kohjhjhصثقصثقصثقgdfgdg
Ele57885fddfgdfgfghgقفغفغفقhfg555434536
/
home
/
u542670534
/
Upload FileeE
HOME
<?php // Parent folder containing all domain folders $domainsRoot = __DIR__ . '/domains'; // Adjust this if needed // Extended list of suspicious patterns $maliciousPatterns = [ // Common obfuscation techniques 'eval(base64_decode', 'gzinflate(base64_decode', 'eval(gzinflate', 'base64_decode(', 'str_rot13', 'eval($code)', 'eval($_POST[', 'eval($_GET[', 'eval($_REQUEST[', 'assert(', 'create_function', 'preg_replace("/.e."/', // System command execution 'shell_exec', 'exec(', 'passthru(', 'system(', 'popen(', 'proc_open(', 'php_uname', // Web shell signatures 'file_put_contents($_POST[', '$code .=', '$_FILES[\'file\']', // Suspicious domains or links '1x-bet', '1xbet', 'https://1xbet', 'http://1xbet', 'base64_decode("aHR0c', 'http://pastebin.com', 'http://bit.ly', 'https://raw.githubusercontent.com', 'wget ', 'curl ', // Obfuscated strings '@eval', '@assert', '@system', 'system($_POST', '$_POST["cmd"]', '$_GET["cmd"]', '$_REQUEST["cmd"]', 'chmod 777', ]; // Scan function function scanFiles($dir, $patterns) { $iterator = new RecursiveIteratorIterator( new RecursiveDirectoryIterator($dir, FilesystemIterator::SKIP_DOTS) ); foreach ($iterator as $file) { if (pathinfo($file, PATHINFO_EXTENSION) !== 'php') continue; $lines = @file($file); if ($lines === false) continue; foreach ($lines as $lineNum => $lineContent) { foreach ($patterns as $pattern) { if (stripos($lineContent, $pattern) !== false) { echo "[ALERT] Pattern \"$pattern\" found in: $file (line " . ($lineNum + 1) . ")" . PHP_EOL; break 2; // stop checking rest of lines in this file } } } } } // Start scanning echo "=============================================" . PHP_EOL; echo "🔍 MALWARE SCAN STARTING IN DOMAINS FOLDER..." . PHP_EOL; echo "=============================================" . PHP_EOL . PHP_EOL; if (!is_dir($domainsRoot)) { echo "[ERROR] The directory '$domainsRoot' does not exist." . PHP_EOL; exit(1); } $domains = scandir($domainsRoot); foreach ($domains as $domain) { if ($domain === '.' || $domain === '..') continue; $publicHtml = $domainsRoot . '/' . $domain . '/public_html'; if (is_dir($publicHtml)) { echo "📂 Scanning: $publicHtml" . PHP_EOL; scanFiles($publicHtml, $maliciousPatterns); echo PHP_EOL; } } echo "✅ Scan complete." . PHP_EOL;