mdpuma/gist:b5a7fdc7f0a052f77732

## gistfile1.txt
#!/bin/bash

find ! -perm 000 -type f -name \*.php -print0 | xargs -0 -n2 grep -E "mail\s*\(" |less
find ! -perm 000 -type f -name \*.php -print0 | xargs -0 -n2 grep -E 'eval\(|move_uploaded_file' |less
find ! -perm 000 -type f -name \*.php -print0 | xargs -0 -n2 grep 'eval(stripslashes' |less
find ! -perm 000 -type f -name \*.php -print0 | xargs -0 -n2 grep 'eval($_' |less
find ! -perm 000 -type f -name \*.php -print0 | xargs -0 -n2 grep 'base64_decode(' |less
find ! -perm 000 -type f -name \*.php -print0 | xargs -0 -n2 grep 'base64_encode(gzcompress' |less
find ! -perm 000 -type f -name \*.php -print0 | xargs -0 -n2 grep "\\\x" |less
find ! -perm 000 -type f -name \*.php -print0 | xargs -0 -n2 grep -E "(system|exec)\(" |less
find ! -perm 000 -type f -name \*.php -print0 | xargs -0 -n2 grep -E "[^\ ]{300,}" |less
find ! -perm 000 -type f -name \*.php -print0 | xargs -0 -n2 grep -E 'FilesMan|socket_connect' |less
find ! -perm 000 -type f -name \*.php -print0 | xargs -0 -n2 grep 'getenv' | grep REMOTE_ADDR | less
find ! -perm 000 -type f -name \*.php -print0 | xargs -0 -n2 grep -E '@$strings\(str_rot13' | less

find ! -perm 000 -type f -name \*.php -print0 | xargs -0 -n2 grep 'ionCube' | less

grep -E '\$subject =\s\$_(POST|GET|REQUEST)' `find ! -perm 000 -type f -name \*.php` 2>/dev/null |less
grep -E 'mail.add_x_header' `find ! -perm 000 -type f -name \*.php` 2>/dev/null |less

find ! -perm 000 -type f \( -name \*htm\* -o -name \*.php \) -print0 | xargs -0 grep -i 'http-equiv="refresh"' | less

find ! -perm 000 -type f ! -name \*.php -print0 | xargs -0 -n2 grep -E '<\?php' |less
find ! -perm 000 -type f -name \*.php -print0 | xargs -0 -n2 grep -E 'social*.png|background*.png' |less
find ! -perm 000 -type f -name social*.png -or -name background*.png -print0 | xargs -0 grep '<?php' |less

find -name 1.sh -or -name \*.so
find ! -perm 000 -type f -name \*.php -print0 | xargs -0 grep array_diff_ukey

find ! -perm 000 -type f -name \*.php -print0 | xargs -0 -n2 grep -E '@include "' |less
find ! -perm 000 -type f -name \*.ico -print0 | xargs -0 -n2 grep -E '<?php' |less

find ! -perm 000 -type f -name \*.php -print0 | xargs -0 -n2 grep 'eval\/\*' |less
	#!/bin/bash

	find ! -perm 000 -type f -name \.php -print0 \| xargs -0 -n2 grep -E "mail\s\(" \|less
	find ! -perm 000 -type f -name \*.php -print0 \| xargs -0 -n2 grep -E 'eval\(\|move_uploaded_file' \|less
	find ! -perm 000 -type f -name \*.php -print0 \| xargs -0 -n2 grep 'eval(stripslashes' \|less
	find ! -perm 000 -type f -name \*.php -print0 \| xargs -0 -n2 grep 'eval($_' \|less
	find ! -perm 000 -type f -name \*.php -print0 \| xargs -0 -n2 grep 'base64_decode(' \|less
	find ! -perm 000 -type f -name \*.php -print0 \| xargs -0 -n2 grep 'base64_encode(gzcompress' \|less
	find ! -perm 000 -type f -name \*.php -print0 \| xargs -0 -n2 grep "\\\x" \|less
	find ! -perm 000 -type f -name \*.php -print0 \| xargs -0 -n2 grep -E "(system\|exec)\(" \|less
	find ! -perm 000 -type f -name \*.php -print0 \| xargs -0 -n2 grep -E "[^\ ]{300,}" \|less
	find ! -perm 000 -type f -name \*.php -print0 \| xargs -0 -n2 grep -E 'FilesMan\|socket_connect' \|less
	find ! -perm 000 -type f -name \*.php -print0 \| xargs -0 -n2 grep 'getenv' \| grep REMOTE_ADDR \| less
	find ! -perm 000 -type f -name \*.php -print0 \| xargs -0 -n2 grep -E '@$strings\(str_rot13' \| less

	find ! -perm 000 -type f -name \*.php -print0 \| xargs -0 -n2 grep 'ionCube' \| less

	grep -E '\$subject =\s\$_(POST\|GET\|REQUEST)' `find ! -perm 000 -type f -name \*.php` 2>/dev/null \|less
	grep -E 'mail.add_x_header' `find ! -perm 000 -type f -name \*.php` 2>/dev/null \|less

	find ! -perm 000 -type f \( -name \htm\ -o -name \*.php \) -print0 \| xargs -0 grep -i 'http-equiv="refresh"' \| less

	find ! -perm 000 -type f ! -name \*.php -print0 \| xargs -0 -n2 grep -E '<\?php' \|less
	find ! -perm 000 -type f -name \.php -print0 \| xargs -0 -n2 grep -E 'social.png\|background*.png' \|less
	find ! -perm 000 -type f -name social.png -or -name background.png -print0 \| xargs -0 grep '<?php' \|less

	find -name 1.sh -or -name \*.so
	find ! -perm 000 -type f -name \*.php -print0 \| xargs -0 grep array_diff_ukey

	find ! -perm 000 -type f -name \*.php -print0 \| xargs -0 -n2 grep -E '@include "' \|less
	find ! -perm 000 -type f -name \*.ico -print0 \| xargs -0 -n2 grep -E '<?php' \|less

	find ! -perm 000 -type f -name \.php -print0 \| xargs -0 -n2 grep 'eval\/\' \|less