Wednesday, January 30, 2008

30-second Malware Gathering Tool

A few months ago I was trying to automate the retrieval and analysis of JavaScript exploits from a site that was designed to target vulnerable browsers. It was reading User-Agent header strings on the server side and only serving exploits to vulnerable versions of IE and displaying ads to everybody else. So my attempts to script the get-and-grep analysis I was doing weren't working with curl or wget. So I wrote this:

#!/bin/sh -f
if [ $1x = x ]; then
echo "Usage: $0 [url]"
exit
fi
/usr/bin/wget -U "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; InfoPath.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)" $1


All it does is pass url to wget while wget uses an IE6 User-Agent string when it makes its request. Nothing fancy, but it was worth the 30 seconds it took me to whip it up.

No comments: