Scan files for malicious code

jsdelivr / bot

DEPRECATED The jerk of a bot that checks PRs and responds in comments

22 stars 14 forks source link

Closed as-com closed 9 years ago

as-com commented 10 years ago

As mentioned in the Gitter chat room...

Here are some ideas to start with:

Scan for domains listed on blacklists (such as this, this, this, this, this or just Google it)
Complain when it detects obfuscated code (eval(function(p,a,c,k,e,r){...}), eval(function(p,a,c,k,e,d){...}), eval(function(w,h,a,t,e,v,e,r){...}) or even just eval(function(...){...}))
Run code through this service

megawac commented 10 years ago

Ya I looked at wepawet at the start of this project. Couldn't get it working and it's too slow. Need a command line tool.

If anyone has any ideas of how to identify domains in a script let me know

as-com commented 10 years ago

Have you looked at this script (graciously provided by Wepawet)? https://gist.github.com/as-com/3ad1fa206d14f32741ce

Also, I don't think there is a need to find all domains in the files. You could just string.find all of the urls in the blacklists.

megawac commented 10 years ago

I think I'm going to punt on this one unless someone else wants to try and get it working

as-com commented 9 years ago

I just tried out VirusTotal on some malicious JavaScript, and the results may be helpful to the bot. It has an api as well.