We have made an electron app which uses chokidar to constantly watch for filesystem changes. On any filesystem change (addition/modification), it scans the modified files for any malicious content.
Two engines have been implemented for scanning-
- Static Hash Analysis: Highly efficient and highly accurate (has practically no false positives) but a complex enough malware can fool this engine by modifying its file contents without making any significant change to the overall code, just enough to change it's hash.
- Yara Rules Engine: A smarter way to check for threats, leveraging pattern matching, it can even detect the malware if it made some modifications to itself or malware embedded into other files. However, it is very CPU intensive, especially when dealing with a large number of files.
This is powered by Electron.js to build a cross platform yet native app for various platforms- Windows, Linux, Mac and more. The frontend is made with SvelteKit with adapter-static to prerender it to plain HTML, CSS and Vanilla JS which electron can then use. The backend is made on NodeJS by the APIs provided by Electron.js itself. both frontend and backend communicate with each other using APIs of ipcMain provided by electron.
For setting the download env locally-
- Clone the project locally
# for http clone git clone "https://github.com/code-IM-perfect/pwnedraccoons-depwner.git"
# for ssh authentication git clone [email protected]:code-IM-perfect/pwnedraccoons-depwner.git
- Install dependencies contained in
package.jsonwith npmcd pwnedraccoons-depwner && npm install
- Our extensive hash database couldn't be added to this repo due to size constraint, but it is available here
Please download and place it atscanner/malware_hashes_full.dbbefore jumping to any further steps.
We have included a convinience script build:electron, which handles the build and preview process for you.
npm run build:electronThis takes files from the build directory, so make sure to build the project every time your frontend source code (sveltekit part) is changed.
npm run buildFor previewing the native app generated by electron, you can use the electron script in package.json
npm run electronOr if you have the electron package installed on your system and have it in your path, simply run
electron .For previewing changes with hot reloading (on browser) you can use the dev script inside package.json. This is useful when working on the frontend, when you don't want to build the project again and again, and just want a quick way to preview frontend changes.
npm run dev