Last active
May 2, 2022 08:03
-
-
Save mdpuma/b5a7fdc7f0a052f77732 to your computer and use it in GitHub Desktop.
scan php infections
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| find ! -perm 000 -type f -name \*.php -print0 | xargs -0 -n2 grep -E "mail\s*\(" |less | |
| find ! -perm 000 -type f -name \*.php -print0 | xargs -0 -n2 grep -E 'eval\(|move_uploaded_file' |less | |
| find ! -perm 000 -type f -name \*.php -print0 | xargs -0 -n2 grep 'eval(stripslashes' |less | |
| find ! -perm 000 -type f -name \*.php -print0 | xargs -0 -n2 grep 'eval($_' |less | |
| find ! -perm 000 -type f -name \*.php -print0 | xargs -0 -n2 grep 'base64_decode(' |less | |
| find ! -perm 000 -type f -name \*.php -print0 | xargs -0 -n2 grep 'base64_encode(gzcompress' |less | |
| find ! -perm 000 -type f -name \*.php -print0 | xargs -0 -n2 grep "\\\x" |less | |
| find ! -perm 000 -type f -name \*.php -print0 | xargs -0 -n2 grep -E "(system|exec)\(" |less | |
| find ! -perm 000 -type f -name \*.php -print0 | xargs -0 -n2 grep -E "[^\ ]{300,}" |less | |
| find ! -perm 000 -type f -name \*.php -print0 | xargs -0 -n2 grep -E 'FilesMan|socket_connect' |less | |
| find ! -perm 000 -type f -name \*.php -print0 | xargs -0 -n2 grep 'getenv' | grep REMOTE_ADDR | less | |
| find ! -perm 000 -type f -name \*.php -print0 | xargs -0 -n2 grep -E '@$strings\(str_rot13' | less | |
| find ! -perm 000 -type f -name \*.php -print0 | xargs -0 -n2 grep 'ionCube' | less | |
| grep -E '\$subject =\s\$_(POST|GET|REQUEST)' `find ! -perm 000 -type f -name \*.php` 2>/dev/null |less | |
| grep -E 'mail.add_x_header' `find ! -perm 000 -type f -name \*.php` 2>/dev/null |less | |
| find ! -perm 000 -type f \( -name \*htm\* -o -name \*.php \) -print0 | xargs -0 grep -i 'http-equiv="refresh"' | less | |
| find ! -perm 000 -type f ! -name \*.php -print0 | xargs -0 -n2 grep -E '<\?php' |less | |
| find ! -perm 000 -type f -name \*.php -print0 | xargs -0 -n2 grep -E 'social*.png|background*.png' |less | |
| find ! -perm 000 -type f -name social*.png -or -name background*.png -print0 | xargs -0 grep '<?php' |less | |
| find -name 1.sh -or -name \*.so | |
| find ! -perm 000 -type f -name \*.php -print0 | xargs -0 grep array_diff_ukey | |
| find ! -perm 000 -type f -name \*.php -print0 | xargs -0 -n2 grep -E '@include "' |less | |
| find ! -perm 000 -type f -name \*.ico -print0 | xargs -0 -n2 grep -E '<?php' |less | |
| find ! -perm 000 -type f -name \*.php -print0 | xargs -0 -n2 grep 'eval\/\*' |less |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment