rezen/scanner.php

## scanner.php
<?php

// Let's see those errors!
error_reporting(1);

// Give it some time!
set_time_limit(80);

// File ext(types) to check!
$check_files = array(
  'php',
  'php5',
  'inc',
  'txt',
  'css',
  'js',
  'htaccess',
  'png'
);

// Any folder name you want to ignore
$ignore_dirs = array(
  '_kb',
  'cgi-bin',
  'sym'
);

// Questionables!
// TODO add points for items
$questionable_strings = array(
    'passwd',
    'uudecode',
    'wshell',
    'popen',
    'str_rot13',
    'cx',
    'exec',
    'passthru',
    'proc_',
    'noscript',
    'script',
    'iframe',
    //'\x',
    'cgi.',
    'system',
    'passthru',
    'shell_exec',
    'system',
    'phpinfo',
    'base_convert',
    'hack',
    'eval',
    'gzinflate',
    'shell',
    'sh3ll',
    'alias',
    'SymLinks',
    'symlink',
    'crack',
    'REMOTE_ADDR',
    'getcwd',
    '/bin',
    'pcntl_fork',
    'posix_setsid',
    '.conf',
    '.ini',
    'stream_',
    'posix_getpwuid',
    'fileowner',
    'eregi',
    'ini_get',
    'proc_close',
    'unpack',
    'pack',
    'decbin',
    'REMOTE_ADDR',
    'base64_decode',
    'edoced_46esab',
    'get_loaded_extensions'
);

// Loop through the files
function scanDirectory($dir)
{
  global $ignore_dirs;
  // what directory do you want to start at?
  // you can only pass in parameters glob() will take
  // that means you can also limit file type
  foreach(glob($dir) as $item)
  {
    // is the record a directory?
    if(is_dir($item)){

      // if isn't folder to ignore
      if(!in_array($item, $ignore_dirs)){
        // we need to update this for better parament passing
        // i.e. ability to pass file type or glob() pattern
        scanDirectory($item.'/*');
      }

    } else { // Not a file!

      // lets get that extension!
      $ext = pathinfo($item, PATHINFO_EXTENSION);

      global $check_files;

      // if file type needs checking ... check it
      if(in_array($ext, $check_files)){
        scanFile($item);
      }

    }
  }
}

// Scan a file for possible exploits
function scanFile($file){
   if(!($content = file_get_contents($file))){
      // empty file...
      echo 'Erra';
   } else {
    global $questionable_strings;
    // file has content so let's get it's matches
    $matches = checkMatches($content, $questionable_strings);

    // Are there matches?
    if(count($matches) > 0){
      echo "$file";
      // handles those matches
      displayMatches($matches);
    }
   }
}

// Display all matches
function displayMatches($matches){
  echo '<ul>';
  $total_count = 0;
  foreach($matches as $type => $count){
    echo '<li>'.$type.' ('. $count . '</li>';
    $total_count += $count;
  }
  echo "<li>Total Count : $total_count</li>";
  echo '</ul>';
}

// Read string for questionables
function checkMatches($string, $questionable_strings){

  // holds all the hits
  $flags = array();

  // loop through questionables
  foreach($questionable_strings as $in_question){
    // how many time does the questionable show up
    $count = substr_count($string, $in_question);

    // if there is a hit ... record it
    if($count)
    {
      $flags[$in_question] = $count;
    }
  }

  return $flags;

}

scanDirectory('*');
	<?php

	// Let's see those errors!
	error_reporting(1);

	// Give it some time!
	set_time_limit(80);

	// File ext(types) to check!
	$check_files = array(
	'php',
	'php5',
	'inc',
	'txt',
	'css',
	'js',
	'htaccess',
	'png'
	);

	// Any folder name you want to ignore
	$ignore_dirs = array(
	'_kb',
	'cgi-bin',
	'sym'
	);

	// Questionables!
	// TODO add points for items
	$questionable_strings = array(
	'passwd',
	'uudecode',
	'wshell',
	'popen',
	'str_rot13',
	'cx',
	'exec',
	'passthru',
	'proc_',
	'noscript',
	'script',
	'iframe',
	//'\x',
	'cgi.',
	'system',
	'passthru',
	'shell_exec',
	'system',
	'phpinfo',
	'base_convert',
	'hack',
	'eval',
	'gzinflate',
	'shell',
	'sh3ll',
	'alias',
	'SymLinks',
	'symlink',
	'crack',
	'REMOTE_ADDR',
	'getcwd',
	'/bin',
	'pcntl_fork',
	'posix_setsid',
	'.conf',
	'.ini',
	'stream_',
	'posix_getpwuid',
	'fileowner',
	'eregi',
	'ini_get',
	'proc_close',
	'unpack',
	'pack',
	'decbin',
	'REMOTE_ADDR',
	'base64_decode',
	'edoced_46esab',
	'get_loaded_extensions'
	);

	// Loop through the files
	function scanDirectory($dir)
	{
	global $ignore_dirs;
	// what directory do you want to start at?
	// you can only pass in parameters glob() will take
	// that means you can also limit file type
	foreach(glob($dir) as $item)
	{
	// is the record a directory?
	if(is_dir($item)){

	// if isn't folder to ignore
	if(!in_array($item, $ignore_dirs)){
	// we need to update this for better parament passing
	// i.e. ability to pass file type or glob() pattern
	scanDirectory($item.'/*');
	}

	} else { // Not a file!

	// lets get that extension!
	$ext = pathinfo($item, PATHINFO_EXTENSION);

	global $check_files;

	// if file type needs checking ... check it
	if(in_array($ext, $check_files)){
	scanFile($item);
	}

	}
	}
	}

	// Scan a file for possible exploits
	function scanFile($file){
	if(!($content = file_get_contents($file))){
	// empty file...
	echo 'Erra';
	} else {
	global $questionable_strings;
	// file has content so let's get it's matches
	$matches = checkMatches($content, $questionable_strings);

	// Are there matches?
	if(count($matches) > 0){
	echo "$file";
	// handles those matches
	displayMatches($matches);
	}
	}
	}

	// Display all matches
	function displayMatches($matches){
	echo '<ul>';
	$total_count = 0;
	foreach($matches as $type => $count){
	echo '<li>'.$type.' ('. $count . '</li>';
	$total_count += $count;
	}
	echo "<li>Total Count : $total_count</li>";
	echo '</ul>';
	}

	// Read string for questionables
	function checkMatches($string, $questionable_strings){

	// holds all the hits
	$flags = array();

	// loop through questionables
	foreach($questionable_strings as $in_question){
	// how many time does the questionable show up
	$count = substr_count($string, $in_question);

	// if there is a hit ... record it
	if($count)
	{
	$flags[$in_question] = $count;
	}
	}

	return $flags;

	}

	scanDirectory('*');