一下代码保存为php,访问,输入路径,就可以了。内网数据库肯定都是192开头的ip。
================
∷ Scanwebshellbody{ SCROLLBAR-FACE-COLOR: #719BC5; FONT-SIZE: 12px; SCROLLBAR-HIGHLIGHT-COLOR: #ffffff; SCROLLBAR-SHADOW-COLOR: #ffffff; SCROLLBAR-3DLIGHT-COLOR: #ffffff; SCROLLBAR-ARROW-COLOR: #ffffff; SCROLLBAR-TRACK-COLOR: #ffffff; FONT-FAMILY: "宋体"; SCROLLBAR-DARKSHADOW-COLOR: #ffffff
font-family: 宋体; font-size: 9pt}
INPUT {BORDER: 1px none silver; }
if(@set_time_limit(0)) ini_set("max_execution_time",0);
$time=explode(" ",microtime());
$starttime=$time[0]+$time[1];
echo "本文件路径:".str_replace('\\','/',dirname(__FILE__))."
";
$scan_ex="php"; //扫描文件后缀
$count_all=0; //总共扫描文件个数
//die();
//扫描的函数
$check_system_fun = array("192.168","10.0."
);
//返回的可疑文件
$dan_file_array=array();
global $scan_ex,$count_all,$scan_path,$check_file_fun,$dan_file_array;
//判断文件后缀
function get_ex($file_name)
{
$retval="";
$pt=strrpos($file_name, ".");
if ($pt) $retval=substr($file_name, $pt+1, strlen($file_name) - $pt);
// echo $retval."
";
return ($retval);
}
//检查文件
function check($file_name)
{
global $dan_file_array;
global $check_system_fun;
$content_num=0;
$funs_info='';
$include_info='';
$contents_info='';
$time_info='';
$result = false;
$file_contents = file ($file_name);
$time_info.="文件创建时间:".date("F d Y H:i:s.", filectime($file_name))."
";
$time_info.="文件修改时间:".date("F d Y H:i:s.", filemtime($file_name))."
";
foreach ($file_contents as $file_content)
{
$mask=1;
$content_num=$content_num+1;
foreach ($check_system_fun as $func_name)
{
if(eregi($func_name,$file_content))
{
$funs_info=$funs_info."在第".$content_num."行存在关键字".$func_name."可能文件在试图执行系统命令
";
if($mask==1)
{
$contents_info.=htmlspecialchars(substr($file_content,0,100))."
";
$mask=0;
}
}
}
}
if(stristr($include_info,'试图执行')==false)
{
if($include_info!='')
{
echo "
";echo "
$file_name";echo "
$include_info";echo "
$contents_info";echo "
$time_info";echo "
";}