Shoora
4/6/2019 - 5:31 AM

scan.php

scan.php

<?php
set_time_limit(0);
// error_reporting(0);

/**
 * AbdalMalwareScanner
 */
final class AbdalMalwareScanner
{
    private static $path = '.';
    private static $extensions = array('php');
    public static $files = array();
    public static $filtered = array();
    public static $replace_path = '';
    
    function __construct()
    {
        
    }
    
    public function setExtensions($extensions)
    {
        self::$extensions = $extensions;
    }
    
    public function getExtensions()
    {
        return self::$extensions;
    }
    
    public function setPath($path)
    {
        self::$path = $path;
    }
    
    public function getPath()
    {
        return self::$path;
    }
    
    public function getFiles()
    {
        $directory = new recursiveDirectoryIterator(self::$path);
        
        self::$files = new RecursiveIteratorIterator($directory);
        
        $extensions = implode('|', self::$extensions);
        
        self::$files = new RegexIterator(self::$files, '/^.+\.(' . $extensions . ')$/i', RecursiveRegexIterator::GET_MATCH);
        
        return self::$files;
    }
    
    public function getFileInfo($filename)
    {
        
        clearstatcache();
        
        return array(
            'crc' => crc32(file_get_contents($filename)),
            'filemtime' => filemtime($filename),
            'filectime' => filectime($filename),
            'filesize' => filesize($filename),
            'fileperms' => fileperms($filename)
        );
    }
    
    public function getList()
    {
        $file_list = self::getFiles();
        $files     = array();
        foreach ($file_list as $filename => $file_data) {            
            $short_filename = str_replace(self::$replace_path, '', realpath($filename));
            $files[$short_filename] = self::getFileInfo($filename);

        }
        return $files;
    }

    public function mergeFiles($old_files, $new_files)
    {
        $new = array();
        $changed = array();
        $deleted = array();
        // $renamed = array();
        $crc32_key = array();
        foreach ($old_files as $filename => $file_data) {
            $crc32_key[$file_data['crc']] = $file_data;
            if (isset($new_files[$filename])) {
                $diff = array_diff_assoc($new_files[$filename], $file_data);
                if ($diff) {
                    $changed[$filename] = array(
                        'old' => $file_data,
                        'diff' => $diff,
                        'new' => $new_files[$filename] 
                    ); 
                    unset($new_files[$filename]);
                }else{
                    unset($new_files[$filename]);
                }
            }else{
                $new[$filename] = $file_data;
            }
        }
        $deleted = $new_files;
        // foreach ($deleted as $filename => $file_data) {
        //     if (isset($crc32_key[$file_data['crc']])) {
        //         $renamed[$filename] = array(
        //             'old' => $crc32_key[$file_data['crc']], 
        //             'new' => $file_data
        //         );
        //         unset($deleted[$filename]);
        //     }
        // }
        // foreach ($new as $filename => $file_data) {
        //     if (isset($crc32_key[$file_data['crc']])) {
        //         $renamed[$filename] = array(
        //             'old' => $crc32_key[$file_data['crc']], 
        //             'new' => $file_data
        //         );
        //         unset($new[$filename]);
        //     }
        // }

        return array(
            'new' => $new,
            'changed' => $changed,
            'deleted' => $deleted,
            // 'renamed' => $renamed
        );
    }
    
}

$ams = new AbdalMalwareScanner();

if (file_exists('./last_scan.json')) {
    $old_files           = json_decode(file_get_contents('./last_scan.json'), true);
    $new_files           = $ams->getList();
    $diff = $ams->mergeFiles($new_files, $old_files);
    var_export($diff);    
} else {
    file_put_contents('./last_scan.json', json_encode($ams->getList()));
}

?>