\x20\40\x20\40 HEX
HEX
Server: Apache
System: Linux web1.jenscom.net 4.18.0-553.111.1.el8_10.x86_64 #1 SMP Sun Mar 8 20:06:07 EDT 2026 x86_64
User: sps (1059)
PHP: 8.3.30
Disabled: NONE
$ pwd: /home/temp/symlinks/
Upload Files
File: /home/temp/symlinks/0_scan_for_symlinks.sh
scan_for_symlinks() {
	symlinks=/home/temp/symlinks/1_active_symlinks.txt
	symlinks_parsed=/home/temp/symlinks/2_symlinks_parsed.txt
	symlink_directories=/home/temp/symlinks/3_symlink_directories.txt 
	symlink_dir_dates=/home/temp/symlinks/4_sym_dir_dates.txt 
	output_file=/home/temp/symlinks/5_final_output.txt

	if [ "$control_panel" == "none" ]; then
		printf "No common control panel software found.  Not scanning for symlinks.\n" | tee -a ${output_file}
		return
	elif [ "$control_panel" == "cpanel" ]; then
		docroots=$(awk -F '==' '{print $5}' /etc/userdatadomains)
	elif [ "$control_panel" == "interworx" ]; then
		docroots=$(nodeworx -u -c Siteworx  -a listDomainAccounts -n |tr "\t" "|" |awk -F"|" '{print $22}' |column -t)
	elif [ "$control_panel" == "plesk" ]; then
		docroots=$(for i in $(mysql -uadmin -p$(cat /etc/psa/.psa.shadow) psa -Ns -e "select name from domains"); do /usr/local/psa/bin/domain --info $i; done | egrep '\-\-WWW\-Root\-\-: ' | cut -d" " -f2)
	fi


	printf "Checking for active symlinks...\n" | tee -a ${output_file}

	find $docroots -type l ! -xtype l -print > $symlinks 2>/dev/null
	if [ ! -s $symlinks ]; then 
		printf "No symlinks found.\n" | tee -a ${output_file}
		return 
	fi
	
	printf "\nNumber of active symlinks per account:\n" | tee -a ${output_file}
	cut -d/ -f-3 $symlinks | sort | uniq -c | sort -rn | head | tee -a ${output_file}
	
	printf "\nParsing the list of symlinks...\n" | tee -a ${output_file}
	egrep -vi "vendor|bin|log|python|cpan|node" $symlinks > $symlinks_parsed
	if [ $? -eq 0 ]; then
		printf "The list of symlinks was parsed.\n" | tee -a ${output_file}
	elif [ $retval -eq 1 ]; then
		printf "All symlinks are presumibly benign.\n" | tee -a ${output_file}
		return 0
	else
		printf "There has been an issue parsing the list of symlinks.\nPlease review ${symlinks}\n" | tee -a ${output_file}
		return 1
	fi
	
	printf "\nTop directories with potentially malicious symlinks:\n" | tee -a ${output_file}
	cat $symlinks_parsed | xargs dirname | sort | uniq -c | sort -rn | tee $symlink_directories -a ${output_file}
	printf "\n" | tee -a ${output_file}


	for dir in $(awk '{print $2}' $symlink_directories); do
		stat -c $'%n\tctime: %z' $dir
	done | column -ts $'\t' | tee $symlink_dir_dates -a ${output_file}
}

scan_for_symlinks
printf "\n\n"
echo -e 'Symlink scan is done. To view results:\ncat /home/temp/symlinks/5_final_output.txt\n' | wall
return
@ Telegram