欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  后端开发

扫描目录下的php文件,是不是含有木马特征

程序员文章站 2022-05-19 09:48:11
...
扫描目录下的php文件,是否含有木马特征

shell_checkl

#!/usr/bin/python#-*- encoding:UTF-8 -*-##### @package## @desc 扫描目录下的php文件,是否含有木马特征,注意,不是“木马扫描”## @useage python shell_check.py /your/web/path/ 1=是否递归###import osimport sysimport reimport timedef listdir(dirs,liston='0'):    flog = open(os.getcwd()+"/check_php_shell.log","a+")    if not os.path.isdir(dirs):        print "directory %s is not exist"% (dirs)        return    lists = os.listdir(dirs)    for list in lists:        filepath = os.path.join(dirs,list)        if os.path.isdir(filepath):            if liston == '1':                listdir(filepath,'1')        elif os.path.isfile(filepath):            filename = os.path.basename(filepath)            if re.search(r"\.(?:php|inc|html?)$", filename, re.IGNORECASE):                i = 0                iname = 0                f = open(filepath)                while f:                    file_contents = f.readline()                    if not file_contents:                        break                    i += 1                    match = re.search(r'''(?P\b(?:include|require)(?:_once)?\b)\s*\(?\s*["'](?P.*?(?eval|proc_open|popen|shell_exec|exec|passthru|system)\b\s*\(', file_contents, re.IGNORECASE| re.MULTILINE)                    if match:                        function = match.group("function")                        if iname == 0:                            info = '\n[%s] :\n'% (filepath)                        else:                            info = ''                        info += '\t|-- [%s]  line [%d] \n'% (function,i)                        flog.write(info)                        print info                        iname += 1                                         match = re.findall(r'(\$[a-z0-9_]*?\s*?\(.*?\))', file_contents, re.IGNORECASE)                    if match:                        if iname == 0:                            info = '\n[%s] :\n'% (filepath)                        else:                            info = ''                        info += '\t|-- [%s]  line [%d] \n'% (match[0],i)                        flog.write(info)                        print info                        iname += 1                 f.close()    flog.close()if '__main__' == __name__:    argvnum = len(sys.argv)    liston = '0'    if argvnum == 1:        action = os.path.basename(sys.argv[0])        print "Command is like:\n   %s D:\wwwroot\ \n   %s D:\wwwroot\ 1    -- recurse subfolders"% (action,action)        quit()    elif argvnum == 2:        path = os.path.realpath(sys.argv[1])        listdir(path,liston)    else:        liston = sys.argv[2]        path = os.path.realpath(sys.argv[1])        listdir(path,liston)    flog = open(os.getcwd()+"/check_php_shell.log","a+")    ISOTIMEFORMAT='%Y-%m-%d %X'    now_time = time.strftime(ISOTIMEFORMAT,time.localtime())    flog.write("\n----------------------%s checked ---------------------\n"% (now_time))    flog.close()


扫描目录下的php文件,是不是含有木马特征

声明:本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系admin@php.cn核实处理。

相关文章

相关视频