Differences

This shows you the differences between two versions of the page.

--- phpshell_scanner [2010/09/13 17:21]
k2patel
+++ phpshell_scanner [2011/12/07 15:53]
k2patel [PHP Shell Scanner]
@@ Line 18: / Line 18: @@
        my $score = grep (/function_exists\(|phpinfo\(|safe_?mode|shell_exec\(|popen\(|passthru\(|system\(|myshellexec\(|exec\(|getpwuid\(|getgrgid  \(|fileperms\(/i,@file);
        #probably evil stuffs
-       my $tempscore = grep(/\`\$\_(post|request|get).{0,20}\`|(include|require|eval|system|passthru|shell_exec).{0,10}\$\_(post|request|get)|eval.{0,10}base64_decode|back_connect|backdoor|r57|PHPJackal|PhpSpy|GiX|Fx29SheLL|w4ck1ng|milw0rm|PhpShell|k1r4|FeeLCoMz|FaTaLisTiCz|Ve_cENxShell|UnixOn|C99madShell|Spamfordz|Locus7s|c100|c99|x2300|cgitelnet|webadmin|PHPShell|KaMeLeOn|S4T|tryag|sniper|noexecshell|\/etc\/passwd|revengans/i, @file);
+       my $tempscore = grep(/\`\$\_(post|request|get).{0,20}\`|(include|require|eval|system|passthru|shell_exec).{0,10}\$\_(post|request|get)|eval.{0,10}base64_decode|back_connect|backdoor|r57|PHPJackal|PhpSpy|GiX|Fx29SheLL|w4ck1ng|milw0rm|PhpShell|k1r4|FeeLCoMz|FaTaLisTiCz|Ve_cENxShell|UnixOn|C99madShell|Spamfordz|Locus7s|c100|c99|x2300|cgitelnet|webadmin|cybershell|STUNSHELL|Pr!v8|PHPShell|KaMeLeOn|S4T|oRb|tryag|sniper|noexecshell|\/etc\/passwd|revengans/i, @file);
        $score +=  50 *  $tempscore;
        print "$score - Possible backdoor : $File::Find::name\n" if ($score > $sens-1 );
@@ Line 28: / Line 28: @@
   }
 }
 </code>
@@ Line 41: / Line 40: @@
 <code text>
-for i in `ls /srv/www/htdocs/` ; do perl findshell.pl 10 $i >> scanout.txt ; done
+for i in /srv/www/htdocs/ ; do perl findshell.pl 10 $i >> scanout.txt ; done
 </code>

Daily *Nix

User Tools

Site Tools

Differences

Page Tools