galehrizky/mass_check.php

## mass_check.php
<?php

# Coded by galehdotid
# fb : https://www.facebook.com/hax0rtersakiti
# Mass WebShell check & SSL check
# Usage : php file.php list.txt
error_reporting(0);

function has_ssl( $domain ) {
    $res = false;
    $stream = @stream_context_create( array( 'ssl' => array( 'capture_peer_cert' => true ) ) );
    $socket = @stream_socket_client( 'ssl://' . $domain . ':443', $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $stream );

    // If we got a ssl certificate we check here, if the certificate domain
    // matches the website domain.
    if ( $socket ) {
        $cont = stream_context_get_params( $socket );
        $cert_ressource = $cont['options']['ssl']['peer_certificate'];
        $cert = openssl_x509_parse( $cert_ressource );

        // Expected name has format "/CN=*.yourdomain.com"
        $namepart = explode( '=', $cert['name'] );

        // We want to correctly confirm the certificate even
        // for subdomains like "www.yourdomain.com"
        if ( count( $namepart ) == 2 ) {
            $cert_domain = trim( $namepart[1], '*. ' );
            $check_domain = substr( $domain, -strlen( $cert_domain ) );
            $res = ($cert_domain == $check_domain);
        }
    }

    return $res;
}

function grabdomain($url)
{
	$parse = parse_url($url);

	return $parse['host'];
}


function cek_shell($url)
{
	$keyword = array("Password","password","Submit","submit","WSO","GIF89a","IndoXploit","Shell","shell","wso","Upload","Priv8","priv8","tool","Tool","tools","Tools","Linux","SMP Tue","SMP Wed","SMP Sat","SMP Mon","SMP Sun","SMP Thu","SMP Fri","Safe mode","exploit-db.com","phpinfo","Php Info"," UTC","Disable Function"); // Edit Here

		$rEgex = '/(' .implode('|', $keyword) .')/';

		$ch = curl_init($url);
		curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
		curl_setopt($ch,CURLOPT_TIMEOUT,20);
		$shellcurl = curl_exec($ch);
		$httpcode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
		curl_close($ch);
		if($httpcode == 200 && preg_match_all("$rEgex", $shellcurl))  {

			return true;
		}
		else {
			return false;
		}
	}

function saveBjir($url, $file_name)
{
	$file = fopen($file_name."-".date('Y-m-d').".txt","a");
	fwrite($file, "\n". $url);
	fclose($file);
}


if (isset($argv[1])) {

	$list = $argv[1];

	$url_list = explode("\r\n", file_get_contents($list));


	if (!empty($url_list)) {
		$i = 0;
		foreach ($url_list as $key => $value) {
			$cek_shell = cek_shell($value);

			if ($cek_shell == true) {
				echo "[" . $i . " / " . count($url_list) . "][+] Webshell OK => {$value} ";
				$host = grabdomain($value);
				$ahha = has_ssl($host);
				if ($ahha == true) {
					echo " =>  SSL OK  \n";
					saveBjir($value, "WEBSHELL-SSL");
				}else{
					echo "=>  SSL FAIL \n";
					saveBjir($value, "WEBSHELL-NOT-SSL");
				}
			}else{
				echo "[" . $i . " / " . count($url_list) . "][-] Webshell DIE => {$value} \n";
			}
			$i++;
		}
	}else{
		die("List Empty !");
	}

}else{
	die("List not found !");
}

?>
	<?php

	# Coded by galehdotid
	# fb : https://www.facebook.com/hax0rtersakiti
	# Mass WebShell check & SSL check
	# Usage : php file.php list.txt
	error_reporting(0);

	function has_ssl( $domain ) {
	$res = false;
	$stream = @stream_context_create( array( 'ssl' => array( 'capture_peer_cert' => true ) ) );
	$socket = @stream_socket_client( 'ssl://' . $domain . ':443', $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $stream );

	// If we got a ssl certificate we check here, if the certificate domain
	// matches the website domain.
	if ( $socket ) {
	$cont = stream_context_get_params( $socket );
	$cert_ressource = $cont['options']['ssl']['peer_certificate'];
	$cert = openssl_x509_parse( $cert_ressource );

	// Expected name has format "/CN=*.yourdomain.com"
	$namepart = explode( '=', $cert['name'] );

	// We want to correctly confirm the certificate even
	// for subdomains like "www.yourdomain.com"
	if ( count( $namepart ) == 2 ) {
	$cert_domain = trim( $namepart[1], '*. ' );
	$check_domain = substr( $domain, -strlen( $cert_domain ) );
	$res = ($cert_domain == $check_domain);
	}
	}

	return $res;
	}

	function grabdomain($url)
	{
	$parse = parse_url($url);

	return $parse['host'];
	}


	function cek_shell($url)
	{
	$keyword = array("Password","password","Submit","submit","WSO","GIF89a","IndoXploit","Shell","shell","wso","Upload","Priv8","priv8","tool","Tool","tools","Tools","Linux","SMP Tue","SMP Wed","SMP Sat","SMP Mon","SMP Sun","SMP Thu","SMP Fri","Safe mode","exploit-db.com","phpinfo","Php Info"," UTC","Disable Function"); // Edit Here

	$rEgex = '/(' .implode('\|', $keyword) .')/';

	$ch = curl_init($url);
	curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
	curl_setopt($ch,CURLOPT_TIMEOUT,20);
	$shellcurl = curl_exec($ch);
	$httpcode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
	curl_close($ch);
	if($httpcode == 200 && preg_match_all("$rEgex", $shellcurl)) {

	return true;
	}
	else {
	return false;
	}
	}

	function saveBjir($url, $file_name)
	{
	$file = fopen($file_name."-".date('Y-m-d').".txt","a");
	fwrite($file, "\n". $url);
	fclose($file);
	}



	if (isset($argv[1])) {

	$list = $argv[1];

	$url_list = explode("\r\n", file_get_contents($list));


	if (!empty($url_list)) {
	$i = 0;
	foreach ($url_list as $key => $value) {
	$cek_shell = cek_shell($value);

	if ($cek_shell == true) {
	echo "[" . $i . " / " . count($url_list) . "][+] Webshell OK => {$value} ";
	$host = grabdomain($value);
	$ahha = has_ssl($host);
	if ($ahha == true) {
	echo " => SSL OK \n";
	saveBjir($value, "WEBSHELL-SSL");
	}else{
	echo "=> SSL FAIL \n";
	saveBjir($value, "WEBSHELL-NOT-SSL");
	}
	}else{
	echo "[" . $i . " / " . count($url_list) . "][-] Webshell DIE => {$value} \n";
	}
	$i++;
	}
	}else{
	die("List Empty !");
	}

	}else{
	die("List not found !");
	}

	?>