在web目录下 批量寻找配置文件信息

dir /s /b *.php *.inc *.conf *.config >>list.txt" W4 I2 U+ N/ B6 K  @0 r  r8 ^

T00LS: _$ j! ^3 N2 x' F7 x

 for /f "tokens=*" %i in (list.txt) do php php findpass.php "%i" >>info.txt( T/ a$ E" R- W. O

<?php

isset($argv[1]) ? $file = trim($argv[1]) : exit();

$str = @file_get_contents($file);



$sql = find_pass($str);

if (!empty($sql)) {

    echo '---------------------------------------------' . PHP_EOL;

    echo $file . PHP_EOL . PHP_EOL;

    foreach ($sql as $s) {

        echo trim($s) . PHP_EOL;

    }

    echo '---------------------------------------------' . PHP_EOL . PHP_EOL;

}

//debug

//else {

   

//    echo 'false ! => ' . $file . PHP_EOL;

//}

function find_pass($str) {

    if (preg_match_all('#\$\w*(?:host(?:name)?|server|user(?:name)?|pass(?:word)?)\w*\s*=\s*(?:\'|\")[[:alnum:][:punct:]]+(?:\'|\")#ism', $str, $sqlstr)) {

        if (count($sqlstr[0]) > 1) {

            //echo "No 1" . PHP_EOL;

            return array_unique($sqlstr[0]);

        }

    }

   

    if (preg_match_all('#mysqli?(?:_p?connect)?\((?:\'|\")([[:alnum:][:punct:]]*)(?:\'|\")\s*,\s*(?:\'|\")([[:alnum:][:punct:]]*)(?:\'|\")\s*,\s*(?:\'|\")([[:alnum:][:punct:]]*)(?:\'|\")#im', $str, $sqlstr)) {

        //echo "No 2" . PHP_EOL;

        return array_unique($sqlstr[0]);

    }

    if (preg_match_all('#\$[\w]+->db(?:Host|Name|User|Pass)\s+?=\s*\'(.*?)\';#im', $str, $sqlstr)) {

       // echo "No 3" . PHP_EOL;

        return array_unique($sqlstr[0]);

    }

    if (preg_match_all('#^((?!\*).)*(mysqli?:\/\/(?!username:password)[[:alnum:][:punct:]]+@[[:alnum:][:punct:]]*\/[[:alnum:][:punct:]]*)(?:\'|\")#im', $str, $sqlstr)) {

        //echo "No 4" . PHP_EOL;

        return array_unique($sqlstr[0]);

    }

    if (preg_match_all('#^((?!\#|\/\/|\*).)*define\s*\((?:\'|\")(?:\w*SERVER\w*|\w*USER\w*|\w*PASS(?:WORD)?\w*|\w*HOST\w*)(?:\'|\"),\s*(?:\'|\")(.*)(?:\'|\")\)#im', $str, $sqlstr)) {

       // echo "No 5" . PHP_EOL;

        return array_unique($sqlstr[0]);

    }

    if (preg_match_all('#\[database\]\s*driver\s*?=\s*?.*\s*host\s*?=\s*?(?:\'|\")(.*)(?:\'|\")\s*?username\s*?=\s*?(.*)\s*?password\s*?=\s*?(.*)#im', $str, $sqlstr)) {

      //  echo "No 6" . PHP_EOL;

        return array_unique($sqlstr[0]);

    }

   

    if (preg_match_all('#^((?!\*).)*(?:\'|\")[[:alnum:][:punct:]]*(?:server|user|login|pass|host)[[:alnum:][:punct:]]*(?:\'|\")\s=>\s*[[:alnum:][:punct:]]+(?:\'|\")#im', $str, $sqlstr)) {

       

        if (count($sqlstr[0]) > 1) {

           // echo "No 7" . PHP_EOL;

            return array_unique($sqlstr[0]);

        }

    }

    if (preg_match_all('#\$[\w\[\]\'\"\s]*(?:host|server|user|name|pass|password|dbpw|hn|un|pw)\w*[\w\[\]\'\"\s]*=\s*(?:\'|\")[[:alnum:][:punct:]]+(?:\'|\")#im', $str, $sqlstr)) {

       

        if (count($sqlstr[0]) > 1) {

         //   echo "No 8" . PHP_EOL;

            return array_unique($sqlstr[0]);

        }

    }

   

    if (preg_match_all('#new\sPDO\((?:\'|\")([\w[:punct:]]+)(?:\'|\")\s*,\s*(?:\'|\")([\w[:punct:]]+)\s*,\s*(?:\'|\")([\w[:punct:]]+)(?:\'|\")\)#im', $str, $sqlstr)) {

        //echo "No 9" . PHP_EOL;

        return $sqlstr[0];

    }

   

    if (preg_match_all('#connect\(\'([[:alnum:][:punct:]]+)\'\s*,\s*\'([[:alnum:][:punct:]]+)\'\s*,\s*\'([[:alnum:][:punct:]]+)\'\s*,\s*\'[[:alnum:][:punct:]]+\'\)#im', $str, $sqlstr)) {

      //  echo "No 10" . PHP_EOL;

        return $sqlstr[0];

    }

   

    if (preg_match_all('#db_(?:host|login|password|user|username):\s*[[:alnum:][:punct:]]+#im', $str, $sqlstr)) {

       // echo "No 11" . PHP_EOL;

        return $sqlstr[0];

    }

}

?>