dmknght · November 19, 2023 04:34
diff --git a/yr_find_creds.nim b/yr_find_creds.nim
 import .. / src / engine / libyara # Binding lib co san. Neu tai ve thi sua cho nay, lay binding o day https://github.com/dmknght/nimyara
 import strformat
 import os

 # Pass vao compiler de link voi thu vien Yara
 {.passL: "-lyara".}
 type
  COMPILER_RESULT = object
    errors: int
    warnings: int
  ScanData = object
    scan_path: string

 const
  YR_SCAN_TIMEOUT: cint = 1000000
  YR_RULE_FIND_SSH = "rule ssh_private_key { strings: $key_header = \"-----BEGIN OPENSSH PRIVATE KEY-----\" condition: $key_header at 0}"
  DIR_TO_SCAN = "~/.ssh/"


 proc yr_rules_report_errors*(error_level: cint; file_name: cstring; line_number: cint; rule: ptr YR_RULE; message: cstring; user_data: pointer) {.cdecl.} =
  if rule != nil:
    echo fmt"{message} at {file_name}:{line_number}"


 proc yara_scan_cb(context: ptr YR_SCAN_CONTEXT, message: cint, message_data: pointer, user_data: pointer): cint {.cdecl.} =
  #[
    Handle scan result from Yara engine
  ]#

  if message == CALLBACK_MSG_RULE_MATCHING:
    let
      scan_context = cast[ptr ScanData](user_data)
    echo "Matched: ", scan_context.scan_path


 proc main() =
  var
    compiler: ptr YR_COMPILER
    rules: ptr YR_RULES
    scan_context: ScanData
    compiler_result: COMPILER_RESULT
    setting_max_string = DEFAULT_MAX_STRINGS_PER_RULE

  #[
    Khoi tao Yara engine
  ]#
  if yr_initialize() != ERROR_SUCCESS:
    return
  if yr_compiler_create(addr(compiler)) != ERROR_SUCCESS:
    return

  #[
    Lay rule tu string va compile
  ]#
  discard yr_set_configuration(YR_CONFIG_MAX_STRINGS_PER_RULE, addr(setting_max_string))
  yr_compiler_set_callback(compiler, yr_rules_report_errors, addr(compiler_result))
  if yr_compiler_add_string(compiler, YR_RULE_FIND_SSH, "") != ERROR_SUCCESS:
    echo "Failed to compile rule from a string"
    return
  # Compile
  discard yr_compiler_get_rules(compiler, addr(rules))

  #[
    Doan nay handle scan
  ]#
  let
    absolute_path = expandTilde(DIR_TO_SCAN) # Handle HOME from shortname (demo nen viet vay cho nhanh). https://nim-lang.org/docs/os.html#expandTilde%2Cstring

  for path in walkDirRec(absolute_path):
    # cai scan_context dong vai tro nhu 1 struct de truyen du lieu qua callback
    scan_context.scan_path = path
    # Nen co doan check object type la pcFile, pcDir hay symlink gi do
    discard yr_rules_scan_file(rules, cstring(path), SCAN_FLAGS_FAST_MODE, yara_scan_cb, addr(scan_context), YR_SCAN_TIMEOUT)

  #[
    Free engine's memory
  ]#
  # finityara
  if compiler != nil:
    yr_compiler_destroy(compiler)
  if rules != nil:
    discard yr_rules_destroy(rules)
  discard yr_finalize()


 main()
	import .. / src / engine / libyara # Binding lib co san. Neu tai ve thi sua cho nay, lay binding o day https://github.com/dmknght/nimyara
	import strformat
	import os

	# Pass vao compiler de link voi thu vien Yara
	{.passL: "-lyara".}
	type
	COMPILER_RESULT = object
	errors: int
	warnings: int
	ScanData = object
	scan_path: string

	const
	YR_SCAN_TIMEOUT: cint = 1000000
	YR_RULE_FIND_SSH = "rule ssh_private_key { strings: $key_header = \"-----BEGIN OPENSSH PRIVATE KEY-----\" condition: $key_header at 0}"
	DIR_TO_SCAN = "~/.ssh/"


	proc yr_rules_report_errors*(error_level: cint; file_name: cstring; line_number: cint; rule: ptr YR_RULE; message: cstring; user_data: pointer) {.cdecl.} =
	if rule != nil:
	echo fmt"{message} at {file_name}:{line_number}"


	proc yara_scan_cb(context: ptr YR_SCAN_CONTEXT, message: cint, message_data: pointer, user_data: pointer): cint {.cdecl.} =
	#[
	Handle scan result from Yara engine
	]#

	if message == CALLBACK_MSG_RULE_MATCHING:
	let
	scan_context = cast[ptr ScanData](user_data)
	echo "Matched: ", scan_context.scan_path


	proc main() =
	var
	compiler: ptr YR_COMPILER
	rules: ptr YR_RULES
	scan_context: ScanData
	compiler_result: COMPILER_RESULT
	setting_max_string = DEFAULT_MAX_STRINGS_PER_RULE

	#[
	Khoi tao Yara engine
	]#
	if yr_initialize() != ERROR_SUCCESS:
	return
	if yr_compiler_create(addr(compiler)) != ERROR_SUCCESS:
	return

	#[
	Lay rule tu string va compile
	]#
	discard yr_set_configuration(YR_CONFIG_MAX_STRINGS_PER_RULE, addr(setting_max_string))
	yr_compiler_set_callback(compiler, yr_rules_report_errors, addr(compiler_result))
	if yr_compiler_add_string(compiler, YR_RULE_FIND_SSH, "") != ERROR_SUCCESS:
	echo "Failed to compile rule from a string"
	return
	# Compile
	discard yr_compiler_get_rules(compiler, addr(rules))

	#[
	Doan nay handle scan
	]#
	let
	absolute_path = expandTilde(DIR_TO_SCAN) # Handle HOME from shortname (demo nen viet vay cho nhanh). https://nim-lang.org/docs/os.html#expandTilde%2Cstring

	for path in walkDirRec(absolute_path):
	# cai scan_context dong vai tro nhu 1 struct de truyen du lieu qua callback
	scan_context.scan_path = path
	# Nen co doan check object type la pcFile, pcDir hay symlink gi do
	discard yr_rules_scan_file(rules, cstring(path), SCAN_FLAGS_FAST_MODE, yara_scan_cb, addr(scan_context), YR_SCAN_TIMEOUT)

	#[
	Free engine's memory
	]#
	# finityara
	if compiler != nil:
	yr_compiler_destroy(compiler)
	if rules != nil:
	discard yr_rules_destroy(rules)
	discard yr_finalize()


	main()