{"id":13778936,"url":"https://github.com/he1m4n6a/findwebshell","last_synced_at":"2025-05-11T12:32:16.390Z","repository":{"id":31657792,"uuid":"35223146","full_name":"he1m4n6a/findWebshell","owner":"he1m4n6a","description":"findWebshell是一款基于python开发的webshell检测工具。","archived":false,"fork":false,"pushed_at":"2018-11-14T03:17:13.000Z","size":22,"stargazers_count":326,"open_issues_count":4,"forks_count":117,"subscribers_count":18,"default_branch":"master","last_synced_at":"2025-03-13T14:37:38.640Z","etag":null,"topics":["security-tools","webshell"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/he1m4n6a.png","metadata":{"files":{"readme":"readme.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-05-07T13:57:15.000Z","updated_at":"2025-01-24T21:21:25.000Z","dependencies_parsed_at":"2022-09-10T00:51:38.981Z","dependency_job_id":null,"html_url":"https://github.com/he1m4n6a/findWebshell","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/he1m4n6a%2FfindWebshell","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/he1m4n6a%2FfindWebshell/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/he1m4n6a%2FfindWebshell/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/he1m4n6a%2FfindWebshell/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/he1m4n6a","download_url":"https://codeload.github.com/he1m4n6a/findWebshell/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253566995,"owners_count":21928763,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["security-tools","webshell"],"created_at":"2024-08-03T18:00:59.166Z","updated_at":"2025-05-11T12:32:16.119Z","avatar_url":"https://github.com/he1m4n6a.png","language":"Python","funding_links":[],"categories":["\u003ca id=\"39e5bd43766abbdbc518390d86b3a0a5\"\u003e\u003c/a\u003eWebshell检测"],"sub_categories":[],"readme":"## 工具简介\nfindWebshell是一款基于python开发的webshell检查工具，可以通过配置脚本，方便得检测webshell后门。\n\n## 使用说明\n    Usage: main.py [options]\n\n    Options:\n      -h, --help            show this help message and exit\n      -p PATH, --path=PATH  input web directory filepath\n      -o OUTPUT, --output=OUTPUT\n                            create a html report\n      -e php|asp|aspx|jsp|all, --ext=php|asp|aspx|jsp|all\n                            define what's file format to scan\n\n## 示例\n    \n    python main.py -e php -p /var/www/test -o output\n    -e 网页格式\n    -p 扫描的路径\n    -o 生成的html文件名，默认生成report.html\n\n## 开发文档\n### 字典添加\n- directory目录下的sensitiveWord.py定义的是后门中的敏感关键字，可以手动添加，格式为{\"关键字\":\"类型\"}\n\n```\nphp_sensitive_words = {\n    \"www.phpdp.org\":\"PHP神盾加密后门\",\n    \"www.phpjm.net\":\"PHP加密后门\"\n}\n```\n\n- directory目录下的webshell.py定义的是webshell列表，直接添加webshell到列表里\n```\nphp_webshell = [\n\"后门.php\",\n\"xxoo.php\",\n\"一句话.php\"\n]\n```\n### 插件开发\n- 命令规范\n\n插件命名格式：网页类型_后门类型-plugin.py\n\n**示例**\n```\nphp_eval_assert-plugin.py\nphp_preg_replace-plugin.py\nasp_execute-plugin.py\n```\n- 函数规范和返回值\n\n### 函数格式\n\n    def judgeBackdoor(fileCtent)\n    成功返回后门类型，失败返回None\n\n**示例**\n```\ndef judgeBackdoor(fileCtent):\n\tif keyword in fileCtent:\n\t\tresult = re.compile(rule).findall(fileCtent)\n\t\tif len(result) \u003e 0:\n\t\t\treturn  backdoorType\n\telse:\n\t\treturn None\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhe1m4n6a%2Ffindwebshell","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhe1m4n6a%2Ffindwebshell","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhe1m4n6a%2Ffindwebshell/lists"}