emcniece/firstline.php

## firstline.php
<?php
/*
  Firstline Dump Tool
  emcniece@gmail.com | Dec. 1 2015

  A handy tool for analyzing the first line of each php file,
  which is usually where hacks get injected.

  Visit in a browser to activate.
*/

echo "Firstline dump!\n";

function rglob($pattern, $flags = 0) {
    $files = glob($pattern, $flags);
    foreach (glob(dirname($pattern).'/*', GLOB_ONLYDIR|GLOB_NOSORT) as $dir) {
        $files = array_merge($files, rglob($dir.'/'.basename($pattern), $flags));
    }
    return $files;
}


foreach( rglob('*.php') as $file){
  $line = fgets(fopen($file, 'r'));
  $line = trim($line);
  if( ($line !== "<?php") && strpos($line, '$') ){
  //if( preg_match("/\<\?php[\r\n\s]{0,2}/", $line) ){

    echo $file."<br />\n";
    echo htmlspecialchars($line)."<br /><br />\n\n";
  }
}
	<?php
	/*
	Firstline Dump Tool
	emcniece@gmail.com \| Dec. 1 2015

	A handy tool for analyzing the first line of each php file,
	which is usually where hacks get injected.

	Visit in a browser to activate.
	*/

	echo "Firstline dump!\n";

	function rglob($pattern, $flags = 0) {
	$files = glob($pattern, $flags);
	foreach (glob(dirname($pattern).'/*', GLOB_ONLYDIR\|GLOB_NOSORT) as $dir) {
	$files = array_merge($files, rglob($dir.'/'.basename($pattern), $flags));
	}
	return $files;
	}


	foreach( rglob('*.php') as $file){
	$line = fgets(fopen($file, 'r'));
	$line = trim($line);
	if( ($line !== "<?php") && strpos($line, '$') ){
	//if( preg_match("/\<\?php[\r\n\s]{0,2}/", $line) ){

	echo $file."<br />\n";
	echo htmlspecialchars($line)."<br /><br />\n\n";
	}
	}