我们来自五湖四海,不为别的,只因有共同的爱好,为中国互联网发展出一分力!

扫描目录下的php文件,是否含有木马特征

2014年07月26日05:23 阅读: 28948 次

标签: 扫描目录下的php文件,是否含有木马特征

?shell_checkl

?

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
#!/usr/bin/python
#-*- encoding:UTF-8 -*-
###
## @package
## @desc 扫描目录下的php文件,是否含有木马特征,注意,不是“木马扫描”
## @useage python shell_check.py /your/web/path/ 1=是否递归
###
import os
import sys
import re
import time
def listdir(dirs,liston='0'):
????flog = open(os.getcwd()+"/check_php_shell.log","a+")
????if not os.path.isdir(dirs):
????????print "directory %s is not exist"% (dirs)
????????return
????lists = os.listdir(dirs)
????for list in lists:
????????filepath = os.path.join(dirs,list)
????????if os.path.isdir(filepath):
????????????if liston == '1':
????????????????listdir(filepath,'1')
????????elif os.path.isfile(filepath):
????????????filename = os.path.basename(filepath)
????????????if re.search(r"\.(?:php|inc|html?)$", filename, re.IGNORECASE):
????????????????i = 0
????????????????iname = 0
????????????????f = open(filepath)
????????????????while f:
????????????????????file_contents = f.readline()
????????????????????if not file_contents:
????????????????????????break
????????????????????i += 1
????????????????????match = re.search(r'''(?P\b(?:include|require)(?:_once)?\b)\s*\(?\s*["'](?P.*?(?
????????????????????if match:
????????????????????????function = match.group("function")
????????????????????????filename = match.group("filename")
????????????????????????if iname == 0:
????????????????????????????info = '\n[%s] :\n'% (filepath)
????????????????????????else:
????????????????????????????info = ''
????????????????????????info += '\t|-- [%s] - [%s]? line [%d] \n'% (function,filename,i)
????????????????????????flog.write(info)
????????????????????????print info
????????????????????????iname += 1
??????????????????????
????????????????????match = re.search(r'\b(?Peval|proc_open|popen|shell_exec|exec|passthru|system)\b\s*\(', file_contents, re.IGNORECASE| re.MULTILINE)
????????????????????if match:
????????????????????????function = match.group("function")
????????????????????????if iname == 0:
????????????????????????????info = '\n[%s] :\n'% (filepath)
????????????????????????else:
????????????????????????????info = ''
????????????????????????info += '\t|-- [%s]? line [%d] \n'% (function,i)
????????????????????????flog.write(info)
????????????????????????print info
????????????????????????iname += 1
??????????????????????
????????????????????match = re.findall(r'(\$[a-z0-9_]*?\s*?\(.*?\))', file_contents, re.IGNORECASE)
????????????????????if match:
????????????????????????if iname == 0:
????????????????????????????info = '\n[%s] :\n'% (filepath)
????????????????????????else:
????????????????????????????info = ''
????????????????????????info += '\t|-- [%s]? line [%d] \n'% (match[0],i)
????????????????????????flog.write(info)
????????????????????????print info
????????????????????????iname += 1
??
????????????????f.close()
????flog.close()
if '__main__' == __name__:
????argvnum = len(sys.argv)
????liston = '0'
????if argvnum == 1:
????????action = os.path.basename(sys.argv[0])
????????print "Command is like:\n?? %s D:\wwwroot\ \n?? %s D:\wwwroot\ 1??? -- recurse subfolders"% (action,action)
????????quit()
????elif argvnum == 2:
????????path = os.path.realpath(sys.argv[1])
????????listdir(path,liston)
????else:
????????liston = sys.argv[2]
????????path = os.path.realpath(sys.argv[1])
????????listdir(path,liston)
????flog = open(os.getcwd()+"/check_php_shell.log","a+")
????ISOTIMEFORMAT='%Y-%m-%d %X'
????now_time = time.strftime(ISOTIMEFORMAT,time.localtime())
????flog.write("\n----------------------%s checked ---------------------\n"% (now_time))
????flog.close()

?

分享到: 更多
?2019 安全焦点 版权所有.