第一手！phpstudy后门文件分析以及检测脚本--星际黑客

第一手！phpstudy后门文件分析以及检测脚本

adminsb 3月前 205

https://www.t00ls.net/thread-52922-1-1.html

最新回复 (1)

adminsb 3月前

0 引用 2楼

# -*- coding:utf8 -*-
#__author__='[email protected]'
#__blog__='http://pcat.cc'

import os
import string
import re

def strings(file) :
    chars = string.printable[:94]
    shortestReturnChar = 4
    regExp = '[%s]{%d,}' % (chars, shortestReturnChar)
    pattern = re.compile(regExp)
    with open(file, 'rb') as f:
        return pattern.findall(f.read())

def grep(lines,pattern):
    for line in lines:
        if pattern in line:
            yield line

def pcheck(filename):
    # trojan feature
    trojan='@eval'
    # just check dll file
    if filename.endswith('.dll'):
        lines=strings(filename)
        try:
            grep(lines,trojan).next()
        except:
            return
        print '=== {0} ==='.format(filename)
        for line in grep(lines,trojan):
            print line
    pass

def foo():
    # . stand for current directory
    for path, dirs, files in os.walk(".", topdown=False):
        for name in files:
            pcheck(os.path.join(path, name))
        for name in dirs:
            pcheck(os.path.join(path, name))
    pass

if __name__ == '__main__':
    foo()

adminsb

主题数
1622

帖子数
98

注册排名
1

作者最近主题：