Web Shell Detector is a php script that helps you find and identify php/cgi(perl)/asp/aspx shells. Web Shell Detector has a “web shells” signature database that helps to identify “web shell” up to 99%. By using the latest javascript and css technologies, web shell detector has a light weight and friendly interface.
Detection: Number of known shells: 290
Requirements: PHP 5.x, OpenSSL
Usage: To activate Web Shell Detector:
1) Upload shelldetect.php and shelldetect.db to your root directory
2) Open shelldetect.php file in your browser Example: http://www.website.com/shelldetect.php
3) Inspect all strange files, if some of files look suspicious, send them to http://www.websecure.co.il team. After submitting your file, it will be inspected and if there are any threats, it will be inserted into a “web shell detector” web shells signature database.
4) If any web shells found and identified use your ftp/ssh client to remove it from your web server (IMPORTANT: please be carefull because some of shells may be integrated into system files!).
Options
Detection: Number of known shells: 290
Requirements: PHP 5.x, OpenSSL
Usage: To activate Web Shell Detector:
1) Upload shelldetect.php and shelldetect.db to your root directory
2) Open shelldetect.php file in your browser Example: http://www.website.com/shelldetect.php
3) Inspect all strange files, if some of files look suspicious, send them to http://www.websecure.co.il team. After submitting your file, it will be inspected and if there are any threats, it will be inserted into a “web shell detector” web shells signature database.
4) If any web shells found and identified use your ftp/ssh client to remove it from your web server (IMPORTANT: please be carefull because some of shells may be integrated into system files!).
Options
- extension - extensions that should be scanned
- showlinenumbers - show line number where suspicious function used
- dateformat - used with access time & modified time
- langauge - if I want to use other language
- directory - scan specific directory
- task - perform different task
- report_format - used with is_cron(true) file format for report file
- is_cron - if true run like a cron(no output)
- filelimit - maximum files to scan (more then 30000 you should scan specific directory)
- useget - activate _GET variable for easy way to recive tasks
- authentication - protect script with user & password in case to disable simply set to NULL
- remotefingerprint - get shells signatures db by remote
Không có nhận xét nào:
Đăng nhận xét