PHP网页木马扫描器

/**
 * removeHorse.php by 2012.5.5
 * 尛岢 kerring
 */
set_time_limit(0);
arScan('./', '*.{php,htm,html}', array(
  array(
    '/eval\(.+\)/iUs',
    '/system\(.+\)/iUs'
  ),
  array('', '')
));

//扫描嵌入代码
function arScan(path,mark, expr,i = 0) {
  files = arGlob(path, mark);
  foreach(files as key =>file) {
    if(!fc = file_get_contents(file)) { continue; }
    fr = preg_replace(expr[0], expr[1],fc, -1, rs);
    if(rs > 0) {
      #file_put_contents(file,fc);
      i++;
    }
    echo "[rs] {file} \n";
  }
  echo "共处理文件{i}个";
}

//获取文件列表
function arGlob(path = './',mark = '*', full = false) {files = array();
  if(result = glob(path.mark, GLOB_MARK|GLOB_BRACE)) {result = str_replace('\\', '/', result);
    foreach(result as file) {
      substr(file, -1, 1) == '/' || files[] =file;
    }
  }
  if(result = glob(path.'*', GLOB_MARK|GLOB_ONLYDIR)) {
    result = str_replace('\\', '/',result);
    foreach(result aspath) {
      full &&files[] = path;files = array_merge(files, arGlob(path, mark,full));
    }
  }
  return $files;
}

发表评论

您的电子邮箱地址不会被公开。 必填项已用*标注