<?php
/***************************************************************************
* PHP Security-Shell RFI Scanner *
* *
* Copyright (C) 2007 by pentest *
* *
* http://security-shell.uni.cc *
* *
* This program is free software; you can redistribute it and/or modify *
* it under the terms of the GNU General Public License as published by *
* the Free Software Foundation; either version 2 of the License, or *
* (at your option) any later version. *
* *
* This program is distributed in the hope that it will be useful, *
* but WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
* GNU General Public License for more details. *
* Test over by cnfjhh *
***************************************************************************/
$escan_inc_regex = array( /include(_once)?.$/ix, /require(_once)?.$/ix );
/* Regex to extract the names of variables */
$escan_var_regex = array( /Ainclude(_once)?./is, /Arequire(_once)?./is );
/* Array of file extensions to scan */
$escan_valid_ext = array( php );
/* Maximum size of a file to scan, scans all if 0 */
$escan_max_size = 0;
/* Counter crawled directory */
$escan_dir_count = 0;
/* Perpetual scanned files */
$escan_file_count = 0;
/* Perpetual potential rfi found */
$escan_match_count = 0;
/*Perpetual crawled total bytes */
$escan_byte_count = 0;
escan_banner();
if( $argc < 2 ){
escan_usage($argv[0]);
}
else{
$stime = escan_get_mtime();
escan_recurse_dir( realpath($argv[1]).DIRECTORY_SEPARATOR );
$etime = escan_get_mtime();
print ”
@ Scan report :
” .
” $escan_dir_count directory .
“.
” $escan_file_count file .
“.
” ” . escan_format_size($escan_byte_count) . ” .
“.
” $escan_match_count Potential RFI .
“.
” “.($etime-$stime) . ” Second Processing .
“;
}
/* A string formats in a magnitude expressed in bytes */
function escan_format_size($bytes)
{
if( $bytes < 1024 ) return “$bytes bytes”;
if( $bytes < 1048576 ) return ($bytes / 1024) . ” Kb”;
if( $bytes < 1073741824 ) return ($bytes / 1048576) . ” Mb”;
return ($bytes / 1073741824) . ” Gb”;
}
/* Returns the timestamp in seconds */
function escan_get_mtime()
{
list($usec, $sec) = explode(” “,microtime());
return ((float)$usec + (float)$sec);
}
/* Extracts line of code inclusion */
function escan_scan_line($content,$offset)
{
list( $line, $dummy ) = explode( “;” , substr($content,$offset,strlen($content)) );