<?php
@set_time_limit( 0 );
$settings = array
(
'BASE_DIR' => '.',
'USE_DEFINITIONS' => true,
'SIZE_LIMIT' => ( 1024 * 1024 ) );
$shell_definitions = array
(
array( 'id' => 'c99', 'def1' => 'Yzk5c2g=', 'def2' => 'T0RoVDJDOU43YkJmYm5uRE50bXYwVURsdjVZRDltdmFHWEk4WFl4bg==' ),
array( 'id' => 'r57', 'def1' => 'cjU3c2g=', 'def2' => 'SXlFdmRYTnlMMkpwYmk5d1pYSnNEUXAxYzJVZw==' ),
array( 'id' => 'Root Shell', 'def1' => 'Um9vdFNo', 'def2' => 'PHA+PGZvbnQgZmFjZT0iV2ViZGluZ3MiIHNpemU9IjYiIGNvbG9yPSIjMDBGRjAwIj4hPC9mb250Pjxicj4=' ),
array( 'id' => 'Fatal_Shell', 'def1' => 'RmFUYUwgU2hlbGw=', 'def2' => 'RmFUYUxTaGVMTA==' ),
array( 'id' => 'KA-uShell', 'def1' => 'S0FfdVNoZWxs', 'def2' => 'QXV0aG9yOiBLQWRvdA==' ),
array( 'id' => 'GFS Shell', 'def1' => 'R0ZTIFdlYi1TaGVsbA==', 'def2' => 'STJsdVkyeDFaR1VnUEhOMFpHbHZMbWcrRFFvamFXNWpiSFZrWlNBOGMzUnlhVzVuTG1nK0RRb2phVzVqYkhWa1o=', 'def3' => 'WENJN0RRb05Dbk4xWWlCd2NtVm1hWGdnZXcwS0lHMTVJQ1J1YjNjZ1BTQnNiMk5oYkhScGI=' ),
array( 'id' => 'Defacing Tool Pro', 'def1' => 'cjN2M25nNG5zIDpQ', 'def2' => 'RFRvb2wgUHJv' ),
array( 'id' => 'Private Arabic Shell', 'def1' => 'aHR0cDovL3dXdy50cnlhZy5jT20=', 'def2' => 'dHJ5YWdAdHJ5YWcuY29t', 'def3' => '0JfQsdCe0L3Ql9Ch0JfQmg==' ),
array( 'id' => 'Bk-Code Shell', 'def1' => 'QmstQ29kZSBzaGVsbA==', 'def2' => 'QXJhYi1TZWNyZXRzLVRlYW0=' ),
array( 'id' => 'SnIpEr_SA Shell', 'def1' => 'U25JcEVyX1NB', 'def2' => 'M2FzZmgubmU=' ),
array( 'id' => 'Fileman', 'def1' => 'RmlsM21hbg==' )
);
$generic = 'shell';
$tpl = new page_template( );
function parse_dir( $dir )
{
global $shell_definitions;
global $generic;
global $settings;
global $tpl;
$dh = dir( $dir );
while( $entry = $dh -> read( ) )
{
if( $entry == '.' ||
$entry == '..' ||
@filesize( $dir . '/' . $entry ) > $settings[ 'SIZE_LIMIT' ] ||
$entry === basename( $_SERVER[ 'PHP_SELF' ] ) )
continue;
if( @is_dir( $dir . '/' . $entry ) )
$dirs[] = $dir . '/' . $entry;
if( @filesize( $dir . '/' . $entry ) > 0 )
{
$h = fopen( $dir . '/' . $entry, 'r' );
$cnt = fread( $h, @filesize( $dir . '/' . $entry ) );
fclose( $h );
if( $settings[ 'USE_DEFINITIONS' ] )
{
for( $i = 0; $i < count( $shell_definitions ); $i++ )
{
foreach( $shell_definitions[ $i ] as $key => $el )
{
if( $key == 'id' )
{
$id = $el;
continue;
}
if( strpos( strtolower( $cnt ), strtolower( base64_decode( $el ) ) ) !== FALSE )
{
$shfound .= 'Probabile shell [' . $id . ']: <b>' . $dir . '/' . $entry . '</b><br>';
$end = true;
break;
}
}
if( $end )
{
$end = false;
break;
}
}
}
else
if( strpos( strtolower( $cnt ), $generic ) !== FALSE )
$shfound .= 'Probabile shell [generica]: <b>' . $dir . '/' . $entry . '</b><br>';
}
}
$dh -> close( );
if( strlen( $shfound ) > 0 )
{
$tpl -> print_table_head( 'Directory: ' . $dir );
$tpl -> print_table_content( $shfound );
$tpl -> print_table_foot( );
}
if( count( $dirs ) <= 0 ) return;
foreach( $dirs as $dir )
parse_dir( $dir );
}
$tpl -> print_header( );
parse_dir( $settings[ 'BASE_DIR' ] );
$tpl -> print_footer( );
class page_template
{
function print_table_head( $file )
{
echo '<table width="50%" class="table">';echo "\n";
echo '<tr><td class="table_header">';echo "\n";
echo $file;echo "\n";
echo '</td></tr>';echo "\n";
}
function print_table_content( $cnt )
{
echo '<tr><td>';echo "\n";
if( strlen( $cnt ) > 0 )
{
echo '<span class="shell">'.$cnt.'</span>';echo "\n";
}
else
{
echo 'Niente da segnalare';echo "\n";
}
echo '</td></tr>';echo "\n";
}
function print_table_foot( )
{
echo '</table><br />';echo "\n";
}
function print_header( )
{
echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"';echo "\n";
echo '"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">';echo "\n";
echo '<html>';echo "\n";
echo '<head>';echo "\n";
echo '<meta http-equiv="content-type" content="text/html; charset=UTF-8"/>';echo "\n";
echo '<style type="text/css">';echo "\n";
echo '<!--';echo "\n";
echo 'html {min-height: 100%;}';echo "\n";
echo '* {';echo "\n";
echo ' margin: 0;';echo "\n";
echo ' padding: 0;';echo "\n";
echo '}';echo "\n";
echo 'a {color: #CC3; cursor: pointer; cursor: hand;}';echo "\n";
echo 'a:hover {color: #FF3; cursor: pointer; cursor: hand;}';echo "\n";
echo 'body {';echo "\n";
echo 'background: #000;';echo "\n";
echo 'color: #DDD;';echo "\n";
echo 'font: normal 11px "Trebuchet MS",Verdana,sans-serif;';echo "\n";
echo 'padding-left: 90px;';echo "\n";
echo '}';echo "\n";
echo '.table {';echo "\n";
echo 'border: 1px solid #DDD;';echo "\n";
echo '}';echo "\n";
echo '.table_header {';echo "\n";
echo 'border: #fff; border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom-style: solid; border-bottom-width: 1px';echo "\n";
echo 'color: #000;';echo "\n";
echo '}';echo "\n";
echo '.shell {';echo "\n";
echo 'font-family: Verdana,sans-serif;';echo "\n";
echo 'font-weight: bold;';echo "\n";
echo 'color: #8DCA3F;';echo "\n";
echo '}';echo "\n";
echo '-->';echo "\n";
echo '</style>';echo "\n";
echo '<title>Shell Scanner 0.2alpha</title>';echo "\n";
echo '</head>';echo "\n";
echo '<body><br /><center>';echo "\n";
}
function print_footer( )
{
echo '</center></body>';echo "\n";
echo '</html>';
}
}
?>
