Esempio n. 1
0
        /// <summary>
        /// 유해 사이트 노출 점검
        /// </summary>
        /// <param name="item"></param>
        public static void Diagnosis_MA_003(CheckItem item)
        {
            string output  = GreyCommand.GetOutputFile("MA-002", "util1");
            var    reports = GreyXML.GetChormeCacheXmlOutput(output);

            string output2  = GreyCommand.GetOutputFile("MA-002", "util2");
            var    reports2 = GreyXML.GetIeCacheOutput(output2);

            reports.Concat(reports2);
            List <string> blacklist = new List <string>();
            int           count     = 0;

            foreach (var elem in reports)
            {
                string host;
                try
                {
                    host = (new Uri(elem["url"])).Host;
                    if (blacklist.Contains(host))
                    {
                        item.Proofs.Add(host, "블랙리스트 도메인 접근 확인");
                        count += 1;
                    }
                }
                catch (Exception)
                {
                    continue;
                }
            }
            if (count > 0)
            {
                item.Status = Result.Negative;
            }
            else
            {
                item.Status = Result.Fulfilled;
            }
            // 진단 시작
        }
Esempio n. 2
0
        /// <summary>
        /// 방화벽 예외 프로그램 등록 현황 확인
        /// </summary>
        /// <param name="item"></param>
        public static void Diagnosis_MA_006(CheckItem item)
        {
            string[] arg = GreyCommand.GetCommandLine("MA-006", "util1");
            GreyUtils.Instance.ExtractExecutable(arg[0]);
            GreyCommand.ExecutedCallback(Directory.GetCurrentDirectory(), arg[0], arg[1]);
            string output  = GreyCommand.GetOutputFile("MA-006", "util1");
            var    reports = GreyXML.GetXmlOutput(output);

            string[] arg2 = GreyCommand.GetCommandLine("MA-006", "util2");
            GreyUtils.Instance.ExtractExecutable(arg2[0]);

            List <string> Dupless = new List <string>();
            int           count   = 0;

            string[] extension = { "BAT", "BIN", "CMD", "COM", "CPL", "EXE", "GADGET", "INF1", "INS", "INX", "ISU", "JOB", "JSE", "LNK", "MSC", "MSI", "MSP", "MST", "PAF", "PIF", "PS1", "REG", "RGS", "SCR", "SCT", "SHB", "SHS", "U3P", "VB", "VBE", "VBS", "VBSCRIPT", "WS", "WSF", "WSH" };
            foreach (var elem in reports)
            {
                string filePath = elem["path"];
                if (!Dupless.Contains(filePath))
                {
                    Dupless.Add(filePath);
                    if (extension.Where(x => filePath.ToLower().EndsWith(x.ToLower())).Count() > 0)
                    {
                        if (File.Exists(filePath))
                        {
                            if (IsSigned(filePath) == -2146762496)
                            {
                                count += 1;
                                string hash = "";
                                try
                                {
                                    using (var sha256 = SHA256.Create())
                                    {
                                        using (var stream = File.OpenRead(filePath))
                                        {
                                            byte[] hashValue = sha256.ComputeHash(stream);
                                            hash = BitConverter.ToString(hashValue).Replace("-", String.Empty);
                                        }
                                    }
                                }
                                catch (Exception) { }

                                try
                                {
                                    item.Proofs.Add(hash, filePath);
                                }
                                catch (Exception) { }
                            }
                        }
                    }
                }
            }

            if (count > 0)
            {
                item.Status = Result.Negative;
            }
            else
            {
                item.Status = Result.Fulfilled;
            }
        }
Esempio n. 3
0
        /// <summary>
        /// 말버타이징 위험 노출 점검
        /// </summary>
        /// <param name="item"></param>
        public static void Diagnosis_MA_002(CheckItem item)
        {
            // Code 를 통해서 우선 검토

            string[] arg = GreyCommand.GetCommandLine("MA-002", "util1");
            GreyUtils.Instance.ExtractExecutable(arg[0]);
            GreyCommand.ExecutedCallback(Directory.GetCurrentDirectory(), arg[0], arg[1]);
            string output  = GreyCommand.GetOutputFile("MA-002", "util1");
            var    reports = GreyXML.GetChormeCacheXmlOutput(output);

            string[] arg2 = GreyCommand.GetCommandLine("MA-002", "util2");
            GreyUtils.Instance.ExtractExecutable(arg2[0]);
            GreyCommand.ExecutedCallback(Directory.GetCurrentDirectory(), arg2[0], arg2[1]);
            string output2  = GreyCommand.GetOutputFile("MA-002", "util2");
            var    reports2 = GreyXML.GetIeCacheOutput(output2);

            reports.Concat(reports2);
            int           count       = 0;
            int           progress    = 0;
            int           total       = reports.Count;
            List <string> DuplessHost = new List <string>();

            foreach (var elem in reports)
            {
                string host;
                try {
                    host          = (new Uri(elem["url"])).Host;
                    progress     += 1;
                    item.Progress = "(" + ((int)((float)progress / (float)total * 100)).ToString() + " %) ";
                } catch (Exception) {
                    continue;
                } finally
                {
                }

                if (DuplessHost.Contains(host))
                {
                    continue;
                }
                else
                {
                    DuplessHost.Add(host);
                }
                try
                {
                    IPHostEntry ip = Dns.GetHostEntry(host);
                    try
                    {
                        item.Proofs[host] = "유효한 도메인 입니다.";
                    }
                    catch (Exception) { }
                }
                catch (Exception)
                {
                    try
                    {
                        item.Proofs[host] = "유효한 도메인이 아닙니다.";
                        count++;
                    }
                    catch (Exception) { }
                }
            }
            item.Progress = "";
            if (count > 0)
            {
                item.Status = Result.Negative;
            }
            else
            {
                item.Status = Result.Fulfilled;
            }
        }