Malin/LP-MSH-Scanner
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

improved scan.php

Browse Source
This commit is contained in:
Palma Solutions LTD
2017-05-15 06:38:22 +02:00
parent 3de29120db
commit 7207c1672f
2 changed files with 551 additions and 3489 deletions
Download Patch File Download Diff File Expand all files Collapse all files

299
sc.php
View File

@@ -29,7 +29,6 @@ $error = "Fatal error: Allowed memory size of 134217728 bytes exhausted (tried t
<ul> <ul>
<li><a href="?run=infection" style="color: #ff0000;">Known PHPShell Scan</a></li> <li><a href="?run=infection" style="color: #ff0000;">Known PHPShell Scan</a></li>
<li><a href="?run=scanme" style="color: #ff0000;">Known Malware Scan</a></li> <li><a href="?run=scanme" style="color: #ff0000;">Known Malware Scan</a></li>
<li><a href="?run=less" style="color: #ff0000;">Less used patterns</a></li>
<li><a href="?run=checkexif" style="color: #ff0000;">Scan JPEG EXIF Data</b></a></li> <li><a href="?run=checkexif" style="color: #ff0000;">Scan JPEG EXIF Data</b></a></li>
<li><a href="?run=iframe" style="color: #ff0000;">malicious IFRAME scan</a></li> <li><a href="?run=iframe" style="color: #ff0000;">malicious IFRAME scan</a></li>
<li><a href="?run=checklarge" style="color: #ff0000;">Check Files With Large Lines</b></a></li> <li><a href="?run=checklarge" style="color: #ff0000;">Check Files With Large Lines</b></a></li>
@@ -1118,79 +1117,6 @@ echo '<input name="submit" type="submit" value="Go">';
} }
*/ */
function less(){
$rray = array("php", "js", "css", "pl");
foreach ($rray as $i => $vals) {
/* echo '\<style name=\"Mr.HiTman\"<br />';
system('find ./ -name "*.'.$vals.'" -exec grep -l "\<style name=\"Mr.HiTman\"" {} \;'); */
echo "OOO000000=urldecode(<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "OOO000000=urldecode(" {} \;');
echo "visitorTracker_isMob<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "visitorTracker_isMob" {} \;');
echo "this->privmsg(<br />";
system('find ./ -name "*.'.$vals.'" -exec grep -l "this->privmsg(" {} \;');
echo "Starting call<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "Starting call" {} \;');
echo "Hacker<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "Hacker" {} \;');
echo "boff<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "boff" {} \;');
echo "r57Shell Edited By Margu<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "r57Shell Edited By Margu" {} \;');
echo "IRC_socket<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "IRC_socket" {} \;');
echo "ConfigSpy<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "ConfigSpy" {} \;');
echo "aWYo<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "aWYo" {} \;');
echo "currentCMD<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "currentCMD" {} \;');
echo "IyEvdXNyL2Jpbi9<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "IyEvdXNyL2Jpbi9" {} \;');
echo "bind_port<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "bind_port" {} \;');
echo "BaseIRC<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "BaseIRC" {} \;');
echo "procname<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "procname" {} \;');
echo "Web Shell<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "Web Shell" {} \;');
echo "Goog1e_analist<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "Goog1e_analist" {} \;');
echo "Upload Fail !<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "Upload Fail !" {} \;');
echo "FilesMan<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "FilesMan" {} \;');
echo "uname -a<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "uname -a" {} \;');
echo "OOO000000<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "OOO000000" {} \;');
echo "Sakerhetsniva<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "Sakerhetsniva" {} \;');
echo "0x00 PHP shell<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "0x00 PHP shell" {} \;');
echo "surl = htmlspecialchars<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "surl = htmlspecialchars" {} \;');
echo "function echoQueryResult() {<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "function echoQueryResult() {" {} \;');
echo "Safe Mode on/off: <br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "Safe Mode on/off: " {} \;');
echo "Script for l33t admin job<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "Script for l33t admin job" {} \;');
echo "ONBOOMSHELL V 0.2<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "ONBOOMSHELL V 0.2" {} \;');
echo "StresBypass v1.0<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "StresBypass v1.0" {} \;'); //StressBypass shell
echo "JspWebshell<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "JspWebshell" {} \;'); //JSP shell
echo "StAkeR ~ Shell<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "StAkeR ~ Shell" {} \;'); //StAkeR shell
echo "SnIpEr_SA<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "SnIpEr_SA" {} \;'); //SnIpEr_SA shell
}
}
// Checking for suspicious files in /tmp // Checking for suspicious files in /tmp
@@ -1327,156 +1253,153 @@ if (isset($_GET['run'])) $linkchoice=$_GET['run'];
infection(); infection();
break; break;
case 'less' : case 'pwds' :
less(); pwds();
break; break;
case 'pwds' : case 'mailing' :
pwds(); mailing();
break; break;
case 'mailing' : case 'mysqlsearch' :
mailing(); mysqlsearch();
break; break;
case 'mysqlsearch' : case 'remove' :
mysqlsearch(); remove();
break; break;
case 'remove' : case 'clean' :
remove(); clean();
break; break;
case 'clean' : case 'loop' :
clean(); loop();
break; break;
case 'loop' : case 'otherinfect' :
loop(); otherinfect();
break; break;
case 'otherinfect' : case 'hta' :
otherinfect(); hta();
break; break;
case 'hta' : case 'version' :
hta(); version();
break; break;
case 'version' : case 'checkexif' :
version(); checkexif();
break; break;
case 'checkexif' : case 'transfer' :
checkexif(); transfer();
break; break;
case 'transfer' : case 'cleanexif' :
transfer(); cleanexif();
break; break;
case 'cleanexif' : case 'custom' :
cleanexif(); custom();
break; break;
case 'custom' : case 'iframe' :
custom(); iframe();
break; break;
case 'iframe' : case 'lastfiles' :
iframe(); lastfiles();
break; break;
case 'execcmd' :
execcmd();
break;
case 'lastfiles' : case 'mysqlpwd' :
lastfiles(); mysqlpwd();
break; break;
case 'execcmd' : case 'findbackups' :
execcmd(); findbackups();
break; break;
case 'mysqlpwd' : case 'findlarge' :
mysqlpwd(); findlarge();
break; break;
case 'findbackups' : case 'findsql' :
findbackups(); findsql();
break; break;
case 'findlarge' : case 'findsymlinks' :
findlarge(); findsymlinks();
break; break;
case 'findsql' : case 'zencart' :
findsql(); zencart();
break; break;
case 'findsymlinks' : case 'getsize' :
findsymlinks(); getsize();
break; break;
case 'zencart' : case 'repl' :
zencart(); repl();
break; break;
case 'getsize' : case 'fixperms' :
getsize(); fixperms();
break; break;
case 'repl' : case 'checklarge' :
repl(); checklarge();
break; break;
case 'fixperms' : case 'processlist' :
fixperms(); processlist();
break; break;
case 'checklarge' : case 'scanme' :
checklarge(); scanme();
break; break;
case 'processlist' : case 'cleanPHP' :
processlist(); cleanPHP();
break; break;
case 'scanme' : case 'securetemps' :
scanme(); securetemps();
break; break;
case 'cleanPHP' : case 'cleanPL' :
cleanPHP(); cleanPL();
break; break;
case 'securetemps' :
securetemps();
break;
case 'cleanPL' :
cleanPL();
break;
case 'insecplug' : case 'insecplug' :
insecplug(); insecplug();
break; break;
case 'reshog' : case 'reshog' :
reshog(); reshog();
break; break;
case 'findbot' : case 'findbot' :
findbot(); findbot();
break; break;
case 'cleangravity' : case 'cleangravity' :
cleangravity(); cleangravity();
break; break;
case 'cleanupl' : case 'cleanupl' :
cleanupl(); cleanupl();
break; break;
default : default :
norun(); norun();
echo 'no function chosen. please pick a function from the menu above'; echo 'no function chosen. please pick a function from the menu above';
} }

3739
scan.php
View File

File diff suppressed because it is too large Load Diff