PHP Trojan Webshell Scanner Code _php instance

Copy Code code as follows:

<?php
/*
+--------------------------------------------------------------------------+
| Codz by indexphp version:0.01 |
| (c) 2009 indexphp |
| http://www.indexphp.org |
+--------------------------------------------------------------------------+
*/
/*===================== Program Configuration =====================*/
$dir = ' CMS '; Set the directory to scan
$jumpoff =false;//Set the file to skip checking
$jump = ' safe.php|g '; This setting is valid when you set the file or folder you want to skip checking $jumpoff =false
$danger = ' eval|cmd|passthru ';//Set the dangerous function to find to determine if the Trojan file
$suffix = ' php|inc ';//Set the suffix to scan files
$dir _num=0;
$file _num=0;
$danger _num=0;
/*===================== Configuration End =====================*/
Extract (Gethttpvars ());
if ($m = = "edit") edit ();
if ($m = = "Del") Delete ();
if ($check = = ' Check ')
{$safearr = explode ("|", $jump);
$start _time=microtime (TRUE);
Safe_check ($dir);
$end _time=microtime (TRUE);
$total = $end _time-$start _time;
$file _num= $file _num-$dir _num;
$message = "Number of files:". $file _num;
$message. = "Number of folders:". $dir _num;
$message. = "Number of suspicious documents:". $danger _num;
$message. = "Execution time:". $total;
Echo $message;
Exit ();
}
function Gethttpvars () {//global variable
$superglobs = Array (
' _post ',
' _get ',
' Http_post_vars ',
' Http_get_vars ');
$httpvars = Array ();
foreach ($superglobs as $glob) {
Global $ $glob;
if (Isset ($ $glob) && Is_array ($ $glob)) {
$httpvars = $ $glob;
}
if (count ($httpvars) > 0)
Break
}
return $httpvars;
}
function Safe_check ($dir)//Traverse file
{
Global $danger, $suffix, $dir _num, $file _num, $danger _num;
$hand = @dir ($dir) or Die (' folder does not exist ');
while ($file = $hand->read ())
{
$filename = $dir. '/'. $file;
if (! $jumpoff) {
if (Jump ($filename)) continue;
}
if (@is_dir ($filename) && $file!= '. ' && $file!= ' ... ' && $file!= './... ')
{$dir _num++;
Safe_check ($filename);
}
if (Preg_match_all ("/\.") ( $suffix)/I ", $filename, $out))
{
$str = ';
$fp = @fopen ($filename, ' r ') or Die (' no permissions ');
while (!feof ($FP))
{
$str. = Fgets ($fp, 1024);
}
Fclose ($FP);
if (Preg_match_all ("/($danger) [\r\n\t]{0,} ([\[\ (])/I", $str, $out))
{
echo "<font color= ' green ' style= ' font-size:14px ' > suspicious file: {$filename}</font>
<a href= '? m=edit&filename= $filename ' target= ' _blank ' ><u> View Code </u></a>
<a href= '? m=del&filename= $filename ' target= ' _blank ' > Remove </u></a><br> ';
$danger _num++;
}
}
$file _num++;
}
}
function Edit ()//view suspicious files
{
Global $filename;
$filename = Str_replace ("..", "", $filename);
$file = $filename;
$content = "";
if (Is_file ($file))
{
$fp = fopen ($file, "R") or Die (' no permissions ');
$content = Fread ($fp, FileSize ($file));
Fclose ($FP);
$content = Htmlspecialchars ($content);
}
echo "<textarea name= ' str ' style= ' width:100%;height:450px;background: #cccccc; ' > $content </textarea>\r\n ";
Exit ();
}
function Delete ()//Remove file
{
Global $filename;
(Is_file ($filename))? ($mes =unlink ($filename)? Delete successful ': ' Delete failed view permission '): ';
Echo $mes;
Exit ();
}
function Jump ($file)//Skip File
{
Global $jump, $safearr;
if ($jump!= ')
{
foreach ($safearr as $v)
{
if ($v = = ") continue;
if (eregi ($v, $file)) return true;
}
}
return false;
}
?>
<form action= "" >
<input type= "Submit" value= "Start Detection"/>
<input type= "hidden" name= "Check" value= "Check"/>
</form>