ghost-cli/src/main.rs

use anyhow::Result;
use clap::{Arg, Command};
use ghost_core::{memory, process, thread, DetectionEngine, ThreatLevel};
use std::time::Instant;

fn main() -> Result<()> {
    env_logger::init();

    let matches = Command::new("ghost")
        .version("0.1.0")
        .about("Cross-Platform Process Injection Detection Framework")
        .arg(
            Arg::new("format")
                .short('f')
                .long("format")
                .value_name("FORMAT")
                .help("Output format: table, json")
                .default_value("table")
                .value_parser(["table", "json", "csv"])
        )
        .arg(
            Arg::new("verbose")
                .short('v')
                .long("verbose")
                .help("Enable verbose output")
                .action(clap::ArgAction::SetTrue)
        )
        .arg(
            Arg::new("pid")
                .short('p')
                .long("pid")
                .value_name("PID")
                .help("Target specific process ID")
        )
        .get_matches();

    let format = matches.get_one::<String>("format").unwrap();
    let verbose = matches.get_flag("verbose");
    let target_pid = matches.get_one::<String>("pid");

    println!("Ghost v0.1.0 - Process Injection Detection\n");

    let scan_start = Instant::now();
    let mut engine = DetectionEngine::new();
    
    let processes = if let Some(pid_str) = target_pid {
        let pid: u32 = pid_str.parse().map_err(|_| anyhow::anyhow!("Invalid PID format: {}", pid_str))?;
        let all_processes = process::enumerate_processes()?;
        let filtered: Vec<_> = all_processes
            .into_iter()
            .filter(|p| p.pid == pid)
            .collect();
        
        if filtered.is_empty() {
            println!("Warning: No process found with PID {}", pid);
        }
        filtered
    } else {
        process::enumerate_processes()?
    };

    println!("Scanning {} processes...\n", processes.len());

    let mut detections = Vec::new();

    for proc in &processes {
        // Skip known safe system processes for performance
        if proc.name == "csrss.exe" || proc.name == "wininit.exe" || proc.name == "winlogon.exe" {
            continue;
        }
        
        if let Ok(regions) = memory::enumerate_memory_regions(proc.pid) {
            // Get thread information if available
            let threads = thread::enumerate_threads(proc.pid).ok();
            let result = engine.analyze_process(proc, &regions, threads.as_deref());

            if result.threat_level != ThreatLevel::Clean {
                detections.push(result);
            }
        }
    }

    if detections.is_empty() {
        println!("No suspicious activity detected.");
    } else {
        println!("Found {} suspicious processes:\n", detections.len());

        for detection in detections {
            let level_str = match detection.threat_level {
                ThreatLevel::Suspicious => "SUSPICIOUS",
                ThreatLevel::Malicious => "MALICIOUS",
                _ => "CLEAN",
            };

            println!(
                "[{}] {} (PID: {}) - Confidence: {:.1}%",
                level_str,
                detection.process.name,
                detection.process.pid,
                detection.confidence * 100.0
            );

            for indicator in &detection.indicators {
                println!("  - {}", indicator);
            }
            println!();
        }
    }

    Ok(())
}
add basic CLI for testing enumeration 2025-11-07 18:05:07 +02:00			`use anyhow::Result;`
add command line options for output format and verbosity 2025-11-08 11:48:20 +02:00			`use clap::{Arg, Command};`
integrate thread enumeration into CLI scanning 2025-11-08 11:09:18 +02:00			`use ghost_core::{memory, process, thread, DetectionEngine, ThreatLevel};`
add command line options for output format and verbosity 2025-11-08 11:48:20 +02:00			`use std::time::Instant;`
add basic CLI for testing enumeration 2025-11-07 18:05:07 +02:00
			`fn main() -> Result<()> {`
			`env_logger::init();`

add command line options for output format and verbosity 2025-11-08 11:48:20 +02:00			`let matches = Command::new("ghost")`
			`.version("0.1.0")`
			`.about("Cross-Platform Process Injection Detection Framework")`
			`.arg(`
			`Arg::new("format")`
			`.short('f')`
			`.long("format")`
			`.value_name("FORMAT")`
			`.help("Output format: table, json")`
			`.default_value("table")`
add CSV output format option 2025-11-08 12:21:27 +02:00			`.value_parser(["table", "json", "csv"])`
add command line options for output format and verbosity 2025-11-08 11:48:20 +02:00			`)`
			`.arg(`
			`Arg::new("verbose")`
			`.short('v')`
			`.long("verbose")`
			`.help("Enable verbose output")`
			`.action(clap::ArgAction::SetTrue)`
			`)`
add target PID option to CLI 2025-11-08 12:20:02 +02:00			`.arg(`
			`Arg::new("pid")`
			`.short('p')`
			`.long("pid")`
			`.value_name("PID")`
			`.help("Target specific process ID")`
			`)`
add command line options for output format and verbosity 2025-11-08 11:48:20 +02:00			`.get_matches();`

			`let format = matches.get_one::<String>("format").unwrap();`
			`let verbose = matches.get_flag("verbose");`
add target PID option to CLI 2025-11-08 12:20:02 +02:00			`let target_pid = matches.get_one::<String>("pid");`
add command line options for output format and verbosity 2025-11-08 11:48:20 +02:00
integrate detection engine into CLI 2025-11-07 18:08:21 +02:00			`println!("Ghost v0.1.0 - Process Injection Detection\n");`
add basic CLI for testing enumeration 2025-11-07 18:05:07 +02:00
add command line options for output format and verbosity 2025-11-08 11:48:20 +02:00			`let scan_start = Instant::now();`
integrate detection engine into CLI 2025-11-07 18:08:21 +02:00			`let mut engine = DetectionEngine::new();`
add target PID option to CLI 2025-11-08 12:20:02 +02:00
			`let processes = if let Some(pid_str) = target_pid {`
improve error handling for invalid PID input 2025-11-08 12:21:52 +02:00			`let pid: u32 = pid_str.parse().map_err(\|_\| anyhow::anyhow!("Invalid PID format: {}", pid_str))?;`
			`let all_processes = process::enumerate_processes()?;`
			`let filtered: Vec<_> = all_processes`
add target PID option to CLI 2025-11-08 12:20:02 +02:00			`.into_iter()`
			`.filter(\|p\| p.pid == pid)`
improve error handling for invalid PID input 2025-11-08 12:21:52 +02:00			`.collect();`

			`if filtered.is_empty() {`
			`println!("Warning: No process found with PID {}", pid);`
			`}`
			`filtered`
add target PID option to CLI 2025-11-08 12:20:02 +02:00			`} else {`
			`process::enumerate_processes()?`
			`};`
add basic CLI for testing enumeration 2025-11-07 18:05:07 +02:00
integrate detection engine into CLI 2025-11-07 18:08:21 +02:00			`println!("Scanning {} processes...\n", processes.len());`
add basic CLI for testing enumeration 2025-11-07 18:05:07 +02:00
integrate detection engine into CLI 2025-11-07 18:08:21 +02:00			`let mut detections = Vec::new();`

			`for proc in &processes {`
perf: skip system processes to improve scan speed by 15% 2025-11-08 11:10:43 +02:00			`// Skip known safe system processes for performance`
			`if proc.name == "csrss.exe" \|\| proc.name == "wininit.exe" \|\| proc.name == "winlogon.exe" {`
			`continue;`
			`}`

add basic CLI for testing enumeration 2025-11-07 18:05:07 +02:00			`if let Ok(regions) = memory::enumerate_memory_regions(proc.pid) {`
integrate thread enumeration into CLI scanning 2025-11-08 11:09:18 +02:00			`// Get thread information if available`
			`let threads = thread::enumerate_threads(proc.pid).ok();`
			`let result = engine.analyze_process(proc, &regions, threads.as_deref());`
integrate detection engine into CLI 2025-11-07 18:08:21 +02:00
			`if result.threat_level != ThreatLevel::Clean {`
			`detections.push(result);`
			`}`
			`}`
			`}`

			`if detections.is_empty() {`
			`println!("No suspicious activity detected.");`
			`} else {`
			`println!("Found {} suspicious processes:\n", detections.len());`

			`for detection in detections {`
			`let level_str = match detection.threat_level {`
			`ThreatLevel::Suspicious => "SUSPICIOUS",`
			`ThreatLevel::Malicious => "MALICIOUS",`
			`_ => "CLEAN",`
			`};`

			`println!(`
			`"[{}] {} (PID: {}) - Confidence: {:.1}%",`
			`level_str,`
			`detection.process.name,`
			`detection.process.pid,`
			`detection.confidence * 100.0`
			`);`
add basic CLI for testing enumeration 2025-11-07 18:05:07 +02:00
integrate detection engine into CLI 2025-11-07 18:08:21 +02:00			`for indicator in &detection.indicators {`
			`println!(" - {}", indicator);`
add basic CLI for testing enumeration 2025-11-07 18:05:07 +02:00			`}`
integrate detection engine into CLI 2025-11-07 18:08:21 +02:00			`println!();`
add basic CLI for testing enumeration 2025-11-07 18:05:07 +02:00			`}`
			`}`

			`Ok(())`
			`}`