Simple scrip to Find Vulnerable PHP files. [Archive]

View Full Version : Simple scrip to Find Vulnerable PHP files.

aaronbrad

04-02-2016, 09:12 PM

Script used to find vulnerable php files

#!/bin/bash
shellpattern=’r0nin|m0rtix|upl0ad|r57|c99|shellbot |phpshell|void\.ru|phpremoteview|directmail|bash_h istory|vulnscan|spymeta|raslan58′
for user in `/bin/ls /var/cpanel/users`
do
find /home/$user/public_html $ -name ‘*.php’ -o -name ‘*.cgi’ -o -name ‘*.inc’ $ -exec \
egrep -il “$shellpattern” {} \;
done

ServerHat

04-17-2016, 05:12 AM

What does .inc stand for?

aaronbrad

04-23-2016, 06:24 AM

What does .inc stand for?

.inc file can be seen in Drupal installations. Other extensions also can be added to the script.

euro-space

04-25-2016, 01:41 AM

You may also add / run following piece of code, which will show potential backdoors:

grep -ir 'eval(' /home/username/public_html/*

as eval() is commonly used function by attackers, but sometimes it can also be "splitted" like this: <? eval/*somestring*/(... ?> so keep in mind this too.