Home > Article > Backend Development > webshell transaction php Trojan webshell scanner code

webshell transaction php Trojan webshell scanner code

WBOYOriginal: 2016-07-29 08:47:452810browse

Copy the code The code is as follows:

/*
+---------------------------- --------------------------------------------------+
| Codz by indexphp Version:0.01 |
| (c) 2009 indexphp |
| http://www.indexphp.org |
+---------------------- -------------------------------------------------- --+
*/
/*===================== Program configuration================== ===*/
$dir='cms'; //Set the directory to be scanned
$jumpoff=false; //Set the files to skip checking
$jump='safe.php|g'; //Set This setting is effective when the file or folder to be skipped is $jumpoff=false
$danger='eval|cmd|passthru';//Set the dangerous function to be found to determine whether it is a Trojan file
$suffix='php| inc';//Set the suffix of the file to be scanned
$dir_num=0;
$file_num=0;
$danger_num=0;
/*================== === End of configuration=====================*/
extract (GetHttpVars());
if ($m=="edit") Edit() ;
if ($m=="del") Delete();
if ($check=='check')
{ $safearr = explode("|",$jump);
$start_time=microtime(true) ;
safe_check($dir);
$end_time=microtime(true);
$total=$end_time-$start_time;
$file_num=$file_num-$dir_num;
$message= "Number of files:".$file_num;
$message.= " Number of folders: ".$dir_num;
$message.= " Number of suspicious files: ".$danger_num;
$message.= " Execution time: ".$total;
echo $message;
exit();
}
function GetHttpVars() {//Global variables
$superglobs = array(
'_POST',
'_GET',
'HTTP_POST_VARS',
'HTTP_GET_VARS');
$httpvars = array() ;
foreach ($superglobs as $glob) {
global $$glob;
if (isset($$glob) && is_array($$glob)) {
$httpvars = $$glob;
}
if (count( $httpvars) > 0)
break;
}
return $httpvars;
}
function Safe_Check($dir)//Traverse files
{
global $danger ,$suffix ,$dir_num ,$file_num ,$danger_num;
$hand=@dir($dir) or die('The folder does not exist') ;
while ($file=$hand->read() )
{
$filename=$dir.'/'.$file ;
if (!$jumpoff) {
if(Jump($filename))continue;
}
if(@is_dir($filename) && $file != '.' && $file!= '..'&& $ file!='./..')
{ $dir_num++;
Safe_Check($filename);
}
if (preg_match_all ("/.($suffix)/i",$filename,$out))
{
$str='';
$fp = @fopen($filename,'r')or die('no permission');
while(!feof($fp))
{
$str .= fgets($fp ,1024);
}
fclose($fp);
if( preg_match_all ("/($danger)[ rnt]{0,}([[(])/i",$str,$out))
{
echo "Suspicious file: {$filename}

Delete
";
$danger_num++;
}
}
$file_num++;
}
}
function Edit()//View suspicious files
{
global $filename;
$filename = str_replace("..","",$ filename);
$file = $filename;
$content = "";
if(is_file($file))
{
$fp = fopen($file,"r")or die('no permission');
$content = fread($fp,filesize($file));
fclose($fp);
$content = htmlspecialchars($content);
}
echo "$content< ;/textarea>rn"; <br>exit(); <br>} <br>function Delete()//Delete file <br>{ <br>global $filename; <br>(is_file($filename))?($mes=unlink($filename)?' Delete successfully':'Delete failed to view permissions'):''; <br>echo $mes; <br>exit(); <br>} <br>function Jump($file)//Skip the file<br>{ <br>global $jump,$safearr; <br> if($jump != '') <br>{ <br>foreach($safearr as $v) <br>{ <br>if($v=='') continue; <br>if( eregi($v,$file) ) return true ; <br> } <br>} <br>return false; <br>} <br>?> <br><form action="" > <br><input type="submit" value="Start detection" /> <br><input type="hidden" name="check" value="check"/> <br></form> <br></p> <p> The above introduces the webshell transaction PHP Trojan webshell scanner code, including the content of webshell transaction. I hope it will be helpful to friends who are interested in PHP tutorials. </p> <p> </p></div><div class="nphpQianMsg"><div class="clear"></div></div><div class="nphpQianSheng"><span>Statement：</span><div>The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn</div></div></div><div class="nphpSytBox"><span>Previous article：<a class="dBlack" title="urlencode functions in php that may be used to encrypt strings [base64_encode, urlencode, sha1]" href="http://m.php.cn/faq/323823.html">urlencode functions in php that may be used to encrypt strings [base64_encode, urlencode, sha1]</a></span><span>Next article：<a class="dBlack" title="urlencode functions in php that may be used to encrypt strings [base64_encode, urlencode, sha1]" href="http://m.php.cn/faq/323825.html">urlencode functions in php that may be used to encrypt strings [base64_encode, urlencode, sha1]</a></span></div><div class="nphpSytBox2"><div class="nphpZbktTitle"><h2>Related articles</h2><em><a href="http://m.php.cn/article.html" class="bBlack"><i>See more</i><b></b></a></em><div class="clear"></div></div><ul class="nphpXgwzList"><li><b></b><a href="http://m.php.cn/faq/1.html" title="How to use cURL to implement Get and Post requests in PHP" class="aBlack">How to use cURL to implement Get and Post requests in PHP</a><div class="clear"></div></li><li><b></b><a href="http://m.php.cn/faq/1.html" title="How to use cURL to implement Get and Post requests in PHP" class="aBlack">How to use cURL to implement Get and Post requests in PHP</a><div class="clear"></div></li><li><b></b><a href="http://m.php.cn/faq/1.html" title="How to use cURL to implement Get and Post requests in PHP" class="aBlack">How to use cURL to implement Get and Post requests in PHP</a><div class="clear"></div></li><li><b></b><a href="http://m.php.cn/faq/1.html" title="How to use cURL to implement Get and Post requests in PHP" class="aBlack">How to use cURL to implement Get and Post requests in PHP</a><div class="clear"></div></li><li><b></b><a href="http://m.php.cn/faq/2.html" title="All expression symbols in regular expressions (summary)" class="aBlack">All expression symbols in regular expressions (summary)</a><div class="clear"></div></li></ul></div></div><div class="nphpFoot"><div class="nphpFootBg"><ul class="nphpFootMenu"><li><a href="http://m.php.cn/"><b class="icon1"></b><p>Home</p></a></li><li><a href="http://m.php.cn/course.html"><b class="icon2"></b><p>Course</p></a></li><li><a href="http://m.php.cn/wenda.html"><b class="icon4"></b><p>Q&A</p></a></li><li><a href="http://m.php.cn/login"><b class="icon5"></b><p>My</p></a></li><div class="clear"></div></ul></div></div><div class="nphpYouBox" style="display: none;"><div class="nphpYouBg"><div class="nphpYouTitle"><span onclick="$('.nphpYouBox').hide()"></span><a href="http://m.php.cn/"></a><div class="clear"></div></div><ul class="nphpYouList"><li><a href="http://m.php.cn/"><b class="icon1"></b><span>Home</span><div class="clear"></div></a></li><li><a href="http://m.php.cn/course.html"><b class="icon2"></b><span>Course</span><div class="clear"></div></a></li><li><a href="http://m.php.cn/article.html"><b class="icon3"></b><span>Article</span><div class="clear"></div></a></li><li><a href="http://m.php.cn/wenda.html"><b class="icon4"></b><span>Q&A</span><div class="clear"></div></a></li><li><a href="http://m.php.cn/dic.html"><b class="icon6"></b><span>Dictionary</span><div class="clear"></div></a></li><li><a href="http://m.php.cn/course/type/99.html"><b class="icon7"></b><span>Manual</span><div class="clear"></div></a></li><li><a href="http://m.php.cn/xiazai/"><b class="icon8"></b><span>Download</span><div class="clear"></div></a></li><li><a href="http://m.php.cn/faq/zt" title="Topic"><b class="icon12"></b><span>Topic</span><div class="clear"></div></a></li><div class="clear"></div></ul></div></div><div class="nphpDing" style="display: none;"><div class="nphpDinglogo"><a href="http://m.php.cn/"></a></div><div class="nphpNavIn1"><div class="swiper-container nphpNavSwiper1"><div class="swiper-wrapper"><div class="swiper-slide"><a href="http://m.php.cn/" >Home</a></div><div class="swiper-slide"><a href="http://m.php.cn/article.html" class="hover">Article</a></div><div class="swiper-slide"><a href="http://m.php.cn/wenda.html" >Q&A</a></div><div class="swiper-slide"><a href="http://m.php.cn/course.html" >Course</a></div><div class="swiper-slide"><a href="http://m.php.cn/faq/zt" >Topic</a></div><div class="swiper-slide"><a href="http://m.php.cn/xiazai" >Download</a></div><div class="swiper-slide"><a href="http://m.php.cn/game" >Game</a></div><div class="swiper-slide"><a href="http://m.php.cn/dic.html" >Dictionary</a></div><div class="clear"></div></div></div><div class="langadivs" ><a href="javascript:;" class="bg4 bglanguage"></a><div class="langadiv" ><a onclick="javascript:setlang('zh-cn');" class="language course-right-orders chooselan " href="javascript:;"><span>简体中文</span><span>（ZH-CN）</span></a><a onclick="javascript:;" class="language course-right-orders chooselan chooselanguage" href="javascript:;"><span>English</span><span>（EN）</span></a><a onclick="javascript:setlang('zh-tw');" class="language course-right-orders chooselan " href="javascript:;"><span>繁体中文</span><span>（ZH-TW）</span></a><a onclick="javascript:setlang('ja');" class="language course-right-orders chooselan " href="javascript:;"><span>日本語</span><span>（JA）</span></a><a onclick="javascript:setlang('ko');" class="language course-right-orders chooselan " href="javascript:;"><span>한국어</span><span>（KO）</span></a><a onclick="javascript:setlang('ms');" class="language course-right-orders chooselan " href="javascript:;"><span>Melayu</span><span>（MS）</span></a><a onclick="javascript:setlang('fr');" class="language course-right-orders chooselan " href="javascript:;"><span>Français</span><span>（FR）</span></a><a onclick="javascript:setlang('de');" class="language course-right-orders chooselan " href="javascript:;"><span>Deutsch</span><span>（DE）</span></a></div></div><script> var swiper = new Swiper('.nphpNavSwiper1', { slidesPerView : 'auto', observer: true,//修改swiper自己或子元素时，自动初始化swiper observeParents: true,//修改swiper的父元素时，自动初始化swiper }); </script></div></div><script>isLogin = 0;</script><script type="text/javascript" src="/static/layui/layui.js"></script><script type="text/javascript" src="/static/js/global.js?4.9.47"></script></div><script src="https://vdse.bdstatic.com//search-video.v1.min.js"></script><link rel='stylesheet' id='_main-css' href='/static/css/viewer.min.css' type='text/css' media='all'/><script type='text/javascript' src='/static/js/viewer.min.js?1'></script><script type='text/javascript' src='/static/js/jquery-viewer.min.js'></script><script>jQuery.fn.wait = function (func, times, interval) { var _times = times || -1, //100次 _interval = interval || 20, //20毫秒每次 _self = this, _selector = this.selector, //选择器 _iIntervalID; //定时器id if( this.length ){ //如果已经获取到了，就直接执行函数 func && func.call(this); } else { _iIntervalID = setInterval(function() { if(!_times) { //是0就退出 clearInterval(_iIntervalID); } _times <= 0 || _times--; //如果是正数就 -- _self = $(_selector); //再次选择 if( _self.length ) { //判断是否取到 func && func.call(_self); clearInterval(_iIntervalID); } }, _interval); } return this; } $("table.syntaxhighlighter").wait(function() { $('table.syntaxhighlighter').append("<p class='cnblogs_code_footer'><span class='cnblogs_code_footer_icon'></span></p>"); }); $(document).on("click", ".cnblogs_code_footer",function(){ $(this).parents('table.syntaxhighlighter').css('display','inline-table');$(this).hide(); }); $('.nphpQianCont').viewer({navbar:true,title:false,toolbar:false,movable:false,viewed:function(){$('img').click(function(){$('.viewer-close').trigger('click');});}}); </script></body></html>