因為前端時間伺服器被放過 所以寫了個webshell掃描器 呵呵 專殺php webshell 不管大馬還是小馬 包括一句話 現在放出代碼來
<?php/*+--------------------------------------------------------------------------+| Codz by indexphp Version:0.01 || (c) 2009 indexphp || http://www.indexphp.org |+--------------------------------------------------------------------------+*//*===================== 程式配置=====================*/ $dir='cms'; //設定要掃描的目錄$jumpoff=false;//設定要跳過檢查的檔案$jump='safe.php|g'; //設定要跳過檢查的檔案或者檔案夾$jumpoff=false 時此設定有效$danger='eval|cmd|passthru';//設定要尋找的危險的函數 以確定是否木馬檔案$suffix='php|inc';//設定要掃描檔案的尾碼$dir_num=0;$file_num=0;$danger_num=0;/*===================== 配置結束=====================*/ extract (GetHttpVars()); if ($m=="edit") Edit();if ($m=="del") Delete();if ($check=='check'){ $safearr = explode("|",$jump);$start_time=microtime(true);safe_check($dir);$end_time=microtime(true);$total=$end_time-$start_time;$file_num=$file_num-$dir_num;$message= " 檔案數:".$file_num;$message.= " 檔案夾數:".$dir_num;$message.= " 可疑檔案數:".$danger_num;$message.= " 執行時間:".$total;echo $message;exit();}function GetHttpVars() {//全域變數$superglobs = array('_POST','_GET','HTTP_POST_VARS','HTTP_GET_VARS');$httpvars = array(); foreach ($superglobs as $glob) { global $$glob; if (isset($$glob) && is_array($$glob)) { $httpvars = $$glob; } if (count($httpvars) > 0) break;}return $httpvars; }function Safe_Check($dir)//遍曆檔案{global $danger ,$suffix ,$dir_num ,$file_num ,$danger_num; ) or die('檔案夾不存在') ;while ($file=$hand->read() ){ $filename=$dir.'/'.$file; if (!$jumpoff) { if(Jump($filename))continue; } if(@is_dir($filename) && $file != '.' && $file!= '..'&& $file!='./..') { $dir_num++; Safe_Check($filename); } if (preg_match_all ("/.($suffix)/i",$filename,$out)) { $str=''; $fp = @fopen($filename,'r')or die('沒有許可權'); while(!feof($fp)) { $str .= fgets($fp,1024); } fclose($fp); if( preg_match_all ("/($danger)[ rnt]{0,}([[(])/i",$str,$out)) { echo "<font color='green' style='font-size:14px'>可疑檔案:{$filename}</font> <a href='?m=edit&filename=$filename' target='_blank'><u>查看代碼</u></a> <a href='?m=del&filename=$filename' target='_blank'>刪除</u></a><br>"; $danger_num++; } } $file_num++;}}function Edit()// www.2cto.com 查看可疑檔案{global $filename;$filename = str_replace("..","",$filename);$file = $filename;$content = "";if(is_file($file)){ $fp = fopen($file,"r")or die('沒有許可權'); $content = fread($fp,filesize($file)); fclose($fp); $content = htmlspecialchars($content); }echo "<textarea name='str' style='width:100%;height:450px;background:#cccccc;'>$content</textarea>rn";exit();}function Delete()//刪除檔案{global $filename;(is_file($filename))?($mes=unlink($filename)?'刪除成功':'刪除失敗 查看許可權'):'';echo $mes;exit();}function Jump($file)//跳過檔案{global $jump,$safearr;if($jump != ''){ foreach($safearr as $v) { if($v=='') continue; if( eregi($v,$file) ) return true ; }}return false;} ?><form action="" ><input type="submit" value="開始檢測" /><input type="hidden" name="check" value="check"/></form>Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
