| Current Path : /storage/v11800/affypharma/public_html/wp-content/plugins/quttera-web-malware-scanner/ |
Linux v11800 5.3.0-1023-aws #25~18.04.1-Ubuntu SMP Fri Jun 5 15:19:18 UTC 2020 aarch64
|
| Current File : /storage/v11800/affypharma/public_html/wp-content/plugins/quttera-web-malware-scanner/admin_script.php |
<script type="text/javascript">
var last_log_line = 0;
var initial_load = true;
var log_lines = Array();
var max_log_lines = 100;
jQuery(document).ready(function($) {
$.ajaxSetup({
type: 'POST',
url: ajaxurl, /* predefined WP value */
complete: function(xhr,status) {
if ( status != 'success' ) {
//alert("Failed to communicate with WP");
}
}
});
/*
$('#run-scanner').click( function() {
var url = $('#url_name').val();
var qtr_srv_name = $('#qtr_srv_name').val();
$.ajaxSetup({
type: 'POST',
url: ajaxurl, // predefined WP value
complete: function(xhr,status) {
if ( status != 'success' ) {
//alert("Failed to communicate with WP");
}
}
});
run_scan(url,qtr_srv_name);
$('#run-scanner').hide();
return false;
});*/
$('#run-internal-scanner').click( function() {
//alert("run-internal-scan clicked");
clean_log();
run_internal_scan( 0 );
//$('#run-internal-scanner').hide();
return false;
});
$('#clean-log').click( function() {
clean_log();
});
$('#stop-internal-scanner').click( function() {
console.log("stop_internal_scan");
jQuery.ajax({
data: {
action: 'scanner-stop_internal_scan',
},
success: function(r) {
log("INFO", "Termination sent successfully");
log("INFO", r );
console.log(r);
}//end of success function
});
});
/*
* Hook to catch bootstrap tabs switching
*/
$('a[data-toggle="tab"]').on('shown.bs.tab', function(e){
var currentTab = $(e.target).text(); // get current tab
var LastTab = $(e.relatedTarget).text(); // get last tab
//alert(currentTab);
if( currentTab.indexOf("Detected") >= 0 ){
console.log("Detected Threats");
get_detected_threats();
}else if( currentTab.indexOf("Summary") >= 0 ){
//alert("Summary");
UpdateStatus();
}else if( currentTab.indexOf("Ignored") >= 0 ){
//alert("Ignored Threats");
get_ignored_list();
}
});
$('#clean-ignore-list').click( function() {
console.log("clean-ignore-list");
jQuery.ajax({
data: {
action: 'scanner-clean_ignore_list',
},
success: function(r) {
log("INFO", "Ignore list cleaned successfully");
log("INFO", r );
console.log(r);
/*
* refresh list of detect threat and restore all threats removed from ignore list
*/
get_detected_threats();
}//end of success function
});
});
$('#clean-files-white-list').click( function() {
console.log("clean-files-white-list");
jQuery.ajax({
data: {
action: 'scanner-clean_files_whitelist',
},
success: function(r) {
log("INFO", "Files whitellist cleaned successfully");
log("INFO", r );
console.log(r);
/*
* refresh list of detect threat and restore all threats removed from ignore list
*/
get_detected_threats();
}//end of success function
});
});
$('#clean-threats-white-list').click( function() {
console.log("clean-threats-white-list");
jQuery.ajax({
data: {
action: 'scanner-clean_threats_whitelist',
},
success: function(r) {
log("INFO", "Threats whitellist cleaned successfully");
log("INFO", r );
console.log(r);
/*
* refresh list of detect threat and restore all threats removed from ignore list
*/
get_detected_threats();
}//end of success function
});
});
/*
* Clean last log line to retrieve an entire log
*/
last_log_line = 0;
/*
* retrieve log and execution statistics
*/
UpdateStatus();
/*
* Show the hidden pane
*/
