PageRenderTime 45ms CodeModel.GetById 16ms RepoModel.GetById 0ms app.codeStats 0ms

/tools/jscan_http/jscan_http.php

https://bitbucket.org/eddieajau/the-art-of-joomla-archive
PHP | 430 lines | 263 code | 57 blank | 110 comment | 35 complexity | b5a3f1cc3a15bf4520f4df8f6c23cb53 MD5 | raw file
    

  1. #!/usr/bin/php
    2. 

  2. <?php
    3. 

  3. /**
    4. 

  4.  * @version		$Id: jscan_http.php 344 2010-10-18 07:22:53Z eddieajau $
    5. 

  5.  * @copyright	Copyright 2010 New Life in IT Pty Ltd. All rights reserved.
    6. 

  6.  * @license		GNU General Public License <http://www.fsf.org/licensing/licenses/gpl.html>
    7. 

  7.  * @link		http://www.theartofjoomla.com
    8. 

  8.  */
    9. 

  9. 

  10. // Maximum error reporting.
    11. 

  11. error_reporting(E_ALL|E_STRICT);
    12. 

  12. ini_set('display_errors', 1);
    13. 

  13. 

  14. /**
    15. 

  15.  * Main class.
    16. 

  16.  */
    17. 

  17. class main
    18. 

  18. {
    19. 

  19. 	/**
    20. 

  20. 	 * @var	string	The version of the script.
    21. 

  21. 	 */
    22. 

  22. 	private $version = '1.0.1';
    23. 

  23. 

  24. 	/**
    25. 

  25. 	 * @var	array	An arary of options.
    26. 

  26. 	 */
    27. 

  27. 	private $config = null;
    28. 

  28. 

  29. 	/**
    30. 

  30. 	 * @var	array	An array of command line options.
    31. 

  31. 	 */
    32. 

  32. 	private $options = null;
    33. 

  33. 

  34. 	/**
    35. 

  35. 	 * @var	string	A list of the required and options short arguments (requires value 'n:'; optional 'n::', no argument 'n').
    36. 

  36. 	 */
    37. 

  37. 	private $shortargs = 'a:x:n:d:b:vu:h';
    38. 

  38. 

  39. 	/**
    40. 

  40. 	 * @var	string	A list of the required and options long arguments (PHP 5.3 only).
    41. 

  41. 	 */
    42. 

  42. 	private $longargs = array('help');
    43. 

  43. 

  44. 	/**
    45. 

  45. 	 * @var	string	The path where the script is being executed.
    46. 

  46. 	 */
    47. 

  47. 	private $cwd = '';
    48. 

  48. 

  49. 	/**
    50. 

  50. 	 * Constructor
    51. 

  51. 	 */
    52. 

  52. 	function __construct()
    53. 

  53. 	{
    54. 

  54. 		// Get the current directory
    55. 

  55. 		$this->cwd	= getcwd();
    56. 

  56. 

  57. 		// Get the command line options
    58. 

  58. 		$opts = getopt($this->shortargs/*, $this->longargs*/);
    59. 

  59. 		$args = $GLOBALS['argv'];
    60. 

  60. 

  61. 		// Following code based on
    62. 

  62. 		// http://au2.php.net/manual/en/function.getopt.php#79286
    63. 

  63. 		// by Francois Hill
    64. 

  64. 		foreach ($opts as $o => $a)
    65. 

  65. 		{
    66. 

  66. 			// Look for all occurrences of option in argv and remove if found :
    67. 

  67. 			// ----------------------------------------------------------------
    68. 

  68. 			// Look for occurrences of -o (simple option with no value) or -o<val> (no space in between):
    69. 

  69. 			while ($k = array_search("-".$o.$a,$args))
    70. 

  70. 			{
    71. 

  71. 				// If found remove from argv:
    72. 

  72. 				if ($k) {
    73. 

  73. 					unset($args[$k]);
    74. 

  74. 				}
    75. 

  75. 			}
    76. 

  76. 			// Look for remaining occurrences of -o <val> (space in between):
    77. 

  77. 			while ($k = array_search('-'.$o,$args))
    78. 

  78. 			{
    79. 

  79. 				// If found remove both option and value from argv:
    80. 

  80. 				if($k) {
    81. 

  81. 					unset($args[$k]);
    82. 

  82. 					unset($args[$k+1]);
    83. 

  83. 				}
    84. 

  84. 			}
    85. 

  85. 		}
    86. 

  86. 

  87. 		$this->options	= (object) $opts;
    88. 

  88. 		$this->argv	= array_merge($args);
    89. 

  89. 

  90. 		// Load the ini file.
    91. 

  91. 		$cfgFile = dirname(__FILE__).'/config.ini';
    92. 

  92. 		if (file_exists($cfgFile)) {
    93. 

  93. 			$this->config = (object) parse_ini_file($cfgFile);
    94. 

  94. 		}
    95. 

  95. 		else {
    96. 

  96. 			$this->config = new stdClass;
    97. 

  97. 		}
    98. 

  98. 

  99. 		// Display help if set.
    100. 

  100. 		if (isset($this->options->h)) {
    101. 

  101. 			$this->help();
    102. 

  102. 			exit(0);
    103. 

  103. 		}
    104. 

  104. 	}
    105. 

  105. 

  106. 	/**
    107. 

  107. 	 * Get an option or configuration setting.
    108. 

  108. 	 *
    109. 

  109. 	 * @param	string	The name of the option or configuration variable.
    110. 

  110. 	 * @param	string	An optional default to return if the option is not set.
    111. 

  111. 	 */
    112. 

  112. 	protected function get($key, $default = null)
    113. 

  113. 	{
    114. 

  114. 		if (isset($this->options->$key)) {
    115. 

  115. 			return empty($this->options->$key) ? true : $this->options->$key;
    116. 

  116. 		}
    117. 

  117. 		else if (isset($this->config->$key)) {
    118. 

  118. 			return $this->config->$key;
    119. 

  119. 		}
    120. 

  120. 		else {
    121. 

  121. 			return $default;
    122. 

  122. 		}
    123. 

  123. 	}
    124. 

  124. 

  125. 	/**
    126. 

  126. 	 * Displays a message.
    127. 

  127. 	 *
    128. 

  128. 	 * @param	string	The message.
    129. 

  129. 	 */
    130. 

  130. 	public function out($text = '')
    131. 

  131. 	{
    132. 

  132. 		echo "\n$text";
    133. 

  133. 	}
    134. 

  134. 

  135. 	/**
    136. 

  136. 	 * Display help text
    137. 

  137. 	 */
    138. 

  138. 	protected function help()
    139. 

  139. 	{
    140. 

  140. 		$this->out('jscan_http version '.$this->version);
    141. 

  141. 		$this->out();
    142. 

  142. 		$this->out('Description:');
    143. 

  143. 		$this->out();
    144. 

  144. 		$this->out('scan_http is a command line utility that scans the directory of a Joomla site for PHP files and tries to acces them directly via the web server. ' .
    145. 

  145. 				'Ideally no output should be received from directly accessing any PHP file, with the exception of index.php, index2.php (etc) which should display regular HTML output. ' .
    146. 

  146. 				'Some files will return warning text, such as "Restricted Access", and these will be ignored and considered safe. ' .
    147. 

  147. 				'Any unexpected output will be logged to the console.');
    148. 

  148. 		$this->out();
    149. 

  149. 		$this->out('Released under the GNU General Public License.');
    150. 

  150. 		$this->out('Copyright 2010 New Life in It Pty Ltd.  All rights reserved.');
    151. 

  151. 		$this->out('Visit http://www.theartofjoomla.com/extensions/http-scan.html');
    152. 

  152. 		$this->out();
    153. 

  153. 		$this->out('Installation:');
    154. 

  154. 		$this->out();
    155. 

  155. 		$this->out('Copy this file into the root of your Joomla web site (or another directory and use the -d option to specify the directory to scan).');
    156. 

  156. 		$this->out();
    157. 

  157. 		$this->out('Usage:');
    158. 

  158. 		$this->out();
    159. 

  159. 		$this->out('./jscan_http [options]');
    160. 

  160. 		$this->out();
    161. 

  161. 		$this->out('Options:');
    162. 

  162. 		$this->out();
    163. 

  163. 		$this->out('-a "string1|string2"  Additional responses that are allowed when a file is directly accessed.');
    164. 

