Home >Backend Development >PHP Tutorial >PHP Trojan webshell scanner code_PHP tutorial

PHP Trojan webshell scanner code_PHP tutorial

WBOY
WBOYOriginal
2016-07-21 15:21:201212browse

Copy code The code is as follows:

/*
+-------- -------------------------------------------------- ----------------+
| Codz by indexphp Version:0.01 |
| (c) 2009 indexphp |
| http://www.indexphp. org |
+-------------------------------------------------- ----------------------------------+
*/
/*========= ============ Program configuration=====================*/
$dir='cms'; //Settings Directory to be scanned
$jumpoff=false; //Set files to skip checking
$jump='safe.php|g'; //Set files or folders to skip checking$jumpoff= This setting is valid when false
$danger='eval|cmd|passthru';//Set the dangerous function to be found to determine whether it is a Trojan file
$suffix='php|inc';//Set to scan File suffix
$dir_num=0;
$file_num=0;
$danger_num=0;
/*================== === End of configuration======================*/
extract (GetHttpVars());
if ($m=="edit" ) Edit();
if ($m=="del") Delete();
if ($check=='check')
{ $safearr = explode("|",$jump );
$start_time=microtime(true);
safe_check($dir);
$end_time=microtime(true);
$total=$end_time-$start_time;
$file_num =$file_num-$dir_num;
$message= "Number of files:".$file_num;
$message.= "Number of folders:".$dir_num;
$message.= "Number of suspicious files : ".$danger_num;
$message.= " Execution time: ".$total;
echo $message;
exit();
}
function GetHttpVars() {// Global variables
$superglobs = array(
'_POST',
'_GET',
'HTTP_POST_VARS',
'HTTP_GET_VARS');
$httpvars = array();
foreach ($superglobs as $glob) {
global $$glob;
if (isset($$glob) && is_array($$glob)) {
$httpvars = $$glob;
}
if (count($httpvars) > 0)
break;
}
return $httpvars;
}
function Safe_Check($dir)//Traverse files
{
global $danger ,$suffix ,$dir_num ,$file_num ,$danger_num;
$hand=@dir($dir) or die('Folder does not exist') ;
while ($file=$hand->read() )
{
$filename=$dir.'/'.$file;
if (!$jumpoff) {
if(Jump( $filename))continue;
}
if(@is_dir($filename) && $file != '.' && $file!= '..'&& $file!='./..')
{ $dir_num++;
Safe_Check($filename);
}
if (preg_match_all ("/.($suffix)/i",$filename,$out))
{
$str='';
$fp = @fopen($filename,'r')or die('no permission');
while(!feof($fp))
{
$str .= fgets($fp,1024);
}
fclose($fp);
if( preg_match_all ("/($danger)[ rnt]{0,}([[ (])/i",$str,$out))
{
echo "Suspicious file: {$filename}< ;/font>
View code
Delete
";
$danger_num++;
}
}
$file_num++;
}
}
function Edit()//View suspicious files
{
global $filename;
$filename = str_replace(".."," ",$filename);
$file = $filename;
$content = "";
if(is_file($file))
{
$fp = fopen($file, "r")or die('no permission');
$content = fread($fp,filesize($file));
fclose($fp);
$content = htmlspecialchars($content );
}
echo "rn";
exit();
}
function Delete()//Delete file
{
global $filename;
(is_file($filename))?($mes=unlink($filename )?'Delete successfully':'Delete failed to view permission'):'';
echo $mes;
exit();
}
function Jump($file)//Skip the file
{
global $jump,$safearr;
if($jump != '')
{
foreach($safearr as $v)
{
if( $v=='') continue;
if( eregi($v,$file) ) return true ;
}
}
return false;
}
?>




www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/324899.htmlTechArticleCopy the code as follows: ?php /* +------------- -------------------------------------------------- ----------+ | Codz by indexphp Version:0.01 | | (c) 2009 indexphp | | http://www...
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn