网站程序安全分析器 VB源码
生活随笔
收集整理的這篇文章主要介紹了
网站程序安全分析器 VB源码
小編覺得挺不錯的,現在分享給大家,幫大家做個參考.
本程序通殺:
ASP ASPX PHP CGI JSP VBS 等腳本WebShell
并能查出99%加密過的腳本WebShell
后來發現..精度越高誤殺越高...基本做到寧誤掃三千不放過1馬~
其實是利用串判斷.原理很簡單.有很多人向偶要代碼.想到人家ScanWebshell都貢獻出來了~偶要是不貢獻出來就不厚道咯.以下是全部代碼.
? CODE: Private Declare Function GetWindowLong Lib "user32" Alias "GetWindowLongA" (ByVal hwnd As Long, ByVal nIndex As Long) As Long
Private Declare Function SetWindowLong Lib "user32" Alias "SetWindowLongA" (ByVal hwnd As Long, ByVal nIndex As Long, ByVal dwNewLong As Long) As Long
Private Declare Function SetLayeredWindowAttributes Lib "user32" (ByVal hwnd As Long, ByVal crKey As Long, ByVal bAlpha As Byte, ByVal dwFlags As Long) As Long
Private Const WS_EX_LAYERED = &H80000
Private Const GWL_EXSTYLE = (-20)
Private Const LWA_ALPHA = &H2
Private Const LWA_COLORKEY = &H1
Private Declare Function ReleaseCapture Lib "user32" () As Long
Private Declare Function SendMessage Lib "user32" Alias "SendMessageA" (ByVal hwnd As Long, ByVal wMsg As Long, ByVal wParam As Long, lParam As Any) As Long
Private Const HTCAPTION = 2
Private Const WM_NCLBUTTONDOWN = &HA1
Private Declare Function timeGetTime Lib "winmm.dll" () As Long
Private Declare Sub InitCommonControls Lib "comctl32.dll" ()
Dim SuJu1 As Long
Dim Faxian As String
Dim FaJs As String
Private Declare Function FindFirstFile Lib "kernel32" Alias "FindFirstFileA" (ByVal lpFileName As String, lpFindFileData As WIN32_FIND_DATA) As Long
Private Declare Function FindNextFile Lib "kernel32" Alias "FindNextFileA" (ByVal hFindFile As Long, lpFindFileData As WIN32_FIND_DATA) As Long
Private Declare Function GetFileAttributes Lib "kernel32" Alias "GetFileAttributesA" (ByVal lpFileName As String) As Long
Private Declare Function FindClose Lib "kernel32" (ByVal hFindFile As Long) As Long
Const MAX_PATH = 260
Const MAXDWORD = &HFFFF
Const INVALID_HANDLE_VALUE = -1
Const FILE_ATTRIBUTE_ARCHIVE = &H20
Const FILE_ATTRIBUTE_DIRECTORY = &H10
Const FILE_ATTRIBUTE_HIDDEN = &H2
Const FILE_ATTRIBUTE_NORMAL = &H80
Const FILE_ATTRIBUTE_READONLY = &H1
Const FILE_ATTRIBUTE_SYSTEM = &H4
Const FILE_ATTRIBUTE_TEMPORARY = &H100
Private Declare Function SHBrowseForFolder Lib "shell32" (lpbi As BrowseInfo) As Long
Private Declare Function SHGetPathFromIDList Lib "shell32.dll" Alias "SHGetPathFromIDListA" (ByVal pIdl As Long, ByVal pszPath As String) As Long
Private Type BrowseInfo
hwndOwner As Long
piDLroot As Long
pszdisplayName As String
lpsztitle As String
ulFlags As Long
lpfncallback As Long
lParam As Long
iImage As Long
End Type
Private Type FILETIME
? ? dwLowDateTime? ?As Long
? ? dwHighDateTime? ?As Long
End Type
Private Type WIN32_FIND_DATA
? ? dwFileAttributes? ?As Long
? ? ftCreationTime? ?As FILETIME
? ? ftLastAccessTime? ?As FILETIME
? ? ftLastWriteTime? ?As FILETIME
? ? nFileSizeHigh? ?As Long
? ? nFileSizeLow? ?As Long
? ? dwReserved0? ?As Long
? ? dwReserved1? ?As Long
? ? cFileName? ?As String * MAX_PATH
? ? cAlternate? ?As String * 14
End Type
Private Sub Form_MouseDown(Button As Integer, Shift As Integer, X As Single, Y As Single)
ReleaseCapture
SendMessage hwnd, WM_NCLBUTTONDOWN, HTCAPTION, 0&
End Sub
Private Sub Form_Initialize()
??InitCommonControls
??Dim rtn As Long
??rtn = GetWindowLong(hwnd, GWL_EXSTYLE)
??rtn = rtn Or WS_EX_LAYERED
??SetWindowLong hwnd, GWL_EXSTYLE, rtn
??SetLayeredWindowAttributes hwnd, &HFF00FF, 0, LWA_COLORKEY
End Sub
Sub YS()
??Dim Savetime As Double
??Savetime = timeGetTime
??While timeGetTime < Savetime + 200
??DoEvents
??Wend
End Sub
Private Sub Image1_MouseDown(Button As Integer, Shift As Integer, X As Single, Y As Single)
Me.Image1.Visible = False
Me.Image2.Visible = True
YS
WindowState = 1
Me.Image1.Visible = True
Me.Image2.Visible = False
End Sub
Private Sub Image4_MouseDown(Button As Integer, Shift As Integer, X As Single, Y As Single)
Me.Image4.Visible = False
Me.Image3.Visible = True
YS
End
End Sub
Private Sub Command1_Click()
Dim bi As BrowseInfo
Dim folderid As Long
Dim pb As String
With bi
.hwndOwner = Me.hwnd
.lpsztitle = "選擇查殺的文件夾:"
.ulFlags = 3
End With
folderid = SHBrowseForFolder(bi)
If folderid = 0 Then Exit Sub
pb = String$(260, 0)
SHGetPathFromIDList folderid, pb
pb = Left$(pb, InStr(pb, vbNullChar) - 1)
Text1.Text = pb
End Sub
Function StripNulls(OriginalStr As String) As String
? ? If (InStr(OriginalStr, Chr(0)) > 0) Then
? ?? ?? ? OriginalStr = Left(OriginalStr, InStr(OriginalStr, Chr(0)) - 1)
? ? End If
? ? StripNulls = OriginalStr
End Function
Function FindFilesAPI(path As String, SearchStr As String)
? ? Dim FileName? ?As String
? ? Dim DirName? ?As String
? ? Dim dirNames()? ?As String
? ? Dim nDir? ?As Integer
? ? Dim i? ?As Integer
? ? Dim hSearch? ?As Long
? ? Dim WFD? ?As WIN32_FIND_DATA
? ? Dim Cont? ?As Integer
? ? If Right(path, 1) <> "\" Then path = path & "\"
? ?
? ? nDir = 0
? ? ReDim dirNames(nDir)
? ? Cont = True
? ? hSearch = FindFirstFile(path & "*.*", WFD)
? ? If hSearch <> INVALID_HANDLE_VALUE Then
? ?? ???Do While Cont
? ?? ?? ? DirName = StripNulls(WFD.cFileName)
? ?? ?? ? If (DirName <> ".") And (DirName <> "..") Then
? ?? ?? ?? ?? ? If GetFileAttributes(path & DirName) And FILE_ATTRIBUTE_DIRECTORY Then
? ?? ?? ?? ?? ?? ???dirNames(nDir) = DirName
? ?? ?? ?? ?? ?? ???nDir = nDir + 1
? ?? ?? ?? ?? ?? ???ReDim Preserve dirNames(nDir)
? ?? ?? ?? ?? ? End If
? ?? ?? ? End If
? ?? ?? ? Cont = FindNextFile(hSearch, WFD)
? ?? ?? ? DoEvents
? ?? ?? ? Loop
? ?? ?? ?
? ?? ?? ? Cont = FindClose(hSearch)
? ? End If
? ? hSearch = FindFirstFile(path & SearchStr, WFD)
? ? Cont = True
? ? If hSearch <> INVALID_HANDLE_VALUE Then
? ?? ?? ? While Cont
? ?? ?? ?? ?? ? FileName = StripNulls(WFD.cFileName)
? ?? ?? ?? ?? ? If (FileName <> ".") And (FileName <> "..") Then
? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?
? ?? ?? ?? ?? ? SuJu1 = SuJu1 + 1
? ?? ?? ?? ?? ?
??Dim strFileContent As String
??Dim strTemp As String
??
??If Dir(path & FileName) <> "" Then
? ? Open path & FileName For Input As #1
? ? While Not EOF(1)
? ?? ???Line Input #1, strTemp
? ?? ?? ?? ???
? ?? ???If InStr(1, strTemp, "WScr" & DoMyBest & "ipt.Shell", vbTextCompare) Or InStr(1, strTemp, "clsid:72C24DD5-D70A" & DoMyBest & "-438B-8A42-98424B88AFB8", vbTextCompare) Then
? ?? ???List1.AddItem "發現 " & FileName & " 包含危險組件! " & " 安全評估: 危險度極高!"
? ?? ???List1.AddItem "描述:一般被ASP木馬利用來獲取CMD SHELL 序列:1"
? ?? ???Faxian = "發現危險"
? ?? ???End If
? ?? ?
? ?? ???If InStr(1, strTemp, "She" & DoMyBest & "ll.Application", vbTextCompare) Or InStr(1, strTemp, "clsid:13709620-C27" & DoMyBest & "9-11CE-A49E-444553540000", vbTextCompare) Then
? ?? ???List1.AddItem "發現 " & FileName & " 包含危險組件! " & " 安全評估: 危險度極高!"
? ?? ???List1.AddItem "描述:一般被ASP木馬利用來獲取系統信息 序列:2"
? ?? ???Faxian = "發現危險"
? ?? ???End If
? ?? ?
? ?? ???If InStr(1, strTemp, "<%@ LANGUAGE = VBScript.Encode %>", vbTextCompare) Or InStr(1, strTemp, "#@", vbTextCompare) Then
? ?? ???List1.AddItem "發現 " & FileName & " 文件被加密! " & " 安全評估: 危險度極高!"
? ?? ???List1.AddItem "描述:此文件被加過密!一般安全的程序是不可能加密的!極有可能是木馬.圖片格式文件可能會誤殺請詳細檢查 序列:3"
? ?? ???Faxian = "發現危險"
? ?? ???End If
? ?? ???
? ?? ???If InStr(1, strTemp, "clsid:F935DC22-1CF0-11D0-ADB9-00C04FD58A0B", vbTextCompare) Or InStr(1, strTemp, "clsid:0D43FE01-F093-11CF-8940-00A0C9054228", vbTextCompare) Then
? ?? ???List1.AddItem "發現 " & FileName & " 包含危險組件! " & " 安全評估: 危險度高!"
? ?? ???List1.AddItem "描述:此文件包含文件讀寫指令.如非上傳組件.請刪除! 序列:4"
? ?? ???Faxian = "發現危險"
? ?? ???End If
? ?? ???
? ?? ???If InStr(1, strTemp, "上傳組件", vbTextCompare) Or InStr(1, strTemp, "Upload", vbTextCompare) Then
? ?? ???List1.AddItem "發現 " & FileName & " 包含危險特征! " & " 安全評估: 危險度中!(未知)"
? ?? ???List1.AddItem "描述:此文件包含上傳組件或上傳文件的專用串.請檢查是否合法. 序列:5"
? ?? ???Faxian = "發現危險"
? ?? ???End If
? ?
