{"id":19556052,"url":"https://github.com/thecomputeguy/jedi","last_synced_at":"2025-04-26T22:32:50.568Z","repository":{"id":184776687,"uuid":"500829209","full_name":"TheComputeGuy/Jedi","owner":"TheComputeGuy","description":"A web malware analysis framework for PHP-based backends","archived":true,"fork":false,"pushed_at":"2023-08-11T19:59:21.000Z","size":3205,"stargazers_count":1,"open_issues_count":3,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-02-26T07:43:38.231Z","etag":null,"topics":["cms","malware-detection","python","security"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/TheComputeGuy.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2022-06-07T12:23:07.000Z","updated_at":"2023-10-01T19:31:55.000Z","dependencies_parsed_at":"2023-07-30T07:50:42.533Z","dependency_job_id":null,"html_url":"https://github.com/TheComputeGuy/Jedi","commit_stats":null,"previous_names":["thecomputeguy/jedi"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TheComputeGuy%2FJedi","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TheComputeGuy%2FJedi/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TheComputeGuy%2FJedi/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TheComputeGuy%2FJedi/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/TheComputeGuy","download_url":"https://codeload.github.com/TheComputeGuy/Jedi/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":251063667,"owners_count":21530837,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cms","malware-detection","python","security"],"created_at":"2024-11-11T04:36:34.997Z","updated_at":"2025-04-26T22:32:45.558Z","avatar_url":"https://github.com/TheComputeGuy.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Jedi\n\nThis tool builds on top of [Cyber Forensics Innovation Lab's](https://cyfi.ece.gatech.edu/) [Yoda](https://github.com/CyFI-Lab-Public/YODA), a tool to analyse website backups for malicious plugins delivered via well-known Content Management Systems.\n\nJedi aims to run analysis on non-plugin files to perform the same, and also aims to add more analysis rules to improve the web malware detection capabilities of Yoda.\n\n## Installing\n\nThis app best works in Linux, running it in Windows requires certain quirks especially regarding the PHP runtime and how the phar files are executed.\n\nStart by cloning this repo\n\n### [Optional - Recommended] Using a virtual environment\n\nInstall and setup virtual environment\n\n```\npip install virtualenv\nvirtualenv venv\n```\n\nTo activate your virtualenv\n\n```\nsource ./venv/bin/activate\n```\n\nTo exit the virtual environment\n\n```\ndeactivate\n```\n\n### App setup\n\nInstall the required dependencies\n\n```\npip install -r requirements.txt\n```\n\nOther requirements include having a PHP runtime and having the php-dev packages installed.\n\n## Running in local\n\n```\npython framework.py \u003cpath to website backup repo\u003e\n```\n\n## Note\nThis code has been tested in Python 3.6.9 and may not necessarily work in Python 3.10 and onwards owing to changes in some method signatures in Python 3.10.\n\n## Relevant previous work from CyFI Lab\n[TARDIS](https://ieeexplore.ieee.org/document/9152609)\n\nR. Pai Kasturi et al., \"TARDIS: Rolling Back The Clock On CMS-Targeting Cyber Attacks,\" 2020 IEEE Symposium on Security and Privacy (SP), 2020, pp. 1156-1171, doi: 10.1109/SP40000.2020.00116.\n\u003cbr\u003e\u003c/br\u003e\n[YODA](https://www.usenix.org/conference/usenixsecurity22/presentation/kasturi)\n\n‘Mistrust Plugins You Must: A Large-Scale Study Of Malicious Plugins In WordPress Marketplaces’, στο 31st USENIX Security Symposium (USENIX Security 22), 2022.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthecomputeguy%2Fjedi","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fthecomputeguy%2Fjedi","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthecomputeguy%2Fjedi/lists"}