forked from walkeralencar/rrnuVaccine
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathrrnuVaccine.php
111 lines (94 loc) · 3.55 KB
/
rrnuVaccine.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
<?php
/**
* Vaccine: Malware rr.nu
* This simple script will read all file php recursivelly from directory and cleanup string defined by rr.nu
*
* changelog:
* v0.2 - verification by Regex, based on idea: http://misc.wordherders.net/wp/wordpress-fix_php.txt
* v0.1 - single string verification
*
* @author Walker de Alencar <[email protected]>
* @link {https://github.com/walkeralencar/rrnuVaccine}
*/
class rrnuVaccine {
private $directory;
private $counter;
private $log = '';
private $pattern = '(\<\?php \/\*\*\/ eval\(base64_decode\("aWYoZnVuY3Rpb25fZXhpc3RzKCdvYl9zdGFydCcpJiYhaXNzZXQoJF9TRVJWRVJbJ21yX25vJ10pKX.*"\)\);\?\>)';
private function __construct() {
}
/**
* @return rrnuVacine
*/
public static function create() {
return new self();
}
/**
* Define root directory to start the recursive search to Vacine all php files.
* @param type $dir
* @return rrnuVacine
*/
public function setDirectory($dir) {
$this->directory = $dir;
return $this;
}
private function getDirectory() {
return $this->directory;
}
private function validate() {
if (is_null($this->getDirectory())) {
throw new exception('Define the root directory to Vacine!');
}
}
private function startup() {
$this->counter = array(
'free' => 0,
'infected' => 0,
'disinfected' => 0,
'total' => 0,
);
}
private function vaccine($directory) {
$currentDir = dir($directory);
while (false !== ($entry = $currentDir->read())) {
$file = $directory . DIRECTORY_SEPARATOR . $entry;
if ($entry != "." && $entry != ".." && is_dir($file)) {
$this->vaccine($file);
} else if (pathinfo($entry, PATHINFO_EXTENSION) == 'php') {
$fileContent = preg_replace($this->pattern, '', file_get_contents($file),-1,$detected);
if($detected === 0){
$status = '<em style="color:darkblue">free</em>';
$this->counter['free']++;
} else {
if (false === file_put_contents($file, $fileContent)) {
$status = '<em style="color:darkred">infected!</em>';
$this->counter['infected']++;
} else {
$status = '<em style="color:darkgreen">disinfected!</em>';
$this->counter['disinfected']++;
}
}
$this->counter['total']++;
$this->log .= $file . "[" . $status . "]<br>\n";
}
}
$currentDir->close();
}
public function execute() {
$this->validate();
$this->startup();
$this->vaccine($this->getDirectory());
$result = array();
foreach($this->counter as $key => $value){
$result[] = "<b>{$key}</b>({$value}) ";
}
return "<h2>".implode(' | ',$result)."</h2>\n". $this->log;
}
}
echo '<div style="color:#333; font-family:Verdana; font-size:11px;">';
echo '<h1><a href="https://github.com/walkeralencar/rrnuVaccine">rr.nu Vaccine - v0.2 Beta</a></h1>';
echo '<h3>by <a href="mailto:[email protected]">Walker de Alencar</a></h3><hr/>';
echo rrnuVaccine::create()
->setDirectory(realpath(getcwd()))
->execute();
echo '</div>';