Orginal Test.

Language: Python | Created: 1 week ago | By: HUTAOSHUSBAND

A d m i n i s t r a t o r

Options: [Raw View]

import tkinter as tk
from tkinter import ttk, scrolledtext, messagebox
import os
import sys
import platform
import ctypes
import subprocess
import psutil
try:
    import winreg
except ImportError:
    winreg = None
import time
from datetime import datetime
import threading

class SecurityChecker:
    def __init__(self):
        self.detection_results = {}
        self.is_safe = True
        self.log_messages = []
        
    def log(self, message):
        timestamp = datetime.now().strftime("%H:%M:%S")
        log_entry = f"[{timestamp}] {message}"
        self.log_messages.append(log_entry)
        print(log_entry)
        
    def check_debugger(self):
        """Überprüft auf aktive Debugger"""
        detected = False
        self.log("\n" + "="*60)
        self.log("🔍 Debugger-Erkennung")
        self.log("="*60)
        
        # Windows Debugger Check
        if sys.platform == 'win32':
            try:
                if ctypes.windll.kernel32.IsDebuggerPresent():
                    self.log("⚠️ WARNUNG: IsDebuggerPresent() hat einen Debugger erkannt!")
                    detected = True
                else:
                    self.log("✅ IsDebuggerPresent() - Kein Debugger erkannt")
            except:
                self.log("ℹ️ IsDebuggerPresent() nicht verfügbar")
        
        # Process Name Check
        debugger_names = ['ida', 'ida64', 'ollydbg', 'x64dbg', 'x32dbg', 
                         'windbg', 'gdb', 'processhacker', 'cheatengine',
                         'immunity', 'radare2', 'ghidra']
        
        for proc in psutil.process_iter(['name']):
            try:
                proc_name = proc.info['name'].lower()
                for dbg in debugger_names:
                    if dbg in proc_name:
                        self.log(f"⚠️ WARNUNG: Debugger-Prozess gefunden: {proc.info['name']}")
                        detected = True
            except:
                pass
        
        if not detected:
            self.log("✅ Keine bekannten Debugger-Prozesse gefunden")
        
        self.detection_results['debugger'] = detected
        if detected:
            self.is_safe = False
        
        time.sleep(0.5)
            
    def check_vm(self):
        """Überprüft auf virtuelle Maschinen"""
        detected = False
        self.log("\n" + "="*60)
        self.log("🔍 VM-Erkennung")
        self.log("="*60)
        
        # BIOS Manufacturer
        try:
            manufacturer = platform.system()
            self.log(f"ℹ️ System: {manufacturer}")
            
            if sys.platform == 'win32':
                result = subprocess.check_output(
                    'wmic bios get manufacturer', 
                    shell=True,
                    stderr=subprocess.DEVNULL
                ).decode()
                
                vm_signs = ['vmware', 'virtualbox', 'qemu', 'xen', 'hyper-v', 'kvm', 'parallels']
                for sign in vm_signs:
                    if sign in result.lower():
                        self.log(f"⚠️ WARNUNG: VM-Signatur gefunden in BIOS: {sign}")
                        detected = True
        except:
            self.log("ℹ️ BIOS-Info konnte nicht abgerufen werden")
        
        # CPU Count Check
        cpu_count = psutil.cpu_count()
        self.log(f"ℹ️ CPU Kerne: {cpu_count}")
        if cpu_count < 2:
            self.log("⚠️ WARNUNG: Ungewöhnlich wenige CPU-Kerne (VM-Indikator)")
            detected = True
        
        # RAM Check
        ram_gb = psutil.virtual_memory().total / (1024**3)
        self.log(f"ℹ️ RAM: {ram_gb:.2f} GB")
        if ram_gb < 4:
            self.log("⚠️ WARNUNG: Wenig RAM (möglicher VM-Indikator)")
            detected = True
        
        # MAC Address Check
        try:
            import uuid
            mac = ':'.join(['{:02x}'.format((uuid.getnode() >> elements) & 0xff) 
                           for elements in range(0,2*6,2)][::-1])
            
            vm_macs = ['00:05:69', '00:0c:29', '00:1c:14', '00:50:56', '08:00:27']
            for vm_mac in vm_macs:
                if mac.startswith(vm_mac):
                    self.log(f"⚠️ WARNUNG: VM MAC-Adresse erkannt: {mac}")
                    detected = True
                    break
            
            if not detected:
                self.log(f"✅ MAC-Adresse scheint legitim: {mac}")
        except:
            self.log("ℹ️ MAC-Adresse konnte nicht überprüft werden")
        
        if not detected:
            self.log("✅ Keine VM-Indikatoren gefunden")
            
        self.detection_results['vm'] = detected
        if detected:
            self.is_safe = False
        
        time.sleep(0.5)
            
    def check_sandbox(self):
        """Überprüft auf Sandbox-Umgebungen"""
        detected = False
        self.log("\n" + "="*60)
        self.log("🔍 Sandbox-Erkennung")
        self.log("="*60)
        
