MASC is a malware (web) scanner developed during CyperCamp Hackathon 2017. At the moment, there are some features available for any type of website (custom or CMS) and some of them only available for specific platforms:
Also Read – MIG : Distributed & Real Time Digital Forensics At The Speed Of The Cloud
Requirements
First of all, notice that this tool is developed under Linux and, at the moment, it has been tested only under this Operating System
santi@zenbook:$ pip3 install python-magic yara-python watchdog termcolor pypandoc progress
In my notebook, after upgrading to Debian testing, masc became to show an error related to Yara
OSError: /usr/lib/libyara.so: cannot open shared object file: No such file or directory
After trying a lot of solutions I found in the Internet, I realized that this file was located in my computer in/usr/local/lib/python3.5/dist-packages/usr/lib, so I created a symbolic link from the previous path to /usr/lib
santi@zenbook:$ ln -s /usr/local/lib/python3.5/dist-packages/usr/lib/libyara.so /usr/lib/libyara.so
And now, masc and Yara library are running with no problems.
masc is developed under Linux and it has not been tested under any other Operating System.
Anyway, it should run without problems under any Unix-friendly OS. In particular, in Mac OSX I have noticed it’s neccesary to install Homebrew to use python-magic library propery as libmagic. Check first the previous link to the brew homepage and then you will be able to install as I show below:
santi@zenbook:$ brew install libmagic
Also, in my computer I had to change the first line of the masc.py script. Python3 is installed in /usr/local/bin and it’s not allowed to create symlinks from /usr/bin
Change the first line in masc.py
#!/usr/bin/python3
for this line
#!/usr/local/bin/python3
Anyway, you always can run masc using the Python interpreter instead running the script directly:
santi@zenbook:$ python3 masc.py
To install masc on your computer, you can download a release, untar it and try. You can also install it usign pip (‘pip3 install masc’)
Check this notice before if you are using Mac OSX.
masc 0.2.2 (http://github.com/sfaci/masc)
usage: masc.py [-h] [–add-file FILENAME] [–add-word STRING] [–clean-cache]
[–clean-site] [–list-backups] [–make-backup] [–monitor]
[–name NAME] [–path PATH] [–rollback] [–scan]
[–site-type {wordpress,drupal,custom}]
optional arguments:
-h, –help show this help message and exit
–add-file FILENAME Add a suspect file to the dictionary
–add-word STRING Add a suspect content to the dictionary
–clean-cache Clean masc cache (cache and logs files, NO backups)
–clean-site Clean up the site (and apply some extra actions to hide information to attackers)
–list-backups List local backups
–make-backup Create a local backup of the current installation
–monitor Monitor site to detect changes
–name NAME Name assigned to the scanned installation
–path PATH Website installation path
–rollback Restore a local backup
–scan Scan website for malware
–site-type {wordpress,drupal,custom}
which type of web you want to scan:: wordpress,
joomla, drupal or magento
The actions you can perform over a web installation are:
And you have to consider that if you want to perform some actions over some kind of web installation, it’s mandatory to specify the type (-t or –type) and path (-o or –path).
For instance, if you have a WordPress installation in /var/www/html and you want to scan it entirely:
santi@zenbook:$ ./masc.py –scan –type wordpress –path /var/www/html
And if you want to perform clean up actions (to remove some malware, for instance):
santi@zenbook:$ ./masc.py –scan –type wordpress –path /var/www/html –clean-site
Credit: Santiago Faci
Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…
This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…
GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…
Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…
The free and open-source security platform SecHub, provides a central API to test software with…
Don't worry if there are any bugs in the tool, we will try to fix…