python脚本查找webshell

#!/usr/bin/env python#-*- coding: utf-8 -*-#=============================================================================#     FileName:#         Desc:#       Author: 苦咖啡#        Email: voilet@qq.com#     HomePage: http://blog.kukafei520.net#      Version: 0.0.1#      History:#=============================================================================import osimport sysimport reimport smtplib#设定邮件fromaddr = "smtp.qq.com"toaddrs = ["voilet@qq.com"]username = "voilet"password = "xxxxxx"#设置白名单pass_file = ["api_ucenter.php"]#定义发送邮件函数def sendmail(toaddrs,sub,content):    '发送邮件模块'    # Add the From: and To: headers at the start!    msg = ("From: %s/r/nTo: %s/r/nSubject: %s/r/n/r/n"           % (fromaddr, ", ".join(toaddrs), sub))    msg += content    server = smtplib.SMTP('mail.funshion.com', 25,)    server.login(username, password)    server.sendmail(fromaddr, toaddrs, msg)    server.quit()#设置搜索特征码rulelist = [    '(/$_(GET|POST|REQUEST)/[.{0,15}/]/(/$_(GET|POST|REQUEST)/[.{0,15}/]/))',    '(base64_decode/([/'"][/w/+/=]{200,}[/'"]/))',    'eval/(base64_decode/(',    '(eval/(/$_(POST|GET|REQUEST)/[.{0,15}/]/))',    '(assert/(/$_(POST|GET|REQUEST)/[.{0,15}/]/))',    '(/$[/w_]{0,15}/(/$_(POST|GET|REQUEST)/[.{0,15}/]/))',    '(wscript/.shell)',    '(gethostbyname/()',    '(cmd/.exe)',    '(shell/.application)',    '(documents/s+and/s+settings)',    '(system32)',    '(serv-u)',    '(提权)',    '(phpspy)',    '(后门)',    '(webshell)',    '(Program/s+Files)',    'www.phpdp.com',    'phpdp',    'PHP神盾',    'decryption',    'Ca3tie1',    'GIF89a',    'IKFBILUvM0VCJD//APDolOjtW0tgeKAwA',    '/'e/'/./'v/'/./'a/'/./'l/'',]def Scan(path):    for root,dirs,files in os.walk(path):        for filespath in files:            isover = False            if '.' in filespath:                ext = filespath[(filespath.rindex('.')+1):]                if ext=='php' and filespath not in pass_file:                    file= open(os.path.join(root,filespath))                    filestr = file.read()                    file.close()                    for rule in rulelist:                        result = re.compile(rule).findall(filestr)                        if result:                            print '文件：'+os.path.join(root,filespath)                            print '恶意代码：'+str(result[0])                            print '/n/n'                            sendmail(toaddrs,"增值发现恶意代码",'文件：'+os.path.join(root,filespath)+"/n" + '恶意代码：'+str(result[0]))                            breaktry:    if os.path.lexists("/home/web_root/"):        print('/n/n开始扫描：'+ "/home/web_root/")        print('               可疑文件                 ')        print('########################################')        Scan("/home/web_root/")        print('提示：扫描完成--~')    else:        print '提示：指定的扫描目录不存在--- 'except IndexError:    print "请指定扫描文件目录"