? ?? ???If InStr(1, strTemp, "FSO", vbTextCompare) Or InStr(1, strTemp, "<SCRIPT RUNAT=SERVER LANGUAGE=JAVASCRIPT>", vbTextCompare) Then
? ?? ???List1.AddItem "發現 " & FileName & " 包含危險特征! " & " 安全評估: 危險度高!(未知)"
? ?? ???List1.AddItem "描述:此文件包含木馬執行特征.請檢查是否合法. 序列:6"
? ?? ???Faxian = "發現危險"
? ?? ???End If
? ?
? ?? ???If InStr(1, strTemp, "execute request", vbTextCompare) Or InStr(1, strTemp, "FQAAAA", vbTextCompare) Then
? ?? ???List1.AddItem "發現 " & FileName & " 包含危險特征! " & " 安全評估: 危險度極高!"
? ?? ???List1.AddItem "描述:此文件包含一句話木馬.請手工分析刪除! 序列:7"
? ?? ???Faxian = "發現危險"
? ?? ???End If
? ?? ???
? ?? ???If InStr(1, strTemp, "java.io", vbTextCompare) Or InStr(1, strTemp, "java.util", vbTextCompare) Then
? ?? ???List1.AddItem "發現 " & FileName & " 包含危險組件! " & " 安全評估: 危險度極高!"
? ?? ???List1.AddItem "描述:此文件包含JSP木馬.請刪除! 序列:8"
? ?? ???Faxian = "發現危險"
? ?? ???End If
? ?? ???
? ?? ???If InStr(1, strTemp, "System.IO", vbTextCompare) Or InStr(1, strTemp, "System.Diagnostics", vbTextCompare) Then
? ?? ???List1.AddItem "發現 " & FileName & " 包含危險組件! " & " 安全評估: 危險度極高!"
? ?? ???List1.AddItem "描述:此文件包含ASP.NET木馬.請刪除! 序列:9"
? ?? ???Faxian = "發現危險"
? ?? ???End If
? ?? ???If InStr(1, strTemp, "TBNnGMfflrqBF", vbTextCompare) Or InStr(1, strTemp, "POST[cmd]", vbTextCompare) Then
? ?? ???List1.AddItem "發現 " & FileName & " 包含危險組件! " & " 安全評估: 危險度高!"
? ?? ???List1.AddItem "描述:此文件包含PHP木馬.請刪除! 序列:10"
? ?? ???Faxian = "發現危險"
? ?? ???End If
? ?? ???
? ?? ???If InStr(1, strTemp, "務服", vbTextCompare) Or InStr(1, strTemp, "琳", vbTextCompare) Then
? ?? ???List1.AddItem "發現 " & FileName & " 文件被加密! " & " 安全評估: 危險度極高!"
? ?? ???List1.AddItem "描述:此文件有可能被加過密!一般安全的程序是不可能加密的!極有可能是木馬 序列:11"
? ?? ???Faxian = "發現危險"
? ?? ???End If
? ?? ???
? ?? ???If InStr(1, strTemp, "System.Net.Sockets", vbTextCompare) Or InStr(1, strTemp, "UnEncode=temp", vbTextCompare) Then
? ?? ???List1.AddItem "發現 " & FileName & " 包含危險特征! " & " 安全評估: 危險度極高!"
? ?? ???List1.AddItem "描述:此文件包含木馬執行特征.請檢查是否合法 序列:12"
? ?? ???Faxian = "發現危險"
? ?? ???End If
? ?? ???
? ?? ???If InStr(1, strTemp, "execute request(", vbTextCompare) Or InStr(1, strTemp, "vbs&", vbTextCompare) Then
? ?? ???List1.AddItem "發現 " & FileName & " 文件被加密! " & " 安全評估: 危險度極高!"
? ?? ???List1.AddItem "描述:此文件有可能被加過密!一般安全的程序是不可能加密的!極有可能是木馬 序列:13"
? ?? ???Faxian = "發現危險"
? ?? ???End If
? ?
? ?? ???If InStr(1, strTemp, "MSXML2.XMLHTTP", vbTextCompare) Or InStr(1, strTemp, "127.0.0.1", vbTextCompare) Then
? ?? ???List1.AddItem "發現 " & FileName & " 包含危險組件! " & " 安全評估: 危險度高!"
? ?? ???List1.AddItem "描述:此文件包含木馬執行特征.請檢查是否合法 序列:14"
? ?? ???Faxian = "發現危險"
? ?? ???End If
? ?? ???
? ?? ???If InStr(1, strTemp, "Encoding.ASCII", vbTextCompare) Or InStr(1, strTemp, "cmd", vbTextCompare) Then
? ?? ???List1.AddItem "發現 " & FileName & " 包含危險特征! " & " 安全評估: 危險度高!"
? ?? ???List1.AddItem "描述:此文件包含木馬轉碼特征或CMD關鍵字.請檢查是否合法 序列:15"
? ?? ???Faxian = "發現危險"
? ?? ???End If
? ?
? ?? ???If InStr(1, strTemp, "GetSpecialFolder", vbTextCompare) Or InStr(1, strTemp, "Socket", vbTextCompare) Then
? ?? ???List1.AddItem "發現 " & FileName & " 包含危險特征! " & " 安全評估: 危險度高!"
? ?? ???List1.AddItem "描述:此文件包含木馬執行特征.請檢查是否合法 序列:16"
? ?? ???Faxian = "發現危險"
? ?? ???End If
? ?? ???
? ?? ???If InStr(1, strTemp, "gif""" & "--", vbTextCompare) Or InStr(1, strTemp, "jpg""" & "--", vbTextCompare) Then
? ?? ???List1.AddItem "發現 " & FileName & " 包含危險特征! " & " 安全評估: 危險度極高!"
? ?? ???List1.AddItem "描述:此文件引用了圖片極有可能是圖片木馬 序列:17"
? ?? ???Faxian = "發現危險"
? ?? ???End If
? ?? ???If InStr(1, strTemp, "bmp""" & "--", vbTextCompare) Or InStr(1, strTemp, "png""" & "--", vbTextCompare) Then
? ?? ???List1.AddItem "發現 " & FileName & " 包含危險特征! " & " 安全評估: 危險度極高!"
? ?? ???List1.AddItem "描述:此文件引用了圖片極有可能是圖片木馬 序列:18"
? ?? ???Faxian = "發現危險"
? ?? ???End If
? ?? ???
? ?? ???If InStr(1, strTemp, "<?require(", vbTextCompare) Or InStr(1, strTemp, "require($", vbTextCompare) Then
? ?? ???List1.AddItem "發現 " & FileName & " 包含危險特征! " & " 安全評估: 危險度高!(未知)"
? ?? ???List1.AddItem "描述:此文件包涵了PHP的特殊引用如發現類似<?require($AAA);?>引用請檢查是否合法 序列:19"
? ?? ???Faxian = "發現危險"
? ?? ???End If
? ?? ???
? ?? ???If InStr(1, strTemp, "4e454c33322", vbTextCompare) Or InStr(1, strTemp, """\x", vbTextCompare) Then
? ?? ???List1.AddItem "發現 " & FileName & " 包含危險特征! " & " 安全評估: 危險度高!(未知)"
? ?? ???List1.AddItem "描述:此文件極有可能是提權PHP木馬或加過密的文件 序列:20"
? ?? ???Faxian = "發現危險"
? ?? ???End If
? ?
? ? Wend
? ?? ???
? ?? ???If SuJu1 > 100 Then
? ?? ???Text5.Text = ""
? ?? ???End If
? ?? ???
? ?? ???If Faxian = "發現危險" Then
? ?? ???List1.AddItem "發現存在危險的文件是: "
? ?? ???List1.AddItem ""
? ?? ???List1.AddItem path & FileName
? ?? ???List1.AddItem "-----------------------------------------------------------------------------------------------"
? ?? ???Faxian = ""
? ?? ???FaJs = FaJs + 1
? ?? ???Me.Label2.Caption = "發現有隱患的文件有:" & FaJs & "個"
? ?? ???Else
? ?? ???Faxian = ""
? ?? ???End If
? ?
? ? Close #1
??End If
? ?? ?? ?? ???
? ?? ?? ?? ?? ? GC1 = Text5.Text & "正在檢測文件..." & Chr(13) & Chr(10) & path & FileName & Chr(13) & Chr(10)
? ?? ?? ?? ?? ? Text5.Text = GC1
? ?? ?? ?? ?? ?? ?
? ?? ?? ?? ?? ?
? ?? ?? ?? ?? ? End If
? ?? ?? ?? ?? ?
? ?? ?? ?? ?? ?
? ?? ?? ?? ?? ? If Me.Command3.Enabled = True Then
? ?? ?? ?? ?? ? Exit Function
? ?? ?? ?? ?? ? End If
? ?? ?? ?? ?? ?
? ?? ?? ?? ?? ?
? ?? ?? ?? ?? ? Cont = FindNextFile(hSearch, WFD)
? ?? ?? ?? ?? ? DoEvents
? ?? ?? ?? ?? ?
? ?? ?? ?? ?? ? Me.Label3.Caption = "掃描進程: " & "已經掃描文件:" & SuJu1 & "個"
? ?? ?? ?? ?? ?
? ?? ?? ? Wend
? ?? ?? ? Cont = FindClose(hSearch)
? ? End If
? ?
? ? If nDir > 0 Then
? ?? ?? ? For i = 0 To nDir - 1
? ?? ?? ?? ?? ? FindFilesAPI = FindFilesAPI + FindFilesAPI(path & dirNames(i) & "\", SearchStr)
? ?? ?? ? Next i
? ? End If
? ?
End Function
Private Sub Command3_Click()
Dim SearchPath? ?As String, FindStr? ???As String
Dim FileSize? ?As Long
If Text1.Text = "" Then
MsgBox "請輸入正確掃描路徑"
Exit Sub
End If
Me.Command3.Enabled = False
Me.Command7.Enabled = True
List1.Clear
FaJs = 0
SuJu1 = 0
Me.Text5 = ""
??Screen.MousePointer = vbHourglass
??List1.Clear
? ? LUjin = Text1.Text & "\"
? ? SearchPath = LUjin
? ? FindStr = "*.*"
??FindFilesAPI SearchPath, FindStr
??Screen.MousePointer = vbDefault
??If Screen.MousePointer = vbDefault Then
??MsgBox "掃描完成!自動導出掃描結果."
??CxLog
??FaJs = "0"
??Me.Command3.Enabled = True
??Me.Command7.Enabled = False
??End If
End Sub
Sub CxLog()
??On Error Resume Next
??Open App.path & "\LOG\" & Date & "查殺結果.log" For Output As #1
??Print #1, "www.ChinNetHack.Com - 網站程序安全分析器 零號服務器專用"
??Print #1, "發現對服務器具有安全隱患的文件有" & FaJs & "個. 具體結果如下:" & Chr(13) & Chr(10)
??For i = 0 To List1.ListCount
??Print #1, List1.List(i)
??Next
??Close #1
??Shell "NOTEPAD.EXE " & App.path & "\LOG\" & Date & "查殺結果.log", vbMaximizedFocus
End Sub
Private Sub Command7_Click()
Me.Command3.Enabled = True
Me.Command7.Enabled = False
Screen.MousePointer = vbDefault
End Sub
Private Sub Text5_Change()
Text5.SelStart = Len(Text5.Text)
End Sub
ASP ASPX PHP CGI JSP VBS 等腳本WebShell
并能查出99%加密過的腳本WebShell
后來發現..精度越高誤殺越高...基本做到寧誤掃三千不放過1馬~
其實是利用串判斷.原理很簡單.有很多人向偶要代碼.想到人家ScanWebshell都貢獻出來了~偶要是不貢獻出來就不厚道咯.以下是全部代碼.
