php后门简单检测脚本
2024-09-05 13:54:33
# coding:utf-8 import os
import sys
import re rulelist = [
'(\$_(GET|POST|REQUEST)\[.{0,15}\]\(\$_(GET|POST|REQUEST)\[.{0,15}\]\))',
'(base64_decode\([\'"][\w\+/=]{200,}[\'"]\))',
'eval\(base64_decode\(',
'(eval\(\$_(POST|GET|REQUEST)\[.{0,15}\]\))',
'(assert\(\$_(POST|GET|REQUEST)\[.{0,15}\]\))',
'(\$[\w_]{0,15}\(\$_(POST|GET|REQUEST)\[.{0,15}\]\))',
'(wscript\.shell)',
'(gethostbyname\()',
'(cmd\.exe)',
'(shell\.application)',
'(documents\s+and\s+settings)',
'(system32)',
'(serv-u)',
'(提权)',
'(phpspy)',
'(后门)',
'(webshell)',
'(Program\s+Files)'
] def Scan(path):
for root,dirs,files in os.walk(path):
for filespath in files:
isover = False
if '.' in filespath:
ext = filespath[(filespath.rindex('.')+1):]
if ext=='php':
file= open(os.path.join(root,filespath))
filestr = file.read()
file.close()
for rule in rulelist:
result = re.compile(rule).findall(filestr)
if result:
print '文件:'+os.path.join(root,filespath)
print '恶意代码:'+str(result[0])
print '\n\n'
break if os.path.lexists(sys.argv[1]):
print('\n\n开始扫描:'+sys.argv[1])
print(' 可疑文件 ')
print('########################################')
Scan(sys.argv[1])
print('提示:扫描完成-- O(∩_∩)O哈哈~')
else:
print '提示:指定的扫描目录不存在--- 我靠( \'o′)!!凸'
最新文章
- thinkphp相关总结
- vs2012安装Microsoft.AspNet.WebApi.WebHost
- 如何显示二进制流的图片(利用img控件)
- iOS push与present Controller的区别
- Codeforces Round #366 Div.2[11110]
- commonjs amd cmd的区别
- JSP基本原理
- debugging tools
- 正则 提取html标签value
- (九)Hibernate 检索策略
- traits编程技法
- Android四大图片缓存(Imageloader,Picasso,Glide,Fresco)原理、特性对比
- iframe自适应高度计算,iframe自适应
- ASP.NET MVC5 实现分页查询
- 工厂方法模式(Java与Kotlin版)
- TF-IDF学习(python实现)
- NgDL:【第二周】NN基础
- 3、lvs调度方法详解
- MySQL 日期类型及默认设置 (除timestamp类型外,系统不支持其它时间类型字段设置默认值)
- westrac server security configure user info