Jump to content
Kalashnikov.

PHP Shell Scanner

By Kalashnikov., in Programe securitate

Recommended Posts

Kalashnikov. Newbie

Kalashnikov.

Posted
Posted

first.png

index.php


include("function.php");

$a = new scanner();

echo "
		<link rel='stylesheet' type='text/css' href='./css/style.css' />
		<body text='white' bgcolor='#111111'>

		<center><table class=hov style='border-collapse: separate; background-color: #2E2E2E;border: solid 1px; border-radius: 5px;width:1300px;'>
						<tr>
							<td>
								<form action=?scan method=post>
									<center><input type=text name='url'  style='border: 1px solid;background-color:transparent;color:#99CCFF;border-radius: 5px' size=100  value='".dirname(__FILE__)."'></center>
								</form>	
							</td>
						</tr>				
						<tr>
							<td style='border:solid 1px; border-radius: 5px;'>
								<table class=hov style='border-collapse: separate; background-color: #2E2E2E;border-radius: 5px;width:100%;height:80%;align:center' id= ''>

								".$a->scanProcess()."
								</table>	
							</td>
							<td></td>
						</tr>	
				</table></center><br><br><br>	   				
		</body>";
		echo (isset($_GET['viewfile']) ? $a->viewSource($_GET['viewfile']) : '');


function.php

class scanner{
	function __construct() {}

	function scanProcess(){
		if(isset($_POST['url'])){
			$ret = array();
			$this->directoryscan($ret, $_POST['url']);
			$contents ="
						<tr bgcolor='#413B3B'>
							<td align=center><font color=#3cbddd>PathFile</font></td>
							<td align=center><font color=#3cbddd>Function</font></td>
						</tr>";

			foreach ($ret as $key => $value){
				$contents .= "<tr bgcolor='#191919'><td width=30%><a href='?viewfile=".$key."' target=_blank><font color=#3cbddd>".$key."</font></a></td><td><font color=#3cbddd>".$this->string_fromArray($value,",")."</font></td></tr>";
			}
			return 	$contents;					
		}


	}
	 function string_fromArray($list,$diff){
		$stack = $list;
		$separator = $diff;
		$string = "";
		for($i=0;$i<sizeof($stack); $i++) {
			if(strlen($string)==0) {
				$string .= $stack[$i];
			}else {
				$string .= $separator." ".$stack[$i];
			}
		}
		return $string;
	}
	 function path_strip($path) {
		$raw = array();

		$path = $this->setSeparator($path);

		if($this->str_startsWith(".".$this->getSeparator(), $path)) {
			$ppath = explode($this->getSeparator(), dirname(__FILE__));
			$raw = $this->path_strip_pdp($ppath, $raw);
		}

		$tpath = explode($this->getSeparator(), $path);
		$raw = $this->path_strip_pdp($tpath, $raw);

		if(sizeof($raw) == 0)
			$raw[] = "";

		return $raw;
	}
	function str_startsWith($needle, $string) {
		$length = strlen($needle);
		return (substr($string, 0, $length) === $needle);
	}

	function str_endsWith($needle, $string) {
		$pos  = strlen($string) - strlen($needle);
		return (substr($string, $pos) === $needle);
	}
	function path_strip_pdp($path, $stack) {
		for($i=($this->getOs()== 1? 0:1); $i<sizeof($path); $i++) {
			if($path[$i] != "" && $path[$i] != ".") {
				if($path[$i] == "..") {
					if(sizeof($stack) > ($this->getOs()== 1? 1:0))
						array_pop($stack);
				}else
					$stack[] = $path[$i];
			}
		}

		return $stack;
	}
	function setSeparator($path) { 
		if($this->getOs() == 1)
			 return str_replace("/", "\\", $path);
		else
		 	 return str_replace("\\", "/", $path);
	}
	function getSeparator() { 
		if($this->getOs() == 1)
			return "\\";
		else
			return "/";
	}
	function getOs() {
		if(strtoupper(substr(PHP_OS, 0, 3)) === 'WIN')
			return 1;
		else
			return 0;
	}
	 function str_fromArray($stack, $delimiter="", $type="") {
		$string = "";
		for($i=0; $i<sizeof($stack); $i++)
			switch($type) {
				case "path":
					if ($this->getOs() == 1) {
						if($i<sizeof($stack)-1)
							$string .= $stack[$i].$delimiter;
						else 
							$string .= $stack[$i];
					}else {
						$string .= $delimiter.$stack[$i];
					}
					break;
				default:
					if(strlen($string) == 0)
						$string .= $stack[$i];
					else
						$string .= $delimiter.$stack[$i];
			}

		return $string;
	}

	function array_add(&$array, $input) {
		if(is_array($array)) {
			if(!in_array($input, $array))
				array_push($array, $input);
		}
	}

	function directoryscan(&$foundMatch, $url){
		$thDir = $url;
		$contents = "";

		$thDir = $this->str_fromArray($this->path_strip($thDir),$this->getSeparator(), "path");

		if(is_dir($thDir)) {

			$handle = opendir($thDir);
			$list = array();
			$dir = array();
			$file = array();
			while(false !== ($entry = readdir($handle))){
				if(is_dir($entry))
					array_push($dir, $entry);
				else
					array_push($file, $entry);
			}	
			sort($dir);
			sort($file);

			$list = array_merge($dir, $file);

			closedir($handle);
			foreach ($list as $filsscan){

				if($thDir.$this->getSeparator().$filsscan == __FILE__) {
					continue;
				}

				if(is_dir($thDir.$this->getSeparator().$filsscan)) {

					if($filsscan != "." && $filsscan != "..") {
						$this->directoryscan($foundMatch, $thDir.$this->getSeparator().$filsscan);

					}
				}else  {

					$ext_this = pathinfo($thDir.$this->getSeparator().$filsscan, PATHINFO_EXTENSION);
					if($ext_this == "php" || $ext_this == "pl" || $ext_this == "py" || $ext_this == "nzri" || $ext_this == "izo" ||
							$ext_this == "cgi" || $ext_this == "htaccess") {

						$file = fopen ($thDir.$this->getSeparator().$filsscan,"r");
						$funcfound = array();

						while(!feof($file)){	
							 $contents = fgets($file);

							if(preg_match("/(|[\;\(\{\s\.\,])copy\s*?[\(].*?[\)]\s*?[\.\,\;\{\}\_]/i",$contents)){
								$this->array_add($funcfound, "copy");

