PHP Security-Shell RFI Scanner

<?php
/***************************************************************************
*   PHP Security-Shell RFI Scanner                                        *
*                                                                         *
*   Copyright (C) 2007 by pentest                                         *
*                                                                         *
*   http://security-shell.uni.cc                                          *
*                                                                         *
*   This program is free software; you can redistribute it and/or modify *
*   it under the terms of the GNU General Public License as published by *
*   the Free Software Foundation; either version 2 of the License, or     *
*   (at your option) any later version.                                   *
*                                                                         *
*   This program is distributed in the hope that it will be useful,       *
*   but WITHOUT ANY WARRANTY; without even the implied warranty of        *
*   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the         *
*   GNU General Public License for more details.                          *
*   Test over by cnfjhh                                                   *
***************************************************************************/
   
    $escan_inc_regex   = array( /include(_once)?.$/ix, /require(_once)?.$/ix );
    /* Regex to extract the names of variables */
    $escan_var_regex   = array( /Ainclude(_once)?./is, /Arequire(_once)?./is );
    /* Array of file extensions to scan */
    $escan_valid_ext   = array( php );
    /* Maximum size of a file to scan, scans all if 0 */
    $escan_max_size    = 0;
    /* Counter crawled directory */
    $escan_dir_count   = 0;
    /* Perpetual scanned files */
    $escan_file_count = 0;
    /* Perpetual potential rfi found */
    $escan_match_count = 0;
    /*Perpetual crawled total bytes */
    $escan_byte_count = 0;


    escan_banner();



    if( $argc < 2 ){
        escan_usage($argv[0]);
    }
    else{  


        $stime = escan_get_mtime();


        escan_recurse_dir( realpath($argv[1]).DIRECTORY_SEPARATOR );


        $etime = escan_get_mtime();


        print ”
@ Scan report :

” .
              ” $escan_dir_count directory .
“.
              ” $escan_file_count file .
“.
              ” ” . escan_format_size($escan_byte_count) . ” .
“.
              ” $escan_match_count Potential RFI .
“.
              ” “.($etime-$stime) . ” Second Processing .

“;
    }


    /* A string formats in a magnitude expressed in bytes */
    function escan_format_size($bytes)
    {
        if( $bytes < 1024       ) return “$bytes bytes”;
        if( $bytes < 1048576    ) return ($bytes / 1024) . ” Kb”;
        if( $bytes < 1073741824 ) return ($bytes / 1048576) . ” Mb”;
       
        return ($bytes / 1073741824) . ” Gb”;
    }
   
    /* Returns the timestamp in seconds */
    function escan_get_mtime()
    {
        list($usec, $sec) = explode(” “,microtime());
        return ((float)$usec + (float)$sec);
    }


    /* Extracts line of code inclusion */
    function escan_scan_line($content,$offset)
    {
        list( $line, $dummy ) = explode( “;” , substr($content,$offset,strlen($content)) );
       
      

發佈留言

發佈留言必須填寫的電子郵件地址不會公開。 必填欄位標示為 *