forked from cfc4n/woodpecker
-
Notifications
You must be signed in to change notification settings - Fork 0
/
index.php
104 lines (96 loc) · 4.35 KB
/
index.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
<?php
/**
* Pecker Index
*
* You may not change or alter any portion of this comment or credits
* of supporting developers from this source code or any supporting source code
* which is considered copyrighted (c) material of the original comment or credit authors.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
*
* @copyright Pecker Scanner http://www.cnxct.com
* @license http://www.fsf.org/copyleft/gpl.html GNU public license
* @author CFC4N <cfc4n@cnxct.com>
* @package demo
* @version $Id: index.php 28 2014-03-03 03:30:23Z cfc4n $
*/
set_time_limit(0);
define('MAX_STRLEN', 500); //max length value of hash string
//require dirname(__FILE__) . '/Pecker/Autoloader.php';
//Pecker_Autoloader::register(); //register autoloader
// OR with lite
require dirname(__FILE__) .'/PeckerLite/PeckerScanner.lite.php';
$config = array(
'scandir' => dirname(__FILE__).DIRECTORY_SEPARATOR.'test',
'extend' => array('php','inc','php5'),
'function' => array('exec','system','create_function','passthru','shell_exec','proc_open','popen','copy','curl_exec','parse_ini_file','show_source','assert','file_put_contents','call_user_func_array','call_user_func','preg_replace','include'),
);
try {
$scaner = new Pecker_Scanner();
$scaner->setPath($config['scandir']); // set directory to scan
$scaner->setExtend($config['extend']);
$scaner->setFunction($config['function']);
$scaner->run();
$result = $scaner->getReport();
$html = '';
//result of demo for show
foreach ($result as $k => $v)
{
if ($v['parser'] === false)
{
$html .= '<tr><td title="'.$k.'">'.str_replace($config['scandir'], '', $k).'</td> <td align="center"> - </td> <td align="center"> - </td> <td class="focus">'.$v['message'].'</td></tr>';
}
else
{
$n = count($v['function']);
if ( $n > 0)
{
$rowspan = false;
foreach ($v['function'] as $func => $line)
{
if (!$rowspan)
{
$html .='<tr><td rowspan="'.$n.'" title="'.$k.'">'.str_replace($config['scandir'], '', $k).'</td>';
$rowspan = true;
}
else
{
$html .='<tr>';
}
$html1 = '';
foreach ($line as $c)
{
$html1 .= 'line '.$c['line'].' :'.'<span class="code" title="'.$func.' '.htmlspecialchars($c['codemore']).'">'.$func.' ';
$strLess = base64_encode($func.$c['codeless']);
if (strlen($strLess) > MAX_STRLEN)
{
$html1 .= htmlspecialchars(substr($c['codemore'],0,50)).'</span><input type="hidden" value="md5" class="'.md5($func.$c['codeless']).'" title="'.$strLess.'"/><br/>';
}
else
{
$html1 .= htmlspecialchars(substr($c['codemore'],0,50)).'</span><input type="hidden" value="code" class="'.md5($func.$c['codeless']).'" title="'.$strLess.'"/><br/>';
}
}
$html .='<td>'.$func.'</td> <td>'.$html1.'</td> <td align="center"> - </td></tr>';
}
}
}
}
if ($html == '')
{
$html = '<tr><td colspan="4" align="center">Congratulations,It is very safe...</td></tr>';
}
$report = file_get_contents('template.html');
$report = str_replace('{PATH}', '<span class="string">'.$config['scandir'].'</span>', $report);
$report = str_replace('{EXTEND}', '<span class="string">'.implode('</span>,<span class="string">',$config['extend']).'</span>', $report);
$report = str_replace('{FUNCTION}','<span class="string">'.implode('</span>,<span class="string"> ',$config['function']).'</span>', $report);
$report = str_replace('{RESULT}', $html, $report);
$filename = 'report_'.date('YmdHis').'.html';
file_put_contents($filename, $report);
echo '<a href="'.$filename.'">Completed,View report.</a>';
}
catch (Exception $e)
{
print_r($e);
}