API tools faq
paste
ToKeiChun

Possible Vulnerability Files Scanner [PHP WebBased]

ToKeiChun
Jan 19th, 2021 (edited)
917
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 8.32 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. /*
  3.     Copyright Muhammad Gholy X Nikko Enggaliano
  4.     Tools for Scanning Files Contains Potential Vulnerability
  5. */
  6. $config = array();
  7. $config['dir'] = array('/uploadify/i', '/uploader/i', '/filemanager/i', '/fileman/i', '/.*\_config/i');
  8. $config['type'] = array('/\.php[45]?$/i', '/\.aspx?$/i', '/\.cgi$/i');
  9. $config['file'] = array('/eval-stdin.php/i', '/(upload|uploader|uploadify|up|uploadfive|filemanager|upload_settings_image|fileuploader|fileUp|uploadimage|uploadproduct|file_upload|filemanager)\.php/i');
  10. $config['contains'] = array('/eval *\(/i', '/include *\(\$_GET/i', '/isset *\(\$_GET/i', '/file_get_contents\(\'php:\/\/input/i', '/tmp_name/i', '/unset\(\$request\[\'method\'\]\)\;/i', '/file_put_contents\(/i');
  11. $config['max_reading_length'] = (1000 * 100); // 100MB
  12.  
  13. // Configuratoin
  14. $stack = array();
  15. if (!function_exists('_sfubgg3')) {
  16.     function _sfubgg3($a) {
  17.         return (function_exists($a) ? !in_array($a, explode(',', ini_get('disable_functions'))) : false);
  18.  
  19.     }
  20. }
  21. if (!function_exists('_tj3r')) {
  22.     function _tj3r($a) {
  23.         return (_sfubgg3("is_readable") ? (is_readable($a) ? true : false) : false);
  24.  
  25.     }
  26. }
  27. if (!function_exists('_sgio3')) {
  28.     function _sgio3($a) {
  29.         return (_sfubgg3('escapeshellarg') ? escapeshellarg($a) : "'".str_replace("'", "\'", $a)."'");
  30.  
  31.     }
  32. }
  33. if (!function_exists('_3b0u92t')) {
  34.     function _3b0u92t($a) {
  35.         global $config, $stack;
  36.         if (_tj3r($a)) {
  37.             if (_sfubgg3("file_get_contents")) {
  38.                 $b = file_get_contents($a);
  39.  
  40.             } elseif (_sfubgg3("fopen")) {
  41.                 $b = "";
  42.                 $c = fopen($a, "r");
  43.                 if ($c) {
  44.                     while (($d = fgets($c)) !== false) {
  45.                         $b .= $d;
  46.  
  47.                     }
  48.                     fclose($c);
  49.                 } else {
  50.                     return false;
  51.  
  52.                 }
  53.  
  54.             } else {
  55.                 return false;
  56.  
  57.             }
  58.  
  59.         } elseif ((_sfubgg3("exec") || _sfubgg3("shell_exec") || _sfubgg3("system") || _sfubgg3("passthru")) && $stack['sgf3'] == "linux") {
  60.             $d = "";
  61.             $c = (_sfubgg3("exec") ? exec("cat " . _sgio3($a), $d) : (_sfubgg3("system")) ? system("cat " . _sgio3($a)) : (_sfubgg3("passthru")) ? passthru("cat " . _sgio3($a)) : shell_exec("cat " . _sgio3($a)));
  62.             $b = (_sfubgg3("exec") ? implode("\n", $d) : $c);
  63.             if (empty($b)) {
  64.                 $c = (_sfubgg3("exec") ? exec("tail " . _sgio3($a), $d) : (_sfubgg3("system")) ? system("tail " . _sgio3($a)) : (_sfubgg3("passthru")) ? passthru("cat " . _sgio3($a)) : shell_exec("tail " . _sgio3($a)));
  65.                 $b = (_sfubgg3("exec") ? implode("\n", $d) : $c);
  66.  
  67.             }
  68.             return $b;
  69.        
  70.         } elseif ((_sfubgg3("exec") || _sfubgg3("shell_exec") || _sfubgg3("system") || _sfubgg3("passthru")) && $stack['sgf3'] == "windows") {
  71.             $d = "";
  72.             $c = (_sfubgg3("exec") ? exec("more " . _sgio3($a), $d) : (_sfubgg3("system")) ? system("more " . _sgio3($a)) : (_sfubgg3("passthru")) ? passthru("more " . _sgio3($a)) : shell_exec("more " . _sgio3($a)));
  73.             $b = (_sfubgg3("exec") ? implode("\n", $d) : $c);
  74.             return $b;
  75.  
  76.         } else {
  77.             return false;
  78.  
  79.         }
  80.         return $b;
  81.     }
  82. }
  83. if (!function_exists('_ihpyt490')) {
  84.     function _ihpyt490($a) {
  85.         global $config, $stack;
  86.         if (!function_exists('_obgu328')) {
  87.             function _obgu328($a = "", $b = false){
  88.                 global $stack, $config;
  89.                 if (empty($a)) return false;
  90.                 echo "[X] " .preg_replace_callback('/\%(.*?)\%/', function($a) use ($stack, $config, $b) {
  91.                     if ($b == false) return "";
  92.                     return (isset($a[1]) ? (isset($stack[$a[1]]) ? (is_array($stack[$a[1]]) ? "(".count($stack[$a[1]]).")[ " . implode(", ", $stack[$a[1]]) . " ]" : $stack[$a[1]]) : ""): "");
  93.                 }, $a) . ($stack['_3ty3'] == "cli" ? PHP_EOL : "<br/>");
  94.                 return true;
  95.             }
  96.  
  97.         }
  98.         if (!function_exists('_sjt30t')) {
  99.             function _sjt30t($a = array(), $b = "") {
  100.                 global $stack, $config;
  101.                 if (empty($a) || empty($b)) return false;
  102.                 unset($stack['_sht3']);
  103.                 foreach($a as $c) {
  104.                     $d = array();
  105.                     preg_match_all($c, $b, $d);
  106.                     foreach($d as $e) {
  107.                         if (isset($e[0])) $stack['_sht3'][] = "\"{$e[0]}\"";
  108.                        
  109.                     }
  110.                 }
  111.                 return (!empty($stack['_sht3']));
  112.             }
  113.         }
  114.         foreach(glob($a, GLOB_MARK|GLOB_BRACE) as $b) {
  115.             // echo $b . PHP_EOL;
  116.             if (is_dir($b)) {
  117.                 (_sjt30t($config['dir'], $b) ? _obgu328("Suspicious DIR ".substr($b, 0, -1)." > %_sht3%", true) : _obgu328());
  118.                 _ihpyt490($b . "*");
  119.  
  120.             } elseif (is_file($b) && _sjt30t($config['type'], basename($b)) && basename($b) != basename(__FILE__)) {
  121.                 (_sjt30t($config['file'], basename($b)) ? _obgu328("Suspicious FILE ".($stack['_3ty3'] == "cli" ? $b : "<a href=\"?_view=".realpath($b)."\">".htmlentities($b, ENT_QUOTES)."</a>")." %_sht3%") : _obgu328());
  122.                 $c = _3b0u92t(realpath($b));
  123.                 if (empty($c) || $c === false) {
  124.                     continue;
  125.  
  126.                 }
  127.  
  128.                 // Line Breaking max 100mb
  129.                 if (strlen($c) < $config['max_reading_length']) {
  130.                     $d = explode("\n", $c);
  131.                     foreach($d as $e => $f) {
  132.                         (_sjt30t($config['contains'], $f) ? _obgu328("Contain(s) Malicious String ".($stack['_3ty3'] == "cli" ? $b : "<a href=\"?_view=".realpath($b)."\">".htmlentities($b, ENT_QUOTES)."</a>")." > Line " .  ($e+1) . " > %_sht3%", true) : "");
  133.    
  134.                     }
  135.  
  136.                 } else {
  137.                     (_sjt30t($config['contains'], $c) ? _obgu328("Contain(s) Malicious String ".($stack['_3ty3'] == "cli" ? $b : "<a href=\"?_view=".realpath($b)."\">".htmlentities($b, ENT_QUOTES)."</a>")." > %_sht3%", true) : "");
  138.  
  139.                 }
  140.             }
  141.         }
  142.  
  143.         return true;
  144.     };
  145. }
  146. if (defined('PHP_OS')) {
  147.     (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN' ? $stack['sgf3'] = "windows" : $stack['sgf3'] = "linux");
  148.  
  149. } else {
  150.     $stack['sgf3'] = "linux";
  151.  
  152. }
  153. if (!defined('PHP_EOL')) {
  154.     define('PHP_EOL', "\r\n");
  155.  
  156. }
  157. if (_sfubgg3('php_sapi_name')) {
  158.     (php_sapi_name() == "cli" ? $stack['_3ty3'] = "cli" : $stack['_3ty3'] = "browser");
  159.  
  160. } else {
  161.     $stack['_3ty3'] = "cli";
  162.    
  163. }
  164. if ($stack['_3ty3'] == "cli") {
  165.     echo "Shell Finder v1.0 | Muhammad Gholy X Nikko Enggaliano" . PHP_EOL . str_repeat("-", 50) . PHP_EOL . PHP_EOL;
  166.     _ihpyt490("{,.}[!.,!..]*");
  167.  
  168. } else {
  169.     echo "<html><head><title>Shell Finder</title><style>@import url(https://fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,600italic,700italic,400,300,600,700);pre {background: #303030;color: #f1f1f1;padding: 10px 16px; border-radius: 2px;border-top: 4px solid #00aeef;-moz-box-shadow: inset 0 0 10px #000;box-shadow: inset 0 0 10px #000;counter-reset: line; white-space: pre-wrap;       /* css-3 */ white-space: -moz-pre-wrap;  /* Mozilla, since 1999 */ white-space: -pre-wrap;      /* Opera 4-6 */white-space: -o-pre-wrap;    /* Opera 7 */ word-wrap: break-word;       /* Internet Explorer 5.5+ */}body { background-color:#F7F7F7; font-family: 'Open Sans', sans-serif; } </style></head><body><center><h1>Shell Finder v1.0</h1><form type=get><input type=text name=_ placeholder='Path' value='".@htmlentities($_GET['_'], ENT_QUOTES)."'/>&nbsp;<input type=submit name=submit/></form></center><hr/><br/>";
  170.     if (isset($_GET['_view'])) {
  171.         echo "Opening File " . htmlentities(urldecode($_GET['_view']), ENT_QUOTES) . ":<br/><br/><div style=\"padding-left: 30px;padding-right: 30px;\"><pre>";
  172.         echo htmlentities(_3b0u92t(urldecode($_GET['_view'])), ENT_QUOTES) . "</pre></div>";
  173.  
  174.     } else {
  175.         if (@!empty($_GET['_'])) {
  176.             _ihpyt490($_GET['_']);
  177.    
  178.         } else {
  179.             _ihpyt490("{,.}[!.,!..]*");
  180.    
  181.         }
  182.        
  183.     }
  184.     echo "<br/><hr/><center>Copyright Muhammad Gholy X Nikko Enggaliano</center></body></head>";
  185. }
  186. ?>
  187.  
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!