New Post

Wednesday, June 20, 2012

Web Shell Detector is a php script that helps you find and identify php/cgi(perl)/asp/aspx shells. Web Shell Detector has a “web shells” signature database that helps to identify “web shell” up to 99%. By using the latest javascript and css technologies, web shell detector has a light weight and friendly interface.




Detection: Number of known shells: 290


Requirements: PHP 5.x, OpenSSL


Usage: To activate Web Shell Detector:
1) Upload shelldetect.php and shelldetect.db to your root directory
2) Open shelldetect.php file in your browser Example: http://www.website.com/shelldetect.php
3) Inspect all strange files, if some of files look suspicious, send them to http://www.websecure.co.il team. After submitting your file, it will be inspected and if there are any threats, it will be inserted into a “web shell detector” web shells signature database.
4) If any web shells found and identified use your ftp/ssh client to remove it from your web server (IMPORTANT: please be carefull because some of shells may be integrated into system files!).



Options


  • extension - extensions that should be scanned
  • showlinenumbers - show line number where suspicious function used
  • dateformat - used with access time & modified time
  • langauge - if I want to use other language
  • directory - scan specific directory
  • task - perform different task
  • report_format - used with is_cron(true) file format for report file
  • is_cron - if true run like a cron(no output)
  • filelimit - maximum files to scan (more then 30000 you should scan specific directory)
  • useget - activate _GET variable for easy way to recive tasks
  • authentication - protect script with user & password in case to disable simply set to NULL
  • remotefingerprint - get shells signatures db by remote

0 nhận xét:

Post a Comment