        # File System Checks
        sandbox_files = [
            r'C:\analysis',
            r'C:\sandbox',
            r'C:\cwsandbox',
            r'C:\sample',
            r'C:\virus',
            r'C:\malware'
        ]
        
        for path in sandbox_files:
            if os.path.exists(path):
                self.log(f"⚠️ WARNUNG: Sandbox-Ordner gefunden: {path}")
                detected = True
        
        # User Check
        username = os.getenv('USERNAME', 'unknown')
        self.log(f"ℹ️ Benutzername: {username}")
        
        sandbox_users = ['sandbox', 'malware', 'virus', 'sample', 'test', 'currentuser']
        if any(sand in username.lower() for sand in sandbox_users):
            self.log(f"⚠️ WARNUNG: Verdächtiger Benutzername: {username}")
            detected = True
        
        # Computer Name Check
        computer_name = os.getenv('COMPUTERNAME', 'unknown')
        self.log(f"ℹ️ Computer Name: {computer_name}")
        
        # Uptime Check
        try:
            boot_time = datetime.fromtimestamp(psutil.boot_time())
            uptime = datetime.now() - boot_time
            self.log(f"ℹ️ System-Uptime: {uptime}")
            
            if uptime.total_seconds() < 600:  # 10 Minuten
                self.log("⚠️ WARNUNG: System kürzlich gestartet (Sandbox-Indikator)")
                detected = True
        except:
            self.log("ℹ️ Uptime konnte nicht ermittelt werden")
        
        # Temp Files Check
        temp_files = os.listdir(os.environ.get('TEMP', '/tmp'))
        self.log(f"ℹ️ Temporäre Dateien: {len(temp_files)}")
        if len(temp_files) < 10:
            self.log("⚠️ WARNUNG: Sehr wenige temporäre Dateien (Sandbox-Indikator)")
            detected = True
        
        if not detected:
            self.log("✅ Keine Sandbox-Indikatoren gefunden")
            
        self.detection_results['sandbox'] = detected
        if detected:
            self.is_safe = False
        
        time.sleep(0.5)
            
    def check_processes(self):
        """Analysiert laufende Prozesse"""
        detected = False
        self.log("\n" + "="*60)
        self.log("🔍 Prozess-Analyse")
        self.log("="*60)
        
        suspicious_processes = [
            'wireshark', 'fiddler', 'tcpdump', 'processhacker',
            'procexp', 'procmon', 'autoruns', 'vboxservice',
            'vmtoolsd', 'vmwareuser', 'vmwaretray', 'vmusrvc',
            'df5serv', 'vboxtray'
        ]
        
        found_procs = []
        for proc in psutil.process_iter(['name']):
            try:
                proc_name = proc.info['name'].lower()
                for susp in suspicious_processes:
                    if susp in proc_name:
                        found_procs.append(proc.info['name'])
                        detected = True
            except:
                pass
        
        if found_procs:
            self.log(f"⚠️ WARNUNG: Verdächtige Prozesse gefunden: {', '.join(set(found_procs))}")
        else:
            self.log("✅ Keine verdächtigen Prozesse gefunden")
        
        # Process Count
        proc_count = len(list(psutil.process_iter()))
        self.log(f"ℹ️ Laufende Prozesse: {proc_count}")
        
        if proc_count < 50:
            self.log("⚠️ WARNUNG: Ungewöhnlich wenige Prozesse (mögliche Sandbox)")
            detected = True
            
        self.detection_results['processes'] = detected
        if detected:
            self.is_safe = False
        
        time.sleep(0.5)
            
    def check_registry(self):
        """Überprüft Windows Registry (nur Windows)"""
        self.log("\n" + "="*60)
        self.log("🔍 Registry-Analyse")
        self.log("="*60)
        
        if sys.platform != 'win32' or winreg is None:
            self.log("ℹ️ Registry-Check nur unter Windows verfügbar")
            return
        
        detected = False
        
        vm_registry_keys = [
            (winreg.HKEY_LOCAL_MACHINE, r"SYSTEM\CurrentControlSet\Services\VBoxGuest"),
            (winreg.HKEY_LOCAL_MACHINE, r"SYSTEM\CurrentControlSet\Services\VBoxMouse"),
            (winreg.HKEY_LOCAL_MACHINE, r"SYSTEM\CurrentControlSet\Services\VBoxSF"),
            (winreg.HKEY_LOCAL_MACHINE, r"SYSTEM\CurrentControlSet\Services\VMTools"),
            (winreg.HKEY_LOCAL_MACHINE, r"SOFTWARE\VMware, Inc.\VMware Tools"),
            (winreg.HKEY_LOCAL_MACHINE, r"SOFTWARE\Oracle\VirtualBox Guest Additions"),
        ]
        
        for hkey, subkey in vm_registry_keys:
            try:
                winreg.OpenKey(hkey, subkey)
                self.log(f"⚠️ WARNUNG: VM Registry-Key gefunden: {subkey}")
                detected = True
            except:
                pass
        
        if not detected:
            self.log("✅ Keine VM Registry-Keys gefunden")
            
        self.detection_results['registry'] = detected
        if detected:
            self.is_safe = False
        
        time.sleep(0.5)
            
    def check_hardware(self):
        """Überprüft Hardware-Merkmale"""
        detected = False
        self.log("\n" + "="*60)
        self.log("🔍 Hardware-Analyse")
        self.log("="*60)
        
        # Disk Size
        disk_usage = psutil.disk_usage('/')
        disk_gb = disk_usage.total / (1024**3)
        self.log(f"ℹ️ Festplattengröße: {disk_gb:.2f} GB")
        
        if disk_gb < 60:
            self.log("⚠️ WARNUNG: Kleine Festplatte (VM-Indikator)")
            detected = True
        
        # Screen Resolution
        try:
            if sys.platform == 'win32':
                user32 = ctypes.windll.user32
                width = user32.GetSystemMetrics(0)
                height = user32.GetSystemMetrics(1)
                self.log(f"ℹ️ Bildschirmauflösung: {width}x{height}")
                
                if width < 1024 or height < 768:
                    self.log("⚠️ WARNUNG: Niedrige Auflösung (VM-Indikator)")
                    detected = True
        except:
            self.log("ℹ️ Bildschirmauflösung konnte nicht ermittelt werden")
        
        # Check for multiple physical drives
        try:
            partitions = psutil.disk_partitions()
            self.log(f"ℹ️ Anzahl Laufwerke: {len(partitions)}")
        except:
            pass
        
        if not detected:
            self.log("✅ Hardware-Checks bestanden")
            
        self.detection_results['hardware'] = detected
        if detected:
            self.is_safe = False
        
        time.sleep(0.5)
            
    def check_timing(self):
        """Überprüft Timing-Anomalien"""
        detected = False
        self.log("\n" + "="*60)
        self.log("🔍 Timing-Checks")
        self.log("="*60)
        
        # CPU Timing Check
        start = time.time()
        time.sleep(1)
        elapsed = time.time() - start
        
        self.log(f"ℹ️ Sleep-Time: {elapsed:.3f} Sekunden")
        
        if abs(elapsed - 1.0) > 0.5:
            self.log("⚠️ WARNUNG: Timing-Anomalie erkannt (Sandbox-Indikator)")
            detected = True
        else:
            self.log("✅ Timing-Check bestanden")
            
        # RDTSC Check (CPU Cycle Counter)
        try:
            if sys.platform == 'win32':
                self.log("ℹ️ Führe RDTSC-Check durch...")
                # Einfacher Timing-Check für CPU-Zyklen
                start_perf = time.perf_counter()
                for _ in range(1000000):
                    pass
                end_perf = time.perf_counter()
                perf_time = end_perf - start_perf
                self.log(f"ℹ️ Performance Counter: {perf_time:.6f} Sekunden")
        except:
            self.log("ℹ️ Erweiterte Timing-Checks nicht verfügbar")
            
        self.detection_results['timing'] = detected
        if detected:
            self.is_safe = False
        
        time.sleep(0.5)
    
    def check_windows_specific(self):
        """Windows-spezifische Checks"""
        if sys.platform != 'win32':
            return
            
        detected = False
        self.log("\n" + "="*60)
        self.log("🔍 Windows-spezifische Checks")
        self.log("="*60)
        
        try:
            # Check für Remote Debugging
            if ctypes.windll.kernel32.CheckRemoteDebuggerPresent(ctypes.windll.kernel32.GetCurrentProcess(), False):
                self.log("⚠️ WARNUNG: Remote Debugger erkannt!")
                detected = True
            else:
                self.log("✅ Kein Remote Debugger erkannt")
        except:
            self.log("ℹ️ Remote Debugger Check nicht verfügbar")
        
        self.detection_results['windows_specific'] = detected
        if detected:
            self.is_safe = False
        
        time.sleep(0.5)
        
    def run_all_checks(self):
        """Führt alle Sicherheits-Checks aus"""
        self.log("\n" + "="*70)
        self.log("🔒 SICHERHEITSÜBERPRÜFUNG GESTARTET")
        self.log("="*70)
        self.log(f"Datum: {datetime.now().strftime('%d.%m.%Y %H:%M:%S')}")
        self.log(f"System: {platform.system()} {platform.release()}")
        self.log(f"Hostname: {platform.node()}")
        
        checks = [
            self.check_debugger,
            self.check_vm,
            self.check_sandbox,
            self.check_processes,
            self.check_registry,
            self.check_hardware,
            self.check_timing,
            self.check_windows_specific,
        ]
        
        for check in checks:
            try:
                check()
            except Exception as e:
                self.log(f"❌ Fehler bei {check.__name__}: {str(e)}")
        
        self.print_summary()
        
    def print_summary(self):
        """Gibt die Zusammenfassung aus"""
        self.log("\n" + "="*70)
        self.log("📊 SCAN ABGESCHLOSSEN")
        self.log("="*70)
        
        total_checks = len(self.detection_results)
        failed_checks = sum(self.detection_results.values())
        
        self.log(f"Durchgeführte Tests: {total_checks}")
        self.log(f"Erkannte Bedrohungen: {failed_checks}")
        self.log(f"Status: {'🔴 UNSICHERE UMGEBUNG' if not self.is_safe else '🟢 SICHERE UMGEBUNG'}")
        
        self.log("\nDetails:")
        for check, result in self.detection_results.items():
            status = "❌ Erkannt" if result else "✅ Sicher"
            self.log(f"  - {check.replace('_', ' ').capitalize()}: {status}")
        
        self.log("\n" + "="*70)
        
    def write_output_file(self):
        """Schreibt eine Ausgabedatei wenn sicher"""
        try:
            timestamp = datetime.now().strftime("%Y%m%d_%H%M%S")
            filename = f"security_check_{timestamp}.txt"
            
            with open(filename, 'w', encoding='utf-8') as f:
                f.write("="*70 + "\n")
                f.write("SICHERHEITSÜBERPRÜFUNG ERFOLGREICH\n")
                f.write("="*70 + "\n\n")
                f.write(f"Datum: {datetime.now().strftime('%d.%m.%Y %H:%M:%S')}\n")
                f.write(f"System: {platform.system()} {platform.release()}\n")
                f.write(f"Hostname: {platform.node()}\n\n")
                f.write("Status: SICHER ✅\n")
                f.write("Keine Debugger, VMs oder Sandboxen erkannt.\n\n")
                f.write("Überprüfte Kategorien:\n")
                for check, result in self.detection_results.items():
                    f.write(f"  - {check.replace('_', ' ').capitalize()}: {'❌ Erkannt' if result else '✅ Sicher'}\n")
                
                f.write("\n" + "="*70 + "\n")
                f.write("VOLLSTÄNDIGES LOG:\n")
                f.write("="*70 + "\n\n")
                for log_msg in self.log_messages:
                    f.write(log_msg + "\n")
            
            abs_path = os.path.abspath(filename)
            self.log(f"\n✅ Datei erfolgreich erstellt: {filename}")
            self.log(f"📁 Pfad: {abs_path}")
            return abs_path
            
        except Exception as e:
            self.log(f"\n❌ Fehler beim Schreiben der Datei: {str(e)}")
            return None

class ResultsGUI:
    def __init__(self, checker):
        self.checker = checker
        try:
             self.root = tk.Tk()
             self.root.title("Security Check - Ergebnisse")
             self.root.geometry("1000x750")
             self.root.configure(bg="#2b2b2b")
             self.setup_gui()
        except Exception as e:
             print(f"GUI initialization failed (expected in headless env): {e}")
             self.root = None

def setup_gui(self):
        # Header
        status_color = "#00ff00" if self.checker.is_safe else "#ff0000"
        status_text = "🟢 SICHERE UMGEBUNG" if self.checker.is_safe else "🔴 UNSICHERE UMGEBUNG"
        