							}
							if(preg_match("/(|[\;\(\{\s\.\,])move\_uploaded\_file\s*?[\(].*?[\)]\s*?[\.\,\;\{\}\_]/i",$contents)){
								$this->array_add($funcfound,  "move_uploaded_file");
							}
							if(preg_match("/(|[\;\(\{\s\.\,])passthru\s*?[\(].*?[\)]\s*?[\.\,\;\{\}\_]/i",$contents)){
								$this->array_add($funcfound,  "passthru");
							}
							if(preg_match("/(|[\;\(\{\s\.\,])shell\_exec\s*?[\(].*?[\)]\s*?[\.\,\;\{\}\_]/i",$contents)){
								$this->array_add($funcfound,  "shell\_exec");
							} 
							if(preg_match("/(|[\;\(\{\s\.\,])exec\s*?[\(].*?[\)]\s*?[\.\,\;\{\}\_]/i",$contents)){
								$this->array_add($funcfound,  "exec");
							} 
						 	if(preg_match("/(|[\;\(\{\s\.\,])base64\_decode\s*?[\(].*?[\)]\s*?[\.\,\;\{\}\_]/i",$contents)){
								$this->array_add($funcfound, "base64_decode");
							} 
							if(preg_match("/(|[\;\(\{\s\.\,])eval\s*?[\(].*?[\)]\s*?[\.\,\;\{\}\_]/i",$contents)){
								$this->array_add($funcfound,  "eval");
							} 
							if(preg_match("/(|[\;\(\{\s\.\,])proc\_open\s*?[\(].*?[\)]\s*?[\.\,\;\{\}\_]/i",$contents)){
								$this->array_add($funcfound,  "proc_open");
							}
							if(preg_match("/(|[\;\(\{\s\.\,])system\s*?[\(].*?[\)]\s*?[\.\,\;\{\}\_]/i",$contents)){
								$this->array_add($funcfound,  "system");
							}
							if(preg_match("/(|[\;\(\{\s\.\,])curl\_exec\s*?[\(].*?[\)]\s*?[\.\,\;\{\}\_]/i",$contents)){
								$this->array_add($funcfound,  "curl_exec");
							} 
							if(preg_match("/(|[\;\(\{\s\.\,])popen\s*?[\(].*?[\)]\s*?[\.\,\;\{\}\_]/i",$contents)){
								$this->array_add($funcfound,  "popen");
							}
							if(preg_match("/(|[\;\(\{\s\.\,])curl\_multi\_exec\s*?[\(].*?[\)]\s*?[\.\,\;\{\}\_]/i",$contents)){
								$this->array_add($funcfound, "curl_multi_exec");
							} 
							if(preg_match("/(|[\;\(\{\s\.\,])rename\s*?[\(].*?[\)]\s*?[\.\,\;\{\}\_]/i",$contents)){
								$this->array_add($funcfound, "rename");
							} 
							if(preg_match("/(|[\;\(\{\s\.\,])parse\_ini\_file\s*?[\(].*?[\)]\s*?[\.\,\;\{\}\_]/i",$contents)){
								$this->array_add($funcfound, "parse_ini_file");
							} 
							if(preg_match("/(|[\;\(\{\s\.\,])\$\_FILES\s*?[\[].*?[\]]\s*?[\.\,\;\}\_]/i",$contents)){
								$this->array_add($funcfound, "\$_FILES");
							}
							if(preg_match("/(|[\;\(\{\s\.\,])show\_source\s*?[\(].*?[\)]\s*?[\.\,\;\{\}\_]/i",$contents)){
								$this->array_add($funcfound, "show_source");
							}
							if(preg_match("/(|[\;\(\{\s\.\,])fopen\s*?[\(].*?[\)]\s*?[\.\,\;\{\}\_]/i",$contents)){
								$this->array_add($funcfound, "fopen");
							}
							if(preg_match("/(|[\;\(\{\s\.\,])\$\_COOKIE\s*?[\[].*?[\]]\s*?[\.\,\;\}\_]/i",$contents)){
								$this->array_add($funcfound, "\$_COOKIE");
							}
							if(preg_match("/.*\s*AddType\s+application\/x\-httpd\-php.*/i",$contents)) {
								$this->array_add($funcfound, "AddType application/x-httpd-php");
							}
							if(preg_match("/.*\s*AddType\s+application\/x\-httpd\-cgi.*/i",$contents)) {
								$this->array_add($funcfound, "AddType application/x-httpd-cgi");
							}
							if(preg_match("/.*\s*AddType\s+application\/x\-httpd\-perl.*/i",$contents)) {
								$this->array_add($funcfound,"AddType application/x-httpd-perl");
							}
							if(preg_match("/.*\s*AddHandler\s+cgi\-script.*/i",$contents)) {
								$this->array_add($funcfound, "AddHandler cgi-scrinpt");
							} 

						} 

						if(sizeof($funcfound) > 0) {
							sort($funcfound);
							$foundMatch[$thDir.$this->getSeparator().$filsscan] = $funcfound;	
						}	
						fclose($file);	
					}

				}
			}
		}
		return $foundMatch;
	}
	function viewSource($path){
		$content = file_get_contents($path);
		return "<pre>".str_replace("<", "<", $content)."</pre>";
	}	
}

sursa: http://thieves-team.com/forum/index.php?topic=5853.0

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...