|
|
@@ -0,0 +1,54 @@
|
|
|
+using Moonlight.App.Database.Entities;
|
|
|
+using Moonlight.App.Models.Misc;
|
|
|
+using Moonlight.App.Services;
|
|
|
+
|
|
|
+namespace Moonlight.App.MalwareScans;
|
|
|
+
|
|
|
+public class DiscordNukeScan : MalwareScan
|
|
|
+{
|
|
|
+ public override string Name => "Discord nuke";
|
|
|
+ public override string Description => "Discord nuke bot detector";
|
|
|
+ public override async Task<MalwareScanResult?> Scan(Server server, IServiceProvider serviceProvider)
|
|
|
+ {
|
|
|
+ var serverService = serviceProvider.GetRequiredService<ServerService>();
|
|
|
+ var access = await serverService.CreateFileAccess(server, null!);
|
|
|
+
|
|
|
+ var files = await access.Ls();
|
|
|
+ var filteredFiles = files.Where(x =>
|
|
|
+ x.Name.EndsWith(".py") ||
|
|
|
+ x.Name.EndsWith(".js") ||
|
|
|
+ x.Name.EndsWith(".json") ||
|
|
|
+ x.Name.EndsWith(".env"));
|
|
|
+
|
|
|
+ foreach (var file in filteredFiles)
|
|
|
+ {
|
|
|
+ var content = await access.Read(file);
|
|
|
+ var filteredContent = content.ToLower();
|
|
|
+
|
|
|
+ if (filteredContent.Contains("quake") ||
|
|
|
+ filteredContent.Contains("nuked by") ||
|
|
|
+ filteredContent.Contains("nuke bot") ||
|
|
|
+ (filteredContent.Contains("fucked by") && filteredContent.Contains("nuke"))) // fucked by in context with nuke
|
|
|
+ {
|
|
|
+ return new()
|
|
|
+ {
|
|
|
+ Title = "Discord nuke bot",
|
|
|
+ Description = "Found suspicious content which may indicate there is a nuke bot running",
|
|
|
+ Author = "Marcel Baumgartner"
|
|
|
+ };
|
|
|
+ }
|
|
|
+
|
|
|
+ if (files.Any(x => x.Name == "nukes.json"))
|
|
|
+ {
|
|
|
+ return new()
|
|
|
+ {
|
|
|
+ Title = "Discord nuke bot",
|
|
|
+ Description = "Found suspicious content which may indicate there is a nuke bot running",
|
|
|
+ Author = "Marcel Baumgartner"
|
|
|
+ };
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ return null;
|
|
|
+ }
|
|
|
+}
|
Marcel Baumgartner