$('#progress-pane').show();
});
function UpdateStatus( ){
update_logs( );
get_stats();
setTimeout( UpdateStatus, 1000 );
}
/*
* URL validation procedure
*/
/*
function validateURL(textval) {
var urlregex = new RegExp(
"^(http|https|ftp)\://([a-zA-Z0-9\.\-]+(\:[a-zA-Z0-9\.&%\$\-]+)*@)*((25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[1-9])\.(25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[1-9]|0)\.(25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[1-9]|0)\.(25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[0-9])|([a-zA-Z0-9\-]+\.)*[a-zA-Z0-9\-]+\.(com|edu|gov|int|mil|net|org|biz|arpa|info|name|pro|aero|coop|museum|[a-zA-Z]{2,12}))(\:[0-9]+)*(/($|[a-zA-Z0-9\.\,\?\'\\\+&%\$#\=~_\-]+))*$");
return urlregex.test(textval);
}*/
/*
* Domain validation procedure
*/
/*
function validateDomain(domain) {
//var re = new RegExp(/^[a-zA-Z0-9][a-zA-Z0-9-_]{0,61}[a-zA-Z0-9]{0,1}\.([a-zA-Z]{1,6}|[a-zA-Z0-9-]{1,30}\.[a-zA-Z]{2,10})$/);
var d = domain.trim();
var re = new RegExp(/^(www\.)?([a-zA-Z0-9][a-zA-Z0-9-_]{0,45}[a-zA-Z0-9]\.)+[a-zA-Z]{2,10}$/);
return d.match(re);
}*/
/*
function scroll_log($)
{
$("#log").animate({ scrollTop: $("#log")[0].scrollHeight - $("#log").height() });
}*/
function clean_log( )
{
console.log("clean_log called");
document.getElementById("log").value = "";
last_log_line = 0;
jQuery.ajax({
data: {
action: 'scanner-clean_log',
},
success: function(r) {
//console.log(r);
}
});
setTimeout( UpdateStatus, 1000 );
}
function update_logs ( )
{
console.log("update_logs");
jQuery.ajax({
data: {
action: 'scanner-get_log_lines',
start_line: last_log_line,
},
success: function(r) {
//console.log(r);
//alert(r);
//return;
//
var log_lines = jQuery.parseJSON(r);
if( !Array.isArray(log_lines) ){
console.log ("Invalid input: " + log_lines );
return;
}
if( log_lines )
{
for( var i = 0 ; i < log_lines.length ; i++ )
{
var index = 0;
var severity = null;
var message = null;
if( log_lines[i].length >=1 ){
index = log_lines[i][0];
}
if( log_lines[i].length >= 2 ){
severity = log_lines[i][1];
}
if( log_lines[i].length >= 3 ){
message = log_lines[i][2];
}
//alert(message);
if( index > last_log_line )
{
log(severity,message);
last_log_line = index;
}
}
}
}//end of success function
});
}
function get_stats ( )
{
jQuery.ajax({
data: {
action: 'scanner-get_stats',
},
success: function(r) {
var counters = jQuery.parseJSON(r);
update_stats( counters );
}//end of success function
});
}
function get_detected_threats ( )
{
jQuery.ajax({
data: {
action: 'scanner-get_detected_threats',
},
success: function(r)
{
var threats = jQuery.parseJSON(r);
if( Array.isArray(threats) ){
clean_detected_threats_list();
threats_to_show = 100;
if( threats_to_show > threats.length ){
threats_to_show = threats.length;
}
if( threats_to_show != 0 )
{
for(var i = 0; i < threats_to_show; i++ )
{
append_detected_threats_report( threats[i] );
}
}
else
{
console.log("Threats arry is clean");
show_empty_threats_report();
}
//
}else{
console.log("Retrieved invalid output: " + r);
}
}//end of success function
});
}
function show_empty_threats_report ( )
{
document.getElementById("detected_threats_report").innerHTML = "<center><p>No entries have been found</p></center>";
}
function clean_detected_threats_list ( )
{
document.getElementById("detected_threats_report").innerHTML = "";
}
function append_detected_threats_report( report )
{
var alert_type = "alert alert-info";
var severity = report["SEVERITY"].toLowerCase();
if( severity.indexOf("malicious") >= 0 ){
alert_type = "alert alert-danger";
}else if( severity.indexOf("susp") >= 0 ){
alert_type = "alert alert-warning";
}
var threat = report["THREAT"].substr(0,20);
var filename = strip_file_path(report["FILE"],60);
var file_md5 = report["FILE_MD5"];
var threat_sig = report["THREAT_SIG"];
document.getElementById("detected_threats_report").innerHTML +=
"</br>\n" +
"<div class='" + alert_type + "'>\n"+
"<table class='table'>\n" +
"<tr><td>Severity: </td><td> " + report["SEVERITY"] + "</td></tr>\n" +
"<tr><td>File: </td><td> " + filename + "</td></tr>\n" +
"<tr><td>File signature: </td><td> " + report["FILE_MD5"] + "</td></tr>\n" +
"<tr><td>Threat signature: </td><td> " + report["THREAT_SIG"] + "</td></tr>\n" +
"<tr><td>Threat name: </td><td> " + report["THREAT_NAME"] + "</td></tr>\n" +
"<tr><td>Threat: </td><td> " + threat + "</td></tr>\n" +
"<tr><td>Details: </td><td> " + report["DETAILS"] + "</td></tr>\n" +
"</table>\n" +
"<div class='btn-group btn-group-xs'>\n" +
"<button type='button' class='btn btn-primary' onclick='add_to_ignore_list(\"" + file_md5 + "\",\"" + threat_sig + "\")'>Ignore Threat</button>\n" +
"<button type='button' class='btn btn-primary' onclick='whitelist_file(\"" + file_md5 + "\")'>WhiteList File</button>\n" +
"<button type='button' class='btn btn-primary' onclick='whitelist_threat(\"" + file_md5 + "\",\"" + threat_sig + "\")'>Not a Threat</button>\n" +
"</div>\n";
"</div>\n";
}
function append_ignored_threats_report( report )
{
var alert_type = "alert alert-info";
var severity = report["SEVERITY"].toLowerCase();
if( severity.indexOf("malicious") >= 0 ){
alert_type = "alert alert-danger";
}else if( severity.indexOf("susp") >= 0 ){
alert_type = "alert alert-warning";
}
var threat = report["THREAT"].substr(0,20);
var filename = strip_file_path(report["FILE"],60);
var file_md5 = report["FILE_MD5"];
var threat_sig = report["THREAT_SIG"];
document.getElementById("ignored_threats_report").innerHTML +=
"</br>\n" +
"<div class='" + alert_type + "'>\n"+
"<table class='table'>\n" +
"<tr><td>Severity: </td><td> " + report["SEVERITY"] + "</td></tr>\n" +
"<tr><td>File: </td><td> " + filename + "</td></tr>\n" +
"<tr><td>File signature: </td><td> " + report["FILE_MD5"] + "</td></tr>\n" +
"<tr><td>Threat signature: </td><td> " + report["THREAT_SIG"] + "</td></tr>\n" +
"<tr><td>Threat name: </td><td> " + report["THREAT_NAME"] + "</td></tr>\n" +
"<tr><td>Threat: </td><td> " + threat + "</td></tr>\n" +
"<tr><td>Details: </td><td> " + report["DETAILS"] + "</td></tr>\n" +
"</table>\n" +
"<div class='btn-group btn-group-xs'>\n" +
"<button type='button' class='btn btn-primary' onclick='remove_from_ignore_list(\"" + file_md5 + "\",\"" + threat_sig + "\")'>Remove from Ignore List</button>\n" +
"</div>\n";
"</div>\n";
}
function get_ignored_list ( )
{
console.log("get_ignored_list");
jQuery.ajax({
data: {
action: 'scanner-get_ignored_threats',
},
success: function(r) {
//console.log(r);
var threats = jQuery.parseJSON(r);
if( Array.isArray(threats) ){
clean_ignored_threats_list();
threats_to_show = 100;
if( threats_to_show > threats.length ){
threats_to_show = threats.length;
}
if( threats_to_show != 0 )
{
for(var i = 0; i < threats_to_show; i++ )
{
append_ignored_threats_report( threats[i] );
}
}
else
{
console.log("Ignored list is clean");
show_empty_ignored_list();
}
}else{
console.log("Retrieved invalid output: " + r);
}
}//end of success function
});
}
function whitelist_file( file_sig )
{
jQuery.ajax({
data: {
action: 'scanner-whitelist_file',
FILE_MD5: file_sig,
},
success: function(r) {
console.log(r);
console.log("whitelist_file operation succeeded");
get_detected_threats ( );
}//end of success function
});
}
function whitelist_threat(file,threat)
{
jQuery.ajax({
data: {
action: 'scanner-whitelist_threat',
FILE_MD5: file,
THREAT_SIG: threat,
},
success: function(r) {
console.log(r);
console.log("whitelist_threat: operation succeeded" );
get_detected_threats ( );
}//end of success function
});
}
function show_empty_ignored_list ( )
{
document.getElementById("ignored_threats_report").innerHTML = "<center><p>No entries have been found</p></center>";
}
function clean_ignored_threats_list ( )
{
document.getElementById("ignored_threats_report").innerHTML = "";
}
function add_to_ignore_list(file,threat)
{
jQuery.ajax({
data: {
action: 'scanner-ignore_threat',
FILE_MD5: file,
THREAT_SIG: threat,
},
success: function(r) {
/*
* refresh content of the tab
*/
get_detected_threats ( );
}//end of success function
});
}
function remove_from_ignore_list(file,threat)
{
jQuery.ajax({
data: {
action: 'scanner-unignore_threat',
FILE_MD5: file,
THREAT_SIG: threat,
},
success: function(r) {
/*
* refresh content of the tab
*/
get_ignored_list();
}//end of success function
});
}
run_internal_scan = function( level )
{
log("INFO","Submitting internal scan request");
jQuery.ajax({
data: {
action: 'scanner-run_internal_scan',
},
timeout: 3000, // sets timeout to 3 seconds
error: function(jqXHR, textStatus){
log("INFO","Internal scan request submitted");
},
success: function(r) {
log("INFO","Operation succeeded. Internal scan started");
}//end of success function
});
UpdateStatus();
};
/*
run_scan = function(this_url,qtr_url,level) {
if( !validateDomain(this_url) ){
hide_all();
var curr_time = new Date().getTime();
show_investigation_status( { "state" : "Provided name of this web-site is invalid",
"age" : curr_time,
"url" : "<invalid>"
});
return;
}
if( !validateURL(qtr_url) ){
hide_all();
var curr_time = new Date().getTime();
show_investigation_status({ "state" : "Provided name of Qutter web malware scanner is invalid",
"age" : curr_time,
"url" : "<invalid>" });
return;
}
if( !level )
{
hide_all();
var curr_time = new Date().getTime();
show_investigation_status( { "state" : "starting",
"age" : curr_time,
"url" : this_url });
}
jQuery.ajax({
data: {
action: 'scanner-run_scan',
_this: this_url,
_qtr_url: qtr_url
},
success: function(r) {
var res = jQuery.parseJSON(r);
var state = res.content.state.toLowerCase();
if ( state == 'new' )
{
show_investigation_status({ "state" : "Waiting for free web malware scanner slot.",
"age" : res.content.age,
"url" : res.content.url,
"priority" : res.content.priority });
run_scan(this_url,qtr_url,1); //recursive call
}
else if( state == 'download')
{
show_investigation_status({ "state" : "Website content is being downloaded for investigation.",
"age" : res.content.age,
"url" : res.content.url,
"priority" : res.content.priority,
"processed_files": res.content.processed_files });
run_scan(this_url,qtr_url,1); //recursive call
}
else if( state =='downloaded' )
{
show_investigation_status({ "state" : "Website content has been downloaded and is waiting for scanner.",
"age" : res.content.age,
"url" : res.content.url,
"priority" : res.content.priority });
run_scan(this_url,qtr_url,1); //recursive call
}
else if( state =='scan' || state =='scanned' )
{
