https://github.com/emposha/php-shell-detector

Web Shell Detector – is a php script that helps you find and identify php/cgi(perl)/asp/aspx shells. Web Shell Detector has a “web shells” signature database that helps to identify “web shell” up to 99%.
https://github.com/emposha/php-shell-detector

Last synced: about 2 months ago
JSON representation

Web Shell Detector – is a php script that helps you find and identify php/cgi(perl)/asp/aspx shells. Web Shell Detector has a “web shells” signature database that helps to identify “web shell” up to 99%.

• Host: GitHub
• URL: https://github.com/emposha/php-shell-detector
• Owner: emposha
• Created: 2011-06-19T10:54:49.000Z (over 13 years ago)
• Default Branch: master
• Last Pushed: 2015-10-05T17:38:37.000Z (over 9 years ago)
• Last Synced: 2024-08-03T18:13:28.659Z (5 months ago)
• Language: PHP
• Homepage: http://shelldetector.com/
• Size: 1.53 MB
• Stars: 815
• Watchers: 93
• Forks: 242
• Open Issues: 5
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

• awesome-webshell - **637**星

README

        
Web Shell Detector

==================

 Web Shell Detector – is a php script that helps you find and identify php/cgi(perl)/asp/aspx shells. Web Shell Detector has a “web shells” signature database that helps to identify “web shell” up to 99%. By using the latest javascript and css technologies, web shell detector has a light weight and friendly interface.

Web Shell Detector is released under the MIT License 

Console version (python): https://github.com/emposha/Shell-Detector

Contributors

------------

Piotr Łuczko

John Thornton

Detection

---------

  Number of known shells: 604

Requirements

------------

PHP 5.x, OpenSSL (only for secure file submission)

Usage

-----

To activate Web Shell Detector:

1) Upload shelldetect.php and shelldetect.db to your root directory

2) Open shelldetect.php file in your browser

    Example: http://www.website.com/shelldetect.php

3) Use default username & password

    Username: admin

    Password: protect

4) Inspect all strange files, if some of files look suspicious, send them to http://www.shelldetector.com team. After submitting your file, it will be inspected and if there are any threats, it will be inserted into a “web shell detector” web shells signature database.

5) If any web shells found and identified use your ftp/ssh client to remove it from your web server (IMPORTANT: please be careful because some of shells may be integrated into system files!).

Demo

----

    http://www.emposha.com/demo/shelldetect/

Options

-------

 - extension - extensions that should be scanned

 - showlinenumbers - show line number where suspicious function used

 - dateformat - used with access time & modified time

 - langauge - if I want to use other language

 - directory - scan specific directory

 - task - perform different task

 - report_format - used with is_cron(true) file format for report file

 - is_cron - if true run like a cron(no output)

 - filelimit - maximum files to scan (more then 30000 you should scan specific directory)

 - useget - activate _GET variable for easy way to recive tasks

 - authentication  - protect script with user & password in case to disable simply set to NULL

 - remotefingerprint - get shells signatures db by remote

  

Changelog

---------

 - 1.66 thanks to John Thornton for small tweeks and php 5.3.3 support

 

 - 1.64 settings ini file support added(in case that you want to use same settings without code changing), output method rewriten, is_cron fixed, italian translation added (thanks to Marco Saiu)

 

 - 1.63 new shell recognize mechanizm added, shell signatures updated.

 

 - 1.62 version of jquery reverted to 1.7.x due bug with jquery ui dialog, new type of files added, shells signatures updated

 

 - 1.61 added new way to send suspicious files, some css & code fixes, new shells signatures added

 

 - 1.6 added support to indicate not shell files (but still those files need  to be removed), loader indicator added

 

 - 1.52 noindex meta tag added (to remove script from search results), scann all files options added: extension = *

 - 1.51 unpack function update

 

 - 1.5 unpack function added, application version check added, many warnings fixed, error handler fixed.

 

 - 1.4 hide suspicious files option added, file scanning changed.

 - 1.3 submission of suspicious file to shelldetector.com changed, email field added with ability to get notify about suspicious file.

 

 - 1.2 encryption function added, authentication added, some small bugs fixed

 - 1.1 fingerprint function change

       show line regex changed

 - 1.0 first version