PHP Web Trojan Scanner

header('content-type:text/html;charset=gbk');
set_time_limit(0);//Prevent timeout
/**
*
* Enhanced version of php directory scanning monitoring
*
* @version 1.0
*
The following variables need to be set manually before use
*
**/
/*== =================== Program configuration=====================*/
$pass="test ";//Set password
$jkdir="."; //Set the directory for monitoring and scanning. The current directory is '.' and the upper-level directory is '..'. You can also set an absolute path without adding a slash after it. , the default is the current directory
$logfilename="./m.log";//Set the path to store the log, which can be placed anywhere
$exclude=array('data','images');//Exclude the directory
 $danger='eval|cmd|passthru|gzuncompress';//Set the dangerous function to be found to determine whether it is a Trojan file
$suffix='php|inc';//Set the suffix of the file to be scanned
/*== =================== End of configuration=====================*/

$filename=$ _GET['filename'];
$check=$_GET['check'];
$jumpoff=false;
$url = $_SERVER['PHP_SELF'];
$thisfile = end(explode('/',$ url));
$jump="{$thisfile}|".implode('|',$exclude);
$jkdir_num=$file_num=$danger_num=0;
define('M_PATH',$jkdir);
 define('M_LOG',$logfilename);
if ($check=='check')
{
$safearr = explode("|",$jump);
$start_time=microtime(true);
safe_check($ jkdir);
$end_time=microtime(true);
$total=$end_time-$start_time;
$file_num=$file_num-$jkdir_num;
$message= "Number of files:".$file_num;
$message.= " Number of folders: ".$jkdir_num;
$message.= " Number of suspicious files: ".$danger_num;
$message.= " Execution time: ".$total;
echo $message;
}else{
if ($_GET['m']=="del") Delete();//Process file deletion
//Read file content
if(isset($_GET['readfile'])){
//Output view Password, after the password is verified correctly, the file content will be output
if(empty($_POST['passchack'])){
 echo""
 . " pass"
 . " "
 . " "
 . " "
 . ""
 ."";
 exit;
}elseif(isset($_POST['passchack'])&&$_POST['passchack' ]==$pass){
 $code=file_get_contents($_GET['readfile']);
 echo"{$code}";
 exit;
}else{
 exit;
}

}else{
record_md5(M_PATH );
if(file_exists(M_LOG)){
 $log = unserialize(file_get_contents(M_LOG));
}else{
 $log = array();
}

if($_GET['savethis']== 1){
//Save the current file md5 to the log file
@unlink(M_LOG);
file_put_contents(M_LOG,serialize($file_list));
echo "Save successfully! Click to return";
exit;
}
if(empty($log)){
echo "No log file has been created yet! Click [Save Current] to create a log file! ";
}else{
if($file_list==$log){
 echo "No changes have been made to this folder!";
}else{
   if(count($file_list) > 0 ){
    foreach($file_list as $file => $md5){
    if(!isset($log[$file])){
     echo "新增文件：".$file.""." 创建时间：".date("Y-m-d H:i:s",filectime($file))." 修改时间：".date("Y-m-d H:i:s",filemtime($file))." 源码删除";
    }else{
     if($log[$file] != $md5){
     echo "修改文件：".$file.""." 创建时间：".date("Y-m-d H:i:s",filectime($file))." 修改时间：".date("Y-m-d H:i:s",filemtime($file))." 源码";

     unset($log[$file]);
     }else{
     unset($log[$file]);
     }
    }
    }
   }
   if(count($log)>0){
    foreach($log as $file => $md5){
    echo "删除文件：".$file."";
    }
   }
    }
}
}
}

//计算md5
function record_md5($jkdir){
        global $file_list,$exclude;
        if(is_dir($jkdir)){
                $file=scandir($jkdir);
                foreach($file as $f){
                        if($f!='.' && $f!='..' && !in_array($f, $exclude)){
                                $path = $jkdir.'/'.$f;
                                if(is_dir($path)){
                                        record_md5($path);
                                }else{
                                        $file_list[$path]=md5_file($path);
                                }
                        }
                }
        }
}

function Safe_Check($jkdir)//遍历文件
{
global $danger ,$suffix ,$jkdir_num ,$file_num ,$danger_num;

) or die('文件夹不存在') ;
while ($file=$hand->read())
{
    $filename=$jkdir.'/'.$file;
    if (!$jumpoff) {
   if(Jump($filename))continue;
    }
    if(@is_dir($filename) && $file != '.' && $file!= '..'&& $file!='./..')
    {   $jkdir_num++;
    Safe_Check($filename);
    }
    if (preg_match_all ("/.($suffix)/i",$filename,$out))
    {

   $str='';
   $fp = @fopen($filename,'r')or die('没有权限');
   while(!feof($fp))
   {
   $str .= fgets($fp,1024);
   }
   fclose($fp);
   if( preg_match_all ("/($danger)[ rnt]{0,}([[(])/i",$str,$out))
   {
   echo "可疑文件：{$filename}"." 创建时间：".date("Y-m-d H:i:s",filectime($filename))." 修改时间：".date("Y-m-d H:i:s",filemtime($filename))." 查看代码 删除";
   $danger_num++;
   }
    }
    $file_num++;
}
}
function Edit()//查看可疑文件
{
global $filename;
$filename = str_replace("..","",$filename);
$file = $filename;
$content = "";
if(is_file($file))
{
    $fp = fopen($file,"r")or die('没有权限');
    $content = fread($fp,filesize($file));
    fclose($fp);
    $content = htmlspecialchars($content);

}
echo "$contentrn";
exit();
}
function Delete()//删除文件
{ global $filename,$pass;
if(empty($_POST['passchack'])){
    echo""
   . " pass"
   . " "
   . " "
   . " "
   . ""
    ."";
    exit;
}elseif(isset($_POST['passchack'])&&$_POST['passchack']==$pass){
 (is_file($filename))?($mes=unlink($filename)?'Delete successfully': 'Failed to delete view permission'):'';
 echo $mes;
 exit();
}else{
 echo 'Wrong password! ';
 exit;
}
}
function Jump($file)//Skip file
{
global $jump,$safearr;
if($jump != '')
{
 foreach($safearr as $ v)
 {
 if($v=='') continue;
 if( eregi($v,$file) ) return true ;
 }
}
return false;
}
?>
[View file changes]|[Save current file fingerprint]|[Scan suspicious files]

PHP, Web