MHaggis · May 16, 2024 20:09
diff --git a/CrushScanner.lua b/CrushScanner.lua
 local function file_exists(path)
    local file = io.open(path, "r")
    if file then
        file:close()
        return true
    end
    return false
 end

        print([[
             _                ___             _    ___ _____ ___   ___                            
            | |  _  _ __ _   / __|_ _ _  _ __| |_ | __|_   _| _ \ / __| __ __ _ _ _  _ _  ___ _ _ 
            | |_| || / _` | | (__| '_| || (_-< ' \| _|  | | |  _/ \__ \/ _/ _` | ' \| ' \/ -_) '_|
            |____\_,_\__,_|  \___|_|  \_,_/__/_||_|_|   |_| |_|   |___/\__\__,_|_||_|_||_\___|_|                                   
        ]])

 local function scan_file(fname)
    if file_exists(fname) then
        local file = io.open(fname, "r")
        local content = file:read("*all")
        file:close()

        if string.find(content, "<INCLUDE>") then
            for line in string.gmatch(content, "[^\n]+") do
                if string.find(line, "<INCLUDE>") then
                    -- Color codes
                    local red = "\27[31m"
                    local green = "\27[32m"
                    local reset = "\27[0m"
                    local warning_emoji = "\xF0\x9F\x9A\xA8"  -- 🚨
                    print(warning_emoji .. " " .. red .. "Traces of exploitation found here:" .. reset)
                    print(green .. fname .. reset)
                    print(green .. line .. reset)
                    print()
                end
            end
        end
    end
 end

 local function main(dir)
    if not file_exists(dir .. "/CrushFTP.jar") then
        print("[!] The following directory does not look like a CrushFTP installation folder: " .. dir)
        os.exit(1)
    end

    local log_files = {
        dir .. "/CrushFTP.log"
    }

    for file in io.popen("find " .. dir .. "/logs/session_logs -type f -name 'session_HTTP_*.log'"):lines() do
        table.insert(log_files, file)
    end

    for file in io.popen("find " .. dir .. "/logs -type f -name 'CrushFTP.log*'"):lines() do
        table.insert(log_files, file)
    end

    for _, fname in ipairs(log_files) do
        if fname ~= "" then
            scan_file(fname)
        end
    end
 end

 if arg[1] then
    main(arg[1])
 else
    print("Please provide the CrushFTP installation directory as a command-line argument.")
 end
	local function file_exists(path)
	local file = io.open(path, "r")
	if file then
	file:close()
	return true
	end
	return false
	end

	print([[
	_ ___ _ ___ _____ ___ ___
	\| \| _ _ __ _ / __\|_ _ _ _ __\| \|_ \| __\|_ _\| _ \ / __\| __ __ _ _ _ _ _ ___ _ _
	\| \|_\| \|\| / _` \| \| (__\| '_\| \|\| (_-< ' \\| _\| \| \| \| _/ \__ \/ _/ _` \| ' \\| ' \/ -_) '_\|
	\|____\_,_\__,_\| \___\|_\| \_,_/__/_\|\|_\|_\| \|_\| \|_\| \|___/\__\__,_\|_\|\|_\|_\|\|_\___\|_\|
	]])

	local function scan_file(fname)
	if file_exists(fname) then
	local file = io.open(fname, "r")
	local content = file:read("*all")
	file:close()

	if string.find(content, "<INCLUDE>") then
	for line in string.gmatch(content, "[^\n]+") do
	if string.find(line, "<INCLUDE>") then
	-- Color codes
	local red = "\27[31m"
	local green = "\27[32m"
	local reset = "\27[0m"
	local warning_emoji = "\xF0\x9F\x9A\xA8" -- 🚨
	print(warning_emoji .. " " .. red .. "Traces of exploitation found here:" .. reset)
	print(green .. fname .. reset)
	print(green .. line .. reset)
	print()
	end
	end
	end
	end
	end

	local function main(dir)
	if not file_exists(dir .. "/CrushFTP.jar") then
	print("[!] The following directory does not look like a CrushFTP installation folder: " .. dir)
	os.exit(1)
	end

	local log_files = {
	dir .. "/CrushFTP.log"
	}

	for file in io.popen("find " .. dir .. "/logs/session_logs -type f -name 'session_HTTP_*.log'"):lines() do
	table.insert(log_files, file)
	end

	for file in io.popen("find " .. dir .. "/logs -type f -name 'CrushFTP.log*'"):lines() do
	table.insert(log_files, file)
	end

	for _, fname in ipairs(log_files) do
	if fname ~= "" then
	scan_file(fname)
	end
	end
	end

	if arg[1] then
	main(arg[1])
	else
	print("Please provide the CrushFTP installation directory as a command-line argument.")
	end