PHP web Trojan scanner code sharing, PHP web Trojan scanner _ PHP Tutorial

PHPWeb Trojan scanner code sharing, phpweb Trojan scanner. PHP web Trojan scanner code sharing, PHP web Trojan scanner no nonsense, directly paste the code. The code is as follows: phpheader (content-type: texthtml; charsetgbk); set_time_limit (0); PHP Web Trojan scanner code sharing, phpweb Trojan scanner

No nonsense. paste the code directly.

The code is as follows:

<? Php header ('content-type: text/html; charset = gbk'); set_time_limit (0 ); // prevent timeout/*** php directory scan monitoring enhanced version *** @ version 1.0 * the following variables need to be manually set before use *** // ==== =================== program configuration ========================================= */ $ pass = "test "; // Set the password $ jkdir = ". "; // Set the monitoring scan Directory. the current directory is '. ', the upper-level directory is '.. ', you can also set an absolute path without a slash. the default value is the current directory $ logfilename = ". /m. log "; // Set the log storage path, which can be placed in any location $ exclude = array ('data', 'images '); // exclude directory $ danger = 'eval | cmd | passthru | gzuncompress '; // you can specify a function to identify the trojan file $ suffix = 'php | Inc '; // Set the suffix of the file to be scanned. ===============*/$ filename =$ _ GET ['filename']; $ check = $ _ GET ['check']; $ jumpoff = false; $ url = $ _ SERVER ['php _ SELF ']; $ thisfile = end (explode ('/', $ url); $ jump = "{$ thisfile} | ". implode ('|', $ exclude); $ jkdir_num = $ file_num = $ danger_num = 0; define ('m _ path', $ jkdir ); define ('m _ log', $ logfilename); if ($ check = 'check') {$ safearr = explode ("|", $ jump ); $ start_time = microtime (true); safe_check ($ jkdir); $ end_time = microtime (true); $ total = $ end_time-$ start_time; $ file_num = $ file_num-$ jkdir_num; $ message = "number of files :". $ file_num; $ message. = "folder count :". $ jkdir_num; $ message. = "number of suspicious files :". $ danger_num; $ message. = "Execution time :". $ total; echo $ message;} else {if ($ _ GET ['M'] = "del") Delete (); // process file deletion // read the file content if (isset ($ _ GET ['readfile']) {// output view password, after the password is verified correctly, the output file content if (empty ($ _ POST ['passchack']) {echo "". ""; exit;} elseif (isset ($ _ POST ['passchack']) & $ _ POST ['passchack'] = $ pass) {$ code = file_get_contents ($ _ GET ['readfile']); echo"{$ Code}"; Exit;} else {exit ;}} else {record_md5 (M_PATH); if (file_exists (M_LOG) {$ log = unserialize (file_get_contents (M_LOG ));} else {$ log = array ();} if ($ _ GET ['savethis '] = 1) {// Save the md5 of the current file to the log file @ unlink (M_LOG ); file_put_contents (M_LOG, serialize ($ file_list); echo "saved successfully! Click "; exit;} if (empty ($ log) {echo" no log file has been created yet! Click [save current] to create a log file! ";} Else {if ($ file_list = $ log) {echo" this folder has not been changed! ";} Else {if (count ($ file_list)> 0) {foreach ($ file_list as $ file => $ md5) {if (! Isset ($ log [$ file]) {echo "add file :". $ file. "". "created :". date ("Y-m-d H: I: s", filectime ($ file )). "Modification time :". date ("Y-m-d H: I: s", filemtime ($ file )). "Source Code deletion
";} Else {if ($ log [$ file]! = $ Md5) {echo "modify File :". $ file. "". "created :". date ("Y-m-d H: I: s", filectime ($ file )). "Modification time :". date ("Y-m-d H: I: s", filemtime ($ file )). "Source Code
"; Unset ($ log [$ file]);} else {unset ($ log [$ file]) ;}}} if (count ($ log)> 0) {foreach ($ log as $ file => $ md5) {echo "delete file :". $ file."
";}}}}// Calculate the md5 function record_md5 ($ jkdir) {global $ file_list, $ exclude; if (is_dir ($ jkdir )) {$ file = scandir ($ jkdir); foreach ($ file as $ f) {if ($ f! = '.' & $ F! = '..'&&! In_array ($ f, $ exclude) {$ path = $ jkdir. '/'. $ f; if (is_dir ($ path) {record_md5 ($ path);} else {$ file_list [$ path] = md5_file ($ path );}}}}} function Safe_Check ($ jkdir) // traverse the file {global $ danger, $ suffix, $ jkdir_num, $ file_num, $ danger_num;) or die ('folder does not exist '); while ($ file = $ hand-> read () {$ filename = $ jkdir. '/'. $ file; if (! $ Jumpoff) {if (Jump ($ filename) continue;} if (@ is_dir ($ filename) & $ file! = '.' & $ File! = '..' & $ File! = '. /.. ') {$ Jkdir_num ++; Safe_Check ($ filename);} if (preg_match_all ("/\. ($ suffix)/I ", $ filename, $ out) {$ str =''; $ fp = @ fopen ($ filename, 'r ') or die ('No authorization'); while (! Feof ($ fp) {$ str. = fgets ($ fp, 1024);} fclose ($ fp); if (preg_match_all ("/($ danger) [\ r \ n \ t] {0 ,} ([\ [\ (])/I ", $ str, $ out) {echo" suspicious file: {$ filename }". "created :". date ("Y-m-d H: I: s", filectime ($ filename )). "Modification time :". date ("Y-m-d H: I: s", filemtime ($ filename ))."View codeDelete
"; $ Danger_num ++ ;}}$ file_num ++ ;}} function Edit () // view suspicious files {global $ filename; $ filename = str_replace (".. "," ", $ filename); $ file = $ filename; $ content =" "; if (is_file ($ file) {$ fp = fopen ($ file, "r") or die ('No authorization'); $ content = fread ($ fp, filesize ($ file); fclose ($ fp ); $ content = htmlspecialchars ($ content);} echo"$ Content\ R \ n "; exit ();} function Delete () // Delete the file {global $ filename, $ pass; if (empty ($ _ POST ['passschack']) {echo "". ""; exit;} elseif (isset ($ _ POST ['passchack']) & $ _ POST ['passchack'] = $ pass) {(is_file ($ filename ))? ($ Mes = unlink ($ filename )? 'Deleted successfully': 'failed to view authorization'): ''; echo $ mes; exit ();} else {echo 'incorrect password! '; Exit ;}} function Jump ($ file) // skip the file {global $ jump, $ safearr; if ($ jump! = '') {Foreach ($ safearr as $ v) {if ($ v ='') continue; if (eregi ($ v, $ file )) return true ;}} return false ;}?> [View file changes] | [save the current file fingerprint] | [scan suspicious files]

The above code is shared by the php web Trojan scanner code. This article is accompanied by a comment. if you do not understand it, please leave a message for me. I believe there are more than one implementation method, you are welcome to share different implementation methods.

Http://www.bkjia.com/PHPjc/1052065.htmlwww.bkjia.comtruehttp://www.bkjia.com/PHPjc/1052065.htmlTechArticlePHP Web Trojan scanner code sharing, phpweb Trojan scanner does not talk nonsense, directly paste the code. The code is as follows: php header ('content-type: text/html; charset = gbk'); set_time_limit (0 );...