This code is for scanning shells. I created this peace of code. What this does is scan for common shells and contents that contains any code that a shell may have. To use this code you need to create a .py file and paste this code inside. If you are running a linux box all you have to do is execute the python file and type the directory of which you want to scan without using a "/" at the end.
Credits:
ZionHD
Code:
from os import listdir
from os.path import isfile, join, isdir
from os import walk
print "This was created for the use of scanning for shells!"
print "This was created by ZionHD"
print "\nCopyright (c) 2015 Console-Forums\n"
dirScan = raw_input("What directory do you want to scan?")
print "We will now start scanning directory \"%s\"." % (dirScan)
print "\nPlease know that this may produce false positives.\n"
#This is an array of what to look for
lookFor = []
lookFor.append("b374k")
lookFor.append("c99")
lookFor.append("c100")
lookFor.append("CWShellDumper")
lookFor.append("angel")
lookFor.append("aspx")
lookFor.append("c0rrupt")
lookFor.append("dq")
lookFor.append("kacak")
lookFor.append("simattacker")
lookFor.append("sosyete")
lookFor.append("tryag")
lookFor.append("zehir4")
lookFor.append("base64_decode")
lookFor.append("base64_encode")
lookFor.append("system")
lookFor.append("exec")
lookFor.append("shell_exec")
lookFor.append("posix_kill")
lookFor.append("shell")
lookFor.append("backdoor")
lookFor.append("eval")
def ScanFile(file, lookInto):
if isfile(file) == True:
fileHandle = open(file, 'r')
for look in lookInto:
if look in fileHandle.read():
print file + " :" + look
break
for (dirpath, dirnames, filenames) in walk(dirScan):
for file in filenames:
file2 = dirpath + "/" + file
ScanFile(file2, lookFor)
Credits:
ZionHD