azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sync: auto-sync from HOWARD-HOME at 2026-06-21 20:56:44

Browse Source 
Author: Howard Enos
Machine: HOWARD-HOME
Timestamp: 2026-06-21 20:56:44
This commit is contained in:
Howard Enos
2026-06-21 20:57:10 -07:00
parent 924fa39b34
commit 8fde10c743
2 changed files with 191 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
.claude/scripts/guruscan-agent-test.sh
View File

@@ -23,6 +23,7 @@ set -u
TARGET="${1:-}"
PHASE="${2:-all}"
SCANNER_ARG="${3:-}"
if [ -z "$TARGET" ]; then
echo "[ERROR] Usage: bash guruscan-agent-test.sh <hostname|uuid> <prep|scan|collect|all>" >&2
@@ -530,11 +531,63 @@ PS
post_alert "[RMM] GuruScan verify-each on $AGENT_HOST complete - see per-engine detect/remove matrix"
}
# ===========================================================================
# scan-one <Scanner>: fully automated single-scanner test. ONE command does it
# all, hands-off: restore the malware-lab samples, clear stale cleanup state,
# run the scanner DETACHED + NO-CAP via the same path production uses, then
# collect and report (detections, removal, results.json, reboot-cleanup task).
# Mirrors how we proved Emsisoft -- no manual stitching.
# ===========================================================================
phase_scan_one() {
local scanner="${SCANNER_ARG:-HitmanPro}"
echo ""; echo "=== PHASE: scan-one ($scanner) - automated, detached, no-cap ==="
# Setup: free the mutex (kill any prior GuruScan run + scanner procs), clear
# stale cleanup task/state, and restore the malware lab samples.
local sf="$WORK_DIR/one_setup.ps1"
cat > "$sf" <<'PS'
$ErrorActionPreference='Continue'
Get-ScheduledTask -EA SilentlyContinue | Where-Object { $_.TaskName -like 'GuruScan-*' } | ForEach-Object { try{ Stop-ScheduledTask -TaskName $_.TaskName -EA SilentlyContinue }catch{}; try{ Unregister-ScheduledTask -TaskName $_.TaskName -Confirm:$false -EA SilentlyContinue }catch{} }
foreach($n in @('a2cmd','HitmanPro_x64','rkill','EmsisoftCommandlineScanner64')){ Get-Process -Name $n -EA SilentlyContinue | Stop-Process -Force -EA SilentlyContinue }
Start-Sleep 3
Get-ScheduledTask -TaskName 'GuruRMM-ScannerCleanup' -EA SilentlyContinue | Unregister-ScheduledTask -Confirm:$false -EA SilentlyContinue
Remove-Item 'C:\GuruScan\cleanup-state.json' -Force -EA SilentlyContinue
$zip = Get-ChildItem 'C:\Users\Owner\Downloads' -Filter '*.zip' -EA SilentlyContinue | Where-Object { $_.Name -match 'malware' } | Select-Object -First 1
if($zip){ Expand-Archive -Path $zip.FullName -DestinationPath 'C:\Users\Owner\Desktop' -Force -EA SilentlyContinue }
$n=(Get-ChildItem 'C:\Users\Owner\Desktop\malware-samples-master' -Recurse -File -EA SilentlyContinue).Count
Set-Content 'C:\GuruScan\_one_before.txt' $n
Write-Output ("setup done - malware samples present: $n")
PS
run_ps "$sf" 240 70 "setup" || { echo "[ERROR] setup failed"; return 1; }
# Run the scanner the production way: detached scheduled task, unlimited time.
gs_launch_detached "-Scanners $scanner -Headless" "one" || { echo "[ERROR] launch failed"; return 1; }
gs_wait_detached "one" "$scanner" || true
# Report the outcome (parsed from what GuruScan actually wrote).
local rf="$WORK_DIR/one_report.ps1"
cat > "$rf" <<'PS'
$ErrorActionPreference='Continue'
$before=Get-Content 'C:\GuruScan\_one_before.txt' -EA SilentlyContinue
$after=(Get-ChildItem 'C:\Users\Owner\Desktop\malware-samples-master' -Recurse -File -EA SilentlyContinue).Count
Write-Output ("samples: before=$before after=$after REMOVED=" + ([int]$before-[int]$after))
$d=Get-ChildItem 'C:\ScanLogs' -Directory -EA SilentlyContinue | Sort-Object LastWriteTime -Descending | Select-Object -First 1
if($d -and (Test-Path (Join-Path $d.FullName 'results.json'))){ $r=Get-Content (Join-Path $d.FullName 'results.json') -Raw|ConvertFrom-Json
Write-Output ('results.json -> total_threats=' + $r.total_threats + ' reboot_required=' + $r.reboot_required)
$r.scanners|ForEach-Object{ Write-Output (' ' + $_.name + ': exit=' + $_.exit_code + ' threats=' + $_.threats_found) } }
$ct=Get-ScheduledTask -TaskName 'GuruRMM-ScannerCleanup' -EA SilentlyContinue
if($ct){ Write-Output ('reboot-cleanup task -> REGISTERED (state=' + $ct.State + ', logon-delay=' + $ct.Triggers[0].Delay + ')') } else { Write-Output 'reboot-cleanup task -> NOT registered' }
PS
run_ps "$rf" 60 24 "report" || true
post_alert "[RMM] GuruScan automated scan-one ($scanner) complete on $AGENT_HOST"
}
case "$PHASE" in
prep) phase_prep ;;
scan) phase_scan ;;
scan-one) phase_scan_one ;;
collect) phase_collect ;;
verify-each) phase_verify_each ;;
all) phase_prep && phase_scan && phase_collect ;;
*) echo "[ERROR] Unknown phase '$PHASE' (prep|scan|collect|verify-each|all)" >&2; exit 1 ;;
*) echo "[ERROR] Unknown phase '$PHASE' (prep|scan|scan-one <Scanner>|collect|verify-each|all)" >&2; exit 1 ;;
esac