string(7723) "{"docs":[{"id":"158579","text":"\u3010Python\u3011Tkinter\u56fe\u5f62\u754c\u9762\u8bbe\u8ba1\uff08GUI\uff09","intro":"\u76ee\u5f55\n\nECharts\n\u5f02\u6b65\u52a0\u8f7d\n\n\n\nECharts\r\n\u6570\u636e\u53ef\u89c6\u5316\u5728\u8fc7\u53bb\u51e0\u5e74\u4e2d\u53d6\u5f97\u4e86\u5de8\u5927\u8fdb\u5c55\u3002\u5f00\u53d1\u4eba\u5458\u5bf9\u53ef\u89c6\u5316\u4ea7\u54c1\u7684\u671f\u671b\u4e0d\u518d\u662f\u7b80\u5355\u7684\u56fe\u8868\u521b\u5efa\u5de5\u5177\uff0c\u800c\u662f\u5728\u4ea4\u4e92\u3001\u6027\u80fd\u3001\u6570\u636e\u5904\u7406\u7b49\u65b9\u9762\u6709\u66f4\u9ad8\u7684\u8981\u6c42\u3002\r\nchart.setOption({\r\n color: [\r\n ","username":"HGNET","tagsname":"","tagsid":"","catesname":"","catesid":"","createtime":"1641183196","_id":"158579"},{"id":"158620","text":"python\u4e4bgui-tkinter\u53ef\u89c6\u5316\u7f16\u8f91\u754c\u9762 \u81ea\u52a8\u751f\u6210\u4ee3\u7801","intro":"\u76ee\u5f55\n\nECharts\n\u5f02\u6b65\u52a0\u8f7d\n\n\n\nECharts\r\n\u6570\u636e\u53ef\u89c6\u5316\u5728\u8fc7\u53bb\u51e0\u5e74\u4e2d\u53d6\u5f97\u4e86\u5de8\u5927\u8fdb\u5c55\u3002\u5f00\u53d1\u4eba\u5458\u5bf9\u53ef\u89c6\u5316\u4ea7\u54c1\u7684\u671f\u671b\u4e0d\u518d\u662f\u7b80\u5355\u7684\u56fe\u8868\u521b\u5efa\u5de5\u5177\uff0c\u800c\u662f\u5728\u4ea4\u4e92\u3001\u6027\u80fd\u3001\u6570\u636e\u5904\u7406\u7b49\u65b9\u9762\u6709\u66f4\u9ad8\u7684\u8981\u6c42\u3002\r\nchart.setOption({\r\n color: [\r\n ","username":"darkspr","tagsname":"","tagsid":"","catesname":"","catesid":"","createtime":"1641183190","_id":"158620"},{"id":"158603","text":"python3.6 +tkinter GUI\u7f16\u7a0b \u5b9e\u73b0\u754c\u9762\u5316\u7684\u6587\u672c\u5904\u7406\u5de5\u5177","intro":"\u76ee\u5f55\n\nECharts\n\u5f02\u6b65\u52a0\u8f7d\n\n\n\nECharts\r\n\u6570\u636e\u53ef\u89c6\u5316\u5728\u8fc7\u53bb\u51e0\u5e74\u4e2d\u53d6\u5f97\u4e86\u5de8\u5927\u8fdb\u5c55\u3002\u5f00\u53d1\u4eba\u5458\u5bf9\u53ef\u89c6\u5316\u4ea7\u54c1\u7684\u671f\u671b\u4e0d\u518d\u662f\u7b80\u5355\u7684\u56fe\u8868\u521b\u5efa\u5de5\u5177\uff0c\u800c\u662f\u5728\u4ea4\u4e92\u3001\u6027\u80fd\u3001\u6570\u636e\u5904\u7406\u7b49\u65b9\u9762\u6709\u66f4\u9ad8\u7684\u8981\u6c42\u3002\r\nchart.setOption({\r\n color: [\r\n ","username":"chenyuebai","tagsname":"","tagsid":"","catesname":"","catesid":"","createtime":"1641183187","_id":"158603"},{"id":"27850","text":"Python GUI\u4e4btkinter\u7a97\u53e3\u89c6\u7a97\u6559\u7a0b\u5927\u96c6\u5408\uff08\u770b\u8fd9\u7bc7\u5c31\u591f\u4e86\uff09 - \u6d2a\u536b","intro":"\u76ee\u5f55\n\nECharts\n\u5f02\u6b65\u52a0\u8f7d\n\n\n\nECharts\r\n\u6570\u636e\u53ef\u89c6\u5316\u5728\u8fc7\u53bb\u51e0\u5e74\u4e2d\u53d6\u5f97\u4e86\u5de8\u5927\u8fdb\u5c55\u3002\u5f00\u53d1\u4eba\u5458\u5bf9\u53ef\u89c6\u5316\u4ea7\u54c1\u7684\u671f\u671b\u4e0d\u518d\u662f\u7b80\u5355\u7684\u56fe\u8868\u521b\u5efa\u5de5\u5177\uff0c\u800c\u662f\u5728\u4ea4\u4e92\u3001\u6027\u80fd\u3001\u6570\u636e\u5904\u7406\u7b49\u65b9\u9762\u6709\u66f4\u9ad8\u7684\u8981\u6c42\u3002\r\nchart.setOption({\r\n color: [\r\n ","username":"shwee","tagsname":"","tagsid":"","catesname":"","catesid":"","createtime":"1641183186","_id":"27850"},{"id":"158605","text":"Python GUI\u7f16\u7a0b(Tkinter) windows\u754c\u9762\u5f00\u53d1","intro":"\u76ee\u5f55\n\nECharts\n\u5f02\u6b65\u52a0\u8f7d\n\n\n\nECharts\r\n\u6570\u636e\u53ef\u89c6\u5316\u5728\u8fc7\u53bb\u51e0\u5e74\u4e2d\u53d6\u5f97\u4e86\u5de8\u5927\u8fdb\u5c55\u3002\u5f00\u53d1\u4eba\u5458\u5bf9\u53ef\u89c6\u5316\u4ea7\u54c1\u7684\u671f\u671b\u4e0d\u518d\u662f\u7b80\u5355\u7684\u56fe\u8868\u521b\u5efa\u5de5\u5177\uff0c\u800c\u662f\u5728\u4ea4\u4e92\u3001\u6027\u80fd\u3001\u6570\u636e\u5904\u7406\u7b49\u65b9\u9762\u6709\u66f4\u9ad8\u7684\u8981\u6c42\u3002\r\nchart.setOption({\r\n color: [\r\n ","username":"itfat","tagsname":"","tagsid":"","catesname":"","catesid":"","createtime":"1641183184","_id":"158605"},{"id":"28228","text":"tkinter python\uff08\u56fe\u5f62\u5f00\u53d1\u754c\u9762\uff09","intro":"\u76ee\u5f55\n\nECharts\n\u5f02\u6b65\u52a0\u8f7d\n\n\n\nECharts\r\n\u6570\u636e\u53ef\u89c6\u5316\u5728\u8fc7\u53bb\u51e0\u5e74\u4e2d\u53d6\u5f97\u4e86\u5de8\u5927\u8fdb\u5c55\u3002\u5f00\u53d1\u4eba\u5458\u5bf9\u53ef\u89c6\u5316\u4ea7\u54c1\u7684\u671f\u671b\u4e0d\u518d\u662f\u7b80\u5355\u7684\u56fe\u8868\u521b\u5efa\u5de5\u5177\uff0c\u800c\u662f\u5728\u4ea4\u4e92\u3001\u6027\u80fd\u3001\u6570\u636e\u5904\u7406\u7b49\u65b9\u9762\u6709\u66f4\u9ad8\u7684\u8981\u6c42\u3002\r\nchart.setOption({\r\n color: [\r\n ","username":"yudanqu","tagsname":"","tagsid":"","catesname":"","catesid":"","createtime":"1641183159","_id":"28228"},{"id":"158613","text":"Tkinter\u56fe\u5f62\u754c\u9762\u8bbe\u8ba1\uff08GUI\uff09","intro":"\u76ee\u5f55\n\nECharts\n\u5f02\u6b65\u52a0\u8f7d\n\n\n\nECharts\r\n\u6570\u636e\u53ef\u89c6\u5316\u5728\u8fc7\u53bb\u51e0\u5e74\u4e2d\u53d6\u5f97\u4e86\u5de8\u5927\u8fdb\u5c55\u3002\u5f00\u53d1\u4eba\u5458\u5bf9\u53ef\u89c6\u5316\u4ea7\u54c1\u7684\u671f\u671b\u4e0d\u518d\u662f\u7b80\u5355\u7684\u56fe\u8868\u521b\u5efa\u5de5\u5177\uff0c\u800c\u662f\u5728\u4ea4\u4e92\u3001\u6027\u80fd\u3001\u6570\u636e\u5904\u7406\u7b49\u65b9\u9762\u6709\u66f4\u9ad8\u7684\u8981\u6c42\u3002\r\nchart.setOption({\r\n color: [\r\n ","username":"pywjh","tagsname":"","tagsid":"","catesname":"","catesid":"","createtime":"1641183158","_id":"158613"},{"id":"341361","text":"\u91cf\u5316\u5206\u6790\u83b7\u53d6\u6570\u636e\u76843\u79cd\u59ff\u52bf\uff08\u538b\u7bb1\u5e95\u7684\u795e\u5668Tushare\uff09","intro":"\u76ee\u5f55\n\nECharts\n\u5f02\u6b65\u52a0\u8f7d\n\n\n\nECharts\r\n\u6570\u636e\u53ef\u89c6\u5316\u5728\u8fc7\u53bb\u51e0\u5e74\u4e2d\u53d6\u5f97\u4e86\u5de8\u5927\u8fdb\u5c55\u3002\u5f00\u53d1\u4eba\u5458\u5bf9\u53ef\u89c6\u5316\u4ea7\u54c1\u7684\u671f\u671b\u4e0d\u518d\u662f\u7b80\u5355\u7684\u56fe\u8868\u521b\u5efa\u5de5\u5177\uff0c\u800c\u662f\u5728\u4ea4\u4e92\u3001\u6027\u80fd\u3001\u6570\u636e\u5904\u7406\u7b49\u65b9\u9762\u6709\u66f4\u9ad8\u7684\u8981\u6c42\u3002\r\nchart.setOption({\r\n color: [\r\n ","username":"casual","tagsname":"","tagsid":"","catesname":"","catesid":"","createtime":"1641183069","_id":"341361"},{"id":"238879","text":"\u9762\u5411\u4ea4\u6613\u7684\u65e5\u5185\u9ad8\u9891\u91cf\u5316\u4ea4\u6613\u5e73\u53f0\u7b14\u8bb0","intro":"\u76ee\u5f55\n\nECharts\n\u5f02\u6b65\u52a0\u8f7d\n\n\n\nECharts\r\n\u6570\u636e\u53ef\u89c6\u5316\u5728\u8fc7\u53bb\u51e0\u5e74\u4e2d\u53d6\u5f97\u4e86\u5de8\u5927\u8fdb\u5c55\u3002\u5f00\u53d1\u4eba\u5458\u5bf9\u53ef\u89c6\u5316\u4ea7\u54c1\u7684\u671f\u671b\u4e0d\u518d\u662f\u7b80\u5355\u7684\u56fe\u8868\u521b\u5efa\u5de5\u5177\uff0c\u800c\u662f\u5728\u4ea4\u4e92\u3001\u6027\u80fd\u3001\u6570\u636e\u5904\u7406\u7b49\u65b9\u9762\u6709\u66f4\u9ad8\u7684\u8981\u6c42\u3002\r\nchart.setOption({\r\n color: [\r\n ","username":"TaiYangXiManYouZhe","tagsname":"","tagsid":"","catesname":"","catesid":"","createtime":"1641183067","_id":"238879"},{"id":"238890","text":"2021 \u6700\u65b0\u91cf\u5316\u6295\u8d44\u4ea4\u6613\u8d44\u6e90\u6c47\u603b","intro":"\u76ee\u5f55\n\nECharts\n\u5f02\u6b65\u52a0\u8f7d\n\n\n\nECharts\r\n\u6570\u636e\u53ef\u89c6\u5316\u5728\u8fc7\u53bb\u51e0\u5e74\u4e2d\u53d6\u5f97\u4e86\u5de8\u5927\u8fdb\u5c55\u3002\u5f00\u53d1\u4eba\u5458\u5bf9\u53ef\u89c6\u5316\u4ea7\u54c1\u7684\u671f\u671b\u4e0d\u518d\u662f\u7b80\u5355\u7684\u56fe\u8868\u521b\u5efa\u5de5\u5177\uff0c\u800c\u662f\u5728\u4ea4\u4e92\u3001\u6027\u80fd\u3001\u6570\u636e\u5904\u7406\u7b49\u65b9\u9762\u6709\u66f4\u9ad8\u7684\u8981\u6c42\u3002\r\nchart.setOption({\r\n color: [\r\n ","username":"xgqfrms","tagsname":"","tagsid":"","catesname":"","catesid":"","createtime":"1641183063","_id":"238890"}],"count":535118}" array(2) { ["docs"]=> array(10) { [0]=> array(10) { ["id"]=> string(6) "158579" ["text"]=> string(46) "【Python】Tkinter图形界面设计(GUI)" ["intro"]=> string(288) "目录 ECharts 异步加载 ECharts 数据可视化在过去几年中取得了巨大进展。开发人员对可视化产品的期望不再是简单的图表创建工具,而是在交互、性能、数据处理等方面有更高的要求。 chart.setOption({ color: [ " ["username"]=> string(5) "HGNET" ["tagsname"]=> string(0) "" ["tagsid"]=> string(0) "" ["catesname"]=> string(0) "" ["catesid"]=> string(0) "" ["createtime"]=> string(10) "1641183196" ["_id"]=> string(6) "158579" } [1]=> array(10) { ["id"]=> string(6) "158620" ["text"]=> string(60) "python之gui-tkinter可视化编辑界面 自动生成代码" ["intro"]=> string(288) "目录 ECharts 异步加载 ECharts 数据可视化在过去几年中取得了巨大进展。开发人员对可视化产品的期望不再是简单的图表创建工具,而是在交互、性能、数据处理等方面有更高的要求。 chart.setOption({ color: [ " ["username"]=> string(7) "darkspr" ["tagsname"]=> string(0) "" ["tagsid"]=> string(0) "" ["catesname"]=> string(0) "" ["catesid"]=> string(0) "" ["createtime"]=> string(10) "1641183190" ["_id"]=> string(6) "158620" } [2]=> array(10) { ["id"]=> string(6) "158603" ["text"]=> string(66) "python3.6 +tkinter GUI编程 实现界面化的文本处理工具" ["intro"]=> string(288) "目录 ECharts 异步加载 ECharts 数据可视化在过去几年中取得了巨大进展。开发人员对可视化产品的期望不再是简单的图表创建工具,而是在交互、性能、数据处理等方面有更高的要求。 chart.setOption({ color: [ " ["username"]=> string(10) "chenyuebai" ["tagsname"]=> string(0) "" ["tagsid"]=> string(0) "" ["catesname"]=> string(0) "" ["catesid"]=> string(0) "" ["createtime"]=> string(10) "1641183187" ["_id"]=> string(6) "158603" } [3]=> array(10) { ["id"]=> string(5) "27850" ["text"]=> string(80) "Python GUI之tkinter窗口视窗教程大集合(看这篇就够了) - 洪卫" ["intro"]=> string(288) "目录 ECharts 异步加载 ECharts 数据可视化在过去几年中取得了巨大进展。开发人员对可视化产品的期望不再是简单的图表创建工具,而是在交互、性能、数据处理等方面有更高的要求。 chart.setOption({ color: [ " ["username"]=> string(5) "shwee" ["tagsname"]=> string(0) "" ["tagsid"]=> string(0) "" ["catesname"]=> string(0) "" ["catesid"]=> string(0) "" ["createtime"]=> string(10) "1641183186" ["_id"]=> string(5) "27850" } [4]=> array(10) { ["id"]=> string(6) "158605" ["text"]=> string(45) "Python GUI编程(Tkinter) windows界面开发" ["intro"]=> string(288) "目录 ECharts 异步加载 ECharts 数据可视化在过去几年中取得了巨大进展。开发人员对可视化产品的期望不再是简单的图表创建工具,而是在交互、性能、数据处理等方面有更高的要求。 