escan_banner();
if( $argc < 2 ){ escan_usage($argv[0]); } else{
$stime = escan_get_mtime();
escan_recurse_dir( realpath($argv[1]).DIRECTORY_SEPARATOR );
$etime = escan_get_mtime();
print "\n@ Scan report : \n\n" . "\t$escan_dir_count directory .\n". "\t$escan_file_count file .\n". "\t" . escan_format_size($escan_byte_count) . " .\n". "\t$escan_match_count Potential RFI .\n". "\t".($etime-$stime) . " Second Processing .\n\n"; }
/* A string formats in a magnitude expressed in bytes */ function escan_format_size($bytes) { if( $bytes < 1024 ) return "$bytes bytes"; if( $bytes < 1048576 ) return ($bytes / 1024) . " Kb"; if( $bytes < 1073741824 ) return ($bytes / 1048576) . " Mb"; return ($bytes / 1073741824) . " Gb"; } /* Returns the timestamp in seconds */ function escan_get_mtime() { list($usec, $sec) = explode(" ",microtime()); return ((float)$usec + (float)$sec); }
/* Extracts line of code inclusion */ function escan_scan_line($content,$offset) { list( $line, $dummy ) = explode( ";" , substr($content,$offset,strlen($content)) ); return $line.";"; }
/* Extract the variable name from line of code inclusion */ function escan_parse_var( $line, $regex_id ) { global $escan_var_regex; $vars = preg_split($escan_var_regex[$regex_id],$line); $varname = $vars[1]; $delimiters = " .);";
for( $i = 0; $i < strlen($varname); $i++ ){ for( $j = 0; $j < strlen($delimiters); $j++ ){ if($varname[$i] == $delimiters[$j]){ return substr( $varname, 0, $i ); } } }
return $varname; }
/* Check if the variable $var is defined in $content before position $offset*/ function escan_check_definitions($content,$offset,$var) { if( strpos( $var, "->" ) ){ return 1; }
$chunk = substr($content,0,$offset); $regex = "/".preg_quote($var,"/")."\s*=/ix"; preg_match( $regex, $chunk,$matches );
return count($matches); }
/* $file the file to check for potential rfi */ function escan_parse_file($file) { global $escan_inc_regex; global $escan_max_size; global $escan_file_count; global $escan_match_count; global $escan_byte_count;
$fsize = filesize($file);
if( $escan_max_size && $fsize > $escan_max_size ) return;
$escan_file_count++; $escan_byte_count += $fsize;
$content = @file_get_contents($file);
for( $i = 0; $i < count($escan_inc_regex); $i++ ){ if( preg_match_all( $escan_inc_regex[$i], $content, $matches, PREG_OFFSET_CAPTURE ) ){ $nmatch = count($matches[0]);
for( $j = 0; $j < $nmatch; $j++ ){ $offset = $matches[0][$j][1]; $line = escan_scan_line($content,$offset); $var = escan_parse_var($line,$i); if( escan_check_definitions($content,$offset,$var) == 0 ) { $escan_match_count++; print "@ $file - \n\t- '$var' The position $offset .\n"; } } } } } /* Returns the file extension $fname */ function escan_get_file_ext($fname) { if( strchr($fname,'.') ){ return substr($fname,strrpos($fname,'.')+1); } else{ return ""; } }
/* Check if file $fname is a valid extension */ function escan_isvalid_ext($fname) { global $escan_valid_ext;
for( $i = 0; $i < count($escan_valid_ext); $i++ ){ if(strstr(escan_get_file_ext($fname),$escan_valid_ext[$i])){ return true; } }
return false; }
/* That function scans directories recursively */ function escan_recurse_dir($dir) { global $escan_dir_count; $escan_dir_count++;
if( $cdir = @dir($dir) ){ while( $entry = $cdir->read() ){ if( $entry != '.' && $entry != '..' ){ if( is_dir($dir.$entry) ){ escan_recurse_dir($dir.$entry.DIRECTORY_SEPARATOR); } else{ if( escan_isvalid_ext($dir.$entry) ){ escan_parse_file($dir.$entry); } } } } $cdir->close(); } }
function escan_banner() { print "*-----------------------------------------------------*\n" . "* PHP Security-Shell RFI Scanner v1.0 by pentest *\n" . "* *\n" . "* http://security-shell.uni.cc *\n" . "*-----------------------------------------------------*\n\n"; } function escan_usage($pname) { print "Use : php $pname
小编推荐:欲学习电脑技术、系统维护、网络管理、编程开发和安全攻防等高端IT技术,请 点击这里注册账号,公开课频道价值万元IT培训教程免费学,让您少走弯路、事半功倍,好工作升职加薪!
免责声明:本站系公益性非盈利IT技术普及网,本文由投稿者转载自互联网的公开文章,文末均已注明出处,其内容和图片版权归原网站或作者所有,文中所述不代表本站观点,若有无意侵权或转载不当之处请从网站右下角联系我们处理,谢谢合作!
1064
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
