PHP Web Trojan scanner code sharing _php instance

No nonsense, just paste the code.

The code is as follows:

<?php header (' CONTENT-TYPE:TEXT/HTML;CHARSET=GBK '); Set_time_limit (0);//Prevent timeout/** * * PHP directory Scan monitoring Enhanced * * @version 1.0 * The following variables need to be set manually before use * **//*===================== program Configuration ====== ===============*/$pass = "Test";//Set Password $jkdir = "."; Set the monitoring scan directory, the current directory is '. ', the previous directory is '. ', you can also set the absolute path, followed by a slash, default to the current directory $logfilename = "./m.log";//Set the path where log is stored and can be placed in any location $exclude =array (' data ', ' images ');//exclude Directory $danger = ' eval|cmd|passthru|gzuncompress ';//set to find dangerous functions to determine whether Trojan files $suffix = ' Php|inc ' ///Set to scan file suffix/*===================== configuration end =====================*/$filename =$_get[' filename ']; $check =$_get[' Check ']; $jumpoff =false; $url = $_server[' php_self '); $thisfile = End (Explode ('/', $url)); $jump = "{$thisfile}|". Implode (' | ', $exclude); $jkdir _num= $file _num= $danger _num=0; Define (' M_path ', $jkdir); Define (' M_log ', $logfilename); if ($check = = ' Check ') {$safearr = explode ("|", $jump); $start _time=microtime (true); Safe_check ($jkdir); $end _time= Microtime (TRUE); $total = $end _time-$start _time; $file _num= $file _num-$jkdir _num; $message = "Number of files:". $fiLe_num; $message. = "Number of folders:". $jkdir _num; $message. = "Number of suspicious files:" $danger _num; $message. = "Execution time:" $total; Echo $message; }else{if ($_get[' m ']== "del") Delete ()//process file Delete//Read file contents if (Isset ($_get[' ReadFile '))) {//Output view password, password checksum output file contents after correct if (   Empty ($_post[' passchack ')) {echo "". "; Exit }elseif (Isset ($_post[' passchack ') &&$_post[' passchack ']== $pass) {$code =file_get_contents ($_get[')   ReadFile ']); Echo<textarea name="\"code\"" cols="\"150\"" rows="\"30\"" id="\"code\"" style="width:100%;height:450px;background:#cccccc;">{$code}</textarea>"; Exit }else{exit;}} else{record_md5 (M_path), if (File_exists (M_log)) {$log = Unserialize (file_get_contents (M_log));} else{$log = Array (),} if ($_get[' Savethis ']==1) {//Save the current file MD5 to the log file @unlink (m_log); File_put_contents (M_log,serialize ($ File_list)); echo "Saved successfully! Click Back to "; Exit if (empty ($log)) {echo} has not currently created a log file! Click [Save current] To create the log file! "; } else{if ($file _list== $log) {echo] This folder has not been changed! "; } else{if (count ($file _list) > 0) {foreach ($file _list as $file = + $md 5) {if (!isset ($log [$file])) {echo "New file : ". $file.". "Creation Time:". Date ("Y-m-d h:i:s", Filectime ($file)). "Modified:". Date ("Y-m-d h:i:s", Filemtime ($file)). "Source Delete
"; }else{if ($log [$file]! = $MD 5) {echo "Modify file:". $file. "." Creation Time: ". Date (" Y-m-d h:i:s ", Filectime ($file))." Modified: ". Date (" Y -m-d h:i:s ", Filemtime ($file))." Source Code
";    Unset ($log [$file]);    }else{unset ($log [$file]); }}}} if (count ($log) >0) {foreach ($log as $file = + $md 5) {echo "Delete file:". $file. "
";     }}}}}//Calculate MD5 function Record_md5 ($jkdir) {global $file _list, $exclude;         if (Is_dir ($jkdir)) {$file =scandir ($jkdir); foreach ($file as $f) {if ($f! = ') ' && $f! = ': ' &&!in_array ($f, $exclude)) {$pat h = $jkdir. '                 /'. $f;                 if (Is_dir ($path)) {record_md5 ($path);                 }else{$file _list[$path]=md5_file ($path); }}}}} function Safe_check ($jkdir)//Traverse file {Global $danger, $suffix, $jkdir _num, $file _num, $dan Ger_num; ) or Die (' folder does not exist '); while ($file = $hand->read ()) {$filename = $jkdir. '   /'. $file;   if (! $jumpoff) {if (jump ($filename)) continue; if (@is_dir ($filename) && $file! = '. ' && $file! = ' ... '   && $file! = './... ')   {$jkdir _num++;   Safe_check ($filename); } if (Preg_match_all ("/\." (   $suffix)/I ", $filename, $out)) {$str = ';   $fp = @fopen ($filename, ' r ') or Die (' no permission '); While!feof ($fp)) {$str. = fgets ($fp, 1024);   } fclose ($FP); if (Preg_match_all ("/($danger) [\r\n\t]{0,} ([\[\ (])/I", $str, $out)) {echo "suspicious file: {$filename}". "Creation Time:". Date ("Y-m-d h:i  : S ", Filectime ($filename))." Modified: ". Date (" Y-m-d h:i:s ", Filemtime ($filename))."View CodeDelete
";   $danger _num++; }} $file _num++; }} function Edit ()//view suspicious file {global $filename; $filename = Str_replace ("..", "", $filename); $file = $filename; $content = "";   if (Is_file ($file)) {$fp = fopen ($file, "R") or Die (' no permission ');   $content = Fread ($fp, FileSize ($file));   Fclose ($FP); $content = Htmlspecialchars ($content); } echo "<textarea name="str" style="width:100%;height:450px;background:#cccccc;">$content</textarea>\ r \ n "; Exit ();   } function Delete ()//delete file {global $filename, $pass; if (Empty ($_post[' passchack ')) {echo "" ""; Exit }elseif (Isset ($_post[' passchack ') &&$_post[' passchack ']== $pass) {(Is_file ($filename))? ( $mes =unlink ($filename)? '   Delete succeeded ': ' Delete failed view permission '): ';   Echo $mes; Exit (); }else{echo ' Password error!   '; Exit }} function jump ($file)//Skip File {Global $jump, $safearr, if ($jump! = ") {foreach ($safearr as $v) {if ($v = =") Conti   Nue   if (eregi ($v, $file)) return true; }} return false; }?> [view file Changes]| [Save current file fingerprint]| [Scan for suspicious files]

The above code is the PHP Web Trojan scanner code sharing, this article with comments, there is not clear welcome to my message, I believe that the implementation method is more than one, welcome to share a lot of different ways to achieve.