chart.setOption({ color: [ " ["username"]=> string(5) "itfat" ["tagsname"]=> string(0) "" ["tagsid"]=> string(0) "" ["catesname"]=> string(0) "" ["catesid"]=> string(0) "" ["createtime"]=> string(10) "1641183184" ["_id"]=> string(6) "158605" } [5]=> array(10) { ["id"]=> string(5) "28228" ["text"]=> string(39) "tkinter python(图形开发界面)" ["intro"]=> string(288) "目录 ECharts 异步加载 ECharts 数据可视化在过去几年中取得了巨大进展。开发人员对可视化产品的期望不再是简单的图表创建工具,而是在交互、性能、数据处理等方面有更高的要求。 chart.setOption({ color: [ " ["username"]=> string(7) "yudanqu" ["tagsname"]=> string(0) "" ["tagsid"]=> string(0) "" ["catesname"]=> string(0) "" ["catesid"]=> string(0) "" ["createtime"]=> string(10) "1641183159" ["_id"]=> string(5) "28228" } [6]=> array(10) { ["id"]=> string(6) "158613" ["text"]=> string(34) "Tkinter图形界面设计(GUI)" ["intro"]=> string(288) "目录 ECharts 异步加载 ECharts 数据可视化在过去几年中取得了巨大进展。开发人员对可视化产品的期望不再是简单的图表创建工具,而是在交互、性能、数据处理等方面有更高的要求。 chart.setOption({ color: [ " ["username"]=> string(5) "pywjh" ["tagsname"]=> string(0) "" ["tagsid"]=> string(0) "" ["catesname"]=> string(0) "" ["catesid"]=> string(0) "" ["createtime"]=> string(10) "1641183158" ["_id"]=> string(6) "158613" } [7]=> array(10) { ["id"]=> string(6) "341361" ["text"]=> string(68) "量化分析获取数据的3种姿势(压箱底的神器Tushare)" ["intro"]=> string(288) "目录 ECharts 异步加载 ECharts 数据可视化在过去几年中取得了巨大进展。开发人员对可视化产品的期望不再是简单的图表创建工具,而是在交互、性能、数据处理等方面有更高的要求。 chart.setOption({ color: [ " ["username"]=> string(6) "casual" ["tagsname"]=> string(0) "" ["tagsid"]=> string(0) "" ["catesname"]=> string(0) "" ["catesid"]=> string(0) "" ["createtime"]=> string(10) "1641183069" ["_id"]=> string(6) "341361" } [8]=> array(10) { ["id"]=> string(6) "238879" ["text"]=> string(51) "面向交易的日内高频量化交易平台笔记" ["intro"]=> string(288) "目录 ECharts 异步加载 ECharts 数据可视化在过去几年中取得了巨大进展。开发人员对可视化产品的期望不再是简单的图表创建工具,而是在交互、性能、数据处理等方面有更高的要求。 chart.setOption({ color: [ " ["username"]=> string(18) "TaiYangXiManYouZhe" ["tagsname"]=> string(0) "" ["tagsid"]=> string(0) "" ["catesname"]=> string(0) "" ["catesid"]=> string(0) "" ["createtime"]=> string(10) "1641183067" ["_id"]=> string(6) "238879" } [9]=> array(10) { ["id"]=> string(6) "238890" ["text"]=> string(41) "2021 最新量化投资交易资源汇总" ["intro"]=> string(288) "目录 ECharts 异步加载 ECharts 数据可视化在过去几年中取得了巨大进展。开发人员对可视化产品的期望不再是简单的图表创建工具,而是在交互、性能、数据处理等方面有更高的要求。 chart.setOption({ color: [ " ["username"]=> string(7) "xgqfrms" ["tagsname"]=> string(0) "" ["tagsid"]=> string(0) "" ["catesname"]=> string(0) "" ["catesid"]=> string(0) "" ["createtime"]=> string(10) "1641183063" ["_id"]=> string(6) "238890" } } ["count"]=> int(535118) } webshell扫描 - 爱码网

webshell扫描

jsq16

可扫描 weevelyshell 生成 或加密的shell 及各种变异webshell

目前仅支持php


支持扫描 weevelyshell 生成 或加密的shell 
支持扫描callback一句话shell
支持各种php大马

<!DOCTYPE html>
<html>
<head>
        <meta charset=\'gb2312\'>
        <title>PHP web shell scan</title>
</head>
<body>

</body>

<?php 
define("SELF",php_self());        
error_reporting(E_ERROR);
ini_set(\'max_execution_time\',20000);
ini_set(\'memory_limit\',\'512M\');
header("content-Type: text/html; charset=gb2312");

function weevelyshell($file){
        $content=file_get_contents($file);
        if( 
                (
                preg_match(\'#(\$\w{2,4}\s?=\s?str_replace\("\w+","","[\w_]+"\);\s?)+#s\',$content)&&
            preg_match(\'#(\$\w{2,4}\s?=\s?"[\w\d\+\/\=]+";\s?)+#\',$content)&&                             preg_match(\'#\$[\w]{2,4}\s?=\s\$[\w]{2,4}\(\\'\\',\s?\$\w{2,4}\(\$\w{2,4}\("\w{1,4}",\s?"",\s?\$\w{2,4}\.\$\w{2,4}\.\$\w{2,4}\.\$\w{2,4}\)\)\);\s+?\$\w{2,4}\(\)\;#\',$content))
                    ||
                    (preg_match(\'#\$\w+\d\s?=\s?str_replace\(\"[\w\d]+\",\"\",\"[\w\d]+\"\);#s\',$content)&&
                preg_match(\'#\$\w+\s?=\s?\$[\w\d]+\(\\'\\',\s?\$[\w\d]+\(\$\w+\(\$\w+\(\"[[:punct:]]+\",\s?\"\",\s?\$\w+\.\$\w+\.\$\w+\.\$\w+\)\)\)\);\s?\$\w+\(\);#s\',$content))
                ){
                return true;
        }
}

function callbackshell($file){
        $content=file_get_contents($file);
        if(
                preg_match(\'#\$\w+\s?=\s?\$_(?:GET|POST|REQUEST|COOKIE|SERVER)\[.*?\]#is\',$content)&&
                preg_match(\'#\$\w+\s?=\s?(?:new)?\s?array\w*\s?\(.*?_(?:GET|POST|REQUEST|COOKIE|SERVER)\[.*?\].*?\)+#is\',$content)&&
                preg_match(\'#(?:array_(?:reduce|map|udiff|walk|walk_recursive|filter)|u[ak]sort)\s?\(.*?\)+?#is\',$content)
                
                
                )
                        return true;


}

function php_self(){
    $php_self=substr($_SERVER[\'PHP_SELF\'],strrpos($_SERVER[\'PHP_SELF\'],\'/\')+1);
    return $php_self;
}


$matches = array(
                \'/mb_ereg_replace\([\\'\*\s\,\.\"]+\$_(?:GET|POST|REQUEST|COOKIE|SERVER)\[[\\'\"].*?[\\'\"][\]][\,\s\\'\"]+e[\\'\"]\'/is,
                \'/preg_filter\([\\'\"\|\.\*e]+.*\$_(?:GET|POST|REQUEST|COOKIE|SERVER)/is\',
                \'/create_function\s?\(.*assert\(/is\',
                \'/ini_get\(\\'safe_mode\\'\)/i\',
                \'/get_current_user\(.*?\)/i\',
                \'/@?assert\s?\(\$.*?\)/i\',
                \'/proc_open\s?\(.*?pipe\\',\s?\\'w\\'\)/is\',
        \'/sTr_RepLaCe\s?\([\\'\"].*?[\\'\"],[\\'\"].*?[\\'\"]\s?,\s?\\'a[[:alnum:][:punct:]]+?s[[:alnum:][:punct:]]+?s[[:alnum:][:punct:]]+?e[[:alnum:][:punct:]]+?r[[:alnum:][:punct:]]+?t[[:alnum:][:punct:]]+?\)/i\',
                \'/preg_replace_callback\(.*?create_function\(/is\',
                \'/filter_var(?:_array)?\s?.*?\$_(?:GET|POST|REQUEST|COOKIE|SERVER)\[[\\'\"][[:punct:][:alnum:]]+[\\'\"]\][[:punct:][:alnum:][:space:]]+?assert[\\'\"]\)/is\',
                \'/ob_start\([\\'\"]+assert[\\'\"]+\)/is\',
                \'/new\s?ReflectionFunction\(.*?->invoke\(/is\',
            \'/PDO::FETCH_FUNC/\',
                \'/\$\w+.*\s?(?:=|->)\s?.*?[\\'\"]assert[\\'\"]\)?/i\',
                \'/\$\w+->(?:sqlite)?createFunction\(.*?\)/i\',
                \'/eval\([\"\\']?\\\?\$\w+\s?=\s?.*?\)/i\',
                \'/eval\(.*?gzinflate\(base64_decode\(/i\',
                \'/copy\(\$HTTP_POST_FILES\[\\'\w+\\'\]\s?\[\\'tmp_name\\'\]/i\',
                \'/register_(?:shutdown|tick)_function\s?\(\$\w+,\s\$_(?:GET|POST|REQUEST|COOKIE|SERVER)\[.*?\]\)/is\',
                \'/register_(?:shutdown|tick)_function\s?\(?[\\'\"]assert[\"\\'].*?\)/i\',
                \'/call_user_func.*?\([\"|\\']assert[\"|\\'],.*\$_(?:GET|POST|REQUEST|COOKIE|SERVER)\[[\\'|\"].*\]\)+/is\',
            \'/preg_replace\(.*?e.*?\\'\s?,\s?.*?\w+\(.*?\)/i\',
        \'/function_exists\s*\(\s*[\\'|\"](popen|exec|proc_open|system|passthru)+[\\'|\"]\s*\)/i\',
        \'/(exec|shell_exec|system|passthru)+\s*\(\s*\$_(\w+)\[(.*)\]\s*\)/i\',
        \'/(exec|shell_exec|system|passthru)+\s*\(\$\w+\)/i\',
        \'/(exec|shell_exec|system|passthru)\s?\(\w+\(\"http_.*\"\)\)/i\',
                  \'/(?:john\.barker446@gmail\.com|xb5@hotmail\.com|shopen@aventgrup\.net|milw0rm\.com|www\.aventgrup\.net|mgeisler@mgeisler\.net)/i\',
            \'/Php\s*?Shell/i\',
        \'/((udp|tcp)\:\/\/(.*)\;)+/i\',
        \'/preg_replace\s*\((.*)\/e(.*)\,\s*\$_(.*)\,(.*)\)/i\',
        \'/preg_replace\s*\((.*)\(base64_decode\(\$/i\',
        \'/(eval|assert|include|require|include_once|require_once)+\s*\(\s*(base64_decode|str_rot13|gz(\w+)|file_(\w+)_contents|(.*)php\:\/\/input)+/i\',
        \'/(eval|assert|include|require|include_once|require_once|array_map|array_walk)+\s*\(.*?\$_(?:GET|POST|REQUEST|COOKIE|SERVER|SESSION)+\[(.*)\]\s*\)/i\',
        \'/eval\s*\(\s*\(\s*\$\$(\w+)/i\',
            \'/((?:include|require|include_once|require_once)+\s*\(?\s*[\\'|\"]\w+\.(?!php).*[\\'|\"])/i\',
        \'/\$_(\w+)(.*)(eval|assert|include|require|include_once|require_once)+\s*\(\s*\$(\w+)\s*\)/i\',
        \'/\(\s*\$_FILES\[(.*)\]\[(.*)\]\s*\,\s*\$_(GET|POST|REQUEST|FILES)+\[(.*)\]\[(.*)\]\s*\)/i\',
        \'/(fopen|fwrite|fputs|file_put_contents)+\s*\((.*)\$_(GET|POST|REQUEST|COOKIE|SERVER)+\[(.*)\](.*)\)/i\',
        \'/echo\s*curl_exec\s*\(\s*\$(\w+)\s*\)/i\',
        \'/new com\s*\(\s*[\\'|\"]shell(.*)[\\'|\"]\s*\)/i\',
        \'/\$(.*)\s*\((.*)\/e(.*)\,\s*\$_(.*)\,(.*)\)/i\',
        \'/\$_\=(.*)\$_/i\',
        \'/\$_(GET|POST|REQUEST|COOKIE|SERVER)+\[(.*)\]\(\s*\$(.*)\)/i\',
        \'/\$(\w+)\s*\(\s*\$_(GET|POST|REQUEST|COOKIE|SERVER)+\[(.*)\]\s*\)/i\',
        \'/\$(\w+)\s*\(\s*\$\{(.*)\}/i\',
        \'/\$(\w+)\s*\(\s*chr\(\d+\)/i\'
);

function antivirus($dir,$exs,$matches) {
        if(($handle = @opendir($dir)) == NULL) return false;
        while(false !== ($name = readdir($handle))) {
                if($name == \'.\' || $name == \'..\') continue;
                $path = $dir.$name;
                if(strstr($name,SELF)) continue;
                //$path=iconv("UTF-8","gb2312",$path);
                if(is_dir($path)) {
                        //chmod($path,0777);/*主要针对一些0111的目录*/
                        if(is_readable($path)) antivirus($path.\'/\',$exs,$matches);
                } elseif(strpos($name,\';\') > -1 || strpos($name,\'%00\') > -1 || strpos($name,\'/\') > -1) {
                        echo \'特征 <input type="text" style="width:250px;" value="解析漏洞">         \'.$path.\'<div></div>\'; flush(); ob_flush();
                } 
                else {
                        if(!preg_match($exs,$name)) continue;
                        if(filesize($path) > 10000000) continue;
                        $fp = fopen($path,\'r\');
                        $code = fread($fp,filesize($path));
                        fclose($fp);
                        if(empty($code)) continue;                     
                        if(weevelyshell($path)){
                        echo \'特征 <input type="text" style="width:250px;" value="weevely 加密shell">         \'.$path.\'<div></div>\'; flush(); ob_flush();

                }elseif(callbackshell($path)){
                                echo \'特征 <input type="text" style="width:250px;" value="Callback shell">         \'.$path.\'<div></div>\'; flush(); ob_flush();
                }
                        foreach($matches as $matche) {
                                $array = array();
                                preg_match($matche,$code,$array);
                                if(!$array) continue;
                                if(strpos($array[0],"\x24\x74\x68\x69\x73\x2d\x3e")) continue;
                                $len = strlen($array[0]);
                                if($len > 6 && $len < 200) {
                                        echo \'特征 <input type="text" style="width:250px;" value="\'.htmlspecialchars($array[0]).\'">        \'.$path.\'<div></div>\';
                                        flush(); ob_flush(); break;
                                }
                        }
                        unset($code,$array);
                }
        }
        closedir($handle);
        return true;
}

function strdir($str) { return str_replace(array(\'\\\',\'//\',\'//\'),array(\'/\',\'/\',\'/\'),chop($str)); }

echo \'<form method="POST">\';
echo \'路径: <input type="text" name="dir" value="\'.($_POST[\'dir\'] ? strdir($_POST[\'dir\'].\'/\') : strdir($_SERVER[\'DOCUMENT_ROOT\'].\'/\')).\'" style="width:398px;"><div></div>\';
echo \'后缀: <input type="text" name="exs" value="\'.($_POST[\'exs\'] ? $_POST[\'exs\'] : \'.php|.inc|.phtml\').\'" style="width:398px;"><div></div>\';
echo \'操作: <input type="submit" style="width:80px;" value="scan"><div></div>\';
echo \'</form>\';

if(file_exists($_POST[\'dir\']) && $_POST[\'exs\']) {
        $dir = strdir($_POST[\'dir\'].\'/\');
        $exs = \'/(\'.str_replace(\'.\',\'\\.\',$_POST[\'exs\']).\')/i\';
        echo antivirus($dir,$exs,$matches) ? \'</br ><div></div>扫描完毕!\' : \'</br > <div></div>扫描中断\';
}
?>
</html>

  

分类:

技术点:

相关文章:

  • 2021-08-27
  • 2021-12-13
  • 2021-11-27
  • 2021-12-12
  • 2021-12-13
  • 2021-09-20
  • 2021-10-16
  • 2019-07-18
猜你喜欢
  • 2022-01-02
  • 2021-08-27
  • 2021-10-26
  • 2021-10-17
  • 2019-09-28
  • 2022-01-02
相关资源
相似解决方案
热门标签
Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode