PHP网页木马扫描器

/**
 * removeHorse.php by 2012.5.5
 * 尛岢 kerring
 */
set_time_limit(0);
arScan('./', '*.{php,htm,html}', array(
  array(
    '/eval\(.+\)/iUs',
    '/system\(.+\)/iUs'
  ),
  array('', '')
));

//扫描嵌入代码
function arScan($path, $mark, $expr, $i = 0) {
  $files = arGlob($path, $mark);
  foreach($files as $key => $file) {
    if(!$fc = file_get_contents($file)) { continue; }
    $fr = preg_replace($expr[0], $expr[1], $fc, -1, $rs);
    if($rs > 0) {
      #file_put_contents($file, $fc);
      $i++;
    }
    echo "[$rs] {$file} \n";
  }
  echo "共处理文件{$i}个";
}

//获取文件列表
function arGlob($path = './', $mark = '*', $full = false) {
  $files = array();
  if($result = glob($path.$mark, GLOB_MARK|GLOB_BRACE)) {
    $result = str_replace('\\', '/', $result);
    foreach($result as $file) {
      substr($file, -1, 1) == '/' || $files[] = $file;
    }
  }
  if($result = glob($path.'*', GLOB_MARK|GLOB_ONLYDIR)) {
    $result = str_replace('\\', '/', $result);
    foreach($result as $path) {
      $full && $files[] = $path;
      $files = array_merge($files, arGlob($path, $mark, $full));
    }
  }
  return $files;
}

发表评论

电子邮件地址不会被公开。 必填项已用*标注