python脚本实现查找webshell的方法

2024-04-09 19:07:03 278

#!/usr/bin/envpython #-*-coding:utf-8-*- importos importsys importre importsmtplib #设定邮件 fromaddr="smtp.qq.com" toaddrs=["voilet@qq.com"] username="voilet" password="xxxxxx" #设置白名单 pass_file=["api_ucenter.php"] #定义发送邮件函数 defsendmail(toaddrs,sub,content): '发送邮件模块' #AddtheFrom:andTo:headersatthestart! msg=("From:%s\r\nTo:%s\r\nSubject:%s\r\n\r\n" %(fromaddr,",".join(toaddrs),sub)) msg+=content server=smtplib.SMTP('mail.funshion.com',25,) server.login(username,password) server.sendmail(fromaddr,toaddrs,msg) server.quit() #设置搜索特征码 rulelist=[ '(\$_(GET|POST|REQUEST)\[.{0,15}\]$\$_(GET|POST|REQUEST)\[.{0,15}\]$)', '(base64_decode$[\'"][\w\+/=]{200,}[\'"]$)', 'eval$base64_decode\(', '(eval\(\$_(POST|GET|REQUEST)\[.{0,15}\]$)', '(assert$\$_(POST|GET|REQUEST)\[.{0,15}\]$)', '(\$[\w_]{0,15}$\$_(POST|GET|REQUEST)\[.{0,15}\]$)', '(wscript\.shell)', '(gethostbyname\()', '(cmd\.exe)', '(shell\.application)', '(documents\s+and\s+settings)', '(system32)', '(serv-u)', '(提权)', '(phpspy)', '(后门)', '(webshell)', '(Program\s+Files)', 'www.phpdp.com', 'phpdp', 'PHP神盾', 'decryption', 'Ca3tie1', 'GIF89a', 'IKFBILUvM0VCJD\/APDolOjtW0tgeKAwA', '\'e\'\.\'v\'\.\'a\'\.\'l\'', ] defScan(path): forroot,dirs,filesinos.walk(path): forfilespathinfiles: isover=False if'.'infilespath: ext=filespath[(filespath.rindex('.')+1):] ifext=='php'andfilespathnotinpass_file: file=open(os.path.join(root,filespath)) filestr=file.read() file.close() forruleinrulelist: result=re.compile(rule).findall(filestr) ifresult: print'文件：'+os.path.join(root,filespath) print'恶意代码：'+str(result[0]) print'\n\n' sendmail(toaddrs,"增值发现恶意代码",'文件：'+os.path.join(root,filespath)+"\n"+'恶意代码：'+str(result[0])) break try: ifos.path.lexists("/home/web_root/"): print('\n\n开始扫描：'+"/home/web_root/") print('可疑文件') print('########################################') Scan("/home/web_root/") print('提示：扫描完成--~') else: print'提示：指定的扫描目录不存在---' exceptIndexError: print"请指定扫描文件目录"

python脚本实现查找webshell的方法

热门推荐

随机推荐