php木马webshell扫描器代码
前端之家收集整理的这篇文章主要介绍了
php木马webshell扫描器代码,
前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
<div class="codetitle"><a style="CURSOR: pointer" data="93043" class="copybut" id="copybut93043" onclick="doCopy('code93043')"> 代码如下:
<div class="codebody" id="code93043">
<?
PHP /
+--------------------------------------------------------------------------+
| Codz by indexPHP Version:0.01 |
| (c) 2009 indexPHP |
| http://www.indexPHP.org |
+--------------------------------------------------------------------------+
/
/
===================== 程序配置 =====================/
$dir='cms'; //设置要扫描的目录
$jumpoff=false;//设置要跳过检查的
文件 $jump='safe.
PHP|g'; //设置要跳过检查的
文件或者
文件夹 $jumpoff=false 时此设置有效
$danger='eval|cmd|passthru';//设置要查找的危险的
函数 以确定是否木马
文件 $suffix='
PHP|inc';//设置要扫描
文件的后缀
$dir_num=0;
$file_num=0;
$danger_num=0;
/
===================== 配置结束 =====================/
extract (GetHttpVars());
if ($m=="edit") Edit();
if ($m=="del") Delete();
if ($check=='check')
{ $safearr = explode("|",$jump);
$start_time=microtime(true);
safe_check($dir);
$end_time=microtime(true);
$total=$end_time-$start_time;
$file_num=$file_num-$dir_num;
$message= "
文件数:".$file_num;
$message.= "
文件夹数:".$dir_num;
$message.= " 可疑
文件数:".$danger_num;
$message.= " 执行时间:".$total;
echo $message;
exit();
}
function GetHttpVars() {//
全局变量 $superglobs = array(
'_POST',
'_GET',
'HTTP_POST_VARS',
'HTTP_GET_VARS');
$httpvars = array();
foreach ($superglobs as $glob) {
global $$glob;
if (isset($$glob) && is_array($$glob)) {
$httpvars = $$glob;
}
if (count($httpvars) > 0)
break;
}
return $httpvars;
}
function Safe_Check($dir)//遍历
文件 {
global $danger,$suffix,$dir_num,$file_num,$danger_num;
$hand=@dir($dir) or die('
文件夹不存在') ;
while ($file=$hand->read() )
{
$filename=$dir.'/'.$file;
if (!$jumpoff) {
if(Jump($filename))continue;
}
if(@is_dir($filename) && $file != '.' && $file!= '..'&& $file!='./..')
{ $dir_num++;
Safe_Check($filename);
}
if (preg_match_all ("/.($suffix)/i",$filename,$out))
{
$str='';
$fp = @fopen($filename,'r')or die('没有权限');
while(!feof($fp))
{
$str .= fgets($fp,1024);
}
fclose($fp);
if( preg_match_all ("/($danger)[ \r\n\t]{0,}(
(/i",$str,$out))
{
echo "
可疑文件:{$filename} 查看代码 删除";
$danger_num++;
}
}
$file_num++;
}
}
function Edit()//查看可疑
文件 {
global $filename;
$filename = str_replace("..","",$filename);
$file = $filename;
$content = "";
if(is_file($file))
{
$fp = fopen($file,"r")or die('没有权限');
$content = fread($fp,filesize($file));
fclose($fp);
$content = htmlspecialchars($content);
}
echo "
\r\n";
exit();
}
function Delete()//
删除文件 {
global $filename;
(is_file($filename))?($mes=unlink($filename)?'
删除成功':'
删除失败 查看权限'):'';
echo $mes;
exit();
}
function Jump($file)//跳过
文件 {
global $jump,$safearr;
if($jump != '')
{
foreach($safearr as $v)
{
if($v=='') continue;
if( eregi($v,$file) ) return true ;
}
}
return false;
}
?>
@H_
301_131@
<input type="hidden" name="check" value="check"/>