  164. 		$this->out('-b directory          The base directory of the web server (eg, /usr/local/www).');
    165. 

  165. 		$this->out('-d directory          An alternative directory to scan (current working directory assumed as default).');
    166. 

  166. 		$this->out('-u uri                The URI for the web site (defaults to "http://localhost").');
    167. 

  167. 		$this->out('-n number             Sets a limit on the number of files to scan.');
    168. 

  168. 		$this->out('-h                    See help text.');
    169. 

  169. 		$this->out('-v                    Verbose mode. Show the results for all files parsed, not just those that fail.');
    170. 

  170. 		$this->out('-x "regex"            A regular expression for file paths to exclude.');
    171. 

  171. 		$this->out();
    172. 

  172. 		$this->out('Examples:');
    173. 

  173. 		$this->out();
    174. 

  174. 		$this->out('To scan the 1.6 trunk remotely on localhost.');
    175. 

  175. 		$this->out('./jscan_http.php -b /Users/foobar/htdocs -d /Users/foobar/htdocs/Joomla/trunk -x "/tests/"');
    176. 

  176. 		$this->out();
    177. 

  177. 		$this->out();
    178. 

  178. 	}
    179. 

  179. 

  180. 	//
    181. 

  181. 	// ^^^ End of generic CLI scaffolding.
    182. 

  182. 	//
    183. 

  183. 

  184. 	/**
    185. 

  185. 	 * Evaluates the output.
    186. 

  186. 	 *
    187. 

  187. 	 * @param	string	The output of the page.
    188. 

  188. 	 * @return	mixed	1 if no output (good), 2 if expected result, otherwise the actual output.
    189. 

  189. 	 */
    190. 

  190. 	function evaluate($output)
    191. 

  191. 	{
    192. 

  192. 		static $good;
    193. 

  193. 

  194. 		// Empty output is the best output.
    195. 

  195. 		if ($output === '') {
    196. 

  196. 			return 1;
    197. 

  197. 		}
    198. 

  198. 

  199. 		if ($good === null) {
    200. 

  200. 			$good = array(
    201. 

  201. 				// Newer formats.
    202. 

  202. 				'Restricted access',
    203. 

  203. 				'Restricted access.',
    204. 

  204. 				// Older formats.
    205. 

  205. 				'Direct Access to this location is not allowed',
    206. 

  206. 				'Direct Access to this location is not allowed.',
    207. 

  207. 				'Direct Access to this file is not allowed',
    208. 

  208. 				'Direct Access to this file is not allowed.',
    209. 

  209. 				'No direct access allowed ;)',
    210. 

  210. 				'Direct Access Is Not Allowed',
    211. 

  211. 				'Direct access to this file is prohibited',
    212. 

  212. 				'Direct access to this file is prohibited.',
    213. 

  213. 				'JS: No Direct Access',
    214. 

  214. 				'Restricted access',
    215. 

  215. 				'Access Denied!',
    216. 

  216. 				'No Acces to this file!',
    217. 

  217. 				'No access to this file!',
    218. 

  218. 				'Access Denied!',
    219. 

  219. 				'Access Denied.',
    220. 

  220. 				'restriced access',
    221. 

  221. 				'Restricted access to this plugin',
    222. 

  222. 				'Forbidden',
    223. 

  223. 				'Access restricted',
    224. 

  224. 				'Restricted',
    225. 

  225. 				'Sorry Restricted access',
    226. 

  226. 				'Access Denied.',
    227. 

  227. 				'No Direct Access',
    228. 

  228. 				'access denied',
    229. 

  229. 				'Invalid request',
    230. 

  230. 				'Invalid request.',
    231. 

  231. 				'=;)',
    232. 

  232. 				';)',
    233. 

  233. 				'No direct access allowed ;)',
    234. 

  234. 				// Options for well-behaved sql install files.
    235. 

  235. 				'--',
    236. 

  236. 				'#',
    237. 

  237. 				'# Restricted access',
    238. 

  238. 				'-- Restricted access',
    239. 

  239. 				'-- Restricted access.',
    240. 

  240. 				// Special case for log files.
    241. 

  241. 				'#Direct Access To Log Files Not Permitted',
    242. 

  242. 			);
    243. 

  243. 

  244. 			// Additional allowed strings.
    245. 

  245. 			if ($allowed = $this->get('a')) {
    246. 

  246. 				$good = array_merge($good, explode('|', $allowed));
    247. 

  247. 			}
    248. 

  248. 		}
    249. 

  249. 

  250. 		foreach ($good as $test)
    251. 

  251. 		{
    252. 

  252. 			if (strcasecmp($test, $output) == 0) {
    253. 

  253. 				return 2;
    254. 

  254. 			}
    255. 

  255. 		}
    256. 

  256. 

  257. 		return false;
    258. 

  258. 	}
    259. 

  259. 

  260. 	/**
    261. 

  261. 	 * Get repsonse code.
    262. 

  262. 	 *
    263. 

  263. 	 * @return	mixed	True if the response is ok, Exception otherwise.
    264. 

  264. 	 */
    265. 

  265. 	private function getReponse($url)
    266. 

  266. 	{
    267. 

  267. 		$headers = @get_headers($url);
    268. 

  268. 

  269. 		preg_match('#^HTTP/([0-9\.]+)\s+(\d+)\s+(.*)#i', $headers[0], $matches);
    270. 

  270. 		if (!isset($matches[1])) {
    271. 

  271. 			return new Exception($headers[0], 0);
    272. 

  272. 		}
    273. 

  273. 		$version	= $matches[1];
    274. 

  274. 		$code		= $matches[2];
    275. 

  275. 		$message	= $matches[3];
    276. 

  276. 

  277. 		// Test for valid response codes.
    278. 

  278. 		if ($code == 200) {
    279. 

  279. 			return true;
    280. 

  280. 		} else {
    281. 

  281. 			return new Exception($message, $code);
    282. 

  282. 		}
    283. 

  283. 

  284. 	}
    285. 

  285. 

  286. 	/**
    287. 

  287. 	 * Trucate a string for output.
    288. 

  288. 	 *
    289. 

  289. 	 * @param	string	The source string.
    290. 

  290. 	 * @param	int		The length of the string.
    291. 

  291. 	 * @return	string
    292. 

  292. 	 */
    293. 

  293. 	private function truncate($source, $chars = 50)
    294. 

  294. 	{
    295. 

  295. 		// Replace white-space and linebreaks.
    296. 

  296. 		$source = str_replace(
    297. 

  297. 			array(
    298. 

  298. 				"\n",
    299. 

  299. 				"\r"
    300. 

  300. 			),
    301. 

  301. 			' ',
    302. 

  302. 			$source
    303. 

  303. 		);
    304. 

  304. 		$source = preg_replace('#\s+#', ' ', $source);
    305. 

  305. 

  306. 		return substr($source, 0, $chars);
    307. 

  307. 	}
    308. 

  308. 

  309. 	/**
    310. 

  310. 	 * The run method.
    311. 

  311. 	 */
    312. 

  312. 	public function run()
    313. 

  313. 	{
    314. 

  314. 		// Let's do some work.
    315. 

  315. 		$tStart = microtime(true);
    316. 

  316. 

  317. 		// Get the root directory we are parsing (current directory assumed).
    318. 

  318. 		$root = $this->get('d', getcwd());
    319. 

  319. 

  320. 		// Get the host that we need to call.
    321. 

  321. 		$host = $this->get('u', 'http://localhost');
    322. 

  322. 		$host = rtrim($host, '/');
    323. 

  323. 

  324. 		// Get the base directory of the web server.
    325. 

  325. 		$stub = $this->get('b', getcwd());
    326. 

  326. 

  327. 		// Get a counter to limit the number of files to scan.
    328. 

  328. 		$limit = $this->get('n', 0);
    329. 

  329. 

  330. 		// Regex of paths to exclude.
    331. 

  331. 		$exclude = $this->get('x');
    332. 

  332. 

  333. 		$this->out();
    334. 

  334. 		$this->out(sprintf('JSCAN_HTTP Version %s', $this->version));
    335. 

  335. 		$this->out(sprintf('Scanning directory: %s (change with -d option)', $root));
    336. 

  336. 		$this->out(sprintf('Scanning URL: %s%s (change with -u and -b options)', $host, $stub));
    337. 

