检测你的wordpress站点是否被上传了可能存在的webshell:
perl Shell.pl http://www.host.com
perl脚本如下:
#!/usr/bin/perl use HTTP::Request; use LWP::UserAgent; system(($^O eq 'MSWin32') ? 'cls' : 'clear'); print" \n"; print"+++++++++++++++++++++++++++++++++++++++++++\n"; print"++\t[!]Shell Finder +\n"; print"++\t[!] +\n"; print"++\t[!] +\n"; print"++\t[!] +\n"; print"++\t[!] +\n"; print"+++++++++++++++++++++++++++++++++++++++++++\n"; print"+++++++++++++++++++++++++++++++++++++++++++\n"; print "\n"; print "[+]input url Ex:|http://www.target.com/ or http://www.target.com/patch/\n"; print "\n"; print "\n"; print "[+]Enter url:"; $s=<STDIN>; chomp $s; print "+++++++++++++++++++++++\n"; print "\n"; print "->Scanning: $s\n"; print "\n"; print "->Starting Scan\n\n\n"; { @shells= qw( WSO.PHP bkht.PHP footer.PHP dz.PHP w.PHP wp-content/plugins/akismet/akismet.PHP images/stories/w.PHP w.PHP 12..PHP shell.PHP cpanel.PHP cpn.PHP sql.PHP MysqL.PHP config.??PHP configuration.PHP madspot.PHP Cgishell.plkiller.PHP changeall.ph?p? 2.PHP Sh3ll.PHP dz0.PHP dam.PHPuser.PHP dom.PHPwhmcs.PHP r0?0t?.PHP 1.PHP a.PHP r0k.PHP abc.PHP vito.PHP egy.PHP syrian_shell.PHP xxx.p?hp? settings.PHP tmp.PHP cyber.PHP c99.PHP r57.PHP 404.PHP gaza.ph?p ?1.PHP d4rk.PHP index1.PHP nkr.PHP xd.PHP M4r0c.PHP Dz.PHP sni?per.p?hp ksa.PHP okay.PHP 4ever.PHP b374k.PHP bbb.PHP includes/WSO.PHP includes/r57.PHP includes/b374k.PHP includes/c99.PHP includes/r00t.PHP shell.PHP images/stories/3xp.PHP images/stories/WSO.PHP images/stories/b374k.PHP images/stories/r57.PHP v4team.PHP offline.PHP p8.PHP rr57.PHP myshell.PHP yourshell.PHP sheller.PHP mysheller.PHP priv8.PHP 911.PHP madspotshe?ll.PHP madspot.PHP ?c100.PHP sym.PHP cp.PHP tmp/cpn.PHP tmp/w.PHP tmp/r57.PHP tmp/king.PHP tmp/sok.PHP tmp/ss.PHP tmp/as.PHP tmp/dz.PHP tmp/r1z.PHP tmp/whmcs.PHP tmp/root.PHP tmp/r00t.PHP templates/beez/index.PHP templates/beez/beez.PHP templates/rhuk_milkyway/index.PHP tmp/uploads.PHP tmp/upload.PHP tmp/sa.PHP sa.PHP readme.PHP tmp/readme.PHP wp-content/plugins/disqus-comment-system/disqus.PHP d0mains.PHP wp-content/plugins/akismet/akismet.PHP madspotshell.PHP info.PHP egyshell.PHP Sym.PHP c22.PHP c??100.PHP wp-content/plugins/akismet/admin.PHP configuration.PHP g.PHP wp-content/plugins/google-sitemap-generator/sitemap-core.PHP wp-content/plugins/akismet/widget.PHP xx.pl ls.PHP Cpanel.PHP k.PHPzone-h.PHP tmp/user.PHPtmp/Sym.PHP cp.PHP tmp/madspotshell.PHP tmp/root.PHP tmp/whmcs.PHP tmp/index.PHP tmp/2.PHP tmp/dz.PHP tmp/cpn.PHP tmp/changeall.PHP tmp/Cgishell.pl tmp/sql.PHP 0day.PHP tmp/admin.PHP cliente/downloads/h4xor.PHP whmcs/downloads/dz.PHP L3b.PHP d.PHP tmp/d.PHP tmp/L3b.PHP wp-content/plugins/akismet/admin.PHP templates/rhuk_milkyway/index.PHPtemplates/beez/index.PHP sado.PHP admin1.PHP upload.PHP up.PHP vb.zipvb.rar admin2.asp uploads.PHP sa.PHP sysadmins/admin1/sniper.PHP administration/Sym.PHP images/Sym.PHP /r57.PHP /wp-content/plugins/disqus-comment-system/disqus.PHP //images/stories/bkht.PHP //images/stories/food/footer.PHP /Sexuality//images/stories/bkht.PHP /Sexuality//images/stories/food/footer.PHP /copDepartment//images/stories/bkht.PHP /copDepartment//images/stories/food/footer.PHP /images/stories/config.inc.PHP gzaa_spyslsql-new.PHP shell.PHP sa.PHP admin.PHP sa2.PHP 2.PHP gaza.PHP up.PHP upload.PHP uploads.PHP templates/beez/index.PHP shell.PHP amad.PHP t00.PHP dz.PHP site.rar Black.PHP BlackMass.asp test.txt ftp.txt user.txt cpanel/awstats/site.sql vb.sql forum.sqlr00t-s3c.PHP c.PHP backup.sql back.sql data.sql wp-content/plugins/disqus-comment-system/disqus.PHP asp.aspx/templates/beez/index.PHP tmp/vaga.PHP tmp/killer.PHP whmcs.PHP abuhlail.PHP tmp/killer.PHP tmp/domaine.pl tmp/domaine.PHP tmp/d0maine.PHP d0maine.PHP tmp/sql.PHP X.PHP 123.PHP m.PHP b.PHP tmp/dz1.PHP dz1.PHP forum.zip Symlink.PHP Symlink.pl forum.rarjoomla.zipjoomla.rar wp.PHP buck.sql sysadmin.PHP images??/c99.PHP xd.PHP c100.PHP spy.aspxxd.PHPtmp/xd.PHP sym/root/home/billing/killer.PHP tmp/upload.PHPtmp/admin.PHP Server.PHP tmp/uploads.PHP tmp/up.PHP Server/wp-admin/c99.PHP tmp/priv8.PHP priv8.PHP cgi.pl tmp/cgi.pl downloads/dom.PHP templates/ja-helio-farsi/index.PHP webadmin.html admins.PHP /wp-content/plugins/count-per-day/js/yc/d00.PHP bluff.PHP king.jeenadmins/admins.asp admins.PHP wp.zip wp-content/plugins/disqus-comment-system/WSO.PHP /wp-content/plugins/disqus-comment-system/dz.PHP /wp-content/plugins/disqus-comment-system/DZ.PHP /wp-content/plugins/disqus-comment-system/cpanel.PHP /wp-content/plugins/disqus-comment-system/cpn.PHP /wp-content/plugins/disqus-comment-system/sos.PHP /wp-content/plugins/disqus-comment-system/term.PHP /wp-content/plugins/disqus-comment-system/Sec-War.PHP /wp-content/plugins/disqus-comment-system/sql.PHP /wp-content/plugins/disqus-comment-system/ssl.PHP /wp-content/plugins/disqus-comment-system/MysqL.PHP /wp-content/plugins/disqus-comment-system/WolF.PHP /wp-content/plugins/disqus-comment-system/madspot.PHP /wp-content/plugins/disqus-comment-system/Cgishell.pl /wp-content/plugins/disqus-comment-system/killer.PHP /wp-content/plugins/disqus-comment-system/changeall.PHP /wp-content/plugins/disqus-comment-system/2.PHP /wp-content/plugins/disqus-comment-system/Sh3ll.PHP /wp-content/plugins/disqus-comment-system/dz0.PHP /wp-content/plugins/disqus-comment-system/dam.PHP /wp-content/plugins/disqus-comment-system/user.PHP /wp-content/plugins/disqus-comment-system/dom.PHP /wp-content/plugins/disqus-comment-system/whmcs.PHP /wp-content/plugins/disqus-comment-system/vb.zip /wp-content/plugins/disqus-comment-system/r00t.PHP /wp-content/plugins/disqus-comment-system/c99.PHP /wp-content/plugins/disqus-comment-system/gaza.PHP /wp-content/plugins/disqus-comment-system/1.PHP /wp-content/plugins/disqus-comment-system/d0mains.PHP /wp-content/plugins/disqus-comment-system/madspotshell.PHP /wp-content/plugins/disqus-comment-system/info.PHP /wp-content/plugins/disqus-comment-system/egyshell.PHP /wp-content/plugins/disqus-comment-system/Sym.PHP /wp-content/plugins/disqus-comment-system/c22.PHP /wp-content/plugins/disqus-comment-system/c100.PHP /wp-content/plugins/disqus-comment-system/configuration.PHP /wp-content/plugins/disqus-comment-system/g.PHP /wp-content/plugins/disqus-comment-system/xx.pl /wp-content/plugins/disqus-comment-system/ls.PHP /wp-content/plugins/disqus-comment-system/Cpanel.PHP /wp-content/plugins/disqus-comment-system/k.PHP /wp-content/plugins/disqus-comment-system/zone-h.PHP /wp-content/plugins/disqus-comment-system/tmp/user.PHP /wp-content/plugins/disqus-comment-system/tmp/Sym.PHP /wp-content/plugins/disqus-comment-system/cp.PHP /wp-content/plugins/disqus-comment-system/tmp/madspotshell.PHP /wp-content/plugins/disqus-comment-system/tmp/root.PHP /wp-content/plugins/disqus-comment-system/tmp/whmcs.PHP /wp-content/plugins/disqus-comment-system/tmp/index.PHP /wp-content/plugins/disqus-comment-system/tmp/2.PHP /wp-content/plugins/disqus-comment-system/tmp/dz.PHP /wp-content/plugins/disqus-comment-system/tmp/cpn.PHP /wp-content/plugins/disqus-comment-system/tmp/changeall.PHP /wp-content/plugins/disqus-comment-system/tmp/Cgishell.pl /wp-content/plugins/disqus-comment-system/tmp/sql.PHP /wp-content/plugins/disqus-comment-system/0day.PHP /wp-content/plugins/disqus-comment-system/tmp/admin.PHP /wp-content/plugins/disqus-comment-system/L3b.PHP /wp-content/plugins/disqus-comment-system/d.PHP /wp-content/plugins/disqus-comment-system/tmp/d.PHP /wp-content/plugins/disqus-comment-system/tmp/L3b.PHP /wp-content/plugins/disqus-comment-system/sado.PHP /wp-content/plugins/disqus-comment-system/admin1.PHP /wp-content/plugins/disqus-comment-system/upload.PHP /wp-content/plugins/disqus-comment-system/up.PHP /wp-content/plugins/disqus-comment-system/vb.zip /wp-content/plugins/disqus-comment-system/vb.rar /wp-content/plugins/disqus-comment-system/admin2.asp /wp-content/plugins/disqus-comment-system/uploads.PHP /wp-content/plugins/disqus-comment-system/sa.PHP /wp-content/plugins/disqus-comment-system/sysadmins/ /wp-content/plugins/disqus-comment-system/admin1/ /wp-content/plugins/disqus-comment-system/sniper.PHP /wp-content/plugins/disqus-comment-system/images/Sym.PHP /wp-content/plugins/disqus-comment-system//r57.PHP /wp-content/plugins/disqus-comment-system/gzaa_spysl /wp-content/plugins/disqus-comment-system/sql-new.PHP /wp-content/plugins/disqus-comment-system//shell.PHP /wp-content/plugins/disqus-comment-system//sa.PHP /wp-content/plugins/disqus-comment-system//admin.PHP /wp-content/plugins/disqus-comment-system//sa2.PHP /wp-content/plugins/disqus-comment-system//2.PHP /wp-content/plugins/disqus-comment-system//gaza.PHP /wp-content/plugins/disqus-comment-system//up.PHP /wp-content/plugins/disqus-comment-system//upload.PHP /wp-content/plugins/disqus-comment-system//uploads.PHP /wp-content/plugins/disqus-comment-system/shell.PHP /wp-content/plugins/disqus-comment-system//amad.PHP /wp-content/plugins/disqus-comment-system//t00.PHP pwp-content/plugins/disqus-comment-system/disqus.PHP wp-content/plugins/akismet/WSO.PHP wp-content/plugins/akismet/dz.PHP wp-content/plugins/akismet/DZ.PHP wp-content/plugins/akismet/cpanel.PHP wp-content/plugins/akismet/cpn.PHP wp-content/plugins/akismet/sos.PHP wp-content/plugins/akismet/term.PHP wp-content/plugins/akismet/Sec-War.PHP wp-content/plugins/akismet/sql.PHP wp-content/plugins/akismet/ssl.PHP wp-content/plugins/akismet/MysqL.PHP wp-content/plugins/akismet/WolF.PHP wp-content/plugins/akismet/madspot.PHP wp-content/plugins/akismet/Cgishell.pl wp-content/plugins/akismet/killer.PHP wp-content/plugins/akismet/changeall.PHP wp-content/plugins/akismet/2.PHP wp-content/plugins/akismet/Sh3ll.PHP wp-content/plugins/akismet/dz0.PHP wp-content/plugins/akismet/dam.PHP wp-content/plugins/akismet/user.PHP wp-content/plugins/akismet/dom.PHP wp-content/plugins/akismet/whmcs.PHP wp-content/plugins/akismet/vb.zip wp-content/plugins/akismet/r00t.PHP wp-content/plugins/akismet/c99.PHP wp-content/plugins/akismet/gaza.PHP wp-content/plugins/akismet/1.PHP wp-content/plugins/akismet/d0mains.PHP wp-content/plugins/akismet/madspotshell.PHP wp-content/plugins/akismet/info.PHP wp-content/plugins/akismet/egyshell.PHP wp-content/plugins/akismet/Sym.PHP wp-content/plugins/akismet/c22.PHP wp-content/plugins/akismet/c100.PHP wp-content/plugins/akismet/configuration.PHP wp-content/plugins/akismet/g.PHP wp-content/plugins/akismet/xx.pl wp-content/plugins/akismet/ls.PHP wp-content/plugins/akismet/Cpanel.PHP wp-content/plugins/akismet/k.PHP wp-content/plugins/akismet/zone-h.PHP wp-content/plugins/akismet/tmp/user.PHP wp-content/plugins/akismet/tmp/Sym.PHP wp-content/plugins/akismet/cp.PHP wp-content/plugins/akismet/tmp/madspotshell.PHP wp-content/plugins/akismet/tmp/root.PHP wp-content/plugins/akismet/tmp/whmcs.PHP wp-content/plugins/akismet/tmp/index.PHP wp-content/plugins/akismet/tmp/2.PHP wp-content/plugins/akismet/tmp/dz.PHP wp-content/plugins/akismet/tmp/cpn.PHP wp-content/plugins/akismet/tmp/changeall.PHP wp-content/plugins/akismet/tmp/Cgishell.pl wp-content/plugins/akismet/tmp/sql.PHP wp-content/plugins/akismet/0day.PHP wp-content/plugins/akismet/tmp/admin.PHP wp-content/plugins/akismet/L3b.PHP wp-content/plugins/akismet/d.PHP wp-content/plugins/akismet/tmp/d.PHP wp-content/plugins/akismet/tmp/L3b.PHP wp-content/plugins/akismet/sado.PHP wp-content/plugins/akismet/admin1.PHP wp-content/plugins/akismet/upload.PHP wp-content/plugins/akismet/up.PHP wp-content/plugins/akismet/vb.zip wp-content/plugins/akismet/vb.rar wp-content/plugins/akismet/admin2.asp wp-content/plugins/akismet/uploads.PHP wp-content/plugins/akismet/sa.PHP wp-content/plugins/akismet/sysadmins/ wp-content/plugins/akismet/admin1/ wp-content/plugins/akismet/sniper.PHP wp-content/plugins/akismet/images/Sym.PHP wp-content/plugins/akismet//r57.PHP wp-content/plugins/akismet/gzaa_spysl wp-content/plugins/akismet/sql-new.PHP wp-content/plugins/akismet//shell.PHP wp-content/plugins/akismet//sa.PHP wp-content/plugins/akismet//admin.PHP wp-content/plugins/akismet//sa2.PHP wp-content/plugins/akismet//2.PHP wp-content/plugins/akismet//gaza.PHP wp-content/plugins/akismet//up.PHP wp-content/plugins/akismet//upload.PHP wp-content/plugins/akismet//uploads.PHP wp-content/plugins/akismet/shell.PHP wp-content/plugins/akismet//amad.PHP wp-content/plugins/akismet//t00.PHP wp-content/plugins/akismet//dz.PHP wp-content/plugins/akismet//site.rar wp-content/plugins/akismet//Black.PHP wp-content/plugins/akismet//site.tar.gz wp-content/plugins/akismet//home.zip wp-content/plugins/akismet//home.rar wp-content/plugins/akismet//home.tar wp-content/plugins/akismet//home.tar.gz wp-content/plugins/akismet//forum.zip wp-content/plugins/akismet//forum.rar wp-content/plugins/akismet//forum.tar wp-content/plugins/akismet//forum.tar.gz wp-content/plugins/akismet//test.txt wp-content/plugins/akismet//ftp.txt wp-content/plugins/akismet//user.txt wp-content/plugins/akismet//site.txt wp-content/plugins/akismet//error_log wp-content/plugins/akismet//error wp-content/plugins/akismet//cpanel wp-content/plugins/akismet//awstats wp-content/plugins/akismet//site.sql wp-content/plugins/akismet//vb.sql wp-content/plugins/akismet//forum.sql wp-content/plugins/akismet/r00t-s3c.PHP wp-content/plugins/akismet/c.PHP wp-content/plugins/akismet//backup.sql wp-content/plugins/akismet//back.sql wp-content/plugins/akismet//data.sql wp-content/plugins/akismet/wp.rar/ wp-content/plugins/akismet/asp.aspx wp-content/plugins/akismet/tmp/vaga.PHP wp-content/plugins/akismet/tmp/killer.PHP wp-content/plugins/akismet/whmcs.PHP wp-content/plugins/akismet/abuhlail.PHP wp-content/plugins/akismet/tmp/killer.PHP wp-content/plugins/akismet/tmp/domaine.pl wp-content/plugins/akismet/tmp/domaine.PHP wp-content/plugins/akismet/useradmin/ wp-content/plugins/akismet/tmp/d0maine.PHP wp-content/plugins/akismet/d0maine.PHP wp-content/plugins/akismet/tmp/sql.PHP wp-content/plugins/akismet/X.PHP wp-content/plugins/akismet/123.PHP wp-content/plugins/akismet/m.PHP wp-content/plugins/akismet/b.PHP wp-content/plugins/akismet/up.PHP