You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
PHP web application that scans a directory for files with specific extensions (e.g., PHP scripts) and checks for suspicious tokens or patterns within the files. The application uses various PHP functions and techniques to achieve this, including recursive directory scanning, file token extraction, and token comparison.
5
+
PHP web application that scans a directory for files with specific extensions (e.g., PHP scripts) and checks for suspicious tokens or patterns within the files.
6
+
7
+
The application uses various PHP functions and techniques to achieve this, including recursive directory scanning, file token extraction, and token comparison.
8
+
9
+
This tool is designed to help identify potentially malicious PHP files in a web server environment, but it should be used with caution as it may produce false positives and has the capability to delete files.
6
10
## Requirements
7
11
- PHP4/PHP5/PHP7/PHP8
8
12
- VirusTotal APIKey (Optional)
@@ -29,27 +33,27 @@ please provide the source files if you want to make pr to add your own hash data
29
33
## Breakdown
30
34
Here's a breakdown of the code:
31
35
32
-
1. The code starts by defining various arrays, including
33
-
-`$ext` (file extensions to scan)
34
-
-`$tokenNeedles` (suspicious tokens to look for)
35
-
-`$whitelistMD5Sums` (MD5 sums of files to skip)
36
-
- and `$blacklistMD5Sums` (MD5 sums of files to remove).
37
-
2. The code then defines several functions, including
38
-
-`recursiveScan` (recursively scans a directory for files)
39
-
-`sortByLastModified` (sorts an array of files by their last modified time)
40
-
-`getSortedByTime` (recursively lists files by descending modified time)
41
-
-`getSortedByExtension` (recursively lists files by array of extensions)
42
-
-`getFileTokens` (extracts lowercase tokens from a file)
43
-
-`inStringArray` (checks if a needle exists in an array of strings)
44
-
-`compareTokens` (compares tokens and returns matched tokens)
45
-
-`urlFileArray` (fetches an array of strings from a URL), and a HTML template for the web application.
46
-
3. The code then initializes the `$ext`array with various PHP file extensions.
47
-
4. The code defines the `$tokenNeedles` array with suspicious tokens or patterns to look for within the files.
48
-
5. The code fetches the MD5 sums of files to skip and files to remove from URLs using the `urlFileArray` function.
49
-
6. The code then defines the HTML template for the web application, including a form for users to input the directory to scan.
50
-
7. Inside the form, the code checks if the user has submitted the form. If so, it retrieves the directory path from the form input, calls the `getSortedByExtension` function to get the sorted files, and then iterates over the files to check for suspicious tokens or patterns.
51
-
8. If a suspicious token or pattern is found, the code displays a message indicating the file path and the suspicious tokens.
52
-
9. The code also includes a button to copy the results to the clipboard.
53
-
54
-
55
-
Overall, the selected code is a PHP web application that scans a directory for suspicious PHP files and checks for suspicious tokens or patterns within the files. The application uses various PHP functions and techniques to achieve this, including recursive directory scanning, file token extraction, and token comparison.
36
+
1.Helper Functions:
37
+
*`recursiveScan`: Recursively scans a directory and returns an array of readable and non-readable files.
38
+
*`sortByLastModified`: Sorts an array of files by their last modified time.
39
+
*`getSortedByTime`: Combines recursive scanning and sorting by modified time.
40
+
*`getSortedByExtension`: Filters files by specified extensions and sorts them.
41
+
*`getFileTokens`: Tokenizes the content of a file and returns an array of tokens.
42
+
*`inStringArray`: Searches for a string in an array (case-insensitive).
43
+
*`compareTokens`: Compares two arrays of tokens and returns matches.
44
+
*`urlFileArray`: Fetches content from a URL and returns it as an array.
45
+
*`vTotalCheckHash`: Checks a file hash against the VirusTotal API.
46
+
47
+
2.Configuration Arrays:
48
+
*`$APIKey`: An array to store VirusTotal API keys.
49
+
*`$ext`: An array of file extensions to scan.
50
+
*`$tokenNeedles`: An array of potentially suspicious PHP functions and keywords to look for.
51
+
52
+
3.Scanning Logic:
53
+
* When the form is submitted, it scans the specified directory.
54
+
* It checks each file against the whitelist, blacklist, and VirusTotal API.
55
+
* It also performs token analysis to look for suspicious functions.
56
+
* The results are displayed in an HTML table, with different colors indicating various levels of suspicion.
57
+
58
+
4.File Operations:
59
+
* The script can delete files that match the blacklist or are identified as malicious by VirusTotal.
0 commit comments