Created
August 31, 2023 22:11
-
-
Save TLWebdesign/30790676628ee053c9a0ec300b7a7c38 to your computer and use it in GitHub Desktop.
Bash script to search for known files placed by Acymailing vulnerability
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Created by Tom van der Laan - TLWebdesign with the help of ChatGPT 4 | |
# Created on 31st of August 2023 | |
# This script will search for files known to be placed in your joomla installation because of the Acymailing vulnerability. | |
# It is set up to work on a DirectAdmin installation by default. But when you run the script it will ask you for the file system search pattern. | |
# Leaving that empty will default it to directadmin structure. | |
# Common structures are (according to chatGPT) | |
# cPanel: /home/*/public_html/ | |
# Plesk: /var/www/vhosts/*/httpdocs/ | |
# Webmin/Virtualmin: /home/*/public_html/ | |
# ISPConfig: /var/www/*/web/ | |
# Cyberpanel /home/*/public_html/ | |
# ------------------------------------------------------------------------------ | |
# INSTRUCTIONS: | |
# You need to log into your server with SSH or some other means to get to the terminal. | |
# Then you can follow the instructions below. | |
# | |
# 1. Create a new file named "searchfiles.sh" (or any other desired name with .sh extension). | |
# You can use any text editor like nano, vim, etc. | |
# Example: nano searchfiles.sh | |
# | |
# 2. Copy and paste the content of this script into that file. | |
# | |
# 3. Save and close the editor. | |
# | |
# 4. Give execute permission to the script: | |
# chmod +x searchfiles.sh | |
# | |
# 5. Now, run the script using: | |
# ./searchfiles.sh | |
# ------------------------------------------------------------------------------ | |
# Prompt the user for a directory to search in, and use `/home/*/domains/` as default if they just press Enter | |
echo -n "Enter the directory to search in (default: /home/*/domains/): " | |
read directory | |
# If the user didn't provide a directory, use the default | |
if [[ -z $directory ]]; then | |
directory="/home/*/domains/" | |
fi | |
echo "Scanning for files in $directory with patterns: *png\?.*, *jpg\?.*, *.png.php*, and *.php.png*..." | |
declare -a filesArray | |
# Expand directory wildcards and iterate over them | |
for expanded_directory in $directory; do | |
while IFS= read -r line; do | |
filesArray+=("$line") | |
done < <(find "$expanded_directory" -type f \( -name "*png\?.*" -o -name "*jpg\?.*" -o -name "*.png.php*" -o -name "*.php.png*" \)) | |
done | |
echo "Found the following files:" | |
for file in "${filesArray[@]}"; do | |
echo "$file" | |
done | |
if [[ ${#filesArray[@]} -eq 0 ]]; then | |
echo "No matching files found." | |
exit 0 | |
fi | |
echo -n "Do you want to delete the found files? (all/one/no): " | |
read choice | |
case $choice in | |
all) | |
read -p "Are you sure you want to delete ALL files? (yes/no): " confirm | |
if [[ $confirm == "yes" ]]; then | |
for file in "${filesArray[@]}"; do | |
rm "$file" | |
echo "Deleted: $file" | |
done | |
else | |
echo "No files deleted." | |
fi | |
;; | |
one) | |
for file in "${filesArray[@]}"; do | |
echo -n "Delete $file? (yes/no): " | |
read confirm | |
if [[ $confirm == "yes" ]]; then | |
rm "$file" | |
echo "Deleted: $file" | |
else | |
echo "Skipped: $file" | |
fi | |
done | |
;; | |
*) | |
echo "No files deleted." | |
;; | |
esac |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment