Malin/LP-MSH-Scanner
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

improved scan.php

Browse Source
This commit is contained in:
Palma Solutions LTD
2017-05-15 06:38:22 +02:00
parent 3de29120db
commit 7207c1672f
2 changed files with 551 additions and 3489 deletions
Download Patch File Download Diff File Expand all files Collapse all files

81
sc.php
View File

@@ -29,7 +29,6 @@ $error = "Fatal error: Allowed memory size of 134217728 bytes exhausted (tried t
<ul> <ul>
<li><a href="?run=infection" style="color: #ff0000;">Known PHPShell Scan</a></li> <li><a href="?run=infection" style="color: #ff0000;">Known PHPShell Scan</a></li>
<li><a href="?run=scanme" style="color: #ff0000;">Known Malware Scan</a></li> <li><a href="?run=scanme" style="color: #ff0000;">Known Malware Scan</a></li>
<li><a href="?run=less" style="color: #ff0000;">Less used patterns</a></li>
<li><a href="?run=checkexif" style="color: #ff0000;">Scan JPEG EXIF Data</b></a></li> <li><a href="?run=checkexif" style="color: #ff0000;">Scan JPEG EXIF Data</b></a></li>
<li><a href="?run=iframe" style="color: #ff0000;">malicious IFRAME scan</a></li> <li><a href="?run=iframe" style="color: #ff0000;">malicious IFRAME scan</a></li>
<li><a href="?run=checklarge" style="color: #ff0000;">Check Files With Large Lines</b></a></li> <li><a href="?run=checklarge" style="color: #ff0000;">Check Files With Large Lines</b></a></li>
@@ -1118,79 +1117,6 @@ echo '<input name="submit" type="submit" value="Go">';
} }
*/ */
function less(){
$rray = array("php", "js", "css", "pl");
foreach ($rray as $i => $vals) {
/* echo '\<style name=\"Mr.HiTman\"<br />';
system('find ./ -name "*.'.$vals.'" -exec grep -l "\<style name=\"Mr.HiTman\"" {} \;'); */
echo "OOO000000=urldecode(<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "OOO000000=urldecode(" {} \;');
echo "visitorTracker_isMob<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "visitorTracker_isMob" {} \;');
echo "this->privmsg(<br />";
system('find ./ -name "*.'.$vals.'" -exec grep -l "this->privmsg(" {} \;');
echo "Starting call<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "Starting call" {} \;');
echo "Hacker<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "Hacker" {} \;');
echo "boff<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "boff" {} \;');
echo "r57Shell Edited By Margu<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "r57Shell Edited By Margu" {} \;');
echo "IRC_socket<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "IRC_socket" {} \;');
echo "ConfigSpy<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "ConfigSpy" {} \;');
echo "aWYo<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "aWYo" {} \;');
echo "currentCMD<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "currentCMD" {} \;');
echo "IyEvdXNyL2Jpbi9<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "IyEvdXNyL2Jpbi9" {} \;');
echo "bind_port<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "bind_port" {} \;');
echo "BaseIRC<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "BaseIRC" {} \;');
echo "procname<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "procname" {} \;');
echo "Web Shell<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "Web Shell" {} \;');
echo "Goog1e_analist<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "Goog1e_analist" {} \;');
echo "Upload Fail !<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "Upload Fail !" {} \;');
echo "FilesMan<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "FilesMan" {} \;');
echo "uname -a<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "uname -a" {} \;');
echo "OOO000000<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "OOO000000" {} \;');
echo "Sakerhetsniva<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "Sakerhetsniva" {} \;');
echo "0x00 PHP shell<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "0x00 PHP shell" {} \;');
echo "surl = htmlspecialchars<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "surl = htmlspecialchars" {} \;');
echo "function echoQueryResult() {<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "function echoQueryResult() {" {} \;');
echo "Safe Mode on/off: <br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "Safe Mode on/off: " {} \;');
echo "Script for l33t admin job<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "Script for l33t admin job" {} \;');
echo "ONBOOMSHELL V 0.2<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "ONBOOMSHELL V 0.2" {} \;');
echo "StresBypass v1.0<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "StresBypass v1.0" {} \;'); //StressBypass shell
echo "JspWebshell<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "JspWebshell" {} \;'); //JSP shell
echo "StAkeR ~ Shell<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "StAkeR ~ Shell" {} \;'); //StAkeR shell
echo "SnIpEr_SA<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "SnIpEr_SA" {} \;'); //SnIpEr_SA shell
}
}
// Checking for suspicious files in /tmp // Checking for suspicious files in /tmp
@@ -1327,10 +1253,6 @@ if (isset($_GET['run'])) $linkchoice=$_GET['run'];
infection(); infection();
break; break;
case 'less' :
less();
break;
case 'pwds' : case 'pwds' :
pwds(); pwds();
break; break;
@@ -1387,7 +1309,6 @@ case 'iframe' :
iframe(); iframe();
break; break;
case 'lastfiles' : case 'lastfiles' :
lastfiles(); lastfiles();
break; break;
@@ -1447,9 +1368,11 @@ case 'getsize' :
case 'cleanPHP' : case 'cleanPHP' :
cleanPHP(); cleanPHP();
break; break;
case 'securetemps' : case 'securetemps' :
securetemps(); securetemps();
break; break;
case 'cleanPL' : case 'cleanPL' :
cleanPL(); cleanPL();
break; break;

3733
scan.php
View File

File diff suppressed because it is too large Load Diff