Linux webm007.cluster106.gra.hosting.ovh.net 5.15.167-ovh-vps-grsec-zfs-classid #1 SMP Tue Sep 17 08:14:20 UTC 2024 x86_64
Apache
: 10.106.20.7 | : 216.73.217.26
Cant Read [ /etc/named.conf ]
eglisebaa
RED EYES BYPASS SHELL!
Terminal
Auto Root
Adminer
Backdoor Destroyer
Kernel Exploit
Lock Shell
Lock File
Create User
+ Create Folder
+ Create File
/
home /
eglisebaa /
[ HOME SHELL ]
NAME
SIZE
PERMISSION
ACTION
.ssh
[ DIR ]
drwx------
demo
[ DIR ]
dr-xr-xr-x
ssl
[ DIR ]
drwxr-xr-x
www
[ DIR ]
drwx---r-x
.bash_history
17.05
KB
-rw-------
.bash_logout
24
B
-rw-r--r--
.bash_profile
236
B
-rw-r--r--
.bashrc
131
B
-rw-r--r--
.forward
35
B
-rw-------
.htaccess
221
B
-rw----r--
.ovhconfig
105
B
-rw----r--
.ovhconfig.backup-20260114-145705
106
B
-rw----r--
.viminfo
5.85
KB
-rw-------
.wget-hsts
168
B
-rw-r--r--
6digits.sh
1.44
KB
-rwx--xr-x
diagnostic-serveur.sh
9.44
KB
-rwxr-xr-x
fichiers_modifies.csv
11.33
KB
-rw-r--r--
nettoyage-backdoors-supplementaires.sh
2.38
KB
-rwxr-xr-x
nettoyage-index.php.sh
1.07
KB
-rwxr-xr-x
plan-mises-a-jour.sh
2.22
KB
-rwxr-xr-x
scan-complet.sh
10.77
KB
-rwxr-xr-x
verification-mises-a-jour.sh
5.09
KB
-rwxr-xr-x
Delete
Unzip
Zip
${this.title}
Close
Code Editor : scan-complet.sh
#!/bin/bash # # Script de scan complet de tous les fichiers WordPress # Détecte les backdoors, code malveillant, et fichiers suspects # Avec barre de progression # set -e # Couleurs RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' BLUE='\033[0;34m' CYAN='\033[0;36m' MAGENTA='\033[0;35m' NC='\033[0m' WP_ROOT="/home/eglisebaa/www" SCAN_DIR="$WP_ROOT" REPORT_DIR="$WP_ROOT/wp-scan-complet-$(date +%Y%m%d-%H%M%S)" REPORT_FILE="$REPORT_DIR/scan-report.txt" SUSPICIOUS_FILES="$REPORT_DIR/fichiers-suspects.txt" MALWARE_PATTERNS="$REPORT_DIR/patterns-malware.txt" RECENT_FILES="$REPORT_DIR/fichiers-recents.txt" PHP_IN_UPLOADS="$REPORT_DIR/php-dans-uploads.txt" PERMISSIONS_REPORT="$REPORT_DIR/permissions.txt" # Variables de progression TOTAL_STEPS=8 CURRENT_STEP=0 SPINNER_CHARS="|/-\\" SPINNER_POS=0 mkdir -p "$REPORT_DIR" # Fonction pour afficher la barre de progression show_progress() { CURRENT_STEP=$1 STEP_NAME=$2 PERCENT=$((CURRENT_STEP * 100 / TOTAL_STEPS)) # Barre de progression BAR_LENGTH=50 FILLED=$((PERCENT * BAR_LENGTH / 100)) EMPTY=$((BAR_LENGTH - FILLED)) BAR="" for ((i=0; i<FILLED; i++)); do BAR="${BAR}█" done for ((i=0; i<EMPTY; i++)); do BAR="${BAR}░" done # Afficher la progression printf "\r${CYAN}[${BAR}]${NC} ${MAGENTA}%3d%%${NC} - ${BLUE}Étape $CURRENT_STEP/$TOTAL_STEPS:${NC} ${YELLOW}$STEP_NAME${NC}" echo "" } # Fonction spinner pour les opérations longues spinner() { local PID=$1 local MSG=$2 while kill -0 $PID 2>/dev/null; do SPINNER_POS=$(( (SPINNER_POS + 1) % 4 )) printf "\r${CYAN}${SPINNER_CHARS:$SPINNER_POS:1}${NC} ${BLUE}$MSG${NC}... " sleep 0.1 done printf "\r${GREEN}✓${NC} ${BLUE}$MSG${NC} - Terminé\n" } # Fonction pour afficher un message avec timestamp log_with_time() { TIMESTAMP=$(date '+%H:%M:%S') echo -e "[$TIMESTAMP] $1" | tee -a "$REPORT_FILE" } log() { echo -e "$1" | tee -a "$REPORT_FILE" } log_section() { echo "" | tee -a "$REPORT_FILE" log "==========================================" log "$1" log "==========================================" log "" } log_info() { log_with_time "${BLUE}ℹ️ $1${NC}" } log_warning() { log_with_time "${YELLOW}⚠️ $1${NC}" } log_critical() { log_with_time "${RED}🔴 $1${NC}" } log_success() { log_with_time "${GREEN}✅ $1${NC}" } echo "" echo "==========================================" echo "🔍 SCAN COMPLET WORDPRESS" echo "Date: $(date)" echo "Répertoire: $SCAN_DIR" echo "==========================================" echo "" cd "$SCAN_DIR" # 1. Scan des patterns malveillants dans tous les fichiers PHP CURRENT_STEP=1 show_progress $CURRENT_STEP "Scan des Patterns Malveillants" log_section "1. Scan des Patterns Malveillants" log_info "Recherche de patterns de backdoor dans tous les fichiers PHP..." # Patterns à rechercher PATTERNS=( "eval(" "base64_decode(" "file_get_contents.*http" "curl_exec" "shell_exec" "exec(" "system(" "passthru(" "assert(" "preg_replace.*\/.*\/e" "create_function" "\\x[0-9a-f]" ) touch "$SUSPICIOUS_FILES" touch "$MALWARE_PATTERNS" PATTERN_COUNT=${#PATTERNS[@]} PATTERN_CURRENT=0 for pattern in "${PATTERNS[@]}"; do PATTERN_CURRENT=$((PATTERN_CURRENT + 1)) printf "\r${CYAN}⏳${NC} Pattern $PATTERN_CURRENT/$PATTERN_COUNT: ${YELLOW}$pattern${NC}... " find . -type f -name "*.php" ! -path "*/wp-content/cache/*" ! -path "*/node_modules/*" \ -exec grep -l "$pattern" {} \; 2>/dev/null | while read file; do echo "$file (pattern: $pattern)" >> "$MALWARE_PATTERNS" # Vérifier si c'est un faux positif (fichiers légitimes) if [[ "$file" == *"vendor/"* ]] || [[ "$file" == *"node_modules/"* ]]; then continue fi # Extraire le contexte (3 lignes avant/après) echo "=== $file ===" >> "$SUSPICIOUS_FILES" grep -n -A 3 -B 3 "$pattern" "$file" 2>/dev/null | head -20 >> "$SUSPICIOUS_FILES" || true echo "" >> "$SUSPICIOUS_FILES" done done echo "" # Nouvelle ligne après les patterns SUSPICIOUS_COUNT=$(grep -c "^===" "$SUSPICIOUS_FILES" 2>/dev/null || echo "0") log_warning "$SUSPICIOUS_COUNT fichier(s) avec patterns suspects détectés" # 2. Fichiers récemment modifiés CURRENT_STEP=2 show_progress $CURRENT_STEP "Fichiers Récemment Modifiés" log_section "2. Fichiers Récemment Modifiés (30 derniers jours)" log_info "Recherche des fichiers modifiés récemment..." printf "${CYAN}⏳${NC} Analyse en cours... " find . -type f -mtime -30 ! -path "*/wp-content/cache/*" ! -path "*/node_modules/*" \ -exec ls -lh {} \; 2>/dev/null | head -100 > "$RECENT_FILES" || true echo "${GREEN}✓${NC}" RECENT_COUNT=$(wc -l < "$RECENT_FILES" 2>/dev/null || echo "0") log_info "$RECENT_COUNT fichier(s) modifié(s) récemment" # 3. Fichiers PHP dans wp-content/uploads (suspect) CURRENT_STEP=3 show_progress $CURRENT_STEP "Fichiers PHP dans uploads" log_section "3. Fichiers PHP dans wp-content/uploads" log_info "Recherche de fichiers PHP dans uploads (très suspect)..." printf "${CYAN}⏳${NC} Scan en cours... " find wp-content/uploads -type f -name "*.php" 2>/dev/null > "$PHP_IN_UPLOADS" || touch "$PHP_IN_UPLOADS" echo "${GREEN}✓${NC}" UPLOADS_PHP_COUNT=$(wc -l < "$PHP_IN_UPLOADS" 2>/dev/null || echo "0") if [ "$UPLOADS_PHP_COUNT" -gt 0 ]; then log_critical "$UPLOADS_PHP_COUNT fichier(s) PHP trouvé(s) dans uploads!" cat "$PHP_IN_UPLOADS" | tee -a "$REPORT_FILE" else log_success "Aucun fichier PHP dans uploads" fi # 4. Vérification des fichiers core WordPress CURRENT_STEP=4 show_progress $CURRENT_STEP "Vérification Fichiers Core" log_section "4. Vérification des Fichiers Core WordPress" CORE_FILES=( "index.php" "wp-config.php" "wp-blog-header.php" "wp-load.php" "wp-settings.php" ".htaccess" ) CORE_COUNT=${#CORE_FILES[@]} CORE_CURRENT=0 for file in "${CORE_FILES[@]}"; do CORE_CURRENT=$((CORE_CURRENT + 1)) printf "\r${CYAN}⏳${NC} Fichier core $CORE_CURRENT/$CORE_COUNT: ${YELLOW}$file${NC}... " if [ -f "$file" ]; then # Vérifier les patterns suspects if grep -q "eval\|base64_decode\|file_get_contents.*http\|curl_exec" "$file" 2>/dev/null; then echo "${RED}✗${NC} Pattern suspect détecté!" log_critical "Pattern suspect dans $file" grep -n "eval\|base64_decode\|file_get_contents.*http\|curl_exec" "$file" 2>/dev/null | head -5 >> "$SUSPICIOUS_FILES" || true else echo "${GREEN}✓${NC}" log_success "$file semble propre" fi # Vérifier les permissions PERMS=$(stat -c "%a" "$file" 2>/dev/null || stat -f "%OLp" "$file" 2>/dev/null || echo "???") echo "$file: $PERMS" >> "$PERMISSIONS_REPORT" else echo "${YELLOW}⚠${NC} Non trouvé" fi done echo "" # 5. Scan des thèmes CURRENT_STEP=5 show_progress $CURRENT_STEP "Scan des Thèmes" log_section "5. Scan des Thèmes" THEMES_DIR="wp-content/themes" if [ -d "$THEMES_DIR" ]; then log_info "Scan des fichiers de thème..." printf "${CYAN}⏳${NC} Analyse en cours... " THEME_SUSPICIOUS=$(find "$THEMES_DIR" -type f -name "*.php" -exec grep -l "eval\|base64_decode\|file_get_contents.*http" {} \; 2>/dev/null | wc -l) echo "${GREEN}✓${NC}" if [ "$THEME_SUSPICIOUS" -gt 0 ]; then find "$THEMES_DIR" -type f -name "*.php" -exec grep -l "eval\|base64_decode\|file_get_contents.*http" {} \; 2>/dev/null | \ while read file; do log_warning "Thème suspect: $file" echo "$file" >> "$SUSPICIOUS_FILES" done else log_success "Aucun thème suspect détecté" fi fi # 6. Scan des plugins CURRENT_STEP=6 show_progress $CURRENT_STEP "Scan des Plugins" log_section "6. Scan des Plugins" PLUGINS_DIR="wp-content/plugins" if [ -d "$PLUGINS_DIR" ]; then log_info "Scan des fichiers de plugins..." printf "${CYAN}⏳${NC} Analyse en cours... " PLUGIN_SUSPICIOUS=$(find "$PLUGINS_DIR" -type f -name "*.php" ! -path "*/vendor/*" -exec grep -l "eval\|base64_decode\|file_get_contents.*http" {} \; 2>/dev/null | wc -l) echo "${GREEN}✓${NC}" if [ "$PLUGIN_SUSPICIOUS" -gt 0 ]; then find "$PLUGINS_DIR" -type f -name "*.php" ! -path "*/vendor/*" -exec grep -l "eval\|base64_decode\|file_get_contents.*http" {} \; 2>/dev/null | \ while read file; do # Ignorer les faux positifs connus if [[ "$file" != *"wordpress-seo"* ]] && [[ "$file" != *"vendor"* ]]; then log_warning "Plugin suspect: $file" echo "$file" >> "$SUSPICIOUS_FILES" fi done else log_success "Aucun plugin suspect détecté" fi fi # 7. Vérification des permissions CURRENT_STEP=7 show_progress $CURRENT_STEP "Vérification des Permissions" log_section "7. Vérification des Permissions" log_info "Analyse des permissions des fichiers critiques..." printf "${CYAN}⏳${NC} Analyse en cours... " find . -type f \( -name "wp-config.php" -o -name ".htaccess" -o -name "index.php" \) \ -exec ls -la {} \; 2>/dev/null | tee -a "$PERMISSIONS_REPORT" > /dev/null echo "${GREEN}✓${NC}" # 8. Recherche de fichiers avec noms suspects CURRENT_STEP=8 show_progress $CURRENT_STEP "Fichiers avec Noms Suspects" log_section "8. Fichiers avec Noms Suspects" log_info "Recherche de fichiers avec noms suspects..." printf "${CYAN}⏳${NC} Recherche en cours... " find . -type f \( -iname "*shell*" -o -iname "*hack*" -o -iname "*backdoor*" -o -iname "*c99*" -o -iname "*r57*" -o -iname "*wso*" \) \ ! -path "*/wp-content/cache/*" 2>/dev/null | tee -a "$SUSPICIOUS_FILES" > /dev/null || true echo "${GREEN}✓${NC}" # 9. Résumé echo "" echo "==========================================" echo "✅ SCAN TERMINÉ - $(date)" echo "==========================================" echo "" log_section "RÉSUMÉ DU SCAN" FINAL_SUSPICIOUS=$(grep -c '^===' "$SUSPICIOUS_FILES" 2>/dev/null || echo "0") log "${GREEN}✓${NC} Fichiers suspects détectés: ${YELLOW}$FINAL_SUSPICIOUS${NC}" log "${GREEN}✓${NC} Fichiers PHP dans uploads: ${YELLOW}$UPLOADS_PHP_COUNT${NC}" log "${GREEN}✓${NC} Fichiers récemment modifiés: ${YELLOW}$RECENT_COUNT${NC}" echo "" log "${CYAN}📁 Rapports générés dans:${NC} $REPORT_DIR" log " ${BLUE}•${NC} $REPORT_FILE (rapport principal)" log " ${BLUE}•${NC} $SUSPICIOUS_FILES (fichiers suspects)" log " ${BLUE}•${NC} $MALWARE_PATTERNS (patterns détectés)" log " ${BLUE}•${NC} $RECENT_FILES (fichiers récents)" log " ${BLUE}•${NC} $PHP_IN_UPLOADS (PHP dans uploads)" log " ${BLUE}•${NC} $PERMISSIONS_REPORT (permissions)" echo "" log_section "SCAN TERMINÉ" # Afficher la barre de progression finale show_progress $TOTAL_STEPS "Scan Complet Terminé" echo ""
Close