Nytro Posted November 24, 2014 Report Share Posted November 24, 2014 Web Shell DetectorWeb Shell Detector – is a php script that helps you find and identify php/cgi(perl)/asp/aspx shells. Web Shell Detector has a “web shells” signature database that helps to identify “web shell” up to 99%. By using the latest javascript and css technologies, web shell detector has a light weight and friendly interface. Web Shell Detector is released under the MIT License The MIT License (MIT) | Open Source Initiative Console version (python): https://github.com/emposha/Shell-Detector Contributors Piotr ?uczko John Thornton Detection Number of known shells: 604 Requirements PHP 5.x, OpenSSL (only for secure file submission) Usage To activate Web Shell Detector: 1) Upload shelldetect.php and shelldetect.db to your root directory 2) Open shelldetect.php file in your browser Example: http://www.website.com/shelldetect.php 3) Inspect all strange files, if some of files look suspicious, send them to Web Shell Detector team. After submitting your file, it will be inspected and if there are any threats, it will be inserted into a “web shell detector” web shells signature database. 4) If any web shells found and identified use your ftp/ssh client to remove it from your web server (IMPORTANT: please be carefull because some of shells may be integrated into system files!). Demo http://www.emposha.com/demo/shelldetect/ Optionsextension - extensions that should be scanned showlinenumbers - show line number where suspicious function used dateformat - used with access time & modified time langauge - if I want to use other language directory - scan specific directory task - perform different task report_format - used with is_cron(true) file format for report file is_cron - if true run like a cron(no output) filelimit - maximum files to scan (more then 30000 you should scan specific directory) useget - activate _GET variable for easy way to recive tasks authentication - protect script with user & password in case to disable simply set to NULL remotefingerprint - get shells signatures db by remote Sursa: https://github.com/emposha/PHP-Shell-Detector Quote Link to comment Share on other sites More sharing options...
