<?php

echo '<style>body {background-color:#000;color:green;} body,td,th { font: 9pt Courier New;margin:0;vertical-align:top; } span,h1,a { color:#00ff00} span { font-weight: bolder; } h1 { border:1px solid #00ff00;padding: 2px 5px;font: 14pt Courier New;margin:0px; } div.content { padding: 5px;margin-left:5px;} a { text-decoration:none; } a:hover { background:#ff0000; } .ml1 { border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea { width:100%;height:250px; } input, textarea, select { margin:0;color:#00ff00;background-color:#000;border:1px solid #00ff00; font: 9pt Monospace,"Courier New"; } form { margin:0px; } #toolsTbl { text-align:center; } .toolsInp { width: 80%; } .main th {text-align:left;} .main tr:hover{background-color:#5e5e5e;} .main td, th{vertical-align:middle;} pre {font-family:Courier,Monospace;} #cot_tl_fixed{position:fixed;bottom:0px;font-size:12px;left:0px;padding:4px 0;clip:_top:expression(document.documentElement.scrollTop document.documentElement.clientHeight-this.clientHeight);_left:expression(document.documentElement.scrollLeft   document.documentElement.clientWidth - offsetWidth);} .style2 {color: #00FF00} .style3 {color: #009900} .style4 {color: #006600} .style5 {color: #00CC00} .style6 {color: #003300} .style8 {color: #33CC00} #footer { margin-bottom: 10px; color: #666; vertical-align: top; text-align: center; font-size: 11px; } #footer ul { margin: 0; padding: 0; list-style: none; } #footer li { display: inline-block; margin-right: 15px; border-right: 1px solid #666; vertical-align: middle; } #footer li a { margin-right: 15px; } #footer li:last-child { margin-right: 0; border-right: 0; } #footer li:last-child a { margin-right: 0; } #footer a { color: #666; } #footer a:hover { color: #858585; } #footer .footer-left { height: 20px; vertical-align: middle; line-height: 20px; } @media (min-width: 39rem) { #footer { display: flex; flex-flow: row wrap; justify-content: space-between; align-items: center; align-content: center; margin-bottom: 20px; } #footer .footer-left { align-self: flex-start; margin-right: 20px; } #footer .footer-right { align-self: flex-end; } }</style>';

set_time_limit(0);
error_reporting(0);
@ini_set('zlib.output_compression', 0);
@ini_set('implicit_flush', 1);
for($i = 0; $i < ob_get_level(); $i++) { ob_end_flush(); }
ob_implicit_flush(1);

$path = getcwd();
if(isset($_GET['dir'])){
    $path = $_GET['dir'];
}

if(isset($_GET['kill'])){
    unlink(__FILE__);
}

echo "<a href='?kill'><font color='yellow'>[Self Delete]</font></a><br>";
echo '<form action="" method="get"> <input type="text" name="dir" value="'.$path.'" style="width: 548px;"> <input type="submit" value="scan"></form><br>';
echo "CURRENT DIR: <font color='yellow'>$path</font><br>";

if(isset($_GET['delete'])){
    unlink($_GET['delete']);
    $status = "<font color='red'>FAILED</font>";
    if(!file_exists($_GET['delete'])){
        $status = "<font color='yellow'>Success</font>";
    }
    echo "TRY TO DELETE: ".$_GET['delete']." $status <br>";exit;
}

scanBackdoor($path);

function save($fname,$value){
    $file = fopen($fname, "a");
    fwrite($file, $value);
    fclose($file);
}

function checkBackdoor($file_location){
    global $path;
    $patterns = [
        'exec\(', 'system\(', 'passthru\(', 'shell_exec\(', 
        'eval\(', 'assert\(', 'preg_replace\(', '/e',
        'base64_decode\(', 'gzinflate\(', 'str_rot13\(',
        'file_get_contents\(', 'file_put_contents\(', 'move_uploaded_file\('
    ];
    $contents = file_get_contents($file_location);
    if(strlen($contents) > 0){
        foreach ($patterns as $pattern) {
            if(preg_match("#$pattern#i", $contents)){
                echo "[+] Suspect file -> <a href='?delete=$file_location&dir=$path'><font color='yellow'>[DELETE]</font></a> <font color='red'>$file_location</font> <br>";
                save("shell-found.txt", "$file_location\n");
                echo '<textarea name="content" cols="110" rows="20">'.htmlspecialchars($contents).'</textarea><br><br>';
                return;
            }
        }
    }   
}

function scanBackdoor($current_dir){
    if(!is_readable($current_dir)) return;

    $dir_location = scandir($current_dir);
    $dangerous_ext = [
        '.php', '.php3', '.php4', '.php5', '.php7', '.phtml', '.pht', '.phar', '.inc', '.htaccess', 
        '.sh', '.pl', '.cgi', '.py', '.rb', '.asp', '.aspx', '.jsp', '.jspx',
        '.txt', '.log', '.bak', '.tmp', '.conf', '.config'
    ];

    foreach ($dir_location as $file) {
        if($file === "." || $file === "..") continue;

        $file_location = str_replace("//", "/", "$current_dir/$file");
        
        $ext = strtolower(pathinfo($file, PATHINFO_EXTENSION));

        if(in_array(".$ext", $dangerous_ext) && is_file($file_location)){
            checkBackdoor($file_location);
        } elseif(is_dir($file_location)){
            scanBackdoor($file_location);
        }
    }
}
?>