bits = 2048 109 | default_keyfile = privkey.pem 110 | distinguished_name = req_distinguished_name 111 | attributes = req_attributes 112 | x509_extensions = v3_ca # The extensions to add to the self signed cert 113 | 114 | # Passwords for private keys if not present they will be prompted for 115 | # input_password = secret 116 | # output_password = secret 117 | 118 | # This sets a mask for permitted string types. There are several options. 119 | # default: PrintableString, T61String, BMPString. 120 | # pkix : PrintableString, BMPString (PKIX recommendation before 2004) 121 | # utf8only: only UTF8Strings (PKIX recommendation after 2004). 122 | # nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). 123 | # MASK:XXXX a literal mask value. 124 | # WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. 125 | string_mask = utf8only 126 | 127 | # req_extensions = v3_req # The extensions to add to a certificate request 128 | 129 | [ req_distinguished_name ] 130 | countryName = Country Name (2 letter code) 131 | countryName_default = AU 132 | countryName_min = 2 133 | countryName_max = 2 134 | 135 | stateOrProvinceName = State or Province Name (full name) 136 | stateOrProvinceName_default = Some-State 137 | 138 | localityName = Locality Name (eg, city) 139 | 140 | 0.organizationName = Organization Name (eg, company) 141 | 0.organizationName_default = Internet Widgits Pty Ltd 142 | 143 | # we can do this but it is not needed normally :-) 144 | #1.organizationName = Second Organization Name (eg, company) 145 | #1.organizationName_default = World Wide Web Pty Ltd 146 | 147 | organizationalUnitName = Organizational Unit Name (eg, section) 148 | #organizationalUnitName_default = 149 | 150 | commonName = Common Name (e.g. server FQDN or YOUR name) 151 | commonName_max = 64 152 | 153 | emailAddress = Email Address 154 | emailAddress_max = 64 155 | 156 | # SET-ex3 = SET extension number 3 157 | 158 | [ req_attributes ] 159 | challengePassword = A challenge password 160 | challengePassword_min = 4 161 | challengePassword_max = 20 162 | 163 | unstructuredName = An optional company name 164 | 165 | [ usr_cert ] 166 | 167 | # These extensions are added when 'ca' signs a request. 168 | 169 | # This goes against PKIX guidelines but some CAs do it and some software 170 | # requires this to avoid interpreting an end user certificate as a CA. 171 | 172 | basicConstraints=CA:FALSE 173 | 174 | # Here are some examples of the usage of nsCertType. If it is omitted 175 | # the certificate can be used for anything *except* object signing. 176 | 177 | # This is OK for an SSL server. 178 | # nsCertType = server 179 | 180 | # For an object signing certificate this would be used. 181 | # nsCertType = objsign 182 | 183 | # For normal client use this is typical 184 | # nsCertType = client, email 185 | 186 | # and for everything including object signing: 187 | # nsCertType = client, email, objsign 188 | 189 | # This is typical in keyUsage for a client certificate. 190 | # keyUsage = nonRepudiation, digitalSignature, keyEncipherment 191 | 192 | # This will be displayed in Netscape's comment listbox. 193 | nsComment = "OpenSSL Generated Certificate" 194 | 195 | # PKIX recommendations harmless if included in all certificates. 196 | subjectKeyIdentifier=hash 197 | authorityKeyIdentifier=keyid,issuer 198 | 199 | # This stuff is for subjectAltName and issuerAltname. 200 | # Import the email address. 201 | # subjectAltName=email:copy 202 | # An alternative to produce certificates that aren't 203 | # deprecated according to PKIX. 204 | # subjectAltName=email:move 205 | 206 | # Copy subject details 207 | # issuerAltName=issuer:copy 208 | 209 | #nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem 210 | #nsBaseUrl 211 | #nsRevocationUrl 212 | #nsRenewalUrl 213 | #nsCaPolicyUrl 214 | #nsSslServerName 215 | 216 | # This is required for TSA certificates. 217 | # extendedKeyUsage = critical,timeStamping 218 | 219 | [ v3_req ] 220 | 221 | # Extensions to add to a certificate request 222 | 223 | basicConstraints = CA:FALSE 224 | keyUsage = nonRepudiation, digitalSignature, keyEncipherment 225 | 226 | [ v3_ca ] 227 | 228 | 229 | # Extensions for a typical CA 230 | 231 | 232 | # PKIX recommendation. 233 | 234 | subjectKeyIdentifier=hash 235 | 236 | authorityKeyIdentifier=keyid:always,issuer 237 | 238 | basicConstraints = critical,CA:true 239 | 240 | # Key usage: this is typical for a CA certificate. However since it will 241 | # prevent it being used as an test self-signed certificate it is best 242 | # left out by default. 243 | # keyUsage = cRLSign, keyCertSign 244 | 245 | # Some might want this also 246 | # nsCertType = sslCA, emailCA 247 | 248 | # Include email address in subject alt name: another PKIX recommendation 249 | # subjectAltName=email:copy 250 | # Copy issuer details 251 | # issuerAltName=issuer:copy 252 | 253 | # DER hex encoding of an extension: beware experts only! 254 | # obj=DER:02:03 255 | # Where 'obj' is a standard or added object 256 | # You can even override a supported extension: 257 | # basicConstraints= critical, DER:30:03:01:01:FF 258 | 259 | [ crl_ext ] 260 | 261 | # CRL extensions. 262 | # Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. 263 | 264 | # issuerAltName=issuer:copy 265 | authorityKeyIdentifier=keyid:always 266 | 267 | [ proxy_cert_ext ] 268 | # These extensions should be added when creating a proxy certificate 269 | 270 | # This goes against PKIX guidelines but some CAs do it and some software 271 | # requires this to avoid interpreting an end user certificate as a CA. 272 | 273 | basicConstraints=CA:FALSE 274 | 275 | # Here are some examples of the usage of nsCertType. If it is omitted 276 | # the certificate can be used for anything *except* object signing. 277 | 278 | # This is OK for an SSL server. 279 | # nsCertType = server 280 | 281 | # For an object signing certificate this would be used. 282 | # nsCertType = objsign 283 | 284 | # For normal client use this is typical 285 | # nsCertType = client, email 286 | 287 | # and for everything including object signing: 288 | # nsCertType = client, email, objsign 289 | 290 | # This is typical in keyUsage for a client certificate. 291 | # keyUsage = nonRepudiation, digitalSignature, keyEncipherment 292 | 293 | # This will be displayed in Netscape's comment listbox. 294 | nsComment = "OpenSSL Generated Certificate" 295 | 296 | # PKIX recommendations harmless if included in all certificates. 297 | subjectKeyIdentifier=hash 298 | authorityKeyIdentifier=keyid,issuer 299 | 300 | # This stuff is for subjectAltName and issuerAltname. 301 | # Import the email address. 302 | # subjectAltName=email:copy 303 | # An alternative to produce certificates that aren't 304 | # deprecated according to PKIX. 305 | # subjectAltName=email:move 306 | 307 | # Copy subject details 308 | # issuerAltName=issuer:copy 309 | 310 | #nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem 311 | #nsBaseUrl 312 | #nsRevocationUrl 313 | #nsRenewalUrl 314 | #nsCaPolicyUrl 315 | #nsSslServerName 316 | 317 | # This really needs to be in place for it to be a proxy certificate. 318 | proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo 319 | 320 | #################################################################### 321 | [ tsa ] 322 | 323 | default_tsa = tsa_config1 # the default TSA section 324 | 325 | [ tsa_config1 ] 326 | 327 | # These are used by the TSA reply generation only. 328 | dir = ./demoCA # TSA root directory 329 | serial = $dir/tsaserial # The current serial number (mandatory) 330 | crypto_device = builtin # OpenSSL engine to use for signing 331 | signer_cert = $dir/tsacert.pem # The TSA signing certificate 332 | # (optional) 333 | certs = $dir/cacert.pem # Certificate chain to include in reply 334 | # (optional) 335 | signer_key = $dir/private/tsakey.pem # The TSA private key (optional) 336 | signer_digest = sha256 # Signing digest to use. (Optional) 337 | default_policy = tsa_policy1 # Policy if request did not specify it 338 | # (optional) 339 | other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) 340 | digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory) 341 | accuracy = secs:1, millisecs:500, microsecs:100 # (optional) 342 | clock_precision_digits = 0 # number of digits after dot. (optional) 343 | ordering = yes # Is ordering defined for timestamps? 344 | # (optional, default: no) 345 | tsa_name = yes # Must the TSA name be included in the reply? 346 | # (optional, default: no) 347 | ess_cert_id_chain = no # Must the ESS cert id chain be included? 348 | # (optional, default: no) 349 | ess_cert_id_alg = sha1 # algorithm to compute certificate 350 | # identifier (optional, default: sha1) 351 | -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/glib-2.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/glib-2.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/gmodule-2.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/gmodule-2.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/icudt64.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/icudt64.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/icuin64.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/icuin64.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/icuio64.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/icuio64.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/icuuc64.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/icuuc64.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/install.txt: -------------------------------------------------------------------------------- 1 | For installation of PHP, please refer to the online documentation available at: 2 | 3 | https://php.net/install 4 | -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/lib/enchant/libenchant_ispell.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/lib/enchant/libenchant_ispell.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/lib/enchant/libenchant_myspell.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/lib/enchant/libenchant_myspell.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/libcrypto-1_1-x64.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/libcrypto-1_1-x64.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/libenchant.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/libenchant.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/libpq.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/libpq.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/libsasl.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/libsasl.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/libsodium.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/libsodium.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/libssh2.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/libssh2.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/libssl-1_1-x64.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/libssl-1_1-x64.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/license.txt: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------- 2 | The PHP License, version 3.01 3 | Copyright (c) 1999 - 2018 The PHP Group. All rights reserved. 4 | -------------------------------------------------------------------- 5 | 6 | Redistribution and use in source and binary forms, with or without 7 | modification, is permitted provided that the following conditions 8 | are met: 9 | 10 | 1. Redistributions of source code must retain the above copyright 11 | notice, this list of conditions and the following disclaimer. 12 | 13 | 2. Redistributions in binary form must reproduce the above copyright 14 | notice, this list of conditions and the following disclaimer in 15 | the documentation and/or other materials provided with the 16 | distribution. 17 | 18 | 3. The name "PHP" must not be used to endorse or promote products 19 | derived from this software without prior written permission. For 20 | written permission, please contact group@php.net. 21 | 22 | 4. Products derived from this software may not be called "PHP", nor 23 | may "PHP" appear in their name, without prior written permission 24 | from group@php.net. You may indicate that your software works in 25 | conjunction with PHP by saying "Foo for PHP" instead of calling 26 | it "PHP Foo" or "phpfoo" 27 | 28 | 5. The PHP Group may publish revised and/or new versions of the 29 | license from time to time. Each version will be given a 30 | distinguishing version number. 31 | Once covered code has been published under a particular version 32 | of the license, you may always continue to use it under the terms 33 | of that version. You may also choose to use such covered code 34 | under the terms of any subsequent version of the license 35 | published by the PHP Group. No one other than the PHP Group has 36 | the right to modify the terms applicable to covered code created 37 | under this License. 38 | 39 | 6. Redistributions of any form whatsoever must retain the following 40 | acknowledgment: 41 | "This product includes PHP software, freely available from 42 | ". 43 | 44 | THIS SOFTWARE IS PROVIDED BY THE PHP DEVELOPMENT TEAM ``AS IS'' AND 45 | ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 46 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 47 | PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE PHP 48 | DEVELOPMENT TEAM OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 49 | INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 50 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 51 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 52 | HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 53 | STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 54 | ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 55 | OF THE POSSIBILITY OF SUCH DAMAGE. 56 | 57 | -------------------------------------------------------------------- 58 | 59 | This software consists of voluntary contributions made by many 60 | individuals on behalf of the PHP Group. 61 | 62 | The PHP Group can be contacted via Email at group@php.net. 63 | 64 | For more information on the PHP Group and the PHP project, 65 | please see . 66 | 67 | PHP includes the Zend Engine, freely available at 68 | . 69 | -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/nghttp2.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/nghttp2.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/phar.phar.bat: -------------------------------------------------------------------------------- 1 | "%~dp0php.exe" "%~dp0pharcommand.phar" %* 2 | -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/pharcommand.phar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/pharcommand.phar -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/php-cgi.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/php-cgi.exe -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/php-win.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/php-win.exe -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/php.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/php.exe -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/php.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/php.gif -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/php7apache2_4.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/php7apache2_4.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/php7embed.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/php7embed.lib -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/php7phpdbg.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/php7phpdbg.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/php7ts.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/php7ts.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/phpdbg.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/phpdbg.exe -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/sasl2/saslANONYMOUS.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/sasl2/saslANONYMOUS.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/sasl2/saslCRAMMD5.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/sasl2/saslCRAMMD5.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/sasl2/saslDIGESTMD5.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/sasl2/saslDIGESTMD5.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/sasl2/saslLOGIN.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/sasl2/saslLOGIN.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/sasl2/saslNTLM.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/sasl2/saslNTLM.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/sasl2/saslOTP.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/sasl2/saslOTP.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/sasl2/saslPLAIN.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/sasl2/saslPLAIN.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/sasl2/saslSASLDB.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/sasl2/saslSASLDB.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/sasl2/saslSCRAM.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/sasl2/saslSCRAM.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/sasl2/saslSQLITE.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/PHP/7.3.8/sasl2/saslSQLITE.dll -------------------------------------------------------------------------------- /Binaries/PHP/7.3.8/snapshot.txt: -------------------------------------------------------------------------------- 1 | This snapshot was automatically generated on 2 | Tue, 30 Jul 2019 13:42:50 +0000 3 | 4 | Version: 7.3.8 5 | Branch: HEAD 6 | Build: C:\php-snap-build\php73\vc15\x64\obj\Release_TS 7 | 8 | Built-in Extensions 9 | =========================== 10 | Core 11 | bcmath 12 | calendar 13 | ctype 14 | date 15 | filter 16 | hash 17 | iconv 18 | json 19 | SPL 20 | pcre 21 | readline 22 | Reflection 23 | session 24 | standard 25 | mysqlnd 26 | tokenizer 27 | zip 28 | zlib 29 | libxml 30 | dom 31 | PDO 32 | openssl 33 | SimpleXML 34 | xml 35 | wddx 36 | xmlreader 37 | xmlwriter 38 | curl 39 | ftp 40 | sqlite3 41 | Phar 42 | mbstring 43 | mysqli 44 | 45 | 46 | Dependency information: 47 | Module: php_curl.dll 48 | =========================== 49 | libcrypto-1_1-x64.dll 50 | libssl-1_1-x64.dll 51 | libssh2.dll 52 | nghttp2.dll 53 | 54 | Module: libssl-1_1-x64.dll 55 | =========================== 56 | libcrypto-1_1-x64.dll 57 | 58 | Module: libssh2.dll 59 | =========================== 60 | libcrypto-1_1-x64.dll 61 | 62 | Module: php_enchant.dll 63 | =========================== 64 | libenchant.dll 65 | 66 | Module: libenchant.dll 67 | =========================== 68 | glib-2.dll 69 | gmodule-2.dll 70 | 71 | Module: gmodule-2.dll 72 | =========================== 73 | glib-2.dll 74 | 75 | Module: php_ftp.dll 76 | =========================== 77 | libcrypto-1_1-x64.dll 78 | libssl-1_1-x64.dll 79 | 80 | Module: php_intl.dll 81 | =========================== 82 | icuuc64.dll 83 | icuin64.dll 84 | icuio64.dll 85 | 86 | Module: icuuc64.dll 87 | =========================== 88 | icudt64.dll 89 | 90 | Module: icuin64.dll 91 | =========================== 92 | icuuc64.dll 93 | 94 | Module: icuio64.dll 95 | =========================== 96 | icuuc64.dll 97 | icuin64.dll 98 | 99 | Module: php_ldap.dll 100 | =========================== 101 | libsasl.dll 102 | libcrypto-1_1-x64.dll 103 | libssl-1_1-x64.dll 104 | 105 | Module: php_openssl.dll 106 | =========================== 107 | libcrypto-1_1-x64.dll 108 | libssl-1_1-x64.dll 109 | 110 | Module: php_pgsql.dll 111 | =========================== 112 | libpq.dll 113 | 114 | Module: libpq.dll 115 | =========================== 116 | libssl-1_1-x64.dll 117 | libcrypto-1_1-x64.dll 118 | 119 | Module: php_snmp.dll 120 | =========================== 121 | libcrypto-1_1-x64.dll 122 | 123 | Module: php_sodium.dll 124 | =========================== 125 | libsodium.dll 126 | 127 | Module: php_pdo_pgsql.dll 128 | =========================== 129 | libpq.dll 130 | 131 | -------------------------------------------------------------------------------- /Binaries/Readme.txt: -------------------------------------------------------------------------------- 1 | These folders contain the portable distributions for additional scripting engines that you might want to use in your HTA. 2 | 3 | By keeping portable binaries here you can use a tool like VBSEdit to create a standalone executable that supports multiple programming languages. 4 | 5 | There are no binaries in these folders by default, as that would create a licensing & maintenancenightmare for me. You're free to use whatever you like! -------------------------------------------------------------------------------- /Binaries/Sendmail/libeay32.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/Sendmail/libeay32.dll -------------------------------------------------------------------------------- /Binaries/Sendmail/sendmail.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/Sendmail/sendmail.exe -------------------------------------------------------------------------------- /Binaries/Sendmail/sendmail.ini: -------------------------------------------------------------------------------- 1 | ; configuration for fake sendmail 2 | 3 | ; if this file doesn't exist, sendmail.exe will look for the settings in 4 | ; the registry, under HKLM\Software\Sendmail 5 | 6 | [sendmail] 7 | 8 | ; you must change mail.mydomain.com to your smtp server, 9 | ; or to IIS's "pickup" directory. (generally C:\Inetpub\mailroot\Pickup) 10 | ; emails delivered via IIS's pickup directory cause sendmail to 11 | ; run quicker, but you won't get error messages back to the calling 12 | ; application. 13 | 14 | smtp_server= 15 | 16 | ; smtp port (normally 25) 17 | 18 | smtp_port=465 19 | 20 | ; SMTPS (SSL) support 21 | ; auto = use SSL for port 465, otherwise try to use TLS 22 | ; ssl = alway use SSL 23 | ; tls = always use TLS 24 | ; none = never try to use SSL 25 | 26 | smtp_ssl=ssl 27 | 28 | ; the default domain for this server will be read from the registry 29 | ; this will be appended to email addresses when one isn't provided 30 | ; if you want to override the value in the registry, uncomment and modify 31 | 32 | ;default_domain= 33 | 34 | ; log smtp errors to error.log (defaults to same directory as sendmail.exe) 35 | ; uncomment to enable logging 36 | 37 | error_logfile=error.log 38 | 39 | ; create debug log as debug.log (defaults to same directory as sendmail.exe) 40 | ; uncomment to enable debugging 41 | 42 | ;debug_logfile=debug.log 43 | 44 | ; if your smtp server requires authentication, modify the following two lines 45 | 46 | auth_username= 47 | auth_password= 48 | 49 | ; if your smtp server uses pop3 before smtp authentication, modify the 50 | ; following three lines. do not enable unless it is required. 51 | 52 | pop3_server= 53 | pop3_username= 54 | pop3_password= 55 | 56 | ; force the sender to always be the following email address 57 | ; this will only affect the "MAIL FROM" command, it won't modify 58 | ; the "From: " header of the message content 59 | 60 | force_sender= 61 | 62 | ; force the sender to always be the following email address 63 | ; this will only affect the "RCTP TO" command, it won't modify 64 | ; the "To: " header of the message content 65 | 66 | force_recipient= 67 | 68 | ; sendmail will use your hostname and your default_domain in the ehlo/helo 69 | ; smtp greeting. you can manually set the ehlo/helo name if required 70 | 71 | hostname= 72 | 73 | -------------------------------------------------------------------------------- /Binaries/Sendmail/ssleay32.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Binaries/Sendmail/ssleay32.dll -------------------------------------------------------------------------------- /Cache/RTP-cache1.dat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Cache/RTP-cache1.dat -------------------------------------------------------------------------------- /Cache/RTP-cache2.dat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Cache/RTP-cache2.dat -------------------------------------------------------------------------------- /Cache/Ransomware_Defender_Perimiter_File.dat: -------------------------------------------------------------------------------- 1 | !!! PLEASE DO NOT MODIFY THIS FILE !!! 2 | 3 | This is a Ransomware_Defender permimiter file! It contains some arbitrary information that the Ransomware_Defender.vbs script as an early-warning beacon to determine when unauthorized disk changes occur. 4 | 5 | If this file changes on it's own; Ransonware_Defender will assume that a malicious application is modifying the local filesystem. 6 | If such activity is detected, this script will send a notification, create a logfile, and shut down the local machine immediately. 7 | 8 | 9 | 10 | v1.0 -------------------------------------------------------------------------------- /Config/Config.vbs: -------------------------------------------------------------------------------- 1 | 'HR-AV Desktop Antivirus 2 | 'https://github.com/zelon88/HR-AV 3 | 'https://github.com/zelon88 4 | 5 | 'Author: Justin Grimes 6 | 'Date: 12/18/2019 7 | '<3 Open-Source 8 | 9 | 'Unless Otherwise Noted, The Code Contained In This Repository Is Licensed Under GNU GPLv3 10 | 'https://www.gnu.org/licenses/gpl-3.0.html 11 | 12 | 'This file contains the master VBS engine configuration. 13 | 'If this file is lost or destroyed main application settings will be lost! 14 | 15 | 16 | '-------------------------------------------------- 17 | 'Define global variables for the session. 18 | Option Explicit 19 | 20 | Dim version, uiVersion, helpLocSetting, appName, developerName, developerURL, dieOnInstallationError, windowHeight, windowWidth, _ 21 | appDownloadURL, defDownloadURL, realTimeProtectionEnabled, runInBackground, registryMonitorInterval, ramsomwareDefenderInterval, _ 22 | accessibilityDefenderInterval, storageMonitorInterval, resourceMonitorInterval, infrastructureCheckupInterval, infrastructureHeartbeatInterval, _ 23 | workstationUSBMonitorEnabled, registryMonitorEnabled, ransomwareDefenderEnabled, infrastructureHeartbeatEnabled, infrastructureCheckupEnabled, _ 24 | accessibilityDefenderEnabled, storageMonitorEnabled, resourceMonitorEnabled, DEBUGMODE 25 | '-------------------------------------------------- 26 | 27 | 28 | '-------------------------------------------------- 29 | 'Application-Development Related Variables 30 | 31 | 'These string values in this section should only be modified by your application distributor. 32 | version = "v0.9.9.1" 33 | uiVersion = "v1.2" 34 | helpLocSetting = "https://github.com/zelon88/HR-AV" 35 | appDownloadURL = "https://github.com/zelon88/HR-AV/archive/master.zip" 36 | defDownloadURL = "https://github.com/zelon88/HR-AV_Defs/archive/master.zip" 37 | appName = "HR-AV" 38 | developerName = "Justin Grimes" 39 | developerURL = "https://github.com/zelon88" 40 | DEBUGMODE = FALSE 41 | '-------------------------------------------------- 42 | 43 | 44 | '-------------------------------------------------- 45 | 'Environment Related Variables 46 | 47 | 'Set 'dieOnInstallationError' to 'TRUE' to kill the application instead of running the installer. 48 | 'Useful for deploying via GPO to prevent larger installation mistakes. 49 | 'Must be boolean, TRUE or FALSE. 50 | dieOnInstallationError = TRUE 51 | 52 | 'The 'windowHeight' is the height of the main application window, in pixels. 53 | 'In pixels. Must be an integer. 54 | windowHeight = 660 55 | 56 | 'The 'windowWidth' is the width of the main application window, in pixels. 57 | 'In pixels. Must be an integer. 58 | windowWidth = 600 59 | 60 | 'Set 'realTimeProtectionEnabled' to 'TRUE' to enable the Real-Time-Protection engine (RealTime-Core.vbs) and all of it's services & shceduled tasks. 61 | 'Set 'realTimeProtectionEnabled' to 'FALSE' to disable the Real-Time-Protection engine (RealTime-Core.vbs) and all of it's services & shceduled tasks. 62 | 'Individual Real-Time-Protection services and tasks can still be run manually at any time. 63 | 'Must be boolean, TRUE or FALSE. 64 | realTimeProtectionEnabled = TRUE 65 | 66 | 'Set 'runInBackground' to 'TRUE' to allow the Real-Time-Protection engine (RealTime-Core.vbs) to run in the background, separately from the main application. 67 | 'Set 'runInBackground' to 'FALSE' to prevent the Real-Time-Protection engine (RealTime-Core.vbs) from running when the main application is closed. 68 | 'Must be boolean, TRUE or FALSE. 69 | runInBackground = TRUE 70 | '-------------------------------------------------- 71 | 72 | 73 | '-------------------------------------------------- 74 | 'Service-Specific Variables 75 | 'Allow background services to run. 76 | 'Services that are enabled will be started and enforced automatically. 77 | 78 | 'Workstation_USB_Monitor watches the USB ports on the local machine for new devices and which may indicate potentially malicious activity. 79 | 'Cloned from 'https://github.com/zelon88/Workstation_USB_Monitor' and heavily modified for use in this application. 80 | 'To enable "Workstation_USB_Monitor" to run in the background as managed by this application, set 'workstationUSBMonitorEnabled' to 'TRUE'. 81 | workstationUSBMonitorEnabled = TRUE 82 | '-------------------------------------------------- 83 | 84 | 85 | '-------------------------------------------------- 86 | 'Task-Specific Variables 87 | 'Intervals (in minutes) for real-time-tasks to run. 88 | 'Minimum interval is 1 (one) minute. 89 | 'Intervals set below 1m will be enforced every minute. 90 | 91 | 'Registry Monitor watches the Windows Registry for changes which could indicate malicious activity. 92 | 'When suspicious/malicious activity is detected a log file is created and an email is sent. 93 | 'Cloned from 'https://github.com/zelon88/Registry_Monitor' and heavily modified for use in this application. 94 | 'To enable "Registry_Monitor.vbs" to run at scheduled intervals, set 'registryMonitorEnabled' to 'TRUE'. 95 | registryMonitorEnabled = TRUE 96 | 'Set the 'registryMonitorInterval' interval, in minutes, that 'Registry_Monitor.vbs' will be triggered by the RealTime-Core. 97 | registryMonitorInterval = 10 98 | 99 | 'Ransomware Defender watches the local filesystem for suspicious changes which could indicate Ransomware activity. 100 | 'When suspicious/malicious activity is detected a log file is created and an email is sent. 101 | 'Cloned from 'https://github.com/zelon88/Ransomware_Defender' and heavily modified for use in this application. 102 | 'To enable "Ransomware_Defender.vbs" to run at scheduled intervals, set 'ransomwareDefenderEnabled' to 'TRUE'. 103 | ransomwareDefenderEnabled = TRUE 104 | 'Set the 'ramsomwareDefenderInterval' interval, in minutes, that 'Ransomware_Defender.vbs' will be triggered by the RealTime-Core. 105 | ramsomwareDefenderInterval = 5 106 | 107 | 'Accessibility Monitor watches the local accessibility tools for changes which could indicate backdoor attacker activity. 108 | 'When suspicious/malicious activity is detected a log file is created and an email is sent. 109 | 'Cloned from 'https://github.com/zelon88/Accessibility_Tools_Utilimon_Defender' and heavily modified for use in this application. 110 | 'To enable "Accessibility_Defender.vbs" to run at scheduled intervals, set 'accessibilityDefenderEnabled' to 'TRUE'. 