Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/mylamour/oops-webshell
Oops, It's funny to detect a webshell. Temporarily not maintained
https://github.com/mylamour/oops-webshell
malware-detection ssdeep tensorflow-examples webshell yara-integrated
Last synced: 3 months ago
JSON representation
Oops, It's funny to detect a webshell. Temporarily not maintained
- Host: GitHub
- URL: https://github.com/mylamour/oops-webshell
- Owner: mylamour
- Created: 2017-07-13T07:07:01.000Z (over 7 years ago)
- Default Branch: master
- Last Pushed: 2017-12-06T14:49:18.000Z (about 7 years ago)
- Last Synced: 2024-10-13T07:02:35.084Z (3 months ago)
- Topics: malware-detection, ssdeep, tensorflow-examples, webshell, yara-integrated
- Language: Python
- Homepage:
- Size: 15.4 MB
- Stars: 18
- Watchers: 2
- Forks: 8
- Open Issues: 0
-
Metadata Files:
- Readme: Readme.md
Awesome Lists containing this project
- awesome-webshell - **12**星
README
## webshell的检测
### 检测方法通常有
* 基于日志,行为,流量
* 基于Machine Learning ,Fuzzy Hash, Code Features
### 此处初期选择采用以下方法
* 文件 hash 比较以及 fuzzy hash ([已知文件|未知文件]) (ssdeep)
* 代码特征值,危险函数检测 (yara 3.6.0)
* 机器学习,分类 [CNN-Text-Classfication](https://github.com/dennybritz/cnn-text-classification-tf/)
### Other
Also Include A CLI, Flask As Web Server
`curl -i -X POST -F [email protected] "http://test:test@localhost:5000/detect"`
`curl -i -X PUT -F [email protected] -F [email protected] -F [email protected] "http://test:test@localhost:5000/detectdir"`
`curl -i -X POST -F [email protected] "http://test:test@localhost:5000/saveblack"`
`curl -i -X POST -F [email protected] "http://test:test@localhost:5000/savewhite"`
### To do
* Write Unit Test,Mock Test
* Write Yara Rule
* GAN ? Important
(Mei you zhong wen shu ru fa de jie guo...)
* Test