Simple Python automation script to include content inside files

Bored of writing the same text chunk for your online store products description or ever wanted to have an “include” directive in JavaScript?

Here is a tiny automation script made in Python, i use it to include repetitive content inside HTML files, it read all *.html files (the extension can be changed on line 30) line by line in the directory the script is executed from and any {include=filename} tag found is replaced by the file “filename” content, it is fully recursive.

Note : The script do not check for circularity… so do not include a file including itself or similar stuff 🙂

Note : I am also using a variant written in the Anubis language for JavaScript which include a simple #include filename directive, that variant is also a tiny automatic build system which look for changes in a directory and build automatically the application package consisting of a single JS and CSS minified file if a file has changed, that way i just focus on writing code, the build system produce everything in the background when it detect a change and to test the app i just have to refresh the page in the browser, i may share it one day but the code is uglier than this. 🙂

# -*- coding: utf-8 -*-
#!/usr/bin/python

import os
import re
import sys
import glob

include_regex = re.compile("{include=(.*?)}")

def get_line_content(file):
    content = ""
    current_line = 0
    
    with open(file, 'r') as f:
        for line in f:
            inc = include_regex.search(line)
            if inc:
                inc_filename = inc.group(1)
                content += get_line_content(inc_filename)

                print("including " + inc_filename + ", include directive found in file " + file + " at line " + str(current_line))
            else:
                content += line
            current_line += 1
        f.close()
    return content

os.chdir(".")
for file in glob.glob("*.html"):
    head, tail = os.path.split(file)
    
    output_filename = "output/" + tail
    
    content = ""
    
    print("processing " + file)
    
    content = get_line_content(file)
    
    print("producing " + output_filename)
    
    f = open(output_filename, 'w')
    f.write(content)
    f.close()

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

How to remove malicious code infecting every PHP files of a website

A few month ago i stumbled upon some malicious replicating code (PHP.Anuna and PHP/Agent.GC) infecting all of my php files by inserting the same malicious code at the start of every files… slowing down all the website and gathering informations, this was a mess but this can be solved easily.

If you encounter malicious code from these or variants which are using the same signature i will show you how you can clean all of your website files very quickly and monitor it to prevent any other threats (look up the next article) so you can react before it is too late and let it to never happen again.

Here is a little PHP script to run on your server which recursively remove all the malicious code for every .php files in a specified folder based on a virus signature, it is very simple but also very effective for this kind of infection.

If there is any infections found it will show which file was cleaned up and at which position in the file the malicious code was, there is a report at the end of the decontamination process which will show you how much files were treated.

You likely have to configure it before using it because the signature will be different for each infections :

  • Change $target_directory value by the directory you want to clean up
  • Change $virus_begin_signature_str value by the few starting characters of the malicious code
  • Change $virus_end_signature_str value by the end of the malicious code

Disclaimer : I take no responsibility for any loss or damage suffered as a result of using this script, always backup your stuff first.

Note : Due to the use of the file_get_contents function, the script may get very memory hungry for large files, some adaptations of the code with more clever functions may be needed for your case.

<?php
/////////////////
$target_directory = '/var/www/';

//$virus_begin_signature_str = '$pmtccnmmns = \'341]88M4P8]37]278]225]241]334]';
$virus_begin_signature_str = 'd($n)-1);} @error_rP6]';
$virus_end_signature_str = '$pkvpncwqkl(""); $pkvpncwqkl=(468-347); $pmtccnmmns=$pkvpncwqkl-1; ?>';
$virus_name = 'PHP Agent.GC'; // just for pretty print, work with PHP.Anuna and variants
/////////////////

$recursive_directory_iter = new RecursiveDirectoryIterator($target_directory);
$iterator = new RecursiveIteratorIterator($recursive_directory_iter);

$decontaminated_files_count = 0;

foreach ($iterator as $filename => $cur)
{
	$path_info = pathinfo($filename);
	
	if (!isset($path_info['extension'])) {
        continue;
    }
        
    if ($path_info['extension'] !== 'php') {
		continue;
	}
	
	echo "Checking: '".$filename."'".PHP_EOL;
	
    $contents = file_get_contents($filename);
	
	$virus_begin_pos = strpos($contents, $virus_begin_signature_str);

    if ($virus_begin_pos !== false && $filename !== __FILE__) {
        echo $virus_name." found in '".$filename."'".PHP_EOL;
		
		$virus_end_str = $virus_end_signature_str;
		$virus_end_pos = strpos($contents, $virus_end_str) + strlen($virus_end_str);
		
		$before_virus_content = substr($contents, 0, $virus_begin_pos);
		$after_virus_content = substr($contents, $virus_end_pos);
		
		echo $virus_name." content between start pos ".$virus_begin_pos." and end pos ".$virus_end_pos." deleted".PHP_EOL;
		
		$contents = $before_virus_content.$after_virus_content;

        file_put_contents($filename, $contents);
		
		$decontaminated_files_count++;
    }
}

echo $decontaminated_files_count." files were infected and decontaminated in the directory '".$target_directory."'".PHP_EOL;
1 Star2 Stars3 Stars4 Stars5 Stars (6 votes, average: 5.00 out of 5)
Loading...