#!/usr/bin/perl

use vars qw {$home_dir $gumbar_sig };

print "Enter your web root directory : \n"; ## or initialize the variable in the script

chomp($home_dir = <>);

print "Enter Gumblar Signature : \n"; ## or enter it below as shown 
###
#
#  $gumblar_signature = q {SignatureHere} ;
#
####
chomp($gumblar_signature = <>);

walkdir($home_dir);
 
sub walkdir {
  my $dirtodel = pop;
  my $sep = '/';
  opendir(DIR, $dirtodel);
  my @files = readdir(DIR);
  closedir(DIR);
 
  @files = grep { !/^\.{1,2}/ } @files;
  @files = map { $_ = "$dirtodel$sep$_"} @files;
  @files = map { (-d $_)?walkdir($_):remove_gumblar($_) } @files;
 
}

sub remove_gumblar {
    $file = pop;
	
	print "Testing $file \n";
	
    if($file =~ m/\.([a-z]{3,4})$/) {
		$ext = $1;
		print "$ext $gumblar_signature  \n";
		if($ext eq "html" || $ext eq "php" || $ext eq "asp" || $ext eq "aspx" || $ext eq "js" || $ext eq "txt" ) { ## Add more extensions here in case
			open GUMBLAR, "$file";
			$source = join('',<GUMBLAR>);
			close GUMBLAR;

			if($source =~ m/$gumblar_signature/sig) {
			 
				print "Gumblar detected and removed on $file \n";
				
				$source =~ s/$gumblar_signature//sig;	
				rename $file, "$file.infected";
				open GUMBLAR_REMOVED,">$file";
				print GUMBLAR_REMOVED $source;
				close GUMBLAR_REMOVED;
			}
		}
	}
}