Malin/LP-MSH-Scanner
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
LP-MSH-Scanner/sc.php
Malin 0aee7caeee Upload files to ''
2016-09-22 09:46:50 +02:00

2479 lines
110 KiB
PHP
Raw Blame History

<?php
/* Made by Malin Cenusa
June 2016 - v3.9.6
TODO:
- clear error logs
- add chown
- add suspicious plugins - done for WP
- add resource hogs - done for WP
- code cleanup
*/
$version = "v3.9.6";
$released = "June/16";
$author = "Malin Cenusa";
$mail = "malin.cenusa@lunarpages.com";
$ip = "141.105.110.133";
$error = "Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 54 bytes)";
?>
<html>
<head>
<title>..:: Global Account Maintenance Tool ::.. <?php print_r($version); ?> released <?php print_r($released); ?> - by <?php print_r($author); ?> [ <?php print_r($mail); ?> ]</title>
<link rel="stylesheet" type="text/css" href="http://fonts.googleapis.com/css?family=Poiret One|Play" media="screen">
<style type="text/css">
h3 {
font-family: 'Poiret One', Helvetica, Arial, serif;
}
p {
font-family: 'Play', Helvetica, Arial, serif;
font-size: 13px;
}
a {
font-family: 'Play', Helvetica, Arial, serif;
font-size: 13px;
}
body{
padding:20px;
background-color: #D8D8D8;
}
.icon-warning-sign{
padding-right:10px;
}
</style>
</head>
<body>
<div id="menu">
<h3>..:: Global Account Maintenance Tool ::.. <?php print_r($version); ?> released <?php print_r($released); ?> - by <?php print_r($author); ?> [ <?php print_r($mail); ?> ]</h3>
<div align="right" ><a href="?run=remove" style="color: #000000; background-color:#00ff00; font-size: 18px;">REMOVE SCRIPT</a></div><br /><hr>
<table style="border-spacing:0; width:100%; ">
<tr>
<td width="25%">
<span style="background-color:#00ff00; font-family: 'Play', Helvetica, Arial, serif; font-size: 16px; ">..:: MALWARE AUDIT ::..</span><br />
<ul>
<li><a href="?run=infection" style="color: #ff0000;">Known PHPShell Scan</a></li>
<li><a href="?run=scanme" style="color: #ff0000;">Known Malware Scan</a></li>
<li><a href="?run=less" style="color: #ff0000;">Less used patterns</a></li>
<li><a href="?run=checkexif" style="color: #ff0000;">Scan JPEG EXIF Data</b></a></li>
<li><a href="?run=iframe" style="color: #ff0000;">malicious IFRAME scan</a></li>
<li><a href="?run=checklarge" style="color: #ff0000;">Check Files With Large Lines</b></a></li>
<li><a href="?run=newscan" style="color: #ff0000;">Database String Scanner</a></li>
<li><a href="?run=cryptophp" style="color: #ff0000;">CryptoPHP Scanner</a></li>
<li><a href="?run=findbot" style="color: #ff0000;">Run Findbot.PL</a></li>
<li><a href="?run=custom" style="color: #ff0000;">Custom string scanner</b></a></li>
</ul>
</td>
<td width="25%">
<span style="background-color:#00ff00; font-family: 'Play', Helvetica, Arial, serif; font-size: 16px; ">..:: INSTALLED SCRIPTS ::..</span><br />
<ul>
<li><a href="?run=version" style="color: #ff0000;">Most used scripts (batch #1)</a></li>
<li><a href="?run=cms" style="color: #ff0000;">Other scripts (batch #2)</a></li>
<li><a href="?run=blog" style="color: #ff0000;">Other blogs & portals</a></li>
<li><a href="?run=commerce" style="color: #ff0000;">Other ecommerce & forums</a></li>
<li><a href="?run=rarely" style="color: #ff0000;">Rarely used</a></li>
<li><a href="?run=insecplug" style="color: #ff0000;">Insecure WP plugins</a></li>
<li><a href="?run=vulntheme" style="color: #ff0000;">Vulnerable WP themes</a></li>
</ul>
</td>
<td width="25%">
<span style="background-color:#00ff00; font-family: 'Play', Helvetica, Arial, serif; font-size: 16px; ">..:: CLEANER ::..</span><br />
<ul>
<li><a href="?run=cleanPL" style="color: #ff0000;">Clean.PL</b></a></li>
<li><a href="?run=cleanPHP" style="color: #ff0000;">Clean.PHP</a></li>
<li><a href="?run=cleanerrorlogs" style="color: #ff0000;">Clear Error Logs</a></li>
<li><a href="?run=cleanexif" style="color: #ff0000;">Clean EXIF</a></li>
<li><a href="?run=cleangravity" style="color: #ff0000;">Clean Gravity Forms Exploit</a></li>
<li><a href="?run=removezero" style="color: #ff0000;">Remove Empty Files</a></li>
<li><a href="?run=removezero" style="color: #ff0000;">Remove Error Logs</a></li>
<li><a href="?run=cleanupl" style="color: #ff0000;">Remove PHP files from uploads dir (WP)</a></li>
</ul>
</td>
<td width="25%">
<span style="background-color:#00ff00; font-family: 'Play', Helvetica, Arial, serif; font-size: 16px; ">..:: MySQL ::..</span><br />
<ul>
<li><a href="?run=prefix" style="color: #ff0000;">Change Table Prefix</a></li>
<li><a href="?run=pwds" style="color: #ff0000;">Check password security</a></li>
<li><a href="?run=mysqlpwd" style="color: #ff0000;">Change MySQL user password</a></li>
<li><a href="?run=changeengine" style="color: #ff0000;">Change MySQL database engine</a></li>
<li><a href="?run=repl" style="color: #ff0000;">Replace Strings (MySQL password)</a></li>
<li><a href="?run=optim" style="color: #ff0000;">MySQL DB Optimization</a></li>
</ul>
</td>
</tr>
</table><br />
<table style="border-spacing:0; width:100%; ">
<tr>
<td width="25%">
<span style="background-color:#00ff00; font-family: 'Play', Helvetica, Arial, serif; font-size: 16px; ">..:: FIND STUFF::..</span><br />
<ul>
<li><a href="?run=tmpcheck" style="color: #ff0000;">Find suspicious files in /tmp</a></li>
<li><a href="?run=symcheck" style="color: #ff0000;">Check for broken symlinks</a></li>
<li><a href="?run=findbackups" style="color: #ff0000;">Find backups</a></li>
<li><a href="?run=findsql" style="color: #ff0000;">Find SQL dumps</a></li>
<li><a href="?run=findlarge" style="color: #ff0000;">Find large files (unrelated content)</a></li>
<li><a href="?run=lastfiles" style="color: #ff0000;">Find last 500 modified files</a></li>
<li><a href="?run=findsymlinks" style="color: #ff0000;">Find Symlinks</a></li>
<li><a href="?run=findchmod" style="color: #ff0000;">Find Files & Dirs With Chmod 0000</a></li>
<li><a href="?run=getsize" style="color: #ff0000;">Get Size of a directory</a></li>
</ul>
</td>
<td width="25%">
<span style="background-color:#00ff00; font-family: 'Play', Helvetica, Arial, serif; font-size: 16px; ">..:: SOP/MISC. ::..</span><br />
<ul>
<li><a href="?run=addsec" style="color: #ff0000;">Secure .htaccess and php.ini</a></li>
<li><a href="?run=fixperms" style="color: #ff0000;">Fix File and Folder Permissions</a></li>
<li><a href="?run=securetemps" style="color: #ff0000;">Secure Temporary/Images</a></li>
<li><a href="?run=transfer" style="color: #ff0000;">Site Transfer</a></li>
<li><a href="?run=zencart" style="color: #ff0000;">ZenCart Concantenated</a></li>
<li><a href="?run=mysqlpwd" style="color: #ff0000;">Empty</a></li>
<li><a href="?run=mysqlpwd" style="color: #ff0000;">Empty</a></li>
</ul>
</td>
<td>
<span style="background-color:#00ff00; font-family: 'Play', Helvetica, Arial, serif; font-size: 16px; ">..:: USAGE Investigation ::..</span><br />
<ul>
<li><a href="?run=reshog" style="color: #ff0000;">WP Resource Hogs</a></li>
<li><a href="?run=reshog" style="color: #ff0000;">Database Size</a></li>
<li><a href="?run=reshog" style="color: #ff0000;">Running Processes</a></li>
<li><a href="?run=processlist" style="color: #ff0000;">Check The ProcessList</a></li>
</ul>
</td>
</tr>
</ul>
</table>
<hr>
<div align="center">
<?php
/* setting the PHP environment variables */
ini_set('memory_limit', '512M');
ini_set('max_execution_time', '0'); // supress problems with timeouts
ini_set('set_time_limit', '0'); // supress problems with timeouts
ini_set('display_errors', '0'); // show/hide errors
ini_set("max_input_time", '50000');
ini_set('default_socket_timeout', '50000');
/* let's define the paths first */
$GLOBALS["userdir"] = system('whoami');
$GLOBALS["public_html"] = '/home/'.$GLOBALS["userdir"].'/public_html';
$GLOBALS["doc_root"] = '/home/'.$GLOBALS["userdir"].'/';
$GLOBALS["findcmd"] = 'find '.$GLOBALS["public_html"].'/';
$GLOBALS["red"] = "<span style='color: #FF0000';>";
$GLOBALS["br"] = "<br />";
$GLOBALS["span"] = "</span>";
/* let's get the server and account specs */
echo "Server: ";
system('hostname');
echo " | user: ";
system('whoami');
echo " | location: ";
system('pwd');
if( ini_get('safe_mode') ){
echo "<font color=\"#ff0000;\"><br />PHP is running in safe mode - functionality is limited</font>";
}else{
echo "<font color=\"#ff0000;\"><br />PHP is not running in safe mode - script has full functionality<br /></font>";
}
/* checking the server wide load */
echo "<h3><b><center><font color='#FF0000'>Check the server load below first and make sure that you do not execute any of the functions if server has high load!!!</font></b></h3>";
system ("w | grep load");
?>
<hr>
</div>
<span style="font-size: 15px; line-height:90%">
<?php
function cleanupl(){
system("find ../*/wp-content/uploads/ -type f -name '*.php' -print -exec rm -rf {} \;"); /* clear PHP files from wp-content/uploads */
system('find ../ -type f -name "*.php.suspected" -print -exec rm -rf {} \;'); /* clear files renamed as *.suspected by the server AV */
system($GLOBALS["findcmd"].' -type f -size 0 -print -exec rm -rf {} \;'); /* clear files with 0 bytes size */
}
/* function removezero(){
system("find ./ -type f -empty -print -exec rm -f {} \;");
} */
function vulntheme(){
}
/* cleaning the backdoor files of the Gravity Forms Exploit */
function cleangravity(){
system($GLOBALS["findcmd"].' -type f -name "*_input__test*" -print -exec rm -rf {} \;');
system($GLOBALS["findcmd"].' -type f -name "*_input_*.php*" -print -exec rm -rf {} \;');
system($GLOBALS["findcmd"].' -type f -name "*_input_*.txt*" -print -exec rm -rf {} \;');
}
/* use a modified version of Spamhaus's findbot.pl to identify left over backdoors */
function findbot(){
$output = shell_exec('./findbot.pl -c ./');
echo "<pre>$output</pre>";
}
/* secure the temporary directories against execution of malicious files */
function securetemps(){
$htdata = '
<FilesMatch "\.(php([0-9]|s)?|s?p?html|cgi|pl|exe)$">
Order Deny,Allow
Deny from all
</FilesMatch>
';
system("for i in `find ../ -type d -path '*/wp-content/uploads' -print;`; do echo -e '".$htdata."' >> \$i/.htaccess; done");
system("for i in `find ../ -type d -path '*/tmp' -print;`; do echo -e '".$htdata."' >> \$i/.htaccess; done");
/* Joomla /images may cause a ton of false positive patches so we'll research this further */
// system("for i in `find ./ -type d -path '*/images' -print;`; do echo -e '".$htdata."' >> \$i/.htaccess; done");
echo "all patched\n";
}
/* Vulnerability check
$output = shell_exec('find ./ -type f -name "*.php" -print -exec grep -RPn "(passthru|shell_exec|system|phpinfo|base64_decode|chmod|mkdir|fopen|fclose|readfile|php_uname|eval|tcpflood|udpflood|edoced_46esab) *\(" --color {} \;');
echo "<pre>$output</pre>"; */
/* let's scan and clean cryptoPHP */
function cryptophp(){
echo "Scanning for cryptoPHP in social.png files\n";
system("find ../ -type f -iname \"social*.png\" -exec grep -E -o 'php.{0,80}' {} \; -print");
echo "\nScanning for cryptoPHP in all PNG files\n";
system("find ../ -type f -iname '*.png' -print0 | xargs -0 file | grep \"PHP script\"");
}
/* Execute The Malware Scanner */
function scanme(){
require_once("./scan.php");
}
/* Execute The PHP Cleaner */
function cleanPHP(){
require_once("./clean.php");
}
/* Execute the Perl Cleaners */
function cleanPL(){
system("./malware.pl");
}
/* Site Transfer Script */
function transfer(){
system("./transfer.pl");
}
/* EXIF scanner */
function checkexif(){
ini_set('exif.encode_unicode', 'UTF-8');
define('IMAGEPATH', $GLOBALS["public_html"]);
$directory = new RecursiveDirectoryIterator(IMAGEPATH);
$iterator = new RecursiveIteratorIterator($directory);
$matches = new RegexIterator($iterator, '/^.+\.(jpg|jpeg|png|tiff)$/i', RecursiveRegexIterator::GET_MATCH);
foreach($matches as $key => $match):
$exif = exif_read_data($match[0], 0, 'EXIF');
echo '<pre>', print_r($exif, true), '</pre>';
endforeach;
}
/* Insecure Plugins */
function insecplug(){
$plugins_list = array(
"complete-gallery-manager",
"wp-phpmyadmin",
"1-flash-gallery",
"category-list-portfolio-page",
"disclosure-policy-plugin",
"dp-thumbnail",
"ip-logger",
"is-human",
"jquery-slider-for-featured-content",
"kish-guest-posting",
"lisl-last-image-slider",
"really-easy-slider",
"rent-a-car",
"vk-gallery",
"wordpress-news-ticker-plugin",
"wp-marketplace",
"adminer",
"file-commander",
"portable-phpmyadmin",
"portable-phpmyadmin",
"toolspack",
"ToolsPack",
"revslider",
"research-plugin*"
);
foreach ($plugins_list as $plugin){
system($GLOBALS["findcmd"].' -type d -name '.$plugin.' -print');
}
}
/* Resource Hog Plugins */
function reshog(){
$plugin_list = array(
"broken-link-checker",
"myreviewplugin",
"linkman",
"fuzzy-seo-booster",
"wp-postviews",
"wordfence",
"tweet-blender",
"dynamic-related-posts",
"yet-another-related-posts-plugin",
"similar-posts",
"contextual-related-posts",
"yet-another-featured-posts-plugin",
"wponlinebackup",
"wpengine-snapshot",
"wpengine-migrate",
"wp-symposium-alerts",
"wp-slimstat",
"wp-missed-schedule",
"wordpress-gzip-compression",
"wp-cache",
"wp-database-optimizer",
"wp-db-backup",
"wp-dbmanager",
"wp-engine-snapshot",
"wp-file-cache",
"wp-mailinglist",
"async-google-analytics",
"backup-scheduler",
"backupwordpress",
"backwpup",
"duplicator",
"ewww-image-optimizer",
"ezpz-one-click-backup",
"google-xml-sitemaps-with-multisite-support",
"jr-referrer",
"missed-schedule",
"no-revisions",
"ozh-who-sees-ads",
"quick-cache",
"seo-alrp",
"si-captcha-for-wordpress",
"similar-posts",
"spyderspanker",
"spyderspanker_pro",
"super-post",
"superslider",
"text-passwords",
"the-codetree-backup",
);
foreach ($plugin_list as $plugins){
system($GLOBALS["findcmd"].' -type d -name '.$plugins.' -print');
}
}
/* EXIF cleaner */
function cleanexif(){
ini_set('exif.encode_unicode', 'UTF-8');
define('IMAGEPATH', $GLOBALS["public_html"]);
$directory = new RecursiveDirectoryIterator(IMAGEPATH);
$iterator = new RecursiveIteratorIterator($directory);
$matches = new RegexIterator($iterator, '/^.+\.(jpg|jpeg)$/i', RecursiveRegexIterator::GET_MATCH);
foreach($matches as $key => $image):
echo '<pre>', print_r($image, true),'</pre>';
try
{
$img = new Imagick($image[0]);
$img->stripImage();
$img->writeImage($image[0]);
$img->clear();
$img->destroy();
echo "Removed EXIF data from $image. \n";
} catch(Exception $e) {
echo 'Exception caught: ', $e->getMessage(), PHP_EOL;
}
endforeach;
}
/* Get MySQL process list for a given user */
function processlist(){
echo '<form method="post" enctype="multipart/form-data"><br /><hr>';
echo '<b>MySQL Host:</b></td><td><input name="host" id="host" type="text" size="30"><br />';
echo '<b>MySQL Username:</b></td><td><input name="usern" id="usern" type="text" size="30"><br />';
echo '<b>MySQL Password:</b></td><td><input name="passwd" id="passwd" type="text" size="30"><br />';
echo '<input name="submit" type="submit" value="Go"><br /><br />';
if(($_POST['submit']) == "Go") {
$mhost = ($_POST["host"]);;
$mpass = ($_POST["passwd"]);
$musr = ($_POST["usern"]);
}
mysql_connect($mhost, $musr, $mpass);
$q = mysql_query("SHOW FULL PROCESSLIST");
echo "<span style='background-color:#00ff00; '>..:: MySQL-Processes ::..</span>\n";
echo "<table width='*' border='1' cellspacing='1' cellpadding='3'>\n";
while($l = mysql_fetch_row($q) ) {
echo "<tr>\n";
foreach($l as $val) echo "<td>$val&nbsp;</td>\n";
echo "</tr>\n";
}
echo "</table>\n";
echo "<span style='background-color:#00ff00; '>..:: Query Cache Status ::..</span>\n";
echo "<table width='*' border='1' cellspacing='1' cellpadding='3'>\n";
$q = mysql_query("SHOW STATUS LIKE 'Qcache%'");
while($l = mysql_fetch_row($q) ) {
echo "<tr>\n";
foreach($l as $val) echo "<td>$val&nbsp;</td>\n";
echo "</tr>\n";
}
echo "</table>\n";
mysql_close();
}
/* Get STAT data for a given file */
function stats(){
$output = shell_exec('stat ./ModSettings.php');
echo "<pre>$output</pre>";
}
/* change MySQL Engine */
function changeengine(){
mysql_connect('localhost', 'learn0_mdle1', 'O{XgxSMtTXrD');
$databases = mysql_query('SHOW databases');
while($db = mysql_fetch_array($databases)) {
echo "database => {$db[0]}\n";
mysql_select_db($db[0]);
$tables = mysql_query('SHOW tables');
while($tbl = mysql_fetch_array($tables)) {
echo "table => {$tbl[0]}\n";
mysql_query("ALTER TABLE {$tbl[0]} ENGINE=INNODB");
}
}
}
function checklarge(){
$ite=new RecursiveDirectoryIterator(dirname(__FILE__));
$i = 0;
foreach (new RecursiveIteratorIterator($ite) as $filename=>$cur):
preg_match('/^.+\.php$/i', $filename, $match);
if($match):
$file = fopen($match[0], "r");
while(!feof($file)):
$line = fgets($file);
if(!feof($file)):
if(mb_strlen($line) > 999):
$i++;
echo '<div class="well">', $i ,')<div class="alert alert-danger"><i class="icon-warning-sign"></i>', $filename ,' found line having more than 1000 characters, output to follow:</div>';
echo '<pre class="prettyprint">';
echo trim(htmlentities($line));
echo '</pre>';
echo '<span>This file was last modified on: ' , date ("F d Y H:i:s.", filemtime($filename)) ,'</span>';
echo '</div>';
endif;
endif;
endwhile;
fclose($file);
endif;
endforeach;
}
function removezero(){
echo "Removing Files With Zero Size";
}
function findchmod(){
echo "Finding All Files With Chmod Set To 0000<br /><br />";
system($GLOBALS["findcmd"].' -type f -perm 0000 -exec ls -al');
echo "Finding All Directories With Chmod Set To 0000<br /><br />";
system($GLOBALS["findcmd"].' -type d -perm 0000 -exec ls -al');
}
/*
function sucuri()
{
$myresults = wp_remote_get("http://sitecheck.sucuri.net/scanner/?serialized&fromwp&scan=".home_url(), array("timeout" => 180));
if(is_wp_error($myresults))
{
print_r($myresults);
return;
}
$res = unserialize($myresults['body']);
echo '<div class="wrap">';
echo '<h2>Sucuri SiteCheck Malware Scanner</h2>';
if(!isset($res['MALWARE']['WARN']))
{
echo '<h3><img style="position:relative;top:5px" height="22" width="22" src="
'.site_url().'/wp-content/plugins/sucuri-scanner/images/ok.png" /> &nbsp;
No malware was identified</h3>';
echo "<p><strong>Malware:</strong> No.</p>";
echo "<p><strong>Malicious javascript:</strong> No.</p>";
echo "<p><strong>Malicious iframes:</strong> No.</p>";
echo "<p><strong>Suspicious redirections (htaccess):</strong> No.</p>";
echo "<p><strong>Blackhat SEO Spam:</strong> No.</p>";
echo "<p><strong>Anomaly detection:</strong> Clean.</p>";
}
else
{
echo '<h3><img style="position:relative;top:5px" height="22" width="22" src="
'.site_url().'/wp-content/plugins/sucuri-scanner/images/ok.png" /> &nbsp;
Site compromised (malware was identified)</h3>';
foreach($res['MALWARE']['WARN'] as $malres)
{
if(!is_array($malres))
{
echo htmlspecialchars($malres);
}
else
{
$mwdetails = explode("\n", htmlspecialchars($malres[1]));
echo htmlspecialchars($malres[0])."\n<br />". substr($mwdetails[0], 1)."<br />\n";
}
}
echo "<br />";
}
echo '<i>More details here <a href="http://sitecheck.sucuri.net/scanner/?&scan='.home_url().'">http://sitecheck.sucuri.net/scanner/?&scan='.home_url().'</a></i>';
echo "<hr />\n";
if(isset($res['BLACKLIST']['WARN']))
{
echo '<h3><img style="position:relative;top:5px" height="22" width="22" src="
'.site_url().'/wp-content/plugins/sucuri-scanner/images/warn.png" /> &nbsp;
Site blacklisted</h3>';
}
else
{
echo '<h3><img style="position:relative;top:5px" height="22" width="22" src="
'.site_url().'/wp-content/plugins/sucuri-scanner/images/ok.png" /> &nbsp;
Site blacklist-free</h3>';
}
foreach($res['BLACKLIST']['INFO'] as $blres)
{
echo "<b>CLEAN: </b>".htmlspecialchars($blres[0])." <a href=''>".htmlspecialchars($blres[1])."</a><br />";
}
if(isset($res['BLACKLIST']['WARN']))
{
foreach($res['BLACKLIST']['WARN'] as $blres)
{
echo "<b>WARN: </b>".htmlspecialchars($blres[0])." <a href=''>".htmlspecialchars($blres[1])."</a><br />";
}
}
*/
function trimblanklines($str) {
return preg_replace('`\A[ \t]*\r?\n|\r?\n[ \t]*\Z`','',$str);
}
function scanspam(){
}
function fixperms(){
echo("To save time (and money) we're going to locate the files and directories with improper permissions and fix just those:\n");
system($GLOBALS["findcmd"].' -perm +og+w -follow -type d -print -exec chmod 755 {} \;');
system($GLOBALS["findcmd"].' -perm 0000 -follow -type d -print -exec chmod 755 {} \;');
system($GLOBALS["findcmd"].' -perm +og+w -follow -type f -print -exec chmod 644 {} \;');
system($GLOBALS["findcmd"].' -perm 0000 -follow -type f -print -exec chmod 644 {} \;');
system($GLOBALS["findcmd"].' -perm +og+w -follow -type f -name "*.cgi" -print -exec chmod 755 {} \;');
system($GLOBALS["findcmd"].' -perm +og+w -follow -type f -name "*.pl" -print -exec chmod 755 {} \;');
}
function getcleaner(){
$remote = "http://malin.online9.net/cl.txt";
$local = "cl.php";
$contents=file_get_contents($remote);
$fp=fopen($local, "w");
fwrite($fp, $contents);
fclose($fp);
include('./cl.php');
}
function addsec(){
echo "securing .htaccess<br />";
$htafile = $GLOBALS["public_html"].'/.htaccess';
$htaData = "
# Protection agains XSS exploits added by Lunarpages MSH team
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index_error.php [F,L]
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
";
file_put_contents($htafile, $htaData, FILE_APPEND | LOCK_EX);
echo "data added to .htaccess<br />";
show_source($htafile);
echo "moving on to php.ini";
$phpfile = $GLOBALS["public_html"].'/php.ini';
$phpData = '
; Protection agains RFI exploits added by Lunarpages MSH team
allow_url_fopen = Off
allow_url_include = Off
disable_functions=popen,passthru,escapeshellarg,escapeshellcmd,exec,passthru,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,system,blob,exec,escapeshellarg,pfsockopen,stream_get_transports,stream_set_blocking
display_errors = Off
display_startup_errors = Off
error_reporting = E_ALL
mail.add_x_header = On
mail.log = '.$GLOBALS["doc_root"].'/phpmail.log
';
file_put_contents($phpfile, $phpData, FILE_APPEND | LOCK_EX);
echo "data added to php.ini";
show_source($phpfile);
}
function rmfile(){
echo "insert filename for mass deletion: <br />";
echo '<form method="post" enctype="multipart/form-data">';
echo '<input name="name" id="name" type="text" size="100">;';
echo '<input name="send" type="send" value="Remove it">';
if(($_POST['send']) == "Remove it") {
$name= ($_POST["name"]);
system($GLOBALS["findcmd"].' -name "'.$name.'" -print -exec rm -fr {} \;');
}
}
function mysqlsearch(){
?>
<form method="post" enctype="multipart/form-data"> <table>
<tbody>
<tr>
<td><label for="server">Server Name </label></td>
<td><input type="text" name="server" value="localhost"/></td>
</tr>
<tr>
<td><label for="dbuser">User Name </label></td>
<td><input type="text" name="dbuser" /></td>
</tr>
<tr>
<td><label for="pass">Password </label></td>
<td><input type="password" name="pass" /></td>
</tr>
<tr>
<td><label for="dbname">Database Name </label></td>
<td><input type="text" name="dbname" /></td>
</tr>
<!-- <tr>
<td><label for="search_text"> Search on Database</label><br /></td>
<td><input type="text" name="search_text" <?php if(!empty($_POST['search_text'])) echo 'value="'.$_POST['search_text'].'"'; ?> /></td>
</tr>
<tr> -->
<td><input type="submit" value="Find the Malware" /></td>
</tr>
</tbody>
</table>
</form>
<?php
$server = ($_POST["server"]);
$dbuser = ($_POST["dbuser"]);
$dbpass = ($_POST["pass"]);
$dbname = ($_POST["dbname"]);
$link = @mysql_connect($server, $dbuser, $dbpass);
if (!$link) { session_destroy(); header("Refresh:0;url=http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'].'?error_message=Username OR password Missmatch');}
if(!@mysql_select_db($dbname, $link)){ session_destroy(); header("Refresh:0;url=http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'].'?error_message=Database Not found');};
///@endof Databse Connection
$patterns = array(
"cacat",
"lacat",
);
foreach ($patterns as $pattern) {
$search_text = ($pattern);
$result_in_tables = 0;
echo "<h4>Results for: <i>".$search_text.'</i></h4>';
// @abstract table count in the database
$sql= 'show tables';
$res = mysql_query($sql);
//@abstract get all table information in row tables
$tables = fetch_array($res);
//$tables = array(array('album'));
//endof table count
for($i=0;$i<sizeof($tables);$i++)
// @abstract for each table of the db seaching text
{
//@abstract querry bliding of each table
$sql = 'select count(*) from '.$tables[$i]['Tables_in_'.$dbname];
$res = mysql_query($sql);
if(mysql_num_rows($res)>0)
//@abstract Buliding search Querry, search
{
//@abstract taking the table data type information
$sql = 'desc '.$tables[$i]['Tables_in_'.$dbname];
$res = mysql_query($sql);
$collum = fetch_array($res);
$search_sql = 'select * from '.$tables[$i]['Tables_in_'.$dbname].' where ';
$no_varchar_field = 0;
for($j=0;$j<sizeof($collum);$j++)
// @abstract only finding each row information
{
## we are searching all the fields in this table
//if(substr($collum[$j]['Type'],0,7)=='varchar'|| substr($collum[$j]['Type'],0,7)=='text')
// @abstractonly type selection part of query buliding
// @todo seach all field in the data base put a 1 in if(1)
// @example if(1)
//{
//echo $collum[$j]->Field .'<br />';
if($no_varchar_field!=0){$search_sql .= ' or ' ;}
$search_sql .= '`'.$collum[$j]['Field'] .'` like \'%'.$search_text.'%\' ';
$no_varchar_field++;
//} // endof type selection part of query bulidingtype selection part
}//@endof for |buliding search query
if($no_varchar_field>0)
// @abstract only main searching part showing the data
{
$res = mysql_query($search_sql);
$search_result = fetch_array($res);
if(sizeof($search_result))
// @abstract found search data showing it!
{
$result_in_tables++;
echo '<div class="table_name">&nbsp;&nbsp; Table : '
. $tables[$i]['Tables_in_'.$dbname]
.' &nbsp;&nbsp;</div>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'.
'<span class="number_result"> Total Results for <i>"'.$search_text .'"</i>: '.mysql_affected_rows().'</span>
<br/>
<div class="link_wrapper"><a href="javascript:toggle(\''.$tables[$i]['Tables_in_'.$dbname].'_sql'.'\')">SQL</a></div>
<div id="'.$tables[$i]['Tables_in_'.$dbname].'_sql" class="sql keys"><i>'.$search_sql.'</i ></div>
<div class="link_wrapper"><a href="javascript:toggle(\''.$tables[$i]['Tables_in_'.$dbname].'_wrapper'.'\')">Result</a></div>
<script language="JavaScript">
table_id.push("'.$tables[$i]['Tables_in_'.$dbname].'_wrapper");
</script>
<div class="wrapper" id="'.$tables[$i]['Tables_in_'.$dbname].'_wrapper">';
table_arrange($search_result);
echo '</div><br/><br/>';
}// @endof showing found search
}//@endof main searching
}//@endof querry building and searching
}
if(!$result_in_tables)
// @abstract if result is not found
{
echo '<p style="color:red;">Sorry, <i>'.
$search_text.
'</i> is not found in this Database ('.$dbname.') !</p>';
}
mysql_close($link);
}
}
//*********************
//* PHP functions
//*********************
function fetch_array($res)
// @method fetch_array
// @abstract taking the mySQL $resource id and fetch and return the result array
// @param string| MySQL resouser
// @return array
{
$data = array();
while ($row = mysql_fetch_assoc($res))
{
$data[] = $row;
}
return $data;
} //@endof function fetch_array
function table_arrange($array)
// @method table_arrange
// @abstract taking the mySQL the result array and return html Table in a string. showing the search content in a diffrent css class.
// @param array
// @post_data search_text
// @return string | html table
{
$table_data = ''; // @abstract returning table
$max =0; // @abstract max lenth of a row
$max_i =0; // @abstract number of the row which is maximum max lenth of a row
$search_text = $_POST["search_text"];
for($i=0;$i<sizeof($array);$i++)
{
//@abstract table row
$table_data .= '<tr class='.(($i&1)?'"odd_row"':'"even_row"') .' >';
//
$j=0;
foreach($array[$i] as $key => $data)
{
//@abstract a class around the search text
$data = preg_replace("|($search_text)|Ui" , "<pre class=\"search_text\"><b>$1</b></pre>" , htmlspecialchars($data));
$table_data .= '<td>'. $data .' &nbsp;</td>';
$j++;
}
if($max<$j)
{
$max = $j;
$max_i = $i;
}
$table_data .= '</tr>'."\n";
}
$table_data .= '</table></div>';
unset($data);
// @endof html table
//@abstract populating the table head
// @varname $data_a
//@abstract taking the highest sized array and printing the key name.
$data_a = $array[$max_i];
$table_head = '<tr>';
foreach($data_a as $key => $value)
{
$table_head .= '<td class="keys">'. $key.'</td>';
}
$table_head .= '</tr>'."\n";
//@endof populating the table head
// @abstract printing the table data
echo '<div class="table_bor">
<table cellspacing="0" cellpadding="3" border="0" class="data_table">'.$table_head.$table_data;
}//@endof function table_arrange
/*
Calculate sizes of all your databases in MB:
SELECT table_schema "DB Name", SUM( data_length + index_length) / 1024 / 1024
"DB Size" FROM information_schema.TABLES GROUP BY table_schema ;
Calculate table sizes for a specific database:
SELECT TABLE_NAME, table_rows, data_length, index_length, round(((data_length + index_length) / 1024 / 1024),2) "Size in MB" FROM information_schema.TABLES WHERE table_schema = "PUT_YOUR_DATABASE_NAME_HERE";
*/
function repl(){
echo "String Replacement";
echo '<form method="post" enctype="multipart/form-data"><br /><hr>';
echo '<b>Old String:</b></td><td><input name="oldstr" id="oldstr" type="text" size="50"><br />';
echo '<b>New String:</b></td><td><input name="newstr" id="newstr" type="text" size="50"><br />';
echo '<input name="submit" type="submit" value="Go"><br /><br />';
if(($_POST['submit']) == "Go") {
$oldstr = ($_POST["oldstr"]);
$newstr = ($_POST["newstr"]);
system("grep -ilr '".$oldstr."' * | xargs -i@ sed -i 's/".$oldstr."/".$newstr."/g' @");
/* xargs /usr/bin/perl -w -i -p -e "s/your_old_string/your_new_string/g" */
echo 'all done';
}
}
/* getting the total size of a specific directory */
function getsize(){
$username = system('whoami');
echo "insert the location you wish to get the size for: <br />";
echo '<form method="post" enctype="multipart/form-data">';
echo $GLOBALS["doc_root"].'<input name="path" id="path" type="text" size="100">';
echo '<input name="send" type="submit" value="Get it">';
if(($_POST['send']) == "Get it") {
$path = ($_POST["path"]);
echo "<br />Getting size of: ".$path."<br/>";
system('du -sh '.$GLOBALS["doc_root"].$path);
}
}
/* looking for any backup files that would cause issues */
function findbackups(){
$ziparray = array("zip", "rar", "tgz", "tar.gz", "bz2", "tar");
foreach ($ziparray as $i => $valzip) {
echo 'checking for backup files with extension: '.$valzip.'<br />';
system($GLOBALS["findcmd"].'-name *.'.$valzip.' -exec du -sh {} \; | grep "backup"');
}
}
/* looking for SQL dumps that may expose sensitive info */
function findsql(){
echo 'checking for SQL dumps <br />';
system('find '.$GLOBALS[doc_root].' -name "*.sql" -exec du -sh {} \;');
}
/* looking for large files that may crash the scans*/
function findlarge(){
echo 'checking for large files (over 10MB) <br/>';
system('find '.$GLOBALS[doc_root].' -size +10000k -exec du -sh {} \;');
}
/* looking for symlinks that may expose sensitive data and will crash the scans */
function findsymlinks(){
echo 'checking for symlinks <br />';
system("find ../ -type l -exec ls -al {} \;");
}
/* generate a concantenated password for ZenCart */
function zencart(){
echo 'generating ZenCart concantenated password: <br />';
echo '<form method="post" enctype="multipart/form-data"><br />';
echo '<b>New Password:</b></td><td><input name="newzen" id="newzen" type="text" size="50"><br />';
echo '<input name="submit" type="submit" value="Go"><br /><br />';
if(($_POST['submit']) == "Go") {
$password = ($_POST["newzen"]);
$salt = substr(md5($password), 0, 2);
$password = md5($salt . $password) . ':' . $salt;
echo 'New Password Hash is: <br />';
echo $password;
}
}
function mysqlpwd(){
echo '<form method="post" enctype="multipart/form-data"><br /><hr>';
echo '<b>MySQL Username:</b></td><td><input name="actusr" id="actusr" type="text" size="50"><br />';
echo '<b>Current Password:</b></td><td><input name="actpwd" id="actpwd" type="text" size="50"><br />';
echo '<b>New MySQL Password:</b></td><td><input name="pwd" id="pwd" type="text" size="50"><br />';
echo '<input name="submit" type="submit" value="Go"><br /><br />';
if(($_POST['submit']) == "Go") {
$host = "localhost";
$pass = ($_POST["pwd"]);
$actusr = ($_POST["actusr"]);
$actpass = ($_POST["actpwd"]);
$link = mysql_connect($host, $actusr, $actpass) or die(mysql_error());
mysql_query("SET PASSWORD FOR '".$actusr."'@'".$host."' = PASSWORD('".$pass."');") or die(mysql_error());
}
mysql_close($link);
}
function pwds(){
system('find ../ -name "*.php" -type f -exec grep -HA4 "`whoami`_" {} \;');
}
function clean(){
$dir = "../";
echo '<form method="post" enctype="multipart/form-data"><br /><hr>';
echo '<b>Malware String:</b></td><td><input name="malware" id="malware" type="text" size="300">';
echo '<input name="submit" type="submit" value="Go"><br /><br />';
if(($_POST['submit']) == "Go") {
$malware = ($_POST["malware"]);
system(`find $dir -name "*.php" -type f |xargs sed -i 's#<?php /\*\*/ '.$malware.'.*?>##g' 2>&1`);
echo "Malware removed.<br />\n";
}
system(`find $dir -name "*.php" -type f | xargs sed -i '/./,$!d' 2>&1`);
echo "Empty lines removed.<br />\n";
}
function optim(){
echo '<form method="post" enctype="multipart/form-data"><br /><hr>';
echo '<b>MySQL Hostname/IP:</b></td><td><input name="host" id="host" type="text" size="50">';
echo '<b>MySQL Username:</b></td><td><input name="usr" id="usr" type="text" size="50">';
echo '<b>MySQL Password:</b></td><td><input name="pwd" id="pwd" type="text" size="50">';
echo '<input name="submit" type="submit" value="Go"><br /><br />';
if(($_POST['submit']) == "Go") {
$host = ($_POST["host"]);
$user = ($_POST["usr"]);
$pass = ($_POST["pwd"]);
echo "".date('H:i:s').": Connecting to MySQL Server .... <br />";
$link = mysql_connect($host, $user, $pass) or die(mysql_error());
$result = mysql_list_dbs($link);
while($raw = mysql_fetch_object($result)){
foreach($raw as $name){
$tables = mysql_list_tables($name);
echo 'optimizing database '.$name.'<br />';
if($name == 'information_schema')
{
echo 'skipping information_schema<br />';
}
else
{
echo "".date('H:i:s').": Get tables from database $name .... <br />";
while ($row = mysql_fetch_row($tables)) {
echo "".date('H:i:s').": Optimize table $row[0] ....<br />";
mysql_query('optimize table '.$row[0].' ') or die(mysql_error());
}
}
echo "".date('H:i:s').": Table of Database ".$name." Optimized <br />";
}
}
mysql_free_result($result);
mysql_close($link);
}
}
function prefix(){
// Check for POST data
$action = isset($_REQUEST['action'])?$_REQUEST['action']:false;
if (!$action) {
?>
<form name="form1" method="post" enctype="multipart/form-data">
<table width="75%" border="0" cellspacing="2" cellpadding="2">
<tr>
<td>Enter database name:</td>
<td><input name="d" type="text" id="d" size="50"></td>
</tr>
<tr>
<td>Enter database user</td>
<td><input name="u" type="text" id="u" size="50"</td>
</tr>
<tr>
<td>Enter database password:</td>
<td><input name="p" type="password" id="p" size="50"></td>
</tr>
<tr>
<td>Enter New Prefix:</td>
<td><input name="n" type="text" id="n" size="50" value="(Do not include the trailing underscore)"></td>
</tr>
<tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
</tr>
<tr>
<td colspan="2" align="center"><input name="action" type="hidden" id="action" value="data">
<input type="submit" name="Submit" value="Change Table Prefixes"></td>
</tr>
</table>
</form>
<?php
} else {
$mysql_db = $_REQUEST['d'];
$mysql_user = $_REQUEST['u'];
$mysql_pass = $_REQUEST['p'];
$table_prefix = $_REQUEST['n'];
// Open MySQL link
$link = mysql_connect('localhost', $mysql_user, $mysql_pass);
if (!$link) {
die('Could not connect: ' . mysql_error());
}
echo 'Connected successfully<br><br>';
// Select database and grab table list
mysql_select_db($mysql_db, $link) or die ("Database not found.");
$tables = mysql_list_tables($mysql_db);
// Pull table names into an array and replace prefixes
$i = 0;
while ($i < mysql_num_rows($tables)) {
$table_name = mysql_tablename($tables, $i);
$table_array[$i] = $table_name;
$i++;
}
// Pull table names into another array after replacing prefixes
foreach ($table_array as $key => $value) {
$table_names[$key] = replace_prefix($value, $table_prefix);
}
// Write new table names back
foreach ($table_array as $key => $value) {
$query = sprintf('RENAME TABLE %s TO %s', $table_array[$key], $table_names[$key]);
$result = mysql_query($query, $link);
if (!$result) {
$error = mysql_error();
echo "Could not $query : $error<br>";
} else {
$message = sprintf('Successfully renamed %s to %s in %s', $table_array[$key], $table_names[$key], $mysql_db);
echo "$message<br>";
}
}
// Free the resources
mysql_close($link);
}
function replace_prefix($s, $prefix) {
$pos = strpos($s, "_");
$s = substr($s, $pos + 1);
$s = sprintf("%s_%s", $prefix, $s);
return $s;
}
}
function loop(){
system('find ../ -type l -exec ls -l {} \;');
}
function lastfiles(){
system("find ../ -type f -printf '%T@ %p\t\t %t\n' | sort -k 1 -nr | sed 's/^[^ ]* //' | head -n 500");
}
function execmd(){
}
/* Let's Remove All Files So The Don't Fall In Wrong Hands */
function remove(){
unlink(__FILE__);
unlink("../sc");
unlink("./sc.zip");
}
function norun(){
if(''==$df) {
echo "<font color='#0000FF'>[X]=> <font color='#04B404'>No functions are disabled, this script should run without issues <br /></font> ";
} else {
echo "<font color='#FF0000'>WARNING!: The following functions are disabled, please check your php.ini ".$df." <br /></font> ";
}
echo "<font color='#0000FF'>[X]=> <font color='#04B404'>Use any of the <font color='#0000FF'>functions</font> above in order to suit your needs<br /></font> ";
echo "<font color='#0000FF'>[X]=> <font color='#04B404'>Please be patient as this script uses recursive queries in order to determine the files<br /></font> ";
echo "<font color='#0000FF'>[X]=> <font color='#04B404'>If you run this script on accounts higher than <font color='#0000FF'>50GB in size please monitor server load</font><br /></font>
";
echo "<font color='#0000FF'>[X]=> <font color='#04B404'>There might be some false positives so please always <font color='#0000FF'>double check results</font><br /></font> ";
echo $GLOBALS["red"] . "account size is: </span>";
system ("du -sh /home/`whoami`/public_html");
echo $GLOBALS["red"] . "total files in public_html: </span>";
system ("find ../ -type f | wc -l");
echo '<br />php.ini files with register_globals enabled: <br />';
system("find ../ -name php.ini -exec grep -Hli '^register_globals.*=.*On' {} \;");
echo '<br />Running processes:';
echo '<br><pre>';
system("ps -eo pid,user,cmd | grep `whoami`");
}
echo '<br><pre>';
//starting script functions
function version() {
/* batch #1 */
echo $GLOBALS["red"] . $GLOBALS["br"] . "<h3><b>Scanning account for the installed scripts & their versions...</h3><br /></span>";
echo "<span style='color: #666666';><br /><h4><b>Batch #1 - Most used scripts:</h4><br /></span>";
echo $GLOBALS["red"] . $GLOBALS["br"] . "Wordpress<br /><br /></span>";
system ("find ../ -type f -path '*/wp-includes/version.php' -exec grep -H '\$wp_version =' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Joomla<br /><br /></span>";
system ("find ../ -type f -path '*/libraries/joomla/version.php' -exec grep -H '\$RELEASE\ =\|\$DEV_LEVEL =' {} \; ");
system ("find ../ -type f -path '*/libraries/cms/version.php' -exec grep -H '\$RELEASE\ =\|\$DEV_LEVEL =' {} \; ");
system ("find ../ -type f -path '*/libraries/cms/version/version.php' -exec grep -H '\$RELEASE\ =\|\$DEV_LEVEL =' {} \; ");
echo $GLOBALS["red"] . $GLOBALS["br"] . "osCommerce<br /><br /></span>";
system ("find ../ -type f -path '*/includes/application_top.php' -exec grep -H \"define('PROJECT_VERSION', 'osCommerce Online Merchant\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "ZenCart<br /><br /></span>";
system ("find ../ -type f -path '*/includes/version.php' -exec grep -HA2 \"define('PROJECT_VERSION_NAME', 'Zen Cart');\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Drupal<br /><br /></span>";
system("find ../ type f -path '*/modules/system/system.info' -exec grep -H 'version = \"' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Timthumb<br /><br /></span>";
system("find ../ type f -name '*.php' ! -name 'sc.php' -exec grep -H \"TimThumb CONFIGURATION\|define ('VERSION',\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "phpBB<br /><br /></span>";
system("find ../ type f -path '*/includes/constants.php' -exec grep -H \"define('PHPBB_VERSION',\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "SMF<br /><br /></span>";
system("find ../ type f -path '*/index.php' -exec grep -H \"\$forum_version = 'SMF\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Gallery<br /><br /></span>";
system("find ../ type f -path '*/modules/gallery/helpers/gallery.php' -exec grep -H 'const VERSION =' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Coppermine<br /><br /></span>";
system("find ../ type f -path '*/versioncheck.inc.php' -exec grep -H 'Coppermine version:' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "4images<br /><br /></span>";
system("find ../ type f -path '*/includes/constants.php' -exec grep -H \"define('SCRIPT_VERSION',\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "MediaWiki<br /><br /></span>";
system("find ../ type f -path '*/includes/DefaultSettings.php' -exec grep -H '\$wgVersion =' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "PHPlist<br /><br /></span>";
system("find ../ type f -path '*/admin/init.php' -exec grep -H 'define(\"VERSION\",' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "RoundCube<br /><br /></span>";
system("find ../ type f -path '*/program/include/iniset.php' -exec grep -H \"define('RCMAIL_VERSION',\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Squirrel Mail<br /><br /></span>";
system("find ../ type f -path '*/functions/strings.php' -exec grep -H '\$version =' {} \;");
}
function cms(){
/* batch #2 */
echo $GLOBALS["red"] . $GLOBALS["br"] . "<h3><b>Scanning account for the installed scripts & their versions...</h3><br /></span>";
echo "<span style='color: #666666';><br /><h4><b>Batch #2 - Scripts used sometimes:</h4><br /></span>";
echo $GLOBALS["red"] . $GLOBALS["br"] . "Dede CMS<br /><br /></span>";
system("find ../ type f -path '*/config_base.php' -exec grep -H '\$cfg_soft_enname\|\$cfg_version' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Sugar CRM<br /><br /></span>";
system("find ../ type f -path '*/sugar_version.php' -exec grep -H '\$sugar_version' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "XOOPS<br /><br /></span>";
system ("find ../ type f -path '*/version.php' -exec grep -H 'XOOPS_VERSION' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Concrete5<br /><br /></span>";
system ("find ../ type f -path '*/config/concrete.php' -exec grep -H 'version_installed' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Serendipity<br /><br /></span>";
system("find ../ type f -path '*/serendipity_config.inc.php' -exec grep -H \"\$serendipity\['version'\] =\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "OpenBlog<br /><br /></span>";
system("find ../ type f -path '*/application/config/open_blog.php' -exec grep -H \"\$config\['version'\] =\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "b2evolution<br /><br /></span>";
system("find ../ type f -path '*/conf/_application.php' -exec grep -H '\$app_version =' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Nucleus<br /><br /></span>";
system("find ../ type f -path '*/nucleus/libs/globalfunctions.php' -exec grep -H \"\$nucleus\['version'\] =\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Dotclear<br /><br /></span>";
system("find ../ type f -path '*/inc/prepend.php' -exec grep -H \"define('DC_VERSION',\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "TextPattern<br /><br /></span>";
system("find ../ type f -path '*/textpattern/index.php' -exec grep -H '\$thisversion =' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "NibbleBlog<br /><br /></span>";
system("find ../ type f -path '*/admin/boot/rules/98-constants.bit' -exec grep -H \"define('NIBBLEBLOG_VERSION',\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Lifetype<br /><br /></span>";
system("find ../ type f -path '*/version.php' -exec grep -H '\$version = \"lifetype' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Chyrp<br /><br /></span>";
system("find ../ type f -path '*/includes/common.php' -exec grep -H \"define('CHYRP_VERSION',\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "PivotX<br /><br /></span>";
system("find ../ type f -path '*/pivotx/lib.php' -exec grep -H '\$version =' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "FlatPress<br /><br /></span>";
system("find ../ type f -path '*/fp-includes/core/core.system.php' -exec grep -H \"define('SYSTEM_VER',\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Status.Net<br /><br /></span>";
system("find ../ type f -path '*/lib/framework.php' -exec grep -H \"define('STATUSNET_BASE_VERSION',\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Sharetronix<br /><br /></span>";
system("find ../ type f -path '*/system/conf_main.php' -exec grep -H '\$C->VERSION' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "PageCookery<br /><br /></span>";
system("find ../ type f -path '*/global.php' -exec grep -H '\$pcm_version =' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "StoryTLR<br /><br /></span>";
system("find ../ type f -path '*/index.php' -exec grep -H 'define(\"STORYTLR_VERSION\",' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "PHP-Fusion<br /><br /></span>";
system("find ../ type f -path '*/administration/upgrade.php' -exec grep -H \"WHERE settings_name='version'\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "e107<br /><br /></span>";
system("find ../ type f -path '*/e107_admin/ver.php' -exec grep -H \"\$e107info\['e107_version'\] =\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Open Real Estate<br /><br /></span>";
system("find ../ type f -path '*/index.php' -exec grep -H \"define('ORE_VERSION',\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Zikula<br /><br /></span>";
system("find ../ type f -path '*/lib/Zikula/Core.php' -exec grep -H 'const VERSION_NUM =' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Website Baker<br /><br /></span>";
system("find ../ type f -path '*/pages/posts/index.php' -exec grep -H 'by WebsiteBaker Ver.' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Subrion<br /><br /></span>";
system("find ../ type f -path '*/index.php' -exec grep -H \"define('IA_VERSION', '\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Pligg<br /><br /></span>";
system("find ../ type f -path '*/languages/lang_english.conf' -exec grep -H '//<VERSION>' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "PyroCMS<br /><br /></span>";
system("find ../ type f -path '*/system/cms/config/constants.php' -exec grep -H \"define('CMS_VERSION',\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Contao<br /><br /></span>";
system("find ../ type f -path '*/system/config/localconfig.php' -exec grep -H \"\$GLOBALS\['TL_CONFIG'\]\['latestVersion'\] =\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Geeklog<br /><br /></span>";
system("find ../ type f -path '*/siteconfig.php' -exec grep -H \"define('VERSION',\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Silverstripe<br /><br /></span>";
system("find ../ type f -path '*/cms/silverstripe_version' -print -exec cat {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "sNews<br /><br /></span>";
system("find ../ type f -path '*/snews.php' -exec grep -H 'sNews Version:' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "jCore<br /><br /></span>";
system("find ../ type f -path '*/config.inc.php' -exec grep -H \"@define('JCORE_VERSION',\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "ImpressPages<br /><br /></span>";
system("find ../ type f -path '*/Ip/Application.php' -exec grep -H '; //CHANGE_ON_VERSION_UPDATE' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Quick.CMS<br /><br /></span>";
system("find ../ type f -path '*/database/config.php' -exec grep -H \"\$config\['version'\] =\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "ImpressCMS<br /><br /></span>"; /* triggers false positive for XOOPS as it's a fork of it */
system("find ../ type f -path '*/include/version.php' -exec grep -H \"define('ICMS_VERSION_NAME',\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Monstra<br /><br /></span>";
system("find ../ type f -path '*/engine/Monstra.php' -exec grep -H 'const VERSION =' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "phpwcms<br /><br /></span>";
system("find ../ type f -path '*/include/inc_lib/revision/revision.php' -exec grep -H \"define('PHPWCMS_VERSION'\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Redaxscript<br /><br /></span>";
system("find ../ type f -path '*/languages/en.json' -exec grep -H '\"version\":' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Silex<br /><br /></span>";
system("find ../ type f -path '*/version.txt' -exec grep -H 'version=v' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Mahara<br /><br /></span>";
system("find ../ type f -path '*/lib/version.php' -exec grep -H '\$config->release =' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Saurus<br /><br /></span>";
system("find ../ type f -path '*/classes/site.class.php' -exec grep -H '\$this->script_version =' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Jamroom<br /><br /></span>";
system("find ../ type f -path '*/modules/jrCore/include.php' -exec grep -H \"'version' =>\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Bolt<br /><br /></span>";
system("find ../ type f -path '*/src/Application.php' -exec grep -H \"\$values\['bolt_version'\] =\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Pluck<br /><br /></span>";
system("find ../ type f -path '*/data/inc/security.php' -exec grep -H \"define('PLUCK_VERSION',\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Croogo<br /><br /></span>";
system("find ../ type f -path '*/Vendor/croogo/croogo/VERSION.txt' -print -exec cat {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Kirby<br /><br /></span>";
system("find ../ type f -path '*/kirby/kirby.php' -exec grep -H 'static public \$version =' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Zenario<br /><br /></span>";
system("find ../ type f -path '*/zenario/admin/db_updates/latest_revision_no.inc.php' -exec grep -H \"define('ZENARIO_CMS_VERSION',\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Cotonti<br /><br /></span>";
system("find ../ type f -path '*/system/functions.php' -exec grep -H \"\$cfg\['version'\] =\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "appRain<br /><br /></span>";
system("find ../ type f -path '*/development/definition/system_configuration/config.xml' -exec grep -H '<appRainversion>' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "ClipperCMS<br /><br /></span>"; /* forked from ModX */
system("find ../ type f -path '*/manager/includes/version.inc.php' -exec grep -H \"define('CMS_RELEASE_VERSION',\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "MyBB<br /><br /></span>";
system("find ../ type f -path '*/inc/class_core.php' -exec grep -H 'public \$version =' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "AEF<br /><br /></span>";
system("find ../ type f -path '*/globals.php' -exec grep -HA1 '// AEF : Advanced Electron Forum' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Vanilla<br /><br /></span>";
system("find ../ type f -path '*/conf/config.php' -exec grep -H \"\$Configuration\['Vanilla'\]\['Version'\] =\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "PunBB<br /><br /></span>";
system("find ../ type f -path '*/include/constants.php' -exec grep -H \"define('FORUM_VERSION',\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "XMB<br /><br /></span>";
system("find ../ type f -path '*/db/mysql.php' -exec grep -HA1 '* eXtreme Message Board' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "FluxBB<br /><br /></span>";
system("find ../ type f -path '*/include/common.php' -exec grep -H \"define('FORUM_VERSION',\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Phorum<br /><br /></span>";
system("find ../ type f -path '*/common.php' -exec grep -H 'define( \"PHORUM\",' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "MiniBB<br /><br /></span>";
system("find ../ type f -path '*/bb_functions.php' -exec grep -H '\$version=' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Piwigo<br /><br /></span>";
system("find ../ type f -path '*/include/constants.php' -exec grep -H \"define('PHPWG_VERSION',\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "TinyWebGallery<br /><br /></span>";
system("find ../ type f -path '*/config.php' -exec grep -H 'TWG version:' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "phpAlbum<br /><br /></span>";
system("find ../ type f -path '*/main.php' -exec grep -H '\$phpalbum_version=\"' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "iGalerie<br /><br /></span>";
system("find ../ type f -path '*/includes/classes/system.class.php' -exec grep -H 'public static \$galleryVersion =' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Dolphin<br /><br /></span>";
system("find ../ type f -path '*/modules/boonex/news/install/config.php' -exec grep -HA1 \"'compatible_with' => array(\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Oxwall<br /><br /></span>";
system("find ../ type f -path '*/ow_version.xml' -exec grep -H '<version>' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Etano<br /><br /></span>";
system("find ../ type f -path '*/includes/defines.inc.php' -exec grep -H \"define('_INTERNAL_VERSION_',\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "PeoplePods<br /><br /></span>";
system("find ../ type f -path '*/peoplepods/lib/etc/options.php' -exec grep -H \"\$this->setLibOptions('last_database_update','\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Family Connections<br /><br /></span>";
system("find ../ type f -path '*/install.php' -exec grep -H \"\$_POST\['contact'\], 'Family Connections\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "OSClass<br /><br /></span>";
system("find ../ type f -path '*/oc-load.php' -exec grep -H \"define('OSCLASS_VERSION',\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Revive AdServer<br /><br /></span>";
system("find ../ type f -path '*/constants.php' -exec grep -H \"define('VERSION',\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "WebCalendar<br /><br /></span>";
system("find ../ type f -path '*/includes/config.php' -exec grep -H '\$PROGRAM_VERSION =' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Booked<br /><br /></span>";
system("find ../ type f -path '*/lib/Config/Configuration.php' -exec grep -H 'const VERSION =' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "PHP iCalendar<br /><br /></span>";
system("find ../ type f -path '*/default_config.php' -exec grep -H '\$this->phpicalendar_version =' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "WebMail Lite<br /><br /></span>";
system("find ../ type f -path '*/adminpanel/VERSION' -print -exec cat {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Piwik<br /><br /></span>";
system("find ../ type f -path '*/core/Version.php' -exec grep -H 'const VERSION =' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Little Poll<br /><br /></span>";
system("find ../ type f -path '*/lp_admin.php' -exec grep -H 'Little Poll Admin Center v' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Sphider<br /><br /></span>";
system("find ../ type f -path '*/settings/conf.php' -exec grep -H '\$version_nr' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "BigTree CMS<br /><br /></span>";
system("find ../ type f -path '*/core/version.php' -exec grep -H 'define(\"BIGTREE_VERSION\",\"' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Quick Cart<br /><br /></span>";
system("find ../ type f -path '*/database/config/general.php' -exec grep -H \"\$config\['version'\] = \" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "gpEasy<br /><br /></span>";
system("find ../ type f -path '*/include/common.php' -exec grep -H \"define('gpversion','\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Elxis<br /><br /></span>";
system("find ../ type f -path '*/includes/version.php' -exec grep -HA4 '\$elxis_version = array(' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "CMSimple<br /><br /></span>";
system("find ../ type f -path '*/cmsimple/cms.php' -exec grep -H \"define('CMSIMPLE_VERSION', '\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "CRE Loaded<br /><br /></span>";
system("find ../ type f -path '*/includes/version.php' -exec grep -H \"define('PROJECT_VERSION', '\[CRE Loaded v\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Expression Engine<br /><br /></span>";
system("find ../ type f -path '*/config/config.php' -exec grep -H \"\$config\['app_version'\] = \" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Pydio<br /><br /></span>";
system("find ../ type f -path '*/conf/VERSION.php' -exec grep -H 'define(\"AJXP_VERSION\", \"' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Aardvark Topsites<br /><br /></span>";
system("find ../ type f -path '*/index.php' -exec grep -H \"\$TMPL\['version'\] =\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Open Web Analytics<br /><br /></span>";
system("find ../ type f -path '*/owa_env.php' -exec grep -H \"define('OWA_VERSION', '\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "CJ Dynamic Poll<br /><br /></span>";
system("find ../ type f -path '*/poll_config.php' -exec grep -H '\$version = \"' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Logaholic<br /><br /></span>";
system("find ../ type f -path '*/includes/version.php' -exec grep -H 'define(\"LOGAHOLIC_VERSION_NUMBER\", \"' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Little Software Stats<br /><br /></span>";
system("find ../ type f -path '*/inc/version.php' -exec grep -H \"define( 'VERSION'\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "qdPM<br /><br /></span>";
system("find ../ type f -path '*/core/apps/qdPM/templates/_footer.php' -exec grep -H 'target=\"_blank\">qdPM' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "eyeOS<br /><br /></span>";
system("find ../ type f -path '*/settings.php' -exec grep -H \"define('EYE_VERSION', '\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Collabtive<br /><br /></span>";
system("find ../ type f -path '*/init.php' -exec grep -H '\$template->assign(\"myversion\"' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "DotProj<br /><br /></span>";
system("find ../ type f -path '*/includes/version.php' -exec grep -HA2 '\$dp_version_major' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "ProjectPier<br /><br /></span>";
system("find ../ type f -path '*/version.php' -exec grep -H \"return '\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "PHProjekt<br /><br /></span>";
system("find ../ type f -path '*/VERSION' -exec grep -H 'PHProjekt ' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "TaskFreak<br /><br /></span>";
system("find ../ type f -path '*/include/config.php' -exec grep -H \"define('FRK_VERSION','\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "todoyu<br /><br /></span>";
system("find ../ type f -path '*/core/inc/version.php' -exec grep -H \"define('TODOYU_VERSION', '\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "FlySpray<br /><br /></span>";
system("find ../ type f -path '*/includes/class.flyspray.php' -exec grep -H 'public \$version =' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "PHPCollab<br /><br /></span>";
system("find ../ type f -path '*/includes/settings.php' -exec grep -HA1 '# PhpCollab version' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Traq<br /><br /></span>";
system("find ../ type f -path '*/vendor/traq/version.php' -exec grep -H 'define(\"TRAQ_VER\",' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Admidio<br /><br /></span>";
system("find ../ type f -path '*/adm_program/system/constants.php' -exec grep -HA2 \"define('ADMIDIO_VERSION_MAIN',\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Eventum<br /><br /></span>";
system("find ../ type f -path '*/init.php' -exec grep -H \"define('APP_VERSION',\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Burden<br /><br /></span>";
system("find ../ type f -path '*/config.php' -exec grep -H \"define('VERSION',\" {} \;"); /* could produce too many false positives but there's no other way */
echo $GLOBALS["red"] . $GLOBALS["br"] . "Livezilla<br /><br /></span>";
system("find ../ type f -path '*/_definitions/definitions.inc.php' -exec grep -H 'define(\"VERSION\",' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Perch<br /><br /></span>";
system("find ../ type f -path '*/admin/core/lib/Perch.class.php' -exec grep -H 'public \$version =' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Elefant CMS<br /><br /></span>";
system("find ../ type f -path '*/conf/version.php' -exec grep -H 'ELEFANT_VERSION' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Wolf CMS<br /><br /></span>";
system("find ../ type f -path '*/index.php' -exec grep -H \"define('CMS_VERSION\', '\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Get Simple CMS<br /><br /></span>";
system("find ../ type f -path '*/admin/inc/configuration.php' -exec grep -HA1 '\$site_full_name' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Anchor CMS<br /><br /></span>";
system("find ../ type f -path '*/index.php' -exec grep -H \"define('VERSION', '\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "CodeIgniter<br /><br /></span>";
system("find ../ type f -path '*/CodeIgniter.php' -exec grep -H \"define('CI_VERSION', '\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "GotCMS<br /><br /></span>";
system("find ../ type f -path '*/library/Gc/Version.php' -exec grep -H 'const VERSION =' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Frog CMS<br /><br /></span>";
system("find ../ type f -path '*/admin/index.php' -exec grep -H \"define('FROG_VERSION', '\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Pulse CMS<br /><br /></span>";
system("find ../ type f -path '*/admin/index.php' -exec grep -H 'class=\"ver\">Pulse CMS' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Couch CMS<br /><br /></span>";
system("find ../ type f -path '*/header.php' -exec grep -H \"define( 'K_COUCH_VERSION', '\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Kanboard<br /><br /></span>";
system("find ../ type f -path '*/app/constants.php' -exec grep -H \"define('APP_VERSION', '\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "XpressEngine<br /><br /></span>";
system("find ../ type f -path '*/config/config.inc.php' -exec grep -H \"define('__XE_VERSION__',\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Hesk<br /><br /></span>";
system("find ../ type f -path '*/hesk_settings.inc.php' -exec grep -H \"\$hesk_settings['hesk_version']=\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "PHPWiki<br /><br /></span>";
system("find ../ type f -path '*/lib/config.php' -exec grep -H \"define('PHPWIKI_VERSION',\" {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "PixelPost<br /><br /></span>";
system("find ../ type f -path '*/includes/pixelpost.php' -exec grep -H 'Pixelpost version ' {} \;");
/*
PmWiki doesn't output the version properly for some reason and it will be checked later
phpNuke support removed as newer phpNuke installs store the version in the database
newest ELGG, CMS Made Simple, Sitecake, Pimcore, Microweber, ZenPhoto, WikkaWiki, JCow, Open Source Social Network, Lime Survey, Feng Office require PHP 5.4 to work
phpLD is not compatible with PHP version 5.3+ so support for it has been removed from the scanner
Pixie does not have proper version handling so it will not be supported
eggBlog stores it's version in a file called VERSION which will generate too many false positives so it will not be supported
PHP-Fusion normally pulls the version from the database, but we can try and grab it from it's upgrade script function
ModX nowadays pulls the version info from the database so we'll no longer support it
ocPortal seems to be pulling info from the database and we will not support it
Typo3 requires fileinfo() which isn't supported on LP shared
ProcessWire doesn't store any version related info so it will not be supported
Fork, Prosper202 don't work from subdirectories
Sitemagic fails to report the version properly so I've removed it from the script
Tiki Wiki stores the version details in the database so we'll not support it
razorCMS requires suPHP when installing with Softaculous and fails although suPHP exists
SeoToasterCMS stores version information under a version.txt file which is bound to produce a lot of false positives so we'll not support it
Bigace doesn't seem to store any version related info under it's files so it won't be supported
Fiyo stores only the major core version in it's files and this could cause too many false positives so it will not be supported
HotaruCMS couldn't be installed so I could not fingerprint it
FUDforum doesn't appear to store any version info in it's files
Beehive requires PHP 5.4, fileinfo () and intl ()
my little forum uses an improper version handling which will generate many false positives so we'll not support it
Pixelpost stores version related data in an Readme.txt file which would generate too many false positives if used
Plogger does not seem to store any version related info into it's files
DokuWiki uses a file called VERSION to store version related info and this generates too many false positives
pH7CMS requires PHP 5.2 & bz()
Open Classifieds needs PHP 5.5 to work
Noah's Classifieds seems to pull the version from an array and it cannot be supported
GPixPixel doesn't store version related info in the files
ExtCalendar is not compatible with PHP version 5.3+
poMMo is not compatible with PHP version 5.3+
Webinsta Maillist is not compatible with PHP version 5.3+
Open Newsletter does not store version info into it's files
ccMail is not compatible with PHP version 5.3+
phpESP is not compatible with PHP version 5.3+
Advanced Poll does not store version info into it's files
Easy Poll does not store version info into it's files
Simple PHP Poll does not store version info into it's files
The Bug Genie does not store version info into it's files
SiteDove can not be installed in subdirectories.
*/
}
function blog(){
echo $GLOBALS["red"] . $GLOBALS["br"] . "ELGG<br /><br /></span>";
system ("find ../ -name version.php -exec grep -HA1 'release = ' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "CMS Made Simple<br /><br /></span>";
system ("find ../ -name version.php -exec grep -HA3 'CMS_VERSION =' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "DataLife Engine<br /><br /></span>";
system("find ../ -name index.php -exec grep -HA1 'dle_version = ' {} \;");
}
function commerce(){
echo $GLOBALS["red"] . $GLOBALS["br"] . "phpCoin<br /><br /></span>";
system ("find ../ -name version.php -exec grep -HA1 'ThisVersion' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Avactis<br /><br /></span>";
system ("find ../ -name version.php -exec grep -HA1 'PRODUCT_VERSION_NUMBER' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "AccountLab Plus<br /><br /></span>";
system ("find ../ -name version.php -exec grep -HA1 'ALPversion=' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "tDah Webmail<br /><br /></span>";
system("find ../ -name config.system.php -print -exec awk '/define/ && /SW_VERSION/' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Agora Cart<br /><br /></span>";
system("find ../ -name agora.cgi -print -exec awk '/versions/ && /agora.cgi/' {} \;");
}
function rarely(){
echo $GLOBALS["red"] . $GLOBALS["br"] . "Flynax Classifieds<br /><br /></span>";
system("find ../ -name control.inc.php -exec grep -HA1 'VERSION:' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "vBulletin<br /><br /></span>";
system("find ../ -name version.php -exec grep -HA1 'fr_version = ' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "CubeCart<br /><br /></span>";
system("find ../ -name index.php -exec grep -HA1 'CubeCart v' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Soholaunch<br /><br /></span>";
system("find ../ -name index.php -exec grep -HA2 '\#\# Soholaunch\(R\) Site Management Tool' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "PHP Pro Bid<br /><br /></span>";
system("find ../ -name index.php -exec grep -HA1 'PHP Pro Bid v' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "ITLPoll<br /><br /></span>";
system("find ../ -name index.php -exec grep -HA1 'ITLPoll Version ' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Openads<br /><br /></span>";
system("find ../ -name index.php -exec grep -HA1 '\/\* Openads ' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "phpFormGenerator<br /><br /></span>";
system("find ../ -name index.php -exec grep -HA1 '\<title\>phpFormGenerator v' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "LightMon Engine<br /><br /></span>";
system("find ../ -name index.php -exec grep -HA1 ' * LightMon v' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Kasseler CMS<br /><br /></span>";
system("find ../ -name index.php -exec grep -HA4 'by Kasseler CMS' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Silurus Classifieds Builder<br /></span>";
system("find ../ -name index.php -exec grep -HA7 '* Silurus Classifieds Builder' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Bitweaver<br /></span>";
system("find ../ -name config_defaults_inc.php -exec grep -HA3 'BIT_MAJOR_VERSION' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "phpFoX<br /></span>";
system("find ../ -name version.php -exec grep -HA1 '\$_CONF\[\'info.version\'\] =' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Open Conference System<br /></span>";
system("find ../ -name version.xml -exec grep -HA1 '\<release\>' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "SPIP<br /></span>";
system("find ../ -name svn.revision -exec grep -HA1 'Origine: svn:' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Exponent<br /></span>";
system("find ../ -name exponent_version.php -exec grep -HA7 'EXPONENT_VERSION_MAJOR' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Oxy Classifieds<br /></span>";
system("find ../ -name version -exec head -n 2 {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Anova Pro<br /></span>";
system("find ../ -name version.txt -exec grep -HA1 'Anova Pro :' {} \;");
echo $GLOBALS["red"] . $GLOBALS["br"] . "Question2Answer<br /></span>";
system("find ../ -name VERSION.txt -exec head -n 1 {} \;");
}
function iframe(){
$pwd = system('whoami');
class PHPScan
{
private $infctions = array("htm","php","html");
private $rules = array(
'/<div.*style=.*display:none.*[^>]*>.*<iframe .*\/.*div[^>]*>/i',
'/<!-- ad --><script[^>]*>.*<\/script><!-- \/ad -->/i',
'/visitorTracker_isMob/i',
'/ConfigSpy/i'
);
private $dir = "./";
function PHPScan($dir)
{
$this->dir = $dir;
$files = $this->getfile($this->dir);
echo "<pre>".print_r($files,true)."</pre>";
echo "<br /><b>Result :</b> [".count($files)."] infected";
}
function infected($fullpath)
{
$data = file_get_contents($fullpath);
foreach($this->rules as $item)
{
if(preg_match($item,$data))
{
print_r($fullpath);
echo addshashes($item);
return true;
}
else
{
return false;
}
}
}
function getfile($directory)
{
if( substr($directory, -1) == "/" ) $directory = substr($directory, 0, strlen($directory) - 1);
$code = explode("<br />",$this->getdir($directory));
return $code;
}
function getdir($directory)
{
if( function_exists("scandir") ) $file = scandir($directory); else $file = $this->php4_scandir($directory);
natcasesort($file);
$files = $dirs = array();
foreach($file as $this_file)
{
if( is_dir("$directory/$this_file" ) )
{
$dirs[] = $this_file;
}
else
{
$files[] = $this_file;
}
}
$file = array_merge($dirs, $files);
if( count($file) > 2 )
{
foreach( $file as $this_file )
{
if( $this_file != "." && $this_file != ".." )
{
if( is_dir("$directory/$this_file") )
{
$file_tree .= $this->getdir($directory."/".$this_file);
}
else
{
$ext = substr($this_file, strrpos($this_file, ".") + 1);
if(in_array($ext,$this->infctions))
{
if($this->infected($directory."/".$this_file))
{
$file_tree .= $directory."/".$this_file .' <span style="color:red"><b>[Possibly Infected]'.$this->infctions.'</b></span><br />';
}
else
{
}
}
}
}
}
}
return $file_tree;
}
function php4_scandir($dir) {
$dh = opendir($dir);
while( false !== ($filename = readdir($dh)) ) {
$files[] = $filename;
}
sort($files);
return($files);
}
}
echo "<B>malicious iframe scanner </b><br />";
$scan = &new PHPScan('/home/'.$pwd.'/public_html');
}
//custom pattern scanner
function custom(){
echo '<form method="post" enctype="multipart/form-data"><br /><hr>';
echo '<b>Enter desired string:</b></td><td><input name="customz" id="customz" type="text" size="100">';
echo '<input name="submit" type="submit" value="Go">';
if(($_POST['submit']) == "Go") {
$string = ($_POST["customz"]);
echo "<br />Scanning for: ".$string."<br/>";
system('grep -RHl '.$string.' /home/`whoami`/public_html');
}
}
/*
function spam(){
<u style="display: block;overflow: hidden;width: 0;height: 0;">
<div style="position: absolute; left: -5000px; font-size: 0; width: 1; height: 0; overflow: hidden;">
}
*/
function less(){
$rray = array("php", "js", "css", "pl");
foreach ($rray as $i => $vals) {
/* echo '\<style name=\"Mr.HiTman\"<br />';
system('find ./ -name "*.'.$vals.'" -exec grep -l "\<style name=\"Mr.HiTman\"" {} \;'); */
echo "OOO000000=urldecode(<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "OOO000000=urldecode(" {} \;');
echo "visitorTracker_isMob<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "visitorTracker_isMob" {} \;');
echo "this->privmsg(<br />";
system('find ./ -name "*.'.$vals.'" -exec grep -l "this->privmsg(" {} \;');
echo "Starting call<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "Starting call" {} \;');
echo "Hacker<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "Hacker" {} \;');
echo "boff<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "boff" {} \;');
echo "r57Shell Edited By Margu<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "r57Shell Edited By Margu" {} \;');
echo "IRC_socket<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "IRC_socket" {} \;');
echo "ConfigSpy<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "ConfigSpy" {} \;');
echo "aWYo<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "aWYo" {} \;');
echo "currentCMD<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "currentCMD" {} \;');
echo "IyEvdXNyL2Jpbi9<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "IyEvdXNyL2Jpbi9" {} \;');
echo "bind_port<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "bind_port" {} \;');
echo "BaseIRC<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "BaseIRC" {} \;');
echo "procname<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "procname" {} \;');
echo "Web Shell<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "Web Shell" {} \;');
echo "Goog1e_analist<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "Goog1e_analist" {} \;');
echo "Upload Fail !<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "Upload Fail !" {} \;');
echo "FilesMan<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "FilesMan" {} \;');
echo "uname -a<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "uname -a" {} \;');
echo "OOO000000<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "OOO000000" {} \;');
echo "Sakerhetsniva<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "Sakerhetsniva" {} \;');
echo "0x00 PHP shell<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "0x00 PHP shell" {} \;');
echo "surl = htmlspecialchars<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "surl = htmlspecialchars" {} \;');
echo "function echoQueryResult() {<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "function echoQueryResult() {" {} \;');
echo "Safe Mode on/off: <br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "Safe Mode on/off: " {} \;');
echo "Script for l33t admin job<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "Script for l33t admin job" {} \;');
echo "ONBOOMSHELL V 0.2<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "ONBOOMSHELL V 0.2" {} \;');
echo "StresBypass v1.0<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "StresBypass v1.0" {} \;'); //StressBypass shell
echo "JspWebshell<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "JspWebshell" {} \;'); //JSP shell
echo "StAkeR ~ Shell<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "StAkeR ~ Shell" {} \;'); //StAkeR shell
echo "SnIpEr_SA<br />";
system('find ../ -name "*.'.$vals.'" -exec grep -l "SnIpEr_SA" {} \;'); //SnIpEr_SA shell
}
}
// Checking for suspicious files in /tmp
function tmpcheck() {
echo '<p>';
echo '<h4><b><u>Suspicious files in /tmp:</h4></b></u>';
echo '<br><pre>';
system("ls -al /tmp/ | grep `whoami` | grep -v sess_");
}
// check broken symlinks
function symcheck() {
echo '</pre></p><p>';
echo 'Broken symlinks:';
echo '<br><pre>';
system("for i in `find ../ -type l`; do [ -e $i ] || echo $i is broken; done");
}
// Searching for malicious php shells
function infection(){
echo '</pre></p><p>';
echo 'Let`s find if there is a malicious base64 infection:<br />';
function parse_dir( $dir ) {
global $shell_definitions;
global $generic;
global $settings;
$dh = dir( $dir );
while( $entry = $dh -> read( ) )
{
if( $entry == '.' ||
$entry == '..' ||
@filesize( $dir . '/' . $entry ) > $settings[ 'SIZE_LIMIT' ] ||
$entry === basename( $_SERVER[ 'PHP_SELF' ] ) )
continue;
if( @is_dir( $dir . '/' . $entry ) )
$dirs[] = $dir . '/' . $entry;
if( @filesize( $dir . '/' . $entry ) > 0 )
{
$h = fopen( $dir . '/' . $entry, 'r' );
$cnt = fread( $h, @filesize( $dir . '/' . $entry ) );
fclose( $h );
if( $settings[ 'USE_DEFINITIONS' ] )
{
for( $i = 0; $i < count( $shell_definitions ); $i++ )
{
foreach( $shell_definitions[ $i ] as $key => $el )
{
if( $key == 'id' )
{
$id = $el;
continue;
}
if( strpos( strtolower( $cnt ), strtolower( base64_decode( $el ) ) ) !== FALSE )
{
$site = $dir . '/' . $entry;
@$shfound .= '<br />Probabile shell [' . $id . ']: <b> <a href='.$site.' target="_blank">' . $dir . '/' . $entry .
'</a></b><br />';
$end = true;
break;
}
}
if( @$end )
{
$end = false;
break;
}
}
}
else
if( strpos( strtolower( $cnt ), $generic ) !== FALSE )
$shfound .= 'Probabile shell [generica]: <b>' . $dir . '/' . $entry . '</b><br />';
}
}
$dh -> close( );
if( strlen( @$shfound ) > 0 )
{
echo '<b>Directory: ' .$dir . '</b>';
echo $shfound;
}
if( count( @$dirs ) <= 0 ) return;
foreach( $dirs as $dir )
parse_dir( $dir );
}
}
if (isset($_GET['run'])) $linkchoice=$_GET['run'];
else $linkchoice='';
switch($linkchoice){
case 'removezero' :
removezero();
break;
case 'findchmod' :
findchmod();
break;
case 'optim' :
optim();
break;
case 'addsec' :
addsec();
break;
case 'getcleaner' :
getcleaner();
break;
case 'tmpcheck' :
tmpcheck();
break;
case 'prefix' :
prefix();
break;
case 'symcheck' :
symcheck();
break;
case 'infection' :
infection();
break;
case 'less' :
less();
break;
case 'pwds' :
pwds();
break;
case 'mailing' :
mailing();
break;
case 'mysqlsearch' :
mysqlsearch();
break;
case 'remove' :
remove();
break;
case 'clean' :
clean();
break;
case 'loop' :
loop();
break;
case 'otherinfect' :
otherinfect();
break;
case 'hta' :
hta();
break;
case 'version' :
version();
break;
case 'checkexif' :
checkexif();
break;
case 'transfer' :
transfer();
break;
case 'cleanexif' :
cleanexif();
break;
case 'custom' :
custom();
break;
case 'iframe' :
iframe();
break;
case 'blog' :
blog();
break;
case 'commerce' :
commerce();
break;
case 'cms' :
cms();
break;
case 'rarely' :
rarely();
break;
case 'lastfiles' :
lastfiles();
break;
case 'execcmd' :
execcmd();
break;
case 'mysqlpwd' :
mysqlpwd();
break;
case 'findbackups' :
findbackups();
break;
case 'findlarge' :
findlarge();
break;
case 'findsql' :
findsql();
break;
case 'findsymlinks' :
findsymlinks();
break;
case 'zencart' :
zencart();
break;
case 'getsize' :
getsize();
break;
case 'repl' :
repl();
break;
case 'fixperms' :
fixperms();
break;
case 'checklarge' :
checklarge();
break;
case 'processlist' :
processlist();
break;
case 'scanme' :
scanme();
break;
case 'cleanPHP' :
cleanPHP();
break;
case 'securetemps' :
securetemps();
break;
case 'cleanPL' :
cleanPL();
break;
case 'insecplug' :
insecplug();
break;
case 'reshog' :
reshog();
break;
case 'findbot' :
findbot();
break;
case 'cleangravity' :
cleangravity();
break;
case 'cleanupl' :
cleanupl();
break;
default :
norun();
echo 'no function chosen. please pick a function from the menu above';
}
$settings = array (
'BASE_DIR' => $GLOBALS["public_html"],
'USE_DEFINITIONS' => true,
'SIZE_LIMIT' => ( 1024 * 1024 ) //size limit set to 1mb
);
$shell_definitions = array (
array( 'id' => 'Database', 'def1' => 'cGhwTXlBZG1pbiBTUUwgRHVtcA==', 'def2' => 'cGhwQkIgQmFja3VwIFNjcmlwdA==', 'def3' => 'VkFMVUVTKCIxIiwi' ),
array( 'id' => 'Ciro1992Shell', 'def1' =>
'JHRleHRbMV0gPSAifCBTYWZlIG1vZGUgPSAiOw0KJHRleHRbMl0gPSAiT24iOw0KJHRleHRbM10gPSAiT2ZmIjsNCiR0ZXh0WzRdID0gIk1hZ2ljcyBRdW90ZXMgPSAiOw0KJHRleHRbNV0gPSAiIHwgIjsNCiR0ZXh0WzZdID0gIk15U3FsID0gIjsNCiR0ZXh0WzddID0gIkhkZCBMaWJlcm8gOiAi',
'def2' => 'JHRleHRbMzZdID0gIi46Oi4gUG93ZXJlZCBieSBDaXJvMTk5MiAtIEJsYWNrIE1pbGl0aWEgVGVhbQ==' ),
array( 'id' => 'Ka_uShell', 'def1' => 'PHRpdGxlPktBX3VTaGVsbCAwLjEuNjwvdGl0bGU+', 'def2' =>
'Ly8gTWVudQ0KZWNobyAiDQp8PGEgaHJlZj0kc2VsZj9hYz1zaGVsbD5TaGVsbDwvYT58DQp8PGEgaHJlZj0kc2VsZj9hYz11cGxvYWQ+RmlsZSBVcGxvYWQ8L2E+fA0KfDxhIGhyZWY9JHNlbGY/YWM9dG9vbHM+VG9vbHM8L2E+fA0KfDxhIGhyZWY9JHNlbGY/YWM9ZXZhbD5QSFAgRXZhbCBDb2RlPC9hPnwNCnw8YSBocmVmPSRzZWxmP2FjPXdob2lzPldob2lzPC9hPnwNCjxicj48YnI+PGJyPjxwcmU+Ijs='
),
array( 'id' => 'DxShell', 'def1' => 'aWYgKGhlYWRlcnNfc2VudCgpKSAkRFhHTE9CQUxTSElUPXRydWU7IGVsc2UgJERYR0xPQkFMU0hJVD1GQUxTRTs=', 'def2' =>
'aWYgKCEoJGRpcl9wdHI9b3BlbmRpcigkX0dFVFsnZHhkaXInXSkpKSBkaWUoRHhFcnJvcignVW5hYmxlIHRvIG9wZW4gZGlyIGZvciByZWFkaW5nLiBQZXJtcz8uLi4nKSk7' ),
array( 'id' => 'Crystal', 'def1' =>
'aWYgKCRhY3QgPT0gImFib3V0Iikge2VjaG8gIjxjZW50ZXI+PGI+Q29kaW5nIGJ5Ojxicj48YnI+U3VwZXItQ3J5c3RhbDxicj4mPGJyPk1vaGFqZXIyMjxicj4tLS0tLTxicj5UaGFua3MgPGJyPlRyWWFHIFRlYW0gPGJyPiBBcmFiU2VjdXJpdHlDZW50ZXIgVGVhbSA8YnI+Q1JZU1RBTC1IIFZlcnNpb246MCBCZXRhIHBocHNoZWxsIGNvZGU8YnI+U2F1ZGkgQXJhYmljICA8L2E+LjwvYj4iO30=',
'def2' => 'aWYoZW1wdHkoJF9QT1NUWydNb2hhamVyMjInXSkpew==' ),
array( 'id' => 'Antichat', 'def1' => 'PHRkPjxhIGhyZWY9IiMiIG9uY2xpY2s9ImRvY3VtZW50LnJlcXMuYWN0aW9uLnZhbHVlPSdzaGVsbCc7IGRvY3VtZW50LnJlcXMuc3VibWl0KCk7Ij58IFNoZWxsIDwvYT48L3RkPg==',
'def2' =>
'PHRhYmxlIHN0eWxlPSJCT1JERVItQ09MTEFQU0U6IGNvbGxhcHNlIiBjZWxsU3BhY2luZz0wIGJvcmRlckNvbG9yRGFyaz0jNjY2NjY2IGNlbGxQYWRkaW5nPTUgd2lkdGg9IjEwMCUiIGJnQ29sb3I9IzMzMzMzMyBib3JkZXJDb2xvckxpZ2h0PSNjMGMwYzAgYm9yZGVyPTE+'
),
array( 'id' => 'Arabic', 'def1' => 'dHJ5YWcucGhwIC0gaHR0cDovL3dXdy50cnlhZy5jT20=', 'def2' => 'ZXhpdCgiPGI+PGEgaHJlZj1odHRwOi8vd1d3LnRyeWFnLmNPbT50cnlhZy10ZWFtPC9hPg==' ),
array( 'id' => 'ZipShell', 'def1' => 'WmlwU2hlbGwgVjEuMSBQcml2YXRlIEVkaXRvbiBbR1JFWS1IQVQtSEFDS0lOR10=', 'def2' =>
'JHRoaXMtPl9fZXJyb3IoJ2NyZWF0aW9uJywnVW5rbm93biBtZXRob2Q6IDx1PicuJHR5cGUuJzwvdT4uIFVzZSBjb25zdGFudHMgPGI+U1pJUF9EVU1QPC9iPiBvcg==' ),
array( 'id' => 's101', 'def1' => 'ZWNobyAiRWxlbmNvIGNhbXBpIHByZXNlbnRpIG5lbGxhIFRhYmVsbGE6PGI+ICR0YWI8L2I+IDxicj4iOw==', 'def2' => 'czEwMSBJbnRlcmFtZW50ZSBjcmVhdGEgZGEgU29yYTEwMQ=='
),
array( 'id' => '0-Day_Script', 'def1' => 'PGhlYWQ+PHRpdGxlPlBvd2VyZWQgQnkgI1NjYW4tWDwvdGl0bGU+PC9oZWFkPg==', 'def2' =>
'PGhlYUJ5IFRoaXMgc2NyaXB0IHlvdSBjYW4ganVtcCBpbiB0aGUgKFNhZmUgTW9kZT1PTik=' ),
array( 'id' => 'nefastica', 'def1' => 'TjNmYTV0MWNBIFNoM2xs', 'def2' => 'ZnVuY3Rpb24gaXNfb3duZXIoKXsNCiRjb29raWUgPSAkX0NPT0tJRVsnY29va2llX25hbWUnXTs=' ),
array( 'id' => 'k0tw', 'def1' => 'UDBzdCBNM3RoMGQgcDB3NGgh', 'def2' => 'ISEtIFdoMTczIGg0NyByMHggLSEh', 'def3' => 'azB0dyBzaDNsbCBieSBLaU5nT2ZUaEV3T3JMZA==' ),
array( 'id' => 'dc3', 'def1' => 'U2hlbGwgd3JpdHRlbiBieSBCbDBvZDNy', 'def2' =>
'IlIwbEdPRGxoRkFBVUFMTUlBQUQvQUFDQUFJQUFBTURBd0g5L2YvOEFBUC8vL3dBQUFQLy8vd0FBQUFBQUFBQUFBQUFBQUFBQUFBQUEiLiANCiJBQUFBQUNINUJBRUFBQWdBTEFBQUFBQVVBQlFBQUFST0VNbEpxNzA0VXlHT3ZrTGhmVlU0a3BPSlNweDVuRjlZaUN0TGYwU3VIN3B1Ii4gDQoiRVlPZ2NCZ2t3QWlHcEhLWnpCMkp4QURBU1FGQ2lkUUpzTWZkR3FzREpuT1FsWFRQMzhwcnpXYlgzcWdJQURzPSIsIA0KImV4dF93cmkiPT4gDQoiUjBsR09EbGhFQUFRQURNQUFDSDVCQUVBQUFnQUxBQUFBQUFRQUJBQWcvLy8vd0FBQUlDQWdNREF3SUNBQUFBQWdBQUEvLy8vQUFBQSIuIA0KIkFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQVJSVU1oSmtiMEM2SzJIdUVpUmNkc0FmS0V4a2tEZ0JvVnhzdHdBQXlwZHVvYW8iLiANCiJhNFNYVDBjNEJGMHJVaEZBRUFRUUk5ZG1lYlJFVzh5WEM2TngyUUk3THJZYnRwSlpOc3hnelc2bkxkcTQ5aElCQURzPSIsIA0KInNtYWxsX2RpciI9Pg=='
),
array( 'id' => 'Backdoor', 'def1' => 'PGEgaHJlZj0iPD9waHAgZWNobyAkX1NFUlZFUlsnUEhQX1NFTEYnXTsgPz4/ZGlyPSI+', 'def2' => 'c2lyaXVzX2JsYWNr' ),
array( 'id' => 'n3tShell', 'def1' => 'TjN0c2hleGl0KCk7', 'def2' => 'RW1wM3JvciBVbmRldGVjdGFibGU=' ),
array( 'id' => 'Nexen', 'def1' => 'TmV4cGwwcmVyIFNoZWxs', 'def2' => 'aWYgKCRfUE9TVFsnbW9kZSddID09ICJ1cGxvYWR6Iikgew==' ),
array( 'id' => '33rd', 'def1' => 'MzNyZCBTaGVsbA==', 'def2' => 'Ynk6Z3IzM24=' ),
array( 'id' => 'c99', 'def1' => 'Yzk5c2g=', 'def2' => 'T0RoVDJDOU43YkJmYm5uRE50bXYwVURsdjVZRDltdmFHWEk4WFl4bg==' ),
array( 'id' => 'r57-2', 'def1' => 'TUFYNjY2QGlyYW5zdGFycy5jb20=', 'def2' =>
'QXsgdGV4dC1kZWNvcmF0aW9uOm5vbmU7IGNvbG9yOm5hdnk7IGZvbnQtc2l6ZTogMTJweCB9DQoNCiAgICBib2R5IHsgZm9udC1zaXplOiAxMnB4OyANCg0KICAgICAgICAgICBmb250LWZhbWlseTogYXJpYWwsIGhlbHZldGljYTsNCg0KICAgICAgICAgICAgc2Nyb2xsYmFyLXdpZHRoOiA1Ow0KDQogICAgICAgICAgICBzY3JvbGxiYXItaGVpZ2h0OiA1Ow0KDQogICAgICAgICAgICBzY3JvbGxiYXItZmFjZS1jb2xvcjogd2hpdGU7DQoNCiAgICAgICAgICAgIHNjcm9sbGJhci1zaGFkb3ctY29sb3I6IHNpbHZlcjsNCg0KICAgICAgICAgICAgc2Nyb2xsYmFyLWhpZ2hsaWdodC1jb2xvcjogd2hpdGU7DQoNCiAgICAgICAgICAgIHNjcm9sbGJhci0zZGxpZ2h0LWNvbG9yOnNpbHZlcjsNCg0KICAgICAgICAgICAgc2Nyb2xsYmFyLWRhcmtzaGFkb3ctY29sb3I6IHNpbHZlcjsNCg0KICAgICAgICAgICAgc2Nyb2xsYmFyLXRyYWNrLWNvbG9yOiB3aGl0ZTsNCg0KICAgICAgICAgICAgc2Nyb2xsYmFyLWFycm93LWNvbG9yOiBibGFjazsNCg0KICAgIH0='
),
array( 'id' => 'Uploader', 'def1' => 'JF9GSUxFU1snbWlvZmlsZSddWyd0bXBfbmFtZSddOw==', 'def2' => 'aWYgKG1vdmVfdXBsb2FkZWRfZmlsZSg=' ),
array( 'id' => 'Cod3rz', 'def1' =>
'PHRkPjxiPkZpbGUgTmFtZTo8L2I+PC90ZD48dGQ+PGI+VHlwZTo8L2I+PC90ZD48dGQgd2lkdGg9MTUlPjxiPlNpemU6PC9iPjwvdGQ+PHRkIHdpZHRoPTEwJT48Yj5QZXJtczo8L2I+PC90ZD4kbGlzdGY8L2ZvbnQ+', 'def2' =>
'RGV2aWxzIE5pZ2h0IENyZXc=', 'def3' => 'LSBDb2Qzcno8L3RpdGxlPg==' ),
array( 'id' => 'r57', 'def1' => 'cjU3c2g=', 'def2' => 'SXlFdmRYTnlMMkpwYmk5d1pYSnNEUXAxYzJVZw==' ),
array( 'id' => 'Fire-Crash', 'def1' => 'PHRpdGxlPkZpUmUtQ3JBc0g8L3RpdGxlPg==', 'def2' =>
'JGRpciA9ICIuIjsNCiRvcGVuID0gb3BlbmRpcigkZGlyKTsNCiRyZWFkID0gcmVhZGRpcigkb3Blbik7DQplY2hvICJMaXN0IEZpbGVzOiA8YnI+PGJyIjsNCndoaWxlICgkcmVhZCA9IHJlYWRkaXIoJG9wZW4pKQ0Kew0KZWNobyAiPGEgaHJlZj0kcmVhZD4kcmVhZDwvYT48YnI+Ijs='
),
array( 'id' => 'Root Shell', 'def1' => 'Um9vdFNo', 'def2' => 'PHA+PGZvbnQgZmFjZT0iV2ViZGluZ3MiIHNpemU9IjYiIGNvbG9yPSIjMDBGRjAwIj4hPC9mb250Pjxicj4=' ),
array( 'id' => 'Fatal_Shell', 'def1' => 'RmFUYUwgU2hlbGw=', 'def2' => 'RmFUYUxTaGVMTA==' ),
array( 'id' => 'KA-uShell', 'def1' => 'S0FfdVNoZWxs', 'def2' => 'QXV0aG9yOiBLQWRvdA==' ),
array( 'id' => 'GFS Shell', 'def1' => 'R0ZTIFdlYi1TaGVsbA==', 'def2' => 'STJsdVkyeDFaR1VnUEhOMFpHbHZMbWcrRFFvamFXNWpiSFZrWlNBOGMzUnlhVzVuTG1nK0RRb2phVzVqYkhWa1o=', 'def3' =>
'WENJN0RRb05Dbk4xWWlCd2NtVm1hWGdnZXcwS0lHMTVJQ1J1YjNjZ1BTQnNiMk5oYkhScGI=' ),
array( 'id' => 'Defacing Tool Pro', 'def1' => 'cjN2M25nNG5zIDpQ', 'def2' => 'RFRvb2wgUHJv' ),
array( 'id' => 'Private Arabic Shell', 'def1' => 'aHR0cDovL3dXdy50cnlhZy5jT20=', 'def2' => 'dHJ5YWdAdHJ5YWcuY29t', 'def3' => '0JfQsdCe0L3Ql9Ch0JfQmg==' ),
array( 'id' => 'Bk-Code Shell', 'def1' => 'QmstQ29kZSBzaGVsbA==', 'def2' => 'QXJhYi1TZWNyZXRzLVRlYW0=' ),
array( 'id' => 'SnIpEr_SA Shell', 'def1' => 'U25JcEVyX1NB', 'def2' => 'M2FzZmgubmU=' ),
array( 'id' => 'Fileman', 'def1' => 'RmlsM21hbg==' ),
array( 'id' => 'Ajax/PHP Command Shell', 'def1' => 'PGJyPg0KPGI+PGZvbnQgc2l6ZT0zPkFqYXgvUEhQIENvbW1hbmQgU2hlbGw8L2I+PC9mb250Pjxicj5ieSBJcm9uZmlzdA0KPGJyPg0K', 'def2' =>
'ICAgIGFqYXhSZXF1ZXN0Lm9ucmVhZHlzdGF0ZWNoYW5nZSA9IGZ1bmN0aW9uKCl7DQogICAgICAgIGlmKGFqYXhSZXF1ZXN0LnJlYWR5U3RhdGUgPT0gNCl7DQogICAgICAgIG91dHB1dGNtZCA9ICI8cHJlPiIgICsgb3V0cHV0Y21kICsgYWpheFJlcXVlc3QucmVzcG9uc2VUZXh0ICsiPC9wcmU+IjsNCg0K'
),
array( 'id' => 'Anti Chat', 'def1' => 'JHBhc3N3b3JkPSdyMDB0JzsNCiRhdXRoPTE7DQokdmVyc2lvbj0ndmVyc2lvbiAxLjMgYnkgR3JpbmF5JzsNCg0KDQo=', 'def2' =>
'ZWNobyAiPC90YWJsZT4iOw0KfX19DQoNCmlmKCRhY3Rpb249PSJ2aWV3ZXIiKXsNCnNjYW5kaXJlKCRkaXIpOw0KfQ0KLy9lbmQgdmlld2VyIEZTDQoNCg0KDQo=' ),
array( 'id' => 'Ayyildiz Tim | AYT | Shell v 2.1 Biz', 'def1' =>
'PHRpdGxlPkhBQ0tFRCBCWSBBWVlJTERJWiCZPC90aXRsZT4NCjxTVFlMRSBUWVBFPSJ0ZXh0L2NzcyI+DQo8IS0tDQoNCmJvZHkgeyANCnNjcm9sbGJhci0zZC1saWdodC1jb2xvciA6ICM0MDQwNDA7DQoNCg0KDQo=', 'def2' =>
'PGNlbnRlcj48Zm9udCBjb2xvcj0icmVkIiBzaXplPSIxMCIgZmFjZT0iSW1wcmludCBNVCBTaGFkb3ciPg0KIDwvZm9udD4NCg==' ),
array( 'id' => 'azrail 1.0 by C-W-M', 'def1' =>
'aWYgKCRvcD09J3BocGluZm8nKXsNCiRmb25rX2thcCA9IGdldF9jZmdfdmFyKCJmb25rc2l5b25sYXL9X2thcGF0Iik7DQogICAgICAgIGVjaG8gJHBocGluZm89KCFlcmVnaSgicGhwaW5mbyIsJGZvbmtfa2FwYXQpKSA/IHBocGluZm8oKSA6ICI8Y2VudGVyPnBocGluZm8oKSBLb211dHUgx2Fs/f5t/XlpaWk8L2NlbnRlcj4iOw0KICAgICAgICBleGl0Ow0KfQ0K',
'def2' => 'ICAgICAgPGhlYWQ+DQogICAgICAgICAgICAgPHRpdGxlPmF6cmFpbCAxLjAgYnkgQy1XLU08L3RpdGxlPg0KICAgICAgPC9oZWFkPg0KDQo=' ),
array( 'id' => 'Ajax/PHP Command Shell', 'def1' => 'PGJyPg0KPGI+PGZvbnQgc2l6ZT0zPkFqYXgvUEhQIENvbW1hbmQgU2hlbGw8L2I+PC9mb250Pjxicj5ieSBJcm9uZmlzdA0KPGJyPg0K', 'def2' =>
'ICAgIGFqYXhSZXF1ZXN0Lm9ucmVhZHlzdGF0ZWNoYW5nZSA9IGZ1bmN0aW9uKCl7DQogICAgICAgIGlmKGFqYXhSZXF1ZXN0LnJlYWR5U3RhdGUgPT0gNCl7DQogICAgICAgIG91dHB1dGNtZCA9ICI8cHJlPiIgICsgb3V0cHV0Y21kICsgYWpheFJlcXVlc3QucmVzcG9uc2VUZXh0ICsiPC9wcmU+IjsNCg0K'
),
array( 'id' => 'Backup script on server', 'def1' =>
'JGZ0cGNvbm5lY3QgPSAibmNmdHBwdXQgLXUgJGZ0cF91c2VyX25hbWUgLXAgJGZ0cF91c2VyX3Bhc3MgLWQgZGVic2VuZGVyX2Z0cGxvZy5sb2cgLWUgZGJzZW5kZXJfZnRwbG9nMi5sb2cgLWEgLUUgLVYgJGZ0cF9zZXJ2ZXIgJGZ0cF9wYXRoICRmaWxlbmFtZTIiOw0Kc2hlbGxfZXhlYygkZnRwY29ubmVjdCk7DQo=',
'def2' =>
'JG1lc3NhZ2UgPSAiVGhpcyBpcyBhIG11bHRpLXBhcnQgbWVzc2FnZSBpbiBNSU1FIGZvcm1hdC5cblxuIi4iLS17JG1pbWVfYm91bmRhcnl9XG4iIC4iQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluOyBjaGFyc2V0PVwiaXNvLTg4NTktMVwiXG4iIC4iQ29udGVudC1UcmFuc2Zlci1FbmNvZGluZzogN2JpdFxuXG4iIC4='
),
array( 'id' => 'rgod shell', 'def1' => 'ZUp6c3ZXMlBxa3IzTi9oK2t2a084KzUvSi85a0FxaDliWk5KSm8wQ2lvSk5RUlZTYnlZb25rWXBsTjF0Ky9UcFo2MnF3c2JkdmEvSGM5K1pTVQ==', 'def2' =>
'LS0gRG8gbm90IERpc3RpYnV0ZSBUaGlzIHNoZWxsDQotLSBEbyBub3QgU2VsbCBUaGlzIHNoZWxsDQotLSBEbyBub3QgZ2l2ZSBpdCBldmVuIHRvIHlvdXIgbW90aGVyDQotLSBieSByZ29kIA==' ),
array( 'id' => 'Symlink User Bypass', 'def1' =>
'PGZvcm0gc3R5bGU9ImJvcmRlcjogNHB4IHJpZGdlICNGRkZGRkYiPg0KPHAgYWxpZ249ImNlbnRlciIgZGlyPSJydGwiPjxmb250IGNvbG9yPSIjRkYwMDAwIj48c3BhbiBsYW5nPSJhci1zYSI+PGI+DQombmJzcDsgLT1bU3ltbGluayBUb29scyB0byBieXBhc3MgdXNlcl1WLjMgPS0NCjwvYj4NCg==',
'def2' =>
'ICA8Zm9udCBjb2xvcj0iI0ZGRkZGRiI+by0tLVs8L2ZvbnQ+IDxmb250IGNvbG9yPSIjRkYwMDAwIj5EZXZlbG9wZXIgYnkgU25JcEVyX1NBCSBTeW1saW5rIFVzZXIgQnlwYXNzIDwvZm9udD4gPGZvbnQgY29sb3I9IiNGRkZGRkYiPnw8L2ZvbnQ+IDxhIGhyZWY9aHR0cDovL3NuaXBlci1zYS5jb20+aHR0cDovL3NuaXBlci1zYS5jb208L2E+DQogIDxmb250IGNvbG9yPSIjRkZGRkZGIj58PC9mb250PiA8Zm9udCBjb2xvcj0iI0ZGMDAwMCI+DQo='
),
array( 'id' => 'C100 Yarakam Modified Shell', 'def1' =>
'aWYgKCFlbXB0eSgkdW5zZXRfc3VybCkpIHtzZXRjb29raWUoImsxcjRfc3VybCIpOyAkc3VybCA9ICIiO30NCmVsc2VpZiAoIWVtcHR5KCRzZXRfc3VybCkpIHskc3VybCA9ICRzZXRfc3VybDsgc2V0Y29va2llKCJrMXI0X3N1cmwiLCRzdXJsKTt9DQplbHNlIHskc3VybCA9ICRfUkVRVUVTVFsiazFyNF9zdXJsIl07IC8vU2V0IHRoaXMgY29va2llIGZvciBtYW51YWwgU1VSTA0KfQ0KDQo=',
'def2' => 'aWYgKCRzdXJsX2F1dG9maWxsX2luY2x1ZGUgYW5kICEkX1JFUVVFU1RbImsxcjRfc3VybCJdKSANCg0KDQo=' ),
array( 'id' => 'c99shell v. 1.0 pre-release build', 'def1' => 'Zi8vSzhvbytJeUgwejNpOHNwWEdEblpDVW5uWFQ=', 'def2' =>
'bEpmY3U3bUIydkJuSURHTkZGRnpEbVROdzNtSU9aWlB2MndHakRzZ2cyWHFHYk90L2ROc2xILysvLys5ZS8vS1k2ays2ZA0K' ),
array( 'id' => 'N3tShell Emp3ror Undetectable (C99)', 'def1' =>
'JHNhZmVtb2RlX2Rpc2tldHRlcyA9IGFycmF5KCJhIik7IC8vIFRoaXMgdmFyaWFibGUgZm9yIGRpc2FibGluZyBkaXNrZXR0LWVycm9ycy4NCiAvLyBhcnJheSAoaT0+e2xldHRlcn0gLi4uKTsgc3RyaW5nIHtsZXR0ZXJ9IC0gbGV0dGVyIG9mIGEgZHJpdmUNCi8vJHNhZmVtb2RlX2Rpc2tldHRlcyA9IHJhbmdlKCJhIiwieiIpOw0KJGhleGR1bXBfbGluZXMgPSA4Oy8vIGxpbmVzIGluIGhleCBwcmV2aWV3IGZpbGUNCiRoZXhkdW1wX3Jvd3MgPSAyNDsvLyAxNiwgMjQgb3IgMzIgYnl0ZXMgaW4gb25lIGxpbmUNCg=='
),
array( 'id' => 'C99 Saldiri.org version', 'def1' => 'aWYgKCFmdW5jdGlvbl9leGlzdHMoImsxcjRfYnVmZl9wcmVwYXJlIikpDQp7DQpmdW5jdGlvbiBrMXI0X2J1ZmZfcHJlcGFyZSgpDQo='),
array( 'id' => 'CGI Telnet', 'def1' => 'c3ViIFJlYWRQYXJzZQ0Kew0KICAgICAgICBsb2NhbCAoKmluKSA9IEBfIGlmIEBfOw0KICAgICAgICBsb2NhbCAoJGksICRsb2MsICRrZXksICR2YWwpOw0KDQoNCg=='),
array( 'id' => 'CTT Shell', 'def1' =>
'aWYgKCRhY3QgPT0gImZ0cHF1aWNrYnJ1dGUiKQ0Kew0KIGVjaG8gIjxiPkZ0cCBRdWljayBicnV0ZTo8L2I+PGJyPiI7DQogaWYgKCR3aW4pIHtlY2hvICJUaGlzIGZ1bmN0aW9ucyBub3Qgd29yayBpbiBXaW5kb3dzITxicj48YnI+Ijt9DQogZWxzZQ0KIHsNCiAgZnVuY3Rpb24gY3RmdHBicnV0ZWNoZWNrKCRob3N0LCRwb3J0LCR0aW1lb3V0LCRsb2dpbiwkcGFzcywkc2gsJGZxYl9vbmx5d2l0aHNoKQ0KICB7DQppZiAoJGZxYl9vbmx5d2l0aHNoKQ0KDQo='),
array( 'id' => 'Cyber Shell', 'def1' =>
'PGNlbnRlcj4uOkN5YmVyIFNoZWxsICh2IDEuMCk6Ljxicj5Db3B5cmlnaHQgqSA8YSBocmVmPSJodHRwOi8vd3d3LmN5YmVybG9yZHMubmV0IiB0YXJnZXQ9Il9ibGFuayI+Q3liZXIgTG9yZHMgQ29tbXVuaXR5PC9hPiwgMjAwMi0yMDA2PC9jZW50ZXI+'),
array( 'id' => 'Dive Shell', 'def1' => 'LypFbXBlcm9yIEhhY2tpbmcgVEVBTSAqLw0KICBzZXNzaW9uX3N0YXJ0KCk7DQo='),
array( 'id' => 'DTool Pro Shell', 'def1' =>
'aWYoaXNzZXQoJGNoZGlyKSkgQGNoZGlyKCRjaGRpcik7DQpmdW5jdGlvbiBzYWZlbW9kZSgkd2hhdCl7ZWNobyAiVGhpcyBzZXJ2ZXIgaXMgaW4gc2FmZW1vZGUuIFRyeSB0byB1c2UgRFRvb2wgaW4gU2FmZW1vZGUuIjt9DQo='),
array( 'id' => 'Erne Safe Mode Bypass Shell', 'def1' =>
'PHRyPjx0ZD48Y2VudGVyPjxmb250IHNpemU9IjQiIGNvbG9yPSIjRkZGRkZGIj48c3BhbiBzdHlsZT0iYmFja2dyb3VuZC1jb2xvcjogIzAwMDAwMCI+RXJOZSBTYWZlIE1vZGUgQnlwYXNzIEZvciBCaXlvU2VjdXJpdHkuTmV0PC9zcGFuPg0K'),
array( 'id' => 'GFS Shell', 'def1' => 'R0ZTIFdlYi1TaGVsbA0KKi8NCmVycm9yX3JlcG9ydGluZygwKTsNCmlmKCRfUE9TVFsnYl9kb3duJ10pew0K'),
array( 'id' => 'GNY Shell', 'def1' =>
'Ly93NGNrMW5nIFNoZWxsDQppZiAoIWZ1bmN0aW9uX2V4aXN0cygnbXlzaGVsbGV4ZWMnKSkNCnsNCmlmKGlzX2NhbGxhYmxlKCdwb3BlbicpKXsNCmZ1bmN0aW9uIG15c2hlbGxleGVjKCRjb21tYW5kKSB7DQoNCg=='),
array( 'id' => 'H4NTU Shell', 'def1' =>
'PD9waHANCmVjaG8gIjxwPjxmb250IHNpemU9MiBmYWNlPVZlcmRhbmE+PGI+VGhpcyBJcyBUaGUgU2VydmVyIEluZm9ybWF0aW9uPC9iPjwvZm9udD48L3A+IjsNCj8+DQoNCg0KDQo='),
array( 'id' => 'Heykir Shell', 'def1' =>
'ICRjb2Rlcj0iVGhlX0JlS2lSICAmICBUaVQgICYgUnVzbGFuICI7DQogJHN0cmluZyA9ICFlbXB0eSgkX1BPU1RbJ3N0cmluZyddKSA/ICRfUE9TVFsnc3RyaW5nJ10gOiAwOw0KICRzd2l0Y2ggPSAhZW1wdHkoJF9QT1NUWydzd2l0Y2gnXSkgPyAkX1BPU1RbJ3N3aXRjaCddIDogMDsNCg=='),
array( 'id' => 'iMHaP FTP Shell', 'def1' =>
'PEJPRFk+PElNRyBzdHlsZT0iV0lEVEg6IDMwNnB4OyBIRUlHSFQ6IDc2cHgiIGhlaWdodD0xMDAgDQpzcmM9Imh0dHA6Ly93d3cubmV0dGVraWFkcmVzLmNvbS9pbWhhYmlybGlnaS5qcGciIHdpZHRoPTI4Mj48L0JPRFk+DQo8YnI+PENlbnRlcj5TVSBBTiA8QSBocmVmPSJodHRwOi8vd3d3LmltaGFiaXJsaWdpLmNvbSI+aU1IYUJpUkxpR2k8L0E+IEhVRFVUTEFSSU5EQSBCVUxVTk1BS1RBU0lOSVouISE8L0NlbnRlcj4NCg0K'),
array( 'id' => 'Iron Shell', 'def1' =>
'cHJpbnQgIjxmb3JtIGFjdGlvbj1cIiIuJG1lLiI/cD1ldmFsXCIgbWV0aG9kPVBPU1Q+DQoNCgkJCQk8dGV4dGFyZWEgY29scz02MCByb3dzPTEwIG5hbWU9XCJldmFsXCI+IjsNCg0KCQkJCWlmKGlzc2V0KCRfUE9TVFsnZXZhbCddKSkNCg0KDQo='),
array( 'id' => 'JSP Shell', 'def1' =>
'PC90YWJsZT4NCjxwIGFsaWduPSJjZW50ZXIiPlBvd2VyIEJ5IL74ttTB47bIW0IuQy5UXSBRUTo0ODEyNDAxMjwvcD4NCjxwIGFsaWduPSJjZW50ZXIiPiZuYnNwOzwvcD4NCjwlfS8vaWYgZWRpdA0KDQoNCg=='),
array( 'id' => 'Kacak Shell', 'def1' =>
'PG1ldGEgaHR0cC1lcXVpdj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9d2luZG93cy0xMjU0Ij4NCjx0aXRsZT5LYWNhayBGU08gMS4wIHwgVGVycm9yaXN0IENyZXcgLSBTaGVsbGNpLmJpejwvdGl0bGU+DQoNCg0K'),
array( 'id' => 'KADot Shell', 'def1' =>
'PG1ldGEgaHR0cC1lcXVpdj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9d2luZG93cy0xMjU0Ij4NCjx0aXRsZT5LYWNhayBGU08gMS4wIHwgVGVycm9yaXN0IENyZXcgLSBTaGVsbGNpLmJpejwvdGl0bGU+DQoNCg0K'),
array( 'id' => 'Lama Shell', 'def1' => 'PGh0bWw+DQogIDxoZWFkPg0KICAgIDx0aXRsZT5sYW1hJ3MnaGVsbCB2LiAzLjA8L3RpdGxlPg0K'),
array( 'id' => 'Liz0zim Shell', 'def1' =>
'ZWNobyAiPGI+PGZvbnQgY29sb3I9Ymx1ZT5MaXowemlNIFByaXZhdGUgU2FmZSBNb2RlIENvbW1hbmQgRXhlY3VyaXRvbiBCeXBhc3MgRXhwbG9pdDwvZm9udD48L2I+PGJyPiI7DQo='),
array( 'id' => 'Load Shell', 'def1' => 'PHRpdGxlPkxvYWRlcid6IFdFQiBzaGVsbDwvdGl0bGU+DQo='),
array( 'id' => 'Moroccan Spamers Shell', 'def1' =>
'PHRkIHdpZHRoPSIzMTciIGJvcmRlcmNvbG9yPSIjQ0NDQ0NDIiBiZ2NvbG9yPSIjRjBGMEYwIiBiYWNrZ3JvdW5kPSIvc2ltcGFydHMvaW1hZ2VzL2NlbGxwaWMxLmdpZiIgaGVpZ2h0PSIyMiI+PGZvbnQgc2l6ZT0iLTEiIGZhY2U9IlZlcmRhbmEsIEFyaWFsLCBIZWx2ZXRpY2EsIHNhbnMtc2VyaWYiPiA='),
array( 'id' => 'MyShell Shell', 'def1' => 'PHRpdGxlPiRNeVNoZWxsVmVyc2lvbiAtIEFjY2VzcyBEZW5pZWQ8L3RpdGxlPg0KICAgICAgICAgPC9oZWFkPg0K'),
array( 'id' => 'MySQL Interface Shell', 'def1' =>
'KiBNeXNxbCBpbnRlcmZhY2UgdjEuMA0KKiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQoqIERlc2NyaXB0aW9uIDoNCiogRHVuZ2AgZGUgbG9naW4gdmFvYCBDU0RMIGN1YSB2aWN0aW0ga2hpIGRhIGJpZXQgdXNlciB2YWAgcGFzcyBjdWEgbXlzcWwgdGhvbmcgcXVhIGZpbGUgY29uZmlnDQo='),
array( 'id' => 'Sora 101 shell', 'def1' =>
'fWVsc2VpZigkX0dFVFsiYXp6Il09PSJ2ZWRpIil7DQogICAgZWNobyBodG1sc3BlY2lhbGNoYXJzKGZpbGVfZ2V0X2NvbnRlbnRzKCRfR0VUWyJmaWxlIl0pKTsNCn1lbHNlaWYoJF9HRVRbImF6eiJdPT0iaW5jIil7DQogICAgaW5jbHVkZSgkX0dFVFsiZmlsZSJdKTsNCn0='),
array( 'id' => 'N Shell', 'def1' => 'PHRpdGxlPiBuU2hlbGwgdjEuMDwvdGl0bGU+DQo='),
array( 'id' => 'NCC Shell', 'def1' => 'PGgxPi46TkNDOi4gU2hlbGwgdjEuMC4wPC9oMT4NCg=='),
array( 'id' => 'Network File Manager PHP Shell', 'def1' => 'JHRpdGxlPSJOZXR3b3JrRmlsZU1hbmFnZXJQSFAgZm9yIGNoYW5uZWwgI2hhY2sucnUiOw0K'),
array( 'id' => 'Nix Remote Shell', 'def1' =>
'JHRpdGxlPSJOZXR3b3JrRmlsZU1hbmFnZXJQSFAgZm9yIGNoYW5uZWwgI2hhY2sucnUiOw0KDQokdmVyPSIxLjcucHJpdmF0ZSAoW2ZpbmFsX2VuZ2xpc2hfcmVsZWFzZV0pIjsNCg=='),
array( 'id' => 'NST Shell', 'def1' => 'IyMjIyMjdmVyIyMjIw0KJHZlcj0gInYyLjEiOw0KIyMjIyMjIyMjIyMjIw0K'),
array( 'id' => 'PH Vayv Shell', 'def1' => 'ICAgIDxicj4NCiAgICBQSFZheXYgMS4wPC9zcGFuPjwvZm9udD48L3RkPg0K'),
array( 'id' => 'PHANTASMA Shell', 'def1' =>
'PERJViBTVFlMRT0iZm9udC1mYW1pbHk6IHZlcmRhbmE7IGZvbnQtc2l6ZTogMjVweDsgZm9udC13ZWlnaHQ6IGJvbGQ7IGNvbG9yOiAjRjNiNzAwOyI+UEhBTlRBU01BLSBOZVcgQ21EIDspIDwvRElWPg0KDQo='),
array( 'id' => 'PHP Backdoor Shell', 'def1' => 'Ly8gYSBzaW1wbGUgcGhwIGJhY2tkb29yIHwgY29kZWQgYnkgejBtYmllIFszMC4wOC4wM10gfCBodHRwOi8vZnJlZW5ldC5hbS9+em9tYmllIFxcDQo='),
array( 'id' => 'PHP Bypass Shell', 'def1' => 'KgkJCQkJCQlTaGVMTCBBcmNoaXZlDQoqICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBQaHAgQnlwYXNzIC0gd3d3LnNoZWxsY2kuYml6DQoNCg=='),
array( 'id' => 'PHP Include With Shell', 'def1' => 'IyB3ZSBkZWNpZGUgaWYgd2Ugd2FudCBzeXNsb2dnaW5nDQpjbG9zZWxvZygpOw0KDQo='),
array( 'id' => 'PHP Inj Shell', 'def1' => 'PHRpdGxlPnx8IC46Ok5ld3MgUmVtb3RlIFBIUCBTaGVsbCBJbmplY3Rpb246Oi4gfHwgICA8L3RpdGxlPg0K'),
array( 'id' => 'PHP Jackal Shell', 'def1' =>
'Y2FzZSAnY3InOmNyYWNrZVIoKTticmVhazsNCmNhc2UgJ2RpYyc6ZGljbWFrZVIoKTticmVhazsNCmNhc2UgJ3Rvb2xzJzp0b29sUygpO2JyZWFrOw0KY2FzZSAnaGV4JzpoZXh2aWVXKCk7YnJlYWs7DQoNCg=='),
array( 'id' => 'PHP Remote View Shell', 'def1' => 'ICogIFdlbGNvbWUgdG8gcGhwUmVtb3RlVmlldyAoUmVtVmlldykgDQoNCg=='),
array( 'id' => 'R57 ORIGINAL Shell', 'def1' => 'LyogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBSNTcgc2hlbGwNCg0K'),
array( 'id' => 'R57 IFX Modified Shell', 'def1' =>
'LyogIHI1N3NoZWxsLnBocCAtID8/Pz8/PyA/PyA/Pz8gPz8/Pz8/Pz8/Pz8gPz8/ID8/Pz8/Pz8/PyA/Pz8/ID8/Pz8/Pz8gID8/ID8/Pz8/Pz8gPz8/Pz8gPz8/Pz8/Pw0K'),
array( 'id' => 'R57 Kartal Modified Shell', 'def1' => 'LyogICAgICAgICAgICAgICAgICAgIGthcnRhbF81NjdAaG90bWFpbC5jb21bS2FSVGFMXQ0KDQo='),
array( 'id' => 'R57 Mohajer22 Shell', 'def1' => 'LyogIChjKW9kZWQgYnkgMWR0LncwbGYNCg0KDQo='),
array( 'id' => 'R57 New Year Edition Shell', 'def1' => 'LyogID8/Pz8/PzogMS4yNCAoTmV3IFllYXIgRWRpdGlvbikNCg0KDQo='),
array( 'id' => 'Remview Shell', 'def1' => 'ICogICMgU2hlbGxjaS5CaXoNCiAqICBXZWxjb21lIHRvIHBocFJlbW90ZVZpZXcgKFJlbVZpZXcpIA0K'),
array( 'id' => 'S72 Shell', 'def1' => 'PHRpdGxlPnM3MiBTaGVsbCB2MS4wIENvZGluZiBieSBDckB6eV9LaW5nPC90aXRsZT4NCg=='),
array( 'id' => 'Safe Mode Bypass PHP 4.4.2 & 5.1.2 Shell', 'def1' =>
'TW9kZSBTaGVsbCB2MS4wPC9mb250Pjwvc3Bhbj48L2E+PC9mb250Pjxmb250IGZhY2U9IldlYmRpbmdzIiBzaXplPSI2IiBjb2xvcj0iI0ZGMDAwMCI+ITwvZm9udD48L2I+PC9wPg0KDQo='),
array( 'id' => 'SIM Attacker Shell', 'def1' => 'Jm5ic3A7SXJhbmlhbiBIYWNrZXJzIDogV1dXLlNJTU9SR0gtRVYuQ09NIDxicj4NCiZuYnNwO1Byb2dyYW1lciA6IEhvc3NlaW4gQXNnYXJ5IDxicj4NCg=='),
array( 'id' => 'SnIpEr SA Shell', 'def1' =>
'LyogIFNuSXBFcl9TQS5waHAgLSA/Pz8/Pz8gPz8gPz8/ID8/Pz8/Pz8/Pz8/ID8/PyA/Pz8/Pz8/Pz8gPz8/Pz8/Pz8/ID8/Pz8/Pz8gPz8gPz8/Pz8/PyA/Pz8/PyA/Pz8/Pz8/DQo='),
array( 'id' => 'Stres Bypass Shell', 'def1' => 'LyogICAgICAgICAgICAgICAgICAgICAgICAgIFN0cmVzQnlwYXNzIHYxLjANCg=='),
array( 'id' => 'Dark-Shell', 'def1' => 'ZWNobyAiPGNlbnRlcj48aDE+RGFyayBTaGVsbDwvaDE+PC9jZW50ZXI+PHA+PGhyPjxwPlxuIjsNCg=='),
array( 'id' => '0x00 PHP shell', 'def1' => 'ICAgICAgICA8dGl0bGU+fiAweDAwIFBIUCBzaGVsbCB2LjB4MjwvdGl0bGU+DQo='),
array( 'id' => 'okno_Shell', 'def1' => 'ZWNobyAnPGJyPlBIUCBzeXN0ZW0oKSBjb25zb2xlIGJ5IG9rbm8gLSBtYWluQHBhd2Vsem9yemFuLmV1IDxicj4nOw0K'),
array( 'id' => 'CShell', 'def1' => 'ICogQ1NoZWxsDQoNCg=='),
array( 'id' => 'Bl0od3r Priv8 Shell', 'def1' => 'U2hlbGwgd3JpdHRlbiBieSBCbDBvZDNyDQoNCg0K'),
array( 'id' => 'Root Access Shell', 'def1' =>
'PHRyPjx0ZCBjbGFzcz1jb250ZW50Yj48Y2VudGVyPjxhIGhyZWY9Imh0dHA6Ly9mb3J1bS5yb290LWFjY2Vzcy5ydSI+PGZvbnQgc2l6ZT0yIGNvbG9yPSNlN2U3ZWI+Um9vdC1BY2Nlc3MgU2hlbGwgdjEuMDwvZm9udD48L2E+PC9jZW50ZXI+DQoNCg0K'),
array( 'id' => 'G00nShell', 'def1' => 'IyBbZzAwbl1GaVNoIHByZXNlbnRzOiAjDQojIGcwMG5zaGVsbCB2MS4zIGZpbmFsICMNCg0KDQo='),
array( 'id' => 'CShell', 'def1' => 'ICogQ1NoZWxsDQoNCg=='),
array( 'id' => 'lostDC shell', 'def1' => 'ICogbG9zdERDIHNoZWxsDQoNCg0K'),
array( 'id' => '_GsC_ shell', 'def1' => 'R3NDIFNoZUxMIHYwLjguMCBDcmVhdGVkIEJ5IF9Hc0NfIEFrYSBTazFwcDNyDQoNCg0K'),
array( 'id' => 'OnBoomShell', 'def1' => 'LyoNCk9OQk9PTVNIRUxMIFYgMC4yDQpieSBjb2JyYTkwbmoNCg=='),
array( 'id' => 'StAkeR ~ Shell', 'def1' => 'PHRpdGxlPlN0QWtlUiB+IFNoZWxsPC90aXRsZT4NCjxzdHlsZSB0eXBlPSJ0ZXh0L2NzcyI+DQo='),
array( 'id' => 'Iron Shell', 'def1' =>
'JGZvb3RlciA9ICc8dHI+PHRkPjxocj48Y2VudGVyPiZjb3B5OyA8YSBocmVmPSJodHRwOi8vd3d3Lmlyb253YXJlei5pbmZvIj5Jcm9uPC9hPiAmIDxhIGhyZWY9Imh0dHA6Ly93d3cucm9vdHNoZWxsLXRlYW0uaW5mbyI+Um9vdFNoZWxsIFNlY3VyaXR5IEdyb3VwPC9hPjwvY2VudGVyPjwvdGQ+PC90YWJsZT48L2JvZHk+PC9oZWFkPjwvaHRtbD4nOw=='),
array( 'id' => '..:: HiddenShell ::..', 'def1' => 'ICAgIDx0aXRsZT5IaWRkZW5TaGVsbDwvdGl0bGU+DQo='),
array( 'id' => 'N3fa5t1cA Sh3ll', 'def1' => 'PGh0bWw+PHRpdGxlPk4zZmE1dDFjQSBTaDNsbDwvdGl0bGU+DQoNCg=='),
array( 'id' => '! ~ Cod3rZ Shell ~ !', 'def1' => 'IyBDb2QzclogU2hlbGwgNS4xDQojIGMwZGVkIGJ5IENvZDNyWg0KDQoNCg=='),
array( 'id' => 's101', 'def1' => 'PHRpdGxlPnMxMDEgdjAuMi41PC90aXRsZT4NCg0K'),
array( 'id' => 'Nexpl0rer Shell', 'def1' => 'MzEzMzcgU2hlbGwgYnkgTmV4ZW4gLSBQaFAgYzBkYWgNCg0K'),
array( 'id' => 'DC3 Shell (Priv8)', 'def1' => 'ICAgICAgICAgIGRDMyBTZWN1cml0eSBDcmV3DQo='),
array( 'id' => 'H4ntu Shell', 'def1' =>
'ZWNobyAiPHRpdGxlPmg0bnR1IHNoZWxsIFtwb3dlcmVkIGJ5IHRzb2ldPC90aXRsZT5cbjxwPjxmb250IHNpemU9MiBmYWNlPVZlcmRhbmE+PGI+VGhpcyBJcyBUaGUgU2VydmVyIEluZm9ybWF0aW9uPC9iPjwvZm9udD48L3A+IjsNCg=='),
array( 'id' => 'Macker s Private PHPShell', 'def1' => 'KiAgICAgICAgICAgICAgICAgICAgICAgICAgIFBIUFNIRUxMLlBIUCAgICAgICAgICAgICAqDQoNCg=='),
array( 'id' => '~ Andr3a92 ~ Sh3ll ~', 'def1' =>
'ZWNobyAiPHRyPjx0ZCBiZ2NvbG9yPVwiI0NDQ0NDQ1wiPjxjZW50ZXI+PGltZyBzcmM9XCIiLiRzaGVsbC4iP2ltZz1maWxlXCIgYm9yZGVyPVwiMFwiPjwvY2VudGVyPjwvdGQ+PHRkIGJnY29sb3I9XCIjQ0NDQ0NDXCI+PGEgaHJlZj1cIiIuJGZpbGV6LiJcIiB0YXJnZXQ9XCJfQkxBTktcIj4iLiRmaWxlX25hbWUuIjwvYT48L3RkPg0K'),
array( 'id' => 'JsBack - Shell Backdoor', 'def1' => 'ICAgICAgICAgICAgICAgSnNCYWNrIC0gSmF2YXNjcmlwdCBCYWNrZG9vcg0K'),
array( 'id' => 'shell qualsiasi', 'def1' => 'c2hlbGwNCg==', 'def2' => 'U2hlbGwNCg==', 'def3' => 'U2gzbGwNCg==')
);
$generic = 'Shell';
parse_dir( $settings[ 'BASE_DIR' ] );
echo "</pre><br />";
?>
<br>
</div></span>
</pre></p></body></html>
Reference in New Issue View Git Blame Copy Permalink