当前位置:  首页  >  服务器技术  >  Linux/unix  >  Linux教程

一个PHPwebshell检查shell脚本

#!binsh#************************************************************#WebshellCheckShellforphp#By:Neeao#2008717v1.0beta#************************************************************HOSTIP`ifconfigeth0|g

#!/bin/sh

#************************************************************

#Webshell Check Shell for php

#By:Neeao

#2008/7/17 v1.0 beta

#************************************************************

HOSTIP=`ifconfig eth0 |grep 'inet addr'|awk '{print $2;}'|cut -d: -f2`

#STR=`expr index $HOSTIP "192.168"`

#if [ ${STR} -eq 1 ]

# then

# HOSTIP=`ifconfig eth1 |grep 'inet addr'|awk '{print $2;}'|cut -d: -f2`

#fi

echo $HOSTIP

LogFile=/tmp/$HOSTIP.log

rm -rf $LogFile

date +%Y-%m-%d/%H:%M >> $LogFile

echo -e "\n" >> $LogFile

echo " ---------------------------------------------------------------------------------------------------" >> $LogFile

echo "|Executive Order function:exec(\|system(\|passthru(\|shell_exec(\|popen(\|proc_open(\|pcntl_exec( |" >> $LogFile

echo " ---------------------------------------------------------------------------------------------------" >> $LogFile

echo -e "\n" >> $LogFile

grep -in 'exec(\|system(\|passthru(\|shell_exec(\|popen(\|proc_open(\|pcntl_exec(' -R * | grep -iv '_exec' >> $LogFile

echo -e "\n" >> $LogFile

echo " -------------------------------------------------------------------------------------------" >> $LogFile

echo "|Deformation of the back door coding:eval(\|base64_decode(\|gzinflate(\|gzuncompress(\|chr( |" >> $LogFile

echo " --------------------------------------------------------------------------------------------" >> $LogFile

echo -e "\n" >> $LogFile

grep -in "eval(\|base64_decode(\|gzinflate(\|gzuncompress(\|chr(" -R * >> $LogFile

echo -e "\n" >> $LogFile

echo " -----------------------------------------------------------------------------------------------------------------" >> $LogFile

echo "|File operations function:dl(\|fopen(\|readfile(\|file(\|file_get_contents(\|opendir(\|chdir(\|fwrite(\|unlink(\|glob(|" >> $LogFile

echo " -----------------------------------------------------------------------------------------------------------------" >> $LogFile

echo -e "\n" >> $LogFile

grep -in "dl(\|fopen(\|readfile(\|file(\|file_get_contents(\|opendir(\|chdir(\|fwrite(\|unlink(\|glob(" -R * >> $LogFile

echo -e "\n" >> $LogFile

echo "----------------------------------" >> $LogFile

echo "|Files inculde bug:include|require|" >> $LogFile

echo "----------------------------------" >> $LogFile

echo -e "\n" >> $LogFile

grep -in "include.*\$.\|require.*\$." -R * >> $LogFile

echo -e "\n" >> $LogFile

echo "---------------------------------------------------------" >> $LogFile

echo "|Risk code Keyword:SQLyog\|phpAdsNew\|huansuan\|fckeditor|" >> $LogFile

echo "--------------------------------------------------------" >> $LogFile

echo -e "\n" >> $LogFile

grep -in "SQLyog\|phpAdsNew\|huansuan\|fckeditor" -R * >> $LogFile

cd /tmp

tar -zcvf $HOSTIP.tar.gz $HOSTIP.log

吐了个 "CAO" !
扫码关注 PHP1 官方微信号
PHP1.CN | 中国最专业的PHP中文社区 | PHP资讯 | PHP教程 | 数据库技术 | 服务器技术 | 前端开发技术 | PHP框架 | 开发工具 | PHP问答
Copyright © 1998 - 2020 PHP1.CN. All Rights Reserved PHP1.CN 第一PHP社区 版权所有