#!/bin/bash

# PocketMine-MP 插件安全扫描脚本
# 用法: bash scan.sh [路径] (默认扫描当前目录)

SCAN_PATH="${1:-.}"

echo "===== PocketMine 插件安全扫描 ====="
echo ""

echo "[1] 检测危险函数调用..."
grep -rn --include="*.php" \
    -e 'exec[[:space:]]*(' \
    -e 'shell_exec[[:space:]]*(' \
    -e 'system[[:space:]]*(' \
    -e 'passthru[[:space:]]*(' \
    -e 'eval[[:space:]]*(' \
    -e 'assert[[:space:]]*(' \
    -e 'create_function[[:space:]]*(' \
    "$SCAN_PATH" 2>/dev/null

echo ""

echo "[2] 检测恶意混淆代码..."
grep -rn --include="*.php" \
    -e 'eval[[:space:]]*([[:space:]]*base64_decode' \
    -e 'eval[[:space:]]*([[:space:]]*gzinflate' \
    -e 'eval[[:space:]]*([[:space:]]*str_rot13' \
    "$SCAN_PATH" 2>/dev/null

echo ""

echo "[3] 检测恶意关闭服务器..."
grep -rn --include="*.php" \
    -e 'shutdown()' \
    -e 'forceShutdown()' \
    "$SCAN_PATH" 2>/dev/null

echo ""

echo "[4] 检测未授权OP操作..."
grep -rn --include="*.php" \
    -e 'addOp(' \
    -e 'removeOp(' \
    -e 'setOp(' \
    "$SCAN_PATH" 2>/dev/null

echo ""

echo "[5] 检测命令注入风险..."
grep -rn --include="*.php" \
    -e 'shell_exec(' \
    -e "exec(" \
    -e 'popen(' \
    "$SCAN_PATH" 2>/dev/null

echo ""
echo "===== 扫描完成 ====="
echo "如果你是开服小白看不懂请将运行过程中的所有文字发送给AI求救"