import sys
import getopt
import os
import re
def replace(dir,regex):
p = re.compile(regex)
WalkDir(dir,p)
def replacemore(dir,regex,regex2):
p = re.compile(regex)
p2 = re.compile(regex2)
WalkDirmore(dir,p,p2)
def WalkDir( dir, regex,dir_callback = None, file_callback = None ):
for root, dirs, files in os.walk(dir):
for f in files:
file_path = os.path.join(root, f)
checkfile(file_path,regex)
def WalkDirmore( dir, regex,regex2):
for root, dirs, files in os.walk(dir):
for f in files:
file_path = os.path.join(root, f)
checkfilemore(file_path,regex,regex2)
def checkfilemore(file,regex,regex2):
f1 = open(file, mode = 'r')
line = f1.readline()
linen = 1
key=0
while line:
if regex.match(line):
key=1
if regex2.match(line)and key==1 :
print file+" : "+str(linen)
linen +=1
line = f1.readline()
f1.close()
def checkfile(file,regex):
f1 = open(file, mode = 'r')
line = f1.readline()
linen = 1
while line:
if regex.match(line) :
print file+" : "+str(linen)
linen +=1
line = f1.readline()
f1.close()
#replace("F:\phpcms",".*new\s\w*\(\$.*?")
#replace("F:\phpcms",".*get\(.*?")
replace("F:\phpcms",".*if\(intval.*?")
写得很水,就是可以扫描web目录下面的文件内容,用正则匹配下,大家可以自由发挥。。比如说.*mysql_query.*==
这只是个模子。
用用了好多开源的代码检测工具,swaats,rats,pixy,yasca,appcodescan,等等,都感觉有点不如意,所以打算慢慢发展一个,明天写一个webshell管理器。。。