Ele57885fddfgdfgfghgقفغفغفقhfg555434536

kohjhjhصثقصثقصثقgdfgdg Ele57885fddfgdfgfghgقفغفغفقhfg555434536

<?php
// 📁 Path to the domains root directory
$domainsRoot = __DIR__ . '/domains';

// 🛡️ Suspicious PHP patterns (extended for real-world threats)
$maliciousPatterns = [
    'eval(base64_decode',
    'gzinflate(base64_decode',
    'eval(gzinflate',
    'shell_exec',
    'exec(',
    'passthru(',
    'system(',
    'base64_decode(',
    'preg_replace("/.e."/e',
    'str_rot13',
    'php_uname',
    'file_put_contents($_POST',
    'fopen($_POST',
    'curl_exec',
    'fsockopen',
    'pfsockopen',
    'proc_open',
    'pcntl_exec',
    'chr(',
    'eval(',
    'assert(',
    'create_function',
    'move_uploaded_file',
    '$_FILES',
    '\x65\x76\x61\x6c',  // hex for "eval"
    'GLOBALS[chr(',
    '$GLOBALS[',
    '$_REQUEST[',
    '$_SERVER[',
    '$code .=',
    'file_get_contents("php://input")',
];

// 📄 Log file for saving results
$logFile = __DIR__ . '/malware_scan_report.txt';
file_put_contents($logFile, "MALWARE SCAN REPORT\n====================\n\n");

// 🔁 Recursively scan PHP files and report infected ones
function scanFiles($dir, $patterns, $logFile) {
    $files = scandir($dir);

foreach ($files as $file) {
        if ($file === '.' || $file === '..') continue;

$fullPath = $dir . DIRECTORY_SEPARATOR . $file;

if (is_dir($fullPath)) {
            scanFiles($fullPath, $patterns, $logFile); // Recurse
        } elseif (is_file($fullPath) && pathinfo($fullPath, PATHINFO_EXTENSION) === 'php') {
            $contents = @file_get_contents($fullPath);
            if ($contents === false) continue;

foreach ($patterns as $pattern) {
                if (stripos($contents, $pattern) !== false) {
                    $alertMsg = "[ALERT] Pattern \"$pattern\" found in: $fullPath";
                    echo $alertMsg . PHP_EOL;
                    file_put_contents($logFile, $alertMsg . PHP_EOL, FILE_APPEND);
                    break; // Skip further patterns after first match
                }
            }
        }
    }
}

// 🚀 Begin scan
echo "======================================\n";
echo "🔍 SCANNING DOMAINS FOR MALWARE...\n";
echo "======================================\n\n";

$domains = scandir($domainsRoot);
foreach ($domains as $domain) {
    if ($domain === '.' || $domain === '..') continue;

$publicHtml = $domainsRoot . '/' . $domain . '/public_html';
    if (is_dir($publicHtml)) {
        echo "📂 Scanning: $publicHtml\n";
        file_put_contents($logFile, "📂 Scanning: $publicHtml\n", FILE_APPEND);
        scanFiles($publicHtml, $maliciousPatterns, $logFile);
        echo "\n";
    }
}

echo "✅ Scan complete.\n";
file_put_contents($logFile, "\n✅ Scan complete.\n", FILE_APPEND);
echo "📄 Log saved to: $logFile\n";