diff --git a/Moonlight/App/MalwareScans/ProxyScan.cs b/Moonlight/App/MalwareScans/ProxyScan.cs new file mode 100644 index 00000000..f6d26d76 --- /dev/null +++ b/Moonlight/App/MalwareScans/ProxyScan.cs @@ -0,0 +1,36 @@ +using Moonlight.App.Database.Entities; +using Moonlight.App.Models.Misc; +using Moonlight.App.Services; + +namespace Moonlight.App.MalwareScans; + +public class ProxyScan : MalwareScan +{ + public override string Name => "Proxy software"; + public override string Description => "Software to use nodes as a proxy"; + public override async Task Scan(Server server, IServiceProvider serviceProvider) + { + var serverService = serviceProvider.GetRequiredService(); + var access = await serverService.CreateFileAccess(server, null!); + + var files = await access.Ls(); + + foreach (var file in files.Where(x => x.Name.EndsWith(".sh"))) + { + var fileContent = await access.Read(file); + var processableContent = fileContent.ToLower(); + + if (processableContent.Contains("t-e-s-tweb")) + { + return new MalwareScanResult() + { + Title = "Proxy software", + Description = "Software to use nodes as a proxy", + Author = "Marcel Baumgartner" + }; + } + } + + return null; + } +} \ No newline at end of file diff --git a/Moonlight/App/Services/MalwareScanService.cs b/Moonlight/App/Services/MalwareScanService.cs index 3674cdd0..999f0070 100644 --- a/Moonlight/App/Services/MalwareScanService.cs +++ b/Moonlight/App/Services/MalwareScanService.cs @@ -24,7 +24,8 @@ public class MalwareScanService new MinerJarScan(), new SelfBotCodeScan(), new FakePlayerPluginScan(), - new MinerScan() + new MinerScan(), + new ProxyScan() }; var scans = await PluginService.BuildMalwareScans(defaultScans.ToArray());