show_investigation_status({ "state" : "website content is being scanned",
"age" : res.content.age,
"url" : res.content.url,
"priority" : res.content.priority,
"processed_files": res.content.processed_files });
run_scan(this_url,qtr_url,1); //recursive call
}
else if( state == 'clean' )
{
show_investigation_report(res.content);
}
else if( state=='potentially suspicious' || state=='potentially unsafe' )
{
show_investigation_report(res.content);
}
else if (state=='suspicious' || state=='unsafe')
{
show_investigation_report(res.content);
}
else if (state=='malicious')
{
show_investigation_report(res.content);
}
else
{
show_investigation_error(res.content);
}
}//end of success function
});
};
show_investigation_error = function( status ){
var urlDate = new Date();
var currentdate = urlDate.toLocaleString();
jQuery('#investigation_error').empty();
var str = "<b>State</b>: <font color='red'>" + status.state + "</font></br>" +
"<b>Time</b>: " + currentdate + "</br>" +
"<b>URL</b>: " + status.url;
//alert("Status: " + str );
hide_all();
jQuery('#investigation_error').append("<p>" + str + "</p>");
jQuery('#investigation_error').show();
jQuery('#run-scanner').show();
}*/
/*
* status comprised from fields:
* url
* priority
* state
* age
* processed_files
*/
/*
show_investigation_status = function ( status ){
hide_all();
var urlDate = new Date();
var currentdate = urlDate.toLocaleString();
jQuery('#investigation_progress').empty();
var str = "<b>State</b>: <b><font color='green'>" + status.state + "</font></b></br>" +
"<b>Time</b>: " + currentdate + "</br>" +
"<b>URL</b>: " + status.url + "</br>";
if( status.priority )
{
str += "<b>Investigation priority</b>: " + status.priority + "</br>";
}
if( status.processed_files )
{
str += "<b>Processed files</b>: " + status.processed_files + "</br>";
}
jQuery('#investigation_progress').append("<p>" + str + "</p>");
jQuery('#investigation_progress').show();
};
show_investigation_report = function ( scan_report ){
hide_all();
jQuery('#investigation_result').empty();
jQuery('#investigation_result').append('<H2>Website Malware Investigation Report</H2><hr>');
jQuery('#investigation_result').append('<a href="http://quttera.com/article/about-quttera-malware-scan-report" target="_blank">Understanding security reports</a>');
var clean_files = 0;
var pot_suspicious_files = 0;
var suspicious_files = 0;
var malicious_files = 0;
for( var i = 0; i < scan_report.report.length; i ++ )
{
var threat = scan_report.report[i].threat.toLowerCase();
if( threat == "malicious" ){
malicious_files += 1;
}else if( threat == "suspicious" ){
suspicious_files +=1;
}else if( threat == "potentially suspicious"){
pot_suspicious_files += 1;
}else{
clean_files += 1;
}
}
var summary = "<table>" +
"<tr><td align='left'><b>Server IP:</b></td>" +
"<td align='left'><b>" + scan_report.ipaddr + "</b></td></tr>" +
"<tr><td align='left'><b>Location:</b></td>" +
"<td align='left'><b>" + scan_report.country + "</b></td></tr>" +
"<tr><td align='left'><b>Web Server:</b></td>" +
"<td align='left'><b>" + scan_report.http_server + "</b></td></tr>" +
"<tr><td align='left'><font color='green'><b>Clean files: </b></font></td>"+
"<td align='left'><font color='green'><b>" + clean_files + "</b></font></td></tr>" +
"<tr><td align='left'><font color='orange'><b>Potentially Suspicious files: </b></font></td>"+
"<td align='left'><font color='orange'><b>" + pot_suspicious_files + "</b></font></td></tr>" +
"<tr><td align='left'><font color='red'><b>Suspicious files: </b></font></td>"+
"<td align='left'><font color='red'><b>" + suspicious_files + "</b></font></td></tr>" +
"<tr><td align='left'><font color='#780000'><b>Malicious files: </b></font></td>" +
"<td align='left'><font color='#780000'><b>" + malicious_files + "</b></font></td></tr>";
if( scan_report.is_blacklisted )
{
if( scan_report.is_blacklisted && scan_report.is_blacklisted.toLowerCase() == "no" )
{
summary += "<tr><td align='left'><font color='green'><b>Blacklisted: </b></font></td>"+
"<td align='left'><font color='green'><b>" + scan_report.is_blacklisted + "</b></font></td></tr>";
}
else
{
summary += "<tr><td align='left'><font color='red'><b>Blacklisted: </b></font></td>"+
"<td align='left'><font color='red'><b>" + scan_report.is_blacklisted + "</b></font></td></tr>";
}
}
summary += "<tr><td align='left'><b>External links:</b></td>" +
"<td align='left'><b>" + scan_report.links_count + "</b></td></tr>" +
"<tr><td align='left'><b>Detected iframes:</b></td>" +
"<td align='left'><b>" + scan_report.iframes_count + "</b></td></tr>" +
"<tr><td align='left'><b>External domains:</b></td>" +
"<td align='left'><b>" + scan_report.domains_count + "</b></td></tr>" +
"</table>" +
"<hr/>";
jQuery('#investigation_result').append(summary);
var scanner_server = document.getElementById('qtr_srv_name').value;
var domain_name = document.getElementById('url_name').value;
//var full_url = scanner_server + "/detailed_report/" + domain_name;
var full_url = "https://quttera.com/detailed_report/" + domain_name;
jQuery('#investigation_result').append("<form method='get' action='" + full_url + "' target='new'>" +
"<input type='submit' class='button-primary' value='Full Investigation Report' style='font-weight: bold;'/></form>");
jQuery('#investigation_report_info').show();
jQuery('#run-scanner').show();
jQuery('#investigation_result').show();
};
function hide_all( )
{
jQuery('#investigation_result').hide();
jQuery('#investigation_error').hide();
jQuery('#investigation_progress').hide();
jQuery('#quttera_detected_malicious_content').hide();
}*/
function log(severity,message)
{
if( !severity || !message ){
return ;
}
var log_line = severity + "\t" + message;
if( log_lines.length >= max_log_lines ){
/*
* removes first line from front
*/
log_lines.shift();
}
log_lines.push( log_line );
document.getElementById("log").value = '';
for( var i = 0; i < log_lines.length; i++ ){
document.getElementById("log").value += log_lines[i] + "\n";
}
document.getElementById("log").scrollTop = document.getElementById("log").scrollHeight;
}
function update_stats( counters )
{
var start = new Date( counters["START_TIME"] * 1000 );
document.getElementById("scan_start_time").innerHTML = start.toTimeString();
document.getElementById("total_scanned_files").innerHTML = counters["TOTAL"];
document.getElementById("scanned_clean_files").innerHTML = counters["CLEAN"];
document.getElementById("scanned_pos_suspicious_files").innerHTML = counters["POT_SUSPICIOUS"];
document.getElementById("scanned_suspicious_files").innerHTML = counters["SUSPICIOUS"];
document.getElementById("scanned_malicious_files").innerHTML = counters["MALICIOUS"];
}
function strip_file_path( path,maxlen ){
if( path.length <= maxlen ){
return path;
}
name_pos = path.lastIndexOf("/");
name = path.substring( name_pos );
path_part_end = maxlen - name.length - 5;
path_part = path.substring(0,path_part_end) + "/..." + name;
return path_part;
}
</script>