#!/bin/bash
REPORT=~/scan_deep_$(date +%Y%m%d).txt
echo "=== SCAN PROFOND $(date) ===" > $REPORT

for site in ~/www/hosting/*/; do
  SITENAME=$(basename $site)
  echo -e "\n--- $SITENAME ---" >> $REPORT
  
  # PHP suspects hors plugins/themes
  find "$site/wp-content/" \
    -not -path "*/plugins/*" \
    -not -path "*/themes/*" \
    -name "*.php" 2>/dev/null >> $REPORT
  
  # Fonctions dangereuses
  grep -rl --include="*.php" \
    -e "eval(" -e "base64_decode" -e "system(" -e "exec(" -e "passthru(" \
    "$site/wp-content/" 2>/dev/null >> $REPORT
  
  # PHP modifiés récemment (30j) hors uploads
  find "$site/" -name "*.php" -newer "$site/wp-config.php" \
    -not -path "*/uploads/*" 2>/dev/null >> $REPORT

done

echo "=== FIN $(date) ===" >> $REPORT
