1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107
| #!/usr/bin/node var fs = require('fs'), path = require('path'), util = require('util');
var Scanner = (function() {
"use strict";
var codec = { "php": ['eval(','assert(','disk_total_space','wscript.shell','gethostbyname(','cmd.exe','shell.application','touch(','documents and settings','system32','serv-u','提权','phpspy','后门'], "asp": ['eval(','execute(','wscript.shell','cmd.exe','touch(','documents and settings','system32','serv-u','提权','aspspy','后门'], "jsp": ['getHostAddress(','wscript.shell','gethostbyname(','cmd.exe','documents and settings','system32','serv-u','提权','jspspy','后门'], "aspx": ['eval(','UseShellExecute','wscript.shell','cmd.exe','documents and settings','system32','serv-u','提权','aspxspy','后门'] }, extension = ['asp', 'php', 'aspx', 'jsp', 'cer', 'asa', 'cdx', 'ashx', 'ascx'], s = {};
s.argument = function() { return process.argv.slice(2); };
s.main = function() { var argument = this.argument();
if (argument.length < = 0) { console.log("Please enter the scan path"); }else if (!fs.existsSync(argument[0])) { console.log("Path not exists"); }else{ s.fn.walk(argument[0], function(error, results) { if (error) { throw error; }
results.forEach(function(result) { for(var language in codec) { codec[language].forEach(function(pattern) { var data = fs.readFileSync(result);
if (data.toString().indexOf(pattern) != -1) { console.log(util.format( "%s %s %s", s.fn.green(pattern), s.fn.normalize("in"), s.fn.purple(result) )); } }); } }); }); } };
s.fn = { walk: function(directory, done) { var results = []; fs.readdir(directory, function(error, list) { if (error) { return done(error); }
var i = 0; (function next() { var file = list[i++];
if (!file) { return done(null, results); }
file = directory + '/' + file;
fs.stat(file, function(error, stat) { if (stat && stat.isDirectory()) { s.fn.walk(file, function(error, res) { results = results.concat(res); next(); }); } else { if (extension.indexOf(path.extname(file).slice(1)) != -1) { results.push(file); } next(); } }); })(); }); },
green: function(text) { return "\x1b[32m" + text; },
purple: function(text) { return "\x1b[35m" + text; },
normalize: function(text) { return "\x1b[39m" + text; } };
return s; })();
Scanner.main();
|