================
∷ Scanwebshell <?php if(@set_time_limit(0)) ini_set("max_execution_time",0); $time=explode(" ",microtime()); $starttime=$time[0]+$time[1]; echo "本文件路径:".str_replace('\\','/',dirname(__FILE__)).""; $scan_ex="php"; //扫描文件后缀 $count_all=0; //总共扫描文件个数 //die(); //扫描的函数,判断192开头 $check_system_fun = array("192.168","10.0." ); //返回的可疑文件 $dan_file_array=array(); global $scan_ex,$count_all,$scan_path,$check_file_fun,$dan_file_array; //判断文件后缀 function get_ex($file_name) { $retval=""; $pt=strrpos($file_name, "."); if ($pt) $retval=substr($file_name, $pt+1, strlen($file_name) - $pt); // echo $retval."
"; return ($retval); } //检查文件 function check($file_name) { global $dan_file_array; global $check_system_fun; $content_num=0; $funs_info=''; $include_info=''; $contents_info=''; $time_info=''; $result = false; $file_contents = file ($file_name); $time_info.="文件创建时间:".date("F d Y H:i:s.", filectime($file_name))."
"; $time_info.="文件修改时间:".date("F d Y H:i:s.", filemtime($file_name))."
"; foreach ($file_contents as $file_content) { $mask=1; $content_num=$content_num+1; foreach ($check_system_fun as $func_name) { if(eregi($func_name,$file_content)) { $funs_info=$funs_info."在第".$content_num."行存在关键字".$func_name."可能文件在试图执行系统命令
"; if($mask==1) { $contents_info.=htmlspecialchars(substr($file_content,0,100))."
"; $mask=0; } } } } if(stristr($include_info,'试图执行')==false) { if($include_info!='') { echo ""; echo "$file_name"; echo "$include_info"; echo "$contents_info"; echo "$time_info"; echo ""; } if($funs_info!='') { echo ""; echo "$file_name"; echo "$funs_info"; echo "$contents_info"; echo "$time_info"; echo ""; } } } //遍历目录 function list_dir($dirname) { //变量 global $scan_ex,$count_all; //Win系统 // if($dirname[strlen($dirname)-1]!='\\') // $dirname.='\\'; //*inx系统 if($dirname[strlen($dirname)-1]!='/') $dirname.='/'; static $result_array=array(); //静态数组,保存函数返回值。 $handle=opendir($dirname); while ($file = readdir($handle)) { if($file=='.'||$file=='..' || $file=='attachments') continue; if(is_dir($dirname.$file)) list_dir($dirname.$file.'/'); //如果是目录,递归调用。 if(strpos($file,'.php')) { $result_array[]=$dirname.$file; $count_all=$count_all+1; } } closedir($handle); return $result_array; } //列出文件 if($_POST[action]!=scan) { echo ""; echo "扫描路径:
"; echo "文件后缀:
"; echo "
"; echo "
"; } else { global $scan_path; if(empty($_POST['scan_path'])) { $scan_path=str_replace('\\','/',dirname(__FILE__)); } else{ $scan_path=$_POST['scan_path']; } $array=list_dir($scan_path); echo "共检测$count_all files!个文件
"; ?>
文件绝对路径 | 特征码与描述 | 文件内容明细 | 文件时间明细 |