-
Notifications
You must be signed in to change notification settings - Fork 15
Expand file tree
/
Copy pathphpnulled.sh
More file actions
executable file
·87 lines (74 loc) · 2.5 KB
/
phpnulled.sh
File metadata and controls
executable file
·87 lines (74 loc) · 2.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
#!/usr/bin/env bash
# ____ ____ ____ _________ ____ ____ ____ ____ ____ ____
# ||P |||H |||P ||| |||N |||U |||L |||L |||E |||D ||
# ||__|||__|||__|||_______|||__|||__|||__|||__|||__|||__||
# |/__\|/__\|/__\|/_______\|/__\|/__\|/__\|/__\|/__\|/__\|
#
# PHP Nulled Script Scanner v3
# by @zeampzpvy
#
# This script attempts to detect backdoors and hidden code in PHP scripts downloaded from suspicious sources.
# Checks for some common and uncommon strings found in unsafe scripts that may lead to ads, backdoors, etc.
# It uses recursive grep searching to output the suspected filename and line.
#
# This script is not foolproof and all output should be examined by someone with at least an intermediate
# knowledge of their system. If something doesn't look right, backup the suspected file to an offline
# storage device and delete original the file from your web server. A lot of times, these shady files can
# be reverse engineered to provide a unique insight into the vulnerability and edited to run safely.
#
LOG="scanner.txt"
# Mirror output to terminal AND log file
exec > >(tee -a "$LOG") 2>&1
clear
echo "=================================================="
echo " PHP NULLED SCRIPT SCANNER"
echo " Version 3"
echo "=================================================="
echo " Log file : $LOG"
echo " Started : $(date)"
echo "=================================================="
echo
read -rp "Enter the path to your PHP root directory: " PHPROOT
echo
if [[ ! -d "$PHPROOT" ]]; then
echo "[FATAL] '$PHPROOT' is not a valid directory."
exit 1
fi
echo "[INFO] Target directory: $PHPROOT"
echo "[INFO] Scan in progress..."
echo
PATTERNS=(
"shell_exec"
"system"
"passthru"
"eval"
"base64_decode"
"edoced_46esab"
"phpinfo"
"php_uname"
"fopen"
"fclose"
"readfile"
"chmod"
)
TOTAL=${#PATTERNS[@]}
COUNT=1
for PATTERN in "${PATTERNS[@]}"; do
echo "--------------------------------------------------"
echo "[CHECK $COUNT/$TOTAL] Searching for: $PATTERN"
MATCHES=$(grep -Rni --color=never "$PATTERN" "$PHPROOT" | tee /tmp/scanner.tmp)
if [[ -s /tmp/scanner.tmp ]]; then
echo "[WARNING] Matches found for '$PATTERN'"
else
echo "[OK] No matches found"
fi
rm -f /tmp/scanner.tmp
echo
((COUNT++))
done
echo "=================================================="
echo "[DONE] Scan completed successfully"
echo "[DONE] Finished at: $(date)"
echo "[DONE] Review results in: $LOG"
echo "=================================================="
echo