<%@ LANGUAGE="VBSCRIPT" codepage ="936" %>
<%option explicit
dim timer1,timer2,thetime
timer1=timer
Server.ScriptTimeout=1200
'on error resume next%>
<html>
<head>
<style>
<!--
body{font-family: 宋体; font-size: 10pt}
table{ font-family: 宋体; font-size: 9pt }
a{ font-family: 宋体; font-size: 9pt; color: #000000; text-decoration: none }
a:hover{ font-family: "宋体"; color: #333333; text-decoration: none }
input { BORDER-RIGHT: #888888 1px solid; BORDER-TOP: #888888 1px solid; BACKGROUND: #ffffff; BORDER-LEFT: #888888 1px solid; BORDER-BOTTOM: #888888 1px solid; FONT-FAMILY: "Verdana", "Arial"font-color: #ffffff;FONT-SIZE: 9pt;
}
-->
</style>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>思易ASP木马追捕</title>
</head>
<body>
思易ASP木马追捕1.0 <a href="http://www.home4e.com/download/asp.rar">下载地址</a><br>
检查你的网站中是否含有可疑ASP程序<br>
<a href="#" onClick="JavaScript:if (d.style.display='none'){d.style.display='';}else {d.style.display='none';}">使用说明</a><br>
<div id=d style="display:none">FSO-FSO组件,具有远程删除新建修改文件的(夹)功能<br>
流-Adodb.stream的调用,一般用于上传文件,如果单独调用stream也很危险<br>
SHELL-SHELL组件调用<br>
WS- WSCIPT组件调用<br>
XML-xmlhttp<br>
密-是否加过密<br>
以上各调用得越多则该文件的危险性就越高<br>
</div>
<%
dim chktype,url
dim yes,no
dim Ofso,Ofile,Ofolder,subfolder
dim filename,path,folder
chktype = Request.form("chktype")
if chktype = "" then chktype=Request.Querystring("chktype")
if chktype="" then chktype="asp,js,inc"
yes = "<font color=red>√</font>"
no ="<font color=green>-</font>"
path = Request("path")
if len(path)=0 then path = Server.Mappath("/")
url = request.servervariables("Script_name")&"?chktype="&Server.Urlencode(chktype) '本文件的名称
set Ofso = Server.CreateObject("Scripting.FileSystemObject")
set ofolder = Ofso.Getfolder(path)
%>
<table width="500" border="0" cellpadding="1" cellspacing="1" bordercolor="#009900" bgcolor="#666666">
<form action="<%=url%>&path=<%=path%>" method="post">
<tr bgcolor="#666666">
<td height="20" colspan="3"><font color=#ffffff>检查的文件类型(用逗号隔开,默认检查asp,inc,js): </font>
<input name="chktype" type="text" id="chktype" value="<%=chktype%>" size="10">
<input type="submit" value="确定"></td>
</tr>
</form>
<tr bgcolor="#FFFFFF">
<td height="1" colspan="3"></td>
</tr><tr bgcolor="#FFFFFF">
<td height="1" colspan="3">当前目录:<%=path%></td>
</tr>
<tr bgcolor="#666666">
<td width="93" height="20"><a href="<%if not ofolder.IsRootFolder then response.write url&"&path="&ofolder.parentfolder%>">■↑回上级目录</a></td>
<td width="175"> </td>
<td width="218"><font color="#FFFFFF"><a href="<%=url%>&path=<%=path%>&bian=bian">搜索本目录下所有文件</a></font></td>
</tr>
<%if ofolder.subfolders.count>0 then
for each subfolder in ofolder.subfolders
response.write "<tr bgcolor=#E8E8E8>"
response.write "<td height=20 colspan=3>"
response.write "<a href="&url&"&path="&server.urlencode(subfolder)&">"&subfolder&"</a>"
response.write "</td></tr>"
next
end if
response.write "</table>"
if ofolder.files.count>0 then
%>
<table width="500" border="0" cellpadding="1" cellspacing="1" bgcolor="#666666">
<tr bgcolor="#666666">
<td height="20"><font color="#FFFFFF">所在目录<%=ofolder%></font></td>
<td width="22" align="center"><font color="#990000">FSO</font></td>
<td width="22" align="center"><font color="#990000">删</font></td>