        header = tk.Label(
            self.root, 
            text="🔒 Sicherheitsüberprüfung Abgeschlossen", 
            font=("Arial", 20, "bold"),
            bg="#2b2b2b",
            fg="#ffffff"
        )
        header.pack(pady=15)
        
        status_frame = tk.Frame(self.root, bg="#2b2b2b")
        status_frame.pack(pady=10)
        
        status_label = tk.Label(
            status_frame,
            text=status_text,
            font=("Arial", 16, "bold"),
            bg="#2b2b2b",
            fg=status_color
        )
        status_label.pack()
        
        # Statistics Frame
        stats_frame = tk.Frame(self.root, bg="#3b3b3b", relief=tk.RAISED, borderwidth=2)
        stats_frame.pack(pady=15, padx=20, fill=tk.X)
        
        total_checks = len(self.checker.detection_results)
        failed_checks = sum(self.checker.detection_results.values())
        passed_checks = total_checks - failed_checks
        
        stats_text = f"Tests: {total_checks}  |  Bestanden: {passed_checks}  |  Bedrohungen: {failed_checks}"
        stats_label = tk.Label(
            stats_frame,
            text=stats_text,
            font=("Arial", 12, "bold"),
            bg="#3b3b3b",
            fg="#ffffff",
            pady=10
        )
        stats_label.pack()
        
        # Results Text Area
        results_label = tk.Label(
            self.root,
            text="📋 Detaillierte Ergebnisse:",
            font=("Arial", 12, "bold"),
            bg="#2b2b2b",
            fg="#ffffff"
        )
        results_label.pack(pady=(10, 5))
        
        self.results_text = scrolledtext.ScrolledText(
            self.root,
            width=115,
            height=28,
            font=("Courier", 9),
            bg="#1e1e1e",
            fg="#00ff00",
            insertbackground="white"
        )
        self.results_text.pack(padx=20, pady=5)
        
        # Display all log messages
        for log_msg in self.checker.log_messages:
            self.results_text.insert(tk.END, log_msg + "\n")
        
        self.results_text.config(state=tk.DISABLED)
        
        # Buttons Frame
        button_frame = tk.Frame(self.root, bg="#2b2b2b")
        button_frame.pack(pady=15)
        
        if self.checker.is_safe:
            write_button = tk.Button(
                button_frame,
                text="💾 Datei schreiben",
                command=self.write_file,
                font=("Arial", 12, "bold"),
                bg="#4CAF50",
                fg="white",
                padx=20,
                pady=10,
                cursor="hand2"
            )
            write_button.pack(side=tk.LEFT, padx=10)
        
        close_button = tk.Button(
            button_frame,
            text="❌ Beenden",
            command=self.root.quit,
            font=("Arial", 12),
            bg="#f44336",
            fg="white",
            padx=20,
            pady=10,
            cursor="hand2"
        )
        close_button.pack(side=tk.LEFT, padx=10)
        
    def write_file(self):
        filepath = self.checker.write_output_file()
        if filepath:
            messagebox.showinfo(
                "Erfolg",
                f"✅ Datei erfolgreich erstellt!\n\n{filepath}"
            )
        else:
            messagebox.showerror(
                "Fehler",
                "❌ Fehler beim Schreiben der Datei!"
            )
    
    def run(self):
        if self.root:
            self.root.mainloop()
        else:
            print("Skipping GUI mainloop due to headless environment.")

def main():
    print("\n" + "="*70)
    print("🔒 SICHERHEITSÜBERPRÜFUNG WIRD GESTARTET...")
    print("="*70)
    print("Bitte warten Sie, während die Checks durchgeführt werden...\n")
    
    # Führe alle Checks im Hintergrund aus
    checker = SecurityChecker()
    checker.run_all_checks()
    
    print("\n" + "="*70)
    print("✅ Alle Checks abgeschlossen!")
    print("="*70)
    
    if checker.is_safe:
        print("\n🟢 Keine Bedrohungen erkannt - Umgebung ist sicher!")
        print("GUI wird geöffnet...\n")
    else:
        print("\n🔴 WARNUNG: Bedrohungen erkannt!")
        print("GUI wird mit Ergebnissen geöffnet...\n")
    
    time.sleep(2)
    
    # Zeige GUI mit Ergebnissen
    gui = ResultsGUI(checker)
    gui.run()

if __name__ == "__main__":
    main()