Update main.py

This commit is contained in:
Sam Sneed 2024-07-24 16:57:12 -05:00 committed by GitHub
parent a2bf651d94
commit 56ad3df8cf
No known key found for this signature in database
GPG key ID: B5690EEEBB952194

55
main.py
View file

@ -8,7 +8,10 @@ import winreg
from watchdog.observers import Observer from watchdog.observers import Observer
from watchdog.events import FileSystemEventHandler from watchdog.events import FileSystemEventHandler
from selenium import webdriver from selenium import webdriver
from selenium.webdriver.common.desired_capabilities import DesiredCapabilities from selenium.webdriver.chrome.service import Service as ChromeService
from selenium.webdriver.chrome.options import Options as ChromeOptions
from selenium.webdriver.firefox.service import Service as FirefoxService
from selenium.webdriver.firefox.options import Options as FirefoxOptions
from pathlib import Path from pathlib import Path
import requests import requests
import certifi import certifi
@ -92,21 +95,18 @@ class SuspiciousFileHandler(FileSystemEventHandler):
def on_any_event(self, event): def on_any_event(self, event):
if event.event_type in ['created', 'modified', 'deleted']: if event.event_type in ['created', 'modified', 'deleted']:
file_owner = get_file_owner(event.src_path) file_owner = get_file_owner(event.src_path)
current_user = win32security.GetUserName() current_user = getpass.getuser() # Get current user
if file_owner.lower() not in [current_user.lower(), "trustedinstaller"]: if file_owner.lower() not in [current_user.lower(), "trustedinstaller", "unknown"]:
print(f"Suspicious file operation: {event.event_type} {event.src_path} by {file_owner}") print(f"Suspicious file operation: {event.event_type} {event.src_path} by {file_owner}")
def get_file_owner(file_path): def get_file_owner(file_path):
try: try:
# On Windows, use the current users name if os.name == 'nt': # Windows
if os.name == 'nt':
import win32security
sd = win32security.GetFileSecurity(file_path, win32security.OWNER_SECURITY_INFORMATION) sd = win32security.GetFileSecurity(file_path, win32security.OWNER_SECURITY_INFORMATION)
owner_sid = sd.GetSecurityDescriptorOwner() owner_sid = sd.GetSecurityDescriptorOwner()
owner, _ = win32security.LookupAccountSid(None, owner_sid) owner, _ = win32security.LookupAccountSid(None, owner_sid)
return owner return owner
else: else: # Unix-like systems
# On Unix-like systems, use the owner of the file
import pwd import pwd
file_stat = os.stat(file_path) file_stat = os.stat(file_path)
return pwd.getpwuid(file_stat.st_uid).pw_name return pwd.getpwuid(file_stat.st_uid).pw_name
@ -181,19 +181,19 @@ def kill_suspicious_processes():
# Monitor Registry Changes (Windows) # Monitor Registry Changes (Windows)
def monitor_registry_changes(): def monitor_registry_changes():
reg_path = r"Software\Microsoft\Windows\CurrentVersion" reg_path = r"Software\Microsoft\Windows\CurrentVersion"
registry_key = winreg.OpenKey(winreg.HKEY_CURRENT_USER, reg_path, 0, winreg.KEY_READ) try:
registry_key = winreg.OpenKey(winreg.HKEY_CURRENT_USER, reg_path, 0, winreg.KEY_READ)
while True:
try:
for i in range(winreg.QueryInfoKey(registry_key)[1]): # Number of subkeys
subkey_name = winreg.EnumKey(registry_key, i)
print(f"Registry subkey detected: {subkey_name}")
while True: time.sleep(10)
try: except WindowsError as e:
for i in range(winreg.QueryInfoKey(registry_key)[1]): # Number of subkeys print(f"Registry monitoring error: {e}")
subkey_name = winreg.EnumKey(registry_key, i) finally:
print(f"Registry subkey detected: {subkey_name}") winreg.CloseKey(registry_key)
time.sleep(10)
except WindowsError as e:
print(f"Registry monitoring error: {e}")
winreg.CloseKey(registry_key)
# Verify TLS Certificates # Verify TLS Certificates
def verify_tls_cert(url): def verify_tls_cert(url):
@ -217,13 +217,16 @@ def monitor_tls_certificates():
# Detecting Suspicious Browser Activity # Detecting Suspicious Browser Activity
def monitor_browser(browser='chrome'): def monitor_browser(browser='chrome'):
if browser == 'chrome': if browser == 'chrome':
caps = DesiredCapabilities.CHROME chrome_options = ChromeOptions()
caps['goog:loggingPrefs'] = {'performance': 'ALL'} chrome_options.add_argument('--enable-logging')
driver = webdriver.Chrome(desired_capabilities=caps) chrome_options.add_argument('--v=1')
service = ChromeService()
driver = webdriver.Chrome(service=service, options=chrome_options)
elif browser == 'firefox': elif browser == 'firefox':
caps = DesiredCapabilities.FIREFOX.copy() firefox_options = FirefoxOptions()
caps['loggingPrefs'] = {'performance': 'ALL'} firefox_options.log.level = "TRACE"
driver = webdriver.Firefox(desired_capabilities=caps) service = FirefoxService()
driver = webdriver.Firefox(service=service, options=firefox_options)
else: else:
raise ValueError("Unsupported browser!") raise ValueError("Unsupported browser!")