111 | accessibilityDefenderEnabled = TRUE 112 | 'Set the 'accessibilityDefenderInterval' interval, in minutes, that 'Accessibility_Defender.vbs' will be triggered by the RealTime-Core. 113 | accessibilityDefenderInterval = 60 114 | 115 | 'Storage Monitor watches the local filesystems as a whole for changes which could indicate malicious activity. 116 | 'When suspicious/malicious activity is detected a log file is created and an email is sent. 117 | 'Cloned from 'https://github.com/zelon88/Storage_Monitor' and heavily modified for use in this application. 118 | 'To enable "Storage_Monitor.vbs" to run at scheduled intervals, set 'storageMonitorEnabled' to 'TRUE'. 119 | storageMonitorEnabled = TRUE 120 | 'Set the 'storageMonitorInterval' interval, in minutes, that 'Storage_Monitor.vbs' will be triggered by the RealTime-Core. 121 | storageMonitorInterval = 10 122 | 123 | 'Resource Monitor watches the local system as a whole for high resource consumption which could indicate malicious activity. 124 | 'When suspicious/malicious activity is detected a log file is created and an email is sent. 125 | 'Cloned from 'https://github.com/zelon88/Resource_Monitor' and heavily modified for use in this application. 126 | 'To enable "Resource_Monitor.vbs" to run at scheduled intervals, set 'resourceMonitorEnabled' to 'TRUE'. 127 | resourceMonitorEnabled = TRUE 128 | 'Set the 'resourceMonitorInterval' interval, in minutes, that 'Resource_Monitor.vbs' will be triggered by the RealTime-Core. 129 | resourceMonitorInterval = 7 130 | 131 | 'Infrastructure Heartbeat watches network endpoints for online status which could indicate action is required. 132 | 'When suspicious/malicious activity is detected a log file is created and an email is sent. 133 | 'Cloned from 'https://github.com/zelon88/Infrastructure_Heartbeat' and heavily modified for use in this application. 134 | 'To enable "Infrastructure_Heartbeat.vbs" to run at scheduled intervals, set 'infrastructureHeartbeatEnabled' to 'TRUE'. 135 | infrastructureHeartbeatEnabled = TRUE 136 | 'Set the 'infrastructureHeartbeatInterval' interval, in minutes, that 'Infrastructure_Heartbeat.vbs' will be triggered by the RealTime-Core. 137 | infrastructureHeartbeatInterval = 15 138 | 139 | 'Infrastructure Checkup performs periodic diagnostic checks on the local system, which could reveal potential security risks or othere indicators of compomise. 140 | 'When suspicious/malicious activity is detected a log file is created and an email is sent. 141 | 'Cloned from 'https://github.com/zelon88/Infrastructure_Checkup' and heavily modified for use in this application. 142 | 'To enable "Infrastructure_Checkup.vbs" to run at scheduled intervals, set 'infrastructureCheckupEnabled' to 'TRUE'. 143 | infrastructureCheckupEnabled = TRUE 144 | 'Set the 'infrastructureCheckupInterval' interval, in minutes, that 'Infrastructure_Checkup.vbs' will be triggered by the RealTime-Core. 145 | infrastructureCheckupInterval = 10 146 | '-------------------------------------------------- 147 | 148 | -------------------------------------------------------------------------------- /Config/ScanCore_Config.php: -------------------------------------------------------------------------------- 1 | "?{":FSAFD+it'; 38 | // / ------------------------------ 39 | 40 | // / ------------------------------ 41 | // / Directory locations ... 42 | // / Install HR-AV to the following directory. 43 | // / DO NOT CHANGE THE DEFAULT INSTALL DIRECTORY!!! 44 | $InstLoc = str_replace(DIRECTORY_SEPARATOR.DIRECTORY_SEPARATOR, DIRECTORY_SEPARATOR, str_replace(DIRECTORY_SEPARATOR.'Scripts'.DIRECTORY_SEPARATOR.'PHP'.DIRECTORY_SEPARATOR.'PHP-AV', '', realpath(dirname(__FILE__)))); 45 | // / The default location to scan if run with no input scan path argument. 46 | $ScanLoc = ''; 47 | // / The absolute path where log files are stored. 48 | $LogDir = str_replace(DIRECTORY_SEPARATOR.DIRECTORY_SEPARATOR, DIRECTORY_SEPARATOR, $InstLoc.DIRECTORY_SEPARATOR.'Logs'); 49 | // / The absolute path where report files are stored. 50 | $ReportDir = str_replace(DIRECTORY_SEPARATOR.DIRECTORY_SEPARATOR, DIRECTORY_SEPARATOR, str_replace('Config', '', $InstLoc.DIRECTORY_SEPARATOR.'Reports')); 51 | // / The filename for the ScanCore report file. 52 | $ReportFileName = 'ScanCore_Report.txt'; 53 | // / The filename for the ScanCore virus definition file. 54 | $DefsFileName = 'ScanCore_Virus.def'; 55 | // / The filename for the ScanCore virus definition file. 56 | $DefsDir = $InstLoc.DIRECTORY_SEPARATOR.'Definitions'; 57 | // / The absolute path where virus definitions are found. 58 | $DefsFile = str_replace(DIRECTORY_SEPARATOR.DIRECTORY_SEPARATOR, DIRECTORY_SEPARATOR, str_replace('Config', '', $DefsDir.DIRECTORY_SEPARATOR.$DefsFileName)); 59 | // / ------------------------------ 60 | 61 | // / ------------------------------ 62 | // / General Information ... 63 | // / Number of bytes to store in each logfile before splitting to a new one. 64 | $MaxLogSize = '100000000000000000000'; 65 | // / ------------------------------ -------------------------------------------------------------------------------- /Config/Service_Config.vbs: -------------------------------------------------------------------------------- 1 | ' The "companyName" the the full, unabbreviated name of your organization. 2 | companyName = "COMPANY_NAME_REPLACE" 3 | ' The "companyAbbr" is the abbreviated name of your organization. 4 | companyAbbr = "COMPANY_ABBR_REPLACE" 5 | ' The "companyDomain" is the domain to use for sending emails. Generated report emails will appear 6 | ' to have been sent by "COMPUTERNAME@domain.com" 7 | companyDomain = Replace(Replace(GetObject("LDAP://RootDSE").Get("DefaultNamingContext"), ",DC=","."), "DC=","") 8 | ' The "toEmail" is a valid email address where notifications will be sent. 9 | toEmail = "TO_EMAIL_REPLACE" 10 | 'The "enableEmail" setting is for enabling (TRUE) or disabling (FALSE) the sendEmail() function. 11 | enableEmail = FALSE -------------------------------------------------------------------------------- /Config/setting1.dat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Config/setting1.dat -------------------------------------------------------------------------------- /Config/setting2.dat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Config/setting2.dat -------------------------------------------------------------------------------- /Config/setting3.dat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Config/setting3.dat -------------------------------------------------------------------------------- /Config/setting4.dat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Config/setting4.dat -------------------------------------------------------------------------------- /Dependencies/vc_redist.x64.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Dependencies/vc_redist.x64.exe -------------------------------------------------------------------------------- /Documentation/Accessibility_Monitor_README.md: -------------------------------------------------------------------------------- 1 | # Accessibility-Tools-utilmon-Defender 2 | A Windows 7-10 startup script for detecting and preventing "Ease Of Access" attacks. 3 | 4 | 5 | This script was featured in the [how-to](https://www.honestrepair.net/index.php/category/howto/) blog post "[Windows Accessibility Tools… For Hackers Too???](https://www.honestrepair.net/index.php/2018/08/26/windows-accessibility-tools-for-hackers-too/)" on the [HonestRepair Blog](https://www.honestrepair.net/index.php/blog-posts/). 6 | 7 | It is intended to be added to Group Policy Management on a domain or the Local Group Policy Editor on a standalone PC as a machine startup script. 8 | 9 | The script hashes cmd.exe (if it exists) and compares it against the hashes for each vulnerable tool in the Ease of Access center (utilmon.exe). A hard-coded hash exists as a default if cmd.exe was moved. 10 | 11 | *You must download "[Fake Sendmail For Windows](https://www.glob.com.au/sendmail/)" and extract all files to wherever you install the Accessibility_Defender.vbs script.* 12 | 13 | If a compromise is detected the script will create a logfile of the incident and shut down the machine. 14 | -------------------------------------------------------------------------------- /Documentation/HR-AV_Changelog.txt: -------------------------------------------------------------------------------- 1 | -------------------- 2 | COMMIT - 12/18/2019 3 | v0.9.9.1 - Working on Scan-Core. 4 | 5 | -v0.9.9.1. 6 | -Working on Scan-Core. 7 | -Revised the prepareScanner() function. 8 | 9 | -------------------- 10 | COMMIT - 12/17/2019 11 | v0.9.9 - Get "Computer Scanner" working. 12 | 13 | 14 | -v0.9.9. 15 | -Get computer scanner working. 16 | -Still doesn't aggregate results. 17 | 18 | -------------------- 19 | COMMIT - 11/23/2019 20 | v0.9.7 - Working on RTP, password implementation. 21 | 22 | -v0.9.7. 23 | -Working on implementing HRAV account usage and password maintanence. 24 | -Working on getting real-time-protection implemented. 25 | -Trying to advance all fronts and keep it all fresh in my mind at the same time. 26 | -Look for ways to improve workflow efficiency. 27 | -Files are already organized but development process is rather sloppy. Need to think about automating it more. 28 | >>>>>>> e60c0294338873e63c065e32cea754c8087b9aaa 29 | 30 | -------------------- 31 | COMMIT - 11/22/2019 32 | v0.9.6 - Tidying up. Improved installation process. 33 | 34 | -v0.9.6. 35 | -Start reworking enumeratesubdirs() in Scan-Core. 36 | -Add startup mode. 37 | -Improve installation wizard. 38 | -Disable auto-restart after installation, as it doesn't seem to work properly anymore. 39 | -Add an option during installation to enable automatic startup when Windows boots. 40 | -Add .ico icon file for shortcuts. 41 | 42 | -------------------- 43 | COMMIT - 11/22/2019 44 | v0.9.5 - Scanning is almost functional! 45 | 46 | -v0.9.5. 47 | -Scanner works, just need to work on controlling output. 48 | -Thread manager seems to work. 49 | -Enumeratesubdirs does not seem to work. 50 | -Definately needs work. 51 | -Why is it not restarting as PAExec? 52 | -Also changed the installation wizard to stop restarting automatically, as the start path still remains the installationloc and winds up using the wrong scripts and binaries in Scan-Core.php. 53 | 54 | -------------------- 55 | COMMIT - 11/20/2019 56 | v0.9.4 - Working on UI, building scanner pages. 57 | 58 | -v0.9.4. 59 | -Working on the UI HTML. 60 | -Building out the pages. 61 | -Fixed a typo in the installation wizard in App-Core. 62 | -Fix paths in scanner pages. 63 | -Made Javascript for incrementing/decrementing/validating priority input. 64 | 65 | -------------------- 66 | COMMIT - 11/17/2019 67 | v0.9.3.9 - Fixed Scan-Core syntax. Working on UI. 68 | 69 | -v0.9.3.9. 70 | -Fixed the bugs in Scan-Core.vbs so the syntax doesn't get hung up anymore. 71 | -Continuing to figure out scanner pages. Going to need to do a lot of javascript. 72 | -I think it might be a one-laptop-speciific problem I'm having, but the installation wizard doesn't work on this machine anymore. It works on others. I think it's permissions related to this box only. 73 | -Keep working on UI. 74 | -Start thinking about making settings work and doing something for a dashboard on. the homepage as well. 75 | -Draw some sketches! 76 | -Need to add a recursive option to the folder scanner page HTML and back-end functions. 77 | -------------------- 78 | 79 | -------------------- 80 | COMMIT - 11/17/2019 81 | v0.9.3.8 - Making UI elements for scanners! 82 | 83 | -v0.9.3.8 84 | -Made lots more functions, mostly to tie the UI to the backend scanning functionality. 85 | -Starting to work on scanner pages. 86 | -Need to try running it again soon to work out all the syntax errors. I'm sure there are a bunch! 87 | -------------------- 88 | 89 | -------------------- 90 | COMMIT - 11/14/2019 91 | v0.9.3.7 - Update scanCore.php to v0.5. Add -nr argument (disable recursion). 92 | 93 | -v0.9.3.7. 94 | -Update scanCore.php to v0.5. 95 | -Added a command line argument to disable recursion. 96 | -Use -nr or -norecursion to force DISABLE recursive scanning of subdirectories (only a parent target directory will be scanned). 97 | -Use -r or -recursion to force ENABLE recursive scanning. 98 | -Specifying recursion is not required because it is implied, but it helps write robust automation tools. If you specify recursion and no recursion via typo somehow, norecursion always takes precidence. That should limit self-inflicted ddos's after drunken typos. 99 | -------------------- 100 | 101 | -------------------- 102 | COMMIT - 11/14/2019 103 | v0.9.3.6 - Add logging to recently created thread handler. 104 | 105 | -v9.9.3.6. 106 | -Add logging to the thread / worker manager. 107 | -Remove the concept of a "requestMoreWorkers()" function. It shouldn't be required if scanning prep is done properly and creates a huge security risk of arbitrary code execution. Everything is sanitized, but still why allow unforseen execution? Do better hueristics beforehand. 108 | -Add a sleeper to pace the thread manager. Now it won't DDoS the host. Was pretty much a fork bomb before. >D 109 | -------------------- 110 | 111 | -------------------- 112 | COMMIT - 11/7/2019 113 | v0.9.3.5 - Still working on Scan-Core.vbs supporting functions for thread handler. 114 | 115 | -v0.9.3.5. 116 | -Still working on threads, but finally calling out to the binary directory. 117 | -Just realized, not using bootstrap(). 118 | -Either way, pretty happy. 119 | -Need to modify scanCore repo to support the -nr argument to disable resursion. 120 | -This thread manager should determine how much RAM to use, how much work there is, and then be able to start workers. 121 | -To stop creating more workers we need to develop something. 122 | -Maybe we can detect memory remaining every OTHER worker creation loop? 123 | -Come up with a solution to that! 124 | -There are tons of syntax errors because this laptop needs a format and I'm unable to create a suitable test environment. 125 | -------------------- 126 | 127 | -------------------- 128 | COMMIT - 11/7/2019 129 | v0.9.2 - Still working on Scan-Core.vbs supporting functions for thread handler. 130 | 131 | -v0.9.2. 132 | -Still Working on supporting functions for the thread manager. 133 | -Continue adding code to exempt inections based on an exemption list. 134 | -Created the code to define the path to the exemptionlist. 135 | -Added a directory for the exemptionlist. This is in scan-core and ui-core. 136 | -------------------- 137 | 138 | -------------------- 139 | COMMIT - 11/7/2019 140 | v0.9.1 - Still working on Scan-Core.vbs supporting functions for thread handler. 141 | 142 | -v0.9.1. 143 | -Still Working on supporting functions for the thread manager. 144 | -Commenting as I go this time. 145 | -Added code to exempt inections based on an exemption list. 146 | -Still need to create the code to define the path to the exemptionlist. 147 | -Need to add a directory for the exemptionlist. This maybe should go into appcore instead of scancore? 148 | -------------------- 149 | 150 | -------------------- 151 | COMMIT - 11/7/2019 152 | v0.9.0 - Working on Scan-Core.vbs supporting functions for thread handler. 153 | 154 | -v0.9.0. 155 | -Working on supporting functions for the thread manager. 156 | -Commented a lot of code. 157 | -------------------- 158 | 159 | -------------------- 160 | COMMIT - 10/2/2019 161 | v0.8.9 - Working on ScanCore.vbs. 162 | 163 | -v0.8.9. 164 | -The ScanCore.vbs is going to be a thread handler for the various scanners and scanning modes of HR-AV. 165 | -It will run scanCore.php as well as other scanners, as they are developed. 166 | -It needs to be standalone because it's execution could continue for a looooong time. 167 | -Working on the functions it needs. Copied the generic ones from RealTime-Core.vbs. 168 | -------------------- 169 | 170 | -------------------- 171 | COMMIT - 10/2/2019 172 | v0.8.8 - ScanCore to v0.1. 173 | 174 | -v0.8.8. 175 | -ScanCore to v0.1. 176 | -Made ScanCore a true PHP CLI application! 177 | -Still needs testing and tweaking, no doubt. 178 | -Suppports file-path, memorylimit, chunksize, debug, & verbose arguments. 179 | -Perfect for running with a worker-manager! 180 | -------------------- 181 | 182 | -------------------- 183 | COMMIT - 10/1/2019 184 | v0.8.7 - Working on scanCore.php. 185 | 186 | -v0.8.7. 187 | -Working on the single-threaded PHP scanner worker. 188 | -This script will be called asynchronously via VBS from the main application and managed as worker processes. 189 | -Perfect for high performance concurrent scanning! PHP is fast in this arena. 190 | -My gut tells me it's faster than VBS or Python as a single thread. 191 | -That means we can run lots of threads! 192 | -It also means we can use the same ScanCore.php script for scanning pretty much every directory on the machine. We just scale the number of threads with the workload. 193 | -------------------- 194 | 195 | -------------------- 196 | COMMIT - 9/24/2019 197 | v0.8.6 - Working on settings page. 198 | 199 | -v0.8.6. 200 | -Working on settings page layout. 201 | -------------------- 202 | 203 | -------------------- 204 | COMMIT - 9/22/2019 205 | v0.8.5 - Working on triggers for RTP. 206 | 207 | -v0.8.5. 208 | -Working on triggers for RTP. 209 | -I wish there was a better way to trigger tasks, like a loop similar to the way services are run. 210 | -------------------- 211 | 212 | -------------------- 213 | COMMIT - 9/22/2019 214 | v0.8.4 - Designed config.vbs in a more readable way. Added RTP engries. 215 | 216 | -v0.8.4. 217 | -Changed the format of config.vbs a bit so that we can incorporate more information about each entry. 218 | -Added entries for RTP tasks and services. 219 | -Need to implement the tasks and services in RTP from config.vbs. 220 | -A placeholder commit so I don't lose any of this stuff. 221 | -------------------- 222 | 223 | -------------------- 224 | COMMIT - 9/22/2019 225 | v0.8.3 - Working on RTP, getting closer to firing due tasks. 226 | 227 | -v0.8.3. 228 | -Real-Time-Protection should be pretty well standalone at this point. 229 | -It detects when the main application is no longer running, and if "runInBackground" config entry is not set it will kill itself and all running tasks. 230 | -Looking for a creative way to make a systray icon in VBS. Might have to have a tiny handler for this in Python. 231 | -Getting closer to implementing settings. Going to hard-code timers for the real-time core due tasks next. Eventually we can move on to implementing the settings.hta page. 232 | -------------------- -------------------------------------------------------------------------------- /Documentation/ICON_CREDITS.txt: -------------------------------------------------------------------------------- 1 | Icons courtesy of..... 2 | 3 | IconArchive 4 | https://www.IconArchive.com/ 5 | 6 | 7 | 8 | Green "OK" Shield icons by Paomedia. 9 | http://www.iconarchive.com/show/small-n-flat-icons-by-paomedia/shield-error-icon.html 10 | https://github.com/paomedia 11 | https://www.paomedia.com/ 12 | 13 | Yellow "Warning" Shield icons by Paomedia. 14 | http://www.iconarchive.com/show/small-n-flat-icons-by-paomedia/shield-error-icon.html 15 | https://github.com/paomedia 16 | https://www.paomedia.com/ 17 | 18 | Red "Error" Shield icons by Paomedia. 19 | http://www.iconarchive.com/show/small-n-flat-icons-by-paomedia/shield-error-icon.html 20 | https://github.com/paomedia 21 | https://www.paomedia.com/ 22 | 23 | Beer icon by Paomedia. 24 | https://github.com/paomedia 25 | https://www.paomedia.com/ 26 | 27 | Banner background by Elena11. 28 | https://www.shutterstock.com/image-photo/circuit-board-electronic-computer-hardware-technology-585501608 29 | https://www.shutterstock.com/g/Elena11 -------------------------------------------------------------------------------- /Documentation/PAExec_Eula.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Documentation/PAExec_Eula.txt -------------------------------------------------------------------------------- /Documentation/Ransomware_Defender.vbs_Changelog.txt: -------------------------------------------------------------------------------- 1 | 8/23/2019 - v1.3 - Clean up code, syntax, loose ends. 2 | Justin Grimes 3 | 4 | -v1.3. 5 | -Improve comments. Small fixes, typos. 6 | 7 | -------------------- 8 | 8/23/2019 - v1.2 9 | Justin Grimes 10 | 11 | -v1.2. 12 | -Fix bugs with generation of perimiter files. 13 | 14 | -------------------- 15 | 8/23/2019 - v1.0 16 | Justin Grimes 17 | 18 | -v1.0. 19 | -Commit application. 20 | -All code seems to work. All functions exit with no errors and expected values. 21 | -------------------------------------------------------------------------------- /Documentation/Ransomware_Defender.vbs_Readme.txt: -------------------------------------------------------------------------------- 1 | NAME: Ransomware_Defender 2 | 3 | TYPE: VBS Script 4 | 5 | PRIMARY LANGUAGE: VBScript 6 | 7 | AUTHOR: Justin Grimes 8 | 9 | ORIGINAL VERSION DATE: 8/23/2019 10 | 11 | CURRENT VERSION DATE: 8/23/2019 12 | 13 | VERSION: v1.3 14 | 15 | 16 | DESCRIPTION: An application for early warning about potential ransomware activity on a domain workstation. 17 | On first run, Ransomware_Defender creates "Perimiter Files" in strategic places on the local filesystem. 18 | On subsequent runs, Ransomware_Defender will check that the perimiter files still exist.\ 19 | If perimiter files are found we compare them to the original perimiter file. 20 | If perimiter files are missing they are searched for. 21 | If perimiterFiles have been tampered with the workstation will emit a Log, an email notification, and shut down to prevent further damage. 22 | 23 | 24 | 25 | 26 | 27 | PURPOSE: To detect malicious file operations early enough that they do not cause widespread damage to company equipment. 28 | 29 | 30 | 31 | 32 | INSTALLATION INSTRUCTIONS: 33 | 1. Install Ransomware_Defender into a subdirectory of your Network-wide scripts folder. 34 | 2. Open Ransomware_Defender.vbs with a text editor and configure the variables at the start of the script to match your environment. 35 | 3. Open sendmail.ini with a text editor and configure your email server settings. 36 | 4. Run the script automatically on domain workstations at machine startup or user logon with a GPO. Or both! 37 | 5. Run the script automatically with scheduled tasks at regular intervals. 38 | 6. To add additional locations for monitoring, add the full absolute path to the "perimiterFiles" array. 39 | 40 | 41 | 42 | 43 | NOTES: 44 | 1. This script MUST be run with administrative rights. 45 | 2. If this script is started in regular user mode, it will prompt for administrator elevation. 46 | 3. "Fake Sendmail for Windows" is required for this application to send notification emails. Per the "Fake Sendmail" license, the required binaries are provided. 47 | 4. To reinstall "Fake Sendmail for Windows" please visit https://www.glob.com.au/sendmail/ 48 | 5. Use absolute UNC paths for network addresses. DO NOT run this from a network drive letter. The restartAsAdmin() function will not work properly. 49 | 6. If using as a startup/logon script it is advised to NOT use a conditional that checks for the prescence of the script prior to running it. Doing so could result in a false negative if ransomware damages Ransomware_Defender before it can be run. Errors produced by such a condition would alert users that something was wrong. -------------------------------------------------------------------------------- /Documentation/Registry_Monitor.vbs_Changelog.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Documentation/Registry_Monitor.vbs_Changelog.txt -------------------------------------------------------------------------------- /Documentation/Registry_Monitor.vbs_Readme.txt: -------------------------------------------------------------------------------- 1 | NAME: Registry_Monitor 2 | 3 | TYPE: VBS Script 4 | 5 | PRIMARY LANGUAGE: VBScript 6 | 7 | AUTHOR: Justin Grimes 8 | 9 | ORIGINAL VERSION DATE: 9/5/2019 10 | 11 | CURRENT VERSION DATE: 9/5/2019 12 | 13 | VERSION: v0.9 14 | 15 | 16 | DESCRIPTION: An application to enumerate registry keys and look for changes which constitute an indicator of compromise. 17 | 18 | 19 | 20 | 21 | 22 | PURPOSE: To detect malicious registry operations early enough that they do not cause widespread damage to company equipment. 23 | 24 | 25 | 26 | 27 | INSTALLATION INSTRUCTIONS: 28 | 1. Install Registry_Monitor into a subdirectory of your Network-wide scripts folder. 29 | 2. Open Registry_Monitor.vbs with a text editor and configure the variables at the start of the script to match your environment. 30 | 3. Run the script automatically with scheduled tasks at regular intervals. 31 | 32 | 33 | 34 | 35 | NOTES: 36 | 1. This script MUST be run with administrative rights. 37 | 2. If this script is started in regular user mode, it will prompt for administrator elevation. 38 | 3. Use absolute UNC paths for network addresses. DO NOT run this from a network drive letter. The restartAsAdmin() function will not work properly. 39 | 4. If using as a startup/logon script it is advised to NOT use a conditional that checks for the prescence of the script prior to running it. Doing so could result in a false negative if ransomware damages Ransomware_Defender before it can be run. Errors produced by such a condition would alert users that something was wrong. -------------------------------------------------------------------------------- /Documentation/Storage_Monitor.vbs_Changelog.txt: -------------------------------------------------------------------------------- 1 | 4/26/2019 2 | -v2.2. 3 | -Add support for -e argument. 4 | -The new -e argument supports a comma separated list of drives to skip. 5 | 6 | 4/24/2019 7 | -v2.1. 8 | -Fix more bugs running as a SYSTEM task. 9 | 10 | 4/24/2019 11 | -v2.0. 12 | -Fix bugs with running as a SYSTEM task. 13 | 14 | 4/23/2019 15 | -v1.9. 16 | -Fix bugs with string comparison. 17 | 18 | 4/23/2019 19 | -v1.8. 20 | -Fix issues with string comparison of new/old cache contents. 21 | 22 | 4/23/2019 23 | -v1.7 24 | -Fix lots of bugs. Redesign entire script. 25 | 26 | 9/13/2018 27 | -v1.6 28 | -Fix bug with sending emails, detecting low storage space. 29 | -Add this changelog. 30 | -------------------------------------------------------------------------------- /Documentation/Storage_Monitor.vbs_Readme.txt: -------------------------------------------------------------------------------- 1 | NAME: Storage_Monitor.vbs 2 | 3 | TYPE: Visual Basic Script 4 | 5 | PRIMARY LANGUAGE: VBS 6 | 7 | AUTHOR: Justin Grimes 8 | 9 | ORIGINAL VERSION DATE: 5/31/2018 10 | 11 | CURRENT VERSION DATE: 4/24/2019 12 | 13 | VERSION: v2.2 - Add -e argument for specifying drives to skip. 14 | 15 | DESCRIPTION: 16 | A simple script for monitoring storage devices for added/removed volumes and and adequate disk space. 17 | 18 | PURPOSE: 19 | To monitor company storage devices for changes and/or disk space issues that need to be manually addressed. 20 | 21 | INSTALLATION INSTRUCTIONS: 22 | 1. Copy the entire "Storage_Monitor" folder into the "AutomationScripts" folder on SERVER (or any other network accesbible location). 23 | 2. Add a scheduled task to run "Storage_Monitor.vbs" every 30 minutes. 24 | 3. Ensure that everyone who runs the script can modify the contents of "Warning.mail" in the AutomationScripts folder and execute sendmail.exe. 25 | 4. Use the -e argument to specify a comma separated list of drives to skip. 26 | EXAMPLE: Storage_Monitor.vbs -e c,d,e,z 27 | 28 | NOTES: SendMail for Windows is required and included in the "Storage_Monitor" folder. The SendMail data files must be included in the same directory as "Data_Monitor.vbs" in order for emails to be sent correctly. 29 | -------------------------------------------------------------------------------- /Documentation/Workstation_USB_Monitor.vbs_Readme.txt: -------------------------------------------------------------------------------- 1 | NAME: Workstation_USB_Monitor.vbs 2 | 3 | TYPE: Visual Basic Script 4 | 5 | PRIMARY LANGUAGE: VBS 6 | 7 | AUTHOR: Justin Grimes 8 | 9 | ORIGINAL VERSION DATE: 6/1/2018 10 | 11 | CURRENT VERSION DATE: 2/19/2019 12 | 13 | VERSION: v1.9 14 | 15 | DESCRIPTION: 16 | A simple script to be run on workstations that monitors for changes in disk drive configuration. 17 | 18 | PURPOSE: 19 | To monitor company workstation storage devices for changes. 20 | 21 | 22 | INSTALLATION INSTRUCTIONS: 23 | 1. Copy the entire "Storage_Monitor" folder into the "AutomationScripts" folder on SERVER (or any other network accesbible location). 24 | 2. Edit "sendmail.ini" with your desired email and password. 25 | 3. Add a group policy object for with logon script to run the local copy of wscript.exe with the absolute path for the script specified as the main argument followed by the desired arguments for the script. (example, script directory C:\Windows\System32\wscript.exe parameter \\server\AutomationScripts\Workstation_USB_Monitor\Workstation_USB_Monitor.vbs --gui) 26 | 4. Verify that each workstation runs the script on user logon and that UAC is configured to allow sendmail.exe to run. 27 | 5. To disable email notifications, run with the -e or --email argument set. 28 | 6. To disable logging, run with the -l or --log argument set. 29 | 7. To disable the diablog box that appears when new devices are detected, run with the -g or --gui argument set. 30 | 8. To run silently in the backround with email notifications and logging enabled, run with the -s or --silent argument set. 31 | 32 | NOTES: SendMail for Windows is required and included in the "Storage_Monitor" folder. The SendMail data files must be included in the same directory as "Data_Monitor.vbs" in order for emails to be sent correctly. 33 | -------------------------------------------------------------------------------- /Documentation/sendmail_ReadMe.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | fake sendmail for windows 6 | 26 | 27 | 28 | 29 | 30 | 
fake sendmail for bugzilla/windows
31 | 
32 |   glob.com.au/sendmail
33 |   sendmail@glob.com.au
34 | 
35 | about
36 | 
37 |   sendmail.exe is a simple windows console application that emulates sendmail's
38 |   "-t" option to deliver emails piped via stdin.
39 | 
40 |   it is intended to ease running unix code that has /usr/lib/sendmail hardcoded
41 |   as an email delivery means.
42 | 
43 |   it doesn't support deferred delivery, and requires an smtp server to perform
44 |   the actual delivery of the messages.
45 | 
46 | install
47 | 
48 |   (1) download sendmail.zip 
49 | 
50 |   (2) copy sendmail.exe and sendmail.ini to \usr\lib on the drive where the
51 |       unix application is installed.
52 | 
53 |       eg.  if your application is installed in c:\bugzilla, sendmail.exe and
54 |       sendmail.ini need to be copied to c:\usr\lib\sendmail.exe and
55 |       c:\usr\lib\sendmail.ini
56 | 
57 |   (3) configure smtp server and default domain in sendmail.ini
58 | 
59 | license and source
60 | 
61 |   this program is released under the bsd license.
62 | 
63 |   the license details and full source (delphi 2007) are included in the zip.
64 | 
65 | 
66 | 
67 | 


--------------------------------------------------------------------------------
/Documentation/sendmail_license.txt:
--------------------------------------------------------------------------------
  1 | 
  2 |   fake sendmail for windows
  3 | 
  4 |   Copyright (c) 2004-2011, Byron Jones, sendmail@glob.com.au
  5 |   All rights reserved.
  6 | 
  7 |   Redistribution and use in source and binary forms, with or without
  8 |   modification, are permitted provided that the following conditions
  9 |   are met:
 10 | 
 11 |     * Redistributions of source code must retain the above copyright
 12 |       notice, this list of conditions and the following disclaimer.
 13 | 
 14 |     * Redistributions in binary form must reproduce the above copyright
 15 |       notice, this list of conditions and the following disclaimer in the
 16 |       documentation and/or other materials provided with the distribution.
 17 | 
 18 |     * Neither the name of the glob nor the names of its contributors may
 19 |       be used to endorse or promote products derived from this software
 20 |       without specific prior written permission.
 21 | 
 22 |   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 23 |   "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 24 |   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 25 |   A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 26 |   OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 27 |   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 28 |   LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 29 |   DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 30 |   THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 31 |   (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 32 |   OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 33 | 
 34 | 
 35 |   version 32 (18 june 2011)
 36 |     - fix handling of invalid recipients
 37 | 
 38 |   version 31 (15 sep, 2010)
 39 |     - fix encoding of 8-bit data
 40 | 
 41 |   version 30 (30 aug, 2010)
 42 |     - update to latest indy version (fixes many issues)
 43 |     - add about/version
 44 | 
 45 |   version 29 (sep 8, 2009)
 46 |     - fix for another indy 10 "range check error" (when using ssl)
 47 | 
 48 |   version 28 (aug 12, 2009)
 49 |     - set ERRORLEVEL to -1 to assist php
 50 | 
 51 |   version 27 (aug 3, 2009)
 52 |     - don't treat log write errors as fatal
 53 | 
 54 |   version 26 (apr 1, 2009)
 55 |     - no longer require -t parameter
 56 |     - skip first line if it starts with "from " (mail spool delimiting line)
 57 | 
 58 |   version 25 (mar 29, 2009)
 59 |     - added force_recipient
 60 | 
 61 |   version 24 (dec 2, 2008)
 62 |     - fixes for ssl
 63 | 
 64 |   version 23 (apr 24, 2008)
 65 |     - fix timezone in date header
 66 | 
 67 |   version 22 (jan 14, 2008)
 68 |     - fixes to error handling
 69 | 
 70 |   version 21 (jan 2, 2008)
 71 |     - added TLS support
 72 | 
 73 |   version 20 (apr 3, 2007)
 74 |     - fixed race condition in IIS's pickup delivery
 75 | 
 76 |   version 19 (jul 24, 2006)
 77 |     - added support for delivery via IIS's pickup directory
 78 |     - optionally reads settings from the registry (in absense of the ini file)
 79 | 
 80 |   version 18 (may 1, 2006)
 81 |     - fix for indy 10 "range check error"
 82 | 
 83 |   version 17 (nov 2, 2005)
 84 |     - only process message header
 85 |     - optionally use madexcept for detailed crash dumps
 86 | 
 87 |   version 16 (sep 12, 2005)
 88 |     - send hostname and domain with HELO/EHLO
 89 |     - configurable HELO/EHLO hostname
 90 |     - upgraded to indy 10
 91 | 
 92 |   version 15 (aug 23, 2005)
 93 |     - fixes error messages when debug_logfile is not specified
 94 | 
 95 |   version 14 (jun 28, 2005)
 96 |     - errors output to STDERR
 97 |     - fixes for delphi 7 compilation
 98 |     - added 'connecting to..' debug logging
 99 |     - reworked error and debug log format
100 | 
101 |   version 13 (jun 8, 2005)
102 |     - added fix to work around invalid multiple header instances
103 | 
104 |   version 12 (apr 30, 2005)
105 |     - added cc and bcc support
106 | 
107 |   version 11 (feb 17, 2005)
108 |     - added pop3 support (for pop before smtp authentication)
109 | 
110 |   version 10 (feb 11, 2005)
111 |     - added support for specifying a different smtp port
112 | 
113 |   version 9 (sep 22, 2004)
114 |     - added force_sender
115 | 
116 |   version 8 (sep 22, 2004)
117 |     - *really* fixes broken smtp auth
118 | 
119 |   version 7 (sep 22, 2004)
120 |     - fixes broken smtp auth
121 | 
122 |   version 6 (sep 22, 2004)
123 |     - correctly quotes MAIL FROM and RCPT TO addresses in <>
124 | 
125 |   version 5 (sep 16, 2004)
126 |     - now sends the message unchanged (rather than getting indy
127 |       to regenerate it)
128 | 
129 |   version 4 (aug 17, 2004)
130 |     - added debug_logfile parameter
131 |     - improved error messages
132 | 
133 |   version 3 (jul 15, 2004)
134 |     - smtp authentication support
135 |     - clearer error message when missing from or to address
136 |     - optional error logging
137 |     - adds date: if missing
138 | 
139 |   version 2 (jul 6, 2004)
140 |     - reads default domain from registry (.ini setting overrides)
141 | 
142 |   version 1 (jul 1, 2004)
143 |     - initial release
144 | 
145 | 
146 |   LICENSE ISSUES
147 |   ==============
148 | 
149 |   The OpenSSL toolkit stays under a dual license, i.e. both the conditions of
150 |   the OpenSSL License and the original SSLeay license apply to the toolkit.
151 |   See below for the actual license texts. Actually both licenses are BSD-style
152 |   Open Source licenses. In case of any license issues related to OpenSSL
153 |   please contact openssl-core@openssl.org.
154 | 
155 |   OpenSSL License
156 |   ---------------
157 | 
158 | /* ====================================================================
159 |  * Copyright (c) 1998-2008 The OpenSSL Project.  All rights reserved.
160 |  *
161 |  * Redistribution and use in source and binary forms, with or without
162 |  * modification, are permitted provided that the following conditions
163 |  * are met:
164 |  *
165 |  * 1. Redistributions of source code must retain the above copyright
166 |  *    notice, this list of conditions and the following disclaimer. 
167 |  *
168 |  * 2. Redistributions in binary form must reproduce the above copyright
169 |  *    notice, this list of conditions and the following disclaimer in
170 |  *    the documentation and/or other materials provided with the
171 |  *    distribution.
172 |  *
173 |  * 3. All advertising materials mentioning features or use of this
174 |  *    software must display the following acknowledgment:
175 |  *    "This product includes software developed by the OpenSSL Project
176 |  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
177 |  *
178 |  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
179 |  *    endorse or promote products derived from this software without
180 |  *    prior written permission. For written permission, please contact
181 |  *    openssl-core@openssl.org.
182 |  *
183 |  * 5. Products derived from this software may not be called "OpenSSL"
184 |  *    nor may "OpenSSL" appear in their names without prior written
185 |  *    permission of the OpenSSL Project.
186 |  *
187 |  * 6. Redistributions of any form whatsoever must retain the following
188 |  *    acknowledgment:
189 |  *    "This product includes software developed by the OpenSSL Project
190 |  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
191 |  *
192 |  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
193 |  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
194 |  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
195 |  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
196 |  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
197 |  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
198 |  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
199 |  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
200 |  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
201 |  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
202 |  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
203 |  * OF THE POSSIBILITY OF SUCH DAMAGE.
204 |  * ====================================================================
205 |  *
206 |  * This product includes cryptographic software written by Eric Young
207 |  * (eay@cryptsoft.com).  This product includes software written by Tim
208 |  * Hudson (tjh@cryptsoft.com).
209 |  *
210 |  */
211 | 
212 |  Original SSLeay License
213 |  -----------------------
214 | 
215 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
216 |  * All rights reserved.
217 |  *
218 |  * This package is an SSL implementation written
219 |  * by Eric Young (eay@cryptsoft.com).
220 |  * The implementation was written so as to conform with Netscapes SSL.
221 |  * 
222 |  * This library is free for commercial and non-commercial use as long as
223 |  * the following conditions are aheared to.  The following conditions
224 |  * apply to all code found in this distribution, be it the RC4, RSA,
225 |  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
226 |  * included with this distribution is covered by the same copyright terms
227 |  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
228 |  * 
229 |  * Copyright remains Eric Young's, and as such any Copyright notices in
230 |  * the code are not to be removed.
231 |  * If this package is used in a product, Eric Young should be given attribution
232 |  * as the author of the parts of the library used.
233 |  * This can be in the form of a textual message at program startup or
234 |  * in documentation (online or textual) provided with the package.
235 |  * 
236 |  * Redistribution and use in source and binary forms, with or without
237 |  * modification, are permitted provided that the following conditions
238 |  * are met:
239 |  * 1. Redistributions of source code must retain the copyright
240 |  *    notice, this list of conditions and the following disclaimer.
241 |  * 2. Redistributions in binary form must reproduce the above copyright
242 |  *    notice, this list of conditions and the following disclaimer in the
243 |  *    documentation and/or other materials provided with the distribution.
244 |  * 3. All advertising materials mentioning features or use of this software
245 |  *    must display the following acknowledgement:
246 |  *    "This product includes cryptographic software written by
247 |  *     Eric Young (eay@cryptsoft.com)"
248 |  *    The word 'cryptographic' can be left out if the rouines from the library
249 |  *    being used are not cryptographic related :-).
250 |  * 4. If you include any Windows specific code (or a derivative thereof) from 
251 |  *    the apps directory (application code) you must include an acknowledgement:
252 |  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
253 |  * 
254 |  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
255 |  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
256 |  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
257 |  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
258 |  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
259 |  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
260 |  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
261 |  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
262 |  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
263 |  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
264 |  * SUCH DAMAGE.
265 |  * 
266 |  * The licence and distribution terms for any publically available version or
267 |  * derivative of this code cannot be changed.  i.e. this code cannot simply be
268 |  * copied and put under another distribution licence
269 |  * [including the GNU Public Licence.]
270 |  */
271 | 
272 | 


