Home >Backend Development >PHP Tutorial >PHP Web Trojan Scanner

PHP Web Trojan Scanner

WBOY
WBOYOriginal
2016-07-25 08:42:181974browse
  1. header('content-type:text/html;charset=gbk');
  2. set_time_limit(0);//Prevent timeout
  3. /**
  4. *
  5. * Enhanced version of php directory scanning monitoring
  6. *
  7. * @version 1.0
  8. *
  9. The following variables need to be set manually before use
  10. *
  11. **/
  12. /*== =================== Program configuration=====================*/
  13. $pass="test ";//Set password
  14. $jkdir="."; //Set the directory for monitoring and scanning. The current directory is '.' and the upper-level directory is '..'. You can also set an absolute path without adding a slash after it. , the default is the current directory
  15. $logfilename="./m.log";//Set the path to store the log, which can be placed anywhere
  16. $exclude=array('data','images');//Exclude the directory
  17. $danger='eval|cmd|passthru|gzuncompress';//Set the dangerous function to be found to determine whether it is a Trojan file
  18. $suffix='php|inc';//Set the suffix of the file to be scanned
  19. /*== =================== End of configuration=====================*/
  20. $filename=$ _GET['filename'];
  21. $check=$_GET['check'];
  22. $jumpoff=false;
  23. $url = $_SERVER['PHP_SELF'];
  24. $thisfile = end(explode('/',$ url));
  25. $jump="{$thisfile}|".implode('|',$exclude);
  26. $jkdir_num=$file_num=$danger_num=0;
  27. define('M_PATH',$jkdir);
  28. define('M_LOG',$logfilename);
  29. if ($check=='check')
  30. {
  31. $safearr = explode("|",$jump);
  32. $start_time=microtime(true);
  33. safe_check($ jkdir);
  34. $end_time=microtime(true);
  35. $total=$end_time-$start_time;
  36. $file_num=$file_num-$jkdir_num;
  37. $message= "Number of files:".$file_num;
  38. $message.= " Number of folders: ".$jkdir_num;
  39. $message.= " Number of suspicious files: ".$danger_num;
  40. $message.= " Execution time: ".$total;
  41. echo $message;
  42. }else{
  43. if ($_GET['m']=="del") Delete();//Process file deletion
  44. //Read file content
  45. if(isset($_GET['readfile'])){
  46. //Output view Password, after the password is verified correctly, the file content will be output
  47. if(empty($_POST['passchack'])){
  48. echo"
    "
  49. . "
  50. . " "
  51. . " "
  52. . " "
  53. . ""
  54. ."";
  55. exit;
  56. }elseif(isset($_POST['passchack'])&&$_POST['passchack' ]==$pass){
  57. $code=file_get_contents($_GET['readfile']);
  58. echo"";
  59. exit;
  60. }else{
  61. exit;
  62. }
  63. }else{
  64. record_md5(M_PATH );
  65. if(file_exists(M_LOG)){
  66. $log = unserialize(file_get_contents(M_LOG));
  67. }else{
  68. $log = array();
  69. }
  70. if($_GET['savethis']== 1){
  71. //Save the current file md5 to the log file
  72. @unlink(M_LOG);
  73. file_put_contents(M_LOG,serialize($file_list));
  74. echo "Save successfully! Click to return";
  75. exit;
  76. }
  77. if(empty($log)){
  78. echo "No log file has been created yet! Click [Save Current] to create a log file! ";
  79. }else{
  80. if($file_list==$log){
  81. echo "No changes have been made to this folder!";
  82. }else{
  83. if(count($file_list) > 0 ){
  84. foreach($file_list as $file => $md5){
  85. if(!isset($log[$file])){
