PHP Web Trojan scanner code sharing, PHP Web Trojan Scanner

Source: Internet
Author: User

PHP Web Trojan scanner code sharing, PHP Web Trojan Scanner

No nonsense. paste the Code directly.

The Code is as follows:

<? Php header ('content-type: text/html; charset = gbk'); set_time_limit (0 ); // prevent timeout/*** php Directory scan monitoring enhanced version *** @ version 1.0 * the following variables need to be manually set before use *** // ==== =================== program configuration ========================================= */ $ pass = "test "; // set the password $ jkdir = ". "; // set the monitoring scan directory. The current directory is '. ', the upper-level directory is '.. ', you can also set an absolute path without a slash. The default value is the current directory $ logfilename = ". /m. log "; // set the log storage path, which can be placed in any location $ exclude = array ('data', 'images '); // exclude directory $ danger = 'eval | cmd | passthru | gzuncompr Ess '; // set the dangerous function to be searched to determine whether the trojan file $ suffix = 'php | inc '; // set the suffix of the file to be scanned. ===============*/$ filename =$ _ GET ['filename']; $ check = $ _ GET ['check']; $ jumpoff = false; $ url = $ _ SERVER ['php _ SELF ']; $ thisfile = end (explode ('/', $ url); $ jump = "{$ thisfile} | ". implode ('|', $ exclude); $ jkdir_num = $ file_num = $ danger_num = 0; define ('m _ path', $ jkdir ); define ('m _ log', $ logfilename); if ($ check = 'check') {$ Safearr = explode ("|", $ jump); $ start_time = microtime (true); safe_check ($ jkdir); $ end_time = microtime (true ); $ total = $ end_time-$ start_time; $ file_num = $ file_num-$ jkdir_num; $ message = "number of files :". $ file_num; $ message. = "folder count :". $ jkdir_num; $ message. = "number of suspicious files :". $ danger_num; $ message. = "execution time :". $ total; echo $ message;} else {if ($ _ GET ['M'] = "del") Delete (); // process File Deletion // read file content if (isset ($ _ GET ['readfile']) {// Output to view the password. After the password verification is correct, the output file content if (empty ($ _ POST ['passchack']) {echo "<form id = \" form1 \ "name = \" form1 \ "method = \" post \ "> ". "<label> pass ". "<input type = \" text \ "name = \" passchack \ "/> ". "</label> ". "<input type = \" submit \ "name = \" Submit \ "value = \" submit \ "/> ". "</form> ". ""; exit;} elseif (isset ($ _ POST ['passchack']) & $ _ POST ['passchack'] = $ pass) {$ code = file_get_contents ($ _ GET ['readfile']); echo "<textarea nam E = \ "code \" cols = \ "150 \" rows = \ "30 \" id = \ "code \" style = 'width: 100%; height: pixel PX; background: # cccccc; '>{$ code} </textarea> "; exit;} else {exit ;}} else {record_md5 (M_PATH); if (file_exists (M_LOG )) {$ log = unserialize (file_get_contents (M_LOG);} else {$ log = array ();} if ($ _ GET ['savethis '] = 1) {// Save the current file md5 to the log file @ unlink (M_LOG); file_put_contents (M_LOG, serialize ($ file_list); echo "<a href = 'scandir. php'> Protection Saved successfully! Click Back </a> "; exit;} if (empty ($ log) {echo" no log file has been created yet! Click [save current] to create a log file! ";} Else {if ($ file_list = $ log) {echo" this folder has not been changed! ";} Else {if (count ($ file_list)> 0) {foreach ($ file_list as $ file => $ md5) {if (! Isset ($ log [$ file]) {echo "New file: <a href = {$ file} target = '_ blank'> ". $ file. "</a> ". "created :". date ("Y-m-d H: I: s", filectime ($ file )). "modification time :". date ("Y-m-d H: I: s", filemtime ($ file )). "<a href =? Readfile = {$ file} target = '_ blank'> Source Code </a> <a href = '? M = del & filename = {$ file} 'target = '_ blank'> Delete </u> </a> <br/> ";} else {if ($ log [$ file]! = $ Md5) {echo "Modify file: <a href = {$ file} target = '_ blank'> ". $ file. "</a> ". "created :". date ("Y-m-d H: I: s", filectime ($ file )). "modification time :". date ("Y-m-d H: I: s", filemtime ($ file )). "<a href =? Readfile = {$ file} target = '_ blank'> Source Code </a> <br/> "; unset ($ log [$ file]);} else {unset ($ log [$ file]) ;}}} if (count ($ log)> 0) {foreach ($ log as $ file => $ md5) {echo "delete file: <a href = {$ file} target = '_ blank'> ". $ file. "</a> <br/>" ;}}}}// calculate the md5 function record_md5 ($ jkdir) {global $ file_list, $ exclude; if (is_dir ($ jkdir) {$ file = scandir ($ jkdir); foreach ($ file as $ f) {if ($ f! = '.' & $ F! = '..'&&! In_array ($ f, $ exclude) {$ path = $ jkdir. '/'. $ f; if (is_dir ($ path) {record_md5 ($ path);} else {$ file_list [$ path] = md5_file ($ path );}}}}} function Safe_Check ($ jkdir) // traverse the file {global $ danger, $ suffix, $ jkdir_num, $ file_num, $ danger_num;) or die ('Folder does not exist '); while ($ file = $ hand-> read () {$ filename = $ jkdir. '/'. $ file; if (! $ Jumpoff) {if (Jump ($ filename) continue;} if (@ is_dir ($ filename) & $ file! = '.' & $ File! = '..' & $ File! = '. /.. ') {$ Jkdir_num ++; Safe_Check ($ filename);} if (preg_match_all ("/\. ($ suffix)/I ", $ filename, $ out) {$ str =''; $ fp = @ fopen ($ filename, 'R ') or die ('no authorization'); while (! Feof ($ fp) {$ str. = fgets ($ fp, 1024);} fclose ($ fp); if (preg_match_all ("/($ danger) [\ r \ n \ t] {0 ,} ([\ [\ (])/I ", $ str, $ out) {echo" <font color = 'green' style = 'font-size: 14px '> Suspicious File: {$ filename} </font> ". "created :". date ("Y-m-d H: I: s", filectime ($ filename )). "modification time :". date ("Y-m-d H: I: s", filemtime ($ filename )). "<a href = '? Readfile = {$ filename} 'target = '_ blank'> <u> View Code </u> </a> <a href = '? M = del & filename = $ filename 'target = '_ blank'> Delete </u> </a> <br> "; $ danger_num ++ ;}} $ file_num ++ ;}} function Edit () // view the Suspicious File {global $ filename; $ filename = str_replace (".. "," ", $ filename); $ file = $ filename; $ content =" "; if (is_file ($ file) {$ fp = fopen ($ file, "r") or die ('no authorization'); $ content = fread ($ fp, filesize ($ file); fclose ($ fp ); $ content = htmlspecialchars ($ content);} echo "<textarea name = 'str' style = 'Width: 100%; height: pixel PX; background: # cccccc; '> $ content </textarea> \ r \ n "; exit ();} function Delete () // delete the file {global $ filename, $ pass; if (empty ($ _ POST ['passchack']) {echo "<form id = \" form1 \ "name = \" form1 \ "method = \" post \ "> ". "<label> pass ". "<input type = \" text \ "name = \" passchack \ "/> ". "</label> ". "<input type = \" submit \ "name = \" Submit \ "value = \" submit \ "/> ". "</form> ". ""; exit;} elseif (isset ($ _ POST ['passschack']) & $ _ POST ['passschack'] ==$ pass) {(is_file ($ filename ))? ($ Mes = unlink ($ filename )? 'Deleted successfully': 'failed to view authorization'): ''; echo $ mes; exit ();} else {echo 'incorrect password! '; Exit ;}} function Jump ($ file) // skip the file {global $ jump, $ safearr; if ($ jump! = '') {Foreach ($ safearr as $ v) {if ($ v ='') continue; if (eregi ($ v, $ file )) return true ;}} return false ;}?> <A href = "scandir. php"> [View File changes] </a> | <a href = "scandir. php? Savethis = 1 "> [saving the current file fingerprint] </a> | <a href =" scandir. php? Check = check "> [scanning suspicious files] </a>

The above code is shared by the php web Trojan scanner code. This article is accompanied by a comment. If you do not understand it, please leave a message for me. I believe there are more than one implementation method, you are welcome to share different implementation methods.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.