" ) ){ return 1; } $chunk = substr($content,0,$offset); $regex = "/".preg_quote($var,"/")."\s*=/ix"; preg_match( $regex, $chunk,$matches ); return count($matches); } /* $file the file to check for potential rfi */ function escan_parse_file($file) { global $escan_inc_regex; global $escan_max_size; global $escan_file_count; global $escan_match_count; global $escan_byte_count; $fsize = filesize($file); if( $escan_max_size && $fsize > $escan_max_size ) return; $escan_file_count++; $escan_byte_count += $fsize; $content = @file_get_contents($file); for( $i = 0; $i < count($escan_inc_regex); $i++ ){ if( preg_match_all( $escan_inc_regex[$i], $content, $matches, PREG_OFFSET_CAPTURE ) ){ $nmatch = count($matches[0]); for( $j = 0; $j < $nmatch; $j++ ){ $offset = $matches[0][$j][1]; $line = escan_scan_line($content,$offset); $var = escan_parse_var($line,$i); if( escan_check_definitions($content,$offset,$var) == 0 ) { $escan_match_count++; print "@ $file - \n\t- '$var' The position $offset .\n"; } } } } } /* Returns the file extension $fname */ function escan_get_file_ext($fname) { if( strchr($fname,'.') ){ return substr($fname,strrpos($fname,'.')+1); } else{ return ""; } } /* Check if file $fname is a valid extension */ function escan_isvalid_ext($fname) { global $escan_valid_ext; for( $i = 0; $i < count($escan_valid_ext); $i++ ){ if(strstr(escan_get_file_ext($fname),$escan_valid_ext[$i])){ return true; } } return false; } /* That function scans directories recursively */ function escan_recurse_dir($dir) { global $escan_dir_count; $escan_dir_count++; if( $cdir = @dir($dir) ){ while( $entry = $cdir->read() ){ if( $entry != '.' && $entry != '..' ){ if( is_dir($dir.$entry) ){ escan_recurse_dir($dir.$entry.DIRECTORY_SEPARATOR); } else{ if( escan_isvalid_ext($dir.$entry) ){ escan_parse_file($dir.$entry); } } } } $cdir->close(); } } function escan_banner() { print "*-----------------------------------------------------*\n" . "* PHP Security-Shell RFI Scanner v1.0 by pentest *\n" . "* *\n" . "* http://security-shell.uni.cc *\n" . "*-----------------------------------------------------*\n\n"; } function escan_usage($pname) { print "Use : php $pname \n"; } ?>