admin/ghost
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

integrate detection engine into CLI

Browse Source
This commit is contained in:
Adir Shitrit
2025-11-07 18:08:21 +02:00
parent c79e7d6ed6
commit 5c524b14ba
1 changed files with 37 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
ghost-cli/src/main.rs
View File

@@ -1,28 +1,54 @@
use anyhow::Result;
use ghost_core::{memory, process};
use ghost_core::{memory, process, DetectionEngine, ThreatLevel};
fn main() -> Result<()> {
env_logger::init();
println!("Ghost - Process Injection Detection\n");
println!("Ghost v0.1.0 - Process Injection Detection\n");
let mut engine = DetectionEngine::new();
let processes = process::enumerate_processes()?;
println!("Found {} processes\n", processes.len());
for proc in processes.iter().take(10) {
println!("{}", proc);
println!("Scanning {} processes...\n", processes.len());
let mut detections = Vec::new();
for proc in &processes {
if let Ok(regions) = memory::enumerate_memory_regions(proc.pid) {
let rwx_regions: Vec<_> = regions
.iter()
.filter(|r| r.protection == ghost_core::MemoryProtection::ReadWriteExecute)
.collect();
let result = engine.analyze_process(proc, &regions);
if !rwx_regions.is_empty() {
println!(" RWX regions: {}", rwx_regions.len());
if result.threat_level != ThreatLevel::Clean {
detections.push(result);
}
}
}
if detections.is_empty() {
println!("No suspicious activity detected.");
} else {
println!("Found {} suspicious processes:\n", detections.len());
for detection in detections {
let level_str = match detection.threat_level {
ThreatLevel::Suspicious => "SUSPICIOUS",
ThreatLevel::Malicious => "MALICIOUS",
_ => "CLEAN",
};
println!(
"[{}] {} (PID: {}) - Confidence: {:.1}%",
level_str,
detection.process.name,
detection.process.pid,
detection.confidence * 100.0
);
for indicator in &detection.indicators {
println!(" - {}", indicator);
}
println!();
}
}
Ok(())
}