PHP Trojan webshell scanner code_PHP tutorial

Copy code The code is as follows:

/*
+-------- -------------------------------------------------- ----------------+
| Codz by indexphp Version:0.01 |
| (c) 2009 indexphp |
| http://www.indexphp. org |
+-------------------------------------------------- ----------------------------------+
*/
/*========= ============ Program configuration=====================*/
$dir='cms'; //Settings Directory to be scanned
$jumpoff=false; //Set files to skip checking
$jump='safe.php|g'; //Set files or folders to skip checking$jumpoff= This setting is valid when false
$danger='eval|cmd|passthru';//Set the dangerous function to be found to determine whether it is a Trojan file
$suffix='php|inc';//Set to scan File suffix
$dir_num=0;
$file_num=0;
$danger_num=0;
/*================== === End of configuration======================*/
extract (GetHttpVars());
if ($m=="edit" ) Edit();
if ($m=="del") Delete();
if ($check=='check')
{ $safearr = explode("|",$jump );
$start_time=microtime(true);
safe_check($dir);
$end_time=microtime(true);
$total=$end_time-$start_time;
$file_num =$file_num-$dir_num;
$message= "Number of files:".$file_num;
$message.= "Number of folders:".$dir_num;
$message.= "Number of suspicious files : ".$danger_num;
$message.= " Execution time: ".$total;
echo $message;
exit();
}
function GetHttpVars() {// Global variables
$superglobs = array(
'_POST',
'_GET',
'HTTP_POST_VARS',
'HTTP_GET_VARS');
$httpvars = array();
foreach ($superglobs as $glob) {
global $$glob;
if (isset($$glob) && is_array($$glob)) {
$httpvars = $$glob;
}
if (count($httpvars) > 0)
break;
}
return $httpvars;
}
function Safe_Check($dir)//Traverse files
{
global $danger ,$suffix ,$dir_num ,$file_num ,$danger_num;
$hand=@dir($dir) or die('Folder does not exist') ;
while ($file=$hand->read() )
{
$filename=$dir.'/'.$file;
if (!$jumpoff) {
if(Jump( $filename))continue;
}
if(@is_dir($filename) && $file != '.' && $file!= '..'&& $file!='./..')
{ $dir_num++;
Safe_Check($filename);
}
if (preg_match_all ("/.($suffix)/i",$filename,$out))
{
$str='';
$fp = @fopen($filename,'r')or die('no permission');
while(!feof($fp))
{
$str .= fgets($fp,1024);
}
fclose($fp);
if( preg_match_all ("/($danger)[ rnt]{0,}([[ (])/i",$str,$out))
{
echo "Suspicious file: {$filename}< ;/font>
View code
Delete
";
$danger_num++;
}
}
$file_num++;
}
}
function Edit()//View suspicious files
{
global $filename;
$filename = str_replace(".."," ",$filename);
$file = $filename;
$content = "";
if(is_file($file))
{
$fp = fopen($file, "r")or die('no permission');
$content = fread($fp,filesize($file));
fclose($fp);
$content = htmlspecialchars($content );
}
echo "$contentrn";
exit();
}
function Delete()//Delete file
{
global $filename;
(is_file($filename))?($mes=unlink($filename )?'Delete successfully':'Delete failed to view permission'):'';
echo $mes;
exit();
}
function Jump($file)//Skip the file
{
global $jump,$safearr;
if($jump != '')
{
foreach($safearr as $v)
{
if( $v=='') continue;
if( eregi($v,$file) ) return true ;
}
}
return false;
}
?>

http://www.bkjia.com/PHPjc/324899.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/324899.htmlTechArticleCopy the code as follows: ?php /* +------------- -------------------------------------------------- ----------+ | Codz by indexphp Version:0.01 | | (c) 2009 indexphp | | http://www...