--------------------------------------------------------------------------------
/HR-AV.hta:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 |   HR-AV
 4 |   
16 | 
17 | 
18 | 
19 | 
20 | 
21 | 
22 | 
23 | 
24 | 
25 | 
26 | 
29 | 
30 |  
31 | 
32 |  
34 | 
35 |  
36 | 

37 | 
38 |   
39 | 
40 |   

41 |     Monitor
42 |     Scan
43 |     Update
44 |     Page 4
45 |     
46 |   

47 | 
48 |   

49 | 
50 |   
55 |   

56 | 
57 | 
58 | 


--------------------------------------------------------------------------------
/Pages/Scan/computerScanner.hta:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 |   HR-AV - Folder Scanner
 4 |   
16 | 
17 | 
18 | 
19 | 
20 | 
21 | 
22 | 
23 | 
24 | 
25 | 
26 | 
29 | 
30 |  
31 | 
32 |  
34 | 
35 |  
36 | 

37 | 
38 |   
39 | 
40 |   

41 |     Home
42 |     Scan
43 |     Update
44 |     Page 4
45 |     
46 |   

47 | 
48 |   

49 | 
50 |   
78 |   

79 |   

80 | 
81 | 


--------------------------------------------------------------------------------
/Pages/Scan/fileScanner.hta:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 |   HR-AV - File Scanner
 4 |   
16 | 
17 | 
18 | 
19 | 
20 | 
21 | 
22 | 
23 | 
24 | 
25 | 
26 | 
29 | 
30 |  
31 | 
32 |  
34 | 
35 |  
36 | 

37 | 
38 |   
39 | 
40 |   

41 |     Home
42 |     Scan
43 |     Update
44 |     Page 4
45 |     
46 |   

47 | 
48 |   

49 | 
50 |   
77 |   

78 |   

79 | 
80 | 


--------------------------------------------------------------------------------
/Pages/Scan/folderScanner.hta:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 |   HR-AV - Folder Scanner
 4 |   
16 | 
17 | 
18 | 
19 | 
20 | 
21 | 
22 | 
23 | 
24 | 
25 | 
26 | 
29 | 
30 |  
31 | 
32 |  
34 | 
35 |  
36 | 

37 | 
38 |   
39 | 
40 |   

41 |     Home
42 |     Scan
43 |     Update
44 |     Page 4
45 |     
46 |   

47 | 
48 |   

49 | 
50 |   
78 |   

79 |   

80 | 
81 | 


--------------------------------------------------------------------------------
/Pages/Settings/updater.hta:
--------------------------------------------------------------------------------
  1 | 
  2 | 
  3 |   HR-AV - Updater
  4 |   
 16 | 
 17 | 
 18 | 
 19 | 
 20 | 
 21 | 
 22 | 
 25 | 
 26 |  
 27 | 
 28 |  
 32 | 
 33 |  
 34 | 

 35 | 
 36 | 
Initializing Date
 
 37 | 
 38 |   
 39 | 
 40 |   

 41 |     Monitor
 42 |     Scan
 43 |     Update
 44 |     Page 4
 45 |     
 46 |   

 47 | 
 48 |   

 49 | 
 50 |   
 55 | 
 56 |   

 57 | 
 58 | 
 59 | 
 60 | 
121 | 
122 | 


--------------------------------------------------------------------------------
/Pages/scanner.hta:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 |   HR-AV - Scanner
 4 |   
16 | 
17 | 
18 | 
19 | 
20 | 
21 | 
22 | 
23 | 
24 | 
25 | 
28 | 
29 |  
30 | 
31 |  
33 | 
34 |  
35 | 

36 | 
37 |   
38 | 
39 |   

40 |     Monitor
41 |     Scan
42 |     Update
43 |     Page 4
44 |     
45 |   

46 | 
47 |   

48 | 
49 |   
66 |   
67 |   

68 | 
69 | 
70 | 


--------------------------------------------------------------------------------
/Pages/settings.hta:
--------------------------------------------------------------------------------
  1 | 
  2 | 
  3 |   HR-AV - Settings
  4 |   
 16 | 
 17 | 
 18 | 
 19 | 
 20 | 
 21 | 
 22 | 
 23 | 
 24 | 
 25 | 
 28 | 
 29 |  
 30 | 
 31 |  
 33 | 
 34 |  
 35 | 

 36 | 
 37 |   
 38 | 
 39 |   

 40 |     Monitor
 41 |     Scan
 42 |     Update
 43 |     Page 4
 44 |     
 45 |   

 46 | 
 47 |   

 48 | 
 49 |   
177 |   

178 | 
179 | 
180 | 


--------------------------------------------------------------------------------
/Pages/updater.hta:
--------------------------------------------------------------------------------
  1 | 
  2 | 
  3 |   HR-AV - Updater
  4 |   
 16 | 
 17 | 
 18 | 
 19 | 
 20 | 
 21 | 
 22 | 
 23 | 
 24 | 
 25 | 
 28 | 
 29 |  
 30 | 
 31 |  
 33 | 
 34 |  
 35 | 

 36 | 
 37 |   
 38 | 
 39 |   

 40 |     Monitor
 41 |     Scan
 42 |     Update
 43 |     Page 4
 44 |     
 45 |   

 46 | 
 47 |   

 48 | 
 49 |   
 55 |   

 56 | 
 57 | 
 58 | 
119 | 
120 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | *[OFFICIAL WEBSITE](https://honestrepair.net)*
 2 | -----------------------------------------------
 3 | 
 4 | # HR-AV
 5 | A **WIP** Windows Desktop Anti-Virus application based on the same custom anti-virus engine that secures the HonestRepair Cloud. Runs on 32 or 64 bit Windows systems. A very early work-in-process.
 6 | 
 7 | # Built with HTA-UI
 8 | This application is also a showcase for the powerful [HTA-UI](https://github.com/zelon88/HR-AI) platform.
 9 | 
10 | # Progress so far
11 | Currently the built-in installation wizard is 100% functional. The real-time protection engine is 90% functional. The back-end scanners are 100% functional. The thread managers are 50% complete and the ones that are complete are 90% functional. The UI is 50% complete and 100% functional. Auto updating is 0% complete. Back-end settings handler is 0% complete. Front-end dashboards are 0% complete. Front end scanning is 50% complete. Front end real-time protection controls are 0% complete. 
12 | 
13 | ## Real-Time protections include:
14 | 1. Ransomware Protection (https://github.com/zelon88/Ransomware_Defender)
15 | 2. Storage Monitoring (https://github.com/zelon88/Storage_Monitor)
16 | 3. Accessibility Tools Tamper Protection (https://github.com/zelon88/Accessibility-Tools-utilmon-Defender)
17 | 4. Workstation USB Monitoring (https://github.com/zelon88/Workstation_USB_Monitor)
18 | 5. (Coming Soon) Meterpreter/Reverse Shell Protection (https://github.com/zelon88/Meterpreter_Defender)
19 | 6. (Coming Soon) System Checkups (https://github.com/zelon88/Infrastructure_Checkup)
20 | 7. (Coming Soon) Registry Monitoring (https://github.com/zelon88/Registry_Monitor)
21 | 
22 | # In the meantime
23 | Please take a look at the HTA-UI repo and try your hand at writing **Windows Desktop Applications in Minutes!**
24 | 
25 | # Screenshot
26 | ![HR-AV](https://github.com/zelon88/HR-AV/blob/master/Resources/Screenshot-1.png)	
27 | 
28 | # Like What You See?
29 | Help us make it better! 
30 | 
31 | https://www.HonestRepair.net
32 | 
33 | <3 Open-Source
34 | 


--------------------------------------------------------------------------------
/Resources/Banner.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Resources/Banner.png


--------------------------------------------------------------------------------
/Resources/BannerWork/Banner.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Resources/BannerWork/Banner.png


--------------------------------------------------------------------------------
/Resources/BannerWork/BannerWork1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Resources/BannerWork/BannerWork1.png


--------------------------------------------------------------------------------
/Resources/BannerWork/BannerWork2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Resources/BannerWork/BannerWork2.png


--------------------------------------------------------------------------------
/Resources/BannerWork/board1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Resources/BannerWork/board1.jpg


--------------------------------------------------------------------------------
/Resources/Beer_96x96.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Resources/Beer_96x96.png


--------------------------------------------------------------------------------
/Resources/HR-AV.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Resources/HR-AV.ico


--------------------------------------------------------------------------------
/Resources/Screenshot-1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Resources/Screenshot-1.png


--------------------------------------------------------------------------------
/Resources/Shield-Green_128x128.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Resources/Shield-Green_128x128.png


--------------------------------------------------------------------------------
/Resources/Shield-Green_24x24.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Resources/Shield-Green_24x24.png


--------------------------------------------------------------------------------
/Resources/Shield-Green_64x64.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Resources/Shield-Green_64x64.png


--------------------------------------------------------------------------------
/Resources/Shield-Red_128x128.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Resources/Shield-Red_128x128.png


--------------------------------------------------------------------------------
/Resources/Shield-Red_24x24.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Resources/Shield-Red_24x24.png


--------------------------------------------------------------------------------
/Resources/Shield-Red_64x64.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Resources/Shield-Red_64x64.png


--------------------------------------------------------------------------------
/Resources/Shield-Yellow_128x128.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Resources/Shield-Yellow_128x128.png


--------------------------------------------------------------------------------
/Resources/Shield-Yellow_24x24.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Resources/Shield-Yellow_24x24.png


--------------------------------------------------------------------------------
/Resources/Shield-Yellow_64x64.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Resources/Shield-Yellow_64x64.png


--------------------------------------------------------------------------------
/Resources/shield_green_128x128.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Resources/shield_green_128x128.ico


--------------------------------------------------------------------------------
/Scripts/CSS/mainStyle.css:
--------------------------------------------------------------------------------
 1 | /* Add a black background color to the top navigation. */
 2 | .navigation {
 3 |     background-color: #1A3560;
 4 |     overflow: hidden; }
 5 | /* Style the links inside the navigation bar. */
 6 | .navigation a {
 7 |     float: left;
 8 |     color: #1A3560;
 9 |     text-align: center;
10 |     padding: 14px 16px;
11 |     text-decoration: none;
12 |     font-size: 17px; }
13 | /* Change the color of links on hover. */
14 | .navigation a:hover {
15 |     background-color: #ddd;
16 |     color: #1A3560; }
17 | /* Add a color to the active/current link. */
18 | .navigation a.active {
19 |     background-color: #1A3560;
20 |     color: white; }
21 | /* Add main styles for button1 class. */
22 | .button1 {
23 |   -moz-box-shadow: 0px 0px 0px 2px #9fb4f2;
24 |   -webkit-box-shadow: 0px 0px 0px 2px #9fb4f2;
25 |   box-shadow: 0px 0px 0px 2px #9fb4f2;
26 |   background:-webkit-gradient(linear, left top, left bottom, color-stop(0.05, #7892c2), color-stop(1, #476e9e));
27 |   background:-moz-linear-gradient(top, #7892c2 5%, #476e9e 100%);
28 |   background:-webkit-linear-gradient(top, #7892c2 5%, #476e9e 100%);
29 |   background:-o-linear-gradient(top, #7892c2 5%, #476e9e 100%);
30 |   background:-ms-linear-gradient(top, #7892c2 5%, #476e9e 100%);
31 |   background:linear-gradient(to bottom, #7892c2 5%, #476e9e 100%);
32 |   filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#7892c2', endColorstr='#476e9e',GradientType=0);
33 |   background-color:#7892c2;
34 |   -moz-border-radius:10px;
35 |   -webkit-border-radius:10px;
36 |   border-radius:10px;
37 |   border:1px solid #4e6096;
38 |   display:inline-block;
39 |   cursor:pointer;
40 |   color:#ffffff;
41 |   font-family:Arial;
42 |   font-size:14px;
43 |   padding:2px 6px;
44 |   text-decoration:none;
45 |   text-shadow:0px 1px 0px #283966; }
46 | /* Add hover styles for button1 class. */
47 | .button1:hover {
48 |   background:-webkit-gradient(linear, left top, left bottom, color-stop(0.05, #476e9e), color-stop(1, #7892c2));
49 |   background:-moz-linear-gradient(top, #476e9e 5%, #7892c2 100%);
50 |   background:-webkit-linear-gradient(top, #476e9e 5%, #7892c2 100%);
51 |   background:-o-linear-gradient(top, #476e9e 5%, #7892c2 100%);
52 |   background:-ms-linear-gradient(top, #476e9e 5%, #7892c2 100%);
53 |   background:linear-gradient(to bottom, #476e9e 5%, #7892c2 100%);
54 |   filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#476e9e', endColorstr='#7892c2',GradientType=0);
55 |   background-color:#476e9e; }
56 | /* Add styles for when button1 class is clicked. */
57 | .button1:active {
58 |   position:relative;
59 |   top:1px; }


--------------------------------------------------------------------------------
/Scripts/Javascript/JSFunctions.js:
--------------------------------------------------------------------------------
  1 | // / HTA-UI Desktop Application Template
  2 | // / https://github.com/zelon88/HTA-UI
  3 | // / https://github.com/zelon88
  4 | 
  5 | // / Author: Justin Grimes
  6 | // / Date: 8/18/2019
  7 | // / <3 Open-Source
  8 | 
  9 | // / Unless Otherwise Noted, The Code Contained In This Repository Is Licensed Under GNU GPLv3
 10 | // / https://www.gnu.org/licenses/gpl-3.0.html
 11 | 
 12 | // / This HTA application template started out on the Microsoft TechNet website and has served me well.
 13 | // / I hope that someone out there can make as much use out of it as I was able to. 
 14 | 
 15 | // / --------------------
 16 | // / A function to validate the scanner priority input field.
 17 | // / Enforces a minimum of 1 & a maximum of 10.
 18 | function checkPriority(priorityInput) {
 19 |   var priorityValue = document.getElementById(priorityInput).value;
 20 |   if (priorityValue < 1) document.getElementById(priorityInput).value = 1;
 21 |   if (priorityValue > 10) document.getElementById(priorityInput).value = 10; }
 22 | // / --------------------
 23 | 
 24 | // / --------------------
 25 | // / A function to increment the value of a target object.
 26 | // / https://stackoverflow.com/questions/9186346/javascript-onclick-increment-number
 27 | function decrementValue(valToDec) {
 28 |   var value = parseInt(document.getElementById(valToDec).value, 10);
 29 |   value = isNaN(value) ? 0 : value;
 30 |   value--;
 31 |   document.getElementById(valToDec).value = value; }
 32 | // / --------------------
 33 | 
 34 | // / --------------------
 35 | // / A function to increment the value of a target object.
 36 | // / https://stackoverflow.com/questions/9186346/javascript-onclick-increment-number
 37 | function incrementValue(valToInc) {
 38 |   var value = parseInt(document.getElementById(valToInc).value, 10);
 39 |   value = isNaN(value) ? 0 : value;
 40 |   value++;
 41 |   document.getElementById(valToInc).value = value; }
 42 | // / --------------------
 43 | 
 44 | // / --------------------
 45 | // / A function to format a prettified date for the UI.
 46 | function humanDate() {
 47 |   var dateVar = new Date(); 
 48 |   return dateVar.toLocaleString(); }
 49 | // / --------------------
 50 | 
 51 | // / --------------------
 52 | // / A function to call the VB sub saveSettings which just displays the "Save Complete" message.
 53 | function callVBSave() {
 54 |   saveSettings(); }
 55 | // / --------------------
 56 | 
 57 | // / --------------------
 58 | // / A function to read the contents of a text file and replace the  of a page with it's contents.
 59 | function readFile(path) { 
 60 |   var fso = new ActiveXObject('Scripting.FileSystemObject'),
 61 |     iStream=fso.OpenTextFile(path, 1, false);
 62 |   while(!iStream.AtEndOfStream) { 
 63 |     document.body.innerHTML += iStream.ReadLine() + '
'; }        
 64 |   iStream.Close(); }
 65 | // / --------------------
 66 | 
 67 | // / --------------------
 68 | // / A function to read the contents of a text file and return the results.
 69 | function readFile2(path) { 
 70 |   var fso = new ActiveXObject('Scripting.FileSystemObject'),
 71 |     iStream=fso.OpenTextFile(path, 1, false);
 72 |   var data = "";
 73 |   while(!iStream.AtEndOfStream) { 
 74 |     data += iStream.ReadLine() + '
'; }        
 75 |   iStream.Close(); 
 76 |   return data; }
 77 | // / --------------------
 78 | 
 79 | // / --------------------
 80 | // / A function to toggle the visibility of the selected element between "block" and "none".
 81 | function toggleVisibility(id) {
 82 |   var e = document.getElementById(id);
 83 |   if(e.style.display == 'block')
 84 |      e.style.display = 'none';
 85 |   else
 86 |      e.style.display = 'block'; }
 87 | // / --------------------
 88 | 
 89 | // / --------------------
 90 | // / A function to save the current settings to the settings cache.
 91 | // / Change these to actual settings, with the name of the file set to the name of the setting.
 92 | // / Example:  LogDir setting should be stored in LogDir.dat and the setting name is LogDir.
 93 | function updateSetting(setting) {
 94 |   var input = '';
 95 |   if (setting == 'setting1') { 
 96 |   	var file = '../Cache/setting1.dat';
 97 |   	var input = document.getElementById('setting1').value; }
 98 |   if (setting == 'setting2') { 
 99 |   	var file = '../Cache/setting2.dat';
100 |     var input = document.getElementById('setting2').value; }
101 |   if (setting == 'setting3') { 
102 |     var file = '../Cache/setting3.dat';
103 |     var input = document.getElementById('setting3').value; }
104 |   if (setting == 'setting4') { 
105 |     var file = '../Cache/setting4.dat';
106 |     var input = document.getElementById('setting4').value; }
107 |   var data = input;
108 |   var fso = new ActiveXObject("Scripting.FileSystemObject");
109 |   var s = fso.OpenTextFile(file, 2, true);
110 |   s.WriteLine(data);
111 |   s.Close(); }
112 | // / --------------------
113 | 
114 | // / --------------------
115 | // / A function to load the log location from the settings cache.
116 | // / Load the setting by name coinciding with setting file.
117 | // / Example:  LogDir setting can be retrieved from LogDir.dat using name LogDir.
118 | function getSetting(setting) {
119 |   var fso = new ActiveXObject('Scripting.FileSystemObject'),
120 |   iStream = fso.OpenTextFile('Cache/' + setting + '.dat', 1, false);
121 |   while(!iStream.AtEndOfStream) { 
122 |     data = iStream.ReadLine(); }        
123 |   iStream.Close(); 
124 |   return data; }
125 | // / --------------------


--------------------------------------------------------------------------------
/Scripts/PHP/PHP-AV/scanCore.php:
--------------------------------------------------------------------------------
  1 | $arg) {
111 |     trim($arg);
112 |     $arg = htmlentities(str_replace(str_split('~#[](){};:$!#^&%@>*<"\''), '', $arg));
113 |     if ($arg == '-memorylimit' or $arg == '-m') $memoryLimit = $argv[$key + 1];
114 |     if ($arg == '-chunksize' or $arg == '-c') $chunkSize = $argv[$key + 1]; 
115 |     if ($arg == '-debug' or $arg == '-d') $debug = TRUE; 
116 |     if ($arg == '-verbose' or $arg == '-v') $verbose = TRUE;
117 |     if ($arg == '-recursion' or $arg == '-r') $recursion = TRUE; 
118 |     if ($arg == '-norecursion' or $arg == '-nr') $recursion = FALSE; }
119 |   if (!file_exists($argv[1])) { 
120 |     $txt = 'The specified file was not found! The first argument must be a valid file or directory path!'; 
121 |     addLogEntry($txt, TRUE, 200);
122 |     die ($txt.PHP_EOL); }
123 |   else $pathToScan = $argv[1];
124 |   if (!is_numeric($memoryLimit) or !is_numeric($chunkSize)) { 
125 |     $txt = 'Either the chunkSize argument or the memoryLimit argument is invalid. Substituting default values.';
126 |     addLogEntry($txt, TRUE, 300); 
127 |     echo $txt.PHP_EOL;
128 |     $memoryLimit = $defaultMemoryLimit; 
129 |     $chunkSize = $defaultChunkSize; }
130 |   return(array($pathToScan, $memoryLimit, $chunkSize, $debug, $verbose, $recursion)); }
131 | // / -----------------------------------------------------------------------------------
132 | 
133 | // / -----------------------------------------------------------------------------------
134 | // Hunts files/folders recursively for scannable items.
135 | function file_scan($folder, $defs, $DefsFile, $defData, $debug, $verbose, $memoryLimit, $chunkSize, $recursion) {
136 |   global $fileCount, $dirCount, $infected;
137 |   if ($d = @dir($folder)) {
138 |     while (FALSE !== ($entry = $d->read())) {
139 |       $isdir = @is_dir($folder.'/'.$entry);
140 |       if (!$isdir and $entry != '.' and $entry != '..') {      
141 |         list($fileCount, $infected) = virus_check($folder.'/'.$entry, $defs, $DefsFile, $defsData, $debug, $verbose, $memoryLimit, $chunkSize); } 
142 |       elseif ($isdir and $recursion and $entry != '.' and $entry != '..') {
143 |         if ($debug) { 
144 |           $txt = 'Scanning folder "'.$folder.'" ... ';
145 |           addLogEntry($txt, FALSE, 0); }
146 |         if ($verbose) { 
147 |           $txt = 'Scanning folder "'.$folder.'" ... ';
148 |           echo $txt.PHP_EOL; }
149 |         $dirCount++;
150 |         $dirCount = file_scan($folder.'/'.$entry, $defs, $DefsFile, $defData, $debug, $verbose, $memoryLimit, $chunkSize, $recursion); } }
151 |     $d->close(); } 
152 |     return array($dirCount, $fileCount, $infected); }
153 | // / -----------------------------------------------------------------------------------
154 | 
155 | // / -----------------------------------------------------------------------------------
156 | // Reads tab-delimited defs file. Also hashes the file to avoid self-detection.
157 | function load_defs($file, $debug, $verbose) {
158 |   if (!file_exists($file)) {
159 |     $defs = $defData = FALSE;
160 |     $txt = 'Could not load the virus definition file located at "'.$file.'"! File either does not exist or cannot be read!';
161 |     addLogEntry($txt, TRUE, 600); 
162 |     if ($verbose) echo $txt.PHP_EOL;
163 |     die(); }
164 |   else { 
165 |     $defs = file($file);
166 |     $counter = 0;
167 |     $counttop = sizeof($defs);
168 |     $defData = hash_file('sha256', $file);
169 |     while ($counter < $counttop) {
170 |       $defs[$counter] = explode('  ', $defs[$counter]);
171 |       $counter++; }
172 |     if ($debug) { 
173 |       $txt = 'Loaded '.sizeof($defs).' virus definitions.';
174 |       addLogEntry($txt, FALSE, 0); } }
175 |     if ($verbose) { 
176 |       $txt = 'Loaded '.sizeof($defs).' virus definitions.'; 
177 |       echo $txt.PHP_EOL; } 
178 |   return (array($defs, $defData)); }
179 | // / -----------------------------------------------------------------------------------
180 | 
181 | // / -----------------------------------------------------------------------------------
182 | // Hashes and checks files/folders for viruses against static virus defs.
183 | function virus_check($file, $defs, $DefsFile, $defData, $debug, $verbose, $memoryLimit, $chunkSize) {
184 |   global $fileCount, $dirCount, $infected;
185 |   $fileCount++;
186 |   if ($file !== $DefsFileName) {
187 |     if (file_exists($file)) { 
188 |       $txt = ('Scanning file "'.$file.'".');
189 |       addLogEntry($txt, FALSE, 0);
190 |       if ($verbose) echo $txt.PHP_EOL;
191 |       $filesize = filesize($file);
192 |       $data1 = hash_file('md5', $file);
193 |       $data2 = hash_file('sha256', $file);
194 |       // / Scan files larger than the memory limit by breaking them into chunks.
195 |       if ($filesize >= $memoryLimit && file_exists($file)) { 
196 |         if ($debug) { 
197 |           $txt = 'Chunking file ... ';
198 |           addLogEntry($txt, FALSE, 0); }
199 |         if ($verbose) {
200 |           $txt = 'Chunking File ... ';
201 |           echo $txt.PHP_EOL; }
202 |         $handle = @fopen($file, "r");
203 |         if ($handle) {
204 |           while (($buffer = fgets($handle, $chunkSize)) !== FALSE) {
205 |             $data = $buffer; 
206 |             if ($debug) { 
207 |               $txt = 'Scanning chunk ... ';
208 |               addLogEntry($txt, FALSE, 0); }
209 |             if ($verbose) { 
210 |               $txt = 'Scanning chunk ... '; 
211 |               echo $txt.PHP_EOL; }
212 |             foreach ($defs as $virus) {
213 |               $virus = explode("\t", $virus[0]);
214 |               if (isset($virus[1]) && !is_null($virus[1]) && $virus[1] !== '' && $virus[1] !== ' ') {
215 |                 if (strpos(strtolower($data), strtolower($virus[1])) !== FALSE or strpos(strtolower($file), strtolower($virus[1])) !== FALSE) { 
216 |                   // File matches virus defs.
217 |                   $txt = 'Infected: '.$file.' ('.$virus[0].', Data Match: '.$virus[1].')';
218 |                   addLogEntry($txt, FALSE, 0);
219 |                   if ($verbose) echo $txt.PHP_EOL;
220 |                   $infected++; } } } }
221 |           if (!feof($handle)) {
222 |             $txt = 'Unable to open "'.$file.'"!';
223 |             addLogEntry($txt, TRUE, 800); 
224 |             if ($verbose) echo $txt.PHP_EOL; }
225 |           fclose($handle); } 
226 |           if (isset($virus[2]) && !is_null($virus[2]) && $virus[2] !== '' && $virus[2] !== ' ') {
227 |             if (strpos(strtolower($data1), strtolower($virus[2])) !== FALSE) {
228 |               // File matches virus defs.
229 |               $txt = 'Infected: '.$file.' ('.$virus[0].', MD5 Hash Match: '.$virus[2].')';
230 |               addLogEntry($txt, FALSE, 0);
231 |               if ($verbose) echo $txt.PHP_EOL;
232 |               $infected++; } }
233 |             if (isset($virus[3]) && !is_null($virus[3]) && $virus[3] !== '' && $virus[3] !== ' ') {
234 |               if (strpos(strtolower($data2), strtolower($virus[3])) !== FALSE) {
235 |                 // File matches virus defs.
236 |                 $txt = 'Infected: '.$file.' ('.$virus[0].', SHA256 Hash Match: '.$virus[3].')';
237 |                 addLogEntry($txt, FALSE, 0);
238 |                 if ($verbose) echo $txt.PHP_EOL;
239 |                 $infected++; } } 
240 |             if (isset($virus[4]) && !is_null($virus[4]) && $virus[4] !== '' && $virus[4] !== ' ') {
241 |               if (strpos(strtolower($data3), strtolower($virus[4])) !== FALSE) {
242 |                 // File matches virus defs.
243 |                 $txt = 'Infected: '.$file.' ('.$virus[0].', SHA1 Hash Match: '.$virus[4].')';
244 |                 addLogEntry($txt, FALSE, 0);
245 |                 if ($verbose) echo $txt.PHP_EOL;
246 |                 $infected++; } } } 
247 |       // / Scan files smaller than the memory limit by fitting the entire file into memory.
248 |       if ($filesize < $memoryLimit && file_exists($file)) {
249 |         $data = file_get_contents($file); }
250 |       if ($defData !== $data2) {
251 |         foreach ($defs as $virus) {
252 |           $virus = explode("\t", $virus[0]);
253 |           if (isset($virus[1]) && !is_null($virus[1]) && $virus[1] !== '' && $virus[1] !== ' ') {
254 |             if (strpos(strtolower($data), strtolower($virus[1])) !== FALSE or strpos(strtolower($file), strtolower($virus[1])) !== FALSE) {
255 |              // File matches virus defs.
256 |               $txt = 'Infected: '.$file.' ('.$virus[0].', Data Match: '.$virus[1].')';
257 |               addLogEntry($txt, FALSE, 0);
258 |               if ($verbose) echo $txt.PHP_EOL;
259 |               $infected++; } }
260 |           if (isset($virus[2]) && !is_null($virus[2]) && $virus[2] !== '' && $virus[2] !== ' ') {
261 |             if (strpos(strtolower($data1), strtolower($virus[2])) !== FALSE) {
262 |                 // File matches virus defs.
263 |               $txt = 'Infected: '.$file.' ('.$virus[0].', MD5 Hash Match: '.$virus[2].')';
264 |               addLogEntry($txt, FALSE, 0);
265 |               if ($verbose) echo $txt.PHP_EOL;
266 |               $infected++; } }
267 |             if (isset($virus[3]) && !is_null($virus[3]) && $virus[3] !== '' && $virus[3] !== ' ') {
268 |               if (strpos(strtolower($data2), strtolower($virus[3])) !== FALSE) {
269 |                 // File matches virus defs.
270 |                 $txt = 'Infected: '.$file.' ('.$virus[0].', SHA256 Hash Match: '.$virus[3].')';
271 |                 addLogEntry($txt, FALSE, 0);
272 |                 if ($verbose) echo $txt.PHP_EOL;
273 |                 $infected++; } } 
274 |             if (isset($virus[4]) && !is_null($virus[4]) && $virus[4] !== '' && $virus[4] !== ' ') {
275 |               if (strpos(strtolower($data3), strtolower($virus[4])) !== FALSE) {
276 |                 // File matches virus defs.
277 |                 $txt = 'Infected: '.$file.' ('.$virus[0].', SHA1 Hash Match: '.$virus[4].')';
278 |                 addLogEntry($txt, FALSE, 0);
279 |                 if ($verbose) echo $txt.PHP_EOL;
280 |                 $infected++; } } } } } }
281 |   return (array($fileCount, $infected)); } 
282 | // / -----------------------------------------------------------------------------------
283 | 
284 | // / -----------------------------------------------------------------------------------
285 | // / The main logic of the program.
286 | 
287 | // / Create required directories if they don't already exist.
288 | createDirs($RequiredDirs);
289 | // / Process supplied command-line arguments.
290 |   // / C:\Path-To-PHP-Binary.exe C:\Path-To-ScanCore.php C:\Path-To-Scan\ -m [integer] -c [integer] -v -d
291 | list($pathToScan, $memoryLimit, $chunkSize, $debug, $verbose, $recursion) = parseArgs($argv);
292 | // / Set some welcome text. 
293 |   // / Log the welcome text if $debug variable (-d switch) is set.
294 |   // / Output the welcome text to the terminal if the $verbose (-v switch) variable is set.
295 | $txt = 'Starting PHP-AV ScanCore!';
296 | if ($debug) addLogEntry($txt, FALSE, 0);
297 | if ($verbose) echo PHP_EOL.$txt.PHP_EOL;
298 | // / Load the virus definitions into memory and calculate it's hash (to avoid detecting our own definitions as an infection).
299 | list($defs, $defData) = load_defs($DefsFile, $debug, $verbose);
300 | // / Start the scanner!
301 | list($dirCount, $fileCount, $infected) = file_scan($pathToScan, $defs, $DefsFile, $defsData, $debug, $verbose, $memoryLimit, $chunkSize, $recursion);
302 | // / Copy the report file to the Logs directory for safe permanent keeping.
303 | @copy($ReportFile, $LogFile);
304 | // / Set some summary text. 
305 |   // / Log the summart text if $debug variable (-d switch) is set.
306 |   // / Output the summary text to the terminal if the $verbose (-v switch) variable is set.
307 | $txt = 'Scanned '.$fileCount.' files in '.$dirCount.' folders and found '.$infected.' potentially infected items.';
308 | if ($debur) addLogEntry($txt, FALSE, 0);
309 | if ($verbose) echo $txt.PHP_EOL; 
310 | // / -----------------------------------------------------------------------------------


--------------------------------------------------------------------------------
/Scripts/Readme.txt:
--------------------------------------------------------------------------------
1 | These folders contain the scripts for the HR-AV application, organized by language and/or technology used.


