XSSAMINER — A Study of Install and Trial
I had originally heard of this ‘no online presence’ small toll written in Bash for Linux. Ultimately it reaches a large directory down to one single .php file. It searches for heuristic patterns buried within the php codes; for malware, viruses or other malicious things that don’t make much a difference now. Themes desktop themes online and even the bunch you have stored up in Linux should really be checked. WP is notorious for hosting bad ones and guess where the one I found had its originating folder…WP. So, since there is no good tutos for installation and the only thing available is the source code; I will put this out in hops that some GNU/Linux users will load it. If you got to suspect site, make sure php is disabled from executing. You can download php files without execution, this way you can even check to see of a site has malicious code embedded.
Once you have found some files to scan downloaded, again, you can use the command;
# sudo locate .php . This will output a list of every .php file on your filesystem. This is where you can find some large ‘theme’ directories that have numerous files.
Lets first get the source code and get the application he created. Here is the link to the code that needs to be copied on ~ Github ~, it’s and efficient and effective script from a respected colleague @Brutelogic. Here is a picture of the code that you should have copied at this point and saved in as text editor like gedit, (or whatever your favorite that can keep languages and syntax straight. The link to the file is here: ~ xssaminer ~ .. and I’ve pasted a jpg below from Github so you know exactly what it should look like:
We are very close now! If you haven’t read ahead or just understand how systems and data security plat an enormous role’ especially in today global enterprise, investing and showing signs of a well intertwined global economics. you can play your part in making this world a safer and fiscally secure than we’ve been in over 15yrs.
so open the file you created and save it with the same name, except we are going to put it in the /bin/* folder where it has its direct access to the python resources it needs. Now, go into terminal and navigate to the folder that the newly created file is in. In terminal:
# sudo cd bin/
# sudo chmod 744 xssaminer
# sudo chmod +x xssaminer
Now, you remember where all the php files you found from earlier are still at? Maybe it’s a few here and there but certain web-content will get you a lot client side ‘junk’ and there’s no telling which anyone can do about it…, unless you take preventative precautions similar to myself.
last thing to do unless you find a lot of red, i suppose we’ll have to help get you taken care of. On a Terminal, enter:
# sudo xssaminer /anyfile/dirs/with/*php …..and…enter. Any suspect strings, sinks or malware or threats will be bold red and have the label of the offending file.
Cheers m8s…. /; >