资源简介
监控的脚本,看别人怎么攻击你的 然后你抓到他的流量去攻击别人
代码片段和文件信息
#!/usr/bin/env python
# encoding:utf-8
import sys
import pyinotify
import os
import time
def detect_waf(pathname):
try:
with open(pathname) as f:
content = f.read()
black_list = [“ black_list += [‘eval‘ ‘assert‘]
black_list += [‘passthru‘ ‘exec‘ ‘system‘ ‘shell_exec‘ ‘popen‘ ‘proc_open‘]
black_list += [‘hightlight_file‘ ‘show_source‘ ‘php_strip_whitespace‘ ‘file_get_contents‘ ‘readfile‘ ‘file‘ ‘fopen‘ ‘fread‘ ‘include‘ ‘include_once‘ ‘require‘ ‘require_once‘ ‘fread‘ ‘fgets‘ ‘fpassthru‘ ‘fgetcsv‘ ‘fgetss‘ ‘fscanf‘ ‘parse_ini_file‘]
black_list += [‘glob‘ ‘opendir‘ ‘dir‘ ‘readdir‘ ‘scandir‘]
FLAG = False
for black in black_list:
if
评论
共有 条评论