Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/he1m4n6a/findWebshell
findWebshell是一款基于python开发的webshell检测工具。
https://github.com/he1m4n6a/findWebshell
security-tools webshell
Last synced: about 2 months ago
JSON representation
findWebshell是一款基于python开发的webshell检测工具。
- Host: GitHub
- URL: https://github.com/he1m4n6a/findWebshell
- Owner: he1m4n6a
- Created: 2015-05-07T13:57:15.000Z (over 9 years ago)
- Default Branch: master
- Last Pushed: 2018-11-14T03:17:13.000Z (about 6 years ago)
- Last Synced: 2024-08-03T18:13:30.292Z (4 months ago)
- Topics: security-tools, webshell
- Language: Python
- Homepage:
- Size: 21.5 KB
- Stars: 321
- Watchers: 19
- Forks: 118
- Open Issues: 4
-
Metadata Files:
- Readme: readme.md
Awesome Lists containing this project
- awesome-hacking-lists - he1m4n6a/findWebshell - findWebshell是一款基于python开发的webshell检测工具。 (Python)
README
## 工具简介
findWebshell是一款基于python开发的webshell检查工具,可以通过配置脚本,方便得检测webshell后门。## 使用说明
Usage: main.py [options]Options:
-h, --help show this help message and exit
-p PATH, --path=PATH input web directory filepath
-o OUTPUT, --output=OUTPUT
create a html report
-e php|asp|aspx|jsp|all, --ext=php|asp|aspx|jsp|all
define what's file format to scan## 示例
python main.py -e php -p /var/www/test -o output
-e 网页格式
-p 扫描的路径
-o 生成的html文件名,默认生成report.html## 开发文档
### 字典添加
- directory目录下的sensitiveWord.py定义的是后门中的敏感关键字,可以手动添加,格式为{"关键字":"类型"}```
php_sensitive_words = {
"www.phpdp.org":"PHP神盾加密后门",
"www.phpjm.net":"PHP加密后门"
}
```- directory目录下的webshell.py定义的是webshell列表,直接添加webshell到列表里
```
php_webshell = [
"后门.php",
"xxoo.php",
"一句话.php"
]
```
### 插件开发
- 命令规范插件命名格式:网页类型_后门类型-plugin.py
**示例**
```
php_eval_assert-plugin.py
php_preg_replace-plugin.py
asp_execute-plugin.py
```
- 函数规范和返回值### 函数格式
def judgeBackdoor(fileCtent)
成功返回后门类型,失败返回None**示例**
```
def judgeBackdoor(fileCtent):
if keyword in fileCtent:
result = re.compile(rule).findall(fileCtent)
if len(result) > 0:
return backdoorType
else:
return None
```