.

SamJUK · SamJUK · commit 30537fddc9d1 · 2024-07-13T17:59:20.000+01:00
diff --git a/README.md b/README.md
@@ -14,10 +14,15 @@ python -m venv venv
 # Install the requirements
 pip install -r requirements.txt
 
-# Run the check script (to execute against all of our domains)
-./check.bash
+# Run the bulk validator script
+./z_validate sites/example.txt
+./z_validate sites/acme.txt
 
 # Run the POC against a single URL
 ./poc.py -u https://samdjames.uk
+
+# For unpatched sites, run a very BASIC compromised check (dump script srcs)
+# And run a diff against old detected scripts each execution
+./z_compromise_check sites/example.txt
 ```
 
diff --git a/requirements.txt b/requirements.txt
@@ -1,3 +1,4 @@
 fake_useragent
 requests
 rich_click
+beautifulsoup4
diff --git a/scripts.py b/scripts.py
@@ -0,0 +1,15 @@
+#!/usr/bin/env python
+from bs4 import BeautifulSoup
+import requests
+import sys
+
+domain=sys.argv[1]
+print(f"Checking: {domain}")
+
+response = requests.get(domain)
+doc = BeautifulSoup(response.text, features="html.parser")
+
+links = doc.find_all('script', {"src": True})
+for link in links:
+    if link['src'].startswith(domain) == False:
+        print(link['src'])
diff --git a/sites/example.txt b/sites/example.txt
@@ -0,0 +1,2 @@
+https://www.example.com
+https://www.example2.com
diff --git a/z_compromise_check b/z_compromise_check
@@ -0,0 +1,26 @@
+#!/usr/bin/env bash
+
+set -o pipefail
+
+mkdir -p var/scripts
+
+echo "Url Input: $1"
+[[ -z "$1" || ! -f "$1" ]] && echo "[!] Err: Please provide a filepath to the urls" && exit 255
+
+for site in $(cat $1); do
+  FN="var/scripts/$(echo "$site" | md5).txt"
+  TMP=$(mktemp)
+  ./scripts.py $site | tee -a $TMP
+
+  diff $FN $TMP
+
+  if [ "$?" != "0" ]; then
+      echo -e "\033[41m\033[1;37m[!!!!] CHANGE DETECTED\033[0m"
+      # cat $TMP | mail -s "CosmicSting Monitor - Change Detected: $site" example@example.com
+  fi
+
+  rm -f $FN
+  mv $TMP $FN
+  echo ""
+  echo ""
+done
diff --git a/z_validate b/z_validate
@@ -0,0 +1,17 @@
+#!/usr/bin/env bash
+
+set -o pipefail
+
+echo "Url Input: $1"
+[[ -z "$1" || ! -f "$1" ]] && echo "[!] Err: Please provide a filepath to the urls" && exit 255
+
+for site in $(cat $1); do
+  RC="999"
+  echo "Validating: $site"
+  while [ "$RC" != "0" ]; do
+    ./poc.py -f /etc/passwd -u $site 2>/dev/null | tail -n1
+    RC="$?"
+    sleep 2
+  done
+  echo ""
+done

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+https://www.example.com`
	`2`	`+https://www.example2.com`