--------------------------------------------------------------------------------
/Scripts/VBS/Accessibility_Defender.vbs:
--------------------------------------------------------------------------------
  1 | 'HR-AV Desktop Antivirus
  2 | 'https://github.com/zelon88/HR-AV
  3 | 'https://github.com/zelon88
  4 | 
  5 | 'Author: Justin Grimes
  6 | 'Date: 9/19/2019
  7 | '<3 Open-Source
  8 | 
  9 | 'Unless Otherwise Noted, The Code Contained In This Repository Is Licensed Under GNU GPLv3
 10 | 'https://www.gnu.org/licenses/gpl-3.0.html
 11 | 
 12 | 'File Name: Accessibility_Defender.vbs
 13 | 'Version: v1.0, 9/19/2019
 14 | 
 15 | 'This file was modified from https://github.com/zelon88/Accessibility-Tools-utilmon-Defender
 16 | 'For use in the HR-AV application.
 17 | 
 18 | Option Explicit
 19 | 
 20 | Dim oShell, oFSO, dangerousExes, exe, cmdHardCodedHash, cmdDynamicHash, strComputerName, strUserName, strLogFilePath, strSafeDate, _
 21 |  strSafeTime, strDateTime, strLogFileName, strEventInfo, objLogFile, cmdHashCache, objCmdHashCache, dangerHashCache, objVBSFile, _
 22 |  dangerHashData, mailFile, objDangerHashCache, oFile, toEmail, fromEmail, companyDomain, companyAbbr, companyName, appPath, pathToVBS, enableEmail
 23 | 
 24 | 'The "appPath" is the full absolute path for the script directory, with trailing slash.
 25 | appPath = CreateObject("Scripting.FileSystemObject").GetParentFolderName(WScript.ScriptFullName) & "\"
 26 | 'Perform a quick sanity check to be sure the value of "appPath" won't cause problems.
 27 | If appPath = NULL or appPath = FALSE Then
 28 |   appPath = ""
 29 | End If
 30 | Set oShell = WScript.CreateObject("WScript.Shell")
 31 | Set oFSO = CreateObject("Scripting.FileSystemObject")
 32 | dangerousExes = Array("Magnify.exe", "Narrator.exe", "osk.exe", "sapisvr.exe", "control.exe", "utilman.exe")
 33 | cmdHardCodedHash = "db 06 c3 53 49 64 e3 fc 79 d2 76 31 44 ba 53 74 2d 7f a2 50 ca 33 6f 4a 0f e7 24 b7 5a af f3 86"
 34 | cmdDynamicHash = ""
 35 | strComputerName = oShell.ExpandEnvironmentStrings("%COMPUTERNAME%")
 36 | strUserName = oShell.ExpandEnvironmentStrings("%USERNAME%")
 37 | strLogFilePath = Left(appPath, InStrRev(appPath, "Scripts\VBS\")) & "Logs\"
 38 | strSafeDate = DatePart("yyyy",Date) & Right("0" & DatePart("m",Date), 2) & Right("0" & DatePart("d",Date), 2)
 39 | strSafeTime = Right("0" & Hour(Now), 2) & Right("0" & Minute(Now), 2) & Right("0" & Second(Now), 2)
 40 | strDateTime = strSafeDate & "-" & strSafeTime
 41 | strLogFileName = strLogFilePath & "\" & strComputerName & "-" & strDateTime & "-Accessibility_Defender.txt"
 42 | cmdHashCache = Left(appPath, InStrRev(appPath, "Scripts\VBS\")) & "Cache\cmdHashCache.dat"
 43 | dangerHashCache = Left(appPath, InStrRev(appPath, "Scripts\VBS\")) & "Cache\dangerHashCache.dat"
 44 | mailFile = Left(appPath, InStrRev(appPath, "Scripts\VBS\")) & "Temp\Accessibility_Defender_Warning.mail"
 45 | 
 46 | 'A function to execute VBS scripts in the context and scope of the running script. Works just like a PHP include().
 47 | 'https://blog.ctglobalservices.com/scripting-development/jgs/include-other-files-in-vbscript/
 48 | Sub Include(pathToVBS)
 49 |   Set objVBSFile = oFSO.OpenTextFile(pathToVBS, 1)
 50 |   ExecuteGlobal objVBSFile.ReadAll
 51 |   objVBSFile.Close
 52 |   objVBSFile = NULL
 53 | End Sub
 54 | 
 55 | 'A function to clear the previous dangerCache and create a new one.
 56 | Function clearCache()
 57 |   If oFSO.FileExists(dangerHashCache) Then
 58 |     oFSO.DeleteFile(dangerHashCache)
 59 |   End If
 60 |   If Not oFSO.FileExists(dangerHashCache) Then
 61 |     oFSO.CreateTextFile(dangerHashCache)
 62 |   End If
 63 | End Function
 64 | 
 65 | 'A function to create the CMD Hash Cache file.
 66 | Function getCmdHash()
 67 |   If oFSO.FileExists("C:\Windows\System32\cmd.exe") Then
 68 |     oShell.run "cmd /c CertUtil -hashfile ""C:\Windows\System32\cmd.exe"" SHA256 | find /i /v ""SHA256"" | find /i /v ""certutil"" > " & cmdHashCache, 0, TRUE
 69 |   End If
 70 | End Function
 71 | 
 72 | 'A function to hash each of the hardcoded files and cache the value.
 73 | Function getDangerHash()
 74 |   For Each exe In dangerousExes
 75 |     If oFSO.FileExists("C:\Windows\System32\" & exe) Then
 76 |       oShell.run "cmd /c CertUtil -hashfile ""C:\Windows\System32\" & exe & """ SHA256 | find /i /v ""SHA256"" | find /i /v ""certutil"" >> " & dangerHashCache, 0, TRUE
 77 |     End If
 78 |   Next
 79 | End Function
 80 | 
 81 | 'A function to read the CMD hash cache.
 82 | Function cmdHashData()
 83 |   If oFSO.FileExists(cmdHashCache) Then
 84 |     Set objCmdHashCache = oFSO.OpenTextFile(cmdHashCache)
 85 |     cmdHashData = objCmdHashCache.ReadAll()
 86 |     objCmdHashCache.close 
 87 |   End If
 88 | End Function
 89 | 
 90 | 'A function to read the Danger hash cache and compare it to the CMD hash cache and hardcoded CMD hash.
 91 | Function hashMatch()
 92 |   hashMatch = FALSE
 93 |   If oFSO.FileExists(dangerHashCache) Then
 94 |     Set objDangerHashCache = oFSO.OpenTextFile(dangerHashCache)
 95 |     Do While Not objDangerHashCache.AtEndOfStream
 96 |       dangerHashData = objDangerHashCache.ReadLine()
 97 |       If dangerHashData = cmdHashData() Or dangerHashData = cmdHardCodedHash Then
 98 |         hashMatch = TRUE
 99 |       End If
100 |     loop
101 |     objDangerHashCache.close
102 |   End If
103 | End Function
104 | 
105 | 'A function to create a log file.
106 | Function createLog(strEventInfo)
107 |   If Not (strEventInfo = "") Then
108 |     Set objLogFile = oFSO.CreateTextFile(strLogFileName, True)
109 |     objLogFile.WriteLine(strEventInfo)
110 |     objLogFile.Close
111 |   End If
112 | End Function
113 | 
114 | Function createEmail()
115 |   If oFSO.FileExists(mailFile) Then
116 |     oFSO.DeleteFile(mailFile)
117 |   End If
118 |   If Not oFSO.FileExists(mailFile) Then 
119 |     oFSO.CreateTextFile(mailFile)
120 |   End If
121 |   Set oFile = oFSO.CreateTextFile(mailFile, True)
122 |   oFile.Write "To: " & toEmail & vbNewLine & "From: " & strComputerName & "@" & companyDomain & vbNewLine & _
123 |    "Subject: " & companyAbbr& " Accessibility Defender Warning!!!" & vbNewLine & _
124 |       "This is an automatic email from the " & companyName & " Network to notify you that a workstation was defended from Accessibility Tools exploitation." & _
125 |    vbNewLine & vbNewLine & "Please log-in and verify that the equipment listed below is secure." & vbNewLine & _
126 |    vbNewLine & "USER NAME: " & strUserName & vbNewLine & "WORKSTATION: " & strComputerName & vbNewLine & _
127 |    "This check was generated by " & strComputerName & "." & vbNewLine & vbNewLine & _
128 |    "Script: ""Accessibility_Defender.vbs""" 
129 |   oFile.close
130 | End Function
131 | 
132 | 'A function for running SendMail.
133 | Function sendEmail() 
134 |   oShell.run "cmd /c " & Left(appPath, InStrRev(appPath, "Scripts\VBS\")) & "Binaries\Sendmail\sendmail.exe " & mailFile, 0, TRUE
135 | End Function
136 | 
137 | 'A function to display a warning message to the user and kill the machine after a specified time.
138 | Function killWorkstation()
139 |   oShell.Run "cmd /c C:\windows\system32\shutdown.exe", 0, false
140 | End Function
141 | 
142 | Include(Left(appPath, InStrRev(appPath, "Scripts\VBS\")) & "Config\Service_Config.vbs")
143 | 
144 | clearCache()
145 | getCmdHash()
146 | getDangerHash()
147 | hashMatch()
148 | 
149 | If hashMatch Then
150 |   createLog("The machine " & strComputerName & " just attempted to execute an Accessibility Tools exploitation!")
151 |   If enableEmail Then
152 |     createEmail()
153 |     sendEmail()
154 |   End If
155 |   killWorkstation()
156 | End If
157 | 


--------------------------------------------------------------------------------
/Scripts/VBS/Main-Core.vbs:
--------------------------------------------------------------------------------
 1 | 'HR-AV Desktop Antivirus
 2 | 'https://github.com/zelon88/HR-AV
 3 | 'https://github.com/zelon88
 4 | 
 5 | 'Author: Justin Grimes
 6 | 'Date: 9/23/2019
 7 | '<3 Open-Source
 8 | 
 9 | 'Unless Otherwise Noted, The Code Contained In This Repository Is Licensed Under GNU GPLv3
10 | 'https://www.gnu.org/licenses/gpl-3.0.html
11 | 
12 | 'This file contains the main logic that utilizes the functions and code specified in other Core files.
13 | 'This file requires Config.vbs, UI-Core.vbs and App-Core.vbs.
14 | 
15 | '--------------------------------------------------
16 | Option Explicit
17 | 
18 | Dim realTimeCoreResults
19 | '--------------------------------------------------
20 | 
21 | '--------------------------------------------------
22 | 'The main logic of the application. The functional entry point for execution.
23 | 'Requires functions and variables defined in Config.vbs, UI-Core.vbs, and App-Core.vbs.
24 | 'This script is to be run from an HTA which has already loaded the scripts listed above into memory.
25 | 
26 | 'Verify the application is installed to the Program Files directory.
27 | 'Fire the installation wizard if not.
28 | If Not isInProgramFiles() Then
29 |   If verifyDirectories() Then
30 |     If verifyInstallation() Then
31 |       PrintGracefully appName & " - " & "Installation Wizard", "Installation Complete!", "vbOKOnly"
32 |     End If
33 |   End If
34 | End If
35 | 
36 | 'Check that the script is running as the HRAV admin user, or that the session is elevated.
37 | If Not isUserHRAV() And Not isUserAdmin() Then 
38 |   restartAsAdmin()
39 | End If
40 | 
41 | 'Verify that required cache files exist and set objects for them.
42 | verifyCache()
43 | 
44 | 'Check if the Real-Time Protection engine needs to be started and start it if needed.
45 | If realTimeProtectionEnabled Then
46 |   If DateDiff("n", oRTPCacheFile1.DateLastModified, Now) > 2 Then
47 |     realTimeCoreResults = SystemBootstrap("""" & realTimeCoreFile & """", "", FALSE)
48 |     MsgBox realTimeCoreResults
49 |   End If
50 | End If
51 | 
52 | 'If the startup variable is set, we kill the UI and leave the background services running.
53 | If startup Then
54 |   createLog("Startup detected. Closing UI but leaving background processes open.")
55 |   killAllHTAS()
56 | End If
57 | '--------------------------------------------------


--------------------------------------------------------------------------------
/Scripts/VBS/Ransomware_Defender.vbs:
--------------------------------------------------------------------------------
  1 | 'HR-AV Desktop Antivirus
  2 | 'https://github.com/zelon88/HR-AV
  3 | 'https://github.com/zelon88
  4 | 
  5 | 'Author: Justin Grimes
  6 | 'Date: 8/23/2019
  7 | '<3 Open-Source
  8 | 
  9 | 'Unless Otherwise Noted, The Code Contained In This Repository Is Licensed Under GNU GPLv3
 10 | 'https://www.gnu.org/licenses/gpl-3.0.html
 11 | 
 12 | 'File Name: Ransomware_Defender.vbs
 13 | 'Version: v1.3.1, 8/23/2019
 14 | 
 15 | 'This file was modified from https://github.com/zelon88/Ransomware_Defender
 16 | 'For use in the HR-AV application.
 17 | 
 18 | Option Explicit
 19 | 
 20 | dim oShell, oShell2, oFSO, perimiterFile, perimiterFiles, perimiterCheck, perimiterFileHash, scriptName, tempFile, appPath, logPath, exe, cmdHardCodedHash, cmdDynamicHash, strComputerName, _
 21 |  strUserName, strSafeDate, strSafeTime, strDateTime, logFileName, strEventInfo, objLogFile, cmdHashCache, objCmdHashCache, dangerHashCache, tempDir, tempDir0, tempDir1, _
 22 |  dangerHashData, mailFile, objDangerHashCache, oFile, tempOutput, companyName, companyAbbr, companyDomain, toEmail, defaultPerimiterFile, tempData, _
 23 |  defaultPerimiterFileName, searchname1, folder, file, sourcefolder, targetFileName, enableEmail, pathToVBS, objVBSFile
 24 | 
 25 |   ' ----------
 26 |   ' Company Specific variables.
 27 |   ' Change the following variables to match the details of your organization.
 28 |   
 29 |   ' The "scriptName" is the filename of this script.
 30 |   scriptName = "Ransomware_Defender.vbs"
 31 |   ' The "appPath" is the full absolute path for the script directory, with trailing slash.
 32 |   appPath = CreateObject("Scripting.FileSystemObject").GetParentFolderName(WScript.ScriptFullName) & "\"
 33 |   ' Perform a quick sanity check to be sure the value of "appPath" won't cause problems.
 34 |   If appPath = NULL or appPath = FALSE Then
 35 |     appPath = ""
 36 |   End If
 37 |   ' The "logPath" is the full absolute path for where network-wide logs are stored.
 38 |   logPath = Left(appPath, InStrRev(appPath, "Scripts\VBS\")) & "Logs\"
 39 |   ' The "mailFile" is the full absolute path to the location where a temporary email file will be generated.
 40 |   mailFile = Left(appPath, InStrRev(appPath, "Scripts\VBS\")) & "Temp\Ransomware_Defender_Warning.mail"
 41 |   ' The "defaultPerimiterFileName" is the master filename that all other perimiterfiles are copied from. It is located in the \Cache directory of the appPath.
 42 |   defaultPerimiterFileName = "Ransomware_Defender_Perimiter_File.dat"
 43 |   ' The "defaultPerimiterFile" is the master file that all other perimiter files are copied from. It is located in the \Cache directory of the appPath.
 44 |   defaultPerimiterFile = Left(appPath, InStrRev(appPath, "Scripts\VBS\")) & "Cache\" & defaultPerimiterFileName
 45 |   ' You can change the values in the array below to add, remove, or rename perimiter files. 
 46 |   ' It's probably a good idea to randomize these values just in case ransomware authors build ransomware to avoid these defaults.
 47 |   perimiterFiles = Array("C:\Ransomware_Defender_Perimiter_File.dat", "C:\Program Files\Ransomware_Defender_Perimiter_File.dat", "C:\Users\Ransomware_Defender_Perimiter_File.dat", "C:\Windows\Ransomware_Defender_Perimiter_File.dat")
 48 |   ' The "perimiterFileHash" is a hard coded SHA256 hash that matches the "defaultPerimiterFile".
 49 |   perimiterFileHash = "cd 7e 60 a8 43 ca 66 50 6f 7e 48 10 3b 09 32 ec 6c 62 f1 81 1c 70 44 be ac 04 67 c6 8a d7 6e 18"
 50 |   ' ----------
 51 | 
 52 | 'Set global variables for the session.
 53 | Set oShell = WScript.CreateObject("WScript.Shell")
 54 | Set oShell2 = CreateObject("Shell.Application")
 55 | Set oFSO = CreateObject("Scripting.FileSystemObject")
 56 | strComputerName = oShell.ExpandEnvironmentStrings("%COMPUTERNAME%")
 57 | strUserName = oShell.ExpandEnvironmentStrings("%USERNAME%")
 58 | tempDir0 = Left(appPath, InStrRev(appPath, "Scripts\VBS\"))
 59 | tempDir1 = tempDir0 & "\Cache"
 60 | tempDir = tempDir1 & "\" & strComputerName
 61 | tempFile = tempDir & "\" & strComputerName & "-Cache.dat"
 62 | strSafeDate = DatePart("yyyy",Date) & Right("0" & DatePart("m",Date), 2) & Right("0" & DatePart("d",Date), 2)
 63 | strSafeTime = Right("0" & Hour(Now), 2) & Right("0" & Minute(Now), 2) & Right("0" & Second(Now), 2)
 64 | strDateTime = strSafeDate & "-" & strSafeTime
 65 | logFileName = logPath & "\" & strComputerName & "-" & strDateTime & "-Ransomware_Defender.txt"
 66 | 
 67 | 'A function to execute VBS scripts in the context and scope of the running script. Works just like a PHP include().
 68 | 'https://blog.ctglobalservices.com/scripting-development/jgs/include-other-files-in-vbscript/
 69 | Sub Include(pathToVBS)
 70 |   Set objVBSFile = oFSO.OpenTextFile(pathToVBS, 1)
 71 |   ExecuteGlobal objVBSFile.ReadAll
 72 |   objVBSFile.Close
 73 |   objVBSFile = NULL
 74 | End Sub
 75 | 
 76 | 'A function to tell if the script has the required priviledges to run.
 77 | 'Returns TRUE if the application is elevated.
 78 | 'Returns FALSE if the application is not elevated.
 79 | Function isUserAdmin()
 80 |   On Error Resume Next
 81 |   CreateObject("WScript.Shell").RegRead("HKEY_USERS\S-1-5-19\Environment\TEMP")
 82 |   If Err.number = 0 Then 
 83 |     isUserAdmin = TRUE
 84 |   Else
 85 |     isUserAdmin = FALSE
 86 |   End If
 87 |   Err.Clear
 88 | End Function
 89 | 
 90 | 'A function to restart the script with admin priviledges if required.
 91 | Function restartAsAdmin()
 92 |     oShell2.ShellExecute "wscript.exe", Chr(34) & WScript.ScriptFullName & Chr(34), "", "runas", 1
 93 | End Function
 94 | 
 95 | 'A function to verify the tempDir and clear the previous tempFile file and create a new one.
 96 | 'Start by making C:\Program Files\Ransomware_Defender.
 97 | 'Then make C:\Program Files\Ransomware_Defender\Cache.
 98 | 'Then verify the cache files inside.
 99 | Function clearCache()
100 |   If Not oFSO.FolderExists(tempDir0) Then
101 |     oFSO.CreateFolder(tempDir0)
102 |   End If
103 |   If oFSO.FolderExists(tempDir0) Then
104 |     If Not oFSO.FolderExists(tempDir1) Then
105 |       oFSO.CreateFolder(tempDir1)
106 |     End If
107 |     If oFSO.FolderExists(tempDir1) Then
108 |       If Not oFSO.FolderExists(tempDir) Then
109 |         oFSO.CreateFolder(tempDir)
110 |       End If
111 |       If oFSO.FolderExists(tempDir) Then
112 |         If oFSO.FileExists(tempFile) Then
113 |           oFSO.DeleteFile(tempFile)
114 |         End If
115 |         If Not oFSO.FileExists(tempFile) Then
116 |           oFSO.CreateTextFile(tempFile)
117 |         End If
118 |       End If
119 |     End If
120 |   End If
121 | End Function
122 | 
123 | 'A function to ensure a missing perimiter file hasn't been changed by malware.
124 | 'Returns TRUE when no matching files are found.
125 | 'Returns FALSE when a file with matching name is found.
126 | Function searchForPerimiterFile(perimiterFile)
127 |   searchForPerimiterFile = TRUE
128 |   'Variable default is "Ransomware_Defender_Perimiter_File".
129 |   searchname1 = Replace(defaultPerimiterFileName, ".dat", "")
130 |   'Variable default is "Ransomware_Defender_Perimiter_File.dat".
131 |   sourcefolder = Replace(perimiterFile, defaultPerimiterFileName, "")
132 |   Set folder = oFSO.Getfolder(sourcefolder)  
133 |   For Each file In folder.files
134 |     targetFileName = oFSO.GetBasename(file)
135 |     If InStr(lcase(targetFileName), lcase(searchname1)) > 0 Or InStr(lcase(searchname1), lcase(targetFileName)) > 0 Then
136 |       searchForPerimiterFile = FALSE
137 |     End If
138 |   Next
139 | End Function
140 | 
141 | 'A function to detect each perimiter file on the system and ensure that it has not been altered.
142 | 'Returns TRUE when perimiter files exist and are valid.
143 | Function verifyPerimiterFiles()
144 |   perimiterCheck = TRUE
145 |   verifyPerimiterFiles = TRUE
146 |   For Each perimiterFile In perimiterFiles
147 |     If Not oFSO.FileExists(perimiterFile) Then
148 |       perimiterCheck = searchForPerimiterFile(perimiterFile)
149 |       oFSO.Copyfile defaultPerimiterFile, perimiterFile
150 |     Else
151 |       oShell.run "c:\Windows\System32\cmd.exe /c CertUtil -hashfile """ & perimiterFile & """ SHA256 | find /i /v ""SHA256"" | find /i /v ""certutil"" > """ & tempFile & """", 0, TRUE
152 |       Set tempOutput = oFSO.OpenTextFile(tempFile)
153 |       If Not tempOutput.AtEndOfStream Then 
154 |         tempData = tempOutput.ReadAll()
155 |       End If
156 |     End If
157 |     If Trim(tempData) = Trim(perimiterFileHash) Or perimiterCheck = FALSE Then
158 |       verifyPerimiterFiles = FALSE
159 |       Exit For
160 |     End If
161 |   Next
162 | End Function
163 | 
164 | 'A function to create a log file.
165 | Function createLog(strEventInfo)
166 |   If Not strEventInfo = "" Then
167 |     Set objLogFile = oFSO.CreateTextFile(logFileName, True)
168 |     objLogFile.WriteLine(strEventInfo)
169 |     objLogFile.Close
170 |   End If
171 | End Function
172 | 
173 | 'A function to create a Warning.mail file. Use to prepare an email before calling sendEmail().
174 | Function createEmail()
175 |   If oFSO.FileExists(mailFile) Then
176 |     oFSO.DeleteFile(mailFile)
177 |   End If
178 |   If Not oFSO.FileExists(mailFile) Then
179 |     oFSO.CreateTextFile(mailFile)
180 |   End If
181 |   Set oFile = oFSO.CreateTextFile(mailFile, True)
182 |   oFile.Write "To: " & toEmail & vbNewLine & "From: " & strComputerName & "@" & companyDomain & vbNewLine & _
183 |    "Subject: " & companyAbbr & " Ransomware Defender Warning!!!" & vbNewLine & _
184 |    "This is an automatic email from the " & companyName & " Network to notify you that a workstation was disabled to prevent potential ransomware activity." & _
185 |    vbNewLine & vbNewLine & "Please log-in and verify that the equipment listed below is secure." & vbNewLine & _
186 |    vbNewLine & "USER NAME: " & strUserName & vbNewLine & "WORKSTATION: " & strComputerName & vbNewLine & _
187 |    "This check was generated by " & strComputerName & "." & vbNewLine & vbNewLine & _
188 |    "Script: """ & scriptName & """" 
189 |   oFile.close
190 | End Function
191 | 
192 | 'A function for running SendMail to send a prepared Warning.mail email message.
193 | Function sendEmail() 
194 |   oShell.run "c:\Windows\System32\cmd.exe /c " & Left(appPath, InStrRev(appPath, "Scripts\VBS\")) & "Binaries\Sendmail\sendmail.exe " & mailFile, 0, TRUE
195 | End Function
196 | 
197 | 'A function shut down the machine when triggered.
198 | Function killWorkstation()
199 |      oShell.Run "C:\Windows\System32\shutdown.exe /s /f /t 0", 0, false
200 | End Function
201 | 
202 | 'The main logic of the program which makes use of the code and functions above.
203 | Include(Left(appPath, InStrRev(appPath, "Scripts\VBS\")) & "Config\Service_Config.vbs")
204 | 
205 | If isUserAdmin = TRUE Then
206 |   clearCache()
207 |   If verifyPerimiterFiles = FALSE Then
208 |     createLog("The machine " & strComputerName & " has been disabled due to potential ransomware activity!")
209 |     createEmail()
210 |     sendEmail()
211 |     killWorkstation()
212 |   End If
213 | Else
214 |   restartAsAdmin()
215 | End If
216 | 


--------------------------------------------------------------------------------
/Scripts/VBS/Restart.vbs:
--------------------------------------------------------------------------------
 1 | 'HR-AV Desktop Antivirus
 2 | 'https://github.com/zelon88/HR-AV
 3 | 'https://github.com/zelon88
 4 | 
 5 | 'Author: Justin Grimes
 6 | 'Date: 8/29/2019
 7 | '<3 Open-Source
 8 | 
 9 | 'Unless Otherwise Noted, The Code Contained In This Repository Is Licensed Under GNU GPLv3
10 | 'https://www.gnu.org/licenses/gpl-3.0.html
11 | 
12 | 'This file is used during initial application setup to restart the application in an orderly fashion.
13 | 'This file can also be run to kill running HR-AV instances and start fresh ones.
14 | 
15 | Option Explicit
16 | 
17 | Dim objShell, cProcessList, oWMISrvc, dProcess, sCommLine, fullScriptName
18 | 
19 | Set objShell = CreateObject("WScript.Shell")
20 | Set oWMISrvc = GetObject("winmgmts:")
21 | Set cProcessList = oWMISrvc.ExecQuery("select * from win32_process where Name = 'HR-AV'")
22 | 
23 | 'Scan for and kill any running instances of the script.
24 | For Each dProcess in cProcessList
25 |   sCommLine = Trim(LCase(dProcess.CommandLine))
26 |   If InStr(sCommLine, "HR-AV") >= 0 Then
27 |     dProcess.Terminate()
28 |   End If
29 | Next
30 | 
31 | 'Communicate our intentions to the user, then wait 10 seconds before restarting the script in Program Files.
32 | MsgBox "The application will restart in 10 seconds.", 0, "HR-AV- Installation Wizard"
33 | Wscript.Sleep 10000
34 | objShell.Run """C:\Program Files\HR-AV\HR-AV.hta""", 1, FALSE


--------------------------------------------------------------------------------
/Scripts/VBS/Settings-Core.vbs:
--------------------------------------------------------------------------------
 1 | 'HR-AV Desktop Antivirus
 2 | 'https://github.com/zelon88/HR-AV
 3 | 'https://github.com/zelon88
 4 | 
 5 | 'Author: Justin Grimes
 6 | 'Date: 8/23/2019
 7 | '<3 Open-Source
 8 | 
 9 | 'Unless Otherwise Noted, The Code Contained In This Repository Is Licensed Under GNU GPLv3
10 | 'https://www.gnu.org/licenses/gpl-3.0.html
11 | 
12 | 'This file is for saving settings submitted by settings.hta to a specific configuration file. 
13 | 
14 | '--------------------------------------------------
15 | 'Define variables for the session.
16 | Dim setting1, setting2, setting3, setting4, setting1Input, setting2Input, setting3Input, _
17 |  setting4Input, readfile
18 | '--------------------------------------------------
19 | 
20 | '--------------------------------------------------
21 | 'Get submitted setting values from the DOM.
22 | Set setting1Input = document.getElementById("setting1")
23 | Set setting2Input = document.getElementById("setting2")
24 | Set setting3Input = document.getElementById("setting2")
25 | Set setting4Input = document.getElementById("setting4")
26 | '--------------------------------------------------
27 | 
28 | '--------------------------------------------------
29 | 'Set the directory/file locations for the settings.dat files.
30 | setting1 = cacheDirectory & "setting1.dat"
31 | setting2 = cacheDirectory & "setting2.dat"
32 | setting3 = cacheDirectory & "setting3.dat"
33 | setting4 = cacheDirectory & "setting4.dat"
34 | '--------------------------------------------------
35 | 
36 | '--------------------------------------------------
37 | 'Save the new settings to the settings.dat files.
38 | If objFSO.FileExists(setting1) Then
39 |   Set readfile = objFSO.OpenTextFile(setting1, 1)
40 |   If Not readfile.AtEndOfStream Then
41 |     scriptLocSetting = readfile.ReadAll
42 |   End If
43 |   readfile.Close
44 | End If
45 | 
46 | If objFSO.FileExists(setting2) Then
47 |   Set readfile = objFSO.OpenTextFile(setting2, 1)
48 |   If Not readfile.AtEndOfStream Then
49 |     helpLocSetting = readfile.ReadAll
50 |   End If
51 |   readfile.Close
52 | End If
53 | 
54 | If objFSO.FileExists(setting3) Then
55 |   Set readfile = objFSO.OpenTextFile(setting3, 1)
56 |   If Not readfile.AtEndOfStream Then
57 |     maintLocSetting = readfile.ReadAll
58 |   End If
59 |   readfile.Close
60 | End If
61 | 
62 | If objFSO.FileExists(setting4) Then
63 |   Set readfile = objFSO.OpenTextFile(setting4, 1)
64 |   If Not readfile.AtEndOfStream Then
65 |     logLocSetting = readfile.ReadAll
66 |   End If
67 |   readfile.Close
68 | End If
69 | '--------------------------------------------------
70 | 
71 | '--------------------------------------------------
72 | 'Reset the DOM with the newest settings.
73 | setting1Input.value = setting1
74 | setting2Input.value = setting2
75 | setting3Input.value = setting3
76 | setting4Input.value = setting4
77 | '--------------------------------------------------


--------------------------------------------------------------------------------
/Scripts/VBS/Storage_Monitor.vbs:
--------------------------------------------------------------------------------
  1 | 'File Name: Storage_Monitor.vbs
  2 | 'Version: v2.2, 4/26/2019, Add support for -e argument of exclusions.
  3 | 'Author: Justin Grimes, 5/31/2018
  4 | 
  5 | Option Explicit
  6 | Dim inputCache, outputCache, objShell, Result, DiskSet, Disk, oFSO, mailFile, oCacheHandle, iCacheHandle, mFileHandle, Device, strComputerName, outCacheData, inCacheData, inCacheString, _
  7 | outCacheString, strLogFilePath, strSafeDate, strSafeTime, strDateTime, strLogFileName, homeFolder, objLogFile, Alert, pre, fireEmail, outCacheNew, strSessionName, tempFolder, _
  8 | multipleExclusions, excludeCheck, i, exclusions, arg, param1, param2, toEmail, fromEmail, companyAbbreviation, companyName, strDiff, re, installPath, strUserName, exitFlag
  9 | 
 10 | 'Define variables & basic objects for the session.
 11 | fireEmail = False
 12 | Alert = "" 
 13 | pre = "" 
 14 | Device = ""
 15 | exclusions = ""
 16 | Set objShell = Wscript.CreateObject("WScript.Shell")
 17 | Set re = New RegExp
 18 | re.Pattern = "\s+"
 19 | re.Global  = True
 20 | 'Set some handles for disk objects (from WMI) and file system objects.
 21 | Set DiskSet = GetObject("winmgmts:{impersonationLevel=impersonate}").ExecQuery ("select * from Win32_LogicalDisk")
 22 | Set oFSO = CreateObject("Scripting.FileSystemObject")
 23 | Set arg = WScript.Arguments
 24 | Const TemporaryFolder = 2
 25 | Set tempfolder = oFSO.GetSpecialFolder(TemporaryFolder)
 26 | strSessionName = objShell.ExpandEnvironmentStrings("%SESSIONNAME%")
 27 | strUserName = objShell.ExpandEnvironmentStrings("%USERNAME%")
 28 | strComputerName = objShell.ExpandEnvironmentStrings("%COMPUTERNAME%")
 29 | 'Set the initial date information for logfile creation.
 30 | strSafeDate = DatePart("yyyy",Date) & Right("0" & DatePart("m",Date), 2) & Right("0" & DatePart("d",Date), 2)
 31 | strSafeTime = Right("0" & Hour(Now), 2) & Right("0" & Minute(Now), 2) & Right("0" & Second(Now), 2)
 32 | strDateTime = strSafeDate & "-" & strSafeTime
 33 | 'Determine if the script is being run as SYSTEM or a user and set the homeFolder to a writable location.
 34 | homeFolder = objShell.ExpandEnvironmentStrings("%USERPROFILE%")
 35 | If (strUserName = "SYSTEM" Or strSessionName <> "Console") Then
 36 |   homeFolder = tempFolder
 37 | End If
 38 | '----------
 39 | 'The variables within this comment block should be adjusted to your environment.
 40 | installPath = "\\Server\AutomationScripts\Storage_Monitor"
 41 | mailFile = homeFolder & "\Storage_Monitor_Warning.mail"
 42 | inputCache = homeFolder & "\diskCache0.dat"
 43 | outputCache = homeFolder & "\diskCache1.dat"
 44 | strLogFilePath = "\\Server\Logs"
 45 | toEmail = "IT@Company.com"
 46 | fromEmail = "Server@Company.com"
 47 | companyAbbreviation = "Company"
 48 | companyName = "Company Inc."
 49 | strLogFileName = strLogFilePath & "\" & strComputerName & "-" & strDateTime & "-storage_monitor.txt"
 50 | '----------
 51 | 
 52 | 'Retrieve the specified arguments.
 53 | If (arg.Count > 1) Then
 54 |   param1 = arg(0)
 55 |   param2 = arg(1)
 56 | End If
 57 | 
 58 | 'The following code is performed when the -e argument is set to exclude devices.
 59 |   'When using the -e argument you may specify a comma separated list of devices to exclude.
 60 |   'Example: Storage_Montior.vbs -e c,e,f,z
 61 | If (param1 = "-e") Then
 62 |   exclusions = param2
 63 |   multipleExclusions = InStr(1, exclusions, ",", 0)
 64 |   exclusions = Split(exclusions, ",")
 65 | End If
 66 | 
 67 | 'Verify that an output cache exists and create one if it does not.
 68 | Set oCacheHandle = oFSO.CreateTextFile(outputCache, True, False)
 69 | oCacheHandle.Close
 70 | 
 71 | 'Verify that an input cache exists and create one if it does not.
 72 | 'Also sets a handle for writing to the input cache.
 73 | If Not (oFSO.FileExists(inputCache)) Then
 74 |   Set iCacheHandle = oFSO.CreateTextFile(inputCache, True, False)
 75 | End If
 76 | 
 77 | 'A function for running SendMail.
 78 | Function SendEmail() 
 79 |  objShell.run installPath & "\sendmail.exe " & mailFile 
 80 | End Function
 81 | 
 82 | 'A function to create a log file.
 83 | Function CreateLog(strEventInfo)
 84 |   'Reset the logfile information so existing logfiles are not overwritten.
 85 |   strSafeDate = DatePart("yyyy",Date) & Right("0" & DatePart("m",Date), 2) & Right("0" & DatePart("d",Date), 2)
 86 |   strSafeTime = Right("0" & Hour(Now), 2) & Right("0" & Minute(Now), 2) & Right("0" & Second(Now), 2)
 87 |   strDateTime = strSafeDate & "-" & strSafeTime
 88 |   strLogFileName = strLogFilePath & "\" & strComputerName & "-" & strDateTime & "-storage_monitor.txt"
 89 |   If Not (strEventInfo = "") Then
 90 |     Set objLogFile = oFSO.CreateTextFile(strLogFileName, True, False)
 91 |     objLogFile.WriteLine(strEventInfo)
 92 |     objLogFile.Close
 93 |   End If
 94 | End Function
 95 | 
 96 | 'Check each disk for available space.
 97 | For Each Disk In DiskSet
 98 |   'Since VBS doesn't have a decent "Continue" method we need to use a Do While loop instead.
 99 |   Do
100 |     exitFlag = False
101 |     
102 |     'Skip this iteration of the loop if the disk name is in the list of excluded devices.
103 |     If isArray(exclusions) Then
104 |       For i = 0 To UBound(exclusions)
105 |         excludeCheck = InStr(1, LCase(Disk.Name), LCase(exclusions(i)), 0)
106 |         If (excludeCheck > 0) Then
107 |           msgbox excludeCheck
108 |           exitFlag = True
109 |           Exit For
110 |         End If
111 |       Next
112 |     End If
113 |     If (exitFlag = True) Then
114 |       Exit Do
115 |     End If
116 | 
117 |     'Retrieve the drive letter of each device.
118 |     If (Device <> "") Then
119 |       Device = Device & "," & Disk.Name
120 |     Else
121 |       Device = Disk.Name
122 |     End If
123 | 
124 |     'Retrieve the amount of free space on the disk.
125 |     Disk.FreeSpace = Disk.FreeSpace/1024
126 |     Disk.FreeSpace = Disk.FreeSpace/1024
127 |     Result = Disk.FreeSpace/1024
128 | 
129 |     'Prepare delimiters for the list of devices that are low on storage.
130 |     If (Alert = "") Then
131 |       pre = ""
132 |     End If
133 |     If (Alert <> "") Then
134 |       pre = ","
135 |     End If
136 |     'Set the threshold for amount of disk space remaining before a warning email is sent.
137 |     If (Result <= 15) Then
138 |       Alert = Alert & pre & Disk.Name
139 |     End If
140 |   Loop While False
141 | Next
142 | 
143 | 'Rewrite the output cache.
144 | Set oCacheHandle = oFSO.CreateTextFile(outputCache, True, False)
145 | oCacheHandle.WriteLine(Device)
146 | oCacheHandle.Close
147 | 
148 | 'Retrieve the contents of the input cache file.
149 | Set inCacheData = oFSO.OpenTextFile(inputCache, 1)
150 | If Not inCacheData.AtEndOfStream Then
151 |   inCacheString = inCacheData.ReadAll
152 | Else
153 |   inCacheString = ""
154 | End If
155 | inCacheData.Close
156 | 
157 | 'Compare the contents of the two cache files.
158 | Device = Trim(re.Replace(Device, ""))
159 | inCacheString = Trim(re.Replace(inCacheString, ""))
160 | strDiff = StrComp(Device, inCacheString, vbTextCompare)
161 | If (strDiff <> 0) Then
162 |   fireEmail = False
163 | End If
164 | 
165 | 'Retrieve the contents of the output cache file.
166 | Set outCacheData = oFSO.OpenTextFile(outputCache, 1)
167 | outCacheNew = outCacheData.ReadAll
168 | outCacheData.Close
169 | 
170 | 'Regenerate the input cache file with data from the output cache file.
171 | Set inCacheData = oFSO.CreateTextFile(inputCache, True, False)
172 | inCacheData.Write outCacheNew
173 | inCacheData.Close
174 | 
175 | 'Send one email if a storage device is low on space (after all loops have completed).
176 | If (len(Alert) >= 1 And Alert <> False) Then
177 |   Set mFileHandle = oFSO.CreateTextFile(mailFile, True, False)
178 |   mFileHandle.Write "To: "&toEmail&vbNewLine&"From: "&fromEmail&vbNewLine&"Subject: "&companyAbbreviation&" Low Storage Space Warning!!!"&vbNewLine& _
179 |    "This is an automatic email from the "&companyName&" Network to notify you that a storage device is almost full and requires attention."&vbNewLine&vbNewLine& _
180 |    "Please log-in and verify that the equipment listed below has adequate storage space."&vbNewLine&vbNewLine&"IMPACTED DEVICE: "&strComputerName&vbNewLine&"DRIVES: "&Alert& _
181 |    vbNewLine&vbNewLine&"This check was generated by "&strComputerName&" and is performed every 30 minutes."&vbNewLine&vbNewLine&"Script: ""Storage_Monitor.vbs""" 
182 |   mFileHandle.Close
183 |   SendEmail
184 |   CreateLog("The storage devices of " & strComputerName & " are almost full on " & strDateTime & "!" & vbNewLine & vbNewLine & "DRIVES: " & Alert)
185 |   WScript.Sleep 1000
186 | End If
187 | 
188 | 'Send one email if storage configuration has changed (after all loops have completed).
189 | If (fireEmail = True) Then
190 |   Set mFileHandle = oFSO.CreateTextFile(mailFile, True, False)
191 |   mFileHandle.Write "To: "&toEmail&vbNewLine&"From: "&fromEmail&vbNewLine&"Subject: "&companyAbbreviation&" Storage Device Change Warning!!!"&vbNewLine& _
192 |    "This is an automatic email from the "&companyName&" Network to notify you that a storage device configuration has changed and requires attention."&vbNewLine&vbNewLine& _
193 |    "Please log-in and verify that the equipment listed below has it's storage devices configured correctly."&vbNewLine&vbNewLine&"IMPACTED DEVICE: "&strComputerName&vbNewLine&"DRIVES: "&Device& _
194 |    vbNewLine&vbNewLine&"This check was generated by "&strComputerName&" and is performed every 30 minutes."&vbNewLine&vbNewLine&"Script: ""Storage_Monitor.vbs""" 
195 |   mFileHandle.Close
196 |   SendEmail
197 |   CreateLog("The storage configuration on " & strComputerName & " has changed on " & strDateTime & "!" & vbNewLine & vbNewLine & "DRIVES: " & Device)
198 | End If


--------------------------------------------------------------------------------
/Scripts/VBS/Update-Core.vbs:
--------------------------------------------------------------------------------
 1 | 'HR-AV Desktop Antivirus
 2 | 'https://github.com/zelon88/HR-AV
 3 | 'https://github.com/zelon88
 4 | 
 5 | 'Author: Justin Grimes
 6 | 'Date: 8/23/2019
 7 | '<3 Open-Source
 8 | 
 9 | 'Unless Otherwise Noted, The Code Contained In This Repository Is Licensed Under GNU GPLv3
10 | 'https://www.gnu.org/licenses/gpl-3.0.html
11 | 
12 | 'This file is for updating the HR-AV application and it's definition files.
13 | 
14 | Option Explicit
15 | 
16 | Dim xHttp, bStrm
17 | 
18 | Set xHttp = createobject("Microsoft.XMLHTTP")
19 | Set bStrm = createobject("Adodb.Stream")
20 | 
21 | '--------------------------------------------------
22 | Function downloadAppUpdate()
23 |   xHttp.Open "GET", appDownloadURL, False
24 |   xHttp.Send
25 |   With bStrm
26 |     .type = 1 'Binary.
27 |     .open
28 |     .write xHttp.responseBody
29 |     .savetofile tempDirectory & "update.zip", 2 'Overwrite.
30 |   End With
31 | End Function
32 | '--------------------------------------------------
33 | 
34 | '--------------------------------------------------
35 | Function installAppUpdate()
36 | 
37 | End Function
38 | '--------------------------------------------------
39 | 
40 | '--------------------------------------------------
41 | Function cleanAppUpdate()
42 | 
43 | End Function
44 | '--------------------------------------------------
45 | 
46 | '--------------------------------------------------
47 | Function checkAppCompat()
48 | 
49 | End Function
50 | '--------------------------------------------------
51 | 
52 | '--------------------------------------------------
53 | Function downloadDefUpdate()
54 |   xHttp.Open "GET", defDownloadURL, False
55 |   xHttp.Send
56 |   With bStrm
57 |     .type = 1 'Binary.
58 |     .open
59 |     .write xHttp.responseBody
60 |     .savetofile tempDirectory & "defs.zip", 2 'Overwrite.
61 |   End With
62 | End Function
63 | '--------------------------------------------------
64 | 
65 | '--------------------------------------------------
66 | Function installDefUpdate()
67 | 
68 | End Function
69 | '--------------------------------------------------
70 | 
71 | '--------------------------------------------------
72 | Function cleanDefUpdate()
73 | 
74 | End Function
75 | '--------------------------------------------------
76 | 
77 | '--------------------------------------------------
78 | Function checkDefCompat()
79 | 
80 | End Function
81 | '--------------------------------------------------


--------------------------------------------------------------------------------
/Scripts/VBS/Workstation_USB_Monitor.vbs:
--------------------------------------------------------------------------------
  1 | 'HR-AV Desktop Antivirus
  2 | 'https://github.com/zelon88/HR-AV
  3 | 'https://github.com/zelon88
  4 | 
  5 | 'Author: Justin Grimes
  6 | 'Date: 9/19/2019
  7 | '<3 Open-Source
  8 | 
  9 | 'Unless Otherwise Noted, The Code Contained In This Repository Is Licensed Under GNU GPLv3
 10 | 'https://www.gnu.org/licenses/gpl-3.0.html
 11 | 
 12 | 'File Name: Workstation_USB_Monitor.vbs
 13 | 'Version: v1.8, 9/19/2019
 14 | 
 15 | 'This file was modified from https://github.com/zelon88/Workstation_USB_Monitor
 16 | 'For use in the HR-AV application.
 17 | 
 18 | Option Explicit
 19 | dim strComputer, objWMIService, objNet, objFSO, colMonitoredEvents, objShell, wmiServices, wmiDiskDrives, wmiDiskDrive, _
 20 |  query, wmiDiskPartitions, wmiDiskPartition, wmiLogicalDisks, wmiLogicalDisk, return1, return2, objLatestEvent, param1, _
 21 |  param2, param3, param4, param5, usbOnly, silentOnly, arg, userName, hostName, mailFile, mFile, mailData, strComputerName, _
 22 |  resultCounter, strSafeDate, strSafeTime, strDateTime, strLogFilePath, strLogFileName, returnData, objLogFile, emailDisable, _
 23 |  logDisable, strSafeTimeRAW, strSafeTimeDIFF, strSafeTimeLAST, companyName, companyAbbr, fromEmail, toemail, _
 24 |  sendmailPath, logPath companyDomain, objVBSFile, pathToVBS, enableEmail
 25 | 
 26 | 'Define variables for the session
 27 | ' ----------
 28 | 'The "appPath" is the full absolute path for the script directory, with trailing slash.
 29 | appPath = CreateObject("Scripting.FileSystemObject").GetParentFolderName(WScript.ScriptFullName) & "\"
 30 | 'Perform a quick sanity check to be sure the value of "appPath" won't cause problems.
 31 | If appPath = NULL or appPath = FALSE Then
 32 |   appPath = ""
 33 | End If
 34 | sendmailPath =  Left(appPath, InStrRev(appPath, "Scripts\VBS\")) & "Binaries\Sendmail\sendmail.exe "
 35 | logPath = "\\server\Logs" 
 36 | strComputer = "." 
 37 | resultCounter = 0
 38 | param1 = ""
 39 | param2 = ""
 40 | strSafeTimeRAW = 0
 41 | strSafeTimeDIFF = 0
 42 | strSafeTimeLAST = 0
 43 | usbOnly = false
 44 | silentOnly = false
 45 | emailDisable = false
 46 | logDisable = false
 47 | guiDisable = false
 48 | Set objFSO = CreateObject("Scripting.FileSystemObject")
 49 | Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") 
 50 | Set colMonitoredEvents = objWMIService.ExecNotificationQuery("SELECT * FROM __InstanceCreationEvent WITHIN 10 WHERE Targetinstance " & _ 
 51 |  "ISA 'Win32_PNPEntity' and TargetInstance.DeviceId like '%USBStor%'") 
 52 | Set wmiServices = GetObject ("winmgmts:{impersonationLevel=Impersonate}!//" & strComputer)
 53 | Set arg = WScript.Arguments
 54 | Set objNet = CreateObject("Wscript.Network") 
 55 | Set objShell = WScript.CreateObject("WScript.Shell")
 56 | strComputerName = objShell.ExpandEnvironmentStrings("%COMPUTERNAME%")
 57 | userName = objNet.Username 
 58 | hostName = objNet.Computername
 59 | fromEmail = hostName & "@" & companyDomain
 60 | mailFile = Left(appPath, InStrRev(appPath, "Scripts\VBS\")) & "Temp\Workstation_USB_Monitor_Warning.mail"
 61 | 
 62 | 'Execute the Service_Config.vbs configuration script containing required variables.
 63 | 'https://blog.ctglobalservices.com/scripting-development/jgs/include-other-files-in-vbscript/
 64 | Set objVBSFile = objFSO.OpenTextFile(Left(appPath, InStrRev(appPath, "Scripts\VBS\")) & "Config\Service_Config.vbs", 1)
 65 | ExecuteGlobal objVBSFile.ReadAll
 66 | objVBSFile.Close
 67 | objVBSFile = NULL
 68 | 
 69 | 'Retrieve the specified arguments.
 70 | If (arg.Count > 0) Then
 71 |    param1 = arg(0)
 72 | End If
 73 | If (arg.Count > 1) Then
 74 |    param2 = arg(1)
 75 | End If
 76 | If (arg.Count > 2) Then
 77 |    param3 = arg(2)
 78 | End If
 79 | If (arg.Count > 3) Then
 80 |    param4 = arg(3)
 81 | End If
 82 | 
 83 | 'If the -u or --usb arguments are set we only retrieve data for USB storage devices.
 84 | If (param1 = "-u" Or param1 = "--usb") Then
 85 |   usbOnly = TRUE
 86 | End If
 87 | If (param2 = "-u" Or param2 = "--usb") Then
 88 |   usbOnly = TRUE
 89 | End If
 90 | If (param3 = "-u" Or param3 = "--usb") Then
 91 |   usbOnly = TRUE
 92 | End If
 93 | If (param4 = "-u" Or param4 = "--usb") Then
 94 |   usbOnly = TRUE
 95 | End If
 96 | 
 97 | 'If the -e or --email arguments are set we disable the notification email.
 98 | If (param1 = "-e" Or param1 = "--email") Then
 99 |   enableEmail = FALSE
100 | End If
101 | If (param2 = "-e" Or param2 = "--email") Then
102 |   enableEmail = FALSE
103 | End If
104 | If (param3 = "-e" Or param3 = "--email") Then
105 |   enableEmail = FALSE
106 | End If
107 | If (param4 = "-e" Or param4 = "--email") Then
108 |   enableEmail = FALSE
109 | End If
110 | 
111 | 'If the -l or --log arguments are set we disable the logfile.
112 | If (param1 = "-l" Or param1 = "--log") Then
113 |   logDisable = TRUE
114 | End If
115 | If (param2 = "-l" Or param2 = "--log") Then
116 |   logDisable = TRUE
117 | End If
118 | If (param3 = "-l" Or param3 = "--log") Then
119 |   logDisable = TRUE
120 | End If
121 | If (param4 = "-l" Or param4 = "--log") Then
122 |   logDisable = TRUE
123 | End If
124 | 
125 | 'If the -s or --silent arguments are set we disable all echo's within the script.
126 | If (param1 = "-s" Or param1 = "--silent") Then
127 |   silentOnly = TRUE
128 | End If
129 | If (param2 = "-s" Or param2 = "--silent") Then
130 |   silentOnly = TRUE
131 | End If
132 | If (param3 = "-s" Or param3 = "--silent") Then
133 |   silentOnly = TRUE
134 | End If
135 | If (param4 = "-s" Or param4 = "--silent") Then
136 |   silentOnly = TRUE
137 | End If
138 | 
139 | 'A funciton for running SendMail.
140 | Function SendEmail() 
141 |   objShell.run sendmailPath & " " & mailFile
142 | End Function
143 | 
144 | 'Perform the loop that checks for new devices.
145 | Do While True
146 |   Set objLatestEvent = colMonitoredEvents.NextEvent 
147 |   'If USB only is set by the -u or --usb argument we run the top query. If -u or --usb is not set we run the bottom query.
148 |   if (usbOnly = true) Then
149 |     Set wmiDiskDrives = wmiServices.ExecQuery ( "SELECT Caption, DeviceID FROM Win32_DiskDrive WHERE InterfaceType = 'USB'")
150 |   End If
151 |   if (usbOnly = false) Then
152 |     Set wmiDiskDrives = wmiServices.ExecQuery ( "SELECT Caption, DeviceID FROM Win32_DiskDrive")
153 |   End If
154 |   If (resultCounter = 0) Then
155 |     'Use the disk drive device id to find associated information about the device.
156 |     For Each wmiDiskDrive In wmiDiskDrives
157 |       query = "ASSOCIATORS OF {Win32_DiskDrive.DeviceID='" & wmiDiskDrive.DeviceID & "'} WHERE AssocClass = Win32_DiskDriveToDiskPartition"    
158 |       Set wmiDiskPartitions = wmiServices.ExecQuery(query)
159 |       resultCounter = resultCounter + 1
160 |       'Use partition device id to find logical disk.
161 |       For Each wmiDiskPartition In wmiDiskPartitions
162 |         Set wmiLogicalDisks = wmiServices.ExecQuery ("ASSOCIATORS OF {Win32_DiskPartition.DeviceID='" & wmiDiskPartition.DeviceID & _
163 |          "'} WHERE AssocClass = Win32_LogicalDiskToPartition") 
164 |         return1 = ""
165 |         'Build the return data
166 |         For Each wmiLogicalDisk In wmiLogicalDisks
167 |           return1 = "Device Type: " & wmiDiskDrive.Caption & ", " & _
168 |            vbNewLine & "Device ID: " & wmiDiskPartition.DeviceID & ", " & _
169 |            vbNewLine & "Logical Volume: " & wmiLogicalDisk.DeviceID & _
170 |            vbNewLine & vbNewLine
171 |           return2 = return1 & return2
172 |         Next 
173 |       Next
174 |     Next
175 |   End IF
176 |   'Detection starts here and stops here when listening for more devices. (Be careful what goes near here).
177 |   returnData = Notify()
178 |   If (logDisable = false) Then 
179 |     CreateLog returnData, logPath
180 |   End If
181 | Loop
182 | 
183 | 'A function to format the notification email and notify the user.
184 | function Notify()
185 |   If (resultCounter > 0) Then
186 |     resultCounter = resultCounter - 1
187 |   End If
188 |   If (resultCounter = 0) Then
189 |     'Prepare the notification email and popup.
190 |     Set mFile = objFSO.CreateTextFile(mailFile, true, false)  
191 |     mFile.Write "To: " & toEmail & vbNewLine & "From: " & fromEmail & vbNewLine & "Subject: " & companyAbbr & " New Storage Device Connected!!!" & _
192 |      vbNewLine & "This is an automatic email from the " & companyName & " Network to notify you that a new storage device was detected on a domain workstation." & _
193 |      vbNewLine & vbNewLine & _
194 |      "Please review the information below to verify that the connected device is not a threat." & _
195 |      vbNewLine & vbNewLine & _
196 |      "DEVICE DETAILS: " & _
197 |      vbNewLine & vbNewLine & _
198 |      "Workstation: " & hostName & ", " & _
199 |      vbNewLine & "Username: " & userName & ", " & _
200 |      vbNewLine & vbNewLine & "Detected Devices: " & _
201 |      vbNewLine &vbNewLine & return2 & vbNewLine & _
202 |      "This check was generated by " & strComputerName & " and is run in the background upon user logon." & _
203 |      vbNewLine & vbNewLine & _
204 |      "Script: """& companyAbbr & " Workstation_USB_Monitor.vbs""" 
205 |     mFile.Close
206 |     strSafeTime = Right("0" & Hour(Now), 2) & Right("0" & Minute(Now), 2) & Right("0" & Second(Now), 2)
207 |     strSafeTimeRAW = strSafeTime
208 |     strSafeTimeDIFF = strSafeTime - strSafeTimeLAST
209 |     If (enableEmail = TRUE And strSafeTimeDIFF > 3) Then
210 |       SendEmail
211 |     End If
212 |     'Display results if the silent argument is not set.
213 |     If (silentOnly = FALSE And strSafeTimeDIFF > 3) Then
214 |       mailData = "Devices Detected: " & vbNewLine & vbNewLine & return2
215 |       MsgBox mailData, vbOKOnly, "Workstation USB Monitor"
216 |     End If
217 |     'Reset the outputs for the next iteration of the loop above. (MUST BE DONE!!! This was the source of a lot of debugging.)
218 |     Notify = return2
219 |     return2 = ""
220 |     return1 = ""
221 |   End If
222 | End Function
223 | 
224 | 'A function to create a log file.
225 | Function CreateLog(strEventInfo, strLogFilePath)
226 |   If Not (strEventInfo = "") Then
227 |     'Logfile related variables are defined at log creation time for accurate time reporting.
228 |     strSafeDate = DatePart("yyyy",Date) & Right("0" & DatePart("m",Date), 2) & Right("0" & DatePart("d",Date), 2)
229 |     strSafeTime = Right("0" & Hour(Now), 2) & Right("0" & Minute(Now), 2) & Right("0" & Second(Now), 2)
230 |     strSafeTimeRAW = strSafeTime
231 |     strSafeTimeDIFF = strSafeTime - strSafeTimeLAST
232 |     'Some machines with lower performance may create multiple logfiles in rapid succession. This check ensures logs aren't duplicated.
233 |     If (strSafeTimeDIFF > 3) Then
234 |       strDateTime = strSafeDate & "-" & strSafeTime
235 |       strLogFileName = strLogFilePath & "\" & userName & "-" & strDateTime & "-workstation_usb_monitor.txt"
236 |       Set objLogFile = objFSO.CreateTextFile(strLogFileName, true, false)
237 |       objLogFile.WriteLine(strEventInfo)
238 |       objLogFile.Close
239 |     End IF
240 |     strSafeTimeLAST = strSafeTimeRAW
241 |   End If
242 | End Function
243 | 


--------------------------------------------------------------------------------
/Temp/RTP-systemp.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Temp/RTP-systemp.txt


--------------------------------------------------------------------------------
/Temp/systemp.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zelon88/HR-AV/2a378a2008e31256e2c459b8687149af86f790c9/Temp/systemp.txt


--------------------------------------------------------------------------------
/ToDo.txt:
--------------------------------------------------------------------------------
 1 | ToDo  
 2 | 
 3 | 11/7/2019
 4 | 
 5 | Need to modify scancore.php to give it a switch that disables recursion. Then I can use it asynchronouslyto scan one directory level at a time . This will make it easier to manage workers. 
 6 | 
 7 | 
 8 | 8/25/2019
 9 | 
10 | UI IDEAS
11 | Play a sound when job is complete
12 | Play a sound when infection is detected.
13 | Use JS to decide/change href of banner. Green shield, yellow shield, red shield.
14 | Work on implementing settings (work on close to last?)
15 | Make monitors using all kinds of JS
16 | 
17 | 
18 | 
19 | UPDATER/APP IDEAS
20 | Updates from github. 
21 | Make a separate repo for just definition updates
22 | Update definition files only or entire application
23 | Installer is built in to application.
24 | When complete use VBSEdit to compile the entire app to standalone binaries.
25 |   When HR-AV.exe is run it will prompt for admin rights
26 |   With admin rights it will self-extract to %appdata% and run. 
27 |   Prompt user with installation wizard.
28 |   If HR-AV is not installed it will automatically create a folder in ProgramFiles and copy everything there.
29 |   It will then call the newly installed installation.
30 |   The newly installed version will detect if it is in Program Files.
31 |   If the newly installed version is good to go it will delete the %appdata% version.
32 |   Newly installed version now checks for HRAV user as admin. Creates one and a new password.
33 |   New installation now calls itself as HRAV admin using PAExec and created password.
34 |   Create destop/start menu shortcuts.
35 |   New installation now sets up required folders (running as HRAV now, no longer Admin).
36 |   New installation can now be run by anyone on the PC and the UI will run as local user.
37 |   When the UI has to call a function with SYSTEM privs; it uses the HRAV user and password with PAExec.
38 |   Every time HRAV starts it generates a new password via 4 random key generators and ONLY SAVES THE KEYS.
39 |   Stored HRAV password keys are only valid for one session.
40 |   Two users of the same machine cannot use HRAV at the same time. The sesID will change and the password keys will expire.
41 |   Each time the password is needed it is calculated with verifyPassword() from the stored keys.
42 | 
43 | 
44 | 
45 | 
46 | 
47 | SCANNER IDEAS
48 | 
49 | Worker generator in VBS. Async.
50 | Workers call scanning programs.
51 | Workers divide up large file/computer/network scans into smaller jobs, then execute a tool on them.
52 | To scan memory...
53 |   Load windows modules/tasklist/file paths to processes.
54 |   Scan all these things with PHP-AV.
55 | To scan filesystem objects...
56 |   Get a list of files/folders to scan.
57 |   If the list is longer than "#" of items, divide list into "x" number of objects.
58 |   Assign each list to a worker process.
59 |   Parse logfiles with javascript on a timer for real-time detection of IoC.
60 |   Consolidate the logfiles.
61 |   Generate report from logfiles to \Reports\ folder and display scan report.
62 | 
63 | 
64 | 
65 | REAL TIME PROTECTION IDEAS
66 | 
67 | Worker generator in VBS. Async.
68 | Workers call real-time protection programs like RTmemscan and ransomware_defender.
69 | Workers divide up large file/computer/network scans into smaller jobs, then execute a tool on them.
70 | Have a worker constantly check for new logfiles and parse them for IoC.
71 | Real-Time defender manages a schedule for running defense programs on timers.
72 |   Kind of like an internal task scheduler for AV tasks to fire whenever HRAV runs.
73 | Ideas for Real-Time worker programs...
74 |   Networkscanner - Look for new/ suspicious hosts on LAN
75 |   Tracert - Check for too many/unexpected routes.
76 |   MemoryWatcher - Keep an eye on running processes and scope out new ones with scanner.
77 |   RansomwareDefender - DONE
78 |   RegistryWatcher - Watch the registry for suspicious changes (maybe keep a definitions file of known malicious keys?).
79 |   USB_Monitor - DONE (Needs to be ported) (add bad usb monitor, watches for fast USB device switching & ejects/disables device)
80 |   Accessibility_Tools_Defender - DONE (Needs to be ported)
81 | 
82 | 
83 | 
84 | 


--------------------------------------------------------------------------------