因為前端時間伺服器被放過 是以寫了個webshell掃描器 呵呵 專殺php webshell 不管大馬還是小馬 包括一句話 現在放出代碼來
代碼如下:
<?php
/*
--------------------------------------------------------------------------
| Codz by indexphp Version:0.01 |
| (c) 2009 indexphp |
| http://www.indexphp.org |
*/
/*===================== 程式配置 =====================*/
$dir='cms'; //設定要掃描的目錄
$jumpoff=false;//設定要跳過檢查的檔案
$jump='safe.php|g'; //設定要跳過檢查的檔案或者檔案夾 $jumpoff=false 時此設定有效
$danger='eval|cmd|passthru';//設定要查找的危險的函數 以确定是否木馬檔案
$suffix='php|inc';//設定要掃描檔案的字尾
$dir_num=0;
$file_num=0;
$danger_num=0;
/*===================== 配置結束 =====================*/
extract (GetHttpVars());
if ($m=="edit") Edit();
if ($m=="del") Delete();
if ($check=='check')
{ $safearr = explode("|",$jump);
$start_time=microtime(true);
safe_check($dir);
$end_time=microtime(true);
$total=$end_time-$start_time;
$file_num=$file_num-$dir_num;
$message= " 檔案數:".$file_num;
$message.= " 檔案夾數:".$dir_num;
$message.= " 可疑檔案數:".$danger_num;
$message.= " 執行時間:".$total;
echo $message;
exit();
}
function GetHttpVars() {//全局變量
$superglobs = array(
'_POST',
'_GET',
'HTTP_POST_VARS',
'HTTP_GET_VARS');
$httpvars = array();
foreach ($superglobs as $glob) {
global $$glob;
if (isset($$glob) && is_array($$glob)) {
$httpvars = $$glob;
if (count($httpvars) > 0)
break;
return $httpvars;
function Safe_Check($dir)//周遊檔案
{
global $danger ,$suffix ,$dir_num ,$file_num ,$danger_num;
$hand=@dir($dir) or die('檔案夾不存在') ;
while ($file=$hand->read() )
$filename=$dir.'/'.$file;
if (!$jumpoff) {
if(Jump($filename))continue;
if(@is_dir($filename) && $file != '.' && $file!= '..'&& $file!='./..')
{ $dir_num ;
Safe_Check($filename);
if (preg_match_all ("/\.($suffix)/i",$filename,$out))
$str='';
$fp = @fopen($filename,'r')or die('沒有權限');
while(!feof($fp))
$str .= fgets($fp,1024);
fclose($fp);
if( preg_match_all ("/($danger)[ \r\n\t]{0,}([\[\(])/i",$str,$out))
echo "<font color='green' style='font-size:14px'>可疑檔案:{$filename}</font>
<a href='?m=edit&filename=$filename' target='_blank'><u>檢視代碼</u></a>
<a href='?m=del&filename=$filename' target='_blank'>删除</u></a><br>";
$danger_num ;
$file_num ;
function Edit()//檢視可疑檔案
global $filename;
$filename = str_replace("..","",$filename);
$file = $filename;
$content = "";
if(is_file($file))
$fp = fopen($file,"r")or die('沒有權限');
$content = fread($fp,filesize($file));
$content = htmlspecialchars($content);
echo "<textarea name='str' style='width:100%;height:450px;background:#cccccc;'>$content</textarea>\r\n";
function Delete()//删除檔案
(is_file($filename))?($mes=unlink($filename)?'删除成功':'删除失敗 檢視權限'):'';
echo $mes;
function Jump($file)//跳過檔案
global $jump,$safearr;
if($jump != '')
foreach($safearr as $v)
if($v=='') continue;
if( eregi($v,$file) ) return true ;
return false;
?>
<form action="" >
<input type="submit" value="開始檢測" />
<input type="hidden" name="check" value="check"/>
</form>