Malin/LP-MSH-Scanner
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

new patterns

Browse Source
This commit is contained in:
Palma Solutions LTD
2018-05-17 19:48:03 +02:00
parent 2d6ac58e2f
commit 2259169098
3 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
scan.py
View File

@@ -440,7 +440,8 @@ def is_hacked(filename):
or (line_num < 4 and "passthru($_POST[" in l) \
or (line_num == 1 and '$stg="ba"."se"."64_d"."ecode";eval($stg(' in l) \
or '(edoced_46esab(etalfnizg(lave' in l \
or "file_put_contents('1.txt', print_r" in l:
or "file_put_contents('1.txt', print_r" in l \
or 'function wp_cd(' in l:
score.append(('PHP_SHELL', ''))
if 'move_uploaded_file(' in l:
@@ -547,7 +548,8 @@ def is_hacked(filename):
or 'Wells Fargo Home Page' in l \
or 'Chase Online - Logon' in l:
score.append(('PHISHING', ''))
if re.compile('User-Agent.*cpuminer').match(l):
if re.compile('User-Agent.*cpuminer').match(l) \
or 'stratum+tcp' in l:
score.append(('CRYPTO', ''))
previous_line = l