Malin/LP-MSH-Scanner
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

moved cryptoPHP to main scanner

Browse Source
This commit is contained in:
Palma Solutions LTD 2017-05-15 12:04:33 +02:00
parent 87599975d6
commit dd7008aa7a
2 changed files with 27 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
sc.php
View File

@ -33,7 +33,6 @@ $error = "Fatal error: Allowed memory size of 134217728 bytes exhausted (tried t
<li><a href="?run=iframe" style="color: #ff0000;">malicious IFRAME scan</a></li> <li><a href="?run=iframe" style="color: #ff0000;">malicious IFRAME scan</a></li>
<li><a href="?run=checklarge" style="color: #ff0000;">Check Files With Large Lines</b></a></li> <li><a href="?run=checklarge" style="color: #ff0000;">Check Files With Large Lines</b></a></li>
<li><a href="?run=newscan" style="color: #ff0000;">Database String Scanner</a></li> <li><a href="?run=newscan" style="color: #ff0000;">Database String Scanner</a></li>
<li><a href="?run=cryptophp" style="color: #ff0000;">CryptoPHP Scanner</a></li>
<li><a href="?run=findbot" style="color: #ff0000;">Run Findbot.PL</a></li> <li><a href="?run=findbot" style="color: #ff0000;">Run Findbot.PL</a></li>
<li><a href="?run=insecplug" style="color: #ff0000;">Insecure WP plugins</a></li> <li><a href="?run=insecplug" style="color: #ff0000;">Insecure WP plugins</a></li>
<li><a href="?run=custom" style="color: #ff0000;">Custom string scanner</b></a></li> <li><a href="?run=custom" style="color: #ff0000;">Custom string scanner</b></a></li>
@ -224,7 +223,7 @@ if (file_exists("../wp-content"))
$output = shell_exec('find ./ -type f -name "*.php" -print -exec grep -RPn "(passthru|shell_exec|system|phpinfo|base64_decode|chmod|mkdir|fopen|fclose|readfile|php_uname|eval|tcpflood|udpflood|edoced_46esab) *\(" --color {} \;'); $output = shell_exec('find ./ -type f -name "*.php" -print -exec grep -RPn "(passthru|shell_exec|system|phpinfo|base64_decode|chmod|mkdir|fopen|fclose|readfile|php_uname|eval|tcpflood|udpflood|edoced_46esab) *\(" --color {} \;');
echo "<pre>$output</pre>"; */ echo "<pre>$output</pre>"; */
/* let's scan and clean cryptoPHP */ /* let's scan and clean cryptoPHP - moved to the main scanner - needs testing
function cryptophp(){ function cryptophp(){
echo "Scanning for cryptoPHP in social.png files\n"; echo "Scanning for cryptoPHP in social.png files\n";
system("find ../ -type f -iname \"social*.png\" -exec grep -E -o 'php.{0,80}' {} \; -print"); system("find ../ -type f -iname \"social*.png\" -exec grep -E -o 'php.{0,80}' {} \; -print");
@ -232,7 +231,7 @@ function cryptophp(){
echo "\nScanning for cryptoPHP in all PNG files\n"; echo "\nScanning for cryptoPHP in all PNG files\n";
system("find ../ -type f -iname '*.png' -print0 | xargs -0 file | grep \"PHP script\""); system("find ../ -type f -iname '*.png' -print0 | xargs -0 file | grep \"PHP script\"");
} }
*/
/* Execute The Malware Scanner */ /* Execute The Malware Scanner */
function scanme(){ function scanme(){

25
scan.php
View File

@ -499,6 +499,31 @@ foreach ($tree as $finfo)
} }
} }
elseif('png' == $ext && preg_match('\"PHP script\"', $tmp))
{
$counter_infected++;
if($print_infected) print "{$finfo['path']}{$finfo['fname']}";
if($print_infected || $print_all) print "\n";
{
print "...INFECTED (cryptoPHP)\n";
}
}
elseif('png' == $ext && preg_match('php.{0,80}', $tmp))
{
$counter_infected++;
if($print_infected) print "{$finfo['path']}{$finfo['fname']}";
if($print_infected || $print_all) print "\n";
{
print "...INFECTED (cryptoPHP)\n";
}
}
elseif('jpeg' == $ext && preg_match('/<\?php/i', $tmp)) elseif('jpeg' == $ext && preg_match('/<\?php/i', $tmp))
{ {
$counter_infected++; $counter_infected++;