feature/package-development #22
							
								
								
									
										2
									
								
								MANIFEST.in
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										2
									
								
								MANIFEST.in
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,2 @@ | ||||
| include README.md | ||||
| include LICENSE | ||||
							
								
								
									
										64
									
								
								README.md
									
									
									
									
									
								
							
							
						
						
									
										64
									
								
								README.md
									
									
									
									
									
								
							| @@ -1,6 +1,7 @@ | ||||
| # BackDoorBuster | ||||
|  | ||||
|  | ||||
|  | ||||
| ## 项目背景 | ||||
|  | ||||
| 随着网络安全威胁的增加,恶意软件和后门的检测成为了保护个人和组织数据安全的重要任务。后门通常被隐藏在合法软件中,给黑客提供远程控制目标系统的能力。本项目旨在开发一个工具,能够有效识别和评估潜在的后门风险。 | ||||
| @@ -17,21 +18,66 @@ | ||||
| - **报告生成**: 自动生成详细的检测报告,列出所有发现的敏感操作和对应的风险等级。 | ||||
| - **持续更新与维护**: 随着新的后门技术和检测方法的出现,持续更新正则表达式库和评级标准。 | ||||
|  | ||||
| ## 打包 | ||||
|  | ||||
| ### pip | ||||
|  | ||||
| #### 打包命令 | ||||
|  | ||||
| ```bash | ||||
| pip install wheel | ||||
| python setup.py sdist bdist_wheel | ||||
| ``` | ||||
|  | ||||
| 执行上述命令后,会在 dist 目录下生成 .tar.gz 和 .whl 文件。 | ||||
|  | ||||
| #### 本地安装 | ||||
|  | ||||
| - 安装 .whl 文件: | ||||
|  | ||||
| ``` bash | ||||
| pip install dist/backdoor_buster-0.1.0-py3-none-any.whl | ||||
| ``` | ||||
|  | ||||
| - 安装 .tar.gz 文件: | ||||
|  | ||||
| ``` bash | ||||
| pip install dist/backdoor_buster-0.1.0.tar.gz | ||||
| ``` | ||||
|  | ||||
| #### 上传到 PyPI | ||||
|  | ||||
| - 安装 twine: | ||||
|  | ||||
| ``` bash | ||||
| pip install twine | ||||
| ``` | ||||
|  | ||||
| - 使用 twine 上传包到 PyPI: | ||||
|  | ||||
| ``` bash | ||||
| twine upload dist/* | ||||
| ``` | ||||
|  | ||||
| 需要提供 PyPI 的用户名和密码。如果没有 PyPI 账号,可以在 PyPI 注册。 | ||||
|  | ||||
| #### 使用 PyPI 安装 | ||||
|  | ||||
| 包上传到 PyPI 后,可以通过以下命令安装: | ||||
|  | ||||
| ``` bash | ||||
| pip install backdoor_buster | ||||
| ``` | ||||
|  | ||||
| ## 使用说明 | ||||
|  | ||||
| 1. 安装依赖: | ||||
|  | ||||
|    ```bash | ||||
|    pip install -r requirements.txt | ||||
|    ``` | ||||
|  | ||||
| 2. 执行扫描: | ||||
| 1. 执行扫描: | ||||
|  | ||||
|     ```bash | ||||
|     python scan.py <project_directory> | ||||
|     python -m detection <project_directory> -o <path> -m <mode> | ||||
|     ``` | ||||
|  | ||||
| 3. 查看报告: | ||||
| 2. 查看报告: | ||||
|  | ||||
|     报告将以文本形式输出在控制台,并可选择输出到指定文件。 | ||||
|  | ||||
|   | ||||
| @@ -170,7 +170,9 @@ def process_path(path: str, output_format: str, mode: str, output_file=None): | ||||
| def main(): | ||||
|     import argparse | ||||
| 
 | ||||
|     parser = argparse.ArgumentParser(description="Backdoor detection tool.") | ||||
|     parser = argparse.ArgumentParser( | ||||
