Skip to content

Instantly share code, notes, and snippets.

@rezen
Created January 25, 2013 00:54
Show Gist options
  • Save rezen/4630532 to your computer and use it in GitHub Desktop.
Save rezen/4630532 to your computer and use it in GitHub Desktop.
Scan files (php) for questionable items ... looking for those exploits!
<?php
// Let's see those errors!
error_reporting(1);
// Give it some time!
set_time_limit(80);
// File ext(types) to check!
$check_files = array(
'php',
'php5',
'inc',
'txt',
'css',
'js',
'htaccess',
'png'
);
// Any folder name you want to ignore
$ignore_dirs = array(
'_kb',
'cgi-bin',
'sym'
);
// Questionables!
// TODO add points for items
$questionable_strings = array(
'passwd',
'uudecode',
'wshell',
'popen',
'str_rot13',
'cx',
'exec',
'passthru',
'proc_',
'noscript',
'script',
'iframe',
//'\x',
'cgi.',
'system',
'passthru',
'shell_exec',
'system',
'phpinfo',
'base_convert',
'hack',
'eval',
'gzinflate',
'shell',
'sh3ll',
'alias',
'SymLinks',
'symlink',
'crack',
'REMOTE_ADDR',
'getcwd',
'/bin',
'pcntl_fork',
'posix_setsid',
'.conf',
'.ini',
'stream_',
'posix_getpwuid',
'fileowner',
'eregi',
'ini_get',
'proc_close',
'unpack',
'pack',
'decbin',
'REMOTE_ADDR',
'base64_decode',
'edoced_46esab',
'get_loaded_extensions'
);
// Loop through the files
function scanDirectory($dir)
{
global $ignore_dirs;
// what directory do you want to start at?
// you can only pass in parameters glob() will take
// that means you can also limit file type
foreach(glob($dir) as $item)
{
// is the record a directory?
if(is_dir($item)){
// if isn't folder to ignore
if(!in_array($item, $ignore_dirs)){
// we need to update this for better parament passing
// i.e. ability to pass file type or glob() pattern
scanDirectory($item.'/*');
}
} else { // Not a file!
// lets get that extension!
$ext = pathinfo($item, PATHINFO_EXTENSION);
global $check_files;
// if file type needs checking ... check it
if(in_array($ext, $check_files)){
scanFile($item);
}
}
}
}
// Scan a file for possible exploits
function scanFile($file){
if(!($content = file_get_contents($file))){
// empty file...
echo 'Erra';
} else {
global $questionable_strings;
// file has content so let's get it's matches
$matches = checkMatches($content, $questionable_strings);
// Are there matches?
if(count($matches) > 0){
echo "$file";
// handles those matches
displayMatches($matches);
}
}
}
// Display all matches
function displayMatches($matches){
echo '<ul>';
$total_count = 0;
foreach($matches as $type => $count){
echo '<li>'.$type.' ('. $count . '</li>';
$total_count += $count;
}
echo "<li>Total Count : $total_count</li>";
echo '</ul>';
}
// Read string for questionables
function checkMatches($string, $questionable_strings){
// holds all the hits
$flags = array();
// loop through questionables
foreach($questionable_strings as $in_question){
// how many time does the questionable show up
$count = substr_count($string, $in_question);
// if there is a hit ... record it
if($count)
{
$flags[$in_question] = $count;
}
}
return $flags;
}
scanDirectory('*');
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment