Python实例分享：快速查找出被挂马的文件-Python Tutorial-php.cn

Home

Backend Development

Python Tutorial

Python实例分享：快速查找出被挂马的文件

Jun 16, 2016 am 08:43 AM

python

思路

需要实现准备一份未受感染的源代码和一份可能受感染的源代码，然后运行以下脚本，就能找出到底哪些文件被挂马了。

其中，主要是根据比对2份文件的md5值来过滤可能被挂马的文件（确切的说应该是被修改过的文件）

Python脚本

复制代码代码如下:

__author__ = 'Flying'
#coding:utf-8
#Date:2014.6.5
#检测修改过的文件
import os,sys,hashlib,datetime
global_DirOld = ""
global_DirNew = ""
global_FilesList = []
#输入要比对的文件路径
def InputDirPath():
    global global_DirOld,global_DirNew
    global_DirOld = unicode(raw_input("请输入备份文件所在目录："),"utf-8")
    while not os.path.exists(global_DirOld):
        print u"指定的路径不存在，请重新输入"
        global_DirOld = unicode(raw_input("请输入备份文件所在目录："),"utf-8")
    global_DirNew = unicode(raw_input("请输入要检测文件的目录："),"utf-8")
    while not os.path.exists(global_DirNew):
        print u"指定的路径不存在，请重新输入"
        global_DirNew = unicode(raw_input("请输入要检测文件的目录："),"utf-8")

#将数据保存到文件中
def SaveToFile(filePath,content):
    try:
        f = open(filePath,"a+")
        f.write(content.encode("utf-8") + "\n")
        f.close()
    except Exception,ex:
        print "Error:" + str(ex)

#计算文件的MD5值
def CalcMD5(filepath):
    try:
        #以二进制的形式打开
        with open(filepath,'rb') as f:
            md5obj = hashlib.md5()
            md5obj.update(f.read())
            hash = md5obj.hexdigest()
            return hash
    except Exception,ex:
        print "Error:" + str(ex)
        return None

#遍历目录下的所有文件
def GetAllSubFiles():
    global global_FilesList
    for dir in os.walk(global_DirNew):
        for file in dir[2]:
            filePath = dir[0] + os.sep + file
            global_FilesList.append(filePath[len(global_DirNew)+1:])

#列出新增文件和变动的文件
def ListChangedFiles():
    global global_DirOld,global_DirNew,global_FilesList
    print u"变动或新增的文件："
    for file in global_FilesList:
        filePathOld = global_DirOld + os.sep + file
        filePathNew = global_DirNew + os.sep + file
        if not os.path.exists(filePathOld) or CalcMD5(filePathOld)!=CalcMD5(filePathNew):
            content = "[" + datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S')+ "]" + filePathNew
            print content
            SaveToFile("ChangedFiles.txt",content)

if __name__=="__main__":
    InputDirPath()
    GetAllSubFiles()
    ListChangedFiles()

脚本执行结果

Python实例分享：快速查找出被挂马的文件

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn