added
--all-output
--pattern
--no-stop
removed --verbose/-v
put color in the pattern comments
updated paths to pattern files to either base64_patterns, or definitions
scan function has been broken up into a multiple functions which should make it more modular if future scan types are needed.
--comment, -a flag was added which prints the first comment to appear prior to the matched pattern in the pattern file.
--Fixed a bug with the out function. Previous updates of mine did not update all calls to the out function which I changed the parameters for. Fixed this by replacing the out function with an 'error' function.
--Alphabetized function definitions and did some general tidying up
--Made all functions private except the constructor.
--Created parseArgs function to handle reading in options.
--Fixed a bug with 'extra-check' where htaccess and googleBot were being pushed to the pattern array each time a file was scanned.
This bug was created when I moved the pattern initialize code to the constructor. Moved extra-check code with the rest of the initialize pattern calls.
--Added -no-color, -time, and -checksum flags. I'd prefer if the output was only as spammy as the user requests. Time should be helpful in tracing when the attack occurred and if files are related to the same hack. Time and checksum do not display by default. no-color flag makes it easier to dump to plain text files.
checking for comments and whitespace lines in pattern files should only be done once when the patterns are loaded.
Added this code to the loadPatterns() function and removed it from the 3 scan loops.
Verbose flag was not proceeding with the next scan due to !found being set. Added a check to see if it is verbose when it decides to do the next scan.
Patterns should be loaded once and only once. The files aren't large so not a problem with memory, however it might impact performance if we are loading the same 3 files ever time we scan a file.
- Gave each flag option a short or long option; like i:ignore or d:directory or k:hide-ok
- Added a verbose option that instructs the scan to scan a file for ALL matches and not just stop at the first one.
- Restructured the output code to allow for the verbose flag, mainly a new function printPath and where the md5 hash is computed
- Modified the output to be cleaner, checksum is printed first as it is fix-width and to make it easier to paste into the whitelist file.
- Modified the output to be 'bash safe', ie when I accidentally paste my scan results into my terminal, the '#' should make sure everything is treated as a comment. This is in contrast to possibly attempting to execute absolute paths to potentially malicious PHP scripts and the usage of the '>' which tells the shell to write to a file. Also enclosed each path in {} for similar purposes.
- Printing the matched string/pattern in $color... might change later depending on preference.
the 's' flag tells preg_match to operate in multi-line mode. the 'm' flag does the same, but allows line begin and ends to still be matched which is useful in some cases.
Added a single short flag for every long flag and a single long flag for every short flag.
This now gives us 2 ways to set each flag.
Also updated the showhelp.
Dropped an unnecessary 'else' statement.
The pattern files are large and complex enough to justify some whitespace and comments to explain what each entry is.
Added logic to check if the line is empty or if the first character is equal to '#' before using it as a pattern. Simply skips over empty and commented lines.
Added Extra Patterns for scanning from samples i found on my server.
Added extra-check it checks for googlebot and htaccess useful for cleaning up left over files.
