News

First article about ScanPC

Me first article about ScanPC adapted from the original post from dev.to

ScanPC, your new (open source) tool for Windows compliance audits

Hi,
Let me introduce you to ScanPC, a useful Python script I have been developing since 2016. It aims to help you quickly assess a Windows computer with the gathering of information like :
    the user accounts list
    the password policy
    the share folders list
    the hardware configuration
    the OS version
    the network interfaces
    the Windows updates (KB) list
    the softwares installed
    the firewall state
    the processes list
    the services list
    the antivirus state
Those information are then showable in an HTML report.

Compatibility
You can run it on the following Microsoft Windows systems :
    XP x86
    7 x86 and x64
    10 x86 and x64
You don't even need to have Python installed on those computers !
Thanks to pyinstaller, you can compile the code into an executable.
You will just need them to have Visual C++ 2010 x86 (which is quite common).

Use case
You work in an IT Security team who do compliance audits.
Some of the computer you must assess are not connected to the network for verious reasons.
You put an executable of a compiled ScanPC on your auditor USB key and go scan those computers.

Demo scanpc_demo Interested ? : visit ScanPC project page !

You want to contribute or you find an issue : please pull a request or open an issue on its Github repo !

If you like this project, please share it and star it !
You can also buy me a coffee ;) !

PS : Be carreful when you put USB devices in one computer to one another, you should always check your USB key for viruses after each scan !
Thankfully, the usb devices cleaning station I have been developing at the same time, Decontamine will help you keep your keys clean.

First article about Decontamine_Linux

Me first article about Decontamine_Linux adapted from the original post from dev.to

Decontamine_Linux, your usb devices cleaning station

You are an IT security specialist in your firm and you are always wondering "How the heck can I limit virus spreading from USB devices in this damn information system ?"

Your boss won't let you buy this very expensive USB kiosk you saw during your last trip in a cyber security trade show ?

The tool I'm going to present you might be the solution !

Decontamine_Linux, a Python script I have been working on, aims to scan and clean your USB devices (keys, hard drives) from viruses. It can also scan CD/DVD in read only mode.
It automatically detects your devices, lets you choose the one you want to scan then runs scanning tools in multiple threads.

It asks you if you want to delete viruses and eventually generates a report you can read and save on your device.

Currently its compatible with 3 antivirus:
    Clamav
    Sophos
    F-Secure
I have been planning to add more and also add other (open source) scanning tools targeting specific files.

Use case
    Setup an hardening Debian system on a computer with antivirus and Decontamine_Linux
    Enable persistence of the script
    Kindly ask your colleagues, with the blessing of your boss, to systematically scan their USB devices before plugging in their computer
    Marvel about the decreased of security incidents related to USB devices in your company
Demo virus scan Interested ? : visit Decontamine_Linux project page !

You want to contribute or you find an issue : please pull a request or open an issue on its Github repo !

If you like this project, please share it and star it !
You can also buy me a coffee ;) !

PS : Why this name ? At the beginning, I created Decontamine to run on Windows (there are still running Windows Decontamine stations at the organization I originally developed it between 2015 and 2018), one day I realize it would be better to run it on Linux.
So, after this former employer had accepted this software to go open source, I have been rewriting everything especially for Linux.

PS2 : As a cybersecurity specialist, you should sensitize your colleagues to the hazardousness of USB devices !

Major update for Decontamine_Linux

Major update for Decontamine_Linux.
I made some improvements since January.

Here are the big changes :
  • multithreading scans (all tools scan at the same time)
  • viruses found will be displayed in a table at the end of the scan
  • user will be prompt to remove viruses at the end of the scan
  • rename modules, functions, variables, etc. according PEP8 convention
  • code cleaning
  • fully unmount and eject/power-off all type of devices at the end of the scan
Example of scanning result :
virus_numvirus_namevirus_type['ClamAV', 'F-Secure', 'Sophos']
1/media/dev/testkey/eicartestfileClamav.Test.File-7['X', 'X', 'X']
2/media/dev/testkey/virusTestClamav.Test.File-7['X', 'X', 'X']
3/media/dev/testkey/boot/zerrgzzazfbClamav.Test.File-7['X', 'X', 'X']
4/media/dev/testkey/boot/gfdFFezfClamav.Test.File-7['X', 'X', 'X']
This example shows that all the tools have detected 4 viruses.
[ 1 ] 2 3