Page 1 of 3 123 LastLast
Results 1 to 25 of 64

Thread: Script Scanner (Scans for malicious scripts)

  1. #1
    Join Date
    Sep 2010
    Posts
    5,762
    Mentioned
    136 Post(s)
    Quoted
    2739 Post(s)

    Default Script Scanner (Scans for malicious scripts)

    Script Scanner By Officer Barbrady and Janilabo

    The extension/Scanner is now updated on this thread and can be downloaded there: http://villavu.com/forum/showthread.php?t=103996
    ::for the autoupdate2.09abcdef::
    ::fgeyhfVersion 2.07 has been released as a script and a extension!jdshkhu::

    Latest Version:2.09


    Attached Files Attached Files

  2. #2
    Join Date
    Jun 2012
    Posts
    4,867
    Mentioned
    74 Post(s)
    Quoted
    1663 Post(s)

    Default

    False positives in 3, 2, 1

  3. #3
    Join Date
    Sep 2010
    Posts
    5,762
    Mentioned
    136 Post(s)
    Quoted
    2739 Post(s)

    Default

    Quote Originally Posted by BMWxi View Post
    False positives in 3, 2, 1
    Alerts user of potential threats so they can look into them.

  4. #4
    Join Date
    Feb 2006
    Location
    Helsinki, Finland
    Posts
    1,395
    Mentioned
    30 Post(s)
    Quoted
    107 Post(s)

    Default

    Quote Originally Posted by Officer Barbrady View Post
    ...
    Nice work, Officer Barbrady.
    It is looking good so far.

    I noticed just 1 issue though - the way you count string's is currently like 50/50 case-sensitive, because you never used Lowercase() for Script_Text in these parts listed below..

    Line 104:
    Code:
    (CountString(LowerCase('user'), script_text,True)>1)
    Line 116:
    Code:
    if (CountString(LowerCase('pass'), script_text,True)>1) then
    Line 122:
    Code:
    if (CountString(LowerCase('pin'), script_text,True)>1) then
    Although! I think you might need just 1 lowercase() in your script, to this part, at line 196:

    Code:
    Script_text := ScriptEdit.TEXT; // Lowercase() that, and you'll need to use Lowercase for script_text only once in your script (you can remove Lowercase()'s from FindText*()'s then)
    Thumbs up for creativity with this script. Keep up the good work! Gotta love small but useful utilities like these!

    Regards,
    -Jani

  5. #5
    Join Date
    Sep 2010
    Posts
    5,762
    Mentioned
    136 Post(s)
    Quoted
    2739 Post(s)

    Default

    Quote Originally Posted by Janilabo View Post
    Nice work, Officer Barbrady.
    It is looking good so far.

    I noticed just 1 issue though - the way you count string's is currently like 50/50 case-sensitive, because you never used Lowercase() for Script_Text in these parts listed below..

    Line 104:
    Code:
    (CountString(LowerCase('user'), script_text,True)>1)
    Line 116:
    Code:
    if (CountString(LowerCase('pass'), script_text,True)>1) then
    Line 122:
    Code:
    if (CountString(LowerCase('pin'), script_text,True)>1) then
    Although! I think you might need just 1 lowercase() in your script, to this part, at line 196:

    Code:
    Script_text := ScriptEdit.TEXT; // Lowercase() that, and you'll need to use Lowercase for script_text only once in your script (you can remove Lowercase()'s from FindText*()'s then)
    Thumbs up for creativity with this script. Keep up the good work! Gotta love small but useful utilities like these!

    Regards,
    -Jani
    Thanks, I still want to add more features to prevent false positives though

  6. #6
    Join Date
    Feb 2006
    Location
    Helsinki, Finland
    Posts
    1,395
    Mentioned
    30 Post(s)
    Quoted
    107 Post(s)

    Default

    Quote Originally Posted by Officer Barbrady View Post
    Thanks, I still want to add more features to prevent false positives though
    I think the key would be to use regex (regular expression) functions, to prevent those false positives.
    Learning to use those regex commands might take a while though, because regex is frustrating sometimes...
    However, internet is full of good tutorial pages about regex. Also, plenty of good video tutorials @YouTube aswell..
    +There is even 1 tutorial here at SRL-forums about regex, Regular Expressions by @Brandon.

    I wrote a function to SCAR Divi, that would be PERFECT for this, but I'll need to try and convert it to Simba aswell (I am not very familiar with Simba's regex commands, to be honest).
    It is this one below:

    Code:
    const
      TEXT = 'TestesTESTTestest test TEST Test Test.';
      FIND_STR = 'test'; 
    
    type
      TMatchMethod = (mmAll, mmBackward, mmIgnoreCase, mmOverlap, mmWholeWords, mmStrictWW);
      TMatchMethods = set of TMatchMethod; 
      
    function Find(Text, FindStr: string; Methods: TMatchMethods; Offset: Integer): TIntArray;
    var
      tL, fsL, d, i, t: Integer;
      rgx_fs: string;            
      r: TRegexMatchArray;
    begin
      fsL := Length(FindStr);
      tL := Length(Text);
      if ((tL < 1) or (Length(FindStr) > tL) or (FindStr = '')) then
        Exit;             
      if (Offset < 1) then
        Offset := 1;     
      FindStr := PregQuote(FindStr);  
      if (mmWholeWords in Methods) then
      begin
        if (mmStrictWW in Methods) then  
          rgx_fs := '/(?<!\S)' + FindStr + '(?!\S)/'
        else
          rgx_fs := '/(^|\b|(?<=\s))' + FindStr + '((?=\s)|\b|$)/';
      end else
        rgx_fs := '/' + FindStr + '/';
      if (mmIgnoreCase in Methods) then
        rgx_fs := (rgx_fs + 'i');
      rgx_fs := (rgx_fs + 'm');
      if (mmOverlap in Methods) then
        SetLength(Result, (tL - (fsL - 1)))
      else
        SetLength(Result, ((tL div fsL) + 1));         
      case (mmBackward in Methods) of 
        True:
        begin
          Text := Copy(Text, 1, Offset); 
          while PregMatchEx(rgx_fs, Text, r) do
          begin
            Result[d] := (r[0].Offset + d); 
            Inc(d);
            Delete(Text, r[0].Offset, 1);
            SetLength(r, 0);
          end;         
          SetLength(Result, d);    
          if (mmAll in Methods) then   
            ReverseTIA(Result)              
          else
            if (d > 0) then                         
              Result := [Result[(d - 1)]];
          if (mmAll in Methods) then
            if not (mmOverlap in Methods) then
              if (d > 1) then
                for i := (0 + t) to ((d - 2) - t) do
                  if ((Result[i] - Result[(i + 1)]) <= fsL) then
                  begin       
                    Result[(i + 1)] := Result[i]; 
                    Delete(Result, i, 1);
                    Inc(t);
                  end;  
        end;
        False:                    
        begin    
          if (Offset > 1) then
            Delete(Text, 1, (Offset - 1));
          if (mmAll in Methods) then 
          begin    
            while PregMatchEx(rgx_fs, Text, r) do
            begin
              Result[d] := ((r[0].Offset + d) + (Offset - 1)); 
              Inc(d);
              Delete(Text, r[0].Offset, 1);
              SetLength(r, 0);
            end; 
            SetLength(Result, d);
            if (mmAll in Methods) then
              if not (mmOverlap in Methods) then
                if (d > 1) then
                  for i := (0 + t) to ((d - 2) - t) do
                    if ((Result[(i + 1)] - Result[i]) <= fsL) then
                    begin         
                      Result[(i + 1)] := Result[i]; 
                      Delete(Result, i, 1);
                      Inc(t);
                    end; 
          end else
          if PregMatchEx(rgx_fs, Text, r) then
          begin
            Result := [((r[0].Offset + d) + (Offset - 1))];
            SetLength(r, 0);
          end;
        end;
      end;
      TIAUnique(Result);      
    end;
    
    var
      l, h, i, i2, s, o: Integer;
      TIA: TIntArray;
      m_sets: array of TMatchMethods;
      TSA: TStrArray;
                   
    procedure BuildSets(find_method: (fmBackward, fmForward));
    begin
      case find_method of
        fmForward:
        begin
          TSA := ['[]', '[mmIgnoreCase]', '[mmIgnoreCase, mmAll]', '[mmIgnoreCase, mmAll, mmOverlap]', '[mmIgnoreCase, mmAll, mmOverlap, mmWholeWords]', '[mmIgnoreCase, mmAll, mmOverlap, mmWholeWords, mmStrictWW]'];
          l := Length(FIND_STR);
          o := 1;   
          s := High(TSA); 
          SetLength(m_sets, (s + 1));
          m_sets[0] := [];
          m_sets[1] := [mmIgnoreCase];
          m_sets[2] := [mmIgnoreCase, mmAll];
          m_sets[3] := [mmIgnoreCase, mmAll, mmOverlap];
          m_sets[4] := [mmIgnoreCase, mmAll, mmOverlap, mmWholeWords];
          m_sets[5] := [mmIgnoreCase, mmAll, mmOverlap, mmWholeWords, mmStrictWW];  
        end;
        fmBackward:
        begin
          TSA := ['[mmBackward]', '[mmBackward, mmIgnoreCase]', '[mmBackward, mmIgnoreCase, mmAll]', '[mmBackward, mmIgnoreCase, mmAll, mmOverlap]', '[mmBackward, mmIgnoreCase, mmAll, mmOverlap, mmWholeWords]', '[mmBackward, mmIgnoreCase, mmAll, mmOverlap, mmWholeWords, mmStrictWW]'];
          l := Length(FIND_STR);
          o := Length(TEXT);
          s := High(TSA); 
          SetLength(m_sets, (s + 1));
          m_sets[0] := [mmBackward];
          m_sets[1] := [mmBackward, mmIgnoreCase];
          m_sets[2] := [mmBackward, mmIgnoreCase, mmAll];
          m_sets[3] := [mmBackward, mmIgnoreCase, mmAll, mmOverlap];
          m_sets[4] := [mmBackward, mmIgnoreCase, mmAll, mmOverlap, mmWholeWords];
          m_sets[5] := [mmBackward, mmIgnoreCase, mmAll, mmOverlap, mmWholeWords, mmStrictWW];  
        end;    
      end;
    end;
      
    begin                
      ClearDebug;                              
      BuildSets(fmForward);      
      WriteLn('FORWARD:');
      for i := 0 to s do
      begin
        TIA := Find(TEXT, FIND_STR, m_sets[i], o);
        h := High(TIA);   
        WriteLn('Find(''' + FIND_STR + ''', ''' + TEXT + ''', ' + TSA[i] + ', ' + IntToStr(o) + ')')
        for i2 := 0 to h do
          WriteLn('Match[' + IntToStr(i2 + 1) + ']: ' + Copy(TEXT, TIA[i2], l) + ' (@POS.' + IntToStr(TIA[i2]) + ')');
        WriteLn('');
        SetLength(TIA, 0);
      end;                 
      BuildSets(fmBackward)
      WriteLn('BACKWARD:'); 
      for i := 0 to s do
      begin
        TIA := Find(TEXT, FIND_STR, m_sets[i], o);
        h := High(TIA);   
        WriteLn('Find(''' + FIND_STR + ''', ''' + TEXT + ''', ' + TSA[i] + ', ' + IntToStr(o) + ')')
        for i2 := 0 to h do
          WriteLn('Match[' + IntToStr(i2 + 1) + ']: ' + Copy(TEXT, TIA[i2], l) + ' (@POS.' + IntToStr(TIA[i2]) + ')');
        if (i < s) then 
          WriteLn('');
        SetLength(TIA, 0);
      end;
      SetLength(m_sets, 0);
      SetLength(TSA, 0);       
    end.
    Regards,
    -Jani

  7. #7
    Join Date
    Nov 2011
    Posts
    18
    Mentioned
    0 Post(s)
    Quoted
    7 Post(s)

    Default

    Thanks Officer, I will be using this to check any scripts I use in the future, no doubt about it.

  8. #8
    Join Date
    Sep 2012
    Location
    Australia.
    Posts
    839
    Mentioned
    16 Post(s)
    Quoted
    225 Post(s)

    Default

    Not a bad script here, Officer Barbrady. Not bad at all. Very useful.

  9. #9
    Join Date
    Sep 2008
    Posts
    754
    Mentioned
    8 Post(s)
    Quoted
    275 Post(s)

    Default

    very nice thank you!

  10. #10
    Join Date
    Sep 2010
    Posts
    5,762
    Mentioned
    136 Post(s)
    Quoted
    2739 Post(s)

    Default

    Thanks guys, will be adding more once I get back home

  11. #11
    Join Date
    Feb 2006
    Location
    Helsinki, Finland
    Posts
    1,395
    Mentioned
    30 Post(s)
    Quoted
    107 Post(s)

    Default

    Been converting Find() from SCAR Divi to Simba, but uhm... Things got just a "little bit" more complicated than I expected in the first place...
    The main problem is that, Simba's current regex library doesn't support lookaround (behind, ahead). :\ So I had to add in a lot of creepy workarounds..

    Also, I had to leave "mmBackwards" (backwards searching) out aswell - may add it in later, not sure.

    This is what the code looks like currently:

    Code:
    const
      TEXT = 'TEST! Test, Test1 test? test TeSt testest testtest test.';
      STR = 'test';
    
    {==============================================================================]
      Explanation: Important types for Find() function! Contains the string matching methods.
    [==============================================================================}
    type
      TMatchMethod = (mmAll, mmIgnoreCase, mmOverlap, mmWholeWords, mmStrictWW);
      TMatchMethods = set of TMatchMethod;
    
    {==============================================================================]
      Explanation: Returns a TIA that contains all the value from start value (aStart) to finishing value (aFinish)..
    [==============================================================================}
    function TIAByRange(aStart, aFinish: Integer): TIntegerArray;
    var
      i, s, f: Integer;
    begin
      if (aStart <> aFinish) then
      begin
        s := Integer(aStart);
        f := Integer(aFinish);
        SetLength(Result, (IAbs(aStart - aFinish) + 1));
        case (aStart > aFinish) of
          True:
          for i := s downto f do
            Result[(s - i)] := i;
          False:
          for i := s to f do
            Result[(i - s)] := i;
        end;
      end else
        Result := [Integer(aStart)];
    end;
    
    {==============================================================================]
      Explanation: Merges T2DIntegerArray (ATIA) to TIntegerArray.
                   Example: [[1, 2], [3, 4]] => [1, 2, 3, 4]
    [==============================================================================}
    function ATIAMerge(ATIA: T2DIntegerArray): TIntegerArray;
    var
      i, i2, h, h2, r: Integer;
    begin
      h := High(ATIA);
      if (h > -1) then
      begin
        for i := 0 to h do
          IncEx(r, (High(ATIA[i]) + 1));
        SetLength(Result, r);
        r := 0;
        for i := 0 to h do
        begin
          h2 := High(ATIA[i]);
          for i2 := 0 to h2 do
          begin
            Result[r] := Integer(ATIA[i][i2]);
            Inc(r);
          end;
        end;
      end else
        SetLength(Result, 0);
    end;
    
    {==============================================================================]
      Explanation: Returns the string that is behind the position in data, size being the length for result that is copied from position.
    [==============================================================================}
    function Behind(data: string; position, size: Integer): string;
    var
      l, r: Integer;
    begin
      l := Length(data);
      case ((l > 0) and (position > 1) and (size > 0)) of
        True:
        begin
          if ((position - size) < 1) then
            size := ((position - size) + (size - 1));
          if (position > (l + 1)) then
          begin
            r := ((position - l) - 1);
            size := (size - r);
          end;
          Result := Copy(data, ((position - size) - r), size);
        end;
        False: Result := '';
      end;
    end;
    
    {==============================================================================]
      Explanation: Returns the string that is ahead from position in data, size being the length for result that is copied from position.
    [==============================================================================}
    function Ahead(data: string; position, size: Integer): string;
    var
      l: Integer;
    begin
      l := Length(data);
      case ((l > 0) and (position <= l) and (size > 0)) of
        True:
        begin
          if (position < 1) then
          begin
            size := (size - iAbs(position - 1));
            position := 1;
          end;
          if ((size > 0) and ((position + size) > l)) then
            size := (size - (((position + size) - l) - 1));
          Result := Copy(data, position, size);
        end;
        False: Result := '';
      end;
    end;
    
    {==============================================================================]
      Explanation: Returns all the positions of found/matching strings (findStr) in text.
                   Uses a set of TMatchMethod (methods) for string matching.
                   Contains field for offset.
    [==============================================================================}
    function FindEx(text, findStr: string; methods: TMatchMethods; offset: Integer): TIntegerArray;
    var
      sb, sa: string;
      r, l, f, o, p, d, x, y: Integer;
      re: TRegExp;
      ma, mb, a, s, ol: Boolean;
      c: TIntegerArray;
    begin
      l := Length(text);
      f := Length(findStr);
      if ((l > 0) and (f > 0) and (offset <= (l - f))) then
      begin
        if (offset < 1) then
          offset := 1;
        SetLength(Result, l);
        re := TRegExp.Create;
        re.InputString := text;
        re.Expression := findStr;
        if (mmIgnoreCase in methods) then
          re.ModifierI := True;
        a := (mmAll in methods);
        case a of
          False: re.ModifierG := True;
          True: re.ModifierG := False;
        end;
        ol := (mmOverlap in methods);
        if not ol then
          o := (Length(findStr) - 1);
        Inc(o);
        p := Offset;
        if re.ExecPos(p) then
        repeat
          if (re.Match[0] <> '') then
          begin
            Result[r] := re.MatchPos[0];
            p := (Result[r] + o);
            Inc(r);
          end;
        until not re.ExecPos(p);
        re.Free;
        SetLength(Result, r);
        if ((r > 0) and (mmWholeWords in methods)) then
        begin
          s := (mmStrictWW in methods);
          if not s then
            c := ATIAMerge([TIAByRange(Ord('A'), Ord('Z')), TIAByRange(Ord('a'), Ord('z')), TIAByRange(Ord('0'), Ord('9'))]);
          for x := (r - 1) downto 0 do
          begin
            sb := Behind(text, Result[x], 1);
            sa := Ahead(text, (Result[x] + f), 1);
            case s of
              True:
              begin
                case ol of
                  True:
                  case (x > 0) of
                    True:
                    case ((r - 1) > x) of
                      True: mb := ((((Result[(x + 1)] - Result[x]) <= f) or ((Result[x] - Result[(x - 1)]) <= f)) or ((sb = ' ') or (sb = '')));
                      False: mb := (((Result[x] - Result[(x - 1)]) <= f) or ((sb = ' ') or (sb = '')));
                    end;
                    False:
                    case ((r - 1) > x) of
                      True: mb := (((Result[(x + 1)] - Result[x]) <= f) or ((sb = ' ') or (sb = '')));
                      False: mb := ((sb = ' ') or (sb = ''));
                    end;
                  end;
                  False: mb := ((sb = ' ') or (sb = ''));
                end;
                case ol of
                  True:
                  case (x > 0) of
                    True:
                    case ((r - 1) > x) of
                      True: ma := ((((Result[(x + 1)] - Result[x]) <= f) or ((Result[x] - Result[(x - 1)]) <= f)) or ((sa = ' ') or (sa = '')));
                      False: ma := (((Result[x] - Result[(x - 1)]) <= f) or ((sa = ' ') or (sa = '')));
                    end;
                    False:
                    case ((r - 1) > x) of
                      True: ma := (((Result[(x + 1)] - Result[x]) <= f) or ((sa = ' ') or (sa = '')));
                      False: ma := ((sa = ' ') or (sa = ''));
                    end;
                  end;
                  False: ma := ((sa = ' ') or (sa = ''));
                end;
              end;
              False:
              begin
                case (sb <> '') of
                  True:
                  case ol of
                    True:
                    case (x > 0) of
                      True:
                      case ((r - 1) > x) of
                        True: mb := ((((Result[(x + 1)] - Result[x]) <= f) or ((Result[x] - Result[(x - 1)]) <= f)) or not InIntArray(c, Ord(sb[1])));
                        False: mb := (((Result[x] - Result[(x - 1)]) <= f) or not InIntArray(c, Ord(sb[1])));
                      end;
                      False:
                      case ((r - 1) > x) of
                        True: mb := (((Result[(x + 1)] - Result[x]) <= f) or not InIntArray(c, Ord(sb[1])));
                        False: mb := not InIntArray(c, Ord(sb[1]));
                      end;
                    end;
                    False: mb := not InIntArray(c, Ord(sb[1]));
                  end;
                  False: mb := True;
                end;
                case (sa <> '') of
                  True:
                  case ol of
                    True:
                    case (x > 0) of
                      True:
                      case ((r - 1) > x) of
                        True: ma := ((((Result[(x + 1)] - Result[x]) <= f) or ((Result[x] - Result[(x - 1)]) <= f)) or not InIntArray(c, Ord(sa[1])));
                        False: ma := (((Result[x] - Result[(x - 1)]) <= f) or not InIntArray(c, Ord(sa[1])));
                      end;
                      False:
                      case ((r - 1) > x) of
                        True: ma := (((Result[(x + 1)] - Result[x]) <= f) or not InIntArray(c, Ord(sa[1])));
                        False: ma := not InIntArray(c, Ord(sa[1]));
                      end;
                    end;
                    False: ma := not InIntArray(c, Ord(sa[1]));
                  end;
                  False: ma := True;
                end;
              end;
            end;
            if not (mb and ma) then
            begin
              y := (r - 1);
              for d := x to (y - 1) do
                Result[d] := Result[(d + 1)];
              SetLength(Result, y);
              Dec(r);
            end;
          end;
        end;
        if (not a and (r > 0)) then
          SetLength(Result, 1);
      end else
        SetLength(Result, 0);
    end;
    
    {==============================================================================]
      Explanation: Returns all the positions of found/matching strings (findStr) in text.
                   Uses a set of TMatchMethod (methods) for string matching.
                   Without offset field.
    [==============================================================================}
    function Find(text, findStr: string; methods: TMatchMethods): TIntegerArray;
    begin
      Result := FindEx(text, findStr, methods, 1);
    end;
    
    begin
      ClearDebug;
      WriteLn(ToStr(Find(TEXT, STR, [mmIgnoreCase, mmWholeWords, mmStrictWW])) + ' Find(TEXT, STR, [mmIgnoreCase, mmWholeWords, mmStrictWW])');
      WriteLn(ToStr(Find(TEXT, STR, [mmIgnoreCase, mmWholeWords])) + ' Find(TEXT, STR, [mmIgnoreCase, mmWholeWords])');
      WriteLn(ToStr(Find(TEXT, STR, [mmIgnoreCase])) + ' Find(TEXT, STR, [mmIgnoreCase])');
      WriteLn(ToStr(Find(TEXT, STR, [])) + ' Find(TEXT, STR, [])');
      WriteLn(ToStr(Find(TEXT, STR, [mmAll])) + ' Find(TEXT, STR, [mmAll])');
      WriteLn(ToStr(Find(TEXT, STR, [mmAll, mmIgnoreCase])) + ' Find(TEXT, STR, [mmAll, mmIgnoreCase])');
      WriteLn(ToStr(Find(TEXT, STR, [mmAll, mmIgnoreCase, mmWholeWords])) + ' Find(TEXT, STR, [mmAll, mmIgnoreCase, mmWholeWords])');
      WriteLn(ToStr(Find(TEXT, STR, [mmAll, mmIgnoreCase, mmWholeWords, mmStrictWW])) + ' Find(TEXT, STR, [mmAll, mmIgnoreCase, mmWholeWords, mmStrictWW])');
    end.
    ..it's a bit ugly/scary to be honest, but hay, that's mainly because I have been working on it all night today. So... I'll try and cut out some unneeded lines within time.

    Right now, all the included methods, except "mmOverlap", are stable and working smoothly.
    The logic of overlapping support still requires some work - it's not that bad really, I would say it is just fine for most uses.
    Main issue of it being that right now it doesn't really pay attention to overlapped item's boundaries (start / end), like the function does without mmOverlap (sorry about the explanation, this part is hard for me to explain, ouch)

    The reason why I am posting about this here, is because this particular function has potential to get rid of those false positives in your script, @Officer Barbrady..

    -Jani

  12. #12
    Join Date
    Sep 2010
    Posts
    5,762
    Mentioned
    136 Post(s)
    Quoted
    2739 Post(s)

    Default

    Quote Originally Posted by Janilabo View Post
    Been converting Find() from SCAR Divi to Simba, but uhm... Things got just a "little bit" more complicated than I expected in the first place...
    The main problem is that, Simba's current regex library doesn't support lookaround (behind, ahead). :\ So I had to add in a lot of creepy workarounds..

    Also, I had to leave "mmBackwards" (backwards searching) out aswell - may add it in later, not sure.

    This is what the code looks like currently:

    Code:
    const
      TEXT = 'TEST! Test, Test1 test? test TeSt testest testtest test.';
      STR = 'test';
    
    {==============================================================================]
      Explanation: Important types for Find() function! Contains the string matching methods.
    [==============================================================================}
    type
      TMatchMethod = (mmAll, mmIgnoreCase, mmOverlap, mmWholeWords, mmStrictWW);
      TMatchMethods = set of TMatchMethod;
    
    {==============================================================================]
      Explanation: Returns a TIA that contains all the value from start value (aStart) to finishing value (aFinish)..
    [==============================================================================}
    function TIAByRange(aStart, aFinish: Integer): TIntegerArray;
    var
      i, s, f: Integer;
    begin
      if (aStart <> aFinish) then
      begin
        s := Integer(aStart);
        f := Integer(aFinish);
        SetLength(Result, (IAbs(aStart - aFinish) + 1));
        case (aStart > aFinish) of
          True:
          for i := s downto f do
            Result[(s - i)] := i;
          False:
          for i := s to f do
            Result[(i - s)] := i;
        end;
      end else
        Result := [Integer(aStart)];
    end;
    
    {==============================================================================]
      Explanation: Merges T2DIntegerArray (ATIA) to TIntegerArray.
                   Example: [[1, 2], [3, 4]] => [1, 2, 3, 4]
    [==============================================================================}
    function ATIAMerge(ATIA: T2DIntegerArray): TIntegerArray;
    var
      i, i2, h, h2, r: Integer;
    begin
      h := High(ATIA);
      if (h > -1) then
      begin
        for i := 0 to h do
          IncEx(r, (High(ATIA[i]) + 1));
        SetLength(Result, r);
        r := 0;
        for i := 0 to h do
        begin
          h2 := High(ATIA[i]);
          for i2 := 0 to h2 do
          begin
            Result[r] := Integer(ATIA[i][i2]);
            Inc(r);
          end;
        end;
      end else
        SetLength(Result, 0);
    end;
    
    {==============================================================================]
      Explanation: Returns the string that is behind the position in data, size being the length for result that is copied from position.
    [==============================================================================}
    function Behind(data: string; position, size: Integer): string;
    var
      l, r: Integer;
    begin
      l := Length(data);
      case ((l > 0) and (position > 1) and (size > 0)) of
        True:
        begin
          if ((position - size) < 1) then
            size := ((position - size) + (size - 1));
          if (position > (l + 1)) then
          begin
            r := ((position - l) - 1);
            size := (size - r);
          end;
          Result := Copy(data, ((position - size) - r), size);
        end;
        False: Result := '';
      end;
    end;
    
    {==============================================================================]
      Explanation: Returns the string that is ahead from position in data, size being the length for result that is copied from position.
    [==============================================================================}
    function Ahead(data: string; position, size: Integer): string;
    var
      l: Integer;
    begin
      l := Length(data);
      case ((l > 0) and (position <= l) and (size > 0)) of
        True:
        begin
          if (position < 1) then
          begin
            size := (size - iAbs(position - 1));
            position := 1;
          end;
          if ((size > 0) and ((position + size) > l)) then
            size := (size - (((position + size) - l) - 1));
          Result := Copy(data, position, size);
        end;
        False: Result := '';
      end;
    end;
    
    {==============================================================================]
      Explanation: Returns all the positions of found/matching strings (findStr) in text.
                   Uses a set of TMatchMethod (methods) for string matching.
                   Contains field for offset.
    [==============================================================================}
    function FindEx(text, findStr: string; methods: TMatchMethods; offset: Integer): TIntegerArray;
    var
      sb, sa: string;
      r, l, f, o, p, d, x, y: Integer;
      re: TRegExp;
      ma, mb, a, s, ol: Boolean;
      c: TIntegerArray;
    begin
      l := Length(text);
      f := Length(findStr);
      if ((l > 0) and (f > 0) and (offset <= (l - f))) then
      begin
        if (offset < 1) then
          offset := 1;
        SetLength(Result, l);
        re := TRegExp.Create;
        re.InputString := text;
        re.Expression := findStr;
        if (mmIgnoreCase in methods) then
          re.ModifierI := True;
        a := (mmAll in methods);
        case a of
          False: re.ModifierG := True;
          True: re.ModifierG := False;
        end;
        ol := (mmOverlap in methods);
        if not ol then
          o := (Length(findStr) - 1);
        Inc(o);
        p := Offset;
        if re.ExecPos(p) then
        repeat
          if (re.Match[0] <> '') then
          begin
            Result[r] := re.MatchPos[0];
            p := (Result[r] + o);
            Inc(r);
          end;
        until not re.ExecPos(p);
        re.Free;
        SetLength(Result, r);
        if ((r > 0) and (mmWholeWords in methods)) then
        begin
          s := (mmStrictWW in methods);
          if not s then
            c := ATIAMerge([TIAByRange(Ord('A'), Ord('Z')), TIAByRange(Ord('a'), Ord('z')), TIAByRange(Ord('0'), Ord('9'))]);
          for x := (r - 1) downto 0 do
          begin
            sb := Behind(text, Result[x], 1);
            sa := Ahead(text, (Result[x] + f), 1);
            case s of
              True:
              begin
                case ol of
                  True:
                  case (x > 0) of
                    True:
                    case ((r - 1) > x) of
                      True: mb := ((((Result[(x + 1)] - Result[x]) <= f) or ((Result[x] - Result[(x - 1)]) <= f)) or ((sb = ' ') or (sb = '')));
                      False: mb := (((Result[x] - Result[(x - 1)]) <= f) or ((sb = ' ') or (sb = '')));
                    end;
                    False:
                    case ((r - 1) > x) of
                      True: mb := (((Result[(x + 1)] - Result[x]) <= f) or ((sb = ' ') or (sb = '')));
                      False: mb := ((sb = ' ') or (sb = ''));
                    end;
                  end;
                  False: mb := ((sb = ' ') or (sb = ''));
                end;
                case ol of
                  True:
                  case (x > 0) of
                    True:
                    case ((r - 1) > x) of
                      True: ma := ((((Result[(x + 1)] - Result[x]) <= f) or ((Result[x] - Result[(x - 1)]) <= f)) or ((sa = ' ') or (sa = '')));
                      False: ma := (((Result[x] - Result[(x - 1)]) <= f) or ((sa = ' ') or (sa = '')));
                    end;
                    False:
                    case ((r - 1) > x) of
                      True: ma := (((Result[(x + 1)] - Result[x]) <= f) or ((sa = ' ') or (sa = '')));
                      False: ma := ((sa = ' ') or (sa = ''));
                    end;
                  end;
                  False: ma := ((sa = ' ') or (sa = ''));
                end;
              end;
              False:
              begin
                case (sb <> '') of
                  True:
                  case ol of
                    True:
                    case (x > 0) of
                      True:
                      case ((r - 1) > x) of
                        True: mb := ((((Result[(x + 1)] - Result[x]) <= f) or ((Result[x] - Result[(x - 1)]) <= f)) or not InIntArray(c, Ord(sb[1])));
                        False: mb := (((Result[x] - Result[(x - 1)]) <= f) or not InIntArray(c, Ord(sb[1])));
                      end;
                      False:
                      case ((r - 1) > x) of
                        True: mb := (((Result[(x + 1)] - Result[x]) <= f) or not InIntArray(c, Ord(sb[1])));
                        False: mb := not InIntArray(c, Ord(sb[1]));
                      end;
                    end;
                    False: mb := not InIntArray(c, Ord(sb[1]));
                  end;
                  False: mb := True;
                end;
                case (sa <> '') of
                  True:
                  case ol of
                    True:
                    case (x > 0) of
                      True:
                      case ((r - 1) > x) of
                        True: ma := ((((Result[(x + 1)] - Result[x]) <= f) or ((Result[x] - Result[(x - 1)]) <= f)) or not InIntArray(c, Ord(sa[1])));
                        False: ma := (((Result[x] - Result[(x - 1)]) <= f) or not InIntArray(c, Ord(sa[1])));
                      end;
                      False:
                      case ((r - 1) > x) of
                        True: ma := (((Result[(x + 1)] - Result[x]) <= f) or not InIntArray(c, Ord(sa[1])));
                        False: ma := not InIntArray(c, Ord(sa[1]));
                      end;
                    end;
                    False: ma := not InIntArray(c, Ord(sa[1]));
                  end;
                  False: ma := True;
                end;
              end;
            end;
            if not (mb and ma) then
            begin
              y := (r - 1);
              for d := x to (y - 1) do
                Result[d] := Result[(d + 1)];
              SetLength(Result, y);
              Dec(r);
            end;
          end;
        end;
        if (not a and (r > 0)) then
          SetLength(Result, 1);
      end else
        SetLength(Result, 0);
    end;
    
    {==============================================================================]
      Explanation: Returns all the positions of found/matching strings (findStr) in text.
                   Uses a set of TMatchMethod (methods) for string matching.
                   Without offset field.
    [==============================================================================}
    function Find(text, findStr: string; methods: TMatchMethods): TIntegerArray;
    begin
      Result := FindEx(text, findStr, methods, 1);
    end;
    
    begin
      ClearDebug;
      WriteLn(ToStr(Find(TEXT, STR, [mmIgnoreCase, mmWholeWords, mmStrictWW])) + ' Find(TEXT, STR, [mmIgnoreCase, mmWholeWords, mmStrictWW])');
      WriteLn(ToStr(Find(TEXT, STR, [mmIgnoreCase, mmWholeWords])) + ' Find(TEXT, STR, [mmIgnoreCase, mmWholeWords])');
      WriteLn(ToStr(Find(TEXT, STR, [mmIgnoreCase])) + ' Find(TEXT, STR, [mmIgnoreCase])');
      WriteLn(ToStr(Find(TEXT, STR, [])) + ' Find(TEXT, STR, [])');
      WriteLn(ToStr(Find(TEXT, STR, [mmAll])) + ' Find(TEXT, STR, [mmAll])');
      WriteLn(ToStr(Find(TEXT, STR, [mmAll, mmIgnoreCase])) + ' Find(TEXT, STR, [mmAll, mmIgnoreCase])');
      WriteLn(ToStr(Find(TEXT, STR, [mmAll, mmIgnoreCase, mmWholeWords])) + ' Find(TEXT, STR, [mmAll, mmIgnoreCase, mmWholeWords])');
      WriteLn(ToStr(Find(TEXT, STR, [mmAll, mmIgnoreCase, mmWholeWords, mmStrictWW])) + ' Find(TEXT, STR, [mmAll, mmIgnoreCase, mmWholeWords, mmStrictWW])');
    end.
    ..it's a bit ugly/scary to be honest, but hay, that's mainly because I have been working on it all night today. So... I'll try and cut out some unneeded lines within time.

    Right now, all the included methods, except "mmOverlap", are stable and working smoothly.
    The logic of overlapping support still requires some work - it's not that bad really, I would say it is just fine for most uses.
    Main issue of it being that right now it doesn't really pay attention to overlapped item's boundaries (start / end), like the function does without mmOverlap (sorry about the explanation, this part is hard for me to explain, ouch)

    The reason why I am posting about this here, is because this particular function has potential to get rid of those false positives in your script, @Officer Barbrady..

    -Jani
    Thanks, I'm looking into it only looking for user and pas outside of declare players and also a couple other stuff to prevent script auto update false positives

  13. #13
    Join Date
    Jun 2012
    Posts
    4,867
    Mentioned
    74 Post(s)
    Quoted
    1663 Post(s)

    Default

    Quote Originally Posted by Officer Barbrady View Post
    Thanks, I'm looking into it only looking for user and pas outside of declare players and also a couple other stuff to prevent script auto update false positives
    I lol'd at the adult content finder

    Maybe add the thing Kevin told us on Skype that takes the first x many lines of the script.

  14. #14
    Join Date
    Sep 2010
    Posts
    5,762
    Mentioned
    136 Post(s)
    Quoted
    2739 Post(s)

    Default

    Quote Originally Posted by BMWxi View Post
    I lol'd at the adult content finder

    Maybe add the thing Kevin told us on Skype that takes the first x many lines of the script.
    Already did, it used addpostvar, not sure how I will be able to avoid false positives with shatters hams scripts though

  15. #15
    Join Date
    Feb 2006
    Location
    Helsinki, Finland
    Posts
    1,395
    Mentioned
    30 Post(s)
    Quoted
    107 Post(s)

    Default

    Quote Originally Posted by Officer Barbrady View Post
    Already did, it used addpostvar, not sure how I will be able to avoid false positives with shatters hams scripts though
    Officer, added in new CountString():

    Code:
    {$i SRL/SRL.simba}
    Var
      DsgnForm:TForm;
      ScriptEdit:TMemo;
      TitleLabel:TLabel;
      ScanButton, UpdateButton:TButton;
      Script_text:string;
      HTTPThreats, WebThreats, BadCode, threats, Fishy:Integer;
      pressed:boolean;
    const
      default = 'Times New Roman';
    
    (*
      Auther: BobboHobbo
    *)
    function FindTextC(word: string): boolean;
    begin
      Result := (Pos(lowercase(Word), LowerCase(Script_Text)) > 0);
    end;
    (*
      Auther: BobboHobbo
    *)
    function FindTextMultiC(Text: TStringArray): boolean;
    var
      i, n: Integer;
    begin
       n := High(Text);
      for i := 0 to n do
        if (Pos(LowerCase(Text[i]), Script_Text) <> 0) then
        begin
          Result := True;
          Exit;
        end;
    end;
    
    {==============================================================================]
      Explanation: Important types for Find() function! Contains the string matching methods.
    [==============================================================================}
    type
      TMatchMethod = (mmAll, mmIgnoreCase, mmOverlap, mmWholeWords, mmStrictWW);
      TMatchMethods = set of TMatchMethod;
    
    {==============================================================================]
      Explanation: Returns a TIA that contains all the value from start value (aStart) to finishing value (aFinish)..
    [==============================================================================}
    function TIAByRange(aStart, aFinish: Integer): TIntegerArray;
    var
      i, s, f: Integer;
    begin
      if (aStart <> aFinish) then
      begin
        s := Integer(aStart);
        f := Integer(aFinish);
        SetLength(Result, (IAbs(aStart - aFinish) + 1));
        case (aStart > aFinish) of
          True:
          for i := s downto f do
            Result[(s - i)] := i;
          False:
          for i := s to f do
            Result[(i - s)] := i;
        end;
      end else
        Result := [Integer(aStart)];
    end;
    
    {==============================================================================]
      Explanation: Merges T2DIntegerArray (ATIA) to TIntegerArray.
                   Example: [[1, 2], [3, 4]] => [1, 2, 3, 4]
    [==============================================================================}
    function ATIAMerge(ATIA: T2DIntegerArray): TIntegerArray;
    var
      i, i2, h, h2, r: Integer;
    begin
      h := High(ATIA);
      if (h > -1) then
      begin
        for i := 0 to h do
          IncEx(r, (High(ATIA[i]) + 1));
        SetLength(Result, r);
        r := 0;
        for i := 0 to h do
        begin
          h2 := High(ATIA[i]);
          for i2 := 0 to h2 do
          begin
            Result[r] := Integer(ATIA[i][i2]);
            Inc(r);
          end;
        end;
      end else
        SetLength(Result, 0);
    end;
    
    {==============================================================================]
      Explanation: Returns the string that is behind the position in data, size being the length for result that is copied from position.
    [==============================================================================}
    function Behind(data: string; position, size: Integer): string;
    var
      l, r: Integer;
    begin
      l := Length(data);
      case ((l > 0) and (position > 1) and (size > 0)) of
        True:
        begin
          if ((position - size) < 1) then
            size := ((position - size) + (size - 1));
          if (position > (l + 1)) then
          begin
            r := ((position - l) - 1);
            size := (size - r);
          end;
          Result := Copy(data, ((position - size) - r), size);
        end;
        False: Result := '';
      end;
    end;
    
    {==============================================================================]
      Explanation: Returns the string that is ahead from position in data, size being the length for result that is copied from position.
    [==============================================================================}
    function Ahead(data: string; position, size: Integer): string;
    var
      l: Integer;
    begin
      l := Length(data);
      case ((l > 0) and (position <= l) and (size > 0)) of
        True:
        begin
          if (position < 1) then
          begin
            size := (size - iAbs(position - 1));
            position := 1;
          end;
          if ((size > 0) and ((position + size) > l)) then
            size := (size - (((position + size) - l) - 1));
          Result := Copy(data, position, size);
        end;
        False: Result := '';
      end;
    end;
    
    {==============================================================================]
      Explanation: Returns all the positions of found/matching strings (findStr) in text.
                   Uses a set of TMatchMethod (methods) for string matching.
                   Contains field for offset.
    [==============================================================================}
    function FindEx(text, findStr: string; methods: TMatchMethods; offset: Integer): TIntegerArray;
    var
      sb, sa: string;
      r, l, f, o, p, d, x, y: Integer;
      re: TRegExp;
      ma, mb, a, s, ol: Boolean;
      c: TIntegerArray;
    begin
      l := Length(text);
      f := Length(findStr);
      if ((l > 0) and (f > 0) and (offset <= (l - f))) then
      begin
        if (offset < 1) then
          offset := 1;
        SetLength(Result, l);
        re := TRegExp.Create;
        re.InputString := text;
        re.Expression := findStr;
        if (mmIgnoreCase in methods) then
          re.ModifierI := True;
        a := (mmAll in methods);
        case a of
          False: re.ModifierG := True;
          True: re.ModifierG := False;
        end;
        ol := (mmOverlap in methods);
        if not ol then
          o := (Length(findStr) - 1);
        Inc(o);
        p := Offset;
        if re.ExecPos(p) then
        repeat
          if (re.Match[0] <> '') then
          begin
            Result[r] := re.MatchPos[0];
            p := (Result[r] + o);
            Inc(r);
          end;
        until not re.ExecPos(p);
        re.Free;
        SetLength(Result, r);
        if ((r > 0) and (mmWholeWords in methods)) then
        begin
          s := (mmStrictWW in methods);
          if not s then
            c := ATIAMerge([TIAByRange(Ord('A'), Ord('Z')), TIAByRange(Ord('a'), Ord('z')), TIAByRange(Ord('0'), Ord('9'))]);
          for x := (r - 1) downto 0 do
          begin
            sb := Behind(text, Result[x], 1);
            sa := Ahead(text, (Result[x] + f), 1);
            case s of
              True:
              begin
                case ol of
                  True:
                  case (x > 0) of
                    True:
                    case ((r - 1) > x) of
                      True: mb := ((((Result[(x + 1)] - Result[x]) <= f) or ((Result[x] - Result[(x - 1)]) <= f)) or ((sb = ' ') or (sb = '')));
                      False: mb := (((Result[x] - Result[(x - 1)]) <= f) or ((sb = ' ') or (sb = '')));
                    end;
                    False:
                    case ((r - 1) > x) of
                      True: mb := (((Result[(x + 1)] - Result[x]) <= f) or ((sb = ' ') or (sb = '')));
                      False: mb := ((sb = ' ') or (sb = ''));
                    end;
                  end;
                  False: mb := ((sb = ' ') or (sb = ''));
                end;
                case ol of
                  True:
                  case (x > 0) of
                    True:
                    case ((r - 1) > x) of
                      True: ma := ((((Result[(x + 1)] - Result[x]) <= f) or ((Result[x] - Result[(x - 1)]) <= f)) or ((sa = ' ') or (sa = '')));
                      False: ma := (((Result[x] - Result[(x - 1)]) <= f) or ((sa = ' ') or (sa = '')));
                    end;
                    False:
                    case ((r - 1) > x) of
                      True: ma := (((Result[(x + 1)] - Result[x]) <= f) or ((sa = ' ') or (sa = '')));
                      False: ma := ((sa = ' ') or (sa = ''));
                    end;
                  end;
                  False: ma := ((sa = ' ') or (sa = ''));
                end;
              end;
              False:
              begin
                case (sb <> '') of
                  True:
                  case ol of
                    True:
                    case (x > 0) of
                      True:
                      case ((r - 1) > x) of
                        True: mb := ((((Result[(x + 1)] - Result[x]) <= f) or ((Result[x] - Result[(x - 1)]) <= f)) or not InIntArray(c, Ord(sb[1])));
                        False: mb := (((Result[x] - Result[(x - 1)]) <= f) or not InIntArray(c, Ord(sb[1])));
                      end;
                      False:
                      case ((r - 1) > x) of
                        True: mb := (((Result[(x + 1)] - Result[x]) <= f) or not InIntArray(c, Ord(sb[1])));
                        False: mb := not InIntArray(c, Ord(sb[1]));
                      end;
                    end;
                    False: mb := not InIntArray(c, Ord(sb[1]));
                  end;
                  False: mb := True;
                end;
                case (sa <> '') of
                  True:
                  case ol of
                    True:
                    case (x > 0) of
                      True:
                      case ((r - 1) > x) of
                        True: ma := ((((Result[(x + 1)] - Result[x]) <= f) or ((Result[x] - Result[(x - 1)]) <= f)) or not InIntArray(c, Ord(sa[1])));
                        False: ma := (((Result[x] - Result[(x - 1)]) <= f) or not InIntArray(c, Ord(sa[1])));
                      end;
                      False:
                      case ((r - 1) > x) of
                        True: ma := (((Result[(x + 1)] - Result[x]) <= f) or not InIntArray(c, Ord(sa[1])));
                        False: ma := not InIntArray(c, Ord(sa[1]));
                      end;
                    end;
                    False: ma := not InIntArray(c, Ord(sa[1]));
                  end;
                  False: ma := True;
                end;
              end;
            end;
            if not (mb and ma) then
            begin
              y := (r - 1);
              for d := x to (y - 1) do
                Result[d] := Result[(d + 1)];
              SetLength(Result, y);
              Dec(r);
            end;
          end;
        end;
        if (not a and (r > 0)) then
          SetLength(Result, 1);
      end else
        SetLength(Result, 0);
    end;
    
    {==============================================================================]
      Explanation: Returns all the positions of found/matching strings (findStr) in text.
                   Uses a set of TMatchMethod (methods) for string matching.
                   Without offset field.
    [==============================================================================}
    function Find(text, findStr: string; methods: TMatchMethods): TIntegerArray;
    begin
      Result := FindEx(text, findStr, methods, 1);
    end;
    
    function CountString(s, str: string): Integer;
    begin
      Result := Length(Find(str, s, [mmAll, mmIgnoreCase, mmWholeWords]));
    end;
    
    (*
      Auther: Officer Barbrady
    *)
    Procedure PrintReport;
    Var
      Points:Integer;
    begin
      Points := (HTTPthreats+WebThreats+BadCode+Fishy);
      Writeln('==================Scan Results===================')
      Writeln('HTTP threats:' + ToStr(HTTPThreats));
      Writeln('Web threats:' + ToStr(WebThreats));
      Writeln('Fishy code:' + ToStr(Fishy));
      Writeln('Bad code:' + ToStr(BadCode));
      Writeln('Overall threats:' + ToStr(Points))
      case (threats) of
        0:    Writeln('Over Script Risk:None');
        1..2: Writeln('Over Script Risk:Low');
        3:    Writeln('Over Script Risk:Meduim');
        4..8: Writeln('Over Script Risk:High');
      end;
      Writeln('Thank you for using, always visit thread for updates')
    end;
    (*
      Auther: Officer Barbrady
    *)
    Procedure FindBadCode;
    begin
      Writeln('=========Looking for bad code =========')
      if FindTextC(lowercase('mmouse(x, y, 1, 1)')) or
      FindTextC('mouse(x, y, 1, 1)')then
      begin
        Writeln('found "mmouse(x, y, 1, 1) " [Risk level: Meduim], potential ban.');
        inc(BadCode);
        threats := threats+1;
      end;
      if not FindTextC(lowercase('random')) then
      begin
        Writeln('found no randomness in script [Risk level: Meduim], potential ban.');
        inc(BadCode)
        threats := threats+1;
      end;
      Writeln('=======================================')
    end;
    (*
      Auther: Officer Barbrady
    *)
    Procedure FindAbnormalCode;
    begin
      Writeln('=========Looking for Abnormal code =========')
      if (CountString('user', script_text)>1) then
      begin
        Writeln('The variable "User" is used more then once, [risk level Meduim]')
        Fishy := Fishy +1;
        threats := threats+1;
      end;
      if (CountString('name', script_text)>1) then
      begin
        Writeln('The variable "Name" is used more then once, [risk level Meduim]')
        Fishy := Fishy +1;
        threats := threats+1;
      end;
      if (CountString('pass', script_text)>1) then
      begin
        Writeln('The variable "Pass" is used more then once, [risk level Meduim]')
        Fishy := Fishy +1;
        threats := threats+1;
      end;
      if (CountString('pin', script_text)>1) then
      begin
        Writeln('The variable "pin" is used more then once, [risk level Meduim]')
        Fishy := Fishy +1;
        threats := threats+1;
      end;
      Writeln('===========================================')
    end;
    (*
      Auther: Officer Barbrady
    *)
    
    procedure FindHTTPThreats;
    begin
      Writeln('=========Looking for HTTP threats=========');
      if FindTextC(lowercase('addpost')) then
      begin
        Writeln('found "addpost" [Risk level: HIGH]');
        inc(HTTPThreats);
        threats := threats + 4
      end;
      if FindTextC(lowercase('GetPage')) then
      begin
        Writeln('found "GetPage" [Risk level: HIGH]');
        inc(HTTPThreats);
        threats := threats + 4
      end;
      if FindTextC(lowercase('posthttppage')) then
      begin
        Writeln('found "posthttppage" [Risk level: HIGH]');
        inc(HTTPThreats);
        threats := threats + 4;
      end;
      if FindTextC(lowercase('posthttppageex')) then
      begin
        Writeln('found "posthttppageexe" [Risk level: HIGH]');
        inc(HTTPThreats);
        threats := threats + 4
      end;
      if FindTextC(lowercase('openwebpage')) then
      begin
        Writeln('Found attempt to open webpage [Risk level: Meduim]');
        if FindTextMultiC(['meatspin', 'porn', 'xxx', '18', 'sunny']) then
        begin
          Writeln('Found adult content attempting to be opened via openpage [Risk level: Meduim-high]');
          inc(WebThreats);
          threats := threats + 3 exit;
        end;
      end;
    end;
    (*
      Auther: Officer Barbrady
    *)
    Procedure Scan;
    begin
      wait(500);
      FindHTTPThreats;
      wait(1500);
      FindAbnormalCode;
      wait(1500);
      FindBadCode;
      wait(1500);
      PrintReport;
    end;
    (*
      Auther: Officer Barbrady
    *)
    procedure OpenThread(Sender: TObject);
    begin
      OpenWebPage('http://villavu.com/forum/showthread.php?t=103408');
    end;
    (*
      Auther: Officer Barbrady
    *)
    procedure SaveFormInfo(Sender: TObject);
    begin
      DsgnForm.ModalResult := mrOk;
      Script_text := ScriptEdit.TEXT;
      pressed := true;
      DsgnForm.CLOSE;
    end;
    (*
      Auther: Officer Barbrady
    *)
    procedure InitForm;
    begin
      DsgnForm:=TForm.Create(nil);
      with DsgnForm do
        begin
          Caption:='Simba script scanner';
          Left:=377;
          Top:=380;
          Width:=750;
          Height:=460;
          Font.Name:=default;
          Font.Color:=clDefault;
          Font.Size:=0;
        end;
      ScriptEdit := TMemo.Create(DsgnForm);
        with ScriptEdit do
        begin
          Parent := DsgnForm;
          Left := 120;
          Top := 80;
          Width := 481;
          Height := 177;
          Font.Name := default;
          with ScriptEdit.Lines do Add('Paste script into this box, it will look for suspicious lines of code');
          ScrollBars := ssBoth;
          TabOrder := 0;
      end;
      TitleLabel:=TLabel.Create(DsgnForm);
      with TitleLabel do
        begin
          Parent:=DsgnForm;
          Caption:='Script scanner version 1.3';
          Left:=225;
          Top:=20;
          Width:=43;
          Height:=14;
          Font.Name:=default;
          Font.Color:=clDefault;
          Font.Size:=17;
      end;
      ScanButton:=TButton.Create(DsgnForm);
      with ScanButton do
        begin
          Parent:=DsgnForm;
          Caption:='Scan';
          Left:=175;
          Top:=300;
          Width:=150;
          Height:=25;
          Font.Size:=12;
          OnClick:=@SaveFormInfo
      end;
      UpdateButton:=TButton.Create(DsgnForm);
      with UpdateButton do
        begin
          Parent:=DsgnForm;
          Caption:='Update';
          Left:=400;
          Top:=300;
          Width:=150;
          Height:=25;
          Font.Size:=12;
          OnClick:=@OpenThread
      end;
    end;
    procedure SafeInitForm;
    var
      v: TVariantArray;
    begin
      setarraylength(V, 0);
      ThreadSafeCall('InitForm', v);
    end;
    
    
    procedure ShowFormModal;
    begin
      DsgnForm.ShowModal;
    end;
    
    
    procedure SafeShowFormModal;
    var
      v: TVariantArray;
    begin
      SetArrayLength(V, 0);
      ThreadSafeCall('ShowFormModal', v);
    end;
    
    begin
      SafeInitForm;
      SafeShowFormModal;
      if (pressed=true) then Scan;
    end.
    Let me know if it works better than earlier? It should at least pick up a little less false positives, but we will see, of course...

    -Jani

  16. #16
    Join Date
    Sep 2012
    Location
    Here.
    Posts
    2,007
    Mentioned
    88 Post(s)
    Quoted
    1014 Post(s)

    Default

    Quote Originally Posted by Officer Barbrady View Post
    Already did, it used addpostvar, not sure how I will be able to avoid false positives with shatters hams scripts though
    Mine didn't involve addpostvar at all. It used PostHTTPPage.
    I have also since found far more danger in the command [unspecified - pm me and I'll discuss a way to add a search for it in your code without making it an obvious technique for someone to use.]. Like full computer access and loss of far more than just runescape info.

  17. #17
    Join Date
    Sep 2010
    Posts
    5,762
    Mentioned
    136 Post(s)
    Quoted
    2739 Post(s)

    Default

    Quote Originally Posted by Kevin View Post
    Mine didn't involve addpostvar at all. It used PostHTTPPage.
    I have also since found far more danger in the command [unspecified - pm me and I'll discuss a way to add a search for it in your code without making it an obvious technique for someone to use.]. Like full computer access and loss of far more than just runescape info.
    Sure - this project is kind of open source you guys may as anything you like, and yes I think it finds posthttp ill update when I get home Monday night

    Double post - I am trying to get this into a extension so it can be accessed via simba menu
    Last edited by Justin; 05-30-2013 at 11:46 PM. Reason: Merged. No need for a double post.. The edit button exists for a reason...

  18. #18
    Join Date
    Mar 2008
    Posts
    426
    Mentioned
    1 Post(s)
    Quoted
    116 Post(s)

    Default

    Wow, this is really interesting.. You are a smart guy.

    I'll try to use it and see if i ever get something pop up..

  19. #19
    Join Date
    Feb 2012
    Location
    Canada
    Posts
    1,164
    Mentioned
    26 Post(s)
    Quoted
    433 Post(s)

    Default

    Very interesting.... Its funny how much free time you have. You are coming out with scripts like nobodies business!

  20. #20
    Join Date
    Sep 2010
    Posts
    5,762
    Mentioned
    136 Post(s)
    Quoted
    2739 Post(s)

    Default

    Quote Originally Posted by StickToTheScript View Post
    Very interesting.... Its funny how much free time you have. You are coming out with scripts like nobodies business!
    Haha thanks, But must of the smart stuff is by the people i mentioned, won't be able to work on your for, this week since I won't be at a computer

  21. #21
    Join Date
    Aug 2007
    Location
    Colorado
    Posts
    7,421
    Mentioned
    268 Post(s)
    Quoted
    1442 Post(s)

    Default

    Code:
    =========Looking for HTTP threats=========
    Found attempt to open webpage [Risk level: Meduim]
    Found adult content attempting to be opened via openpage [Risk level: Meduim-high]
    =========Looking for Abnormal code =========
    The variable "Name" is used more then once, [risk level Meduim]
    The variable "Pass" is used more then once, [risk level Meduim]
    ===========================================
    =========Looking for bad code =========
    =======================================
    ==================Scan Results===================
    HTTP threats:0
    Web threats:1
    Fishy code:2
    Bad code:0
    Overall threats:3
    Over Script Risk:High
    Thank you for using, always visit thread for updates
    Successfully executed.
    ^ Scanned Monkfishies. Now I understand the "Web threats" of using my CheckDirectories procedure which checks if SRL-OSR is installed, if not it asks the user if they wish to open the installation page. But the "User" and "Pass" being used twice is the beginning of the script where the user may enter their SRLStats name & pass; later these are used to actually setup SRLStats thus these two strings are used exactly twice in the script. And I couldn't help from laughing when the report said it found adult content. :S I can only think of it recognizing "18" somewhere in there.

    Neato utility though, just needs a few tweaks obviously.

    Current projects:
    [ AeroGuardians (GotR minigame), Motherlode Miner, Blast furnace ]

    "I won't fall in your gravity. Open your eyes,
    you're the Earth and I'm the sky..."


  22. #22
    Join Date
    Jun 2012
    Posts
    4,867
    Mentioned
    74 Post(s)
    Quoted
    1663 Post(s)

    Default

    Quote Originally Posted by Flight View Post
    Code:
    =========Looking for HTTP threats=========
    Found attempt to open webpage [Risk level: Meduim]
    Found adult content attempting to be opened via openpage [Risk level: Meduim-high]
    =========Looking for Abnormal code =========
    The variable "Name" is used more then once, [risk level Meduim]
    The variable "Pass" is used more then once, [risk level Meduim]
    ===========================================
    =========Looking for bad code =========
    =======================================
    ==================Scan Results===================
    HTTP threats:0
    Web threats:1
    Fishy code:2
    Bad code:0
    Overall threats:3
    Over Script Risk:High
    Thank you for using, always visit thread for updates
    Successfully executed.
    ^ Scanned Monkfishies. Now I understand the "Web threats" of using my CheckDirectories procedure which checks if SRL-OSR is installed, if not it asks the user if they wish to open the installation page. But the "User" and "Pass" being used twice is the beginning of the script where the user may enter their SRLStats name & pass; later these are used to actually setup SRLStats thus these two strings are used exactly twice in the script. And I couldn't help from laughing when the report said it found adult content. :S I can only think of it recognizing "18" somewhere in there.

    Neato utility though, just needs a few tweaks obviously.
    Haha nice adult content you have there

    I'm going to scan one of mine, wonder how that's going to go...

    Here's the scan of my booter:
    Code:
    Compiled successfully in 1466 ms.
    =========Looking for HTTP threats=========
    =========Looking for Abnormal code =========
    ===========================================
    =========Looking for bad code =========
    =======================================
    ==================Scan Results===================
    HTTP threats:0
    Web threats:0
    Fishy code:0
    Bad code:0
    Overall threats:0
    Over Script Risk:None
    Thank you for using, always visit thread for updates
    Successfully executed.
    Also scanned the script scanner itself, results:
    Code:
    Compiled successfully in 1684 ms.
    =========Looking for HTTP threats=========
    found "addpost" [Risk level: HIGH]
    found "GetPage" [Risk level: HIGH]
    found "posthttppage" [Risk level: HIGH]
    found "posthttppageexe" [Risk level: HIGH]
    Found attempt to open webpage [Risk level: Meduim]
    Found adult content attempting to be opened via openpage [Risk level: Meduim-high]
    =========Looking for Abnormal code =========
    The variable "pin" is used more then once, [risk level Meduim]
    ===========================================
    =========Looking for bad code =========
    found "mmouse(x, y, 1, 1) " [Risk level: Meduim], potential ban.
    =======================================
    ==================Scan Results===================
    HTTP threats:4
    Web threats:1
    Fishy code:1
    Bad code:1
    Overall threats:7
    Thank you for using, always visit thread for updates
    Successfully executed.

  23. #23
    Join Date
    Sep 2012
    Location
    Australia.
    Posts
    839
    Mentioned
    16 Post(s)
    Quoted
    225 Post(s)

    Default

    Quote Originally Posted by BMWxi View Post
    Haha nice adult content you have there

    I'm going to scan one of mine, wonder how that's going to go...

    Here's the scan of my booter:
    Code:
    Compiled successfully in 1466 ms.
    =========Looking for HTTP threats=========
    =========Looking for Abnormal code =========
    ===========================================
    =========Looking for bad code =========
    =======================================
    ==================Scan Results===================
    HTTP threats:0
    Web threats:0
    Fishy code:0
    Bad code:0
    Overall threats:0
    Over Script Risk:None
    Thank you for using, always visit thread for updates
    Successfully executed.
    Also scanned the script scanner itself, results:
    Code:
    Compiled successfully in 1684 ms.
    =========Looking for HTTP threats=========
    found "addpost" [Risk level: HIGH]
    found "GetPage" [Risk level: HIGH]
    found "posthttppage" [Risk level: HIGH]
    found "posthttppageexe" [Risk level: HIGH]
    Found attempt to open webpage [Risk level: Meduim]
    Found adult content attempting to be opened via openpage [Risk level: Meduim-high]
    =========Looking for Abnormal code =========
    The variable "pin" is used more then once, [risk level Meduim]
    ===========================================
    =========Looking for bad code =========
    found "mmouse(x, y, 1, 1) " [Risk level: Meduim], potential ban.
    =======================================
    ==================Scan Results===================
    HTTP threats:4
    Web threats:1
    Fishy code:1
    Bad code:1
    Overall threats:7
    Thank you for using, always visit thread for updates
    Successfully executed.
    Hmm, that script scanner seems to be unsafe! Hahaha, that's cool...

    My results:

    Progress Report:
    =========Looking for HTTP threats=========
    found "GetPage" [Risk level: HIGH]
    =========Looking for Abnormal code =========
    The variable "User" is used more then once, [risk level Meduim]
    The variable "Name" is used more then once, [risk level Meduim]
    The variable "Pass" is used more then once, [risk level Meduim]
    The variable "pin" is used more then once, [risk level Meduim]
    ===========================================
    =========Looking for bad code =========
    =======================================
    ==================Scan Results===================
    HTTP threats:1
    Web threats:0
    Fishy code:4
    Bad code:0
    Overall threats:5
    Over Script Risk:High
    Thank you for using, always visit thread for updates


    Damn you SRL Stats for making my script unsafe!

  24. #24
    Join Date
    Sep 2010
    Posts
    5,762
    Mentioned
    136 Post(s)
    Quoted
    2739 Post(s)

    Default

    Quote Originally Posted by Flight View Post
    Code:
    =========Looking for HTTP threats=========
    Found attempt to open webpage [Risk level: Meduim]
    Found adult content attempting to be opened via openpage [Risk level: Meduim-high]
    =========Looking for Abnormal code =========
    The variable "Name" is used more then once, [risk level Meduim]
    The variable "Pass" is used more then once, [risk level Meduim]
    ===========================================
    =========Looking for bad code =========
    =======================================
    ==================Scan Results===================
    HTTP threats:0
    Web threats:1
    Fishy code:2
    Bad code:0
    Overall threats:3
    Over Script Risk:High
    Thank you for using, always visit thread for updates
    Successfully executed.
    ^ Scanned Monkfishies. Now I understand the "Web threats" of using my CheckDirectories procedure which checks if SRL-OSR is installed, if not it asks the user if they wish to open the installation page. But the "User" and "Pass" being used twice is the beginning of the script where the user may enter their SRLStats name & pass; later these are used to actually setup SRLStats thus these two strings are used exactly twice in the script. And I couldn't help from laughing when the report said it found adult content. :S I can only think of it recognizing "18" somewhere in there.

    Neato utility though, just needs a few tweaks obviously.
    Yea, going to release massive overhaul next week, check the keywords for we page threat sits prob"sunny" that set it off, janibo has been helping me with a lot of string functions so big credits to him!

    Ill be getting rid of the Grading system instead it will just print out things that could be unsafe

  25. #25
    Join Date
    Dec 2011
    Location
    Hyrule
    Posts
    8,662
    Mentioned
    179 Post(s)
    Quoted
    1870 Post(s)

    Default

    I always knew Flight was a Pw stealing kind of guy....

    Seems nice I'm sure some will find it handy

Page 1 of 3 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •