Differences

This shows you the differences between two versions of the page.

--- phpshell_scanner [2010/09/13 17:18] – k2patel
+++ phpshell_scanner [2020/08/10 02:35] (current) – external edit 127.0.0.1
@@ Line 18: / Line 18: @@
        my $score = grep (/function_exists\(|phpinfo\(|safe_?mode|shell_exec\(|popen\(|passthru\(|system\(|myshellexec\(|exec\(|getpwuid\(|getgrgid  \(|fileperms\(/i,@file);
        #probably evil stuffs
-       my $tempscore = grep(/\`\$\_(post|request|get).{0,20}\`|(include|require|eval|system|passthru|shell_exec).{0,10}\$\_(post|request|get)|eval.{0,10}base64_decode|back_connect|backdoor|r57|PHPJackal|PhpSpy|GiX|Fx29SheLL|w4ck1ng|milw0rm|PhpShell|k1r4|FeeLCoMz|FaTaLisTiCz|Ve_cENxShell|UnixOn|C99madShell|Spamfordz|Locus7s|c100|c99|x2300|cgitelnet|webadmin|PHPShell|KaMeLeOn|S4T|tryag|sniper|noexecshell|\/etc\/passwd|revengans/i, @file);
+       my $tempscore = grep(/\`\$\_(post|request|get).{0,20}\`|(include|require|eval|system|passthru|shell_exec).{0,10}\$\_(post|request|get)|eval.{0,10}base64_decode|back_connect|backdoor|r57|PHPJackal|PhpSpy|GiX|Fx29SheLL|w4ck1ng|milw0rm|PhpShell|k1r4|FeeLCoMz|FaTaLisTiCz|Ve_cENxShell|UnixOn|C99madShell|Spamfordz|Locus7s|c100|c99|x2300|cgitelnet|webadmin|cybershell|STUNSHELL|Pr!v8|PHPShell|KaMeLeOn|S4T|oRb|tryag|sniper|noexecshell|\/etc\/passwd|revengans/i, @file);
        $score +=  50 *  $tempscore;
        print "$score - Possible backdoor : $File::Find::name\n" if ($score > $sens-1 );
@@ Line 28: / Line 28: @@
   }
 }
+</code>
+==== Usage ====
+<code text>
+perl findshell.pl 10 /srv/www/htdocs > scanout.txt
+sort scanout.txt
+</code>
+** GOT MEMORY LIMIT USE FOLLOWING **
+<code text>
+for i in /srv/www/htdocs/ ; do perl findshell.pl 10 $i >> scanout.txt ; done
 </code>