Exemple #1
0
def scan(path, ext, blackList, resList):
	loadPlus(ext)
	#获取绝对路径
	for root, dirs, files in os.walk(path):
		for filename in files:
			filepath = os.path.join(root, filename)
			if filepath not in blackList:
				#判断文件大小
				if os.path.getsize(filepath) < 500000:
					for plus in plusArr:
						fp = open(filepath, "rb")
						fileCtent = fp.read()
						fp.close()
						res = sys.modules["plugins." + plus].judgeBackdoor(fileCtent)
						filetime = getFileTime(filepath)
						if res:
							resList.append([filepath, res, filetime])
							break
						else:
							pass
			else:
				pass
Exemple #2
0
def scan(path, ext, blackList, resList):
    loadPlus(ext)
    #获取绝对路径
    for root, dirs, files in os.walk(path):
        for filename in files:
            filepath = os.path.join(root, filename)
            if filepath not in blackList:
                #判断文件大小
                if os.path.getsize(filepath) < 500000:
                    for plus in plusArr:
                        fp = open(filepath, "rb")
                        fileCtent = fp.read()
                        fp.close()
                        res = sys.modules["plugins." +
                                          plus].judgeBackdoor(fileCtent)
                        filetime = getFileTime(filepath)
                        if res:
                            resList.append([filepath, res, filetime])
                            break
                        else:
                            pass
            else:
                pass
Exemple #3
0
	#获取文件绝对路径
	for root, dirs, files in os.walk(options.path):
		for filename in files:
			fullpath = os.path.join(root, filename)
			fileList[filename] = fullpath

	#过滤类
	FilterShell = FilterShell()

	#文件名过滤
	for filename in fileList.keys():
		res = FilterShell.filename(options.ext, filename)
		if res:
			#获取后门类型,文件修改时间,文件路径
			fullpath = fileList.get(filename)
			mtime = getFileTime(fullpath)
			filemode = "一般类型"
			resList.append([fullpath, filemode, mtime])
			blackList.append(fullpath)
		else:
			pass

	#根据后门特征码过滤
	for filename in fileList.keys():
		fullpath = fileList.get(filename)
		if fullpath not in blackList:
			with open(fullpath, "rb") as fp:
				ctent = fp.read()
				filemode = FilterShell.content(options.ext, ctent)
				#获取后门类型,文件修改时间,文件路径
				if filemode:
Exemple #4
0
    #获取文件绝对路径
    for root, dirs, files in os.walk(options.path):
        for filename in files:
            fullpath = os.path.join(root, filename)
            fileList[filename] = fullpath

    #过滤类
    FilterShell = FilterShell()

    #文件名过滤
    for filename in list(fileList.keys()):
        res = FilterShell.filename(options.ext, filename)
        if res:
            #获取后门类型,文件修改时间,文件路径
            fullpath = fileList.get(filename)
            mtime = getFileTime(fullpath)
            filemode = "一般类型"
            resList.append([fullpath, filemode, mtime])
            blackList.append(fullpath)
        else:
            pass

    #根据后门特征码过滤
    for filename in list(fileList.keys()):
        fullpath = fileList.get(filename)
        if fullpath not in blackList and fullpath.endswith('.' + options.ext):
            print(fullpath)
            with open(fullpath, "r", encoding='utf-8') as fp:
                ctent = fp.read()
                filemode = FilterShell.content(options.ext, ctent)
                #获取后门类型,文件修改时间,文件路径