解密

现在很多的php代码都进行了各种各样的加密造成我审计的时候很尴尬,花钱去解密？貌似有点不值得(关键尼玛穷呀)。于是琢磨了一下,发现了一个还不错的解密站点，写一个批量解密感觉棒棒哒

#!/usr/bin/env python
#-*- coding:utf-8 –*-

import urllib2
import urllib
from sys import *
import os.path
import hashlib
import time
import json
Const_Image_Format = [".php"]
class FileFilt:
    fileList = [""]
    counter = 0
    def __init__(self):
        pass
    def FindFile(self,dirr,filtrate = 1):
        global Const_Image_Format
        for s in os.listdir(dirr):
            newDir = os.path.join(dirr,s)
            if os.path.isfile(newDir):
                if filtrate:
                        if newDir and(os.path.splitext(newDir)[1] in Const_Image_Format):
                            self.fileList.append(newDir)
                            self.counter+=1
                else:
                    self.fileList.append(newDir)
                    self.counter+=1

def upload(spath):
        dirr,filename=os.path.split(spath)
        m = hashlib.md5()
        m.update(filename)
        token = m.hexdigest()
        boundary = 'gL6GI3GI3GI3KM7Ij5GI3ae0Ij5KM7'
        data = []
        data.append('------------%s' % boundary)
        data.append('Content-Disposition: form-data; name="%s"\r\n' % 'Filename')
        data.append('%s'%(filename))
        data.append('------------%s' % boundary)

        data.append('Content-Disposition: form-data; name="%s"\r\n' % 'token')
        data.append('%s'%(token))
        data.append('------------%s' % boundary)

        data.append('Content-Disposition: form-data; name="%s"\r\n'% 'timestamp')
        data.append('%d'%(time.time()));
        data.append('------------%s' % boundary)
        fr=open(spath,'rb')
        data.append('Content-Disposition: form-data; name="Filedata"; filename="%s"' %(filename) )
        data.append('Content-Type: %s\r\n' % 'application/octet-stream')
        data.append(fr.read())
        fr.close()
        data.append('------------%s\r\n' % boundary)
        data.append('Content-Disposition: form-data; name="%s"\r\n'% 'Upload')
        data.append('Submit Query');
        data.append('------------%s--\r\n' % boundary)
        http_url='http://dezend.qiling.org/decode/upload.html?ajax=1'
        http_body='\r\n'.join(data)
        #buld http request
        req=urllib2.Request(http_url, data=http_body)
        #header
        req.add_header('Content-Type', 'multipart/form-data; boundary=----------%s' % boundary)
        req.add_header('User-Agent','Mozilla/5.0')
        #req.add_header('Referer','http://junxinsheng.com/upfileform.asp')
        #post data to server
        resp = urllib2.urlopen(req, timeout=5)
        #get response
        qrcont=resp.read()
        download(json.loads(qrcont)['result']['file'],dirr,filename)
def download(Files,Dir,filename):
        url = 'http://dezend.qiling.org/decode/download.html?file=%s' % (Files) 
        request= urllib2.Request(url)
        request.add_header('User-Agent','Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6')
        opener = urllib2.build_opener()
        f=opener.open(request)
        data=f.read()
        with open(Dir+'/de.'+filename, "w+") as code:     
                code.write(data)
def main():
        dirr=argv[1]
        File = FileFilt()
        File.FindFile(dirr = dirr)
        for filename in File.fileList:
                if filename:
                        upload(filename)
                        pass
if __name__ == '__main__':
        main()