  86. echo "新增文件:".$file.""." 创建时间:".date("Y-m-d H:i:s",filectime($file))." 修改时间:".date("Y-m-d H:i:s",filemtime($file))." 源码删除
    ";
  87. }else{
  88. if($log[$file] != $md5){
  89. echo "修改文件:".$file.""." 创建时间:".date("Y-m-d H:i:s",filectime($file))." 修改时间:".date("Y-m-d H:i:s",filemtime($file))." 源码
    ";
  90. unset($log[$file]);
  91. }else{
  92. unset($log[$file]);
  93. }
  94. }
  95. }
  96. }
  97. if(count($log)>0){
  98. foreach($log as $file => $md5){
  99. echo "删除文件:".$file."
    ";
  100. }
  101. }
  102. }
  103. }
  104. }
  105. }
  106. //计算md5
  107. function record_md5($jkdir){
  108. global $file_list,$exclude;
  109. if(is_dir($jkdir)){
  110. $file=scandir($jkdir);
  111. foreach($file as $f){
  112. if($f!='.' && $f!='..' && !in_array($f, $exclude)){
  113. $path = $jkdir.'/'.$f;
  114. if(is_dir($path)){
  115. record_md5($path);
  116. }else{
  117. $file_list[$path]=md5_file($path);
  118. }
  119. }
  120. }
  121. }
  122. }
  123. function Safe_Check($jkdir)//遍历文件
  124. {
  125. global $danger ,$suffix ,$jkdir_num ,$file_num ,$danger_num;
  126. ) or die('文件夹不存在') ;
  127. while ($file=$hand->read())
  128. {
  129. $filename=$jkdir.'/'.$file;
  130. if (!$jumpoff) {
  131. if(Jump($filename))continue;
  132. }
  133. if(@is_dir($filename) && $file != '.' && $file!= '..'&& $file!='./..')
  134. { $jkdir_num++;
  135. Safe_Check($filename);
  136. }
  137. if (preg_match_all ("/.($suffix)/i",$filename,$out))
  138. {
  139. $str='';
  140. $fp = @fopen($filename,'r')or die('没有权限');
  141. while(!feof($fp))
  142. {
  143. $str .= fgets($fp,1024);
  144. }
  145. fclose($fp);
  146. if( preg_match_all ("/($danger)[ rnt]{0,}([[(])/i",$str,$out))
  147. {
  148. echo "可疑文件:{$filename}"." 创建时间:".date("Y-m-d H:i:s",filectime($filename))." 修改时间:".date("Y-m-d H:i:s",filemtime($filename))." 查看代码 删除
    ";
  149. $danger_num++;
  150. }
  151. }
  152. $file_num++;
  153. }
  154. }
  155. function Edit()//查看可疑文件
  156. {
  157. global $filename;
  158. $filename = str_replace("..","",$filename);
  159. $file = $filename;
  160. $content = "";
  161. if(is_file($file))
  162. {
  163. $fp = fopen($file,"r")or die('没有权限');
  164. $content = fread($fp,filesize($file));
  165. fclose($fp);
  166. $content = htmlspecialchars($content);
  167. }
  168. echo "rn";
  169. exit();
  170. }
  171. function Delete()//删除文件
  172. { global $filename,$pass;
  173. if(empty($_POST['passchack'])){
  174. echo"
    "
  175. . "
  176. . " "
  177. . " "
  178. . " "
  179. . ""
  180. ."";
  181. exit;
  182. }elseif(isset($_POST['passchack'])&&$_POST['passchack']==$pass){
  183. (is_file($filename))?($mes=unlink($filename)?'Delete successfully': 'Failed to delete view permission'):'';
  184. echo $mes;
  185. exit();
  186. }else{
  187. echo 'Wrong password! ';
  188. exit;
  189. }
  190. }
  191. function Jump($file)//Skip file
  192. {
  193. global $jump,$safearr;
  194. if($jump != '')
  195. {
  196. foreach($safearr as $ v)
  197. {
  198. if($v=='') continue;
  199. if( eregi($v,$file) ) return true ;
  200. }
  201. }
  202. return false;
  203. }
  204. ?>
  205. [View file changes]|[Save current file fingerprint]|[Scan suspicious files]
Copy code

PHP, Web


Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn