Posted on Tuesday, 10th April 2012 by Michael
Back in the spring of 2011 I wrote an addon script to the application iScanner to help automate the process of checking a full website and not just individual pages. Though over time the ruby programing language has grown and changed a lot to the point that the gems my old script relied on are no longer useable in newer version of ruby.
If it wasn’t for Karen Carter and her research project on iScanner and iScan I would probably never even know there was an issue as I have not visited this code in some time like most things I post about. It is not that I was no longer interested in adding to it or learning how to detect malicious codes in site it was just a matter of time. She contacted me via the site and explained she had an issue using iScan after reviewing her error and reproducing it, I found the issue that I stated above. The recent ruby upgrades made the gem I was using no longer useable.
Though I was not able to rewrite the full code for Karen prior to her presentation I have been able to write a 2.0 beta using faster crawling and scanning. However in the beta reporting is still not great. All results are saved to results.txt and you can use that file to reference the infected files reports and site scan reports, once done make sure to clean up to save space.
To use the new code you will need ruby and the anemone gem installed. Once you have those items you can run the program by typing ruby iscan.rb. You will be prompted for the domain to crawl. Enter the domain and hit enter.
To download the iScan 2.0 beta go to: http://www.digitaloffensive.com/files/iscan2.rb
To read my original write up on this subject go to: http://www.digitaloffensive.com/2011/03/detecting-malicious-code-in-webpages-iscanner-and-iscan-script/
To learn more about iScanner go to: http://iscanner.isecur1ty.org/
To see Karen’s well detailed and educational video on how to use iScanner and iScan go to: http://youtu.be/gxslbpS0R2k
Any questions or concerns feel free to post them below.
Posted in Code | Comments (0)