R

© 2019 maestro

  • אלי רובין

RAM בטוח MALWARE סקריפט אוטומציה לבדיקת

עודכן ב: 23 נוב 2019

הסקריפט הזה מיועד לחיפוש VIRUS בתוח RAM FILE

בשביל שהסקריפט יעבוד תורידו את vol.py כאן

גם אתכם צריכים להוריד TEKDEFENDER

ותקשיבו להורהות וכמובן להפעיל רק על LINUX



#!/bin/bash


tput setaf 1 echo "please input your RAM FILE in this directory"

echo "please input your vol.py in this directory"


echo "please use pwd in this directory"

read name


echo "please give me your name file (ram file)"

read ram

mkdir dumpfiles ;

echo "please use pwd command in the folder dumpfiles and give me the path"

read pwd

echo "please use pwd in the TekDefencefolder"

read take

./vol.py -f $ram imageinfo ;

echo "please take the complete name of the os in the line Suggested Profile the first if is doesn't work the second and if is donsn't work the third"

echo "and give me the full name of the os"

read os


./vol.py -f $ram --profile $os pslist > pslist.txt

echo "this is a processlist"

./vol.py -f $ram --profile $os psscan > psscan.txt

echo "this is steel processlist"

./vol.py -f $ram --profile $os svcscan> service.txt

echo "this is a servicelist"

./vol.py -f $ram --profile $os svcscan > svcscan.txt

echo "this is a commandlist"

./vol.py -f $ram --profile $os console > console.txt

echo "this is a cmdlist"

./vol.py -f $ram --profile $os cmdscan > cmdscan.txt

echo "this is a cmdline "

./vol.py -f $ram --profile $os cmdline > cmdline.txt

echo "this is a REGISTERYfile"

./vol.py -f $ram --profile $os hivelist > hivelist.txt

echo "this is a hashfile"

./vol.py -f $ram --profile $os hashdump > hashdump.txt

echo "this is a lsahash"

./vol.py -f $ram --profile $os lsadump > lsadump.txt

echo "this is a network scan "

./vol.py -f $ram --profile $os netscan > netscan.txt

echo "this is another networkscan"

./vol.py -f $ram --profile $os connections > connection.txt

echo "this is another networkscan "

./vol.py -f $ram --profile $os conscan > conscan.txt

echo "this is a malware test file"

./vol.py -f $ram --profile $os malfind > malfind.txt

echo "this is a REGISTERYFILE"

./vol.py -f $ram --profile $os printkey > printkey.txt

echo "THIS IS A FILEDUMPS ALL THE FILE ON THE RAM"

./vol.py -f $ram --profile $os dumpfiles -D $pwd ;

cd dumpfiles ;

foremost -t all * ;

cd output ;

cd exe ;

md5sum * > hash.txt

cat hash.txt | cut -d " " -f 1 > hash2.txt

cp hash2.txt $take ;

cd $name ;

cd TekDefense-Automater-master ;

for i in $(cat hash2.txt); do python Automater.py $i ; done > virustotal.txt

cp virustotal.txt $name ;








































ליצירת קשר ושירות טכנאי מחשבים בירושלים עד הבית חייגו – 0532104457

23 צפיות