, November 2022
Copyright (C) 2022 Cvar1984
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see .
*/
$minute = 15;
$limit = (60 * $minute); // 60 (seconds) = 1 Minutes
ini_set('memory_limit', '-1');
ini_set('max_execution_time', $limit);
set_time_limit($limit);
/**
* Recursive listing files
*
* @param string $directory
* @param array $entries_array optional
* @return array of files
*/
function recursiveScan($directory, &$entries_array = array())
{
// link can cause endless loop
$handle = @opendir($directory);
if ($handle) {
while (($entry = readdir($handle)) !== false) {
if ($entry == '.' || $entry == '..') {
continue;
}
$entry = $directory . DIRECTORY_SEPARATOR . $entry;
if (is_dir($entry) && is_readable($directory) && !is_link($directory)) {
$entries_array = recursiveScan($entry, $entries_array);
} elseif (is_file($entry) && is_readable($entry)) {
$entries_array['file_writable'][] = $entry;
} else {
$entries_array['file_not_writable'][] = $entry;
}
}
closedir($handle);
}
return $entries_array;
}
/**
*
* Sort array of list file by lastest modified time
*
* @param array $files Array of files
*
* @return array
*
*/
function sortByLastModified($files)
{
@array_multisort(array_map('filemtime', $files), SORT_DESC, $files);
return $files;
}
/**
*
* Recurisively list a file by descending modified time
*
* @param string $path
*
* @return array
*
*/
function getSortedByTime($path)
{
$result = recursiveScan($path);
$fileWritable = $result['file_writable'];
$fileNotWritable = isset($result['file_not_writable']) ? !$result['file_not_writable'] : false;
$fileWritable = sortByLastModified($fileWritable);
return array(
'file_writable' => $fileWritable,
'file_not_writable' => $fileNotWritable
);
}
/**
* Recurisively list a file by array of extension
*
* @param string $path
* @param array $ext
* @return array of files
*/
function getSortedByExtension($path, $ext)
{
$result = getSortedByTime($path);
$fileWritable = $result['file_writable'];
isset($result['file_not_writable']) ? $result['file_not_writable'] : false;
foreach ($fileWritable as $entry) {
$pathinfo = pathinfo($entry, PATHINFO_EXTENSION);
$pathinfo = strtolower($pathinfo);
if (in_array($pathinfo, $ext)) {
$sortedWritableFile[] = $entry;
}
}
if (isset($fileNotWritable)) {
foreach ($fileNotWritable as $entry) {
$pathinfo = pathinfo($entry, PATHINFO_EXTENSION);
$pathinfo = strtolower($pathinfo);
if (in_array($pathinfo, $ext)) {
$sortedNotWritableFile[] = $entry;
}
}
} else {
$sortedNotWritableFile = false;
}
return array(
'file_writable' => $sortedWritableFile,
'file_not_writable' => $sortedNotWritableFile
);
}
/**
* Get lowercase Array of tokens in a file
*
* @param string $filename
* @return array
*/
function getFileTokens($filename)
{
/*
token_get_all() This function not support :
- Old notation : "" and "<% %>"
- heredoc syntax
- nowdoc syntax (since PHP 5.3.0)
*/
$fileContent = file_get_contents($filename);
$fileContent = preg_replace('/<\?([^p=\w])/m', ' 0) {
for ($i = 0; $i < $tokenCount; $i++) {
if (isset($token[$i][1])) {
$output[] .= strtolower($token[$i][1]);
}
}
}
$output = array_values(
array_unique(array_filter(array_map("trim", $output)))
);
return $output;
}
/**
* Compare tokens and return array of matched tokens
*
* @param array $tokenNeedles
* @param array $tokenHaystack
* @return array
*/
function compareTokens($tokenNeedles, $tokenHaystack)
{
$output = array();
foreach ($tokenNeedles as $tokenNeedle) {
if (in_array($tokenNeedle, $tokenHaystack)) {
$output[] = $tokenNeedle;
}
}
return $output;
}
$ext = array(
'php',
'phps',
'pht',
'phpt',
'phtml',
'phar',
'php3',
'php4',
'php5',
'php7',
'suspected'
);
$tokenNeedles = array(
// Obfuscation
'base64_decode',
'rawurldecode',
'urldecode',
'gzinflate',
'gzuncompress',
'str_rot13',
'convert_uu',
'htmlspecialchars_decode',
'bin2hex',
'hex2bin',
'hexdec',
'chr',
'strrev',
'goto',
'implode',
'strtr',
'extract',
'parse_str', //works like extract if only one argument is given.
'substr',
'mb_substr',
'str_replace',
'substr_replace',
'preg_replace', // able to do eval on match
'exif_read_data',
'readgzfile',
// Shell / Process
'eval',
'exec',
'shell_exec',
'system',
'passthru',
'pcntl_fork',
'fsockopen',
'proc_open',
'popen ',
'assert', // identical to eval
'posix_kill',
'posix_setpgid',
'posix_setsid',
'posix_setuid',
'proc_nice',
'proc_close',
'proc_terminate',
'apache_child_terminate',
// Server Information
'posix_getuid',
'posix_geteuid',
'posix_getegid',
'posix_getpwuid',
'posix_getgrgid',
'posix_mkfifo',
'posix_getlogin',
'posix_ttyname',
'getenv',
'proc_get_status',
'get_cfg_var',
'disk_free_space',
'disk_total_space',
'diskfreespace',
'getlastmo',
'getmyinode',
'getmypid',
'getmyuid',
'getmygid',
'fileowner',
'filegroup',
'get_current_user',
'pathinfo',
'getcwd',
'sys_get_temp_dir',
'basename',
'phpinfo',
// Database
'mysql_connect',
'mysqli_connect',
'mysqli_query',
'mysql_query',
// I/O
'fopen',
'fsockopen',
'file_put_contents',
'file_get_contents',
'url_get_contents',
'stream_get_meta_data',
'move_uploaded_file',
'$_files',
'copy',
'include',
'include_once',
'require',
'require_once',
'__file__',
// Miscellaneous
'mail',
'putenv',
'curl_init',
'tmpfile',
'allow_url_fopen',
'ini_set',
'set_time_limit',
'session_start',
'symlink',
'__halt_compiler',
'__compiler_halt_offset__',
'error_reporting',
'create_function',
'get_magic_quotes_gpc',
'$auth_pass',
'$password',
);
?>
Pussy Finder