Web Defender is a high-performance C# malware scanner designed for web developers and server administrators. It performs deep static analysis of source code to detect backdoors, web-shells, malicious redirects, and security vulnerabilities.
The tool is built to quickly identify signs of compromise or security holes across thousands of files. It is essential for auditing third-party scripts or cleaning up a server after a security breach.
The program uses a signature-based engine powered by Regular Expressions (Regex) to hunt for specific threats:
- Critical: Web-Shell (eval) β Detects code execution via
eval,assert, andbase64_decode. - Critical: Command Execution β Flags dangerous system calls like
system,shell_exec, andproc_open. - Backdoor: Network Socket β Identifies unauthorized network connections from scripts via
fsockopen. - Suspect: Obfuscation β Detects hidden or encoded code, including HEX strings and
gzinflate. - Malicious Redirect β Finds hidden scripts that redirect users to external malicious sites via
window.locationorheader. - Vulnerability: Entry Point β Spots risky functions such as
move_uploaded_fileandextract($_GET). - SQL Injection Pattern β Spots common SQL injection entry points like
UNION ALL SELECTandINFORMATION_SCHEMA.
- Multithreaded Processing: Scanning runs asynchronously via
Task.Run, keeping the UI responsive while analyzing large directories. - Smart Filtering: Automatically targets relevant web files including
.php,.js,.html,.htaccess,.sql,.asp, and.aspx. - Time Prediction: Includes a built-in algorithm that calculates the estimated remaining time during active scans.
The program generates a structured database of reports in a dedicated session folder (e.g., Logs_YYYYMMDD_HHMMSS):
- files_infection.log: A consolidated list of every detected threat.
- audit_full.log: A comprehensive technical audit of the entire session.
- Category Logs: Separate logs for each threat type (e.g.,
CRITICAL.log,BACKDOOR.log) for streamlined analysis.
- Language: C# (.NET Framework / Windows Forms).
- Architecture: Asynchronous programming (Async/Await).
- Analysis Method: Static analysis via compiled Regex signatures.
- Launch the application and select your preferred language (EN/RU).
- Click DIR to select a website directory or FILE to analyze a single file.
- (Optional) Enter a specific string in the search box to find custom patterns.
- Click START SCAN.
- Results are color-coded in the console: Red for Critical, Orange for Backdoors, Purple for SQL, and Yellow for Vulnerabilities.
Created by amazingb01 (Adiru).
- GitHub: https://github.com/amazingb01
Disclaimer: This tool is for static analysis. It is recommended to use it as part of a comprehensive server security strategy.