<td width="22" align="center"><font color="#990000">建</font></td>
<td width="22" align="center"><font color="#990000">移</font></td>
<td width="22" align="center"><font color="#990000">流</font></td>
<td width="22" align="center"><font color="#990000">SHELL</font></td>
<td width="22" align="center"><font color="#990000">WS</font></td>
<td width="22" align="center"><font color="#990000">XML</font></td>
<td width="22" align="center"><font color="#990000">密</font></td>
</tr>
<%
if request("bian")="bian" then
checkfolder(path)
else
checkfiles(path)
end if
response.write "</table>"
end if
sub checkfiles(curpath)
dim ofolder
dim fileext,fileallow,filetxt
dim fso,del,create,mov,stream,shell,ws,xmlhttp,encode
'response.write curpath&"<br>"
if not ofso.FolderExists(curpath) then exit sub
set ofolder = Ofso.getfolder(curpath)
for each filename in ofolder.files
fileallow = false
fso = ndel = ncreate = nmov = nstream = nshell = nws=nxmlhttp = nencode=no
fileext = lcase(right(filename,len(filename)-instrrev(filename,".")))
if instr(chktype,fileext)>0 then
fileallow = true
end if
'response.write fileext&"|"&fileallow
if fileallow then
set ofile = ofso.OpenTextFile(filename)
filetxt = lcase(ofile.readall())
if instr(filetxt,"scripting.filesystemobject")>0 then fso = yes else fso = no
if fso = yes then
if instr(filetxt,"deletefolder")>0 or instr(filetxt,"delete")>0 then del =yes else del = no
if instr(filetxt,"opentextfile")>0 or instr(filetxt,"createtextfile")>0 or instr(filetxt,"openastextstream")>0 then create =yes else create = no
if instr(filetxt,"move")>0 then mov = yes else mov = no
end if
if instr(filetxt,"adodb.stream")>0 then stream = yes else stream = no
if instr(filetxt,"shell.application")>0 then shell = yes else shell = no
if instr(filetxt,"wscript")>0 then ws = yes else ws = no
if instr(filetxt,"xmlhttp")>0 then xmlhttp =yes else xmlhttp = no
if instr(filetxt,"vbscript.encode")> 0 or instr(filetxt,"javascript.encode")> 0 then encode = yes else encode = no
filetxt = ""
set ofile= nothing
response.write "<tr bgcolor=#E8E8E8>"
response.write"<td height=20>"&filename&"</td>"
response.write"<td align=center>"& fso&"</td>"
response.write"<td align=center>"& del&"</td>"
response.write"<td align=center>"& create&"</td>"
response.write"<td align=center>"& mov&"</td>"
response.write"<td align=center>"& stream&"</td>"
response.write"<td align=center>"& shell&"</td>"
response.write"<td align=center>"& ws&"</td>"
response.write"<td align=center>"& xmlhttp&"</td>"
response.write"<td align=center>"& encode&"</td>"
response.write "</tr>"
end if
next
set ofolder = nothing
end sub
sub checkfolder(curpath)
dim sfolder
'set fso = Server.CreateObject("scripting.filesystemobject")
set sfolder = Ofso.getfolder(curpath)
if sfolder.subfolders.count>0 then
for each subfolder in sfolder.subfolders
call checkfolder(subfolder)
checkfiles(subfolder)
next
end if
set sfolder = nothing
end sub
'set ofolder = nothing
set ofso = nothing%>
欢迎访问 【<a href="http://www.home4e.com">思易网</a>】 <a href="www.home4e.comhttp://www.home4e.com/">www.home4e.com</a><br>
本程序由Blueeyes编写,转载时请保留这些信息
<%timer2 = timer
thetime=cstr(int(((timer2-timer1)*10000 )+0.5)/10)
response.write "<br>本页执行共用了"&thetime&"毫秒"%>
</body>
</html>