Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Scan binaries located on the path #40

Open
bhamail opened this issue Sep 18, 2020 · 0 comments
Open

Scan binaries located on the path #40

bhamail opened this issue Sep 18, 2020 · 0 comments
Labels
enhancement New feature or request

Comments

@bhamail
Copy link
Contributor

bhamail commented Sep 18, 2020

Trying to capture some of @DarthHater 's ideas for future Ahab enhancements.

It is great that Ahab scans OS packages (.rpm, .deb, .apk, etc), but there are also many cases where someone will curl or wget some binary file down and install it directly into the /usr/bin folder (or somewhere on the PATH).

To detect these, Ahab could:

  1. enumerate all the directories on the OS PATH.
  2. in each directory, look for binaries and try to determine if the binary has a hashcode of a file known to be from an .rpm/.deb. Could also try to detect vulns for binaries that do not appear to be from a .rpm/.deb.

cc @bhamail / @DarthHater / @ken-duck / @ButterB0wl
@bhamail bhamail added the enhancement New feature or request label Sep 18, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@bhamail