PHPScanner is a small and simple script which scans uploaded content for known scripts like c99 before your PHP script handles the request
Visit our Wiki Installing PHPScanner
There is no need to change how your uploads are handled (not even for WordPress, Joomla or other Content Management Systems).
Here's an example output for var_dump( $_FILES );
array(1) {
["my_file"]=>
array(7) {
["name"]=>
string(11) "Capture.JPG"
["type"]=>
string(10) "image/jpeg"
["tmp_name"]=>
string(14) "/tmp/phpJ1kFGr"
["error"]=>
int(0)
["size"]=>
int(127218)
["scan_results"]=>
string(2) "OK"
["scan_details"]=>
array(0) {
}
}
}
As you can see, there are two additional keys scan_results
and scan_details
.
-
scan_results
is a string, with two values availableOK - Scan completed and the file was considered clean
PUP - Scan completed and the file was considered a Potentially Unwanted Program
-
scan_details
is an array, if the file was considered a PUP, this array is filled with the strings matchedIt is then down to the Developer to programmatically decide if the file is indeed dangerous.
Here's an example output for var_dump( $_FILES );
array(1) {
["my_file"]=>
array(7) {
["name"]=>
string(8) "test.txt"
["type"]=>
string(10) "text/plain"
["tmp_name"]=>
string(26) "/tmp/phpDrv7Jh_VIRUS_FOUND"
["error"]=>
int(8)
["size"]=>
int(165477)
["scan_results"]=>
string(3) "PUP"
["scan_details"]=>
array(7) {
[0]=>
array(2) {
["vun_id"]=>
int(0)
["vun_string"]=>
string(23) "-type f -name .htpasswd"
}
[1]=>
array(2) {
["vun_id"]=>
int(2)
["vun_string"]=>
string(7) "netstat"
}
[2]=>
array(2) {
["vun_id"]=>
int(4)
["vun_string"]=>
string(6) "find /"
}
[3]=>
array(2) {
["vun_id"]=>
int(5)
["vun_string"]=>
string(9) "ccteam.ru"
}
[4]=>
array(2) {
["vun_id"]=>
int(10)
["vun_string"]=>
string(6) "psyBNC"
}
[5]=>
array(2) {
["vun_id"]=>
int(13)
["vun_string"]=>
string(11) "/etc/passwd"
}
[6]=>
array(2) {
["vun_id"]=>
int(14)
["vun_string"]=>
string(23) "packetstormsecurity.org"
}
}
}
}
There's a couple of things to notice above
- As you can see, the
tmp_name
has been appended with_VIRUS_FOUND
- the decision to do this instead of remove the file completely is to give you (the developer) the flexibility of deciding if you should continue. - The default action will be to fail - The
error
number has changed to8
. - The
scan_results
are nowPUP
- The
scan_details
now gives you a multidimensional arrayvun_id
is the id in our definitions.phpvun_string
is the matched string
You can upload multiple files through one input box - PHPScanner takes this into consideration too.
Here's an example output for var_dump( $_FILES );
array(2) {
["my_files"]=>
array(7) {
["name"]=>
array(2) {
[0]=>
string(8) "test.txt"
[1]=>
string(11) "Capture.JPG"
}
["type"]=>
array(2) {
[0]=>
string(10) "text/plain"
[1]=>
string(10) "image/jpeg"
}
["tmp_name"]=>
array(2) {
[0]=>
string(26) "/tmp/phpPPAuIS_VIRUS_FOUND"
[1]=>
string(14) "/tmp/phpr0GhA7"
}
["error"]=>
array(2) {
[0]=>
int(8)
[1]=>
int(0)
}
["size"]=>
array(2) {
[0]=>
int(165477)
[1]=>
int(127218)
}
["scan_results"]=>
array(2) {
[0]=>
string(3) "PUP"
[1]=>
string(2) "OK"
}
["scan_details"]=>
array(2) {
[0]=>
array(7) {
[0]=>
array(2) {
["vun_id"]=>
int(0)
["vun_string"]=>
string(23) "-type f -name .htpasswd"
}
[1]=>
array(2) {
["vun_id"]=>
int(2)
["vun_string"]=>
string(7) "netstat"
}
[2]=>
array(2) {
["vun_id"]=>
int(4)
["vun_string"]=>
string(6) "find /"
}
[3]=>
array(2) {
["vun_id"]=>
int(5)
["vun_string"]=>
string(9) "ccteam.ru"
}
[4]=>
array(2) {
["vun_id"]=>
int(10)
["vun_string"]=>
string(6) "psyBNC"
}
[5]=>
array(2) {
["vun_id"]=>
int(13)
["vun_string"]=>
string(11) "/etc/passwd"
}
[6]=>
array(2) {
["vun_id"]=>
int(14)
["vun_string"]=>
string(23) "packetstormsecurity.org"
}
}
[1]=>
array(0) {
}
}
}
["test2"]=>
array(5) {
["name"]=>
string(0) ""
["type"]=>
string(0) ""
["tmp_name"]=>
string(0) ""
["error"]=>
int(4)
["size"]=>
int(0)
}
}
You can trigger a manual scan for either files or strings
var_dump( $PHPScanner->manual_scan_string('cat /etc/passwd') );
var_dump( $PHPScanner->manual_scan_string('Some safe string with nothing bad on it') );
var_dump( $PHPScanner->manual_scan_file('/var/www/uploads/file.php') );
Outputs
array(3) {
["msg"]=>
string(9) "PUP Found"
["found"]=>
array(1) {
[0]=>
array(2) {
["vun_id"]=>
int(13)
["vun_string"]=>
string(11) "/etc/passwd"
}
}
["status"]=>
string(3) "PUP"
}
array(2) {
["msg"]=>
string(10) "File clean"
["status"]=>
string(2) "OK"
}
array(3) {
["msg"]=>
string(9) "PUP Found"
["found"]=>
array(1) {
[0]=>
array(2) {
["vun_id"]=>
int(0)
["vun_string"]=>
string(11) "-type f -name .htpasswd"
}
}
["status"]=>
string(3) "PUP"
}
- Email webmaster with diagnostic and client information when PUP has been found
- Auto-Update definitions list
phpfus's People
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.