Giter Club home page Giter Club logo

findwebshell's Introduction

工具简介

findWebshell是一款基于python开发的webshell检查工具,可以通过配置脚本,方便得检测webshell后门。

使用说明

Usage: main.py [options]

Options:
  -h, --help            show this help message and exit
  -p PATH, --path=PATH  input web directory filepath
  -o OUTPUT, --output=OUTPUT
                        create a html report
  -e php|asp|aspx|jsp|all, --ext=php|asp|aspx|jsp|all
                        define what's file format to scan

示例

python main.py -e php -p /var/www/test -o output
-e 网页格式
-p 扫描的路径
-o 生成的html文件名,默认生成report.html

开发文档

字典添加

  • directory目录下的sensitiveWord.py定义的是后门中的敏感关键字,可以手动添加,格式为{"关键字":"类型"}
php_sensitive_words = {
    "www.phpdp.org":"PHP神盾加密后门",
    "www.phpjm.net":"PHP加密后门"
}
  • directory目录下的webshell.py定义的是webshell列表,直接添加webshell到列表里
php_webshell = [
"后门.php",
"xxoo.php",
"一句话.php"
]

插件开发

  • 命令规范

插件命名格式:网页类型_后门类型-plugin.py

示例

php_eval_assert-plugin.py
php_preg_replace-plugin.py
asp_execute-plugin.py
  • 函数规范和返回值

函数格式

def judgeBackdoor(fileCtent)
成功返回后门类型,失败返回None

示例

def judgeBackdoor(fileCtent):
	if keyword in fileCtent:
		result = re.compile(rule).findall(fileCtent)
		if len(result) > 0:
			return  backdoorType
	else:
		return None

findwebshell's People

Contributors

eddieivan01 avatar he1m4n6a avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

duke-cheng ver007 odin1314 lynch1981 sigma-random niubenaniu chenzhongxiang wuyouzi superqcheng kakakacool sdgdsffdsfff ecore2018 vspark chromecrown sharpsec 386 zhgfly01 dylangywu 3xp10it kslinf xonze qinwentu jijicanyu dossec xieqiwen1993 chris1201 haoirui newaynewlife whitesharks penrightpen pixyguo bongbongco lidebin husoul liufofu johnhubcr idealzhang2 moss1993 walleleung findlakes leoli321 cyouk2 arongmh jingqiangliu nextdoor-wang beatrice111 gfthr sry309 hejinsome popmedd szxjwl k0rz3n lhtest429 duanexiao stonezc lvlcainiao seoblackwhite 303donatello tatwirat dklkt zylpro explorezone simon0105 zhou88qiao sgseo tailin qing-q whojeff z3r023 wyfaq jonn-yan zjz1525 kyohs brathonbai jetan9019 joewen85 benhe119 zanjie1999 kernal-gh joner11234 ziqi521 valley51 adm1in zhuyawen wwek amsmoking 86zhou goldenbookcover zhaoshiling1017 blackstarkk silentzephyrus sw1ng19 zwgirl thelongestusernameofall flxuru zzyyxxal hecg119 newhackerman lizeju ba7jcm

findwebshell's Issues

代码有些地方有小错误

rt,我在使用你的程序时发现一些地方有错,看到了就帮你指出来吧,东西挺不错的,谢谢啦!

0x00 多一个分号

plugins/php_packshell-plugin.py的第12行

0x01 少一个r

plugins/php_include_file-plugin.py的第29行

about dict 

		all_sensitive_words = {}
		all_sensitive_words.update(php_sensitive_words)
		all_sensitive_words.update(asp_sensitive_words)
		all_sensitive_words.update(aspx_sensitive_words)
		all_sensitive_words.update(jsp_sensitive_words)
		#all_sensitive_words = php_sensitive_words + asp_sensitive_words + aspx_sensitive_words + jsp_sensitive_words

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.