Jump to content
Nytro

Web Shell Detector

By Nytro, in Programe securitate

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

Web Shell Detector

Web Shell Detector – is a php script that helps you find and identify php/cgi(perl)/asp/aspx shells. Web Shell Detector has a “web shells” signature database that helps to identify “web shell” up to 99%. By using the latest javascript and css technologies, web shell detector has a light weight and friendly interface. Web Shell Detector is released under the MIT License The MIT License (MIT) | Open Source Initiative

Console version (python): https://github.com/emposha/Shell-Detector

Contributors

Piotr ?uczko

John Thornton

Detection

Number of known shells: 604

Requirements

PHP 5.x, OpenSSL (only for secure file submission)

Usage

To activate Web Shell Detector:

1) Upload shelldetect.php and shelldetect.db to your root directory

2) Open shelldetect.php file in your browser

Example: http://www.website.com/shelldetect.php

3) Inspect all strange files, if some of files look suspicious, send them to Web Shell Detector team. After submitting your file, it will be inspected and if there are any threats, it will be inserted into a “web shell detector” web shells signature database.

4) If any web shells found and identified use your ftp/ssh client to remove it from your web server (IMPORTANT: please be carefull because some of shells may be integrated into system files!).

Demo

http://www.emposha.com/demo/shelldetect/

Options

  • extension - extensions that should be scanned
  • showlinenumbers - show line number where suspicious function used
  • dateformat - used with access time & modified time
  • langauge - if I want to use other language
  • directory - scan specific directory
  • task - perform different task
  • report_format - used with is_cron(true) file format for report file
  • is_cron - if true run like a cron(no output)
  • filelimit - maximum files to scan (more then 30000 you should scan specific directory)
  • useget - activate _GET variable for easy way to recive tasks
  • authentication - protect script with user & password in case to disable simply set to NULL
  • remotefingerprint - get shells signatures db by remote

Sursa: https://github.com/emposha/PHP-Shell-Detector

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...