2012.11.29 02:28


웹쉘 에사용되는 함수 점검하는 스크립트~ (Script, Finding using function in webshell) 


간단하게 짜보았는데, 단점은 result.txt 까지 검사를 한다.. 

result.txt 는 상위 폴더에 넣고 그폴더만 검색하도록 하는것을 권장! 


#!/bin/bash

echo "START"

grep -r -n "system(" ./ | awk -F : '{print "filename : "$1"\nline: "$2"\nmatch: "$3"\n\n"}' > result.txt

grep -r -n "execl(" ./ | awk -F : '{print "filename : "$1"\nline: "$2"\nmatch: "$3"\n\n"}' >> result.txt

grep -r -n "execve(" ./ | awk -F : '{print "filename : "$1"\nline: "$2"\nmatch: "$3"\n\n"}' >> result.txt

grep -r -n "fopen(" ./ | awk -F : '{print "filename : "$1"\nline: "$2"\nmatch: "$3"\n\n"}' >> result.txt

grep -r -n "passthru(" ./ | awk -F : '{print "filename : "$1"\nline: "$2"\nmatch: "$3"\n\n"}' >> result.txt

grep -r -n "exec(" ./ | awk -F : '{print "filename : "$1"\nline: "$2"\nmatch: "$3"\n\n"}' >> result.txt

grep -r -n "shell_exec(" ./ | awk -F : '{print "filename : "$1"\nline: "$2"\nmatch: "$3"\n\n"}' >> result.txt

echo "create file \"result.txt\""

echo "FINISH"

Posted by k1rha