简体中文(ZH-CN)English(EN)繁体中文(ZH-TW)日本語(JA)한국어(KO)Melayu(MS)Français(FR)Deutsch(DE)
Home
Article
Q&A
Course
Topic
Download
Game
Dictionary
Recent Updates

Home  >  Article  >  php教程  >  php木马webshell扫描器代码

php木马webshell扫描器代码

WBOY
WBOYOriginal
2016-06-06 20:39:518996browse

因为前端时间服务器被放过 所以写了个webshell扫描器 呵呵 专杀php webshell 不管大马还是小马 包括一句话 现在放出代码来

代码如下:
/*
+--------------------------------------------------------------------------+
| Codz by indexphp Version:0.01 |
| (c) 2009 indexphp |
| http://www.indexphp.org |
+--------------------------------------------------------------------------+
*/
/*===================== 程序配置 =====================*/
$dir='cms'; //设置要扫描的目录
$jumpoff=false;//设置要跳过检查的文件
$jump='safe.php|g'; //设置要跳过检查的文件或者文件夹 $jumpoff=false 时此设置有效
$danger='eval|cmd|passthru';//设置要查找的危险的函数 以确定是否木马文件
$suffix='php|inc';//设置要扫描文件的后缀
$dir_num=0;
$file_num=0;
$danger_num=0;
/*===================== 配置结束 =====================*/
extract (GetHttpVars());
if ($m=="edit") Edit();
if ($m=="del") Delete();
if ($check=='check')
{ $safearr = explode("|",$jump);
$start_time=microtime(true);
safe_check($dir);
$end_time=microtime(true);
$total=$end_time-$start_time;
$file_num=$file_num-$dir_num;
$message= " 文件数:".$file_num;
$message.= " 文件夹数:".$dir_num;
$message.= " 可疑文件数:".$danger_num;
$message.= " 执行时间:".$total;
echo $message;
exit();
}
function GetHttpVars() {//全局变量
$superglobs = array(
'_POST',
'_GET',
'HTTP_POST_VARS',
'HTTP_GET_VARS');
$httpvars = array();
foreach ($superglobs as $glob) {
global $$glob;
if (isset($$glob) && is_array($$glob)) {
$httpvars = $$glob;
}
if (count($httpvars) > 0)
break;
}
return $httpvars;
}
function Safe_Check($dir)//遍历文件
{
global $danger ,$suffix ,$dir_num ,$file_num ,$danger_num;
$hand=@dir($dir) or die('文件夹不存在') ;
while ($file=$hand->read() )
{
$filename=$dir.'/'.$file;
if (!$jumpoff) {
if(Jump($filename))continue;
}
if(@is_dir($filename) && $file != '.' && $file!= '..'&& $file!='./..')
{ $dir_num++;
Safe_Check($filename);
}
if (preg_match_all ("/\.($suffix)/i",$filename,$out))
{
$str='';
$fp = @fopen($filename,'r')or die('没有权限');
while(!feof($fp))
{
$str .= fgets($fp,1024);
}
fclose($fp);
if( preg_match_all ("/($danger)[ \r\n\t]{0,}([\[\(])/i",$str,$out))
{
echo "可疑文件:{$filename}
查看代码
删除
";
$danger_num++;
}
}
$file_num++;
}
}
function Edit()//查看可疑文件
{
global $filename;
$filename = str_replace("..","",$filename);
$file = $filename;
$content = "";
if(is_file($file))
{
$fp = fopen($file,"r")or die('没有权限');
$content = fread($fp,filesize($file));
fclose($fp);
$content = htmlspecialchars($content);
}
echo "\r\n";
exit();
}
function Delete()//删除文件
{
global $filename;
(is_file($filename))?($mes=unlink($filename)?'删除成功':'删除失败 查看权限'):'';
echo $mes;
exit();
}
function Jump($file)//跳过文件
{
global $jump,$safearr;
if($jump != '')
{
foreach($safearr as $v)
{
if($v=='') continue;
if( eregi($v,$file) ) return true ;
}
}
return false;
}
?>




Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:第七章 php自定义函数实现代码_php入门_脚本之家Next article:PHP使用数组实现队列

Related articles

See more