/// <summary>
/// 유해 사이트 노출 점검
/// </summary>
/// <param name="item"></param>
public static void Diagnosis_MA_003(CheckItem item)
{
string output = GreyCommand.GetOutputFile("MA-002", "util1");
var reports = GreyXML.GetChormeCacheXmlOutput(output);
string output2 = GreyCommand.GetOutputFile("MA-002", "util2");
var reports2 = GreyXML.GetIeCacheOutput(output2);
reports.Concat(reports2);
List <string> blacklist = new List <string>();
int count = 0;
foreach (var elem in reports)
{
string host;
try
{
host = (new Uri(elem["url"])).Host;
if (blacklist.Contains(host))
{
item.Proofs.Add(host, "블랙리스트 도메인 접근 확인");
count += 1;
}
}
catch (Exception)
{
continue;
}
}
if (count > 0)
{
item.Status = Result.Negative;
}
else
{
item.Status = Result.Fulfilled;
}
// 진단 시작
}
/// <summary>
/// 방화벽 예외 프로그램 등록 현황 확인
/// </summary>
/// <param name="item"></param>
public static void Diagnosis_MA_006(CheckItem item)
{
string[] arg = GreyCommand.GetCommandLine("MA-006", "util1");
GreyUtils.Instance.ExtractExecutable(arg[0]);
GreyCommand.ExecutedCallback(Directory.GetCurrentDirectory(), arg[0], arg[1]);
string output = GreyCommand.GetOutputFile("MA-006", "util1");
var reports = GreyXML.GetXmlOutput(output);
string[] arg2 = GreyCommand.GetCommandLine("MA-006", "util2");
GreyUtils.Instance.ExtractExecutable(arg2[0]);
List <string> Dupless = new List <string>();
int count = 0;
string[] extension = { "BAT", "BIN", "CMD", "COM", "CPL", "EXE", "GADGET", "INF1", "INS", "INX", "ISU", "JOB", "JSE", "LNK", "MSC", "MSI", "MSP", "MST", "PAF", "PIF", "PS1", "REG", "RGS", "SCR", "SCT", "SHB", "SHS", "U3P", "VB", "VBE", "VBS", "VBSCRIPT", "WS", "WSF", "WSH" };
foreach (var elem in reports)
{
string filePath = elem["path"];
if (!Dupless.Contains(filePath))
{
Dupless.Add(filePath);
if (extension.Where(x => filePath.ToLower().EndsWith(x.ToLower())).Count() > 0)
{
if (File.Exists(filePath))
{
if (IsSigned(filePath) == -2146762496)
{
count += 1;
string hash = "";
try
{
using (var sha256 = SHA256.Create())
{
using (var stream = File.OpenRead(filePath))
{
byte[] hashValue = sha256.ComputeHash(stream);
hash = BitConverter.ToString(hashValue).Replace("-", String.Empty);
}
}
}
catch (Exception) { }
try
{
item.Proofs.Add(hash, filePath);
}
catch (Exception) { }
}
}
}
}
}
if (count > 0)
{
item.Status = Result.Negative;
}
else
{
item.Status = Result.Fulfilled;
}
}
/// <summary>
/// 말버타이징 위험 노출 점검
/// </summary>
/// <param name="item"></param>
public static void Diagnosis_MA_002(CheckItem item)
{
// Code 를 통해서 우선 검토
string[] arg = GreyCommand.GetCommandLine("MA-002", "util1");
GreyUtils.Instance.ExtractExecutable(arg[0]);
GreyCommand.ExecutedCallback(Directory.GetCurrentDirectory(), arg[0], arg[1]);
string output = GreyCommand.GetOutputFile("MA-002", "util1");
var reports = GreyXML.GetChormeCacheXmlOutput(output);
string[] arg2 = GreyCommand.GetCommandLine("MA-002", "util2");
GreyUtils.Instance.ExtractExecutable(arg2[0]);
GreyCommand.ExecutedCallback(Directory.GetCurrentDirectory(), arg2[0], arg2[1]);
string output2 = GreyCommand.GetOutputFile("MA-002", "util2");
var reports2 = GreyXML.GetIeCacheOutput(output2);
reports.Concat(reports2);
int count = 0;
int progress = 0;
int total = reports.Count;
List <string> DuplessHost = new List <string>();
foreach (var elem in reports)
{
string host;
try {
host = (new Uri(elem["url"])).Host;
progress += 1;
item.Progress = "(" + ((int)((float)progress / (float)total * 100)).ToString() + " %) ";
} catch (Exception) {
continue;
} finally
{
}
if (DuplessHost.Contains(host))
{
continue;
}
else
{
DuplessHost.Add(host);
}
try
{
IPHostEntry ip = Dns.GetHostEntry(host);
try
{
item.Proofs[host] = "유효한 도메인 입니다.";
}
catch (Exception) { }
}
catch (Exception)
{
try
{
item.Proofs[host] = "유효한 도메인이 아닙니다.";
count++;
}
catch (Exception) { }
}
}
item.Progress = "";
if (count > 0)
{
item.Status = Result.Negative;
}
else
{
item.Status = Result.Fulfilled;
}
}