|         description="Backdoor detection tool.", prog="detection" | ||||
|     ) | ||||
|     parser.add_argument("path", help="Path to the code to analyze") | ||||
|     parser.add_argument("-o", "--output", help="Output file path", default=None) | ||||
|     parser.add_argument( | ||||
| @@ -1,9 +1,64 @@ | ||||
| # 项目设计文档 - 后门检测系统 | ||||
|  | ||||
| ## 打包 | ||||
|  | ||||
| ### 简介 | ||||
|  | ||||
| 本项目需要将 Python 代码打包成`pip`包和`deb`包,以便于分发和安装。以下是如何实现和使用该打包功能的详细步骤。 | ||||
|  | ||||
| ### pip | ||||
|  | ||||
| #### 打包命令 | ||||
|  | ||||
| ```bash | ||||
| pip install wheel | ||||
| python setup.py sdist bdist_wheel | ||||
| ``` | ||||
|  | ||||
| 执行上述命令后,会在 dist 目录下生成 .tar.gz 和 .whl 文件。 | ||||
|  | ||||
| #### 本地安装 | ||||
|  | ||||
| - 安装 .whl 文件: | ||||
|  | ||||
| ``` bash | ||||
| pip install dist/backdoor_buster-0.1.0-py3-none-any.whl | ||||
| ``` | ||||
|  | ||||
| - 安装 .tar.gz 文件: | ||||
|  | ||||
| ``` bash | ||||
| pip install dist/backdoor_buster-0.1.0.tar.gz | ||||
| ``` | ||||
|  | ||||
| #### 上传到 PyPI | ||||
|  | ||||
| - 安装 twine: | ||||
|  | ||||
| ``` bash | ||||
| pip install twine | ||||
| ``` | ||||
|  | ||||
| - 使用 twine 上传包到 PyPI: | ||||
|  | ||||
| ``` bash | ||||
| twine upload dist/* | ||||
| ``` | ||||
|  | ||||
| 需要提供 PyPI 的用户名和密码。如果没有 PyPI 账号,可以在 PyPI 注册。 | ||||
|  | ||||
| #### 使用 PyPI 安装 | ||||
|  | ||||
| 包上传到 PyPI 后,可以通过以下命令安装: | ||||
|  | ||||
| ``` bash | ||||
| pip install backdoor_buster | ||||
| ``` | ||||
|  | ||||
| ## 静态代码后门检测 | ||||
|  | ||||
| **功能描述**: | ||||
| 这个脚本用于扫描指定路径下的代码文件,检测潜在的危险函数调用,支持 `.py`, `.js`, `.cpp` 文件。 | ||||
| 这个脚本用于扫描指定路径下的代码文件,检测潜在的危险函数调用,支持 `.py`, `.js`, `.cpp`, `.pyc` 文件。 | ||||
|  | ||||
| **主要组件**: | ||||
|  | ||||
| @@ -67,7 +122,7 @@ python backdoor_detection.py ./src -o ./output/report.pdf | ||||
| **使用示例**: | ||||
|  | ||||
| ```bash | ||||
| python requirements_detection.py ./requirements.txt -o ./output/report.md | ||||
| python -m detection.requirements_detection ./requirements.txt -o ./output/report.md | ||||
| ``` | ||||
|  | ||||
| --- | ||||
|   | ||||
| @@ -46,7 +46,18 @@ | ||||
|  | ||||
| - **主要应用**:通过爬虫收集漏洞依赖信息并进行汇总,用于判断依赖是否存在漏洞版本。 | ||||
|  | ||||
| ## 8. 代码和风险分析 | ||||
| ## 8. 打包 | ||||
|  | ||||
| 本项目支持打包作为`pip`包进行发布 | ||||
|  | ||||
| - **主要应用**: | ||||
|   - `pip`通过`wheel`并自行撰写`setup.py`以及`MANIFEST.in`,将项目打包发布 | ||||
|  | ||||
| ## 9. 反汇编 | ||||
|  | ||||
| 项目通过`uncompyle6`库提供的反汇编模块可以实现对python字节码进行反汇编之后扫描危险代码 | ||||
|  | ||||
| ## 10. 代码和风险分析 | ||||
|  | ||||
| 项目中实现了基本的静态代码分析功能,用于识别和报告潜在的安全风险函数调用,如 `system`、`exec` 等。 | ||||
|  | ||||
|   | ||||
| @@ -2,31 +2,68 @@ | ||||
|  | ||||
| 本文档提供了后门检测系统的使用方法,包括依赖版本漏洞检测和静态代码后门检测两部分。这将帮助用户正确执行安全检测,并理解输出结果。 | ||||
|  | ||||
| ## 安装需求 | ||||
|  | ||||
| 在开始使用本系统之前,请确保您的环境中安装了以下依赖: | ||||
|  | ||||
| - Python 3.6 或更高版本 | ||||
| - `packaging` 库:用于版本控制和比较 | ||||
| - `reportlab` 库:用于生成 PDF 报告 | ||||
|  | ||||
| 您可以通过以下命令安装必要的 Python 库: | ||||
|  | ||||
| ```bash | ||||
| pip install packaging reportlab | ||||
| ``` | ||||
|  | ||||
| ## 下载和配置 | ||||
|  | ||||
| - 克隆或下载后门检测系统到您的本地环境。 | ||||
| - 确保脚本文件 (`requirements_detection.py` 和 `backdoor_detection.py`) 在您的工作目录中。 | ||||
|  | ||||
| ## 打包 | ||||
|  | ||||
| ### pip | ||||
|  | ||||
| #### 打包命令 | ||||
|  | ||||
| ```bash | ||||
| pip install wheel | ||||
| python setup.py sdist bdist_wheel | ||||
| ``` | ||||
|  | ||||
| 执行上述命令后,会在 dist 目录下生成 .tar.gz 和 .whl 文件。 | ||||
|  | ||||
| #### 本地安装 | ||||
|  | ||||
| - 安装 .whl 文件: | ||||
|  | ||||
| ``` bash | ||||
| pip install dist/backdoor_buster-0.1.0-py3-none-any.whl | ||||
| ``` | ||||
|  | ||||
| - 安装 .tar.gz 文件: | ||||
|  | ||||
| ``` bash | ||||
| pip install dist/backdoor_buster-0.1.0.tar.gz | ||||
| ``` | ||||
|  | ||||
| #### 上传到 PyPI | ||||
|  | ||||
| - 安装 twine: | ||||
|  | ||||
| ``` bash | ||||
| pip install twine | ||||
| ``` | ||||
|  | ||||
| - 使用 twine 上传包到 PyPI: | ||||
|  | ||||
| ``` bash | ||||
| twine upload dist/* | ||||
| ``` | ||||
|  | ||||
| 需要提供 PyPI 的用户名和密码。如果没有 PyPI 账号,可以在 PyPI 注册。 | ||||
|  | ||||
| #### 使用 PyPI 安装 | ||||
|  | ||||
| 包上传到 PyPI 后,可以通过以下命令安装: | ||||
|  | ||||
| ``` bash | ||||
| pip install backdoor_buster | ||||
| ``` | ||||
|  | ||||
| ## 运行依赖版本漏洞检测脚本 | ||||
|  | ||||
| **命令格式**: | ||||
|  | ||||
| ```bash | ||||
| python requirements_detection.py <requirements_file> -o <output_file>  | ||||
| python -m detection.requirements_detection <requirements_file> -o <output_file>  | ||||
| ``` | ||||
|  | ||||
| **参数说明**: | ||||
| @@ -37,7 +74,7 @@ python requirements_detection.py <requirements_file> -o <output_file> | ||||
| **示例**: | ||||
|  | ||||
| ```bash | ||||
| python requirements_detection.py requirements.txt -o output/report.md | ||||
| python -m detection.requirements_detection requirements.txt -o output/report.md | ||||
| ``` | ||||
|  | ||||
| ## 运行静态代码后门检测脚本 | ||||
| @@ -45,7 +82,7 @@ python requirements_detection.py requirements.txt -o output/report.md | ||||
| **命令格式**: | ||||
|  | ||||
| ```bash | ||||
| python backdoor_detection.py <code_path> -o <output_file> -m <mode> | ||||
| python -m detection <code_path> -o <output_file> -m <mode> | ||||
| ``` | ||||
|  | ||||
| **参数说明**: | ||||
| @@ -57,7 +94,7 @@ python backdoor_detection.py <code_path> -o <output_file> -m <mode> | ||||
| **示例**: | ||||
|  | ||||
| ```bash | ||||
| python backdoor_detection.py ./src -o output/report.pdf -m regex | ||||
| python -m detection ./src -o output/report.pdf -m regex | ||||
| ``` | ||||
|  | ||||
| ## 结果解读 | ||||
|   | ||||
| @@ -3,3 +3,4 @@ requests | ||||
| packaging | ||||
| openai | ||||
| bs4 | ||||
| uncompyle6 | ||||
							
								
								
									
										43
									
								
								setup.py
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										43
									
								
								setup.py
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,43 @@ | ||||
| # pip install wheel | ||||
| # python setup.py sdist bdist_wheel | ||||
|  | ||||
| from setuptools import setup, find_packages | ||||
|  | ||||
|  | ||||
| def read_file(filename: str) -> str: | ||||
|     """Read a file and return its content as a string. | ||||
|  | ||||
|     Args: | ||||
|         filename (str): The name of the file to read. | ||||
|  | ||||
|     Returns: | ||||
|         str: The content of the file. | ||||
|     """ | ||||
|     with open(filename, encoding="utf-8") as f: | ||||
|         return f.read() | ||||
|  | ||||
|  | ||||
| setup( | ||||
|     name="backdoor_buster", | ||||
|     version="0.1.0", | ||||
|     author="ciscn", | ||||
|     description="A tool for integrated backdoor detection", | ||||
|     long_description=read_file("README.md"), | ||||
|     long_description_content_type="text/markdown", | ||||
|     url="https://git.mamahaha.work/sangge/BackDoorBuster", | ||||
|     packages=find_packages(), | ||||
|     classifiers=[ | ||||
|         "Programming Language :: Python :: 3", | ||||
|         "License :: OSI Approved :: MIT License", | ||||
|         "Operating System :: OS Independent", | ||||
|     ], | ||||
|     python_requires=">=3.6", | ||||
|     install_requires=[ | ||||
|         "reportlab", | ||||
|         "requests", | ||||
|         "packaging", | ||||
|         "openai", | ||||
|         "bs4", | ||||
|         "uncompyle6", | ||||
|     ], | ||||
| ) | ||||
| @@ -1,7 +1,7 @@ | ||||
| import unittest | ||||
| import warnings | ||||
|  | ||||
| from detection.backdoor_detection import find_dangerous_functions | ||||
| from detection.__main__ import find_dangerous_functions | ||||
| from detection.GPTdetection import detectGPT | ||||
| import os | ||||
|  | ||||
| @@ -83,5 +83,6 @@ class TestBackdoorDetection(unittest.TestCase): | ||||
|         self.assertEqual(len(results["medium"]), 0) | ||||
|         self.assertEqual(len(results["low"]), 0) | ||||
|  | ||||
|  | ||||
| if __name__ == "__main__": | ||||
|     unittest.main() | ||||
|   | ||||
		Reference in New Issue
	
	Block a user