查找phpwebshell小工具

2013-04-08 60807人围观 ,发现 5 个不明物体 工具

思路就是匹配脚本文件以及配置文件hash,找出hash改变的脚本或者配置文件,脚本共三个参数 

1,-save 即读取web目录和配置文件,计算hash匹配并且保存文件 
2,-find 即通过保存的hash与当前web目录脚本文件和配置文件hash匹配,找出hash变动的文件 
3,-listen 首先执行save。然后循环执行find,如果发现hash异常通过email通知管理员。每次find完成后都sleep一段时间,这里默认半个小时,相当于半个小时检查一次。

代码比较搓,将就看看吧

import hashlib
import sys
import os
import re
import time
import smtplib
from email.mime.text import MIMEText

def send_mail(content):
    to_list=["xxx@qq.com"]
    mail_host="smtp.163.com"
    mail_user="xxxx"
    mail_pass="xxxr"
    mail_postfix="163.com"
    me=mail_user+"<"+mail_user+"@"+mail_postfix+">"
    msg = MIMEText(content)
    msg['Subject'] ='warning'
    msg['From'] = me
    msg['To'] = ";".join(to_list)
    try:
        s = smtplib.SMTP()
        s.connect(mail_host)
        s.login(mail_user,mail_pass)
        s.sendmail(me, to_list, msg.as_string())
        s.close()
        return True
    except Exception, e:
        print str(e)
        return False

def md5Checksum(filePath):
        fh = open(filePath, 'rb')
        m = hashlib.md5()
        while True:
            data = fh.read(8192)
            if not data:
                break
            m.update(data)
        fh.close()
        return m.hexdigest()
def load_hash(filepath):
        pass
def load_filelist(f):
        f1=open(f,'r')
        f_list=[]
        while 1:
            line=f1.readline()
            if not line:
                break
            f_list.append(line)
        dic={}
        for str1 in f_list:
            item1,item2= str1.split(':')
            dic[item1]=item2
        f1.close()
        return dic

def save_config(configpath,webdir):
        f1=open('config','w')
        f1.writelines('configpath:'+configpath+'\r\n')
        f1.writelines('webdir:'+webdir+'\r\n')
        f1.close()
def find():
        lists=[]
        lists=findchange()
        for str1 in lists:
           print str1
def findchange():
        relist=[]
        dic1={}
        dic1= load_filelist('save_hash')
        dic2={}
        dic2=load_filelist('config')
        weblist=[]
        weblist=load_all_path(dic2['webdir'].replace('\r\n',''))
        weblist.append(str(dic2['configpath'].replace('\r\n','')))
        for webpage in weblist:
           if str(dic1.get(webpage))=='None':
               relist.append(webpage+' is new file\r\n')
           elif str(dic1.get(webpage)).replace('\r\n','')!=md5Checksum(webpage):
              relist.append(webpage+'   has been changed\r\n')
        return relist
def load_all_path(rootDir):
    str1=[]
    list_dirs = os.walk(rootDir)
    for root, dirs, files in list_dirs:
        for f in files:
               if  str(os.path.splitext(f)[1])=='.php' or str(os.path.splitext(f)[0])=='.htaccess':
                   str1.append(str(os.path.join(root, f)))
    return str1
def save(config,webpath):
    save_config(config,webpath)
    confighash=md5Checksum(config)
    weblist=[]
    weblist=load_all_path(webpath)
    print weblist
    f1=open('save_hash','w')
    f1.writelines(config+':'+confighash+"\r\n")
    for str1 in weblist:
        print str1
        f1.writelines(str1+':'+md5Checksum(str1)+"\r\n")
    f1.close()
def listen(config,webpath):
    save(config,webpath)
    while 1:
        lists=[]
        lists=findchange()
        if(len(lists)!=0):
           str2=''
           for str1 in lists:
               str2=str2+str1.replace('\r\n','')+'\n'
           send_mail(str2)
        time.sleep(3600)

if __name__ == '__main__':
    banner='''usage:
    find.py -save config webpath
    find.py -find
    nohup python  find.py -listen config webpath $
    Example:
    python find.py -save /etc/apache2/apache2.conf /var/www
    python find.py -find
    nohup python find.py -listen /etc/apache2/apache2.conf /var/www &
    email:2243280774@qq.com
    '''

    if (len(sys.argv)<2):
        print banner
    elif (len(sys.argv)==4 and sys.argv[1]=='-save'):
        save(sys.argv[2],sys.argv[3])
    elif (len(sys.argv)==2 and sys.argv[1]=='-find'):
        find()
    elif (sys.argv[1]=='-listen'):
         listen(sys.argv[2],sys.argv[3])
    else :
        print banner

下载地址

2篇文章等级:2

这家伙太懒,还未填写个人描述!

发表评论

已有 5 条评论

取消
Loading...

这家伙太懒,还未填写个人描述!

2篇文章23条评论

特别推荐

关注我们 分享每日精选文章

不容错过

css.php