def run_url(req, rule):
print "**********webshell*******"
print rule.site_type
if req.params != "" or not req.url.endswith("/"):
return None
suffix = SITETYPES[rule.site_type] if rule.site_type is not None else None
sure = []
doubt = []
response = None
for line in open(os.path.join(paths.DIC, WEBSHELL_DIC_NAME)):
line = line.strip() # remove \n
if suffix is None:
urls = ["%s%s" % (line, t) for t in SITETYPES.itervalues()]
else:
urls = ["%s%s" % (line, suffix)]
for u in urls:
url = "%s%s" % (req.url, u)
print url
res = request(url)
if res and res.status_code == 200:
text = res.text
## feature
if rule.site_type is not None and rule.site_type in WEBSHELL_FEATURE:
features = WEBSHELL_FEATURE[rule.site_type]
if all(text.find(key) != -1 for keys in features.itervalues() for key in keys):
if response is None:
response = res
sure.append(url)
continue
## one input
match = _INPUT_TYPE.findall(text)
if match and len(match) == 2:
if response is None:
response = res
doubt.append(url)
continue
## match regur expression
if (
(
match.group(1)
for match in _IP_PATTERN.finditer(text)
if all(0 <= int(x) <= 255 for x in match.group(1).split("."))
)
and _INPUT_NAMR.search(text)
and _DIR_PATH.search(text)
):
if response is None:
response = res
doubt.append(url)
if response is not None:
if sure:
sure.insert(0, u"下列url是WebShell,请及时清理")
if doubt:
doubt.insert(0, u"下列url疑是为WebShell,请仔细检查!")
return Result(response, sure + doubt)
def run_url(req, rule):
print '**********webshell*******'
print rule.site_type
if req.params != '' or not req.url.endswith('/'):
return None
suffix = SITETYPES[rule.site_type] if rule.site_type is not None else None
sure = []
doubt = []
response = None
for line in open(os.path.join(paths.DIC, WEBSHELL_DIC_NAME)):
line = line.strip() # remove \n
if suffix is None:
urls = ["%s%s" % (line, t) for t in SITETYPES.itervalues()]
else:
urls = ["%s%s" % (line, suffix)]
for u in urls:
url = "%s%s" % (req.url, u)
print url
res = request(url)
if res and res.status_code == 200:
text = res.text
## feature
if rule.site_type is not None and rule.site_type in WEBSHELL_FEATURE:
features = WEBSHELL_FEATURE[rule.site_type]
if all(
text.find(key) != -1
for keys in features.itervalues() for key in keys):
if response is None:
response = res
sure.append(url)
continue
## one input
match = _INPUT_TYPE.findall(text)
if match and len(match) == 2:
if response is None:
response = res
doubt.append(url)
continue
## match regur expression
if (match.group(1) for match in _IP_PATTERN.finditer(text) if all(0<=int(x)<=255 for x in match.group(1).split('.'))) \
and _INPUT_NAMR.search(text) \
and _DIR_PATH.search(text) :
if response is None:
response = res
doubt.append(url)
if response is not None:
if sure:
sure.insert(0, u"下列url是WebShell,请及时清理")
if doubt:
doubt.insert(0, u"下列url疑是为WebShell,请仔细检查!")
return Result(response, sure + doubt)
def check_type(msg):
for k in SITETYPES.iterkeys():
if msg.find(k) != -1:
return k
def check_type(msg):
for k in SITETYPES.iterkeys():
if msg.find(k) != -1:
return k
