一个PHP webshell检查shell脚本

看到有人写的，编译成二进制后，使用还要注册，晕死

刚好找到这个脚本

 1. #!/bin/sh
 2. #************************************************************
 3. #Webshell Check Shell for php
 4. #By:Neeao
 5. #2008/7/17 v1.0 beta
 6. #************************************************************
 7. HOSTIP=`ifconfig eth0 |grep 'inet addr'|awk '{print $2;}'|cut -d: -f2`
 8. #STR=`expr index $HOSTIP "192.168"`
 9. #if [ ${STR} -eq 1 ]
10. #        then
11. #                HOSTIP=`ifconfig eth1 |grep 'inet addr'|awk '{print $2;}'|cut -d: -f2`
12. #fi
13. echo $HOSTIP
14. LogFile=/tmp/$HOSTIP.log
15. rm -rf $LogFile
16. date +%Y-%m-%d/%H:%M >> $LogFile
17. echo -e "\n" >> $LogFile
18. echo " ---------------------------------------------------------------------------------------------------" >> $LogFile
19. echo "|Executive Order function:exec(\|system(\|passthru(\|shell_exec(\|popen(\|proc_open(\|pcntl_exec(  |" >> $LogFile
20. echo " ---------------------------------------------------------------------------------------------------" >> $LogFile
21. echo -e "\n" >> $LogFile
22. grep -in 'exec(\|system(\|passthru(\|shell_exec(\|popen(\|proc_open(\|pcntl_exec(' -R * | grep -iv '_exec' >> $LogFile
23. echo -e "\n" >> $LogFile
24. echo " -------------------------------------------------------------------------------------------" >> $LogFile
25. echo "|Deformation of the back door coding:eval(\|base64_decode(\|gzinflate(\|gzuncompress(\|chr( |" >> $LogFile
26. echo " --------------------------------------------------------------------------------------------" >> $LogFile
27. echo -e "\n" >> $LogFile
28. grep -in "eval(\|base64_decode(\|gzinflate(\|gzuncompress(\|chr(" -R * >> $LogFile
29. echo -e "\n" >> $LogFile
30. echo " -----------------------------------------------------------------------------------------------------------------" >> $LogFile
31. echo "|File operations function:dl(\|fopen(\|readfile(\|file(\|file_get_contents(\|opendir(\|chdir(\|fwrite(\|unlink(\|glob(|" >> $LogFile
32. echo " -----------------------------------------------------------------------------------------------------------------" >> $LogFile
33. echo -e "\n" >> $LogFile
34. grep -in "dl(\|fopen(\|readfile(\|file(\|file_get_contents(\|opendir(\|chdir(\|fwrite(\|unlink(\|glob(" -R * >> $LogFile
35. echo -e "\n" >> $LogFile
36. echo "----------------------------------" >> $LogFile
37. echo "|Files inculde bug:include|require|" >> $LogFile
38. echo "----------------------------------" >> $LogFile
39. echo -e "\n" >> $LogFile
40. grep -in "include.*\$.\|require.*\$." -R * >> $LogFile
41. echo -e "\n" >> $LogFile
42. echo "---------------------------------------------------------" >> $LogFile
43. echo "|Risk code Keyword:SQLyog\|phpAdsNew\|huansuan\|fckeditor|" >> $LogFile
44. echo "--------------------------------------------------------" >> $LogFile
45. echo -e "\n" >> $LogFile
46. grep -in "SQLyog\|phpAdsNew\|huansuan\|fckeditor" -R * >> $LogFile
47. cd /tmp
48. tar -zcvf $HOSTIP.tar.gz $HOSTIP.log