掃瞄程式碼中的可疑字串

Zeuxis  2013-01-17  Notes

在 Google Reader 上看見一個用 Python 寫的這類程式.
不過代碼和方式不是自己想要的.想將所有類型也作檢查比較好
也順便練手.所以用 Node.js 重寫了一下.也簡化了使用方式
只要提供掃瞄的目錄位置就可以了.
記錄一下 (順道也放了一份到 Github 備份)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
#!/usr/bin/node
var fs = require('fs'),
	path = require('path'),
	util = require('util');

var Scanner = (function() {

	"use strict";

	var codec = {
			"php":  ['eval(','assert(','disk_total_space','wscript.shell','gethostbyname(','cmd.exe','shell.application','touch(','documents and settings','system32','serv-u','提权','phpspy','后门'],
			"asp":  ['eval(','execute(','wscript.shell','cmd.exe','touch(','documents and settings','system32','serv-u','提权','aspspy','后门'],
			"jsp":  ['getHostAddress(','wscript.shell','gethostbyname(','cmd.exe','documents and settings','system32','serv-u','提权','jspspy','后门'],
			"aspx": ['eval(','UseShellExecute','wscript.shell','cmd.exe','documents and settings','system32','serv-u','提权','aspxspy','后门']
		},
		extension = ['asp', 'php', 'aspx', 'jsp', 'cer', 'asa', 'cdx', 'ashx', 'ascx'],
		s = {};

	s.argument = function() {
		return process.argv.slice(2);
	};

	s.main = function() {
		var argument = this.argument();

		if (argument.length < = 0) {
			console.log("Please enter the scan path");
		}else if (!fs.existsSync(argument[0])) {
			console.log("Path not exists");
		}else{
			s.fn.walk(argument[0], function(error, results) {
				if (error) {
					throw error;
				}

				results.forEach(function(result) {
					for(var language in codec) {
						codec[language].forEach(function(pattern) {
							var data = fs.readFileSync(result);

							if (data.toString().indexOf(pattern) != -1) {
								console.log(util.format(
									"%s %s %s",
									s.fn.green(pattern),
									s.fn.normalize("in"),
									s.fn.purple(result)
								));
							}
						});
					}
				});
			});
		}
	};

	s.fn = {
		walk: function(directory, done) {
			var results = [];
			fs.readdir(directory, function(error, list) {
				if (error) {
					return done(error);
				}

				var i = 0;
				(function next() {
					var file = list[i++];

					if (!file) {
						return done(null, results);
					}

					file = directory + '/' + file;

					fs.stat(file, function(error, stat) {
						if (stat && stat.isDirectory()) {
							s.fn.walk(file, function(error, res) {
								results = results.concat(res);
								next();
							});
						} else {
							if (extension.indexOf(path.extname(file).slice(1)) != -1) {
								results.push(file);
							}
							next();
						}
					});
				})();
			});
		},

		green: function(text) {
			return "\x1b[32m" + text;
		},

		purple: function(text) {
			return "\x1b[35m" + text;
		},

		normalize: function(text) {
			return "\x1b[39m" + text;
		}
	};

	return s;
})();

Scanner.main();

參考: http://www.cnseay.com/archives/2063

© Copyright 2007 - 2023 by Zeuxis Lo.