{"id":13778895,"url":"https://github.com/emposha/php-shell-detector","last_synced_at":"2025-12-16T23:58:14.510Z","repository":{"id":38361953,"uuid":"1918968","full_name":"emposha/PHP-Shell-Detector","owner":"emposha","description":"Web Shell Detector – is a php script that helps you find and identify php/cgi(perl)/asp/aspx shells. Web Shell Detector has a “web shells” signature database that helps to identify “web shell” up to 99%.","archived":false,"fork":false,"pushed_at":"2015-10-05T17:38:37.000Z","size":1608,"stargazers_count":815,"open_issues_count":5,"forks_count":242,"subscribers_count":93,"default_branch":"master","last_synced_at":"2024-08-03T18:13:28.659Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"http://shelldetector.com/","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/emposha.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2011-06-19T10:54:49.000Z","updated_at":"2024-06-27T03:16:49.000Z","dependencies_parsed_at":"2022-07-26T17:45:13.209Z","dependency_job_id":null,"html_url":"https://github.com/emposha/PHP-Shell-Detector","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/emposha%2FPHP-Shell-Detector","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/emposha%2FPHP-Shell-Detector/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/emposha%2FPHP-Shell-Detector/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/emposha%2FPHP-Shell-Detector/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/emposha","download_url":"https://codeload.github.com/emposha/PHP-Shell-Detector/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225049000,"owners_count":17412908,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-03T18:00:58.673Z","updated_at":"2025-12-16T23:58:14.467Z","avatar_url":"https://github.com/emposha.png","language":"PHP","funding_links":[],"categories":["\u003ca id=\"39e5bd43766abbdbc518390d86b3a0a5\"\u003e\u003c/a\u003eWebshell检测"],"sub_categories":[],"readme":"Web Shell Detector\n==================\n\u003cimg src=\"http://www.emposha.com/wp-content/uploads/2011/07/shelldetect3-300x201.png\" width=\"100\" align=\"left\" style=\"padding-right: 4px;\" /\u003e Web Shell Detector – is a php script that helps you find and identify php/cgi(perl)/asp/aspx shells. Web Shell Detector has a “web shells” signature database that helps to identify “web shell” up to 99%. By using the latest javascript and css technologies, web shell detector has a light weight and friendly interface.\n\nWeb Shell Detector is released under the MIT License \u003chttp://www.opensource.org/licenses/mit-license.php\u003e\n\nConsole version (python): https://github.com/emposha/Shell-Detector\n\n\nContributors\n------------\nPiotr Łuczko\n\nJohn Thornton\n\nDetection\n---------\n\n  Number of known shells: 604\n\nRequirements\n------------\nPHP 5.x, OpenSSL (only for secure file submission)\n\nUsage\n-----\nTo activate Web Shell Detector:\n\n1) Upload shelldetect.php and shelldetect.db to your root directory\n\n2) Open shelldetect.php file in your browser\n\n    Example: http://www.website.com/shelldetect.php\n\n3) Use default username \u0026 password\n\n    Username: admin\n    Password: protect\n\n4) Inspect all strange files, if some of files look suspicious, send them to http://www.shelldetector.com team. After submitting your file, it will be inspected and if there are any threats, it will be inserted into a “web shell detector” web shells signature database.\n\n5) If any web shells found and identified use your ftp/ssh client to remove it from your web server (IMPORTANT: please be careful because some of shells may be integrated into system files!).\n\nDemo\n----\n\n    http://www.emposha.com/demo/shelldetect/\n\nOptions\n-------\n - extension - extensions that should be scanned\n - showlinenumbers - show line number where suspicious function used\n - dateformat - used with access time \u0026 modified time\n - langauge - if I want to use other language\n - directory - scan specific directory\n - task - perform different task\n - report_format - used with is_cron(true) file format for report file\n - is_cron - if true run like a cron(no output)\n - filelimit - maximum files to scan (more then 30000 you should scan specific directory)\n - useget - activate _GET variable for easy way to recive tasks\n - authentication  - protect script with user \u0026 password in case to disable simply set to NULL\n - remotefingerprint - get shells signatures db by remote\n  \n\nChangelog\n---------\n\n - 1.66 thanks to John Thornton for small tweeks and php 5.3.3 support\n \n - 1.64 settings ini file support added(in case that you want to use same settings without code changing), output method rewriten, is_cron fixed, italian translation added (thanks to Marco Saiu)\n \n - 1.63 new shell recognize mechanizm added, shell signatures updated.\n \n - 1.62 version of jquery reverted to 1.7.x due bug with jquery ui dialog, new type of files added, shells signatures updated\n \n - 1.61 added new way to send suspicious files, some css \u0026 code fixes, new shells signatures added\n \n - 1.6 added support to indicate not shell files (but still those files need  to be removed), loader indicator added\n \n - 1.52 noindex meta tag added (to remove script from search results), scann all files options added: extension = *\n\n - 1.51 unpack function update\n \n - 1.5 unpack function added, application version check added, many warnings fixed, error handler fixed.\n \n - 1.4 hide suspicious files option added, file scanning changed.\n\n - 1.3 submission of suspicious file to shelldetector.com changed, email field added with ability to get notify about suspicious file.\n \n - 1.2 encryption function added, authentication added, some small bugs fixed\n\n - 1.1 fingerprint function change\n       show line regex changed\n\n - 1.0 first version\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Femposha%2Fphp-shell-detector","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Femposha%2Fphp-shell-detector","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Femposha%2Fphp-shell-detector/lists"}