扫描目录下的可疑Webshell的文件,并显示出相应的代码。 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 #!/usr/bin/env python import sys import os import re import datetime import os.path if len(sys.argv) <2: print("\n /*//////////////////////////////////////////"); print(" // Sov Webshell Scan tool //"); print(" // by:0x001 http://www.0x001.com //"); print(" //////////////////////////////////////////*/\n"); print(' Usage : python SovScan.py /web/0x001') pattern = re.compile(r"\bserver.execute\s+request|\bexecute\s+request|\beval\s+request|\beval_r\s+request|\bExecuteGlobal\s+request|\bExecute\s+Session|\bexecute\s*\(+\s*request|\beval\s*\(+\s*request|\beval_r\s*\(+\s*request|\bExecuteGlobal\s*\(+\s*request|\bExecute\s*\(+\s*Session|\s*'\s*:\s*eval|\bServer.CreateObject\s*\(\s*\"ScriptControl\"\s*\)|\bSystem.Reflection.Assembly.Load|\beval\s*\(+\s*\$|\beval_r\s*\(+\s*\$|\bassert\s*\(+\s*\$|`\$_Request\[.*`|`\$_GET\[.*`|`\$_POST\[.*`|\.ExecuteStatement\s*\(|\bnew\s+WebAdmin2Y|\beval\s*\(\s*@?base64_decode\s*\(|\beval\s*\(\s*@?gzuncompress\s*\(\s*@?base64_decode\(|\binclude.*(\.jpg|\.gif|\.png|\.bmp|\.txt)|\brequire_once.*(\.jpg|\.gif|\.png|\.bmp|\.txt)|\brequire.*(\.jpg|\.gif|\.png|\.bmp|\.txt)|\bexecute\s*\(+\s*\w+\s*\(+.*\s*\)|\bshell_exec\b|\bpassthru\s*\(|\bwscript\.shell\b|\bShell\.Application\b|\bVBScript\.Encode\b|\bxp_cmdshell\b|\bproc_open\b|\bSystem\.Net\.Sockets\b|\bSystem\.Diagnostics\b|\bSystem\.DirectoryServices\b|\bSystem\.ServiceProcess\b|\bnew\s+Socket\b|\bSystem\.Reflection\.Assembly\.Load\(Request\.BinaryRead\b|\bRuntime\.getRuntime\(\)\.exec\b|clsid:72C24DD5-D70A-438B-8A42-98424B88AFB8|clsid:13709620-C279-11CE-A49E-444553540000|clsid:0D43FE01-F093-11CF-8940-00A0C9054228|clsid:F935DC22-1CF0-11D0-ADB9-00C04FD58A0B|\bLANGUAGE\s*=\s*[\"]?\s*(vbscript|jscript|javascript).encode\b|'?e'?\.?'?v'?\.?'?a'?\.?'?l'") def FileHandler(ev,filename): # find file p_file = re.compile(r"\.php$") match = p_file.search(filename) if match == None: return False e = os.path.exists(filename) if e == False: return False # read file filecontent = '' file = open(filename) while True: lines = file.readlines(100000) if not lines: break for line in lines: filecontent = filecontent +line #print filecontent match = pattern.finditer(filecontent) mlist = list(match) num = len(mlist) if num >0: nowtime = datetime.datetime.now().strftime("%Y-%m-%d %H:%M") print '\n',nowtime,' ',ev,filename,', Matching number : ',num,'\nMatching Resut: ', for m in mlist: print m.group(), print '\n' else: pass rootdir = sys.argv[1] for parent, dirnames, filenames in os.walk(rootdir): #for dirname in dirnames: # print os.path.join(parent,dirname),'/' for filename in filenames: FileHandler('Scan:',os.path.join(parent,filename)) from: http://www.0x001.com/?p=687
查看更多关于Python扫描Webshell工具 - 网站安全 - 自学php的详细内容...