import os,hashlib,time,datetime from zlib import crc32 import argparse
# 递归版遍历所有文件和目录 defrecursion_all_file(rootdir): _file = [] root = os.listdir(rootdir) for item inrange(0,len(root)): path = os.path.join(rootdir,root[item]) if os.path.isdir(path): _file.extend(recursion_all_file(path)) if os.path.isfile(path): _file.append(path)
for item inrange(0,len(_file)): _file[item] = _file[item].replace("\\","/") return _file
# 通过自带OS库中的函数实现的目录遍历 defordinary_all_file(rootdir): _file = [] for root, dirs, files in os.walk(rootdir, topdown=False): for name in files: _file.append(os.path.join(root, name)) for name in dirs: _file.append(os.path.join(root, name)) for item inrange(0,len(_file)): _file[item] = _file[item].replace("\\","/") return _file
defspider(script_path,script_type): final_files = [] for root, dirs, files in os.walk(script_path, topdown=False): for fi in files: dfile = os.path.join(root, fi) if dfile.endswith(script_type): final_files.append(dfile.replace("\\","/")) print("[+] 共找到了 {} 个 {} 文件".format(len(final_files),script_type)) return final_files
defscanner(files_list,func): for item in files_list: fp = open(item, "r",encoding="utf-8") data = fp.readlines() for line in data: Code_line = data.index(line) + 1 Now_code = line.strip("\n") #for unsafe in ["system", "insert", "include", "eval","select \*"]: for unsafe in [func]: flag = re.findall(unsafe, Now_code) iflen(flag) != 0: print("函数: {} ---> 函数所在行: {} ---> 路径: {} " .\ format(flag,Code_line,item))
if __name__ == "__main__": # 使用方式: main.py -p "D://lyshark" -w eval -t .php parser = argparse.ArgumentParser() parser.add_argument("-p","--path",dest="path",help="设置扫描路径") parser.add_argument("-w","--word",dest="func",help="设置检索的关键字") parser.add_argument("-t","--type",dest="type",default=".php",help="设置扫描文件类型,默认php") args = parser.parse_args() if args.path and args.func: ret = spider(args.path, args.type) scanner(ret, args.func) else: parser.print_help()