  337. 

  338. 		if ($limit) {
    339. 

  339. 			$this->out(sprintf('Using -n option. Limiting scan to %d files.', $limit));
    340. 

  340. 		}
    341. 

  341. 

  342. 		if ($exclude) {
    343. 

  343. 			$this->out(sprintf('Using -x option. Exclusing files matching pattern of #%s#.', $exclude));
    344. 

  344. 		}
    345. 

  345. 

  346. 		$this->out();
    347. 

  347. 

  348. 		//
    349. 

  349. 		// Beginning parsing web pages.
    350. 

  350. 		//
    351. 

  351. 

  352. 		$nFiles	= 0;
    353. 

  353. 		$nScans = 0;
    354. 

  354. 		$nFails	= 0;
    355. 

  355. 

  356. 		// Get the recursive directory iterator.
    357. 

  357. 		$it = new RecursiveDirectoryIterator($root);
    358. 

  358. 		//print_r(get_class_methods($it));
    359. 

  359. 

  360. 		foreach (new RecursiveIteratorIterator($it) as $artifact)
    361. 

  361. 		{
    362. 

  362. 			// Check if the current artifact is a file.
    363. 

  363. 			if ($artifact->isFile()) {
    364. 

  364. 				// Ignore this file.
    365. 

  365. 				if (((string) $artifact) == __FILE__) {
    366. 

  366. 					continue;
    367. 

  367. 				}
    368. 

  368. 

  369. 				$nFiles++;
    370. 

  370. 

  371. 				// Check the file is a .php file.
    372. 

  372. 				if (preg_match("#\.php$#", (string) $artifact)) {
    373. 

  373. 

  374. 					// Strip the stub so we can add this to the host.
    375. 

  375. 					$path = str_replace($stub, '', $artifact);
    376. 

  376. 

  377. 					$file = str_replace($root, '', $artifact);
    378. 

  378. 

  379. 					// Check exclude regex.
    380. 

  380. 					if (!empty($exclude)) {
    381. 

  381. 						if (preg_match("#$exclude#", $file)) {
    382. 

  382. 							continue;
    383. 

  383. 						}
    384. 

  384. 					}
    385. 

  385. 

  386. 					$nScans++;
    387. 

  387. 

  388. 					// Test the response.
    389. 

  389. 					$response = $this->getReponse($host.$path);
    390. 

  390. 

  391. 					if ($response instanceof Exception) {
    392. 

  392. 						$this->out(sprintf('%3d * %-60s   >>> %s', $response->getCode(), $file, $response->getMessage()));
    393. 

  393. 						$nFails++;
    394. 

  394. 					}
    395. 

  395. 					else {
    396. 

  396. 						$output = trim(file_get_contents($host.$path));
    397. 

  397. 						$result = $this->evaluate($output);
    398. 

  398. 

  399. 						if ($result === false) {
    400. 

  400. 							$this->out(sprintf('%3d * %-60s   >>> %s', $result, $file, $this->truncate($output, 40)));
    401. 

  401. 							$nFails++;
    402. 

  402. 						}
    403. 

  403. 						else if ($this->get('v')) {
    404. 

  404. 							$this->out(sprintf('%3d   %-60s', $result, $file));
    405. 

  405. 						}
    406. 

  406. 					}
    407. 

  407. 

  408. 					// Check the count
    409. 

  409. 					if ($limit && $nScans >= $limit) {
    410. 

  410. 						break;
    411. 

  411. 					}
    412. 

  412. 				}
    413. 

  413. 			}
    414. 

  414. 		}
    415. 

  415. 

  416. 		$tFinish = microtime(true);
    417. 

  417. 

  418. 		$this->out(sprintf(
    419. 

  419. 			'Files scanned: %d (out of %d); Possible failures found: %d; Processing time: %.3fs',
    420. 

  420. 			$nScans, $nFiles, $nFails, $tFinish - $tStart
    421. 

  421. 		));
    422. 

  422. 	}
    423. 

  423. }
    424. 

  424. 

  425. // Instantiate the main class and run.
    426. 

  426. $main = new main;
    427. 

  427. $main->run();
    428. 

  428. 

  429. $main->out();
    430. 

  430. $main->out();
    431.