{"id":25753973,"url":"https://github.com/rootshelll/web-shell-detector","last_synced_at":"2025-07-12T16:34:07.531Z","repository":{"id":277957858,"uuid":"934054175","full_name":"RootShelll/Web-Shell-Detector","owner":"RootShelll","description":"Web Shell Detector is a PHP script developed to detect PHP, CGI (Perl), ASP/ASPX shells. It uses a signature-based database to identify these threats with up to 99% accuracy. It features a modern, user-friendly interface leveraging contemporary technologies.","archived":false,"fork":false,"pushed_at":"2025-02-17T07:44:23.000Z","size":0,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-02-17T08:27:05.404Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/RootShelll.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-02-17T07:41:40.000Z","updated_at":"2025-02-17T07:44:26.000Z","dependencies_parsed_at":"2025-02-17T08:37:31.267Z","dependency_job_id":null,"html_url":"https://github.com/RootShelll/Web-Shell-Detector","commit_stats":null,"previous_names":["rootshelll/web-shell-detector"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RootShelll%2FWeb-Shell-Detector","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RootShelll%2FWeb-Shell-Detector/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RootShelll%2FWeb-Shell-Detector/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RootShelll%2FWeb-Shell-Detector/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/RootShelll","download_url":"https://codeload.github.com/RootShelll/Web-Shell-Detector/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":240880101,"owners_count":19872478,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-02-26T15:29:54.046Z","updated_at":"2025-02-26T15:29:55.171Z","avatar_url":"https://github.com/RootShelll.png","language":null,"readme":"![Web Shell Detector Overview](https://r00t-shell.com/wp-content/uploads/2025/02/Web-Shell-Detector.png \"Web Shell Detector Overview\")\n\n## What is Web Shell Detector?\n\nWeb Shell Detector is a PHP script developed to detect PHP, CGI (Perl), ASP/ASPX shells. It uses a signature-based database to identify these threats with up to 99% accuracy. It features a modern, user-friendly interface leveraging contemporary technologies.\n\n## Usage\nTo activate Web Shell Detector:\n\n1. Upload `shelldetect.php` and `shelldetect.db` to your root directory.\n2. Open `shelldetect.php` in your browser (e.g., `http://www.website.com/shelldetect.php`).\n3. Log in with the default username \u0026 password:\n   - Username: `admin`\n   - Password: `protect`\n4. Inspect suspicious files. If any files seem suspicious, submit them to [Shell Detector Team](http://www.shelldetector.com). The file will be inspected, and if threats are found, they will be added to the web shell signature database.\n5. If web shells are detected, use your FTP/SSH client to remove them from your server (IMPORTANT: Be cautious, as some shells may be integrated into system files).\n\n## Demo\n[Web Shell Detector Demo](http://www.emposha.com/demo/shelldetect/)\n\n## Options\n- `extension`: File extensions to scan\n- `showlinenumbers`: Show line numbers for suspicious functions\n- `dateformat`: Used for access and modification times\n- `language`: Set the language\n- `directory`: Scan a specific directory\n- `task`: Perform different tasks\n- `report_format`: Use with `is_cron(true)` to define report file format\n- `is_cron`: If true, run as cron (no output)\n- `filelimit`: Maximum files to scan (for more than 30,000 files, scan specific directories)\n- `useget`: Enable `_GET` variable for task submission\n- `authentication`: Protect the script with user \u0026 password (set to NULL to disable)\n- `remotefingerprint`: Get shell signatures remotely\n\n\n## Features\n\n- **extension**: Specify file extensions to scan.\n- **showlinenumbers**: Display line numbers for suspicious functions.\n- **dateformat**: Set the date format.\n- **language**: Language support.\n- **directory**: Scan specific directories.\n- **report_format**: Choose the report format.\n\n## Updates\n\nWeb Shell Detector is a regularly updated tool with new shell types added and existing features improved.\n\n## Security Tips\n\n- Run the Web Shell Detector periodically to keep your site secure.\n- Carefully inspect suspicious files and regularly check log files.\n\n\n\n## Detection\n- Number of known shells: 604\n\n## Requirements\n- PHP 5.x\n- OpenSSL (for secure file submission)\n\n\n## Changelog\n- **1.66**: Small tweaks and PHP 5.3.3 support (thanks to John Thornton)\n- **1.64**: Added INI file support, output method rewritten, Italian translation (thanks to Marco Saiu)\n- **1.63**: New shell recognition mechanism, updated shell signatures\n- **1.62**: jQuery version reverted to 1.7.x due to bug with jQuery UI dialog, new file types added, updated shell signatures\n- **1.61**: New way to submit suspicious files, CSS \u0026 code fixes, updated shell signatures\n- **1.6**: Added support to indicate non-shell files, loader indicator added\n- **1.52**: Noindex meta tag added, scan all files option added (`extension = *`)\n- **1.51**: Unpack function update\n- **1.5**: Unpack function added, application version check, fixed warnings and error handler\n- **1.4**: Hide suspicious files option, file scanning changed\n- **1.3**: File submission changes, email field added for notifications\n- **1.2**: Encryption function and authentication added, small bug fixes\n- **1.1**: Fingerprint function change, show line regex updated\n- **1.0**: Initial version\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frootshelll%2Fweb-shell-detector","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frootshelll%2Fweb-shell-detector","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frootshelll%2Fweb-shell-detector/lists"}