php webshell扫描后门木马实例程序
本文章来给大家介绍一个php webshell扫描后门木马实例程序,这个可以扫描你网站上的木马程序,这个给大家找网站木马提供了很大的方便.
php webshell扫描后门木马实例程序代码如下:
<?php /********************** php扫描后门 **********************/ error_reporting (E_ERROR); ini_set ( 'max_execution_time' ,20000); ini_set ( 'memory_limit' , '512M' ); header( "content-Type: text/html; charset=gb2312" ); $matches = array ( '/function\_exists\s*\(\s*[\' |\ "](popen|exec|proc\_open|system|passthru)+[\'|\" ]\s*\)/i', '/(exec|shell\_exec|system|passthru)+\s*\(\s*\$\_(\w+)\[(.*)\]\s*\)/i' , '/((udp|tcp)\:\/\/(.*)\;)+/i' , '/preg\_replace\s*\((.*)\/e(.*)\,\s*\$\_(.*)\,(.*)\)/i' , '/preg\_replace\s*\((.*)\(base64\_decode\(\$/i' , '/(eval|assert|include|require|include\_once|require\_once)+\s*\(\s*(base64\_decode|str\_rot13|gz(\w+)|file\_(\w+)\_contents|(.*)php\:\/\/input)+/i' , '/(eval|assert|include|require|include\_once|require\_once|array\_map|array\_walk)+\s*\(\s*\$\_(GET|POST|REQUEST|COOKIE|SERVER|SESSION)+\[(.*)\]\s*\)/i' , '/eval\s*\(\s*\(\s*\$\$(\w+)/i' , '/(include|require|include\_once|require\_once)+\s*\(\s*[\' |\ "](\w+)\.(jpg|gif|ico|bmp|png|txt|zip|rar|htm|css|js)+[\'|\" ]\s*\)/i', '/\$\_(\w+)(.*)(eval|assert|include|require|include\_once|require\_once)+\s*\(\s*\$(\w+)\s*\)/i' , '/\(\s*\$\_FILES\[(.*)\]\[(.*)\]\s*\,\s*\$\_(GET|POST|REQUEST|FILES)+\[(.*)\]\[(.*)\]\s*\)/i' , '/(fopen|fwrite|fputs|file\_put\_contents)+\s*\((.*)\$\_(GET|POST|REQUEST|COOKIE|SERVER)+\[(.*)\](.*)\)/i' , '/echo\s*curl\_exec\s*\(\s*\$(\w+)\s*\)/i' , '/new com\s*\(\s*[\' |\ "]shell(.*)[\'|\" ]\s*\)/i', '/\$(.*)\s*\((.*)\/e(.*)\,\s*\$\_(.*)\,(.*)\)/i' , '/\$\_\=(.*)\$\_/i' , '/\$\_(GET|POST|REQUEST|COOKIE|SERVER)+\[(.*)\]\(\s*\$(.*)\)/i' , '/\$(\w+)\s*\(\s*\$\_(GET|POST|REQUEST|COOKIE|SERVER)+\[(.*)\]\s*\)/i' , '/\$(\w+)\(\$\{(.*)\}/i' ); function antivirus( $dir , $exs , $matches ) { if (( $handle = @opendir( $dir )) == NULL) return false; while (false !== ( $name = readdir( $handle ))) { if ( $name == '.' || $name == '..' ) continue ; $path = $dir . $name ; if ( is_dir ( $path )) { if ( is_readable ( $path )) antivirus( $path . '/' , $exs , $matches ); } elseif ( strpos ( $name , ';' ) > -1 || strpos ( $name , '%00' ) > -1 || strpos ( $name , '/' ) > -1) { echo '<p>特征 <input type="text" style="width:218px;" value="解析漏洞"> ' . $path . '</p>' ; flush (); ob_flush(); } else { if (!preg_match( $exs , $name )) continue ; if ( filesize ( $path ) > 10000000) continue ; $fp = fopen ( $path , 'r' ); $code = fread ( $fp , filesize ( $path )); fclose( $fp ); if ( empty empty ( $code )) continue ; foreach ( $matches as $matche ) { $array = array (); preg_match( $matche , $code , $array ); if (! $array ) continue ; if ( strpos ( $array [0], "\x24\x74\x68\x69\x73\x2d\x3e" )) continue ; $len = strlen ( $array [0]); if ( $len > 10 && $len < 1500) { echo '<p>特征 <input type="text" style="width:218px;" value="' .htmlspecialchars( $array [0]). '"> ' . $path . '</p>' ; flush (); ob_flush(); break ; } } unset( $code , $array ); } } closedir ( $handle ); return true; } function strdir( $str ) { return str_replace ( array ( '\\' , '//' , '//' ), array ( '/' , '/' , '/' ), chop ( $str )); } echo '<form method="POST">' ; echo '<p>路径: <input type="text" name="dir" value="' .( $_POST [ 'dir' ] ? strdir( $_POST [ 'dir' ]. '/' ) : strdir( $_SERVER [ 'DOCUMENT_ROOT' ]. '/' )). '" style="width:398px;"></p>' ; echo '<p>后缀: <input type="text" name="exs" value="' .( $_POST [ 'exs' ] ? $_POST [ 'exs' ] : '.php|.inc|.phtml' ). '" style="width:398px;"></p>' ; echo '<p>操作: <input type="submit" style="width:80px;" value="scan"></p>' ; echo '</form>' ; if ( file_exists ( $_POST [ 'dir' ]) && $_POST [ 'exs' ]) { $dir = strdir( $_POST [ 'dir' ]. '/' ); $exs = '/(' . str_replace ( '.' , '\\.' , $_POST [ 'exs' ]). ')/i' ; echo antivirus( $dir , $exs , $matches ) ? '<p>扫描完毕</p>' : '<p>扫描中断</p>' ; } //开源代码phpfensi.com ?>查看更多关于php webshell扫描后门木马实例程序 - php高级应用的详细内容...
声明:本文来自网络,不代表【好得很程序员自学网】立场,转载请注明出处:http://www.haodehen.cn/did30044