phpshell_scanner
Differences
This shows you the differences between two versions of the page.
|
phpshell_scanner [2011/02/12 02:45] k2patel |
phpshell_scanner [2020/08/10 02:35] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== PHP Shell Scanner ====== | ||
| - | <code perl|findshell.pl> | ||
| - | |||
| - | #!/usr/bin/perl -w | ||
| - | # findshell v1.0 == code taken/modified from traps.darkmindz.com | ||
| - | #usage: ./findshell.pl <sensitivity 1-50> <directory to scan> | ||
| - | use strict; | ||
| - | use File::Find; | ||
| - | my $sens = shift || 10; | ||
| - | my $folder = shift || './'; | ||
| - | find(\&backdoor, "$folder"); | ||
| - | sub backdoor { | ||
| - | if ((/\.(php|txt)/)){ | ||
| - | open (my $IN,"<$_") || die "can not open datei $File::Find::name: $!"; | ||
| - | my @file = <$IN>; | ||
| - | #maybe evil stuffs | ||
| - | my $score = grep (/function_exists\(|phpinfo\(|safe_?mode|shell_exec\(|popen\(|passthru\(|system\(|myshellexec\(|exec\(|getpwuid\(|getgrgid \(|fileperms\(/i,@file); | ||
| - | #probably evil stuffs | ||
| - | my $tempscore = grep(/\`\$\_(post|request|get).{0,20}\`|(include|require|eval|system|passthru|shell_exec).{0,10}\$\_(post|request|get)|eval.{0,10}base64_decode|back_connect|backdoor|r57|PHPJackal|PhpSpy|GiX|Fx29SheLL|w4ck1ng|milw0rm|PhpShell|k1r4|FeeLCoMz|FaTaLisTiCz|Ve_cENxShell|UnixOn|C99madShell|Spamfordz|Locus7s|c100|c99|x2300|cgitelnet|webadmin|STUNSHELL|Pr!v8|PHPShell|KaMeLeOn|S4T|oRb|tryag|sniper|noexecshell|\/etc\/passwd|revengans/i, @file); | ||
| - | $score += 50 * $tempscore; | ||
| - | print "$score - Possible backdoor : $File::Find::name\n" if ($score > $sens-1 ); | ||
| - | close $IN; | ||
| - | }elsif((/\.(jpg|jpeg|gif|png|tar|zip|gz|rar|pdf)/)){ | ||
| - | open (my $IN,"<$_") || (print "can not open datei $File::Find::name: $!" && next); | ||
| - | print "5000 - Possible backdoor (php in non-php file): $File::Find::name\n" if grep /(\<\?php|include(\ |\())/i, <$IN>; | ||
| - | close $IN; | ||
| - | } | ||
| - | } | ||
| - | </code> | ||
| - | |||
| - | ==== Usage ==== | ||
| - | |||
| - | <code text> | ||
| - | perl findshell.pl 10 /srv/www/htdocs > scanout.txt | ||
| - | sort scanout.txt | ||
| - | </code> | ||
| - | |||
| - | ** GOT MEMORY LIMIT USE FOLLOWING ** | ||
| - | |||
| - | <code text> | ||
| - | for i in /srv/www/htdocs/ ; do perl findshell.pl 10 $i >> scanout.txt ; done | ||
| - | </code> | ||
phpshell_scanner.txt ยท Last modified: 2020/08/10 02:35 (external edit)
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
