what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

phpAV Code Auditing Tool 1.0

phpAV Code Auditing Tool 1.0
Posted Jan 5, 2010
Authored by Milos Zivanovic

phpAV is a script designed to work as antivirus for malicious PHP scripts. It will search a given directory and related files for dangerous functions and provide a report.

tags | web, php
SHA-256 | 52ba58c54f23247b703f406196191b4b06961a14a63f73da8e5e630962be128a

phpAV Code Auditing Tool 1.0

Change Mirror Download
#!/usr/bin/php
<?php
ini_set("max_execution_time", 0);
/**
* Title: phpAV
* Version: 1.0
* Author: Milos Zivanovic
* Email: milosz.security@gmail.com
* Date: January 2010.
*
* About: PHP script designed to work as antivirus for malicious
php scripts. phpAV search
* given directory an search in files with predefined
extension for dangerous
* functions such as system() and others. phpAV is
designed so it can be easily
* configured and look in more file types in search for
more functions.
*
* Usage: phpAV.php /var/www/
* file called Log.txt will appear in the same dir as
phpAV.php IF dangerous functions
* are found, else the file won't be there.
*
* Configuring: Array functions is used for storing functions you want
script to search in files.
* Array file_types is used for storing file types you
want phpAV to scan (it will
* only open files with those extensions).
* log_file is variable used for storing file name where
logs will be saved (script
* will create that file and write logs in it).
*
* Thanks: Special thanks to Teo Manojlovic, idea for this
originated in his mind.
* Note: Script tested on linux (ubuntu karmic koala (9.10))
**/

// CONFIGURATION SECTION
$functions = array('shell_exec', 'system', 'passthru', 'exec', 'eval',
'ftp_connect');
$file_types = array('php', 'php3', 'php4', 'php5', 'phps', 'ph3',
'ph4', 'html', 'htm', 'phtml');
$log_file = "Log.txt";
// END OF CONFIGURATION SECTION

$dir = $argv[1];

if($argc != 1) {
echo "Usage: ".$argv[0]." [DIR PATH]";
exit();
}
if(substr($dir, -1) != "/") $dir .= "/";

search_dir($dir);

function search_dir($path) {
if ($dh = opendir($path)) {
while (($file = readdir($dh)) !== false) {
if($file != "." && $file != "..") {
if(is_dir($path.$file))
search_dir($path.$file."/");
else if(is_readable($path.$file) && is_file_ext($path.$file))
search_in_file($path.$file);
}
}
}
}

function is_file_ext($file) {
global $file_types;
for($i=0;$i<count($file_types);$i++)
if(substr($file, -strlen($file_types[$i])) == $file_types[$i])
return 1;
return 0;
}

function search_in_file($file) {
global $functions;
$lines = array();
$found_str = array();
$found_line = array();
$content = file_get_contents($file);
$lines = explode("\n", $content);
for($i=0;$i<count($functions);$i++) {
for($j=0;$j<count($lines);$j++) {
if(strstr($lines[$j], " ".$functions[$i]."(") ||
strstr($lines[$j], "(".$functions[$i]."(") ||
strstr($lines[$j], ".".$functions[$i]."(") ||
strstr($lines[$j], "=".$functions[$i]."(") ||
strstr($lines[$j], "{".$functions[$i]."(") ||
strstr($lines[$j], ">".$functions[$i]."(") ||
strstr($lines[$j], "\t".$functions[$i]."(") ||
strstr($lines[$j], " ".$functions[$i]." (") ||
strstr($lines[$j], "=".$functions[$i]." (") ||
strstr($lines[$j], "{".$functions[$i]." (") ||
strstr($lines[$j], ".".$functions[$i]." (") ||
strstr($lines[$j], "(".$functions[$i]." (") ||
strstr($lines[$j], ">".$functions[$i]." (") ||
strstr($lines[$j], "\t".$functions[$i]." (") ||
substr($lines[$j], 0, strlen($functions[$i])) ==
$functions[$i]) {
$found_str[] = $lines[$j];
$found_line[] = $j+1;
}
}
}
if(!empty($found_str)) _log($file, $found_str, $found_line);
}

function _log($path, $line, $linenum) {
global $log_file;
file_put_contents($log_file, "File: ".$path."\n", FILE_APPEND);
for($i=0;$i<count($line);$i++) {
file_put_contents($log_file, "Line: ".$linenum[$i]." |
".$line[$i]."\n", FILE_APPEND);
}
}
?>
Login or Register to add favorites

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close