wp-content/plugins/akismet/tmp/dz1.PHP wp-content/plugins/akismet/dz1.PHP wp-content/plugins/akismet/forum.zip wp-content/plugins/akismet/Symlink.PHP wp-content/plugins/akismet/Symlink.pl wp-content/plugins/akismet/forum.rar wp-content/plugins/akismet/joomla.zip wp-content/plugins/akismet/joomla.rar wp-content/plugins/akismet/wp.PHP wp-content/plugins/akismet/buck.sql wp-content/plugins/akismet/sysadmin.PHP wp-content/plugins/akismet/images/c99.PHP wp-content/plugins/akismet/xd.PHP wp-content/plugins/akismet/c100.PHP wp-content/plugins/akismet/spy.aspx wp-content/plugins/akismet/xd.PHP wp-content/plugins/akismet/tmp/xd.PHP wp-content/plugins/akismet/sym/root/home/ wp-content/plugins/akismet/billing/killer.PHP wp-content/plugins/akismet/tmp/upload.PHP wp-content/plugins/akismet/tmp/admin.PHP wp-content/plugins/akismet/Server.PHP wp-content/plugins/akismet/tmp/uploads.PHP wp-content/plugins/akismet/tmp/up.PHP wp-content/plugins/akismet/Server/ wp-content/plugins/akismet/wp-admin/c99.PHP wp-content/plugins/akismet/tmp/priv8.PHP wp-content/plugins/akismet/priv8.PHP wp-content/plugins/akismet/cgi.pl/ wp-content/plugins/akismet/tmp/cgi.pl wp-content/plugins/akismet/downloads/dom.PHP wp-content/plugins/akismet/webadmin.html wp-content/plugins/akismet/admins.PHP wp-content/plugins/akismet/bluff.PHP wp-content/plugins/akismet/king.jeen wp-content/plugins/akismet/admins/ wp-content/plugins/akismet/admins.asp wp-content/plugins/akismet/admins.PHP wp-content/plugins/akismet/wp.zip wp-content/plugins/akismet/disqus.PHP wp-content/plugins/google-sitemap-generator//cpanel wp-content/plugins/google-sitemap-generator//awstats wp-content/plugins/google-sitemap-generator//site.sql wp-content/plugins/google-sitemap-generator//vb.sql wp-content/plugins/google-sitemap-generator//forum.sql wp-content/plugins/google-sitemap-generator/r00t-s3c.PHP wp-content/plugins/google-sitemap-generator/c.PHP wp-content/plugins/google-sitemap-generator//backup.sql wp-content/plugins/google-sitemap-generator//back.sql wp-content/plugins/google-sitemap-generator//data.sql wp-content/plugins/google-sitemap-generator/wp.rar/ wp-content/plugins/google-sitemap-generator/asp.aspx wp-content/plugins/google-sitemap-generator/tmp/vaga.PHP wp-content/plugins/google-sitemap-generator/tmp/killer.PHP wp-content/plugins/google-sitemap-generator/whmcs.PHP wp-content/plugins/google-sitemap-generator/abuhlail.PHP wp-content/plugins/google-sitemap-generator/tmp/killer.PHP wp-content/plugins/google-sitemap-generator/tmp/domaine.pl wp-content/plugins/google-sitemap-generator/tmp/domaine.PHP wp-content/plugins/google-sitemap-generator/useradmin/ wp-content/plugins/google-sitemap-generator/tmp/d0maine.PHP wp-content/plugins/google-sitemap-generator/d0maine.PHP wp-content/plugins/google-sitemap-generator/tmp/sql.PHP wp-content/plugins/google-sitemap-generator/X.PHP wp-content/plugins/google-sitemap-generator/123.PHP wp-content/plugins/google-sitemap-generator/m.PHP wp-content/plugins/google-sitemap-generator/b.PHP wp-content/plugins/google-sitemap-generator/up.PHP wp-content/plugins/google-sitemap-generator/tmp/dz1.PHP wp-content/plugins/google-sitemap-generator/dz1.PHP wp-content/plugins/google-sitemap-generator/forum.zip wp-content/plugins/google-sitemap-generator/Symlink.PHP wp-content/plugins/google-sitemap-generator/Symlink.pl wp-content/plugins/google-sitemap-generator/forum.rar wp-content/plugins/google-sitemap-generator/joomla.zip wp-content/plugins/google-sitemap-generator/joomla.rar wp-content/plugins/google-sitemap-generator/wp.PHP wp-content/plugins/google-sitemap-generator/buck.sql wp-content/plugins/google-sitemap-generator/sysadmin.PHP wp-content/plugins/google-sitemap-generator/images/c99.PHP wp-content/plugins/google-sitemap-generator/xd.PHP wp-content/plugins/google-sitemap-generator/c100.PHP wp-content/plugins/google-sitemap-generator/spy.aspx wp-content/plugins/google-sitemap-generator/xd.PHP wp-content/plugins/google-sitemap-generator/tmp/xd.PHP wp-content/plugins/google-sitemap-generator/sym/root/home/ wp-content/plugins/google-sitemap-generator/billing/killer.PHP wp-content/plugins/google-sitemap-generator/tmp/upload.PHP wp-content/plugins/google-sitemap-generator/tmp/admin.PHP wp-content/plugins/google-sitemap-generator/Server.PHP wp-content/plugins/google-sitemap-generator/tmp/uploads.PHP wp-content/plugins/google-sitemap-generator/tmp/up.PHP wp-content/plugins/google-sitemap-generator/Server/ wp-content/plugins/google-sitemap-generator/wp-admin/c99.PHP wp-content/plugins/google-sitemap-generator/tmp/priv8.PHP wp-content/plugins/google-sitemap-generator/priv8.PHP wp-content/plugins/google-sitemap-generator/cgi.pl/ wp-content/plugins/google-sitemap-generator/tmp/cgi.pl wp-content/plugins/google-sitemap-generator/downloads/dom.PHP wp-content/plugins/google-sitemap-generator/webadmin.html wp-content/plugins/google-sitemap-generator/admins.PHP wp-content/plugins/google-sitemap-generator/bluff.PHP wp-content/plugins/google-sitemap-generator/king.jeen wp-content/plugins/google-sitemap-generator/admins/ wp-content/plugins/google-sitemap-generator/admins.asp wp-content/plugins/google-sitemap-generator/admins.PHP wp-content/plugins/google-sitemap-generator/wp.zip wp-content/plugins/google-sitemap-generator/sitemap-core.PHP /templates/beez/WSO.PHP /templates/beez/dz.PHP /templates/beez/DZ.PHP /templates/beez/cpanel.PHP /templates/beez/cpn.PHP /templates/beez/sos.PHP /templates/beez/term.PHP /templates/beez/Sec-War.PHP /templates/beez/sql.PHP /templates/beez/ssl.PHP /templates/beez/MysqL.PHP /templates/beez/WolF.PHP /templates/beez/madspot.PHP /templates/beez/Cgishell.pl /templates/beez/killer.PHP /templates/beez/changeall.PHP /templates/beez/2.PHP /templates/beez/Sh3ll.PHP /templates/beez/dz0.PHP /templates/beez/dam.PHP /templates/beez/user.PHP /templates/beez/dom.PHP /templates/beez/whmcs.PHP /templates/beez/vb.zip /templates/beez/r00t.PHP /templates/beez/c99.PHP /templates/beez/gaza.PHP /templates/beez/1.PHP /templates/beez/d0mains.PHP /templates/beez/madspotshell.PHP /templates/beez/info.PHP /templates/beez/egyshell.PHP /templates/beez/Sym.PHP /templates/beez/c22.PHP /templates/beez/c100.PHP /templates/beez/configuration.PHP /templates/beez/g.PHP /templates/beez/xx.pl /templates/beez/ls.PHP /templates/beez/Cpanel.PHP /templates/beez/k.PHP /templates/beez/zone-h.PHP /templates/beez/tmp/user.PHP /templates/beez/tmp/Sym.PHP /templates/beez/cp.PHP /templates/beez/tmp/madspotshell.PHP /templates/beez/tmp/root.PHP /templates/beez/tmp/whmcs.PHP /templates/beez/tmp/index.PHP /templates/beez/tmp/2.PHP /templates/beez/tmp/dz.PHP /templates/beez/tmp/cpn.PHP /templates/beez/tmp/changeall.PHP /templates/beez/tmp/Cgishell.pl /templates/beez/tmp/sql.PHP /templates/beez/0day.PHP /templates/beez/tmp/admin.PHP /templates/beez/L3b.PHP /templates/beez/d.PHP /templates/beez/tmp/d.PHP /templates/beez/tmp/L3b.PHP /templates/beez/sado.PHP /templates/beez/admin1.PHP /templates/beez/upload.PHP /templates/beez/up.PHP /templates/beez/vb.zip /templates/beez/vb.rar /templates/beez/admin2.asp /templates/beez/uploads.PHP /templates/beez/sa.PHP /templates/beez/sysadmins/ /templates/beez/admin1/ /templates/beez/sniper.PHP /templates/beez/images/Sym.PHP /templates/beez//r57.PHP /templates/beez/gzaa_spysl /templates/beez/sql-new.PHP /templates/beez//shell.PHP /templates/beez//sa.PHP /templates/beez//admin.PHP /templates/beez//sa2.PHP /templates/beez//2.PHP /templates/beez//gaza.PHP /templates/beez//up.PHP /templates/beez//upload.PHP /templates/beez//uploads.PHP /templates/beez/shell.PHP /templates/beez//amad.PHP /templates/beez//t00.PHP /templates/beez//dz.PHP /templates/beez//site.rar /templates/beez//Black.PHP /templates/beez//site.tar.gz /templates/beez//home.zip /templates/beez//home.rar /templates/beez//home.tar /templates/beez//home.tar.gz /templates/beez//forum.zip /templates/beez//forum.rar /templates/beez//forum.tar /templates/beez//forum.tar.gz /templates/beez//test.txt /templates/beez//ftp.txt /templates/beez//user.txt /templates/beez//site.txt /templates/beez//error_log /templates/beez//error /templates/beez//cpanel /templates/beez//awstats /templates/beez//site.sql /templates/beez//vb.sql /templates/beez//forum.sql /templates/beez/r00t-s3c.PHP /templates/beez/c.PHP /templates/beez//backup.sql /templates/beez//back.sql /templates/beez//data.sql /templates/beez/wp.rar/ /templates/beez/asp.aspx /templates/beez/tmp/vaga.PHP /templates/beez/tmp/killer.PHP /templates/beez/whmcs.PHP /templates/beez/abuhlail.PHP /templates/beez/tmp/killer.PHP /templates/beez/tmp/domaine.pl /templates/beez/tmp/domaine.PHP /templates/beez/useradmin/ /templates/beez/tmp/d0maine.PHP /templates/beez/d0maine.PHP /templates/beez/tmp/sql.PHP /templates/beez/X.PHP /templates/beez/123.PHP /templates/beez/m.PHP /templates/beez/b.PHP /templates/beez/up.PHP /templates/beez/tmp/dz1.PHP /templates/beez/dz1.PHP /templates/beez/forum.zip /templates/beez/Symlink.PHP /templates/beez/Symlink.pl /templates/beez/forum.rar /templates/beez/joomla.zip /templates/beez/joomla.rar /templates/beez/wp.PHP /templates/beez/buck.sql /templates/beez/sysadmin.PHP /templates/beez/images/c99.PHP /templates/beez/xd.PHP /templates/beez/c100.PHP /templates/beez/spy.aspx /templates/beez/xd.PHP /templates/beez/tmp/xd.PHP /templates/beez/sym/root/home/ /templates/beez/billing/killer.PHP /templates/beez/tmp/upload.PHP /templates/beez/tmp/admin.PHP /templates/beez/Server.PHP /templates/beez/tmp/uploads.PHP /templates/beez/tmp/up.PHP /templates/beez/Server/ /templates/beez/wp-admin/c99.PHP /templates/beez/tmp/priv8.PHP /templates/beez/priv8.PHP /templates/beez/cgi.pl/ /templates/beez/tmp/cgi.pl /templates/beez/downloads/dom.PHP /templates/beez/webadmin.html /templates/beez/admins.PHP /templates/beez/bluff.PHP /templates/beez/king.jeen /templates/beez/admins/ /templates/beez/admins.asp /templates/beez/admins.PHP /templates/beez/wp.zip /templates/beez/index.PHP/images/WSO.PHP /images/dz.PHP /images/DZ.PHP /images/cpanel.PHP /images/cpn.PHP /images/sos.PHP /images/term.PHP /images/Sec-War.PHP /images/sql.PHP /images/ssl.PHP /images/MysqL.PHP /images/WolF.PHP /images/madspot.PHP /images/Cgishell.pl /images/killer.PHP /images/changeall.PHP /images/2.PHP /images/Sh3ll.PHP /images/dz0.PHP /images/dam.PHP /images/user.PHP /images/dom.PHP /images/whmcs.PHP /images/vb.zip /images/r00t.PHP /images/c99.PHP /images/gaza.PHP /images/1.PHP /images/d0mains.PHP /images/madspotshell.PHP /images/info.PHP /images/egyshell.PHP /images/Sym.PHP /images/c22.PHP /images/c100.PHP /images/configuration.PHP /images/g.PHP /images/xx.pl /images/ls.PHP /images/Cpanel.PHP /images/k.PHP /images/zone-h.PHP /images/tmp/user.PHP /images/tmp/Sym.PHP /images/cp.PHP /images/tmp/madspotshell.PHP /images/tmp/root.PHP /images/tmp/whmcs.PHP /images/tmp/index.PHP /images/tmp/2.PHP /images/tmp/dz.PHP /images/tmp/cpn.PHP /images/tmp/changeall.PHP /images/tmp/Cgishell.pl /images/tmp/sql.PHP /images/0day.PHP /images/tmp/admin.PHP /images/L3b.PHP /images/d.PHP /images/tmp/d.PHP /images/tmp/L3b.PHP /images/sado.PHP /images/admin1.PHP /images/upload.PHP /images/up.PHP /images/vb.zip /images/vb.rar /images/admin2.asp /images/uploads.PHP /images/sa.PHP /images/sysadmins/ /images/admin1/ /images/sniper.PHP /images/images/Sym.PHP /images//r57.PHP /images/gzaa_spysl /images/sql-new.PHP /images//shell.PHP /images//sa.PHP /images//admin.PHP /images//sa2.PHP /images//2.PHP /images//gaza.PHP /images//up.PHP /images//upload.PHP /images//uploads.PHP /images/shell.PHP /images//amad.PHP /images//t00.PHP /images//dz.PHP /images//site.rar /images//Black.PHP /images//site.tar.gz /images//home.zip /images//home.rar /images//home.tar /images//home.tar.gz /images//forum.zip /images//forum.rar /images//forum.tar /images//forum.tar.gz /images//test.txt /images//ftp.txt /images//user.txt /images//site.txt /images//error_log /images//error /images//cpanel /images//awstats /images//site.sql /images//vb.sql /images//forum.sql /images/r00t-s3c.PHP /images/c.PHP /images//backup.sql /images//back.sql /images//data.sql /images/wp.rar/ /images/asp.aspx /images/tmp/vaga.PHP /images/tmp/killer.PHP /images/whmcs.PHP /images/abuhlail.PHP /images/tmp/killer.PHP /images/tmp/domaine.pl /images/tmp/domaine.PHP /images/useradmin/ /images/tmp/d0maine.PHP /images/d0maine.PHP /images/tmp/sql.PHP /images/X.PHP /images/123.PHP /images/m.PHP /images/b.PHP /images/up.PHP /images/tmp/dz1.PHP /images/dz1.PHP /images/forum.zip /images/Symlink.PHP /images/Symlink.pl /images/forum.rar /images/joomla.zip /images/joomla.rar /images/wp.PHP /images/buck.sql /includes/WSO.PHP /includes/dz.PHP /includes/DZ.PHP /includes/cpanel.PHP /includes/cpn.PHP /includes/sos.PHP /includes/term.PHP /includes/Sec-War.PHP /includes/sql.PHP /includes/ssl.PHP /includes/MysqL.PHP /includes/WolF.PHP /includes/madspot.PHP /includes/Cgishell.pl /includes/killer.PHP /includes/changeall.PHP /includes/2.PHP /includes/Sh3ll.PHP /includes/dz0.PHP /includes/dam.PHP /includes/user.PHP /includes/dom.PHP /includes/whmcs.PHP /includes/vb.zip /includes/r00t.PHP /includes/c99.PHP /includes/gaza.PHP /includes/1.PHP /includes/d0mains.PHP /includes/madspotshell.PHP /includes/info.PHP /includes/egyshell.PHP /includes/Sym.PHP /includes/c22.PHP /includes/c100.PHP /includes/configuration.PHP /includes/g.PHP /includes/xx.pl /includes/ls.PHP /includes/Cpanel.PHP /includes/k.PHP /includes/zone-h.PHP /includes/tmp/user.PHP /includes/tmp/Sym.PHP /includes/cp.PHP /includes/tmp/madspotshell.PHP /includes/tmp/root.PHP /includes/tmp/whmcs.PHP /includes/tmp/index.PHP /includes/tmp/2.PHP /includes/tmp/dz.PHP /includes/tmp/cpn.PHP /includes/tmp/changeall.PHP /includes/tmp/Cgishell.pl /includes/tmp/sql.PHP /includes/0day.PHP /includes/tmp/admin.PHP /includes/L3b.PHP /includes/d.PHP /includes/tmp/d.PHP /includes/tmp/L3b.PHP /includes/sado.PHP /includes/admin1.PHP /includes/upload.PHP /includes/up.PHP /includes/vb.zip /includes/vb.rar /includes/admin2.asp /includes/uploads.PHP /includes/sa.PHP /includes/sysadmins/ /includes/admin1/ /includes/sniper.PHP /includes/images/Sym.PHP /includes//r57.PHP /includes/gzaa_spysl /includes/sql-new.PHP /includes//shell.PHP /includes//sa.PHP /includes//admin.PHP /includes//sa2.PHP /includes//2.PHP /includes//gaza.PHP /includes//up.PHP /includes//upload.PHP /includes//uploads.PHP /includes/shell.PHP /includes//amad.PHP /includes//t00.PHP /includes//dz.PHP /includes//site.rar /includes//Black.PHP /includes//site.tar.gz /includes//home.zip /includes//home.rar /includes//home.tar /includes//home.tar.gz /includes//forum.zip /includes//forum.rar /includes//forum.tar /includes//forum.tar.gz /includes//test.txt /includes//ftp.txt /includes//user.txt /includes//site.txt /includes//error_log /includes//error /includes//cpanel /includes//awstats /includes//site.sql /includes//vb.sql /includes//forum.sql /includes/r00t-s3c.PHP /includes/c.PHP /includes//backup.sql /includes//back.sql /includes//data.sql /includes/wp.rar/ /includes/asp.aspx /includes/tmp/vaga.PHP /includes/tmp/killer.PHP /includes/whmcs.PHP /includes/abuhlail.PHP /includes/tmp/killer.PHP /includes/tmp/domaine.pl /includes/tmp/domaine.PHP /includes/useradmin/ /includes/tmp/d0maine.PHP /includes/d0maine.PHP /includes/tmp/sql.PHP /includes/X.PHP /includes/123.PHP /includes/m.PHP /includes/b.PHP /includes/up.PHP /includes/tmp/dz1.PHP /includes/dz1.PHP /includes/forum.zip /includes/Symlink.PHP /includes/Symlink.pl /includes/forum.rar /includes/joomla.zip /includes/joomla.rar /includes/wp.PHP /includes/buck.sql /includes/sysadmin.PHP /includes/images/c99.PHP /includes/xd.PHP /includes/c100.PHP /includes/spy.aspx /includes/xd.PHP /includes/tmp/xd.PHP /includes/sym/root/home/ /includes/billing/killer.PHP /includes/tmp/upload.PHP /includes/tmp/admin.PHP /includes/Server.PHP /includes/tmp/uploads.PHP /includes/tmp/up.PHP /includes/Server/ /includes/wp-admin/c99.PHP /includes/tmp/priv8.PHP /includes/priv8.PHP /includes/cgi.pl/ /includes/tmp/cgi.pl /includes/downloads/dom.PHP /includes/webadmin.html /includes/admins.PHP /includes/bluff.PHP /includes/king.jeen /includes/admins/ /includes/admins.asp /includes/admins.PHP /includes/wp.zip /images/stories/vito.PHP /includes/ /templates/rhuk_milkyway/WSO.PHP /templates/rhuk_milkyway/dz.PHP /templates/rhuk_milkyway/DZ.PHP /templates/rhuk_milkyway/cpanel.PHP /templates/rhuk_milkyway/cpn.PHP /templates/rhuk_milkyway/sos.PHP /templates/rhuk_milkyway/term.PHP /templates/rhuk_milkyway/Sec-War.PHP /templates/rhuk_milkyway/sql.PHP /templates/rhuk_milkyway/ssl.PHP /templates/rhuk_milkyway/MysqL.PHP /templates/rhuk_milkyway/WolF.PHP /templates/rhuk_milkyway/madspot.PHP /templates/rhuk_milkyway/Cgishell.pl /templates/rhuk_milkyway/killer.PHP /templates/rhuk_milkyway/changeall.PHP /templates/rhuk_milkyway/2.PHP /templates/rhuk_milkyway/Sh3ll.PHP /templates/rhuk_milkyway/dz0.PHP /templates/rhuk_milkyway/dam.PHP /templates/rhuk_milkyway/user.PHP /templates/rhuk_milkyway/dom.PHP /templates/rhuk_milkyway/whmcs.PHP /templates/rhuk_milkyway/vb.zip /templates/rhuk_milkyway/r00t.PHP /templates/rhuk_milkyway/c99.PHP /templates/rhuk_milkyway/gaza.PHP /templates/rhuk_milkyway/1.PHP /templates/rhuk_milkyway/d0mains.PHP /templates/rhuk_milkyway/madspotshell.PHP /templates/rhuk_milkyway/info.PHP /templates/rhuk_milkyway/egyshell.PHP /templates/rhuk_milkyway/Sym.PHP /templates/rhuk_milkyway/c22.PHP /templates/rhuk_milkyway/c100.PHP /templates/rhuk_milkyway/configuration.PHP /templates/rhuk_milkyway/g.PHP /templates/rhuk_milkyway/xx.pl /templates/rhuk_milkyway/ls.PHP /templates/rhuk_milkyway/Cpanel.PHP /templates/rhuk_milkyway/k.PHP /templates/rhuk_milkyway/zone-h.PHP /templates/rhuk_milkyway/tmp/user.PHP /templates/rhuk_milkyway/tmp/Sym.PHP /templates/rhuk_milkyway/cp.PHP /templates/rhuk_milkyway/tmp/madspotshell.PHP /templates/rhuk_milkyway/tmp/root.PHP /templates/rhuk_milkyway/tmp/whmcs.PHP /templates/rhuk_milkyway/tmp/index.PHP /templates/rhuk_milkyway/tmp/2.PHP /templates/rhuk_milkyway/tmp/dz.PHP /templates/rhuk_milkyway/tmp/cpn.PHP /templates/rhuk_milkyway/tmp/changeall.PHP /templates/rhuk_milkyway/tmp/Cgishell.pl /templates/rhuk_milkyway/tmp/sql.PHP /templates/rhuk_milkyway/0day.PHP /templates/rhuk_milkyway/tmp/admin.PHP /templates/rhuk_milkyway/L3b.PHP /templates/rhuk_milkyway/d.PHP /templates/rhuk_milkyway/tmp/d.PHP /templates/rhuk_milkyway/tmp/L3b.PHP /templates/rhuk_milkyway/sado.PHP /templates/rhuk_milkyway/admin1.PHP /templates/rhuk_milkyway/upload.PHP /templates/rhuk_milkyway/up.PHP /templates/rhuk_milkyway/vb.zip /templates/rhuk_milkyway/vb.rar /templates/rhuk_milkyway/admin2.asp /templates/rhuk_milkyway/uploads.PHP /templates/rhuk_milkyway/sa.PHP /templates/rhuk_milkyway/sysadmins/ /templates/rhuk_milkyway/admin1/ /templates/rhuk_milkyway/sniper.PHP /templates/rhuk_milkyway/images/Sym.PHP /templates/rhuk_milkyway//r57.PHP /templates/rhuk_milkyway/gzaa_spysl /templates/rhuk_milkyway/sql-new.PHP /templates/rhuk_milkyway//shell.PHP /templates/rhuk_milkyway//sa.PHP /templates/rhuk_milkyway//admin.PHP /templates/rhuk_milkyway//sa2.PHP /templates/rhuk_milkyway//2.PHP /templates/rhuk_milkyway//gaza.PHP /templates/rhuk_milkyway//up.PHP /templates/rhuk_milkyway//upload.PHP /templates/rhuk_milkyway//uploads.PHP /templates/rhuk_milkyway/shell.PHP /templates/rhuk_milkyway//amad.PHP /templates/rhuk_milkyway//t00.PHP /templates/rhuk_milkyway//dz.PHP /templates/rhuk_milkyway//site.rar /templates/rhuk_milkyway//Black.PHP /templates/rhuk_milkyway//site.tar.gz /templates/rhuk_milkyway//home.zip /templates/rhuk_milkyway//home.rar /templates/rhuk_milkyway//home.tar /templates/rhuk_milkyway//home.tar.gz /templates/rhuk_milkyway//forum.zip /templates/rhuk_milkyway//forum.rar /templates/rhuk_milkyway//forum.tar /templates/rhuk_milkyway//forum.tar.gz /templates/rhuk_milkyway//test.txt /templates/rhuk_milkyway//ftp.txt /templates/rhuk_milkyway//user.txt /templates/rhuk_milkyway//site.txt /templates/rhuk_milkyway//error_log /templates/rhuk_milkyway//error /templates/rhuk_milkyway//cpanel /templates/rhuk_milkyway//awstats /templates/rhuk_milkyway//site.sql /templates/rhuk_milkyway//vb.sql /templates/rhuk_milkyway//forum.sql /templates/rhuk_milkyway/r00t-s3c.PHP /templates/rhuk_milkyway/c.PHP /templates/rhuk_milkyway//backup.sql /templates/rhuk_milkyway//back.sql /templates/rhuk_milkyway//data.sql /templates/rhuk_milkyway/wp.rar/ /templates/rhuk_milkyway/asp.aspx /templates/rhuk_milkyway/tmp/vaga.PHP /templates/rhuk_milkyway/tmp/killer.PHP /templates/rhuk_milkyway/whmcs.PHP /templates/rhuk_milkyway/abuhlail.PHP /templates/rhuk_milkyway/tmp/killer.PHP /templates/rhuk_milkyway/tmp/domaine.pl /templates/rhuk_milkyway/tmp/domaine.PHP /templates/rhuk_milkyway/useradmin/ /templates/rhuk_milkyway/tmp/d0maine.PHP /templates/rhuk_milkyway/d0maine.PHP /templates/rhuk_milkyway/tmp/sql.PHP /templates/rhuk_milkyway/X.PHP /templates/rhuk_milkyway/123.PHP /templates/rhuk_milkyway/m.PHP /templates/rhuk_milkyway/b.PHP /templates/rhuk_milkyway/up.PHP /templates/rhuk_milkyway/tmp/dz1.PHP /templates/rhuk_milkyway/dz1.PHP /templates/rhuk_milkyway/forum.zip /templates/rhuk_milkyway/Symlink.PHP /templates/rhuk_milkyway/Symlink.pl /templates/rhuk_milkyway/forum.rar /templates/rhuk_milkyway/joomla.zip /templates/rhuk_milkyway/joomla.rar /templates/rhuk_milkyway/wp.PHP /templates/rhuk_milkyway/buck.sql /templates/rhuk_milkyway/sysadmin.PHP /templates/rhuk_milkyway/images/c99.PHP /templates/rhuk_milkyway/xd.PHP /templates/rhuk_milkyway/c100.PHP /templates/rhuk_milkyway/spy.aspx /templates/rhuk_milkyway/xd.PHP /templates/rhuk_milkyway/tmp/xd.PHP /templates/rhuk_milkyway/sym/root/home/ /templates/rhuk_milkyway/billing/killer.PHP /templates/rhuk_milkyway/tmp/upload.PHP /templates/rhuk_milkyway/tmp/admin.PHP /templates/rhuk_milkyway/Server.PHP /templates/rhuk_milkyway/tmp/uploads.PHP /templates/rhuk_milkyway/tmp/up.PHP /templates/rhuk_milkyway/Server/ /templates/rhuk_milkyway/wp-admin/c99.PHP /templates/rhuk_milkyway/tmp/priv8.PHP /templates/rhuk_milkyway/priv8.PHP /templates/rhuk_milkyway/cgi.pl/ /templates/rhuk_milkyway/tmp/cgi.pl /templates/rhuk_milkyway/downloads/dom.PHP /templates/rhuk_milkyway/webadmin.html /templates/rhuk_milkyway/admins.PHP /templates/rhuk_milkyway/bluff.PHP /templates/rhuk_milkyway/king.jeen /templates/rhuk_milkyway/admins/ /templates/rhuk_milkyway/admins.asp /templates/rhuk_milkyway/admins.PHP /templates/rhuk_milkyway/wp.zip /templates/rhuk_milkyway/WSO.PHP a.PHP z.PHP e.PHP r.PHP t.PHP y.PHP u.PHP i.PHP o.PHP p.PHP q.PHP s.PHP d.PHP f.PHP g.PHP h.PHP j.PHP k.PHP l.PHP m.PHP w.PHP x.PHP c.PHP v.PHP b.PHP n.PHP 1.PHP 2.PHP 3.PHP 4.PHP 5.PHP 6.PHP 7.PHP 8.PHP 9.PHP 10.PHP 12.PHP 11.PHP 1234.PHP ); foreach $TM(@shells){ $f=$s.$TM; my $rQ=HTTP::Request->new(GET=>$f); my $User_agent=LWP::UserAgent->new(); $User_agent->timeout(30); my $R=$User_agent->request($rQ); if($R->content =~ m/safemode/i || $R->content =~ m/Uname/i || $R->content =~ m/Bruteforce/i || $R->content =~ m/password/i || $R->content =~ m/Free HDD Space/i || $R->content =~ m/CMD/i || $R->content =~ m/Coded by/i || $R->content =~ m/Your IP/i || $R->content =~ m/Server IP/i || $R->content =~ m/Functions/i || $R->content =~ m/uid/i ) { print " \n\n \t\t[+] You got a shell in your site -> $f\n\n\n"; open(l_shell,">>shells_finded.txt"); print l_shell "$f\n$f"; } else { print "[-] No Shell Found,nice maintaining:( -> $f\n"; } } }
