forked from idkwim/BAMF
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathbamfdetect.py
More file actions
executable file
·35 lines (30 loc) · 1.62 KB
/
bamfdetect.py
File metadata and controls
executable file
·35 lines (30 loc) · 1.62 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
#!/usr/bin/env python
import bamfdetect
import json
if __name__ == "__main__":
from argparse import ArgumentParser
parser = ArgumentParser(
prog=__file__,
description="Identifies and extracts information from bots",
version="%(prog)s v" + bamfdetect.get_version() + " by Brian Wallace (@botnet_hunter)",
epilog="%(prog)s v" + bamfdetect.get_version() + " by Brian Wallace (@botnet_hunter)"
)
parser.add_argument('path', metavar='path', type=str, nargs='*', default=None,
help="Paths to files or directories to scan")
parser.add_argument('-d', '--detect', default=False, required=False, action='store_true', help="Only detect files")
parser.add_argument('-r', '--recursive', default=False, required=False, action='store_true',
help="Scan paths recursively")
parser.add_argument('-l', '--list', default=False, required=False, action='store_true',
help='List available modules')
parser.add_argument('-m', '--module', default=None, type=str, action='append', help='Modules to use, if not defined'
'all modules are used')
args = parser.parse_args()
if args.list:
for mod in bamfdetect.get_loaded_modules():
print mod
else:
if args.path is None or len(args.path) == 0:
parser.print_help()
exit()
results = bamfdetect.scan_paths(args.path, args.detect, args.recursive, args.module)
print json.dumps(results, sort_keys=True, indent=4, separators=(',', ': '))