Malin/LP-MSH-Scanner
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

improved scan.php

Browse Source
This commit is contained in:
Palma Solutions LTD
2017-05-15 06:38:22 +02:00
parent 3de29120db
commit 7207c1672f
2 changed files with 551 additions and 3489 deletions
Download Patch File Download Diff File Expand all files Collapse all files

299
sc.php
View File

@@ -29,7 +29,6 @@ $error = "Fatal error: Allowed memory size of 134217728 bytes exhausted (tried t
<ul>
<li><a href="?run=infection" style="color: #ff0000;">Known PHPShell Scan</a></li>
<li><a href="?run=scanme" style="color: #ff0000;">Known Malware Scan</a></li>
<li><a href="?run=less" style="color: #ff0000;">Less used patterns</a></li>
<li><a href="?run=checkexif" style="color: #ff0000;">Scan JPEG EXIF Data</b></a></li>
<li><a href="?run=iframe" style="color: #ff0000;">malicious IFRAME scan</a></li>
<li><a href="?run=checklarge" style="color: #ff0000;">Check Files With Large Lines</b></a></li>
@@ -1118,79 +1117,6 @@ echo '<input name="submit" type="submit" value="Go">';
}
*/
function less(){
$rray = array("php", "js", "css", "pl");
foreach ($rray as $i => $vals) {
/* echo '\<style name=\"Mr.HiTman\"<br />';
system('find ./ -name "*.'.$vals.'" -exec grep -l "\<style name=\"Mr.HiTman\"" {} \;'); */
echo "OOO000000=urldecode(<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "OOO000000=urldecode(" {} \;');
echo "visitorTracker_isMob<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "visitorTracker_isMob" {} \;');
echo "this->privmsg(<br />";
system('find ./ -name "*.'.$vals.'" -exec grep -l "this->privmsg(" {} \;');
echo "Starting call<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "Starting call" {} \;');
echo "Hacker<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "Hacker" {} \;');
echo "boff<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "boff" {} \;');
echo "r57Shell Edited By Margu<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "r57Shell Edited By Margu" {} \;');
echo "IRC_socket<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "IRC_socket" {} \;');
echo "ConfigSpy<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "ConfigSpy" {} \;');
echo "aWYo<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "aWYo" {} \;');
echo "currentCMD<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "currentCMD" {} \;');
echo "IyEvdXNyL2Jpbi9<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "IyEvdXNyL2Jpbi9" {} \;');
echo "bind_port<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "bind_port" {} \;');
echo "BaseIRC<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "BaseIRC" {} \;');
echo "procname<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "procname" {} \;');
echo "Web Shell<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "Web Shell" {} \;');
echo "Goog1e_analist<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "Goog1e_analist" {} \;');
echo "Upload Fail !<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "Upload Fail !" {} \;');
echo "FilesMan<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "FilesMan" {} \;');
echo "uname -a<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "uname -a" {} \;');
echo "OOO000000<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "OOO000000" {} \;');
echo "Sakerhetsniva<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "Sakerhetsniva" {} \;');
echo "0x00 PHP shell<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "0x00 PHP shell" {} \;');
echo "surl = htmlspecialchars<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "surl = htmlspecialchars" {} \;');
echo "function echoQueryResult() {<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "function echoQueryResult() {" {} \;');
echo "Safe Mode on/off: <br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "Safe Mode on/off: " {} \;');
echo "Script for l33t admin job<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "Script for l33t admin job" {} \;');
echo "ONBOOMSHELL V 0.2<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "ONBOOMSHELL V 0.2" {} \;');
echo "StresBypass v1.0<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "StresBypass v1.0" {} \;'); //StressBypass shell
echo "JspWebshell<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "JspWebshell" {} \;'); //JSP shell
echo "StAkeR ~ Shell<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "StAkeR ~ Shell" {} \;'); //StAkeR shell
echo "SnIpEr_SA<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "SnIpEr_SA" {} \;'); //SnIpEr_SA shell
}
}
// Checking for suspicious files in /tmp
@@ -1327,156 +1253,153 @@ if (isset($_GET['run'])) $linkchoice=$_GET['run'];
infection();
break;
case 'less' :
less();
break;
case 'pwds' :
pwds();
break;
case 'pwds' :
pwds();
break;
case 'mailing' :
mailing();
break;
case 'mailing' :
mailing();
break;
case 'mysqlsearch' :
mysqlsearch();
break;
case 'mysqlsearch' :
mysqlsearch();
break;
case 'remove' :
remove();
break;
case 'remove' :
remove();
break;
case 'clean' :
clean();
break;
case 'clean' :
clean();
break;
case 'loop' :
loop();
break;
case 'loop' :
loop();
break;
case 'otherinfect' :
otherinfect();
break;
case 'otherinfect' :
otherinfect();
break;
case 'hta' :
hta();
break;
case 'hta' :
hta();
break;
case 'version' :
version();
break;
case 'version' :
version();
break;
case 'checkexif' :
checkexif();
break;
case 'checkexif' :
checkexif();
break;
case 'transfer' :
transfer();
break;
case 'transfer' :
transfer();
break;
case 'cleanexif' :
cleanexif();
break;
case 'cleanexif' :
cleanexif();
break;
case 'custom' :
custom();
break;
case 'custom' :
custom();
break;
case 'iframe' :
iframe();
break;
case 'iframe' :
iframe();
break;
case 'lastfiles' :
lastfiles();
break;
case 'execcmd' :
execcmd();
break;
case 'lastfiles' :
lastfiles();
break;
case 'mysqlpwd' :
mysqlpwd();
break;
case 'execcmd' :
execcmd();
break;
case 'findbackups' :
findbackups();
break;
case 'mysqlpwd' :
mysqlpwd();
break;
case 'findlarge' :
findlarge();
break;
case 'findbackups' :
findbackups();
break;
case 'findsql' :
findsql();
break;
case 'findlarge' :
findlarge();
break;
case 'findsymlinks' :
findsymlinks();
break;
case 'findsql' :
findsql();
break;
case 'zencart' :
zencart();
break;
case 'findsymlinks' :
findsymlinks();
break;
case 'getsize' :
getsize();
break;
case 'zencart' :
zencart();
break;
case 'repl' :
repl();
break;
case 'getsize' :
getsize();
break;
case 'fixperms' :
fixperms();
break;
case 'repl' :
repl();
break;
case 'checklarge' :
checklarge();
break;
case 'fixperms' :
fixperms();
break;
case 'processlist' :
processlist();
break;
case 'checklarge' :
checklarge();
break;
case 'scanme' :
scanme();
break;
case 'processlist' :
processlist();
break;
case 'cleanPHP' :
cleanPHP();
break;
case 'scanme' :
scanme();
break;
case 'securetemps' :
securetemps();
break;
case 'cleanPHP' :
cleanPHP();
break;
case 'securetemps' :
securetemps();
break;
case 'cleanPL' :
cleanPL();
break;
case 'cleanPL' :
cleanPL();
break;
case 'insecplug' :
insecplug();
break;
case 'insecplug' :
insecplug();
break;
case 'reshog' :
reshog();
break;
case 'reshog' :
reshog();
break;
case 'findbot' :
findbot();
break;
case 'findbot' :
findbot();
break;
case 'cleangravity' :
cleangravity();
break;
case 'cleangravity' :
cleangravity();
break;
case 'cleanupl' :
cleanupl();
break;
case 'cleanupl' :
cleanupl();
break;
default :
norun();
echo 'no function chosen. please pick a function from the menu above';
default :
norun();
echo 'no function chosen. please pick a function from the menu above';
}

3741
scan.php
View File

File diff suppressed because it is too large Load Diff