From f2787b5c7553403a0a27447ae0e2fdaf24136173 Mon Sep 17 00:00:00 2001 From: Sam Sneed <163201376+sam-sneed@users.noreply.github.com> Date: Wed, 24 Jul 2024 15:37:11 -0500 Subject: [PATCH] Create main.py --- main.py | 175 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 175 insertions(+) create mode 100644 main.py diff --git a/main.py b/main.py new file mode 100644 index 0000000..d3bfd48 --- /dev/null +++ b/main.py @@ -0,0 +1,175 @@ +import os +import time +import psutil +import subprocess +import threading +from watchdog.observers import Observer +from watchdog.events import FileSystemEventHandler +from selenium import webdriver +from selenium.webdriver.common.desired_capabilities import DesiredCapabilities +from pathlib import Path + +# Monitored URLs +monitored_urls = [ + "https://discord.com", + "https://discordapp.com", + "https://google.com", + "https://mail.google.com", + "https://play.google.com", + "https://drive.google.com", + "https://minecraft.net", + "https://github.com", + "https://roblox.com", + "https://microsoft.com", + "https://hotmail.com" +] + +# Folders to monitor +def get_folders_to_monitor(): + folders = [] + + # Common user directories + user_dirs = ['Downloads', 'Documents', 'Pictures', 'Videos'] + for d in user_dirs: + user_folder = Path.home() / d + if user_folder.exists(): + folders.append(str(user_folder)) + + # System directories + if os.name == 'nt': # Windows + system_dirs = [ + 'C:\\Program Files', 'C:\\Windows', 'C:\\Program Files (x86)' + ] + else: # Unix-like (Linux, macOS) + system_dirs = [ + '/usr/bin', '/bin', '/usr/sbin' + ] + + folders.extend(system_dirs) + return folders + +# Load bypassed processes +def load_bypassed_processes(): + bypassed = set() + if os.path.exists("bypassed.txt"): + with open("bypassed.txt", "r") as f: + for line in f: + bypassed.add(line.strip().lower()) + return bypassed + +# File System Monitoring +class MonitorHandler(FileSystemEventHandler): + def on_modified(self, event): + if event.src_path.endswith(('.doc', '.docx', '.png', '.pdf')): + print(f'Alert: {event.src_path} was modified!') + + # Kill process modifying the file + for proc in psutil.process_iter(['pid', 'name', 'open_files']): + if any(file.path == event.src_path for file in proc.info['open_files']): + if proc.info['name'].lower() not in bypassed_processes: + print(f'Alert: Killing suspicious process {proc.info["name"]} (PID: {proc.info["pid"]})') + proc.terminate() + proc.wait() + +def start_file_system_monitor(): + observer = Observer() + event_handler = MonitorHandler() + for folder in get_folders_to_monitor(): + observer.schedule(event_handler, path=folder, recursive=True) + observer.start() + try: + while True: + time.sleep(1) + except KeyboardInterrupt: + observer.stop() + observer.join() + +# Network Activity Monitoring +def monitor_network(): + while True: + connections = psutil.net_connections() + for conn in connections: + if conn.raddr and conn.raddr.port in [25, 587, 6667]: # SMTP, IRC ports + print(f'Alert: Suspicious network activity detected: {conn}') + + # Kill process involved in suspicious network activity + for proc in psutil.process_iter(['pid', 'name', 'connections']): + if any(conn.raddr and conn.raddr.port in [25, 587, 6667] for conn in proc.info['connections']): + if proc.info['name'].lower() not in bypassed_processes: + print(f'Alert: Killing suspicious process {proc.info["name"]} (PID: {proc.info["pid"]})') + proc.terminate() + proc.wait() + time.sleep(1) + +# Access Control and Sandboxing +def restrict_permissions_unix(): + important_files = [str(Path.home() / d / '*') for d in ['Downloads', 'Documents', 'Pictures', 'Videos']] + for file in important_files: + subprocess.run(['chmod', 'o-rwx', file]) + subprocess.run(['chattr', '+i', file]) + +def restrict_permissions_windows(): + import win32api + import win32security + import ntsecuritycon as con + + important_files = [str(Path.home() / d / '*') for d in ['Downloads', 'Documents', 'Pictures', 'Videos']] + for file in important_files: + sd = win32security.GetFileSecurity(file, win32security.DACL_SECURITY_INFORMATION) + dacl = sd.GetSecurityDescriptorDacl() + user, domain, type = win32security.LookupAccountName("", "Everyone") + dacl.AddAccessDeniedAce(win32security.ACL_REVISION, con.FILE_ALL_ACCESS, user) + sd.SetSecurityDescriptorDacl(1, dacl, 0) + win32security.SetFileSecurity(file, win32security.DACL_SECURITY_INFORMATION, sd) + +if os.name != 'nt': + restrict_permissions_unix() +else: + restrict_permissions_windows() + +# Detecting and Preventing Cookie and Token Theft (Chrome and Firefox) +def monitor_browser(browser='chrome'): + if browser == 'chrome': + caps = DesiredCapabilities.CHROME + caps['goog:loggingPrefs'] = {'performance': 'ALL'} + driver = webdriver.Chrome(desired_capabilities=caps) + elif browser == 'firefox': + caps = DesiredCapabilities.FIREFOX.copy() + caps['loggingPrefs'] = {'performance': 'ALL'} + driver = webdriver.Firefox(desired_capabilities=caps) + else: + raise ValueError("Unsupported browser!") + + while True: + logs = driver.get_log('performance') + for entry in logs: + for url in monitored_urls: + if url in entry['message']: + print(f'Alert: Potential cookie or token theft attempt detected on {url}!') + + # Kill process involved in suspicious browser activity + for proc in psutil.process_iter(['pid', 'name', 'connections']): + if any(url in conn.raddr for conn in proc.info['connections']): + if proc.info['name'].lower() not in bypassed_processes: + print(f'Alert: Killing suspicious process {proc.info["name"]} (PID: {proc.info["pid"]})') + proc.terminate() + proc.wait() + time.sleep(1) + driver.quit() + +# Load bypassed processes +bypassed_processes = load_bypassed_processes() + +# Start Monitoring in Threads +threads = [ + threading.Thread(target=start_file_system_monitor), + threading.Thread(target=monitor_network), + threading.Thread(target=monitor_browser, args=('chrome',)), + threading.Thread(target=monitor_browser, args=('firefox',)) +] + +for thread in threads: + thread.start() + +for thread in threads: + thread.join()