Файловый менеджер

Файловый менеджер - Редактировать - /home/digitalm/phpscannerscript.py

Назад
import os import re import sys import argparse import pandas as pd from concurrent.futures import ThreadPoolExecutor, as_completed def scan_file(file_path, patterns): """ Scans a single PHP file for suspicious code patterns. """ try: with open(file_path, 'r', encoding='utf-8', errors='ignore') as f: content = f.read() except Exception as e: return file_path, None, f"Error reading file: {e}" matches = {} for desc, regex in patterns.items(): found = regex.findall(content) if found: matches[desc] = f"[{desc}] Matches: {', '.join(set(found))}" return file_path, matches, None def scan_directory(root_path, patterns): """ Recursively scans a directory for PHP files and checks for suspicious patterns. """ results = [] php_files = [os.path.join(dp, f) for dp, _, filenames in os.walk(root_path) for f in filenames if f.endswith('.php')] with ThreadPoolExecutor() as executor: future_to_file = {executor.submit(scan_file, file, patterns): file for file in php_files} for future in as_completed(future_to_file): file_path, matches, error = future.result() if error: print(f"[!] {file_path}: {error}") continue if matches: results.append({ "File Name": os.path.basename(file_path), "File Path": file_path, "Suspicious Signatures": " \| ".join(matches.values()), # Merge signatures "Vulnerability Score": sum(len(v.split(',')) * 10 for v in matches.values()) # Sum scores }) return results def save_to_excel(results, output_file): """ Saves the scan results to an Excel file. """ df = pd.DataFrame(results) df.index += 1 df.index.name = "Number" try: df.to_excel(output_file, index=True, engine='openpyxl') print(f"\nResults saved to: {output_file}") except Exception as e: print(f"[!] Error saving results: {e}") def main(): parser = argparse.ArgumentParser(description="Scan PHP files for suspicious code and save results to Excel.") parser.add_argument("path", help="Path to the website folder to scan") parser.add_argument("--output", default="suspicious_scan_results.xlsx", help="Path to output Excel file (default: suspicious_scan_results.xlsx)") args = parser.parse_args() root_path = args.path output_path = args.output if not os.path.isdir(root_path): print(f"Error: '{root_path}' is not a valid directory.") sys.exit(1) # Define suspicious regex patterns suspicious_patterns = { "goto_statement": re.compile(r'\bgoto\s+\w+\s;', re.IGNORECASE), "error_reporting_0": re.compile(r'\berror_reporting\s\(\s0\s\)', re.IGNORECASE), "eval_function": re.compile(r'\beval\s\(', re.IGNORECASE), "base64_decode": re.compile(r'\bbase64_decode\s\(', re.IGNORECASE), "str_rot13": re.compile(r'\bstr_rot13\s\(', re.IGNORECASE), "hex_escapes": re.compile(r'(\\x[0-9a-fA-F]{2}){5,}'), "curl_init": re.compile(r'\bcurl_init\s\(', re.IGNORECASE), "file_get_contents": re.compile(r'\bfile_get_contents\s\(', re.IGNORECASE), "include_statement": re.compile(r'@?\sinclude\s*\(', re.IGNORECASE), } print(f"Scanning directory: {root_path}...") results = scan_directory(root_path, suspicious_patterns) if results: save_to_excel(results, output_path) else: print("No suspicious files detected.") if __name__ == "__main__": main()

| ver. 1.4 | Github | . | PHP 8.3.23 | Генерация страницы: 0.06 | proxy | phpinfo | Настройка