我们来自五湖四海,不为别的,只因有共同的爱好,为中国互联网发展出一分力!
领航时时彩重庆版

新疆时时彩开奖号码走势图带走:扫描目录下的php文件,是否含有木马特征

2014年07月26日05:23 阅读: 28113 次

领航时时彩重庆版 www.9nwl5.cn 标签: 扫描目录下的php文件,是否含有木马特征

 shell_checkl

 

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
#!/usr/bin/python
#-*- encoding:UTF-8 -*-
###
## @package
## @desc 扫描目录下的php文件,是否含有木马特征,注意,不是“木马扫描”
## @useage python shell_check.py /your/web/path/ 1=是否递归
###
import os
import sys
import re
import time
def listdir(dirs,liston='0'):
    flog = open(os.getcwd()+"/check_php_shell.log","a+")
    if not os.path.isdir(dirs):
        print "directory %s is not exist"% (dirs)
        return
    lists = os.listdir(dirs)
    for list in lists:
        filepath = os.path.join(dirs,list)
        if os.path.isdir(filepath):
            if liston == '1':
                listdir(filepath,'1')
        elif os.path.isfile(filepath):
            filename = os.path.basename(filepath)
            if re.search(r"\.(?:php|inc|html?)$", filename, re.IGNORECASE):
                i = 0
                iname = 0
                f = open(filepath)
                while f:
                    file_contents = f.readline()
                    if not file_contents:
                        break
                    i += 1
                    match = re.search(r'''(?P<function>\b(?:include|require)(?:_once)?\b)\s*\(?\s*["'](?P<filename>.*?(?<!\.(?:php|inc)))["']''', file_contents, re.IGNORECASE| re.MULTILINE)
                    if match:
                        function = match.group("function")
                        filename = match.group("filename")
                        if iname == 0:
                            info = '\n[%s] :\n'% (filepath)
                        else:
                            info = ''
                        info += '\t|-- [%s] - [%s]  line [%d] \n'% (function,filename,i)
                        flog.write(info)
                        print info
                        iname += 1
                      
                    match = re.search(r'\b(?P<function>eval|proc_open|popen|shell_exec|exec|passthru|system)\b\s*\(', file_contents, re.IGNORECASE| re.MULTILINE)
                    if match:
                        function = match.group("function")
                        if iname == 0:
                            info = '\n[%s] :\n'% (filepath)
                        else:
                            info = ''
                        info += '\t|-- [%s]  line [%d] \n'% (function,i)
                        flog.write(info)
                        print info
                        iname += 1
                      
                    match = re.findall(r'(\$[a-z0-9_]*?\s*?\(.*?\))', file_contents, re.IGNORECASE)
                    if match:
                        if iname == 0:
                            info = '\n[%s] :\n'% (filepath)
                        else:
                            info = ''
                        info += '\t|-- [%s]  line [%d] \n'% (match[0],i)
                        flog.write(info)
                        print info
                        iname += 1
  
                f.close()
    flog.close()
if '__main__' == __name__:
    argvnum = len(sys.argv)
    liston = '0'
    if argvnum == 1:
        action = os.path.basename(sys.argv[0])
        print "Command is like:\n   %s D:\wwwroot\ \n   %s D:\wwwroot\ 1    -- recurse subfolders"% (action,action)
        quit()
    elif argvnum == 2:
        path = os.path.realpath(sys.argv[1])
        listdir(path,liston)
    else:
        liston = sys.argv[2]
        path = os.path.realpath(sys.argv[1])
        listdir(path,liston)
    flog = open(os.getcwd()+"/check_php_shell.log","a+")
    ISOTIMEFORMAT='%Y-%m-%d %X'
    now_time = time.strftime(ISOTIMEFORMAT,time.localtime())
    flog.write("\n----------------------%s checked ---------------------\n"% (now_time))
    flog.close()

 

分享到: 更多
©2019 安全焦点 版权所有.

  • 这些“难民”大部分好吃懒做,无一技之长,犯罪率又高,你要接回去就噹祖宗供着吧。[哈哈] 2019-04-23
  • 铜梁这位30岁小伙抱上吉他骑着摩托去北极过生! 2019-04-23
  • 2018年世界杯防骗宝典!拒绝和骗子一起狂欢! 2019-04-16
  • [微笑]其实很简单就能破这个局:立法禁止通过房地产二次交易获利,炒房就会被杜绝,炒房一旦被杜绝,房价就会受正常供需关系影响波动在合理范围内。 2019-04-16
  • 中国人打仗?被逗了。独生子一代、捧在手里长大的90后00后、站在甲板上飒爽英姿、硝烟战火血肉横飞的场景、会失去行动能力的。这不是耸人听闻。 2019-04-14
  • 乌鲁木齐市水磨沟区开建两座立体停车库 2019-04-14
  • 吕洪蕾:网络信息技术在干部工作中的运用研究 2019-04-04
  • 聚焦中央经济工作会议 2019-03-30
  • 沈杰:在北京打拼的“90后”台湾律师 2019-03-30
  • 法国总统马克龙首次访华 法国居民期待成果 2019-03-25
  • 【新媒体矩阵】长城编小厨 2019-03-25
  • 1949年刚刚进入北平的人民日报校对科夜班工作场面 2019-03-22
  • 江西省“放管服”改革再出实招 2019-03-21
  • 让“毒跑道”绝迹 内蒙古各方联手共同监管校园跑道 2019-03-20
  • 宁夏石嘴山支队隆重举行退伍老兵欢送仪式 2019-03-19
  • 881| 258| 374| 886| 191| 389| 446| 732| 489| 614|