Heya, I’m unsure how many people are dealing with this and/or will use this. But if it helps anyone that’s all that really matters.
I’ve thrown together a quick “resource scanner” resource, it’s purpose is to go through stopped resources, find any hex encoded strings, and then warn you about their existence. This is quite a simple script, and there could be similar scripts out there that I don’t know about.
I found one script that does something similar, but it worked on started resources, and it’s detection was pattern based to target a more specefic set of exploits. This is a bit more generalized, and since the exploit that was brought to my attention “infects” other resources on the server, I’d rather have these checks performed before you have to start the script.
If you want to contribute to this, and maybe help improve the checks and such, feel free to do so! I’ll be reviewing any pull requests whenever I have the time.
Everything like checks, risks and usage is detailed in the github readme file. Please do read it through so you know what it does and how to use it!
It will write everything to an output.txt file upon completing it’s run. It’s also important to note that this isn’t meant as something you have running on your server at all times. It’s a tool for checking your scripts.
Hope this can be of help to you, I can’t promise any support for this release, but I’ll do my best to answer any questions I can.