? CODE: Private Declare Function GetWindowLong Lib "user32" Alias "GetWindowLongA" (ByVal hwnd As Long, ByVal nIndex As Long) As Long
Private Declare Function SetWindowLong Lib "user32" Alias "SetWindowLongA" (ByVal hwnd As Long, ByVal nIndex As Long, ByVal dwNewLong As Long) As Long
Private Declare Function SetLayeredWindowAttributes Lib "user32" (ByVal hwnd As Long, ByVal crKey As Long, ByVal bAlpha As Byte, ByVal dwFlags As Long) As Long
Private Const WS_EX_LAYERED = &H80000
Private Const GWL_EXSTYLE = (-20)
Private Const LWA_ALPHA = &H2
Private Const LWA_COLORKEY = &H1
Private Declare Function ReleaseCapture Lib "user32" () As Long
Private Declare Function SendMessage Lib "user32" Alias "SendMessageA" (ByVal hwnd As Long, ByVal wMsg As Long, ByVal wParam As Long, lParam As Any) As Long
Private Const HTCAPTION = 2
Private Const WM_NCLBUTTONDOWN = &HA1
Private Declare Function timeGetTime Lib "winmm.dll" () As Long
Private Declare Sub InitCommonControls Lib "comctl32.dll" ()
Dim SuJu1 As Long
Dim Faxian As String
Dim FaJs As String
Private Declare Function FindFirstFile Lib "kernel32" Alias "FindFirstFileA" (ByVal lpFileName As String, lpFindFileData As WIN32_FIND_DATA) As Long
Private Declare Function FindNextFile Lib "kernel32" Alias "FindNextFileA" (ByVal hFindFile As Long, lpFindFileData As WIN32_FIND_DATA) As Long
Private Declare Function GetFileAttributes Lib "kernel32" Alias "GetFileAttributesA" (ByVal lpFileName As String) As Long
Private Declare Function FindClose Lib "kernel32" (ByVal hFindFile As Long) As Long
Const MAX_PATH = 260
Const MAXDWORD = &HFFFF
Const INVALID_HANDLE_VALUE = -1
Const FILE_ATTRIBUTE_ARCHIVE = &H20
Const FILE_ATTRIBUTE_DIRECTORY = &H10
Const FILE_ATTRIBUTE_HIDDEN = &H2
Const FILE_ATTRIBUTE_NORMAL = &H80
Const FILE_ATTRIBUTE_READONLY = &H1
Const FILE_ATTRIBUTE_SYSTEM = &H4
Const FILE_ATTRIBUTE_TEMPORARY = &H100
Private Declare Function SHBrowseForFolder Lib "shell32" (lpbi As BrowseInfo) As Long
Private Declare Function SHGetPathFromIDList Lib "shell32.dll" Alias "SHGetPathFromIDListA" (ByVal pIdl As Long, ByVal pszPath As String) As Long
Private Type BrowseInfo
hwndOwner As Long
piDLroot As Long
pszdisplayName As String
lpsztitle As String
ulFlags As Long
lpfncallback As Long
lParam As Long
iImage As Long
End Type
Private Type FILETIME
? ? dwLowDateTime? ?As Long
? ? dwHighDateTime? ?As Long
End Type
Private Type WIN32_FIND_DATA
? ? dwFileAttributes? ?As Long
? ? ftCreationTime? ?As FILETIME
? ? ftLastAccessTime? ?As FILETIME
? ? ftLastWriteTime? ?As FILETIME
? ? nFileSizeHigh? ?As Long
? ? nFileSizeLow? ?As Long
? ? dwReserved0? ?As Long
? ? dwReserved1? ?As Long
? ? cFileName? ?As String * MAX_PATH
? ? cAlternate? ?As String * 14
End Type
Private Sub Form_MouseDown(Button As Integer, Shift As Integer, X As Single, Y As Single)
ReleaseCapture
SendMessage hwnd, WM_NCLBUTTONDOWN, HTCAPTION, 0&
End Sub
Private Sub Form_Initialize()
??InitCommonControls
??Dim rtn As Long
??rtn = GetWindowLong(hwnd, GWL_EXSTYLE)
??rtn = rtn Or WS_EX_LAYERED
??SetWindowLong hwnd, GWL_EXSTYLE, rtn
??SetLayeredWindowAttributes hwnd, &HFF00FF, 0, LWA_COLORKEY
End Sub
Sub YS()
??Dim Savetime As Double
??Savetime = timeGetTime
??While timeGetTime < Savetime + 200
??DoEvents
??Wend
End Sub
Private Sub Image1_MouseDown(Button As Integer, Shift As Integer, X As Single, Y As Single)
Me.Image1.Visible = False
Me.Image2.Visible = True
YS
WindowState = 1
Me.Image1.Visible = True
Me.Image2.Visible = False
End Sub
Private Sub Image4_MouseDown(Button As Integer, Shift As Integer, X As Single, Y As Single)
Me.Image4.Visible = False
Me.Image3.Visible = True
YS
End
End Sub
Private Sub Command1_Click()
Dim bi As BrowseInfo
Dim folderid As Long
Dim pb As String
With bi
.hwndOwner = Me.hwnd
.lpsztitle = "選擇查殺的文件夾:"
.ulFlags = 3
End With
folderid = SHBrowseForFolder(bi)
If folderid = 0 Then Exit Sub
pb = String$(260, 0)
SHGetPathFromIDList folderid, pb
pb = Left$(pb, InStr(pb, vbNullChar) - 1)
Text1.Text = pb
End Sub
Function StripNulls(OriginalStr As String) As String
? ? If (InStr(OriginalStr, Chr(0)) > 0) Then
? ?? ?? ? OriginalStr = Left(OriginalStr, InStr(OriginalStr, Chr(0)) - 1)
? ? End If
? ? StripNulls = OriginalStr
End Function
Function FindFilesAPI(path As String, SearchStr As String)
? ? Dim FileName? ?As String
? ? Dim DirName? ?As String
? ? Dim dirNames()? ?As String
? ? Dim nDir? ?As Integer
? ? Dim i? ?As Integer
? ? Dim hSearch? ?As Long
? ? Dim WFD? ?As WIN32_FIND_DATA
? ? Dim Cont? ?As Integer
? ? If Right(path, 1) <> "\" Then path = path & "\"
? ?
? ? nDir = 0
? ? ReDim dirNames(nDir)
? ? Cont = True
? ? hSearch = FindFirstFile(path & "*.*", WFD)
? ? If hSearch <> INVALID_HANDLE_VALUE Then
? ?? ???Do While Cont
? ?? ?? ? DirName = StripNulls(WFD.cFileName)
? ?? ?? ? If (DirName <> ".") And (DirName <> "..") Then
? ?? ?? ?? ?? ? If GetFileAttributes(path & DirName) And FILE_ATTRIBUTE_DIRECTORY Then
? ?? ?? ?? ?? ?? ???dirNames(nDir) = DirName
? ?? ?? ?? ?? ?? ???nDir = nDir + 1
? ?? ?? ?? ?? ?? ???ReDim Preserve dirNames(nDir)
? ?? ?? ?? ?? ? End If
? ?? ?? ? End If
? ?? ?? ? Cont = FindNextFile(hSearch, WFD)
? ?? ?? ? DoEvents
? ?? ?? ? Loop
? ?? ?? ?
? ?? ?? ? Cont = FindClose(hSearch)
? ? End If
? ? hSearch = FindFirstFile(path & SearchStr, WFD)
? ? Cont = True
? ? If hSearch <> INVALID_HANDLE_VALUE Then
? ?? ?? ? While Cont
? ?? ?? ?? ?? ? FileName = StripNulls(WFD.cFileName)
? ?? ?? ?? ?? ? If (FileName <> ".") And (FileName <> "..") Then
? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?
? ?? ?? ?? ?? ? SuJu1 = SuJu1 + 1
? ?? ?? ?? ?? ?
??Dim strFileContent As String
??Dim strTemp As String
??
??If Dir(path & FileName) <> "" Then
? ? Open path & FileName For Input As #1
? ? While Not EOF(1)
? ?? ???Line Input #1, strTemp
? ?? ?? ?? ???
? ?? ???If InStr(1, strTemp, "WScr" & DoMyBest & "ipt.Shell", vbTextCompare) Or InStr(1, strTemp, "clsid:72C24DD5-D70A" & DoMyBest & "-438B-8A42-98424B88AFB8", vbTextCompare) Then
? ?? ???List1.AddItem "發現 " & FileName & " 包含危險組件! " & " 安全評估: 危險度極高!"
? ?? ???List1.AddItem "描述:一般被ASP木馬利用來獲取CMD SHELL 序列:1"
? ?? ???Faxian = "發現危險"
? ?? ???End If
? ?? ?
? ?? ???If InStr(1, strTemp, "She" & DoMyBest & "ll.Application", vbTextCompare) Or InStr(1, strTemp, "clsid:13709620-C27" & DoMyBest & "9-11CE-A49E-444553540000", vbTextCompare) Then
? ?? ???List1.AddItem "發現 " & FileName & " 包含危險組件! " & " 安全評估: 危險度極高!"
? ?? ???List1.AddItem "描述:一般被ASP木馬利用來獲取系統信息 序列:2"
? ?? ???Faxian = "發現危險"
? ?? ???End If
? ?? ?
? ?? ???If InStr(1, strTemp, "<%@ LANGUAGE = VBScript.Encode %>", vbTextCompare) Or InStr(1, strTemp, "#@", vbTextCompare) Then
? ?? ???List1.AddItem "發現 " & FileName & " 文件被加密! " & " 安全評估: 危險度極高!"
? ?? ???List1.AddItem "描述:此文件被加過密!一般安全的程序是不可能加密的!極有可能是木馬.圖片格式文件可能會誤殺請詳細檢查 序列:3"
? ?? ???Faxian = "發現危險"
? ?? ???End If
? ?? ???
? ?? ???If InStr(1, strTemp, "clsid:F935DC22-1CF0-11D0-ADB9-00C04FD58A0B", vbTextCompare) Or InStr(1, strTemp, "clsid:0D43FE01-F093-11CF-8940-00A0C9054228", vbTextCompare) Then
? ?? ???List1.AddItem "發現 " & FileName & " 包含危險組件! " & " 安全評估: 危險度高!"
? ?? ???List1.AddItem "描述:此文件包含文件讀寫指令.如非上傳組件.請刪除! 序列:4"
? ?? ???Faxian = "發現危險"
? ?? ???End If
? ?? ???
? ?? ???If InStr(1, strTemp, "上傳組件", vbTextCompare) Or InStr(1, strTemp, "Upload", vbTextCompare) Then
? ?? ???List1.AddItem "發現 " & FileName & " 包含危險特征! " & " 安全評估: 危險度中!(未知)"
? ?? ???List1.AddItem "描述:此文件包含上傳組件或上傳文件的專用串.請檢查是否合法. 序列:5"
? ?? ???Faxian = "發現危險"
? ?? ???End If
? ?
? ?? ???If InStr(1, strTemp, "FSO", vbTextCompare) Or InStr(1, strTemp, "<SCRIPT RUNAT=SERVER LANGUAGE=JAVASCRIPT>", vbTextCompare) Then
? ?? ???List1.AddItem "發現 " & FileName & " 包含危險特征! " & " 安全評估: 危險度高!(未知)"
? ?? ???List1.AddItem "描述:此文件包含木馬執行特征.請檢查是否合法. 序列:6"
? ?? ???Faxian = "發現危險"
? ?? ???End If
? ?
? ?? ???If InStr(1, strTemp, "execute request", vbTextCompare) Or InStr(1, strTemp, "FQAAAA", vbTextCompare) Then
? ?? ???List1.AddItem "發現 " & FileName & " 包含危險特征! " & " 安全評估: 危險度極高!"
? ?? ???List1.AddItem "描述:此文件包含一句話木馬.請手工分析刪除! 序列:7"
? ?? ???Faxian = "發現危險"
? ?? ???End If
? ?? ???
? ?? ???If InStr(1, strTemp, "java.io", vbTextCompare) Or InStr(1, strTemp, "java.util", vbTextCompare) Then
? ?? ???List1.AddItem "發現 " & FileName & " 包含危險組件! " & " 安全評估: 危險度極高!"
? ?? ???List1.AddItem "描述:此文件包含JSP木馬.請刪除! 序列:8"
? ?? ???Faxian = "發現危險"
? ?? ???End If
? ?? ???
? ?? ???If InStr(1, strTemp, "System.IO", vbTextCompare) Or InStr(1, strTemp, "System.Diagnostics", vbTextCompare) Then
? ?? ???List1.AddItem "發現 " & FileName & " 包含危險組件! " & " 安全評估: 危險度極高!"
? ?? ???List1.AddItem "描述:此文件包含ASP.NET木馬.請刪除! 序列:9"
? ?? ???Faxian = "發現危險"
? ?? ???End If
? ?? ???If InStr(1, strTemp, "TBNnGMfflrqBF", vbTextCompare) Or InStr(1, strTemp, "POST[cmd]", vbTextCompare) Then
? ?? ???List1.AddItem "發現 " & FileName & " 包含危險組件! " & " 安全評估: 危險度高!"
? ?? ???List1.AddItem "描述:此文件包含PHP木馬.請刪除! 序列:10"
? ?? ???Faxian = "發現危險"
? ?? ???End If
? ?? ???
? ?? ???If InStr(1, strTemp, "務服", vbTextCompare) Or InStr(1, strTemp, "琳", vbTextCompare) Then
? ?? ???List1.AddItem "發現 " & FileName & " 文件被加密! " & " 安全評估: 危險度極高!"
? ?? ???List1.AddItem "描述:此文件有可能被加過密!一般安全的程序是不可能加密的!極有可能是木馬 序列:11"
? ?? ???Faxian = "發現危險"
? ?? ???End If
? ?? ???
? ?? ???If InStr(1, strTemp, "System.Net.Sockets", vbTextCompare) Or InStr(1, strTemp, "UnEncode=temp", vbTextCompare) Then
? ?? ???List1.AddItem "發現 " & FileName & " 包含危險特征! " & " 安全評估: 危險度極高!"
? ?? ???List1.AddItem "描述:此文件包含木馬執行特征.請檢查是否合法 序列:12"
? ?? ???Faxian = "發現危險"
? ?? ???End If
? ?? ???
? ?? ???If InStr(1, strTemp, "execute request(", vbTextCompare) Or InStr(1, strTemp, "vbs&", vbTextCompare) Then
? ?? ???List1.AddItem "發現 " & FileName & " 文件被加密! " & " 安全評估: 危險度極高!"
? ?? ???List1.AddItem "描述:此文件有可能被加過密!一般安全的程序是不可能加密的!極有可能是木馬 序列:13"
? ?? ???Faxian = "發現危險"
? ?? ???End If
? ?
? ?? ???If InStr(1, strTemp, "MSXML2.XMLHTTP", vbTextCompare) Or InStr(1, strTemp, "127.0.0.1", vbTextCompare) Then
? ?? ???List1.AddItem "發現 " & FileName & " 包含危險組件! " & " 安全評估: 危險度高!"
? ?? ???List1.AddItem "描述:此文件包含木馬執行特征.請檢查是否合法 序列:14"
? ?? ???Faxian = "發現危險"
? ?? ???End If
? ?? ???
? ?? ???If InStr(1, strTemp, "Encoding.ASCII", vbTextCompare) Or InStr(1, strTemp, "cmd", vbTextCompare) Then
? ?? ???List1.AddItem "發現 " & FileName & " 包含危險特征! " & " 安全評估: 危險度高!"
? ?? ???List1.AddItem "描述:此文件包含木馬轉碼特征或CMD關鍵字.請檢查是否合法 序列:15"
? ?? ???Faxian = "發現危險"
? ?? ???End If
? ?
? ?? ???If InStr(1, strTemp, "GetSpecialFolder", vbTextCompare) Or InStr(1, strTemp, "Socket", vbTextCompare) Then
? ?? ???List1.AddItem "發現 " & FileName & " 包含危險特征! " & " 安全評估: 危險度高!"
? ?? ???List1.AddItem "描述:此文件包含木馬執行特征.請檢查是否合法 序列:16"
? ?? ???Faxian = "發現危險"
? ?? ???End If
? ?? ???
? ?? ???If InStr(1, strTemp, "gif""" & "--", vbTextCompare) Or InStr(1, strTemp, "jpg""" & "--", vbTextCompare) Then
? ?? ???List1.AddItem "發現 " & FileName & " 包含危險特征! " & " 安全評估: 危險度極高!"
? ?? ???List1.AddItem "描述:此文件引用了圖片極有可能是圖片木馬 序列:17"
? ?? ???Faxian = "發現危險"
? ?? ???End If
? ?? ???If InStr(1, strTemp, "bmp""" & "--", vbTextCompare) Or InStr(1, strTemp, "png""" & "--", vbTextCompare) Then
? ?? ???List1.AddItem "發現 " & FileName & " 包含危險特征! " & " 安全評估: 危險度極高!"
? ?? ???List1.AddItem "描述:此文件引用了圖片極有可能是圖片木馬 序列:18"
? ?? ???Faxian = "發現危險"
? ?? ???End If
? ?? ???
? ?? ???If InStr(1, strTemp, "<?require(", vbTextCompare) Or InStr(1, strTemp, "require($", vbTextCompare) Then
? ?? ???List1.AddItem "發現 " & FileName & " 包含危險特征! " & " 安全評估: 危險度高!(未知)"
? ?? ???List1.AddItem "描述:此文件包涵了PHP的特殊引用如發現類似<?require($AAA);?>引用請檢查是否合法 序列:19"
? ?? ???Faxian = "發現危險"
? ?? ???End If
? ?? ???
? ?? ???If InStr(1, strTemp, "4e454c33322", vbTextCompare) Or InStr(1, strTemp, """\x", vbTextCompare) Then
? ?? ???List1.AddItem "發現 " & FileName & " 包含危險特征! " & " 安全評估: 危險度高!(未知)"
? ?? ???List1.AddItem "描述:此文件極有可能是提權PHP木馬或加過密的文件 序列:20"
? ?? ???Faxian = "發現危險"
? ?? ???End If
? ?
? ? Wend
? ?? ???
? ?? ???If SuJu1 > 100 Then
? ?? ???Text5.Text = ""
? ?? ???End If
? ?? ???
? ?? ???If Faxian = "發現危險" Then
? ?? ???List1.AddItem "發現存在危險的文件是: "
? ?? ???List1.AddItem ""
? ?? ???List1.AddItem path & FileName
? ?? ???List1.AddItem "-----------------------------------------------------------------------------------------------"
? ?? ???Faxian = ""
? ?? ???FaJs = FaJs + 1
? ?? ???Me.Label2.Caption = "發現有隱患的文件有:" & FaJs & "個"
? ?? ???Else
? ?? ???Faxian = ""
? ?? ???End If
? ?
? ? Close #1
??End If
? ?? ?? ?? ???
? ?? ?? ?? ?? ? GC1 = Text5.Text & "正在檢測文件..." & Chr(13) & Chr(10) & path & FileName & Chr(13) & Chr(10)
? ?? ?? ?? ?? ? Text5.Text = GC1
? ?? ?? ?? ?? ?? ?
? ?? ?? ?? ?? ?
? ?? ?? ?? ?? ? End If
? ?? ?? ?? ?? ?
? ?? ?? ?? ?? ?
? ?? ?? ?? ?? ? If Me.Command3.Enabled = True Then
? ?? ?? ?? ?? ? Exit Function
? ?? ?? ?? ?? ? End If
? ?? ?? ?? ?? ?
? ?? ?? ?? ?? ?
? ?? ?? ?? ?? ? Cont = FindNextFile(hSearch, WFD)
? ?? ?? ?? ?? ? DoEvents
? ?? ?? ?? ?? ?
? ?? ?? ?? ?? ? Me.Label3.Caption = "掃描進程: " & "已經掃描文件:" & SuJu1 & "個"
? ?? ?? ?? ?? ?
? ?? ?? ? Wend
? ?? ?? ? Cont = FindClose(hSearch)
? ? End If
? ?
? ? If nDir > 0 Then
? ?? ?? ? For i = 0 To nDir - 1
? ?? ?? ?? ?? ? FindFilesAPI = FindFilesAPI + FindFilesAPI(path & dirNames(i) & "\", SearchStr)
? ?? ?? ? Next i
? ? End If
? ?
End Function
Private Sub Command3_Click()
Dim SearchPath? ?As String, FindStr? ???As String
Dim FileSize? ?As Long
If Text1.Text = "" Then
MsgBox "請輸入正確掃描路徑"
Exit Sub
End If
Me.Command3.Enabled = False
Me.Command7.Enabled = True
List1.Clear
FaJs = 0
SuJu1 = 0
Me.Text5 = ""
??Screen.MousePointer = vbHourglass
??List1.Clear
? ? LUjin = Text1.Text & "\"
? ? SearchPath = LUjin
? ? FindStr = "*.*"
??FindFilesAPI SearchPath, FindStr
??Screen.MousePointer = vbDefault
??If Screen.MousePointer = vbDefault Then
??MsgBox "掃描完成!自動導出掃描結果."
??CxLog
??FaJs = "0"
??Me.Command3.Enabled = True
??Me.Command7.Enabled = False
??End If
End Sub
Sub CxLog()
??On Error Resume Next
??Open App.path & "\LOG\" & Date & "查殺結果.log" For Output As #1
??Print #1, "www.ChinNetHack.Com - 網站程序安全分析器 零號服務器專用"
??Print #1, "發現對服務器具有安全隱患的文件有" & FaJs & "個. 具體結果如下:" & Chr(13) & Chr(10)
??For i = 0 To List1.ListCount
??Print #1, List1.List(i)
??Next
??Close #1
??Shell "NOTEPAD.EXE " & App.path & "\LOG\" & Date & "查殺結果.log", vbMaximizedFocus
End Sub
Private Sub Command7_Click()
Me.Command3.Enabled = True
Me.Command7.Enabled = False
Screen.MousePointer = vbDefault
End Sub
Private Sub Text5_Change()
Text5.SelStart = Len(Text5.Text)
End Sub
轉載于:https://www.cnblogs.com/allyesno/archive/2007/07/02/802633.html
總結
以上是生活随笔為你收集整理的网站程序安全分析器 VB源码的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 使用log4j日志-配置载入问题
- 下一篇: 玩客云服务器怎么卖,玩客云使用教程;低价