百度提供了一个webshell检测的接口,支持单文件、压缩包(多/单文件)但是貌似数据库比较旧。仅当做程序学习!代码如下:
#-*-coding:utf-8-*- from poster.encode import multipart_encode from poster.streaminghttp import register_openers import urllib2 import re import sys type = sys.getfilesystemencoding() register_openers() file_name = sys.argv[1] datagen, headers = multipart_encode({"archive": open(file_name, "rb")}) request = urllib2.Request("http://scanner.baidu.com/enqueue", datagen, headers) ret = urllib2.urlopen(request).read() reg = r'"url":"(.+?)"}' data = re.compile(reg) res = re.findall(data,ret) url = res[0] new_url = url.replace("\","") scan_res = urllib2.urlopen(new_url).read().decode('utf-8').encode(type) #print scan_res reg2 = r'sandbox":"(.+?)"' data2 = re.compile(reg2) res2 = re.findall(data2,scan_res) print "" print "检测结果:" print print "是否为后门:"+res2[0] reg3 = r'descr":"(.+?)"' data3 = re.compile(reg3) res3 = re.findall(data3,scan_res) print "后门类型:"+res3[0]