feat: add disable-checksum flag

marcocesarato · marcocesarato · commit ff0bc2e399f6 · 2021-01-11T19:54:35.000+01:00
diff --git a/README.md b/README.md
@@ -169,60 +169,61 @@ Arguments:
 
 Flags:
 
---auto-clean                              - Auto clean code (without confirmation, use with caution)
---auto-clean-line                         - Auto clean line code (without confirmation, use with caution)
---auto-delete                             - Auto delete infected (without confirmation, use with caution)
---auto-prompt <prompt>                    - Set auto prompt command .
-                                            ex. --auto-prompt="delete" or --auto-prompt="1" (alias of auto-delete)
---auto-quarantine                         - Auto quarantine
---auto-skip                               - Auto skip
---auto-whitelist                          - Auto whitelist (if you sure that source isn't compromised)
---backup|-b                               - Make a backup of every touched files
---defs                                    - Get default definitions exploit and functions list
---defs-exploits                           - Get default definitions exploits list
---defs-functions                          - Get default definitions functions lists
---defs-functions-encoded                  - Get default definitions functions encoded lists
---disable-cache|--no-cache                - Disable Cache
---disable-colors|--no-colors|--no-color   - Disable CLI colors
---disable-report|--no-report              - Disable Report
---exploits <exploits>                     - Filter exploits
---filter-paths|--filter-path <paths>      - Filter path/s, for multiple value separate with comma.
-                                            Wildcards are enabled ex. /path/*/htdocs or /path/*.php
---functions <functions>                   - Define functions to search
---help|-h|-?                              - Check only functions and not the exploits
---ignore-paths|--ignore-path <paths>      - Ignore path/s, for multiple value separate with comma.
-                                            Wildcards are enabled ex. /path/*/cache or /path/*.log
---limit <limit>                           - Set file mapping limit
---lite|-l                                 - Running on lite mode help to have less false positive on WordPress and others
-                                            platforms enabling exploits mode and removing some common exploit pattern
---log <path>                              - Write a log file on the specified file path
-                                            [default: ./scanner.log]
---max-filesize <filesize>                 - Set max filesize to scan
-                                            [default: -1]
---offset <offset>                         - Set file mapping offset
---only-exploits|-e                        - Check only exploits and not the functions
---only-functions|-f                       - Check only functions and not the exploits
---only-signatures|-s                      - Check only functions and not the exploits.
-                                            This is recommended for WordPress or others platforms
---path-backups <path>                     - Set backups path directory.
-                                            Is recommended put files outside the public document path
-                                            [default: /scanner-backups/]
---path-logs <path>                        - Set quarantine log file
-                                            [default: ./scanner.log]
---path-quarantine <path>                  - Set quarantine path directory.
-                                            Is recommended put files outside the public document path
-                                            [default: ./scanner-quarantine/]
---path-report <path>                      - Set report log file
-                                            [default: ./scanner-report.html]
---path-whitelist <path>                   - Set whitelist file
-                                            [default: ./scanner-whitelist.json]
---report-format <format>                  - Report format (html|txt)
---report|-r                               - Report scan only mode without check and remove malware (like --auto-skip).
-                                            It also write a report with all malware paths found
---silent                                  - No output and prompt
---update|-u                               - Update to last version
---version|-v                              - Get version number
---whitelist-only-path                     - Check on whitelist only file path and not line number
+--auto-clean                                   - Auto clean code (without confirmation, use with caution)
+--auto-clean-line                              - Auto clean line code (without confirmation, use with caution)
+--auto-delete                                  - Auto delete infected (without confirmation, use with caution)
+--auto-prompt <prompt>                         - Set auto prompt command .
+                                                 ex. --auto-prompt="delete" or --auto-prompt="1" (alias of auto-delete)
+--auto-quarantine                              - Auto quarantine
+--auto-skip                                    - Auto skip
+--auto-whitelist                               - Auto whitelist (if you sure that source isn't compromised)
+--backup|-b                                    - Make a backup of every touched files
+--defs                                         - Get default definitions exploit and functions list
+--defs-exploits                                - Get default definitions exploits list
+--defs-functions                               - Get default definitions functions lists
+--defs-functions-encoded                       - Get default definitions functions encoded lists
+--disable-cache|--no-cache                     - Disable Cache
+--disable-checksum|--no-checksum|--no-verify   - Disable checksum verifying for platforms/framerwoks
+--disable-colors|--no-colors|--no-color        - Disable CLI colors
+--disable-report|--no-report                   - Disable report generation
+--exploits <exploits>                          - Filter exploits
+--filter-paths|--filter-path <paths>           - Filter path/s, for multiple value separate with comma.
+                                                 Wildcards are enabled ex. /path/*/htdocs or /path/*.php
+--functions <functions>                        - Define functions to search
+--help|-h|-?                                   - Check only functions and not the exploits
+--ignore-paths|--ignore-path <paths>           - Ignore path/s, for multiple value separate with comma.
+                                                 Wildcards are enabled ex. /path/*/cache or /path/*.log
+--limit <limit>                                - Set file mapping limit
+--lite|-l                                      - Running on lite mode help to have less false positive on WordPress and others
+                                                 platforms enabling exploits mode and removing some common exploit pattern
+--log <path>                                   - Write a log file on the specified file path
+                                                 [default: ./scanner.log]
+--max-filesize <filesize>                      - Set max filesize to scan
+                                                 [default: -1]
+--offset <offset>                              - Set file mapping offset
+--only-exploits|-e                             - Check only exploits and not the functions
+--only-functions|-f                            - Check only functions and not the exploits
+--only-signatures|-s                           - Check only functions and not the exploits.
+                                                 This is recommended for WordPress or others platforms
+--path-backups <path>                          - Set backups path directory.
+                                                 Is recommended put files outside the public document path
+                                                 [default: /scanner-backups/]
+--path-logs <path>                             - Set quarantine log file
+                                                 [default: ./scanner.log]
+--path-quarantine <path>                       - Set quarantine path directory.
+                                                 Is recommended put files outside the public document path
+                                                 [default: ./scanner-quarantine/]
+--path-report <path>                           - Set report log file
+                                                 [default: ./scanner-report.html]
+--path-whitelist <path>                        - Set whitelist file
+                                                 [default: ./scanner-whitelist.json]
+--report-format <format>                       - Report format (html|txt)
+--report|-r                                    - Report scan only mode without check and remove malware (like --auto-skip).
+                                                 It also write a report with all malware paths found
+--silent                                       - No output and prompt
+--update|-u                                    - Update to last version
+--version|-v                                   - Get version number
+--whitelist-only-path                          - Check on whitelist only file path and not line number
 
 Usage: amwscan [--lite|-a] [--help|-h|-?] [--log|-l <path>] [--backup|-b] [--offset
         <offset>] [--limit <limit>] [--report|-r] [--report-format <format>]
diff --git a/src/Scanner.php b/src/Scanner.php
@@ -318,7 +318,12 @@ public function run($args = null)
             CLI::writeLine('Scanning ' . self::$pathScan, 2);
 
             // Mapping files
-            CLI::writeLine('Mapping and retrieving checksums, please wait...', 2);
+            if (self::isVerifierEnabled()) {
+                CLI::writeLine('Mapping and retrieving checksums, please wait...', 2);
+            } else {
+                CLI::writeLine('Mapping, please wait...', 2);
+            }
+
             $iterator = $this->mapping();
 
             // Counting files
@@ -401,7 +406,8 @@ private function arguments($args = null)
         self::$argv->addFlag('path-report', ['default' => self::$pathReport, 'has_value' => true, 'value_name' => 'path', 'help' => 'Set report log file']);
         self::$argv->addFlag('disable-colors', ['alias' => ['--no-colors', '--no-color'], 'default' => false, 'help' => 'Disable CLI colors']);
         self::$argv->addFlag('disable-cache', ['alias' => '--no-cache', 'default' => false, 'help' => 'Disable Cache']);
-        self::$argv->addFlag('disable-report', ['alias' => '--no-report', 'default' => false, 'help' => 'Disable Report']);
+        self::$argv->addFlag('disable-report', ['alias' => '--no-report', 'default' => false, 'help' => 'Disable report generation']);
+        self::$argv->addFlag('disable-checksum', ['alias' => ['--no-checksum', '--no-verify'], 'default' => false, 'help' => 'Disable checksum verifying for platforms/framerwoks']);
         //self::$argv->addFlag('deobfuscate', ['default' => false, 'help' => 'Deobfuscate directory']);
         self::$argv->addArgument('path', ['var_args' => true, 'default' => self::currentDirectory(), 'help' => 'Define the path of the file or directory to scan']);
         self::$argv->parse($args);
@@ -462,6 +468,9 @@ private function arguments($args = null)
         // Cache
         self::setCache(!self::$argv['disable-cache']);
 
+        // Verifier
+        self::setVerifier(!self::$argv['disable-checksum']);
+
         // Max filesize
         if (isset(self::$argv['max-filesize']) && is_numeric(self::$argv['max-filesize'])) {
             self::setMaxFilesize(self::$argv['max-filesize']);
@@ -767,7 +776,9 @@ public function mapping()
 
                 if (!$ignore &&
                     $cur->isDir()) {
-                    Modules::init($cur->getPath());
+                    if (self::isVerifierEnabled()) {
+                        Modules::init($cur->getPath());
+                    }
 
                     return false;
                 }
@@ -782,21 +793,29 @@ public function mapping()
             $mapped = 0;
             $count = iterator_count($filtered);
 
-            CLI::writeBreak(1);
-            CLI::writeLine('Verifying files checksum...', 2);
+            $iterator = $filtered;
+
+            if (self::isVerifierEnabled()) {
+                unset($iterator);
+
+                CLI::writeBreak(1);
+                CLI::writeLine('Verifying files checksum...', 2);
 
-            foreach ($filtered as $cur) {
-                CLI::progress($mapped++, $count);
-                if ($cur->isFile() && !Modules::isVerified($cur->getPathname())) {
-                    $mapping[] = $cur;
+                foreach ($filtered as $cur) {
+                    CLI::progress($mapped++, $count);
+                    if ($cur->isFile() && !Modules::isVerified($cur->getPathname())) {
+                        $mapping[] = $cur;
+                    }
+                    CLI::progress($mapped, $count);
                 }
-                CLI::progress($mapped, $count);
-            }
-            $iterator = new ArrayObject($mapping);
 
-            CLI::writeBreak(1);
+                $object = new ArrayObject($mapping);
+                $iterator = $object->getIterator();
+
+                CLI::writeBreak(1);
+            }
 
-            return $iterator->getIterator();
+            return $iterator;
         }
 
         $file = new SplFileInfo(self::$pathScan);
@@ -1682,6 +1701,24 @@ public static function isSilentMode()
         return isset(self::$settings['silent']) ? self::$settings['silent'] : false;
     }
 
+    /**
+     * @return self
+     */
+    public static function setVerifier($mode = true)
+    {
+        self::$settings['verifier'] = $mode;
+
+        return new static();
+    }
+
+    /**
+     * @return bool
+     */
+    public static function isVerifierEnabled()
+    {
+        return isset(self::$settings['verifier']) ? self::$settings['verifier'] : true;
+    }
+
     /**
      * @return self
      */
